1. Go to https://outlook.office365.com/ecp/Antispam/SpamContentFilter.slab and login with your Office 365 credentials

2. Click on Pencil to edit your Spam Filter settings
3. Add the domains or email addresses you want to ALLOW (whitelist) to the Allow Lists
4. Add the domains or email addresses you want to BLOCK (blackliist) to the Block Lists
5. Click Save when your finished and it will update your organization settings
6. That’s it!

I recently installed a new Lync 2013 setup along side Lync 2010.  My plan is to phase the new Lync 2013 in over the next few weeks.

Once Lync 2013 was setup and I moved a user to the new pool, Voice Mail stopped working for that user.

To quickly fix, I did the following:

1. Started Exchange Management Console

2. Went to Organization Configuration -> Unified Messaging

3. Added a new UM IP Gateway and specified my Lync Dial Plan.

4. I then called the DID for the person and verified the called rolled over to Voice Mail.

5. Fin!

You wake up one day, and a previously working Windows 2008/R2 Network Policy Server (NPS) stops authenticating Windows wireless PEAP clients.

Sometimes when this happens, iPhones/iPads/Androids have been reportedly kept working, just all Windows and Mac systems are unable to connect to the Enterprise Wireless. This just adds to the madness.

In every case this has happened to us, no changes have been made to any part of the wireless infrastructure in months or years.

Related errors in the event log:

– An Access-Request message that does not contain a Message-Authenticator attribute

– A response that is a malformed message.

– A message received was unexpected or badly formatted

Here is what works for us:

1. Start the Network Policy Server MMC

2. Go to Policies->(Your Wireless Policy)->Properties

3. Go to the Constraints tab

4. Make note of the settings for the “Microsoft: Protected EAP (PEAP)” EAP type

5. Remove “Microsoft: Protected EAP (PEAP)” EAP type

6. Add “Microsoft: Smart Card or other certificate” EAP type

7. Click OK

8. Now re-add the “Microsoft: Protected EAP (PEAP)” EAP type, removing the “Microsoft: Smart Card or other certificate” EAP type

9. Click OK

10. Everything magically works again!

FYI… A really helpful RADIUS testing tool is available from Novell at http://www.novell.com/coolsolutions/tools/14377.html.

I have been running this firmware all day on my Snom 821 and its working very well.  BTW the best feature of the Snom UC/Lync phone for me is the ability to be logged into multiple Lync accounts at once!

I do not believe this firmware is available publicly, so you need to be a Snom partner (http://www.snom.com/en/ocs/) or ask your Snom partner to get it for you.  I’ve posted the release notes for this release below.

snom UC edition 8.7.2.13

Snom 300 snom300-SIP 8.7.2.13
Snom 320 snom320-SIP 8.7.2.13
Snom 360 snom360-SIP 8.7.2.13
Snom 370 snom370-SIP 8.7.2.13
Snom 820 snom820-SIP 8.7.2.13
Snom 821 snom821-SIP 8.7.2.13
Snom 870 snom870-SIP 8.7.2.13
Snom MP snomMP-SIP 8.7.2.13
Snom PA1 snomPA1-SIP 8.7.2.13

New Features & Fixes –
Feature – Server side Address Book Search (ABS)
Feature – Phone follows server side keyboard lock
Feature – User can set presence state on phone
Feature – New display user interface (with scrolling for long text)
Feature – Added CAC support
Feature – Added E911 support
Feature – Exponential backoff algorithm on “registration, TCP disconnect, reboot”
Feature – Different audible Ringtones for “Response Group” and “private line”
Feature – Added MS-conversation ID to support certain Attendant console transfer scenarios
Feature – Added support for Lync (W14) level call forwarding
Feature – Added support for Lync (W14) level message waiting indication

Fixes:
The splash screen of the UC version was wrong (fuzzy)
snom 300 Dialing PSTN number from call logs dials
snom 300 No update of missed call and received call in snom 300 call log
snom 300 restarts in call deflection scenario of lync client
Issue with not releasing TURN ressources found in MS IT scenario fixed
snom 300 : Snom 300 displays mediation server FQDN when Attendant console does consultative transfer between PSTN Number and Snom 300 user

Unresolved Issues and Caveats
snom 300: On older series phones, there can appear weird characters during bootup
When user places an E911 call on hold, the UI does not display a forbidden message
In certain environments indication for 2nd incoming call might not work
In certain environments audio of one participant of a local conference might be missing
During PSTN call with snom 300, second PSTN incoming call overrides identity of first connected call on display

Tom Laciano (@tomllcskid) has accumulated most of the fixes to get Lync 2011 to work on the Mac here.  Fix #3 (removing the “Unknown” cert) seems to have fixed Lync 2011 Mac for most folks.

Unfortunately for me Lync 2011 refused to work even after that fix.  Lync would start, login, and promptly crash.  The EXC_BAD_ACCESS error I received is well documented here.

Graciously Tom Laciano worked with me to get to the bottom of whatever was ailing my Lync installation.  Right when we were ready to escalate the case to Microsoft Support, I found the following article: http://ucken.blogspot.com/2011/03/enterprise-voice-and-communicator-for.html

So here is what finally fixed Lync 2011 Mac working on my Mac Lion 10.7.2.

If you have Outlook 2011 installed, you HAVE to configure it to use your Exchange account otherwise Lync will crash.  I use Outlook Web Access (OWA) instead of the Outlook client, so it never dawned on me that Lync would need Outlook since Communicator Mac clearly did not.

1. Setup your Exchange Account in Outlook 2011 and make sure it’s connected.  BTW I did not have to wait for Outlook to finish downloading email to continue.

2. Trash your Documents\Microsoft User Data\Microsoft Lync Data folder.  Lync would crash too quickly until I removed this folder.

3.  Start Lync and login

4.  Once Lync logs in immediately go to Lync->Preferences->Account and uncheck “Use Microsoft Exchange for managing personal information”

5.  At this point my Lync was stable!

I am sure in a future point release Microsoft will improve the error checking here and handle this situation better.  But for now this fix is working for me and I finally get to use Lync 2011 Mac!!!

UPDATE 12/28/2011: I am running Mac Office 2011 14.1.3

UPDATE: 1/15/2013: The *REAL* fix for this is here: http://ocsguy.com/2012/05/19/lync-phone-edition-connection-to-microsoft-exchange-is-unavailable/.  Looks like the Lync 2011 Mac also needs the proper Exchange root certificate.

UPDATE: 7/14/2014: The *REALLY* real fix is here  http://ceriumnetworks.com/home/about-us/blog/exc-bad-access-issue-with-the-lync-client-for-mac-crashing-after-login/ Improper dial plan resolved all remaining issues for us. I recommend you use http://www.lyncoptimizer.com to review your dial plans and fix accordingly. All is working swimmingly now!

UPDATE 10/20/2011

Getting to Exchange Outlook Web Access (OWA) out of the box isn’t the most friendly for end users.

Your URL has to be HTTPS and don’t forget the /owa at the end!

There are a lot of methods for “fixing” this on the Internet.  Some of the solutions are quite clever and others get rather involved.

As I was setting up a new CAS server tonight I reviewed many of these solutions.  Since this new Exchange 2010 server I am working on is part of a far more elaborate Exchange 2007, Lync/OCS and Cisco UM setup, making lots of deep IIS changes wasn’t anything I wanted a part of.

The questions I asked myself were….

• How would these changes impact Lync/OCS (soft clients, phones, devices)?
• Would they impact Exchange 2007 redirection?
• Would Microsoft PSS yell at me 3 years from now for jacking up IIS JUST to improve ease of use for OWA users?
• Am I going to end up with a troubleshooting nightmare later?
• When administration of this server ends up going to someone else, what are they going to inherit?

I just wanted to make getting to OWA via just the hostname EASY.

So I went back to the old standby method.  It’s simple.  It’s not sexy.  It’s down-right boring.

While I can’t promise PSS won’t yell at YOU in 3 years for doing this, at least you will not be making drastic or deep changes to IIS.  Just one simple change and the real problem you are trying to fix will be fixed, with fewer possible unintended consequences.

1. Start your IIS Manager
2. Click on the web site where your Exchange is (by default its “Default Web Site”)
3. Double-click on Error Pages
4. Click Add
5. In status code put “403.4” (without the quotes)
6. Select “Respond with a 302 redirect”
7. In the Absolute URL field put “https://owa.exchangerocks.com/owa”
8. Click OK
9. Fin!

No go to http://owa.exchangerocks.com and your OWA Login should appear.  If it does not, make sure port 80 is open on the server firewall and on any firewall ahead of the server.

How this works…. The 403.4 HTTP Status Code is the code for “SSL Required”, and if the web server responds with that error, it will redirect to your proper OWA URL.

That’s it!  This method works equally for Exchange 2007 or 2010 (and 2003 if you do the research).

Now this doesn’t “fix” the URL if the user goes to https://owa.exchangerocks.com.  You could change the status code above to just 403 (Access Denied) – but then ALL access denied events will get redirected to your OWA login.  I don’t recommend that as that will really impact troubleshooting/your support desk and not mention increase your bandwidth if your OWA box is ever annoyed by hackers

For that scenario, I recommend using Microsoft’s URL Rewrite and adding the necessary redirects.

Close Outlook

In Windows 7 (x64 or x86), start the Credentials Manager in your Control Panel.

In Windows XP, go to the User Settings.

Remove all saved entries that have anything to do with your Exchange Server or your Domain Credentials.  They would look like:

• domain\username
• owa.domainname.com
• exchange.domain.local
• MS.Outlook:

Then start Outlook and enter your credentials, saving your password.

Then restart Outlook and it should go right in!

Additional information is available from here.

“An error occurred while trying to copy the Client Setup files. Check the following, and then try again:

If you use a public proxy server to browse the Internet, clear the Internet Explorer connection setting for using a proxy server.  To do this, from the Tools menu, click Internet Options, click the Connections tab, click the LAN Settings button, and then clear the check box in Proxy Server.

If you do not have a public proxy configured for the Internet Explorer, then your network administrator must reinstall the Client Deployment component on the server. To do this, from Add or Remove Programs, run Windows Small Business Server Setup in maintenance mode, and then run Client Setup again.”

Here’s the fix:

1. Open Administrative Tools->IIS Manager
2. Go to Server(local computer)\Web Sites\Default Web Site\Connectcomputer
3. Right click Connectcomputer and select properties
4. On the Directory Security tab, under Secure Communications, click Edit
5. Remove the selection of Require secure channel(SSL) and Require 128-bit encryption.
6. Click OK two times and try again.

More info here…

AstraSync is what we found and have recommended to our clients for years.  It works well and our Blackberry users are happy with it.

Hopefully one day Blackberry will just license ActiveSync like Apple’s iPhone did, but for now, AstraSync works great and is cost-effective considering the alternative.

So if you need your Blackberry to talk to Exchange, get AstraSync and move on to more interesting things

Since GoDaddy does not provide a PFX certificate to download, you have to use the PowerShell command line.

Though you can use the new GUI to assist you in determining which SAN names you need if you want.

MY ADVICE:  make your common name just your top level domain name!  (ex. montopolis.com)  This way you can change out your SANs easily and rekey when needed.

Go to DigiCert’s Exchange 2010 CSR Tool which is just supper handy (GoDaddy really needs to make a version of this tool).

Enter all of your information and click Generate.

Copy the PowerShell code provided into Notepad.

In front of the code you pasted put in “$Data=” (without quotes).  Example:

$Data=New-ExchangeCertificate -GenerateRequest -KeySize 2048 –SubjectName…………………

On the next line enter the following (without quotes)

set-content -path “mycommonname.com.csr” -Value $data

Now paste these two lines into your Exchange Management Shell.

You should now have a mycommonname.com.csr file!

Open this file in notepad so you can copy & paste this for GoDaddy.

Go to https://certs.godaddy.com and request a new UCC certificate.  When asked paste your CSR.

Wait for GoDaddy to issue your cert and download it for Exchange 2007.  Copy the contents of the ZIP into the directory where your CSR is located.

From the Exchange Management Shell type in, replacing mydomain.com.csr with your filename:

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path mydomain.com.crt -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services “IIS”

Don’t worry about the services enabled right now.  We just want to enable one.

Now start your Exchange Management Console –> Server Configuration.  You should now see your new certificate listed.  Select it and click Assign Services to Certificate from the Actions menu.

Now assign the certificate to the services you want and voila!

I wasted a couple hours going the wrong way so I hope this saves someone else some time and frustration.  Good luck!