Saturday, October 31, 2009

Adding a Small Business Server 2008 Autodiscover SRV record using the Plesk Control Panel

My Problem:
When I went to create a SRV record for my SBS 2008 machine in the domain's Plesk control panel, I was confused by the wording that Plesk uses concerning the record's options. I had to map the four required pieces of information to the seven available options.

My Solution:
The four required pieces of information as per KB 940881 are Service, Protocol, Port Number and Host. Those map to the following inputs in the Plesk control panel.
  • "Service: _autodiscover" maps to "Service Name" in the Plesk control panel. Do not manually type the leading underscore; only type "autodiscover" (minus the quotes, of course)
  • "Protocol: _tcp" maps to the "TCP" radio button in the Plesk control panel.
  • "Port Number: 443" maps to "Target Port" in the Plesk control panel.
  • "Host:" maps to "Target Host" in the Plesk control panel. Use whatever hostname you have on your SSL cert. For the majority of SBS 2008 scenarios it will be
The Long Story:
I had come to the point in my SBS 2008 implementation where I needed to create the autodiscover SRV record. However, when I logged into the Plesk control panel for the domain I was a bit puzzled. The wording for the various options was a bit ambiguous.

This helpful simplification of the facts surrounding the SRV record helped me get an initial grasp of the topic. According to the official KB article on the SRV record, I need the following information in the record:
Service: _autodiscover
Protocol: _tcp
Port Number: 443
So, I see a total of 7 possible options in the Plesk control panel and only 4 pieces of information that I'm supposed to feed it. Time to try and map the two categories to eachother.

I assumed that the "Services Name" area was simply a place to put a friendly name for me to reference the record by. I first tried "Outlook/Exchange Autodiscover" as the name, but that was reject. I assumed it was the '/' that caused issues, but taking it out didn't resolve it. I took out all spaces and that allowed the record to be created but not in the way that I thought it should be.


After some thought, I realized that the "Domain Name" section did not have an asterisk and was not necessary. Therefore, the Service Name section was probably where _autodiscover went and the domain name section should be left blank! I just that and received this confirmation:

That almost looked perfect... but that underscore in front of autodiscover seemed a tad too long. I then noticed that the underscore in the tcp portion of the record was not something that I supplied. Apparently, the underscore is not supplied for any of the information but is autocreated by the DNS service. I simply used "autodiscover" as the service name and that looked better:

The "Protocol" input seemed to be self explanatory. "Enter Domain Name" puzzled me a bit. Looking down, I saw the options "target host" which I figured would be the name of the subdomain that points to the mail server; Therefore I figured that the "Enter domain name" section was only if you had a very subdivided domain namespace.

The "Priority" and "Relative weight for records with the same priority" sections completely baffled me. I left them at their defaults. I placed "" in the "Target Host" section (the domain that was registered in the SSL certificate) and "443" in the target port section.

After all this, I had a properly formed SRV record for my Outlook 2007 clients to use.

Friday, October 30, 2009

SBS 2008 by default bounces messages to postmaster and abuse accounts

I wonder how many SBS 2008 boxes do not have properly funcitoning postmaster@ and abuse@ email addresses. Why? Because by default, emails to those accounts from external addresses are bounced. The short story is that the postmaster@ and abuse@ email addresses are assigned to the "Postmaster and Abuse Reporting" distribution group. By default, the only member of that distribution group is the "Windows SBS Administrators" group which by default requires that all senders must be authenticated! Doh!

Much thanks to Mariette Knapp over at for her bite-sized article concerning the issue and how to fix it:

Saturday, October 24, 2009

Configuring RDNS records for a business accout

To set up RDNS records for a business class network connection (mine is a DSL line), you must first log into using your account information. Next, select "Manage your account", then select "Configure your DNS Records" and finally "Configure Reverse DNS Records"

You would use this process regardless of if your donain's DNS records are hosted at a different provider such as your web host or domain registrar. In my case, our domain's DNS records were hosted on our web host's name servers. However, reverse lookups are a function of the ISP and not typically the name servers that are authoritative for your domain unless you've explicitly told your ISP to delegate RDNS authority to different DNS servers.

Thursday, October 22, 2009

Exchange 2007: Sending as a certain user fails because you do not have the proper permissions

My Problem:
Even after being granted the Full Access, Send As and Send on Behalf Of rights, my emails from that user account were being rejected with the following error message:

Delivery has failed to these recipients or distribution lists:
You are not allowed to send this message because you are trying to send on behalf of another sender without permission to do so. Please verify that you are sending on behalf of the correct sender, or ask your system administrator to help you get the required permission.

My Solution:
This was a rather silly error. When creating a new mail, I was typing in the email address into the "From:" field of the new message. That is, I was typing in the full email address in the form of "". To send as the user, you need to either click the "From:" button and select the user from the address list or type the users Alias and let Exchange resolve it (E.g. emailAddress without the "" part --> click Check Names).