Exchange 2007/2010/2019 Integration
All versions of Exchange
Message Playback
The following must be set in Exchange for LDAP integration to be able to play back recorded messages from phones:
Set-TransportConfig -HeaderPromotionModeSetting MayCreate
Quote from Microsoft
With Exchange Server 2007 SP1 RU8 we disabled promotion of custom X-Headers to named properties when mail was submitted anonymously via SMTP. Only authenticated connections would work. With Exchange Server 2007 SP1 RU9 we disabled all named property promotion on messages submitted via SMTP, however Exchange Server 2007 SP2 introduced a new feature on the global TransportConfig object called HeaderPromotionModeSetting.
Impact
So what's the point of all this? Named properties are used for many thing, but a big impact for many is the use of named properties where POP and IMAP clients are concerned. Because Exchange Server 2007 does not keep the Mime for a message around, nor does it keep a full Mime Structure of the originally submitted messages, we will reconstruct the headers of a message when going through item (MAPI) to MIME conversion, IOW, when downloading a message via POP or IMAP.
If the X-Header on a message has never been promoted to a named property then it will not show up when RETRieving or FETCHing the message via POP or IMAP. Because the named property table is managed on a per database basis, once a named property has been promoted into a specific database it will always be provided to the POP/IMAP client.
Notes
Builds of asterisk 11, 12, 13 prior to 12 March 2015 were unable to play back messages, and could terminate when trying to playback messages, using a phone. This has now been fixed and exchange integration is once again good.
Exchange 2019
Microsoft have stopped an IMAP user being able to see any other user's mailbox. The workaround for this is to used Shared Mailboxes that the IMAP user can manage OR to directly login to each user mailbox with the user's name and password (not recommended).
Shared Mailboxes: Create user maibox to give the IMAP user a login e.g. user called AsteriskImapUser
# use the ecp or powershell
#Hide from address book
Get-Mailbox "AsteriskImapUser" | Set-Mailbox -HiddenFromAddressListsEnabled $true
Shared Mailboxes: Create one shared mailbox per user, and give the user(s) who own it, plus AsteriskImapUser full rights to it (when you create it)
Configure Exchange IMAP Services
## Note: If you do not want SSL, skip Enable-ExchangeCertificate, X509CertificateName options and put nossl into IMAP Flags
Enable-ExchangeCertificate -Thumbprint <<mycertificatethumb>> -Services POP,IMAP,IIS
Set-ImapSettings -ExternalConnectionSettings "mail.mydomain.net:993:SSL" -X509CertificateName mail.mydomain.net -LoginType PlainTextLogin -InternalConnectionSettings "mail.mydomain.net:993:SSL","mail.mydomain.net:143"
Set-TransportConfig -HeaderPromotionModeSetting MayCreate
Set-ImapSettings -EnableGSSAPIAndNTLMAuth $false
# Ensure IMAP services are stopped and restarted. Set the services to start automatically. Restart iis
Stop-Service MSExchangeIMAP4; Stop-Service MSExchangeIMAP4BE
Start-Service MSExchangeIMAP4; Start-Service MSExchangeIMAP4BE
Set-Service MSExchangeIMAP4 -StartupType Automatic; Set-Service MSExchangeIMAP4BE -StartupType Automatic
iisreset
# Test that IMAP is working
Test-ImapConnectivity -ClientAccessServer <<myserver>> -ConnectionType Plaintext -MailboxCredential (Get-Credential AsteriskImapUser)
Configure asterisk
In the user's extension, set the voicemail IMAP_User to the shared mailbox e.g. User1_Phone
The IMAP_Password should be left empty
In Settings Voicemail Admin:Settings:IMAP Storage set:
IMAP server address= your server
IMAP server port= 143
IMAP Auth User= AsteriskImapUser
IMAP Auth password= the password you gave theat user
IMAP Flags=notls
IMAP Folder=Inbox
Greetings Folder=Greetings
Geetings=Yes
NOT Shared Mailboxes (not recommended):
For each user in Settings:Voicemail Admin Account <<extension>>::Advanced Settings:IMAP Storage set the IMAP User and IMAP password to the username/ password used by the user to log in to windows (THIS IS NOT RECOMMENDED AND IS A MASSIVE SECURITY HOLE AS PASSWORDS ARE READABLE)
Warning - check the asterisk logs for IMAP errors. If Freepbx Reports:Asterisk Info hangs see my first comment (check the logs for IMAP errors)
Debugging - see asterisk logs, and on Exchange see Set-ImapSettings -ProtocolLogEnabled $true
If you see >SSL negotiation failed< in the asterisk logs, try IMAP Flags=notls
If you see >NO AUTHENTICATE failed< in the IMAP protocol logs, check that the Extension:VoiceMail:IMAP Username is the Shared Mailbox name and not the username, and that in Exchange ECP Shared Mailbox: Delegation grants the AsteriskImapUser Full Access
If you see authenticate >GSSAPI ... NO The AUTH protocol exchange was canceled by the client< in the IMAP protocol logs, on exchange run Set-ImapSettings -EnableGSSAPIAndNTLMAuth $false
If you are unable to log in to the IMAP mailbox e.g. using Test-ImapConnectivity and see SChannel Event ID 36874 in the System Event log you may have to change the logonAs for the Microsoft Exchange IMAP4 backend Service in Services.msc from 'Network Service' to 'Local System Account' IMAP connection failure - NO LOGIN failed - ProxyNotAuthenticated
FreePBX
By default freepbx is currently installed with the file based voicemail package.
To change to the IMAP voicemail option you need to uninstall the default voicemail, and install the imap voicemail as the voicemail is a single binary (of the same name) with different compile options for file/imap.
e.g. for asterisk 16
yum remove asterisk16-voicemail-16.6.2-1.sng7.x86_64
NOTE: WRITE down the dependencies that will be removed so you can re-install then !!!!
yum install asterisk16-voicemail-imapstorage.x86_64
NOTE: re-install the dependencies that you temporarily had to remove e.g. yum install asterisk16-res_digium_phone, yum install asterisk16-flite, yum install asterisk16
For exact package names for any asterisk version XX use: yum list | grep asteriskXX
Message Waiting Indication
To enable MWI (Message waiting indication), enter a semi-colon list of mailboxes in the form <extnum>@default
e.g. 101@default;102@default
where the message lamp will light if any of the specified mailboxes has unread mail