Friday, October 05, 2012

You did WHAT after opening an email attachment?!

It's crazy how often I hear something similar to the following:

"Hi, Tech Support? I opened an email attachment in Outlook and edited it and made changes, but now that I closed it I can't find that updated file and the one in the original email doesn't show my changes ..."

It should go without saying .. but seems to still need to be said:

"Don't open attached files directly from your email and edit them. Ever. Never-Ever."

If people pay attention to that advice we may have just solved about 70% of the future Tech Support calls related to this PEBCAK issue for end-users using Outlook 2003 and 2007.

If only ...

UPDATE: Thankfully Microsoft has taken action to resolve this being an issue going forward and has made it so that if the user is using Outlook 2010 for Windows or Outlook 2011 for Mac - Documents open in read-only mode, cannot readily be saved in the temporary folder structure and are saved in the "My Documents" folder by default.

For users with this issue in Outlook 2003 - 2007, try the following methods to find the temp file for the user:

Method 1:

  1. If you have not already done so, set Windows Explorer to display hidden files and folders from its Tools > Folder Options > View menu >Advanced Settings > Files and Folders > Hidden files and folders > tick the Show hidden filers and folders radio button.
  2. Then from the Windows > Start > Run dialog - type "%Temp%" and press Enter
  3. This will open an Explorer Window into your user temporary file area of Windows:
  4. In the left pane click "LOCALS~1" which will open another Explorer Window
  5. Then open the "Temporary Internet Files" folder
  6. Then open the "OLK**" folder (This is the Outlook temporary file area)
  7. Select the file you were looking for and move it to the Documents folder
Method 2:

If the locations discussed above do not apply on your PC, then the safest procedure to adopt would be to:

  1. Attach a test document (it doesn't matter what the actual content of the file is) to a message and e-mail it to yourself.
  2. View the message.
  3. Right click the attachment and use 'Open' to open the attachment in Word.
  4. Opening the document will create temporary working files in the temporary folder Outlook uses for this purpose. The file will be opened from the temporary location which your PC uses to store attachments.
  5. Save the document in the temporary folder.
  6. With that document still open, select 'Open' from Word, which will now have set its focus to the temporary location.
  7. Open the required document which should have your changes and save it to your usual document folder e.g. My Documents, as shown in the following sequence of illustrations.
  8. You can then open the document from Word.
  9. If the document does not appear in the folder in the above illustration, or if you have opened it again from the attachment and saved it with the same name (which should no longer be possible) any changes you originally made to it are lost.

Thursday, October 04, 2012

iPhone and Exchange 2010, you better play nice!! Or I'll ....

I ran into an interesting Mobile Smartphone issue recently with an iPhone and Exchange 2010 ... and by "interesting" I really mean annoyingly frustrating . >.<

The end-user reported that he had copied the settings from another iPhone user and he was able to get the Exchange account setup, but it would error out when he tried to send an email.

We had him delete the account and we went through the setup a second time; same results - no sendy no receivey

I attempted to reproduce the issue on an iPad I had available. I was able to create the account and confirmed that the security certificate was accepted correctly but still was unable to send or receive email.

Remotely accessed the client's Exchange 2010 email server and confirmed that the user's mailbox and Active Directory account looked correct when compared to a user who was using their iPhone successfully with the company's exchange email and had 'Manage Mobile Phone' showing their iPhone had successfully made a partnership with Exchange via ActiveSync  but the account for the user I was working with did not show that any devices have been synced/partnered successfully. ARGH!

Things smarter people would do = With ActiveSync enabled correctly in Exchange/AD etc; this is where, if I was smarter, I would have gone directly to using the Microsoft Remote Connectivity Analyzer

But ... Alas .. I didn't

The next thing I did was review the Event logs and found ActiveSync errors in the Application log.

I researched resolutions for the following error:

Source: MSExchange ActiveSync
Event ID: 1053
Task Category: Configuration
Description:

Exchange ActiveSync doesn't have sufficient permissions to create the "CN=MailboxName,OU=OrganizationalUnitName,DC=domain,DC=suffix" container under Active Directory user "Active Directory operation failed on DOMAINCONTROLLER.domain.suffix. This error is not retriable. Additional information: Access is denied.

Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0".

Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.


I applied a few fixes but was still having issues ... it was at this point inspiration hit and I started using the Microsoft Remote Connectivity Analyzer and was eventually able to get ActiveSync working on the iPad and then on the user's iPhone.

The Microsoft Remote Connectivity Analyzer linked me to this TechNet entry which fixed the issue:

“In Exchange Server 2010, you may also experience this issue if the Exchange Servers group does not have the appropriate permission to the mailbox object in Active Directory. The most common cause for this is broken Access Control List (ACL) inheritance in Active Directory.

To check whether inheritance is disabled on the user:

  1. Open Active Directory Users and Computers.
  2. On the menu at the top of the console, click View then Advanced Features.
  3. Locate and right-click the mailbox account in the console, and then click Properties.
  4. Click the Security tab.
  5. Click Advanced.
  6. Make sure that the check box for "Include inheritable permissions from this object's parent" is selected.
If the user is a member of certain protected groups such as Domain Administrators, it is normal for this box to be unchecked. If you are experiencing a problem with members of these protected groups you should check the permissions on the AdminSDHolder object.”

So this brings me to my real point here: Be smarter than me ...

** Always use the Microsoft Remote Connectivity Analyzer  FIRST to test for ActiveSync issues by default with the user’s email account and credentials" **

Note: Admin accounts will not work with the Microsoft Remote Connectivity Analyzer or with ActiveSync at all (Check to make sure the user having the issue is not a member of an adminstrators group in AD)

I hope this information helps you resolve this issue faster than I did! :)