This one's for Jamie :-) There seems to be a lot of confusion with customers on how Outlook Anywhere works, especially when using a multiple AD-Site's setup.

Imagine the following scenario in the image below: 

And let us further assume that the users mailbox is located in "Site B" and the combined CAS/HT/MBX in "Site B" isn't accessible from the internet. The user tries to access his mailbox via RPC/HTTPS (Outlook Anywhere) on the CAS in "Site A". Oulook Anwhere is not enabled in "Site B"

So how does this work? More...

Are you tired of Exchange 2007 Rollups taking 1h + to install, even on high end production servers? Don't panic, there's a possible workaround - disable the certificate revocation check in Internet Explorer. Yeah, you heard right.

 It can be found in the Internet Explorer options, see screenshot below:

Doing this brought my RU5 install time down to around 10 minutes instead of approx one and a half hours.

Hope you find this usefull!

Regards,

Georg

 "In what way do Exchange and the PDC Emulator relate?" Well, before starting this topic you should know what the PDC Emulator is.

The PDC Emulator is one of the 5 Active Directory FSMO Roles (in Full - "Flexible Single Master Operation Roles"). The others are Schema Master, Domaining Naming master, Infrastructure Master and the RID Master.

What are the duties of the PDC Emulator:

• The PDC Emulator emulates a Windows NT 4.0 Primary Domain Controller - so that NT 4 Backup Domain Controllers can successfully replicate Directory Information (of course, in a pure Win2k/2k3 enviroment, this feature becomes obsolete).
  
  
• When a User changes his/her password on another DC, the password change is preferentially replicated to the PDC Emulator before any other DC.
  
  
• Furthermore, if a user tries to log on to a DC and the DC didn't receive the password change it will forward the logon request to the PDC Emulator (as mentioned before, the PDC Emulator gets preferential treatment on password changes).
  
  
• Account lockouts are processed by the PDC Emulator.
  
  
• When modifying or creating GPO's, this is always done on the SYSVOL - Share of the PDC Emulator.
  
  
• The PDC Emulator is the authoritive source of time in the domain - all other servers and clients will try to obtain time information from the PDC Emulator (for that reason, the PDC Emulator should always be configured with an external accurate time source).
  
  

So the PDC Emulator is a pretty important role within a domain. But what's up with Exchange? More...

I'am pretty sure you saw it before: User xy calls, his mailbox is over his size limit, but he must send or receive this one important piece of mail just now. You head to Active Directory, change the mailbox size limits. The User tries again, still not working.

You take a look into Exchange System Manager, and see that the new values have not been read by Exchange.

So what happens here?

Exchange 2000/2003 uses cached mailbox configuration data to determine the enforced mailbox size limits. By default, the cache has a TTL of 2 hours, meaning it can take as much as two hours for you changed size limits to be enforced. More...

So you ask: What is tar pitting?

IMHO,  tar pitting is a very suitable way to stop misuse of your Windows 2003 / Exchange 2003 SMTP Virtual Server by delaying SMTP responses for 5.x.x errors. This efficiently stops DoS and harvesting attacks on your SMTP servers.

For example: Hacker A continously sends mail to your server, named yourserver.mail.net, the simple purpose being to gather valid e-mail-addresses from your domains. This Brute-Force-Attack is called a "Directory Harvest Attack". 

Have a look at this telnet-screenshot, where a simple SMTP-communication is depicted: 

Normally, this kind of communication would just take a view milliseconds of time on your SMTP server. With tar pitting enabled, SMTP Virtual Server will freeze the connection for a configurable  amount of time before returning "550 5.7.1 Unable to relay". More...

Tired of Outlook Web Access blocking that attachment you would need most urgently, just because it has some weird extension?? Fear not, for this behaviour is customizable.

Fire up regedit on your OWA Server, and head for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA

It should look pretty much like the screenshot here: 

More...

Imagine the following scenario: A User using Lotus Notes Client sends a mail to an user who is using Outlook/MS Exchange 2003. Furthermore, this mail is routed via SMTP and not over a Notes Connector. In this scenario, the received mail has an attached .ics-File instead of being displayed as a regular Outlook-Appointment (see Screenshot below) More...