Sent Items Update
Since signatures/disclaimers are added to sent emails directly on Exchange Server, they are not visible in the Sent Items folders of the senders. To let you see signatures in the sent mail folders, CodeTwo Exchange Rules Pro is equipped with the Sent Items Update (SIU) feature that updates the sent messages, stamping them with signatures after they are processed by the program.
By default, the Sent Items Update service is disabled after a fresh installation and needs to be configured to start updating sent emails.
The Sent Items Update feature works as a separate Windows service that is installed together with the program. It accesses user mailboxes and updates them according to your rules (for example, adds signatures). The update process usually takes a few seconds.
The Sent Items Update service is accessing the mailbox of an original sender to update messages. Therefore, if a message is sent by a distribution group or any other object that does not have a mailbox, it cannot be updated.
The SIU service runs under the Local System account and works independently of other CodeTwo services, using Windows Communication Foundation (WCF) to communicate with them. Users' mailboxes are accessed via Exchange Web Services (EWS), and this requires the software to use the credentials of a user account to authenticate with EWS. To fulfill these requirements, the organization's admins can:
- provide any existing, active user account credentials (e.g. if they have a dedicated service account to be used with third-party software, or they want to use administrator's credentials)
- or create a new account for the service
- or allow the software to create a new, dedicated user account automatically. The autoconfiguration option is not available in hybrid environments - in such environments, admins need to provide the account credentials manually.
The account to be used by the Sent Items Update service:
- must have a valid User Principal Name (UPN) assigned,
- must be a member of the Domain Users group,
- must be granted impersonation rights (see our Knowledge Base article on how to set impersonation rights manually),
- should be in a working condition (it cannot be disabled, needs to have a valid password, etc.),
- in the case of hybrid environments, the account must also be either a member of the Organization Management group or Exchange Organization Administrators group in Exchange Online / Office 365 (see our Knowledge Base article on how to add a user to the Organization Management group).
- Hybrid environments with ADFS are currently not supported. Single Sign-On (SSO)-enabled accounts can be used for the SIU configuration but must not use a federated domain address when configuring the service. Depending on the UPN address used for the Sent Items Update (SIU) service account, the SIU service will work either for mailboxes on on-premises servers (when a local, non-federated domain is used) or for mailboxes on Exchange Online servers (when an Office 365 domain is used, that is *.onmicrosoft.com).
- Accounts that have multi-factor authentication enabled in Office 365 are currently not supported.
If you choose the automatic configuration of the SIU account (available for on-premises setups only), an account fulfilling all the above requirements will be created automatically by the Sent Items Update configuration wizard. If you want to assign the account manually, the software will only verify and, if necessary, add impersonation rights to the account you selected.
Be aware that, in any case, to configure the Sent Items Update service correctly you must be logged on to the system with an account that is a member of the Domain Admins group. This is required because the software that runs under your account will attempt to assign impersonation rights or to create a new user, depending on how you configured it. For either of these two actions, the Domain Admin permissions are required.
To open the Sent Items Update configuration wizard, click Settings on the program's toolbar, go to the Sent Items Update tab and click Configure (Fig. 1.). If the SIU service has not been configured yet, you can also access the wizard by clicking the Click to change link in the upper-right corner of the Administration Panel (Fig. 1.).
|Fig. 1. Opening the Sent Items Update configuration wizard.|
The configuration wizard of the Sent Items Update opens, and you are asked to choose the type of your environment (Fig. 2.).
|Fig. 2. The Sent Items Update configuration wizard: environment type selection.|
The next steps are similar for both environment types (on-premises Exchange Server and hybrid environments), with some small (but important!) differences, as described below.
Regardless of what environment type you selected, in the next step of the wizard the method of connecting to your server needs to be defined:
If you previously chose a hybrid environment, the Autodiscover mechanism will locate the server automatically (Fig. 3.). The manual configuration is not available.
|Fig. 3. The Sent Items Update configuration wizard: automatic connection to Exchange Server in a hybrid environment via the Autodiscover mechanism.|
If you previously selected an on-premises environment, you can configure the connection automatically or manually (Fig. 4.). If, for example, you want to connect to a server from a different domain, you can only do this manually by providing the server's DNS name (e.g. servername.my-domain.com). The EWS URL is filled automatically but you can edit it, if necessary.
|Fig. 4. The Sent Items Update configuration wizard: manual connection to an on-premises server.|
In the next window you need to provide the credentials of the account that will be used by the Sent Items Update service to authenticate with Exchange Web Services and update emails in the Sent Items folder.
Hybrid environment admins must choose an existing account that meets the requirements described in the wizard window (Fig. 5.). Learn more about these requirements
On-premises environment admins can either go for the automatic configuration option or choose an existing account manually (Fig. 6.).
- If you select the manual configuration, you can type in the account's UPN or select it via the Browse button. If you click the Browse button, you can pull the UPN from your Active Directory (Fig. 7.): by clicking Locations, you can pick the domain from which the SIU administrator's UPN will be taken. This option is not available with untrusted domains. If you want to select a UPN from an untrusted domain, you have to type it in manually.
Make sure that the selected account has its UPN configured (learn more). Otherwise, the setup will not succeed.
|Fig. 7. Choosing a domain to be searched for the Administrator's UPN.|
- If you select the option to create an account automatically, the created account will have the following UPN: CodeTwoSiuAgent@[your domain] (see Fig. 6.).
In the last step, the wizard assigns the impersonation rights to the selected account and tests if this works (Fig. 8.). Click Configure to begin this process.
If the configuration is successful, the wizard shows a green-colored checklist of actions (Fig. 9.).
Once the configuration is done, confirm it by clicking Finish. Note that the service might not work right away - it can take a couple of minutes before it is deployed it in your environment.
Once the Sent Items Update service is configured in an Administration Panel, there is no need to set it up on any other instance of the program in your organization - the configuration is propagated automatically. You only need to restart the other Administration Panels to see the changes.
After successful configuration of the Sent Items Update, the service's settings are available in the Program settings window (Fig. 10.).
|Fig. 10. The Sent Items Update options.|
The first two fields provide general information about the service:
- Status - shows if the service is turned on/off. Use the button on the right side to switch the feature on or off at any point.
- Account - shows the account under which the service currently works. You can configure the account again via the Change button.
The other options are related to the way messages in the Sent Items folder are updated:
- Senders scope,
- Create copy of the original message when updating Sent Items,
- If message splitting is activated, apply changes to all split messages and save them in Sent Items.
This option allows you to define users whose sent messages (messages in the Sent Items folder) are updated by the SIU service. Click the Change button to reconfigure the scope of updated mailboxes (Fig. 11.). You can choose to include/exclude all users, individual users, or groups.
|Fig. 11. Changing the scope of mailboxes to be updated by SIU.|
This option is disabled by default. If you turn it on, for each sent message there are two messages in the Sent Items folder - the first is the message before processing, and the second is the message after processing by the program (e.g. with a signature).
If a message is addressed to multiple recipients who match different rules, CodeTwo Exchange Rules Pro can split this message into several copies on the server to apply individual rules to corresponding recipients. The software can show all these message copies (with different rules applied) in the Sent Items folder of the sending mailbox if you enable this option as shown in Fig. 12. If this option is not available (grayed out), this means that the message splitting feature is not enabled in your organization. You can turn it on in the program's settings - see this article to learn more.
Errors during configuration
|Fig. 13. A failed configuration of the Sent Items Update service.|
These errors may be associated with the service's inability to locate your server or with incorrect account credentials provided in the Account credentials step. In such cases, you need to go back in the configuration wizard and make sure to enter correct data. You can also experience other errors during the configuration:
This error refers to the program’s inability to grant impersonation rights automatically. In such a situation (Fig. 14.) you are instructed to assign impersonation rights manually.
|Fig. 14. A failure to grant impersonation rights.|
This error occurs if the impersonation rights were successfully granted, but the wizard failed to test them automatically. In such a case, you can test them manually by clicking on the Failure link on the right. In the failure notification window, press click here. Type in the UPN of a user account (or select one from your AD) and the program will test if the previously configured SIU account has impersonation rights on this user account (Fig. 15.).
|Fig. 15. Testing of impersonation rights.|
If you use Microsoft Outlook, emails in your Sent Items folder might occasionally not be refreshed/displayed correctly. This is usually caused by Outlook's default behavior in the Cached Exchange mode, and is not related to the SIU service. See this article to learn how to solve this problem.
Quick guideconfigurator - this article provides information on how to configure the program to allow different instances of the Administration Panel to manage rules only for selected suborganizations in your company.
Message splitting - this article describes how to configure the program to update emails including signatures/disclaimers in the Sent items folder of a particular mailbox if a given message was sent to various recipients encompassed by different rules.