Exact.Jobs.SysExchange.x64.dll replaces Exact.Jobs.SysExchange.dll in a 64-bit environment (for example, D:\Synergy\bin\Exact.Process.exe" /DBCONFIG:Synergytest /ASSEMBLY:Exact.Jobs.SysExchange.x64 /CLASS:SysExchange_x64 /E:TEST-EXCH2), as CDO is not supported in that environment. While the functionalities of Exact.Jobs.SysExchange.x64.dll have been kept as close as possible to Exact.Jobs.SysExchange.dll, changes have been made to the following prerequisites and features:
This document attempts to list out the extra configurations needed on top of what has already been listed in Checklist Background job SynergyExchange.exe.
Note: Form Based Authentication is not supported.
Please check and ensure that WebDAV is enabled in IIS and Microsoft Exchange Server. WebDAV is installed automatically with IIS5.0, but you would have to install it manually with IIS6.0 and IIS7.0.
1. Go to Microsoft Windows Start button, click Settings, and then click Control Panel. Select Add or Remove Programs, and then select Add/Remove Windows Components.
2. Click Application Server, and then click Details.
3. Click Internet Information Services (IIS), and then click Details.
4. Click World Wide Web Service, and then click Details. WebDAV is installed if the WebDAV Publishing check box is selected.
An extension is needed if you want to install WebDAV on IIS7.0. For more information, see http://learn.iis.net/page.aspx/350/installing-and-configuring-webdav-on-iis-70. In case the given site is not available, see Appendix 1.
Please note that Exact.Process.Exe requires the Send As right to be granted to the person running the job.
For more information on the steps to grant the Send As right in Microsoft Exchange Server 2007, see http://crosbysite.blogspot.com/2007/10/granting-as-rights-in-exchange-2007.html. In case the given site is not available, see Appendix 2.
For more information on the steps to grant the Send As right in Microsoft Exchange Server 2000 and Microsoft Exchange Server 2003, see http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htm. In case the given site is not available, see Appendix 3. For more information, see Checklist background job SynergyExchange.exe.
To connect with Microsoft Exchange Server over SSL, check that the WebDAV interface to Microsoft Exchange uses SSL. This setting depends on two sites automatically installed in the Exchange server, which are "Exchange" and "public".
If you are using Windows Server 2008:
1. Go to Microsoft Windows Start button, click Settings, Control Panel, Administrative Tools, Internet Information Services, [Server Name], Sites, Exchange.
2. Then, click SSL Settings under the Security tab. Ensure that the Require SSL check box is selected.
3. Make sure that you have selected Ignore at Client certificates.
4. Finally, repeat steps 1 to 3 for the ‘public’ site.
If you are using Windows Server 2003:
1. Go to Microsoft Windows Start button, Settings, and then click Control Panel. Select Administrative Tools, and then Internet Information Services, [Server Name], Web Sites, Exchange.
2. Next, click Action, Properties, and then click the Directory Security tab. In the Secure Communications section, click Edit. Ensure that the Require secure channel (SSL) check box is selected.
3. Make sure the Ignore client certificates check box is selected.
4. Finally, repeat steps 1 to 3 for the "public" site.
In order to use SSL, the computer where you will be running Exact.Process.Exe must have the Exchange server’s certificate installed as a "Trusted Root Certification Authority". This must be installed even if you are running Exact.Process.Exe on the Exchange server itself.
Only an Exchange Administrator has the rights to perform the installation. See the following steps for more information on the installation:
1. To check which certificate Exchange is using, go to Microsoft Windows Start button, click Settings, and then click Control Panel. Select Administrative Tools, and then Internet Information Services, [Server name], Select Server Certificates. Find the certificate named Microsoft Exchange.
2. Run mmc.exe, File, Add/ Remove Snap-in, Add the Certificates snap-in.
3. Then, locate the certificate you found in step 1, click Action, click All Tasks, and then click Export. Be sure not to include the private key in Export.
4. Copy the exported certificate to the computer where you will run Exact.Process.Exe, and then install the certificate under "Trusted Root Certification Authorities".
Internet Information Services (IIS) 7.0 changes the default behaviour of allowing double escape sequences in URLs (it is now denied by default). When this option is set to Deny, appointments created in Exchange with two or more consecutive special characters (!,@,#,$,%, etc) in the Subject field will not be synched, as the appointment is not accessible by WebDAV (it returns a 404.11 error). To change this behaviour:
1. Locate the following directory: %windir%\System32\inetsrv\config.
2. Open applicationHost.config with Notepad. Locate the following code:
<section name="requestFiltering" overrideModeDefault="Deny" />
under Exchange, and replace it with:
<section name="requestFiltering" overrideModeDefault="Allow" />
3. Then, add:
<requestFiltering allowDoubleEscaping="True" />
under Exchange within the <security> tag.
4. Save and run iisreset.exe.
Excerpt taken from http://learn.iis.net/page.aspx/350/installing-and-configuring-webdav-on-iis-70.
The following items are required to complete the procedures in this article:
· IIS 7.0 must be installed on your server, and the following must be configured:
o The Default Web Site that is created by the IIS 7.0 installation must still exist.
o The Internet Information Services Manager must be installed.
o At least one authentication method must be installed.
Note: If you choose to use Basic Authentication with the WebDAV redirector, you must connect to your server using HTTPS.
· The WebDAV Redirector must be installed:
There are two separate downloadable packages for the new WebDAV extension module. You need to download the appropriate package for your version of Windows Server 2008:
· 32-bit Installation Package: WebDAV for IIS 7.0 (x86)
· 64-bit Installation Package: WebDAV for IIS 7.0 (x64)
You must run the installation package as an administrator. This can be accomplished by one of the following methods:
· Logging in to your server using the actual account named "Administrator", then browsing to the download pages listed above or double-clicking the download package if you have saved it to your server.
· Logging on using an account with administrator privileges and opening a command-prompt by right-clicking the Command Prompt menu item that is located in the Accessories menu for Windows programs and selecting "Run as administrator", then typing the appropriate command listed below for your version of Windows to run the installation:
o 32-bit Windows Versions: msiexec /i webdav_x86_rtw.msi
o 64-bit Windows Versions: msiexec /i webdav_x64_rtw.msi
1. When the installation package opens, you will see the following screen:
2. If you agree to the license terms, select the I accept the terms in the License Agreement check box, then click Install.
3. The progress indicator will reflect the status of the installation as it proceeds. See the following screen as an example:
4. After the installation has completed, click Finish.
5. The WebDAV extension module is now installed.
Excerpt taken from: http://crosbysite.blogspot.com/2007/10/granting-as-rights-in-exchange-2007.html.
To grant the required permissions, see the following steps:
1. At the command prompt, type “ADSIedit.msc”. This requires the Windows Server 2003 Support Tools.
2. In the Action menu, select Connect to….
3. Next, select Select a well known Naming Context.
4. Select Configuration from the drop-down list.
5. By default, the Default (Domain or server that you logged in to) option is selected. Leave this button selected if the machine you are logged in to is in the same domain as the Exchange 2007 organization. If the machine you are logged in to is in a different domain, select Select or type a domain or server and enter the domain controller name.
6. Click OK to return to the ADSI Edit window.
7. Select the Configuration node that contains the name of the domain controller that holds your Exchange 2007 organization. Navigate to CN=Services | CN = Microsoft Exchange | CN=”Your Exchange Organization”.
8. Right-click the organization node and select Properties.
9. Then, under the Security tab, click Advanced.
10. Click Add, and select the appropriate user or group.
11. In the Permission Entry window, ensure that Apply Onto is set to this object and all child objects.
12. Under the Allow column, select the Full Control check box.
13. Click OK to add the entry, and click OK again to exit.
14. Finally, close ADSIedit.
Excerpt taken from: http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htm.
In Microsoft Exchange Server 5.5, when you grant Service Account Admin privileges on the Site container to a Microsoft Windows account, you grant that account unrestricted access to all mailboxes. Because Exchange 2000 and Exchange Server 2003 do not use a service account, even accounts with Enterprise Administrators rights are denied the right to access all mailboxes, by default.
This means that Exchange Full Administrators do not have the right to open any mailbox found on any server within the Exchange organization.
In fact, if your logon account is the Administrator account or is a member of the Domain Admins or Enterprise Admins group, then you are explicitly denied access to all mailboxes other than your own, even if you have full administrative rights over the Exchange system.
However, unlike Exchange Server 5.5, all Exchange 2000/2003 administrative tasks can be performed without having to grant an administrator sufficient rights to read other people's mails.
This default restriction can be overridden in several ways, but doing so should be in accordance with your organization's security and privacy policies. In most cases, using these methods is appropriate only in a recovery server environment.
Note: You must have the appropriate Exchange administrative permissions to do so.
1. Start Active Directory Users and Computers.
2. On the View menu, ensure that the Advanced Features check box is selected.
Note: This is not necessary on Exchange Server 2003 because of the fact that the Exchange Advanced tab is exposed by default.
3. Right-click the user whose mailbox you want to give permissions to and select Properties.
4. Under the Exchange Advanced tab, click Mailbox Rights. Notice that the Domain Admins and Enterprise Admins have both been denied access to Full Mailbox.
5. Next, click Add, click the user or group to whom you want to give the access to this mailbox, and then click OK. Be sure that the user or group is selected in the Name box.
6. In the Permissions list, click Allow at Full Mailbox Access, and then click OK.
7. Click OK until you finish the set up.
Warning: If the Group or User name list is empty and you only see one line with the name of SELF, seeSELF Permission on Exchange Mailboxes before you modify the permission settings.
Note: If the purpose of granting such access is to permit the usage of the EXMERGE utility (for an example of such requirement, see How do I use EXMERGE to delete specific messages from Exchange 2000/2003 mailboxes?), grant the Receive As permission. You can also grant the Full Control permission for a complete access.
Note: You must have the appropriate Exchange administrative permissions to perform this.
1. Start Exchange System Manager.
2. Drill down to your server object within the appropriate Administrative Group. Expand the server object and find the required mailbox store within the appropriate Storage Group. Right-click it and select Properties.
3. Then, go to the Security tab.
4. Click Add, click the user or group to whom you want to give the access to the mailbox, and then click OK. Be sure that the user or group is selected in the Name box.
5. In the Permissions list, click Allow at Full Control, and then click OK.
Note: Make sure that the Deny check box next to the Send As and Receive As permissions is not selected.
6. Click OK until you finish the set up.
2. Drill down to your server object within the appropriate Administrative Group. Right-click it and select Properties.
Note: It might take some time before the changes you have made will take effect. The amount of time needed is influenced by the number of domain controllers, Global Catalogs, and site replication schedules and intervals. On one domain with one site containing multiple domain controllers, it might take up to 15 minutes before you can begin using these new permissions. On single servers that are also DCs, you can speed up the process by restarting the Information Store service.