BackOffice Server 4.5 aka how to get the best of 1990’s Microsoft Server Tech!

Stylized logo!

Every so often, I’ll get either emails or messages from various people wanting to run their own exchange server setup in a similar method that I have setup, except that they are lacking either Windows NT Server discs, or even the Exchange server disc.  I always end up pointing people to eBay, although contrary to the last few years, prices of old Exchange Server have gotten expensive.  However there is a different SKU, and way to get them both, plus a lot more, enter the late 1990’s server craze of product consolidation, Microsoft Back office.

Back Office media kit

In all version 4.5 comes on 7 CD’s containing:

  • Windows NT Server 4.0/IE 5.0/MMC 1.0
  • SQL Server 7.0
  • Proxy Server 2.0/Option Pack
  • Exchange Server 5.5
  • Site Server 1.0
  • Systems Management Server 2.0
  • SNA Server 4.0

Before server virtualization took off, the trend for small branch offices and small organizations was to get a single server and try to run everything all at once.  Of course this leads to an incredible amount of inter-tangled dependencies, and possible collisions when involving 3rd party software, along with possible performance issues for stacking so much onto one box.  How times have changed!  Where today we may run all the same services on a single physical box, however with each server component getting its own VM, it lends to far better stability as you don’t have so many applications with possible DLL/system versioning issues, and better resource management as you can easily prioritize VM’s or even suspended ones that are infrequently needed.  Having lived through it, there was nothing like having a needed service pack for one issue on one component, which then broke something else.  Needless to say this is why we have virtualization, and things like docker to deal with DLL hell.

CD’s

There is no real difference between these Back office versions of the server apps, which is why I would recommend this over a standalone package as you get so much more.

SMTP along with POP and IMAP, are largely unchanged.  While Outlook 2016 may not support Exchange 5.5 directly, you can configure it as an IMAP server, and connect just fine.  I’d highly recommend something like stunnel to wrap it with modern encryption, something that Windows NT 4.0 is lacking.  Combined with an external relay to do “modern” features like DKIM, spam filtering and obscuring your server’s direct connection on the internet, there is nothing wrong with using it as a backed, even in 2017.

SQL 7 is the first version in the “rewrite” of Sybase SQL, supporting the new client libraries, which .Net 4.5 on Windows 10 can still happily connect to, unlike SQL 6.5 and below.  I use it occasionally to quickly prototype stuff as needed or load up datasets to transform them.  I also like the SQL scheduler to do jobs in steps, as it can catch error codes, and you can setup elaborate processes.

I can’t imagine having a use for SNA Server anymore as IBM had shifted all their mainframes from SNA, to TCP/IP.  I would imagine with a current software contract that is what people would be using, but somehow I’d like to imagine some large organization still using 3270’s on people’s desks, and a SNA gateway to bring sessions to people’s desks.  But that is highly unlikely.  Back in the day COM/TI was a big deal to take COBOL transactions and package them up as Microsoft COM objects to later be called either directly, or middleware via DCOM.  Although who knows, when it comes to legacy stuff, Im sure somewhere has type 1 token ring MAU’s, and SDLC links.

Packages like Back Office is what basically pushed out Novel from the market as they didn’t develop their own solutions in time, and deploying server software to Novel Netware proved to not only be very precarious, but along with it’s single application process space, proved to be extremely unreliable.  Not to mention that older protocol companies like DEC, IBM or Novel were entrenched in their own proprietary network stacks, and TCP/IP was frequently seen as something to be purchased separately both for the OS, and the application.  Microsoft certainly did the right thing by having a free TCP/IP for Windows for Workgroups, and including it in Windows NT, and Windows 95.

As always the option Pack for Windows NT 4.0 nearly brings it up to the functional level of Windows 2000, and is a great way to build that virtual corporation for testing.

 

So Microsoft still has the MacOS Outlook for download

I was kind of surprised.  Even more so that I could get it working to my Exchange 5.5 server.

outlook on macos 8

Outlook on MacOS 8.0

Unless you have AppleTalk enabled on your server, you’ll need to setup your TCP/IP, and that also means you have to be able to resovle the exchange server by name.

If you want to use a hosts file, be sure to set the user mode to advanced in the control panel, and then setup a hosts file in the special format that looks more like a DNS zone record.

exchange.superglobalmegacorp.com A 172.18.8.50
exchange CNAME exchange.superglobalmegacorp.com
bbs CNAME bbs.superglobalmegacorp.com

Then save it somewhere like System/Control panels, point the TCP/IP panel to it, and that should do it.

For anyone who wants to try to connect to their Exchange server, you can find the client here, on their ancient ftp server.  And I suppose you could also try the one from Exchange 4.0SP2, but I didn’t bother, since this one is so new, like 1999!

 

Exchange 5.5 OWA vs Outlook 2003

ASP 0115

ASP 0115

error ‘ASP 0115’

Unexpected error

/exchange/USA/root.asp

A trappable error occurred in an external object. The script cannot continue running.

So, call me crazy, but I’ve been running an Exchange 5.5 server a home for a while without issues.  It’s perfect for a single user, I can keep up to 16GB worth of email on there, and best of all I can use real email clients like Outlook (or is it LookOut!?).  Anyways I noticed something weird which is that Outlook 2003 always is unsure if the server is there, and I have to tell it that it’s OK to connect.  Also once the Outlook 2003 client connects, it kills OWA, giving me these weird ASP 0115 Unexpected errors.

googling around for a fix was a bit futile, and I’d largely written off OWA, as in this day & age, who really wants some ASP 3.0 app?  But for some reason, today was going to be the day to fix it, as I don’t have Outlook on my macbook air.

So with the Outlook 2003 clue in mind I finally found KB-818709, aka “Outlook Web Access stops responding when you try to access a mailbox on an Exchange 5.5 computer”.

As the cause states:

This problem occurs when you try to access a user account that was previously accessed by a client computer that is running Microsoft Office Outlook 2003.

Outlook 2003 adds a fourth entry to the PR_FREEBUSY_ENTRYIDS property. PR_FREEBUSY_ENTRYIDS is a multi-valued MAPI property that is stored on the Inbox folder. CDO expects three entries. The unexpected fourth entry causes heap corruption that causes OWA or the third-party program to stop responding.

Well how about that?

So with the hotfix in hand, and a reboot, it now works perfectly, like it did back in 1997.  And the best part is that it works great in Chrome.

And for anyone crazy like me with Exchange 5.5, remember to install SP4, and of course the KB829436 hotfix!

Running Microsoft Exchange from home.

Well thanks to my latest outage, I’ve gone back from having an Exchange server in the “cloud” (well really a server I rented), to a Virtual Server at home.

First my ‘plan’ is to get a VPS that I can run OpenVPN on.  From there I’m going to build a VM at home that will also run OpenVPN, and it will connect to the VPS.  I will then setup routing, so that the Exchange server can then communicate with the VPS’s internal interface, and the VPS can communicate directly with the exchange server.  I’ll then configure postfix to store & forward email to the Exchange server.  This way if the link drops, the VPS will just spool the mail.  Finally I’ll setup SpamAssasin to filter out the SPAM.

First you will need to have a tun0 interface in your VPS.  Almost everyone supports this these days so it shouldn’t be too hard… If you cannot get a tun0 interface, perhaps ppp0 with pptp..?

I followed these instructions on setting up OpenVPN on Debian 6.  Now granted, I’m using Debian 7, but the instructions are pretty much the same.  Basically you have to setup a CA (Certificate Authority), and then you generate a Server certificate, and a client certificate.  For my needs, I’m going to issue single certificates for everything(one) that connects into my VPN.  I also have a network at home that I want routed to the VPS, so this is included (192.168.0.0/24).

A simple server.conf looks like this:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
route 192.168.0.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

And a the client configuration I’m using is this:

client
dev tun
proto udp
remote MYHOST MYPORT
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert hong-kong-home.crt
key hong-kong-home.key
ns-cert-type server
comp-lzo
verb 3

In the directory /etc/openvpn/ccd on the server, I have to ensure that I have a file called ‘homefw’ which is the common name of the client certificate.  It has to contain the following line to ensure that my home network is routed to the VPS.

iroute 192.168.0.0 255.255.255.0

Don’t forget to turn on ip forwarding on both the VPS, and the local ‘tunnel router’.  For Linux based stuff you need to make sure that “/proc/sys/net/ipv4/ip_forward ” is a 1.  You can just do a simple “echo 1 > /proc/sys/net/ipv4/ip_forward ” in “/etc/rc.local” or go through your distributions networking documentation to make sure you set it up ‘correctly’.

In OpenBSD I just simply uncomment the following line from /etc/sysctl.conf

net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets

If you don’t have routing in place you’ll notice that you can only ping the tunnel interfaces, but not the IP’s on the LAN.  While this may be fine for a p2p or client setup it isn’t good enough if you want to route traffic.

I’m running VMWare ESXi 5 at home, and thankfully it does support Windows NT 4.0 Server out of the box.  I setup a Domain Controller running DNS & WINS.  The VMWare tools won’t work properly with some service pack (4 I think?) but I went all the way to 6, along with the rollup.  Until you load the service pack, the network adapter will *NOT* work.

I’m going with Exchange 5.5, so again I installed another NT 4.0 server, service packed it, and joined it with the domain controller.  Remember to install IIS, and the ASP update, as 5.5 OWA needs asp. Be sure to apply the latest service pack for Exchange, SP4 – in the case of Exchange 5.5 .

Now for routing I could go with dynamic routing, or static routing.  I chose static as I didn’t want to get too involved for this project, as I needed to get email flowing as quickly as possible.

route add 10.8.0.1 mask 255.255.255.255 192.168.0.49 -p

From Windows NT.

It is imperative no matter what version of Exchange you run, that you turn off the open relay “feature”.  A great step by step guide is available here on msexchange.org .

With the basic routing in place you should be able to talk to the Exchange servers’ SMTP engine.  You may want to setup either a local DNS and populate the VPS’s source address or put in some host entries for it.

# telnet 192.168.0.55 25
Trying 192.168.0.55…
Connected to 192.168.0.55.
Escape character is ‘^]’.
220 exchange.superglobalmegacorp.com ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready
HELO
250 OK

Now it would be insane to place an Exchange server directly onto the internet.  Plus when the VPN link is down, it’d be nice to have the VPS store email and forward it when it can.  So for this task I installed postfix.

For me the big changes in main.cf were:

mydestination = nodedeploy.superglobalmegacorp.com, localhost.superglobalmegacorp.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.8.0.0/24 192.168.0.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
relay_domains = superglobalmegacorp.com work.com
transport_maps = hash:/etc/postfix/transport
virtual_alias_domains = virtuallyfun.com
virtual_alias_maps = hash:/etc/postfix/virtual

This will permit my exchange server to relay out my VPS, and tell postfix that it’s OK to accept email for the various domains I have.

My transport database is very simple.  For the email accounts I’m using two domains, so I simply instruct postfix to forward emails destined to these domains to the exchange server

superglobalmegacorp.com smtp:192.168.0.55
work.com smtp:192.168.0.55

And for domains I couldn’t be bothered to create mailboxes for, instead I have their email setup to forward to an existing box using a virtual domain in the ‘virtual’ file.

abuse@virtuallyfun.com abuse@work.com
postmaster@virtuallyfun.com postmaster@work.com

Now due to the nature of postfix you need to generate database hashes for it to work, so my script to kick this off is:

postmap hash:/etc/postfix/transport
postmap /etc/postfix/virtual
newaliases
postfix reload

Which isn’t too involved once you get the bits in the right place.

Assuming you’ve got your MX records setup on the outside, with any luck you should start seeing some mail flow through.  If not telnet to port 25 and start talking to your mail server.

One problem I have is that superglobalmegacorp.com is an old domain, and it’s lapsed a few times to different idiots who not only added to the ridiculous spam lists I’m on, but also spammed from it as well.  So to deal with SPAM, I went ahead and installed spamassassin, as described in this page.

As mentioned adding the two lines to master.cf got it going

smtp inet n – – – – smtpd -o content_filter=spamassassin -o syslog_name=postfix/submission
spamassassin unix – n n – – pipe
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

And I did change the spamassasin local.cf

use_razor2 1
use_dcc 1
use_pyzor 1

As I do get a lot of spam.

I don’t think most people will care, but this is more so for me keeping my notes straight.  So yeah I run Exchange 5.5 at home (which I got on ebay for $25!) with Outlook 2003 on Windows XP x64.  It works well enough for me.