.: Enow Solutions Engine: Exchange 2003 / 2007 – IMAP Calendaring Meanderings…

Thursday, March 19, 2009

Exchange 2003 / 2007 – IMAP Calendaring Meanderings…

Exchange is Exchange.

It’s a mail server, sends and receives mail, provides shared calendaring, you can connect it to your phone system, does a bit of task management – can be used for workflow – but other than that, and unless you integrate it with other software – that’s it.

Now some of you might be thinking – have I taken leave of my senses? – have I abandoned our favorite product? – Is that what I really think?

No – don’t panic – this was a statement that was made during a recent meeting that I had with a customer and their technical department.

Obviously I (politely) corrected this poor misinformed individual by countering “The space shuttle is a large firework, made from 2000 tons of steel, filled with 2 billion gallons of Hydrogen and Oxygen which is set on fire, and controlled by computers which until comparatively recently were still 386’s”.

The customer said to me “That’s not accurate and you are over simplifying that” – to which my point had already been made :-)

You see with Exchange many people don’t see the complexity and effort (as with the space shuttle) that goes into designing the best possible mail system for a company – and most interestingly – even after implementation, people miss the wonderful challenges that customers whom our using our Exchange systems present to us as either contractors or system administrators.

Now don’t get me wrong, customers are out life blood – and indeed the source of creativity and inspiration and one of the great things about working along side .:ENow is that it gives you real world exposure to customers requirements which to all intents and purposes demand that we think beyond the limitations of software (which can either be Exchange or a related product) or indeed at times think beyond our own personal “hang ups” that we as a system a architect as to what will be best for a customers system.

For example, I am not a fan of IMAP in regard to Exchange implementations.

Again, don’t get me wrong – IMAP is a sturdy protocol, has been used for years and indeed forms the backbone of many stable, high profile mail services on the Internet (along with the timeless POP3 protocol). However when relating it to Exchange implementations I become a bit of a “purest” and believe that when Organizations have the choices of MAPI or Outlook Anywhere or OWA I tend advise customers to not opt for IMAP (or POP3).

I (and this is a personal opinion – not reflective of the views of .:ENow) tend to look at IMAP as an additional complication, more ports to open (if you are using both secure and unsecure), an additional service running (therefore a larger attack surface) and more configuration for an admin to worry about.

Add this to the fact that IMAP is normally used with a different client such as Thunderbird (therefore an additional desktop client support) – and when sizing your Exchange databases if you have a big enough client base which requires IMAP it can represent further increase on required resources from a disk / memory perspective.

However, I cannot get away from the fact that a number of companies despite the above; need / want to use IMAP within their Exchange implementations (and in fairness there are a number of good reasons – licensing for example; you can download a decent IMAP client which will work with Exchange for free – whereas Outlook costs money) so as an Exchange Admin and indeed a service provider to customers I have a responsibility to help out where I can.

One of the most common “talked about” subjects that I (and indeed most Exchange Administrators) come across with customers whom are using IMAP and Exchange is Calendaring Access.

Most of the debate falls into the following categories:

Cannot view other people’s calendars
Cannot agree to, receive updates on or schedule meetings
No Calendaring at all
Calendaring errors with Exchange

Now, being honest with you – this article does not give you clear solutions to the above issues – as indeed some of them just don’t have a solution – they are problems which have existed for quite a long time, and indeed perhaps will continue to do so.

Microsoft nor IMAP client vendors (Mozilla being one example) do not seem to wish to divert huge amounts of development time to getting IMAP calendaring for Exchange working (perhaps it is because that Microsoft seems to include IMAP for legacy reasons but does not wish to have it as a primary connection focus for Exchange; and indeed if IMAP client vendors wrote a client to specifically work for Exchange - then IMAP and their client would cease to be an open standard) – therefore we are at the mercy of the “Add On’s” community to develop plug-ins which might help.

But what I hope to accomplish is to give you a couple of “workarounds” which can be used to make the impact of having to use IMAP clients with Exchange a little less difficult to bear.

My IMAP client of choice for this article is Mozilla Thunderbird version 2.0.0.19 using the Lightning Connector – version 0.9 many people out there will now possibly “balk” at my use of Lightning as it has been described on the web as “clunky” and indeed “under featured” – however my view is that in relation to Exchange and indeed IMAP it is perhaps the best an only solution that I have found that gives IMAP users a chance of getting near some for of calendar functionality.

We also need to understand that Lightning was developed for use as part of the Mozilla Open Source Calendaring Project as well as strong links to a dedicated Open Source IMAP server with groupware calendaring built in (a project called SOGO) therefore it was NEVER going to be all things to Exchange, but we should not over look the fact that it does provide some useful functions within Thunderbird (as Thunderbird has no inbuilt calendaring features in a default install).

Cannot View Other Peoples Calendars:

As mentioned above this article does not provide hard solutions to all the issues above – and this is one element that does not get totally solved but I can offer a work around.

The following does involve a little bit of configuration both from the client perspective and the Exchange Server – however – if you are in a position where your CEO really wants to have the ability to view the Calendars of others – and indeed will not part with Thunderbird – this might be for you.

In order for this to work you will need to ensure that you have configured the LDAP Address book correctly from within Thunderbird (this essentially connects to Active Directory and returns the GAL). For information on how you can do this please review the following link: http://joseph.randomnetworks.com/archives/2006/02/08/active-directory-as-ldap-address-book-for-thunderbird-outlook-and-mailapp/ remember that the bind DN should be your e-mail address.

One of the cool things about Thunderbird is that it is highly customisable – not only does it have a large and well supported “Plug ins” base, it also contains a feature where you can configure elements of the environment to suit your needs.

In this example I will show you how you can make use of a 3rd party plug in called “ThunderBrowse” which when combined with Active Directory script and a modification to the Thunderbird configuration enables you to open the calendars of people where the correct permissions have been granted.

Firstly you will need to download the ThunderBrowse extension from: https://addons.mozilla.org/en-US/thunderbird/addon/5373 to a suitable location on the machine where you have Thunderbird installed.

In order to install the plug in you will need to start Thunderbird then select [ TOOLS –> ADD-ONS ] you will then be presented with the following dialog box:

clip_image001

Click on the install button which will present you with a standard “Windows Open” dialog box – navigate to where you downloaded the “ThunderBrowse” plug-in and select it:

clip_image002

You will then be asked to confirm the installation – there will be a count down as this Plug-in is not signed by the publisher – when the count down is completed click on the “Install Now” button.

clip_image003

You will now to restart Thunderbird – when that is completed you will be taken through a very short configuration wizard – this is pretty self explanatory.

When you have completed the wizard you will be see the following change to the Thunderbird environment:

Now that you have a means of browsing via Thunderbird we now need to complete the configuration of the client before we move onto some of the server side changes that need to be made.

From the Tool menu within Thunderbird navigate to [ TOOLS –> Options ] and from the dialog box that is presented to you click on the “Config Editor” button – see below:

clip_image005

When you have clicked on the “Config Editor” button you will be presented with a screen which looks like the following:

clip_image006

You will need to locate the value <LDAP_REF>.server.default.attrmap.Custom1 (the value of <LDAP_REF> is the ID of the LDAP address book for your AD Domain – you should be able to identify this by finding the LDAP server name that you provided in the Address Book configuration (if you only have 1 LDAP address book configured there is a chance that the value will be the same as mine).

Double click on the entry and at the end add in the value (separated by a comma) “extensionAttribute1” – see below:

clip_image007

What we are doing here is mapping the value within AD of the Exchange Extended Attribute 1 to the Custom1 field in the Thunderbird address book – you might be thinking at the moment – why are we doing this? – well there is a purpose which I thought might be worth showing you before we continue with the configuration – the following Self Extracting Archive (in AVI format) demonstrates how, when you have finished the configuration how you can open other peoples calendars Exchange Calendars from within Thunderbird:

Exchange Calendars in Thunderbird – AVI [ 278KB (Compressed) 9 MB (Expanded) ]

This video is best viewed with VLC Media Player which can be downloaded from here: http://www.videolan.org/vlc/

Populating the Exchange Extended Attribute 1 with the OWA URL for the mailbox:

Now that we have completed the client configuration we now need to make some changes within Active Directory. Now these changes are not extravagant – essentially all we are going to do is put the URL for each user’s calendar via OWA into the Exchange Extended Attribute 1. At this stage you might be thinking “but I have hundreds of users” – so – I have provided a script (which encompasses the configuration for both Exchange 2003 and Exchange 2007).

This script will search through Active Directory finding Exchange recipients – when found each recipients extensionAttribute1 is updated to reflect the OWA URL to their calendar.

The script provided is an example only – you might want to review it and modify to suit your own needs (for example if you do not wish to update every mailbox in the directory) – however I must stress that it is provided “as is” – I have used it within my own LAB environment where it worked fine, however, I recommend that you test them yourself before using them in a production environment.

Neither I nor .:ENow can be held responsible for any undesirable effects that co-incidentally arise as a result of using the following script.

Custom Attribute Modification Script [ 2KB ]

In order to use the script – download it to either a domain controller or Exchange server within your organization, double click on it – where you will be prompted for three items of Information:

1. The name (this can be DNS name) of your OWA Front End or Client Access Server

2. If you are using SSL

3. If you are using Exchange 2003 or 2007

When you have provided the above the script will execute and update extension Attribute 1 of each recipient in Active Directory with the OWA URL to their calendar – see below:

clip_image010

You will now need to ensure that the /Exchange can support anonymous connections – this can be achieved via the Exchange System Manager (within Exchange 2003) by going to [ Administrative Groups –> Servers –> <Server Name> –> Protocols –> HTTP –> Exchange Virtual Server –> /Exchange ].

In Exchange 2007 you will need to ensure that you are logged onto the machine with an account which has permissions on the person’s calendar as Anonymous access is not supported.

Now that we have both the client and the server end configured, the remaining configuration is taken care of by configuring permissions within the mailboxes of people whom you want to grant access to – for example – within my Lab – I want my account (which is configured as the IMAP user and called Andy) to have access to the calendar of the administrator.

What I would need to do is logon as the administrator and assign the correct permissions to the calendar (as you would normally do) – typically I would grant “reviewer” access as the default permission (this will depend on your organisation).

Putting it all together:

Now that you have configured the client (by adding in the LDAP address book, configuring the LDAP mappings, and installing ThunderBrowse) and also configuring the back end – you are now in a position to use Thunderbird to access Exchange calendars as per video example above.

An example of what a populated calendar would look like is below:

clip_image011

Cannot agree to, receive updates on or schedule meetings:

One of the first things that you will notice about Thunderbird is that it does not (in a default install) contain any form of calendaring (not even a personal calendar). This however can be mitigated by downloading another Plug In called “Lightning” https://addons.mozilla.org/en-US/thunderbird/addon/2313.

The Lighting Plug-in is installed in the same way as ThunderBrowse - which I went through above. When installed you will see within the Thunderbird client that you now have access to a calendar – more to the point, when you are sent meeting requests, rather than appearing as plain text e-mails, they will now show up like the following:

clip_image012

As you can see you have the ability to Accept, Decline or Tentatively accept meetings or appointments – which are then added into the calendar. You can also create and send meeting invites – which when combined with the workaround above (for viewing others calendars) give you the chance to see if people are available.

IMAP Meeting errors with Exchange:

I have heard and read about some people experiencing errors within their IMAP clients when trying to open or read calendaring invitations sent from native MAPI Exchange clients.

Typically (although not exclusively) errors manifest themselves in the Exchange event log as (for example):

Event Type: Error
Event Source: IMAP4SVC
Event Category: Content Engine
Event ID: 1023
Date: 8/13/2008
Time: 7:56:47 AM
User: N/A
Computer: <Computer>
Description:
Error 0x7da occurred while rendering message 0001-0000001cded6 for download for user <User>.

For more information, click http://www.microsoft.com/contentredirect.asp.
Data:
0000: 07 0c 0d 00 ....

It is possible that the client will also throw an error when trying to open the offending invite.

Personally I have found that if you use the latest version of Thunderbird and ensure that your Exchange servers is up to date with the latest patches errors such as the above do not happen, however if you encounter such and issue it might be worth following the advice above – and following the processes which are given in the following articles:

http://support.microsoft.com/kb/329168

http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/c63b8713-9ef9-4076-a11b-5db08255689b/

Summary:

Well that is it for another month – I hope that you have enjoyed this little ramble through the world of Exchange and IMAP – if you should have any questions, please feel free to comment!

Labels: Exchange 2003, Exchange 2007, Exchange Support, Exchange Tips, IMAP

1 Comments:

AVaneste said...: Hi,

Very interresting article ! However, links to video and vbs seems down :(

Any chance to set it up again so we could experience your advices ?

Thanks,

Regards,

Arnaud.; October 23, 2009 2:18 AM