Confuguring Incoming Email in SharePoint2010 with Exchange Step by Step Guide

Today we continue down our journey in setting up our SharePoint 2010 farm, with the focus on configuring incoming email for SharePoint 2010.  When SharePoint 2007 was released, there was a lot of discussion and rumors around Exchange 2007 being the last version of Exchange to provide Public Folder support, and that SharePoint 2007 was going to be it’s alternative. Microsoft quickly changed its stance and continues to support Public folders in Exchange 2010.  However, there still might be a number of compelling reasons why you would want to consider storing incoming email messages in SharePoint 2010 document libraries, instead of public folders.  You can read more about the benefits of using email-enabled SharePoint libraries in one of my article’s here.

In today’s post, I will provide you with a comprehensive step by step guide in configuring your SharePoint 2010 server in conjunction with Exchange 2010, to provide successful delivery of incoming email directly to your SharePoint Web Applications.

The environment

This article builds on the SharePoint Farm setup that I have documented here. It consists of the following servers which would form a common basis in most large organizations.

• Windows 2008 R2 server running Active Directory Domain Services
• Windows 2008 R2 server running SQL 2008 R2
• Windows 2008 R2 server running SharePoint 2010 RTM
• Windows 2008 R2 server running Exchange 2010 RTM
• Windows 7 client running Office 2010 RTM

The SMTP service

SharePoint 2010 is reliant on the SMTP service which is a Windows 2008 feature and we must install this on our SharePoint 2010 front-end web server.

Navigate to your Start Menu / Administrative Tools / Server Manager.  Click on the Features node and select Add Feature.  Scroll down and select SMTP Server and click on Add Required Role Services.

Click Next, Next and Install.

Click Close

We now need to install the II 6.0 Management Tools on our Windows 2008 R2 server in order to configure our SMTP service.  If IIS 6.0 Manager is not already installed you must do so via, Start / Administrative Tools / Server Manager.  Click on the Roles node and select Role / Add Role Services.  Then select Management Tools and IIS 6 Management compatibility.  Click Install.

We can now launch the IIS 6 Manager via Start / Administrative Tools.

Right click on SMTP Virtual Server #1 and select properties.

Under the General tab, I have enabled logging and encourage doing so at the start in the event we need to do some troubleshooting.  You can turn logging off after successful testing.

Click on the next tab, “Access”.

Click on “Authentication” and ensure that Anonymous access is selected.

Next, click on “Connection” and ensure “All except the list below” is selected.

Finally, click on “Relay”, and ensure that “Only the list below” is selected and that “Allow all computers which successfully authenticate to relay, regardless of the list above” is also checked.

Now click on the Messages Tab and make any necessary adjustments that you see fit, such as potentially increasing the message size to allow for the delivery of larger emails with attachments into your SharePoint Libraries and Lists.

Next click on the Delivery Tab in which I normally leave all the defaults in place.

We can skip the LDAP routing tab as there are no settings required to be configured in this area.

Lastly, the Security tab should list the default permissions as per the below.  No changes are necessary in this area.

We next journey into the “Domains” are within IIS 6 Manager and a domain name should be listed, which by default is the fully qualified domain name of the machine.

Right click on the Domain Name and select properties and take note of the Drop directory.

Finally, we now just need to confirm that our SMTP service is set to start automatically in the event the server is restarted.  I can tell you now that the service is by default set to Manual.

Venture into Start / Administrative Tools / Services.

Scroll down your list of services and ensure that the Simple Mail Transfer Protocol (SMTP) is set to Start-up type, Automatic.

We have now completed the configuration of our SMTP service on our SharePoint Server.

Exchange 2007/2010 Connectors

Part two of the implementation of configuring incoming email in SharePoint is to configure our connectors in Microsoft Exchange.  Now even though this is not a requirement, most organisations running SharePoint 2010 or 2007 will also be running a recent version of Microsoft Exchange, hopefully either 2007 or 2010.  Exchange 2010 or 2007 will provide you with that extra layer of protection ensuring that all the necessary message hygiene has been performed via its inbuilt Anti Spam Agents on the Edge or Hub Transport Server in conjunction with some form of email antivirus such as Microsoft’s Forefront for Exchange, before the message is delivered to the SharePoint 2010 List or Library.

My instructions and screen captures below are from an Exchange 2010 server which are pretty much identical and applicable to Exchange 2007.

Let’s begin by launching the Exchange Management Console / Organization Configuration / Hub Transport.

Click on Send Connectors / Actions / New Send Connector.

Type in a descriptive name for your Send Connector and then select Internal as the type.

Click Add and enter the Address space as the fully qualified domain name of the server where the SMTP service is installed (i.e. your SharePoint Server)

Click Next

Enter the IP address of the server which also hosts the SMTP service.

Click Next

Select “None” as your smart host authentication settings

Click Next

Ensure your Hub Transport Server has been added.

Click Next

Click New and then click Finish

The end result will be that the Send connector will route email to the SMTP service sitting on our SharePoint Server.

The Directory Management Service

SharePoint 2010 allows you to leverage Active Directory Domain Services (AD DS) so that contacts that are created when you email enable document libraries or lists are stored in a designated Organizational Unit within your AD DS infrastructure.  So why would you want to enable Directory Management Service?  Purely for the fact that by storing these contacts in AD, you are allowing your users to locate email enabled libraries and lists easily from within their Outlook Address book.

Let’s begin by creating an Organizational Unit in Active Directory.

From your Active Directory server, click Start / Administrative Tools / Active Directory Users and Computers.

Right click on your domain object and select New / Organizational Unit

Type in a descriptive name

Click Ok.

The next step is imperative and very important that we get this right.  I have seen on many occasions where incorrect permissions were applied and all sorts of problems were encountered when libraries or list were email enabled.

In summary, we need to provide our Central Administration Application pool identity account specific permissions to our recently created Organizational Unit to be used for creating and deleting contacts for our SharePoint 2010 libraries and lists when they are either email enabled or email disabled.

Right click on the recently created Organizational Unit and click on Delegate Control.  This will invoke the Delegation of Control Wizard.

Click Next.

We will now add the Central Administration application pool account which you can confirm from IIS Manager as per the below screen capture.

Add the necessary Account.

Click Next.

Click Create a custom task to delegate.

Click Next

Click “This folder, existing objects in this folder, and creation of new objects in this folder’.

Click Next

Click on Create All Child Objects and Delete All Child Objects.

Click Finish.

Before we finish off our configuration of AD DS and the Directory Management Service we need to provide our Central Administration application pool account with Delete Subtree permissions.

We need to ensure that “Advanced Features” from within Active Directory Users and Computers (ADUC) is active before we venture into the security tab of our SharePoint organizational unit.  If you do not enable Advanced Features, the security tab will not be visible.

From within ADUC, click on View and select Advanced Features.

Right click on our SharePoint 2010 Organizational Unit and select Properties.

Click on the Security Tab / Advanced /and Edit the CA Application Pool Identity Account.

Select Allow for “Delete Subtree”

Click on OK and Apply.

After assigning these permissions, you must run IISRESET on your SharePoint server.

Configuring Incoming e-mail settings in Central Administration

Navigate to Central Administration / System Settings / Configure incoming e-mail settings.

Select Yes to “Enable site on this server to receive e-mail”

Select “Automatic” for Setting mode.

Select “Yes” to use the SharePoint Directory Management Service to create distributions groups and contacts.

Enter your Active Directory container details, i.e. the Organizational Unit container that we created specifically for our SharePoint 2010 contacts.

Ensure that your SMTP server details are correct, this should be the fully qualified domain name of your SMTP service that was installed on your SharePoint Server.

Finally, ensure “Accept mail from all e-mail servers” is selected.

Click OK.

Please note that this process will configure the necessary permissions on the email drop folder listed in IIS 6 Manager.  In summary, the following permissions are added;

WSS_Admin_WPG – Full Control and

WSS_WPG – Read & Execute / List folder Contents / Read

Ensure that these accounts are added successfully and on the rare occasion in which it isn’t, you will need to add them manually.

Testing the configuration

From within any document library or list, click on Library / Library Settings.

Click on Incoming e-mail settings.

Select “Yes” to allow this document library to receive e-mail.

Select your email attachment options and ensure that Save original e-mail is set to Yes.

Lastly, ensure that you Accept e-mail messages from any sender is selected.

Click OK.

This is your first step to ensure that all of the above configuration is in place.  If you do receive an error, it’s most likely going to be permissions related against your Organizational Unit, i.e. SharePoint may not have the privilege to add the contact in Active Directory.

Let’s navigate back to ADUC and confirm that our “testing” contact is created under the SharePoint 2010 Contacts Organizational Unit.

Let’s next navigate to our Exchange 2010 server and ensure it is also listed there with an SMTP address against it.

Launch your Microsoft Exchange Management console and navigate to Recipient Configuration / Mail contact.

Right click on the Contact and select Properties / E-Mail Addresses.

Ensure that both an internal and external routable email address is listed.

From your favorite email client, send a test email to the document libraries’ external SMTP address.

Navigate to your recently email enabled document library and hopefully after a couple of minutes (SharePoint Job timer service delay) you should have received your test email.

Well! That’s all that is to it, from start to finish.  Apart from sending a test email, there are a couple of other scenarios that you should test to ensure complete seamless integration with the SharePoint 2010 Directory Management Service.  Within the same document library, modify the email address to something different and ensure that this change also flows through to Active Directory. You should also try disabling incoming email from that same library and ensure that the contact is completely removed from Active Directory.  If you pass all of these tests scenarios, then we are comfortable in knowing that the correct delegation was provided to our Central Administration Pool Account against our SharePoint Contacts Organizational Unit.

I hope you have found this step by step guide in configuring incoming email in SharePoint 2010 with Exchange useful, so stay tuned as we continue our journey in configuring our SharePoint 2010 Farm.

http://sharepointgeorge.com/2010/configuring-incoming-email-sharepoint-2010/

programmatically Open and save documents in document library SharePoint

programmatically Open and save documents in document library SharePoint

http://mysharepointwork.blogspot.com/2010/06/programmatically-open-and-save.html

The example below has two functions, one for opening and one for saving a specific document in a document library.
This code requires the Open XMl SDK, so you will need to download and install it and reference its assembly. 
In addition, you need to add a reference to the WindowsBase assembly and the Microsoft.SharePoint assembly.

OpenXMLSDKv2.msi

http://download.microsoft.com/download/2/7/F/27FF6744-D970-4FFB-90B8-5226B2B8

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using Microsoft.SharePoint;

using System.IO;

using System.Threading;

\\Add Reference

\\C:\Program Files (x86)\Open XML SDK\V2.0\lib\DocumentFormat.OpenXml.dll

using DocumentFormat.OpenXml.Packaging;

using DocumentFormat.OpenXml.Wordprocessing;

  using (SPSite spSite = new SPSite("http://igrid102:1974"))

                {

                    //Get the document from the library using SPQuery

                    SPList list = spSite.RootWeb.Lists["Shared Documents"];

                    SPQuery query = new SPQuery();

                    query.ViewFields = "<FieldRef Name='FileLeafRef' />";

                    query.Query = "<Where><Eq><FieldRef Name='FileLeafRef' /><Value Type='Text'>MyDoc.docx</Value></Eq></Where>";

                    SPListItemCollection collection = list.GetItems(query);

                    //Get the first document returned. There should be one only.

                    SPFile file = collection[0].File;

                    byte[] byteArray = file.OpenBinary();

                    using (MemoryStream memStr = new MemoryStream())

                    {

                        memStr.Write(byteArray, 0, byteArray.Length);

The type ‘System.IO.Packaging.Package’ is defined in an assembly that is not referenced. You must add a reference to   assembly ‘WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35′

                        using (WordprocessingDocument wordDoc = WordprocessingDocument.Open(memStr, true))

                        {

                            //Getting the document object

                            Document document = wordDoc.MainDocumentPart.Document;

                            // Read first paragraph

                            Paragraph firstParagraph = document.Body.Elements<Paragraph>().FirstOrDefault();

                            // Now lets append our own paragraph, if document already has text

                            if (firstParagraph != null)

                            {

                                Paragraph testParagraph = new Paragraph(

                                new Run(new Text("We are Adding this text for Testing!")));

                                firstParagraph.Parent.InsertBefore(testParagraph,

                                firstParagraph);

                            }

                            //After your done. Lets just save it back. Call the SaveDoc method

                           obj.SavingDoc(file, memStr);

                        }

                   

                    }

                }

               private void SavingDoc(SPFile file, MemoryStream memStr)

                {

                string linkFileName = string.Empty;

                linkFileName = file.Item["LinkFilename"].ToString();

                file.ParentFolder.Files.Add(linkFileName, memStr, true);

                }

Programmatically Create and upload document in Sharepoint 2010 document library

OpenXMLSDKv2.msi

http://download.microsoft.com/download/2/7/F/27FF6744-D970-4FFB-90B8-5226B2B8


Install this file.

\\Add Reference

\\C:\Program Files (x86)\Open XML SDK\V2.0\lib\DocumentFormat.OpenXml.dll

The type ‘System.IO.Packaging.Package’ is defined in an assembly that is not referenced. You must add a reference to   assembly ‘WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35′

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.SharePoint;
using System.IO;
using System.Threading;
using DocumentFormat.OpenXml.Packaging;
using DocumentFormat.OpenXml.Wordprocessing;
using DocumentFormat.OpenXml;



public void CreateDocument(string docName)
        {
            using (MemoryStream memStream = new MemoryStream())
            {
                // Create a Wordprocessing document.
                using (WordprocessingDocument doc = WordprocessingDocument.Create(memStream, WordprocessingDocumentType.Document))
                {
                    // Add a new main document part.
                    doc.AddMainDocumentPart();
                    // Create the Document DOM.
                    doc.MainDocumentPart.Document = new Document(new Body(new Paragraph(new Run(new Text("Its a new Document!")))));
                    // Save changes to the main document part.
                    doc.MainDocumentPart.Document.Save();
                    //Adding Document to SharePoint
                    AddToSharePoint(memStream, docName);
                }
            }
        }
        protected void AddToSharePoint(MemoryStream memStream, string fileName)
        {
            using (SPSite spSite = new SPSite("http://igrid102:1974"))
            {
                //Get the document library object
                SPList docLib = spSite.RootWeb.Lists["Shared Documents"];
                SPFile file = docLib.RootFolder.Files.Add(fileName, memStream, true);
                file.Update();
            }
        }

Use PowerShell to Manage Lists, Views, and Items in SharePoint

http://blogs.technet.com/b/heyscriptingguy/archive/2010/09/22/use-powershell-to-manage-lists-views-and-items-in-sharepoint.aspx

Create SharePoint List View Programmatically

http://sarangasl.blogspot.com/2009/12/create-sharepoint-list-view.html

Export & Import List and Library in SharePoint2010

Export-SPWeb -Identity <SiteURL> -Path D:\\backup\backup1.cmp -ItemUrl “/Lists/Tasks/”

Export-SPWeb -Identity <SiteURL> -Path D:\\backup\backupResume.cmp -ItemUrl “/Resume%20Doc/”

Import-SPWeb -Identity <SiteURL> -Path "d:\\backup\backup1.cmp"

NTLM vs Kerberous

SharePoint 2010: Configure Kerberos Authentication

SharePoint 2010 supports two authentication mode: Classic mode and Claims based. Today I’m going to explain how to configure Kerberos authentication for an web application with classic mode Authentication. I’ll try to explain how to configure Kerberos for an web application with Claims based authentication later.

Step 1:  Create/Configure Web Application

In this step you need to create an web application with required configurations. However, you can convert an existing web application to use Kerberos authentication if the web application app pool user is a domain user. But as mentioned already, the configuration explained in this post applies for an web application with Classic Mode Authentication.

Create a new web application

In creating new web application for using Kerberos Authentication you need to consider the following options:

• Use classic mode Authentication as shown below (You can use Claims Based Authentication but then the steps described in this post might not work. For Claims Based Authentication you need different sets of configuration):
  
  
  Figure 1: Create site with ‘Classic Mode Authentication’
  
• Use Negotiate (Kerberos) as Authentication Provider in ‘Create Web Application’ page as shown below:
  
  
  Figure 2: Create site with Negotiate (Kerberos) Authentication provider selected. 
• Use domain username for app-pool account. Don’t use Predefined (like Network Service, Local System etc) user account. This is important to use domain user name as you will configure Kerberos against this app-pool username.
  
  
  Figure 3: User domain user name for App-pool account.
  
• One recommendation. Make the site url to be Fully Qualified Domain Name. For example, my server name was sohel-server and domain name was sohel.com. I’ve modified my full site name from default http://sohel-server:5000 to http://sohel-server.sohel.com:5000. This will help you identifying if the Only Kerberos is used for authentication instead of NTLM. 

Configure an existing web application
If you have an existing web application that you want to move to Kerberos from NTLM you need to make sure your site meets the following criterion:

• The web application uses a domain user in application pool account instead of predefined account like Network Service, Local System. If your web application doesn’t use domain user then you can create a new web application with domain user name as application pool account. Changing the application pool account might make your web application malfunctioning.
• If you existing web application uses Classic Mode Authentication then configuration in this post should work. However, if you are using Claims based Authentication then you need to configure Security Token Service (STS) which in not mentioned in this post. If you are using Classic Mode, then you can continue this post as this post describes Kerberos for an web application with Classic Mode Authentication.

If you meet the above mentioned criterion, then you can change the authentication of the site to Kerberos. To change the Authentication Provider to Kerberos, navigate to Central Admin site then click “Application Management” => Manage Web Applications => Select your web application => Click Authentication Provider from ribbon button as shown below:

Figure 4: Change Authentication Provider 
In the Authentication provider windows click on the zone you want to configure the Kerberos Authentication. Then you will be shown ‘Edit Authentication’ window. If your web application is using NTLM you can change the Authentication to Kerberos as shown below:


Figure 5: Change NTLM to Kerberos 
When you change the authentication type from NTLM to Kerberos you will be prompted with message saying “” as shown below. You don’t need to worry, we’ll configure other settings to use Kerberos. So just click ok button when the message appears and then save the settings.

Figure 6: Warning appears during Authentication changes from NTLM to Kerberos

Step 2: Configure Service Principal Name (SPN) in Active Directory

So your web application is configured for Kerberos Authentication but you need to configure Service Principal Name (SPN). Simply SPN is an unique identifier for each service (HTTP, SQL, AD etc) running in the server. An SPN is a combination of service name, host name and port name. The original format for SPN is
<Service Name>/<DNS Host>:Port
To know more about SPN, you can follow the link: http://technet.microsoft.com/en-us/library/cc961723.aspx. For our web application we need to create SPN. The SPN format for our web application is as shown below:

• HTTP/<DNS Host Name>:Port
• HTTP/<DNS FQDN>:Port

In my case the SPN are:

• HTTP/sohel-server:5000
• HTTP/sohel-server.sohel.com/5000

However, if you are using any port other than 80, you need to add four SPNs (two for 80 port and two for your non-80 web application port). Whether you use Kerberos for 80 port, you need to add SPNs for default port. So though I’m configuring Kerberos for HTTP port 5000, I need to configure Kerberos for 80 port also. The following SPNs are need to configured for my example.

• HTTP/sohel-server
• HTTP/sohel-server.sohel.com
• HTTP/sohel-server:5000
• HTTP/sohel-server.sohel.com:5000

How to set SPN?

1. Make sure you installed ‘Active Directory Lightweight Directory Services’ from Server Role to get the ADSI Edit UI for editing SPN values. You can add the  ‘Active Directory Lightweight Directory Services’ from Server Manager => Add Roles  as shown below:
   
   
   Figure 7: Install ‘Active Directory Lightweight Directory Services’ from ‘Add Server Role’
   
2. To setup SPN, Run the command “adsiedit.msc” in either command prompt or from Run. You will get the ADSI Edit window.
3. In ADSI Edit window, expand the ‘Default naming context’ and expand CN=Users and find the user you used for application pool in web application.
4. Right click on the user entry CN=UserName and select properties window. Then find the property ‘servicePrincipalName’ and click edit as shown below:
   
   
   Figure 8: Set SPN through servicePrincipalName
   
5. Finally add the SPNs in the edit window as shown below:
   
   
   Figure 9: Add SPN values as value of attribute ‘servicePrincipalName’.
   
6. Press OK and then apply to close the dialog.

 

Step 3: Enable delegation

In some cases you may need to enable delegation of credentials. To enable delegation, open the Active Directory users and Computers from ‘Administrative Tools’ menu. Find the user used in Application pool under ‘Users’ node. Right click on the user and click Properties to get the properties window. Then in the properties window go to ‘Delegation’ tab and select ‘Trust this user for…’ as shown below:

Figure 10: Enable delegation

 

Step 4: Configure Internet Explorer

Finally you need to configure Internet Explorer (IE) to use current windows user to access the SharePoint site.

1. Go to Tool => Internet Options. Then select ‘Local Intranet’ and click Sites as shown below:
   
   
   Figure 11: Setup IE for adding the SharePoint site to local Intranet
   
2. After ‘Local Intranet’ dialog select ‘Advanced’ and then you’ll find the way to add sites to local intranet. Add ‘*.yourdomain’ in the local intranet zone as shown below:
   
   Figure 12: Adding my domain (sohel.com) to local intranet.
   
3. Now close the Internet Options dialog. Then open the ‘Internet Options’ dialog from Tools => Internet Options. Then go to Security tab and select ‘Local Intranet’ and select ‘Custom Level’. Then At the end of the ‘Security settings’ window, select ‘Automatic login only in Intranet zone’ as shown below:
   
   Figure 13: Enable automatic login for Intranet zone

Conclusion

Configuring Kerberos authentication may depends on many factors. So I can’t guarantee than each and every steps described here will work for everybody. But the overall sets of configurations are same. You need to configure SharePoint site, You need to configure SPN, You need to enable delegation (if required), you n need to configure Internet Explorer.  You can get elaborate description of configuring Kerberos Authentication with SharePoint 2010 from the link:http://www.microsoft.com/download/en/details.aspx?id=23176.