Outlook’s "Blocks Sender" functionality and Exchange’s IMF stop working after installing Forefront Protection for Exchange

Dear friends,

     May you face after installing Forefront Protection for Exchange, Outlook’s “Block Sender” does not work and Exchange’s IMF (Internet Message Filter) functionality fails to work as well.


The cause of that is by default when Forefront’s anti-spam agent deems a piece of mail as non-spam (clean) it sets the SCL rating of that specific message to 1. This has a negative effect on the Outlook “Block Sender” functionality, and Exchange’s IMF, because mail that receives a rating of SCL -1 will be exempt from Outlook’s Block Sender rule as well as Exchange’s IMF functionality.



The workaround is to edit the SCL value that Forefront Protection for Exchange applies to “clean messages”.

The following work around will change the Forefront Protection for Exchange SCL clean value to zero (0). This is done in Forefront’s Power Shell by creating a new extended option:
PS> New-FseExtendedOption –Name CFAllowBlockedSenders –Value true


PS> Get-FseExtendedOption –Name CFAllowBlockedSenders


This should return the following: CFAllowBlockedSenders   True

Now you can test your outlook after blocking someone what happen Smile


Time zone of SQL server Reporting services (SSRS) is inconsistent with the Time Zone of the Quality of Experience (QoE).

Hi Dears simply when you face the mentioned Issue as the following figure screen while trying to open your Lync Monitoring console, just follow the following steps to resolve this issue.



1- Go to your SQL server that own Lync DB to open the QoE DB stored procedures as the following.


2- Then select the dbo.RtcClearTimeZoneInfo


3- Now make a new query to run it as the following.


Now the issue should be resolved clip_image005


Note: this issue may happen also with lcsCDR DB and the resolution the same just select dbo.RtcClearTimeZoneInfo  from lcsCDR DB.

How to Configure Lync On-Premise for Federation to Lync Online

In this article I suppose that we finished the the Lync online external communication configuration, now we will go to touch on the Lync On-premise side.

As we know by default, Lync On-premise has three providers that Lync already provides federation with.


To add your Office 365 Lync Online, click the new hosting provider and add your Lync Online domain name as show in the screen below.


For those of lover use PowerShell, you can bypass the console and run the following command in the Lync Management shell:

New-CSHostingProvider -identity LyncOnline -ProxyFqdn sipfed.online.lync.com -Enabled $True

If you have used the PowerShell method, refresh the Lync On-Premise Control Panel. Which ever method you use to add the provider, you should now see your new hosting provider.


Configure the Lync On-Premises Domain
Your Lync Server 2010 On-Premises environment must contain at least one Enterprise Pool or Standard Edition server and at least one Edge server.

1. Purchase a UC Certificate from a publicly trusted Certification Authority, such as DigiCert or VeriSign, configured as the example follows:

  • Subject Name: sip.Your Domain.com
  • Subject Alternative Name(s): meet.Your Domain.com,dialin.Your Domain.com,webaccess.Your Domain.com,sip.Your Domain.com

2. Assign the new certificate to your Edge external interfaces, then restart services.

3. Create the required external DNS SRV and A records to support Lync On-Premises services with your DNS provider.
Type: SRV
Service: _sip
Protocol: _tls
Port: 443
Weight: 1
Priority: 100
TTL: 1 Hour
Name: Your Domain.com
Target: sip.Your Domain.com
Type: SRV
Service: _sipfederationtls
Protocol: _tcp
Port: 5061
Weight: 1
Priority: 100
TTL: 1 Hour
Name: Your Domain.com
Target: sip.Your Domain.com
Type: A (Host)
Name: sip.Domain.com
Target: < Access Edge External IP >
Type: A (Host)
Name: webaccess.Your Domain.com
Target: <Reverse Proxy External IP>