SharePoint 2010

How to configure Outgoing email in SharePoint with O365 – SMTP relay

How to configure Outgoing email in SharePoint with O365, SMTP relay.
You might have moved all your mail accounts to O365, but you still have that on-premises SharePoint server, that needs to send alerts or has some similar message functionality. Previously you had an Exchange server and used that as relay. Now you need to use O365, so how do you do that? Lets have a look at the prerequisites first and then I’ll show you how to put it all together to send messages, both internally and externally if required.

Prerequisites
– Service account in O365 with a mailbox; Used for authenticating SMTP request towards O365.
– Local SMTP server; Used for anonymous access to SharePoint SMTP.
– DNS record; Used as SMTP relay address internally.
– External IP address of local SMTP server; Used for SPF record registration.
– SPF record of mail domain; Used to validate the local SMTP server against public mail exchangers.
– Certificate that covers SMTP relay DNS address; This is used to provide required TLS encryption.
– Internal IP of SharePoint server(s); Used to allow the relay through local SMTP server.

SPF record
First thing to do is update your SPF record for your domain. This is done on your mail domains DNS settings and should be a text file.

SPF v=spf1 ip4: include:spf.protection.outlook.com ~all

Certificate
Install the matching certificate in the Personal store on the server.

Installation
If you do not have a local SMTP server already, you can install one using Roles and Features from within Windows Server.
To enable logging on the SMTP server, open IIS 6.0 Manager, expand your server and right click Properties. On the General tab; Check “Enable logging” and click Properties. Change log file directory to something different than your system drive.
On the Advanced Tab; Check the following Extended logging options:
Date (date), Time (time), Client IP Address (c-ip), Server Name (s-computername), Server IP Address (s-ip), Server Port (s-port), URI Query (cs-uri-query), Protocol Status (sc-status) and Protocol Substatus (sc-substatus).

Note: Take into consideration where you place the respective SMTP server folders. It is strongly recommended that you place them on a drive separate from the system drive.

IIS Configuration
Open IIS 6.0 Manager (which will be used to manage your SMTP server), expand your server and right click Properties on your SMTP Virtual Server.
On the access tab; under Secure communication it should state: “A TLS certificate is found with expiration date: “.
Click Authentication and verify that Anonymous access is enabled.
Click Relay, and select “Only the list below” and add the internal IP address of your SharePoint server(s). Leave the “Allow all computers which successfully authenticate to relay….” checked (this means that, all computers within the same domain may use this as a relay. IF you have infected machines, you want to disable this, or remove the infection).
Under the delivery tab; Click Outbound Security.
Check Basic authentication and type in your O365 service account information.
For example:

User name: svcRelayO365@contoso.com
Password: Ninja1234

Make sure TLS encryption is Checked and click Ok.
Click Outbound connections and change TCP port to 587 and click Ok.
Click Advanced, and type in the local DNS address of your internal relay and type in the SMART host smtp.office365.com and click Ok.
Example:

relay.contoso.com
smtp.office365.com

O365 Configuration
Login to portal.office365.com and navigate to Administration and Exchange.
In Office 365, click Admin, and then click Exchange to go to the Exchange Admin Center.
In the Exchange Admin Center, click Mail Flow, and click Connectors.
To add a new connector, click the + symbol and select From: “Your organization’s email server”, To: “Office 365” and click Next.
Choose the option “By verifying that the IP address of the sending server matches one of these IP addresses that belong to your organization”, and add the External IP address.
Leave all the other fields at their default values, and select Save.

SharePoint Configuration
Open Central Administation and click System Settings.
Click Configure outgoing e-mail settings.
Use the DNS name of your internal SMTP server as Outbound SMTP server and the From address should match that of your service account.

Testing & Troubleshooting
On your local SMTP server, create a file, called email.txt with the following content:

FROM:
TO:
SUBJECT: Test email
This is a test email sent from my SMTP server

Copy this file into the Pickup folder of your SMTP server. The server will process this and move it to the Queue folder and process it for delivery to O365.
If you do not receive an email at your personal email address within 5 minutes, something is wrong. Here is how to check.
Go to your log file directory, configured previously and have a look at the error codes provided there.
If they are “queued for delivery”, you move to the Office365 Portal and use the mailflow function and search for your mails. There they will be listed with a status indicating their state. The details of the Office365 mailflow log are comprehensive.

From SharePoint

 
$email = "test@test.com"
$subject = "Test subject"
$body = "Test body"
 
$site = New-Object Microsoft.SharePoint.SPSite "http://sharepoint"
$web = $site.OpenWeb()
[Microsoft.SharePoint.Utilities.SPUtility]::SendEmail($web,0,0,$email,$subject,$body)
 
// A True or False will confirm the message has been sent or not

References
https://technet.microsoft.com/en-us/library/dn554323%28v=exchg.150%29.aspx

http://jeffreypaarhuis.com/2013/02/12/send-test-email-from-sharepoint/

Advertisements

SharePoint Solution Design Specification

Finally got the last hands on the solution design I wanted to match up with the infrastructure design. I wasn’t to sure on this, as this is not an area I usually work with, but having used it two times it seems to hold proof. As with the Infrastructure design, remove any unused components.
This design takes a bit more work to fill out, as it needs to hold the descriptions on how the customer is intended to use the solution. Each service application comes out with a rich descriptions as well as the authentication model. Especially for those federated identity solutions.

I expect this design to be updated with more content, as I embrace more of the solution architecture. In order words, while not being as definitive as the infrastructure design, it should provide a good baseline for the solution design activities.

Feel free to use, give any credit you can 🙂

SharePoint Solution Design Specification (located on Google drive)

Adding Users/Groups – SharePoint – Powershell

A few times I’ve had to add users to specific SharePoint groups using powershell. I made the below script, which splits up each of the processes in the user creation and permission handling into transparent chunks. That way it’s easier to take what you need 🙂
The below users are external identity provider users, based on UPN. There is a domain users group being added also. The rest of the code should be self explanatory.

#Defines the site to work with
$URL= 'https://intranet.contoso.com/HR' 

#Gets the required web and site objects to work with
$Site= Get-SPSite $URL
$Web=$Site.RootWeb

#Creating Users
$JD=get-spweb $url | New-SPUser -UserAlias 'i:0e.t|Azure ACS|John.Doe@live.com'
$ON=get-spweb $url | New-SPUser -UserAlias 'i:0e.t|Azure ACS|Ola.Nordmann@live.com'
$AA=get-spweb $url | New-SPUser -UserAlias 'i:0e.t|Azure ACS|Anders.Andersen@gmail.com'
$MS=get-spweb $url | New-SPUser -UserAlias 'i:0e.t|Azure ACS|Medel.Svensson@contoso.com'

#Creating Groups
$DUContoso=get-spweb $url | New-SPUser -UserAlias 'c:0-.t|Azure ACS|Contoso\Domain Users'

#Get site default groups (using just "$web.Sitegroups" will show all of them.)
$HROwn=$web.SiteGroups["HR Owners"]
$HRMem=$web.SiteGroups["HR Members"]
$HRVis=$web.SiteGroups["HR Visitors"]

#Adding Users to groups
#Owners
$HROwn.AddUser($AA)
$HROwn.AddUser($MS)

#Members
$HRMem.AddUser($ON)

#Visitors
$HRVis.AddUser($DUContoso)

Web Server security – SSL/TLS

Following the recent attention from the Heartbleed vulnerability, it might be a good idea to have a look at your general SSL/TLS configuration. Being unable to write something more accurate I’ve only supplied to links which details out SSL/TLS versions and support on the different Windows O/S and a free SSL testing tool.
Which protocol is used depends on the server/client negotiated compatibility level. It will, by default use highest possible. – However exploiters will always use lowest possible 🙂

Support for SSL/TLS protocols on Windows
http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx

SSL Test tool
https://www.ssllabs.com/ssltest/

Warmup Script – SharePoint

Got tired of implementing huge warmup scripts, so decided to put together the simplest form. This will hit all site objects within the sharepoint farm.

the $ie.Visible = $true, should only be used in the development phase. It can be set to $false or completely omitted. With false or omitted, it will only spawn a process and not display the GUI of internet explorer.

add-pssnapin microsoft.sharepoint.powershell
$sites=get-spsite -Limit All
foreach ($site in $sites)
	{
	$ie = New-Object -ComObject "InternetExplorer.Application"
	$url = $site.url
	$ie.Navigate($url)
	$ie.Visible = $false
	#wait for page to load
	while ($ie.ReadyState -ne 4)
		{
		sleep -Milliseconds 100
		}
		$ie.Quit()
	}

Edit 27-July-2016: Changed from single site to all SP sites.

Crawling of Content Sources Paused – SharePoint Search – Resume Programatically

Some backup applications might cause your crawl to pause, or you might be running low on resources and they are paused. Either way, making sure they are resumed at some point is always nice. A few lines to make sure that all Paused content sources are Resumed.

#-- Get the Search Service Application
$searchapp = Get-SPEnterpriseSearchServiceApplication 'Search'

#-- Get the default content sources
$ContentSources = Get-SPEnterpriseSearchCrawlContentSource -SearchApplication $searchapp

#-- Resume Crawl on all content sources Paused
Foreach ($cs in $ContentSources){$cs.ResumeCrawl()}

There are a few other methods to call on the content source object, the link here is for reference.

http://msdn.microsoft.com/en-us/library/aa679491%28v=office.12%29.aspx

SharePoint Infrastructure

What is SharePoint Infrastructure

The question is valid and probably not many people would or could answer it appropriately.

In broad terms, SharePoint infrastructure is the composition of all those components that lie underneath your SharePoint web applications. That is; databases, user directories, web server sites and application pools, file shares, routing, switching, firewalls, ports, authentication mechanisms etc. It is also patching, monitoring and backup.

SharePoint Infrastructure (Location on Google Drive)