Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2009-11-14

Microsoft Exchange Server 2010 Unified Messaging (UM) relies on certified fax partner solutions for enhanced fax functionality such as outbound fax or fax routing. By default, when you install the Unified Messaging server role, the server isn't configured to allow incoming fax messages to be delivered to a UM-enabled user. Instead, the UM server redirects incoming fax calls to a certified fax partner solution. The fax partner's server receives the fax data and then sends it to the recipient’s mailbox in an e-mail message with the fax included as a .tif attachment.

The Unified Messaging server ensures that the final message delivered to the user is identical to the fax messages generated by Microsoft Exchange Server 2007 Unified Messaging. However, the fax partner solution must meet a set of requirements to interoperate with Exchange 2010 Unified Messaging. For details about the Fax Partner program, see Fax Advisor for Exchange 2010.

Deploying and Configuring Faxing

Exchange 2010 UM forwards incoming fax calls to a dedicated fax partner solution, which then establishes the fax call with the fax sender and receives the fax on behalf of the UM-enabled user. However, to allow UM-enabled users to receive fax messages in their mailbox, you must first run Exchange 2010 Unified Messaging setup and configure the Fax Partner server, and then configure the UM dial plans, UM mailbox policies, and enable UM-enabled users to receive faxes. For details, see Managing Unified Messaging Components.

Step 1: Deploy Unified Messaging

To correctly deploy faxing, you must first successfully deploy Unified Messaging servers in your organization and configure your supported IP gateways to allow faxing. For details about how to deploy UM, see Deploy a New Exchange 2010 RTM UM Environment. For details about how to deploy IP gateways, see Managing IP Gateways.

Important:
Sending and receiving faxes using T.38 or G.711 isn't supported in an environment where Unified Messaging and Microsoft Office Communications Server 2007 are integrated.

Step 2: Configure Fax Partner Servers

You must next install and configure the Fax Partner server or servers in your organization. There are specific steps that you must take to successfully integrate the fax partner server with Exchange 2010 Unified Messaging. For details, see Fax Advisor for Exchange 2010.

Note:
Microsoft Windows firewall ports on the fax partner server must be configured to allow the SIP signaling traffic using either TCP port 5060 or 5061, and also be configured to allow fax data that uses a UDP port range defined by the manufacturer.

Step 3: Enable Faxing on Unified Messaging

There are three components that must be configured correctly for users to be able to receive faxes by using Exchange 2010 Unified Messaging:

  • UM dial plans

  • UM mailbox policies

  • UM mailboxes

Faxing can be enabled or disabled on UM dial plans, UM mailbox policies, or on the UM-enabled user's mailbox. By default, although the user's mailbox allows incoming faxes, you must first enable inbound faxing on the UM mailbox policy that's associated with the UM-enabled user and then enter the fax partner server's URI.

To enable UM-enabled users to receive faxes, you must do the following:

  • Verify that each UM dial plan allows the users who are associated with the dial plan to receive faxes. By default, all users who are associated with a dial plan can receive faxes. For UM-enabled users to receive fax messages in their mailbox, each Unified Messaging server that's associated with the dial plan must be configured to accept incoming fax calls. You must also enable fax messages to be received by users who are associated with the dial plan. For more information about how to enable users associated with a dial plan to receive faxes or to prevent them from doing this, see Enable UM-Enabled Users to Receive Faxes on a UM Dial Plan.

    Note:
    If you prevent fax messages from being received on a dial plan, no users who are associated with the dial plan will be able to receive fax messages, even if you configure an individual user's properties to allow them to receive fax messages. Enabling or disabling faxing on a UM dial plan takes precedence over the settings for an individual UM-enabled user.
  • Configure the UM mailbox policy that's associated with the UM-enabled user. The UM mailbox policy must be configured to allow incoming faxes, including the fax partner's URI and the name of the fax partner's server. The FaxServerURI must use the following form: sip:<fax server URI>:<port>;<transport>, where “Fax Server URI” is either an FQDN or an IP address of the fax partner server. The “port” is the port on which the fax server listens for incoming fax calls and “transport” is the transport protocol that's used for the incoming fax (UDP, TCP, or TLS). For example, you might configure fax as follows:

    Copy Code
    Set-UMMailboxPolicy MyUMMailboxPolicy -AllowFax $true -FaxServerURI "sip:faxserver.abc.com:5060;transport=tcp"
    
    For details, see Enable or Disable Inbound Faxing on a UM Mailbox Policy.

  • Verify that the Exchange 2010 mailbox that's UM-enabled can receive fax messages. By default, all users who are associated with a dial plan can receive faxes. However, there may be situations when a user can't receive faxes because the ability to receive faxes has been disabled on their mailbox. For more information about how to enable a UM-enabled user to receive faxes, see Enable a UM-Enabled User to Receive Faxes.

    You can prevent a single user who's associated with a dial plan from receiving fax messages. To do this, configure the properties for the user by using the Exchange Management Console or by using the Set-UMMailbox cmdlet in the Exchange Management Shell. You can also use the Set-UMMailbox cmdlet to prevent multiple users from receiving fax messages. For more information about how to prevent a user or users from receiving fax messages, see Prevent a UM-Enabled User from Receiving Faxes.

Step 4: Configuring Authentication

In addition to configuring your UM dial plans, UM mailbox policies, and UM-enabled users, you have to configure authentication between the UM server and the fax partner server. The UM server must be able to authenticate the origin of the messages claiming to be coming from the fax partner's server.

Fax messages sent to a UM server from a fax partner server must be authenticated and any unauthenticated messages claiming to have come from a fax partner server will not be processed by the UM server. To authenticate the connection from the fax partner to a UM server, you can use:

  • Mutual TLS

  • Sender ID validation

  • A dedicated receive connector

A receive connector should be sufficient for authenticating the fax partner servers deployed in your organization together with the UM server. The receive connector will ensure that the Exchange server treats all traffic coming from the fax partner server as authenticated.

The receive connector should be deployed on the Hub Transport server used by the fax partner server to submit SMTP fax messages, and must be configured with the following values:

  • AuthMechanism: ExternalAuthoritative

  • PermissionGroups: ExchangeServers, PartnersFax

  • RemoteIPRanges: {the fax server's IP address}

  • RequireTLS: False

  • EnableAuthGSSAPI: False

  • LiveCredentialEnabled: False

For details, see Managing Connectors.

If the fax partner server sends network traffic to a UM server over a public network, for example, a service-based fax partner server hosted in the cloud, we recommend that you authenticate the fax partner server using a sender ID check. This type of authentication ensures that the IP that the fax message came from is, in fact, authorized to send e-mail message on behalf of the fax partner domain that the message claims to have come from. DNS is used to store the sender ID records (or SPF records) and fax partners must publish their SPF records in the DNS forward lookup zone. Exchange 2010 will validate the IP addresses by querying DNS. However, the sender ID agent must be running on an Exchange 2010 Edge server to be able to perform the DNS query.

You can also use TLS to encrypt the network traffic, or mutual TLS for encryption and authentication between the fax partner server and an Exchange 2010 Unified Messaging server. For details, see Understanding Unified Messaging VoIP Security.