MS CRM 4.0 Certification

May 20, 2008

Just managed after two pretty intensive days to get through the Microsoft CRM 4.0 Installation and Deployment exam. It was very much as I recall other MS exams – short questions and mostly single answer multiple choice. It is worth being aware that there seemed to be a number of errors in the exam – for example – one of the form ‘each correct answer forms part of the solution’, with the only option being a radio button. If you find yourself presented with something like this it is worth commenting the question as, rumour has it, that there might be a bit of give on borderline fails that have commented any obvious howlers.

 

If you are about to take this exam please feel free to ask while it is fresh in my mind.

 

Tomorrow, I’m taking the Applications exam. By all accounts this one is a lot worse with very few people getting through – I gather this one may be revised.

 

3G Broadband Failover and Email

March 26, 2008

Almost all of our clients take the view that their broadband connection is critical to their business. In particular they are focused on the importance of email. Only a few, however, are willing to make the investment in a leased line. So, using ADSL or, occasionally, SDSL they don’t get any sort of SLA on their Internet connection.

All of our clients use MS SBS 2K3 as their mail server. As much as possible we encourage our clients to use the best available ISP – in our opinion Zen Internet. By using an external mail spooling service we can cover the inevitable occasional broadband outages with email delivered to the server once the connection is restored.

But, now that we can add a 3G USB dongle to the Draytek routers we use (currently the Vigor 2800) it should be possible to keep inbound and outbound mail flowing when the connection goes down. Well, this is where it gets interesting. The 3G failover works very well with the Draytek with a new connection coming up more or less immediately when the broadband line falls over. But, of course we now have a new IP address and a dynamic one at that.

Theoretically outbound email should still work fine – but it doesn’t. The problem now is that if we are using an unauthenticated ISP SMTP relay we now have an unacceptable IP address. Alternatively, if we are routing outbound email ourselves using DNS we will start getting blocked as spam as our Reverse DNS PTR record will no longer match and some ISPs will reject us out of hand as sending from a dynamic IP.

So the solution to maintaining continuity of outbound email is to use an authenticated SMTP relay either provided by the ISP or by a third party such as AuthSMTP This, of course, should be set up from the start and, if using a third party relay, will involve the client in extra expense.

So much for outbound email. But, what about inbound. Initially we thought we could set up a CNAME record for the MX at DynDNS. (By the way – DynDNS also seem to offer a pretty good authenticated SMTP relay). Using DynDNS with an appropriate CNAME it should be straightforward to switch IP addresses – and it is. But, some investigation then revealed that the dynamic IP address allocated to the 3G connection is not a fully routable address. It is in fact a NAT’d address behind the mobile provider’s firewall. And, alas it can’t be used to route email directly to the server.

As mentioned above, we have often used an external mail spooling service (usually from the excellent hosting company Hosting UK). While, this covers us in the sense of making sure that mail is not lost while a different IP address is in use, it doesn’t address the actual problem of maintaining inbound email while the broadband connection is down.

So the final piece in the jigsaw is to set up out own POP3 server using GFI Mail Essentials. The secondary MX is then pointed to this server and the tertiary, as an absolute final failover, points to the mail spool service. The SBS POP3 connector is permanently set to pull from the POP3 server every fifteen minutes and distribute to user mail boxes. Obviously, the POP3 connector will only ever find anything if the broadband connection.

So, there is a fully comprehensive solution to the problem of maintaining inbound and outbound mail flow during a broadband outage. The main downside appears to be the need to maintain identical mail addresses on the Mail Essentials server as on the SBS server. I haven’t investigated yet but it may be possible to set up catch all addresses on the external POP3 servers. This would make maintenance that bit easier.

As you can see this solution remains a work in progress. We haven’t fully worked out pricing on this and I would welcome feedback on better ways of achieving the same thing or additional services such as virus scanning and archiving that could be tagged on.

Sage, SBS 2K3 and AVAST

March 9, 2008

Anyone supporting the above combination will know that Sage can run like a dog in this situation. Here’s a tip I came across in the recent edition of the Avosec Partner newsletter.

At the following registry location on the server

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

Services\LanmanServer\Parameters

(NB all of the above should be on one line)

Key EnableOplocks – value should be set to True (1)

Installation of AVAST server sets it to False

“Another thing to increase workstation to server communication especially when accessing a database is to add the following exclusion to the Standard Shield [\\*] adding the \\* turns off network drive scanning on both the client and server and stops both workstation and server scanning the files when accessed. This doesn’t effect protection at all”

‘Out of Office’ Messages & Spam

February 29, 2008

I have struggled all week with a client’s Exchange server. All seemed fine but every morning there was a call on our support line to say they couldn’t connect to Exchange. On logging in, all seemed fine but a lot of stuff in the queue. Restarting the Exchange System Attendant and SMTP service seemed to do the trick.

So the likely diagnosis would be that there was a virus lurking somewhere on the system pumping out emails at such a rate as to cause the queues to stall. On inspection of the queues, sure enough the same few users were involved each night and the contend of the messages was very spam like with lots of undeliverables etc. Running Symantec AV from the server (I don’t like this product but no choice in this instance) reveals nothing and there is no other trace of any virus-like activity.

I was fairly convinced a virus must be involved and our scanning was missing it. I had to visit the client today to install a couple of PCs and resolved to sort out the issue while I was there – though I really couldn’t think what more I could do than continue virus hunting.

While I was there a couple of users remarked casually on the gradual increase in the volume of spam they are receiving over the last few months. I thought little of it other than the obvious sales opportunity and resolved to mention to the boss that we ought to install a spam filter on the server.

I installed the two PCs for a couple of users who were away on leave for the week. Did the usual set up of the PCs which concludes with making sure Outlook is working fine. I fired up Outlook and noticed several ‘message undeliverable’ reports in the In Box including several delivered that day. I had also noticed, without giving it a second thought, when I started Outlook that it had let me know that ‘Out of Office Auto Response’ was on.

Suddenly came the light bulb moment. I asked the IT manager how many staff were on holiday that week. The answer was four. I then asked if all were using ‘Out of Office Auto Response’ and, of course, the answer was yes. In fact, he went on to say, they hadn’t been using it before but had just decided it was a rather cool idea.

Of course, when they first started using it they quickly noticed that ‘Out of Office Auto Response’  messages were not being sent to people outside the office. They had phoned our help desk and, of course, our obliging team had changed the default Exchange setting to prevent ‘Out of Office Auto Response’ messages being sent outside the organisation.

So now I realised what was happening. A couple of thousand spam emails were coming in each day. Many of them were generating ‘Out of Office Auto Response’ messages which, in turn, given that most of the spam was originating from spoofed user names at real domains, were generating ‘Message Undeliverable’ responses which, again in turn, were generating a second ‘Out of Office Auto Response’  message … and so on … and on!

Until today I had often wondered why Microsoft had decided to include the ‘Out of Office Auto Response’ feature in Outlook while making the default setting in Exchange that these messages should not be sent out of the organisation. As we deal with relatively small offices where colleagues usually know when someone is out of the office it seemed particularly odd.

Now I know why! And, I also realise there is a nice sales opportunity. Come the holiday season when clients start phoning in to have the Exchange defaults changed we must remember to let them know they really have to have a spam filter first.