Email problems when using the POP3 connector

If you are using the POP3 connector to receive mail, but you have some accounts (like a remote user) that are not collected by the SBS box you will find that it’s not possible to send mail to those accounts from inside the SBS domain.

As soon as you try to send mail to that account, Exchange will send you and NDR back saying “The email account does not exist at the organization this message was sent to.  Check the email address, or contact the recipient directly to find out the correct address.”

This happens because by default Exchange is setup to be authoritative for the domain, any address that doesn’t exist on you server will appear as undeliverable. The best way to workaround this is to collect all mail on your SBS box and then make the remote user connect to the SBS box instead of your ISP (you could use OWA, RPC over HTTP or even POP3/IMAP).

Another workaround to this problem is to open Exchange System Manager-> right-click Virtual SMTP server-> Properties-> Messages tab-> Specify your ISP’s SMTP mail server on the field “Forward all mail with unresolved recipients to host”.

Note: If you are using SMTP to receive mail you should not do this (there is no need anyway)… you could cause a mail loop because of this.

Smartphone Review – Motorola MPx220


Last year I was itching for a new phone. My contract was up, my previous phone was pretty old and I wanted to be more “connected”. I did a lot of research on which phone I should get using two great sites: and Since I’m not really a road warrior I opted for a smarphone instead of a PDA/Phone combo and after much debate I got a Motorola MPx220 from Cingular Wireless.


This little phone has really impressed me. It has Quad Band GSM, 1.2MP camera (for still and video), Bluetooth, IR and a miniSD slot for additional memory… most importantly it runs on Windows Mobile for Smartphones 2003 (which means it has ActiveSync, Outlook, MSN messenger, Media Player, etc.).


What I like-


Phone quality and signal reception is pretty good. I love using the Bluetooth between my laptop and the phone to synchronize, transfer files, etc without any cables. I also got a 512mb miniSD card, added a couple of MP3s and now I always have an MP3 player with me. About 2 weeks ago I installed MS Pocket Streets 2005 which is pretty impressive considering how small this phone is.


Having internet access on my phone (and whenever I go) is waaay cool. With OMA, Mapquest, Accuweather, etc. at hand I feel there is nothing I can’t do. It took me a while to figure it out, but recently I was able to synchronize directly to Exchange so the phone keeps Outlook updated (probably one of the greatest features). Cingular data package is only $20/mo for unlimited use (which supposedly doesn’t include tethering a PDA/Laptop… but I have done it without any additional charges).


What I don’t like-


Typing on this phone is a nightmare (although I sort of expected it). I’m looking forward to see what the newer MPx will bring to the table. I don’t really care much about the camera, but its definitely not one of its greatest features (the flash is virtually non-existent and picture quality is poor). Finally, getting used to the phone takes a while… there is simply too many features, buttons, programs, etc. I find something new each day J.




This is a phone for the casual roadie or some exec that needs something really small to be kept into the loop. I wouldn’t recommend it for someone who has to do a lot of stuff with it (for that get a PDA/Phone). So, don’t plan to write more than a sentence or two using it (you will get tired really soon). On the other hand, this phone will keep your Laptop or PDA connected to the internet whenever you go via Bluetooth or USB (and you can receive calls at the same time)… definitely a feature I use a lot.


Which is my favorite feature?


By far my favorite feature is the size. I don’t know how Motorola managed to put so many things in this small package. Motorola’s RAZR V3 phone might look like a million bucks, but this phone has a lot more features (plus is cheaper!).

How to enable SMTP outbound authentication

Here is a Quick Tip-


Many smarthosts require that you authenticate before you can relay your mail to them. Unfortunately, the SBS dev team did not add an authentication window to the Configure Email and Internet Connection Wizard (CEICW). You have to do this manually, but do not worry… it is very easy:


Open Exchange System Manager, drill down to Connectors, right-click the SMTP connector and select properties. On the Properties screen click on the Advanced tab, go to Outbound Security and type the logon info of your ISP.


By the way, if you want to learn more about using Smarthosts vs. DNS for mail delivery you should read this article.

Please turn off all electronic equipment for takeoff

Sorry this has nothing to do with SBS, but I really need to get it out of my chest.

As I mentioned in my last blog article I went to Toronto for the local SMB Nation mini summit. It was sooo cool to finally meet in person many of my MVP friends and community members, I really got many memorable moments there (and some even have pictures attached to them!). However, all that “magic” ended abruptly when I got inside the airplane…

Ok. Let me start by admitting that I’m not really a frequent “air” traveler… I normally travel about 3-4 times in a year. As most of you, I carry around my laptop, PDA, smartphone and MP3 player whenever I go.

It REALLY bugs me to have to turn off all electronic equipment for takeoff. How on hell my crappy MP3 player could have any effect on this multi-million dollar airplane? I don’t want to get arrested (I hear the FAA police knocking on my door now J), but I normally turn off my cell and continue using the MP3 player the whole time. However, this time all the flight attendants were ordering me to turn everything off!

This time in particular was pretty bad since I had to take several short flights (1hr max)… so 20 minutes takeoff, then 20 minutes landing it gave me 20 minutes to hear MP3s. That’s not acceptable! (BTW reading on those small airplanes gets me sick!).

Let me put it this way-> I think turning off all electronic equipment for takeoff is pure BS. Even turning off all RF equipment (like cells, pagers, etc.) is totally bogus. If there was really the potential for a problem then the airplane makers need to improve their EMI/RFI shielding, filters, etc. If not, then the safety of xxx passengers can be jeopardized by a moron (maybe like me) leaving their MP3 player or cell on? What a bunch of crap-o-la!

I’m glad the FCC and the FAA are reconsidering all this. Just let me fly with my MP3 player please!

Going to Toronto

Most of you may already know that there is an SMB Nation Summit on Toronto on Jan 11 (read more about it on Susan’s blog). I’m happy to say that I will be attending the event and I hope that you will too (I’m cutting 2 days off my vacations and flying from San Juan to Toronto and then going to Philly… so don’t tell me about distances, work, etc.)

Seriously, this is a great opportunity to learn more about SBS, have fun and meet a lot of people (plus its great to be able to “speak SBS” for a while). I’m looking forward to meet many SBSers and MVPs (last count was 10 SBS MVPs assiting the event).

This will be an awesome event… and I hope to see you there!

Cheap SSL Certs

I’m on some sort of vacation since last week at home in Puerto Rico… I say “some sort” because I’m actually upgrading my last SBS2k box to 2k3 and using the old box as a terminal server. While I was preparing the migration the client asked if there was a way to take out the “Security Warning“ page that they get when they access OWA (and RWW in the future) from a public computer (one that the cert has not been imported previously)… and I told him that it would cost $400-800/yr to get a Verisign cert to fix that. We both knew that there is no way they were going to pay that for getting rid of such small annoyance.

The next day I got curious, researched this a little more and found out that there were many “trusted“ companies (I mean trusted in the sense that IE and most browsers already trust the ssl cert authority) that sell SSL certs for less than $30/yr. So, I asked my client if the “convinience” of not having to click on the security warning box was worth $30 and they said yes. So, I ran the SSL cert wizard on the SBS box to issue the CSR, then I went to and got a Turbo 128-bit SSL Cert in about 10-15 minutes. The browser (and more importantly my client) was happy.

This reinforced my beliefs on a couple of things…

1) This is not something I would normally do… but for $30 is not a bad deal.

2) Verisign overcharges for pretty much everything… I don’t know how people keep doing business with them. Who cares where the cert comes from (i.e. normal people don’t check who’s the issuing authority)?

3) Anyone can get an SSL cert. The “verification” process was a joke (just a reply to an email sent to the domain owner). While I really don’t care for SBS, some people think that just because there is a “secure” icon on the browser the transaction is really secure.

That’s all for now… 🙂


Site to Site VPN while keeping ISA in the Mix

If you have a remote office or a branch it might be a good idea to have those users connected to your primary office permanently. You could even have an additional domain controller on the remote site or even make the users login via a Terminal Server on your primary location. To connect the two locations together you have a couple of options:


  1. Connect each computer individually using PPTP VPN to the SBS box directly.
  2. Use a PPTP VPN-capable router on the remote site and establish the VPN directly to the SBS box.
  3. Use 2 VPN routers (IPSec) to establish a site to site VPN.

Option #3 is fairly common. However, this method presents a problem when you want to keep using ISA. You cannot put the router in front of ISA anymore because you will terminate the VPN tunnel there and your users will not be able to access the resources in the LAN. So, what can you do? Well, there are a couple of ways to go around this problem… I will discuss one way:


You will need two VPN-capable routers (and know how to create a “normal” tunnel between them) and two public IPs on the site where ISA is located.


Your setup should look like this:


Basically, what you need is to give ISA and the VPN router in the main office 2 distinct public IPs and put them parallel to each other. Then turn off the DHCP on the VPN router on the main office and make sure is on the same subnet as the internal LAN and connect it to the same switch as the SBS internal NIC. Configure the VPN link between the 2 sites as you would in a “normal” situation and make sure your VPN router is blocking all incoming traffic. As with any VPN the remote LAN must be on a different subnet.


Now, the last step would be to tell the local LAN how to find the remote one (since SBS is the default gateway the computers will try to use that one instead of the VPN router). To correct this we must create a static route on the server… so go and run the following command on the SBS box “route add -p mask” and you should be good to go.


There could be other variations in this scheme, but if you understand the steps involved here then its easy to modify this to do whatever you want.

Free TS CALs for SBSers

This is awesome! Get free 5 TS CALs if you buy SBS2k3 + Win2k/2k3. But, you have to hurry because it is only valid from November 1st, 2004 to February 28th, 2005. Order them here:

I just learned about this when Gavin blogged it today (read the whole article). I’m not sure how this slipped under my radar. Kudos to Gavin!

New Info: Apparently this offer is only valid in Canada. I’m waiting for confirmation, but it appears to be that way. 🙁

How to Install Peachtree Classic v11 on Windows XP

This has nothing to do with SBS… so, you can probably stop reading now.

I’m avid user of Peachtree (although my “area of expertise“ are the Classic and 2000 versions). I used to spend a lot of time (and still do) on and PeachtreeForums. If I had a cent for each time I have answered this question I would have enough to buy a coffee J. So, I decided to post it here for future reference (I apologize for going Off Topic).

Little Know Fact: I “met” Chad Gross long before either one of us became SBS MVPs on the Peachtree newsgroup. In fact, he was the one who introduced me to the SBS2000 newsgroup. It’s a very small (virtual) world!!!

Install Peachtree Classic

– Use the setup disks and install it. Since I hate to use floppies… for future installations it might be a good idea to install it on a workstation and copy the content of the C:\PCA directory to a CD then create a .bat file that copies the entire content back to the PC. This way you have created your own PCA v11 CD.

Create the Shortcut

– Right click on a empty space on the desktop and select New -> Shorcut

– A wizard should appear and in the “Location of the item” put: C:\PCA\PCA.BAT and click Next (do not use NETPEACH.EXE). Type a name for the shorcut and click Finish.

– Right Click the newly created shorcut and select properties. On the Options tab and select Full Screen in Display Options. Go to the Layout tab and put the following settings:

Screen Buffer Size and Window Size
Width: 80
Height: 25

– Click “OK”… that should do the trick.

Note: Peachtree v11 cannot run on Windowed mode on XP/2000 (it becomes painfully slow). That;s why we have to do this.

Set the Enviromental Variables

– Right-click My Computer and select properties. Go to the Advanced Tab and click on Enviromental Variables.

– On “System Variables” press New and put “Overlay_Heap“ as the variable name and “1“ as the value. Repeat this step with “PC3ID“ as the variable name and “CO“ as the value.

– Open C:\Windows\System32\Config.NT with Notepad and add/modify so it says “Files =100“.

That should do the trick! Reboot the PC just in case.

How to add a Mac OS X to an SBS domain


First of all, I would like to apologize for lack of blog posts recently, things are a little hectic around here and I also have a big (relative terms) SBS rollout in December.

Although, I’m not a Mac person myself many SBSers in the newsgroups have asked numerous times how to integrate them to the SBS lan. Fortunately, the great people behind MS listened and the SBS documentation team blog just released a preliminary document on “Connecting Mac OS X 10.3 and Higher Clients to a Windows Small Business Server 2003 Network“. It looks pretty good to me… kudos to the doc team on getting this out!

Tip-> Remember that if you plan to install Macs in your SBS domain and you haven’t installed SBS yet do not use .local for your AD domain name. Instead use .lan, .smb or .whatever. It will make your life easier.

Oh… Happy Thanksgiving everyone!