Wednesday, December 26, 2007

Public Folders Error on ESM Id no: c0070000



I wish there would be a way to turn the GUI totally off on the server. There really should be no reason to open a browser and surf on the internet from a server anyway. We discovered following error on our dedicated public folder server, ESM was crapping out and generating errors.

Problem:

IE 7.0 ESM is Crashing upon opening public folders

Cause

The following DLL files won't seem to like IE 7.0.

Exchange System Manager (ESM), the application crashes with the following errors:

App: contentfilter.dll; module hhctrl.ocx app: maildsmx.dll; module unknown app: exadmin.dll; module

Solution:

Uninstall IE 7.0 and leave IE 6.0

Best,

Oz ozugurlu

Tuesday, December 25, 2007

The Microsoft Exchange Transport Service



Exchange 2007 is for sure rock solid messaging application. The more I dive into it, I understand the exchange is trying to be the, the future SMTP mail relay gateway and the next generation messaging application. To be honest I must say, I am very impressed with all hard work have been done behind this great messaging application, Exchange 2007. In reality, most of the enterprise networks already using UNIX appliance as their mail gateways. Where I work, we use IronPort as our mail gateways. We had some other vendor over years and replaced recently those appliances to IronPort mail gateways. I have not logged into IronPort since we deployed them. Why because I did not need too, it has been working solid and incredible performance, where a million e-mails hits our gateways in 1 HR time interval.

It is going to be very hard for exchange to replace some of these, appliance in the near future as mail gateways, since UNIX has its own reputation over years and working rock solid.

The design of exchange 2007 seems to be covering all bases, as these UNIX appliances in the market. Why Exchange never to be considered as mail relay gateway in the past. If you try to install exchange 2003 on windows and try to place in DMZ most likely, you would lose your job, since this would not be a secure implementation.

  • Why is that?

First reason is windows operation system; unfortunately, it is not as secure as UNIX, yet. Secondly, the primary protocol for Exchange 2003, SMTP is part of IIS (SMTP Stack). Installing IIS on top of none secure OS, could bring great chance of being hacked.

Now what has changed? With Exchange 2007

The SMTP stack is the core infrastructure of Exchange. Without it, we cannot send and receive e-mail messages. Microsoft rewrote the SMTP Transport Stack and start running as the Network Service account. This reduced the risks that are associated with denial of service attacks. Of course, this eliminated the dependency on IIS and reduced the risk of being hacked for DMZ type of deployment.

The Microsoft Exchange Transport Service

For small companies who do not have money-getting exchange 2007 seems to be the way to go. For large enterprise, networks will implement exchange 2007 in other roles and take advantage of the great messaging application. I hope new Edge role is going to be used in the future as well. Microsoft Server OS has done great improvement and getting much better in my opinion. Smart shell (power Shell) , being able to turn the GUI off on the DMZ type of implementation and taking advantage from Shell (Using SSH perhaps) will bring the Microsoft Server OS to a quality level as others out there in the very near future.

Best Regards,

Oz ozugurlu,



530 5.7.1 Client was not authenticated



After successful installation of exchange 2007 following message, appears on the test mail. Technical details of permanent failure "PERM_FAILURE: SMTP Error (state 12): 530 5.7.1 Client was not authenticated"Basic Exchange 101, fire up command line and use telnet command on port 25 to the mail server within the network to see what is going on .

In CMD

Telnet 10.10.10.7 25

  • 220 exc07.smtp25.org Microsoft ESMTP MAIL Service ready at Tue, 25 Dec 2007 18:5
  • 1:08 -0500
  • helo
  • 250 exc07.smtp25.org Hello [10.10.10.7]
  • mail from:telnet25@gmail.com
  • 530 5.7.1 Client was not authenticated

We are getting "530 5.7.1 Client was not authenticated"

Cause:

The anonymous users do not have permission on the "Default receive connector."

  • Click on Server configuration
  • Click on Hub Transport, select default receive connector and go to properties
  • Click on Permission group
  • Tick the check box where is says "Anonymous users"

Now try the telnet on port 25 to your mail server, everything should work.

Now we will achieve the same results from exchange management shell. First mission is to figured out the name of the connector so, after opening management shell

[PS] C:\>Get-ReceiveConnector

Here is the output

EXC07\Default EXC07

EXC07\Client EXC07

Now I know the name of the receive connectors. (EXC07 is the name of my Exchange server)

I will use following command to achieve the same results from management shell.

[PS] C:\>Set-ReceiveConnector "default exc07" -PermissionGroups:c

The options are

  • ExchangeUsers
  • ExchangeServers
  • ExchangeLegacyServers
  • AnonymousUsers
  • Partners

Whichever you like, both will work.

Best,

Oz ozugurlu

Friday, December 21, 2007

BES and Worker-Treats

The way Blackberry server discovers the mailboxes for the BES users by using MAPI and rapping worker treats into the MAPI session. Worker treats are processes build into the BES server, to discover and establish state full connection to the hidden BES mailbox on the each user mailbox. Each BES server is capable of handling 100 worker treads and up to 2000 users.

Mailbox moved within the same server, from one mail store to another one, will break the BB connection for the user got moved, due to limitation build into the BES user mailbox discovery process. Because BES scans users mailboxes for changes in the Server DN (distinguish name).

Blackberry Server normally generates 3 to 4 times more MAPI traffic then a regular MAPI user. The BES is being used in conjunction with latency caused severe problems. Not also BES experience but also other aspect of the network will suffer as consequence of this problem.

The size of the mailbox is not what causes the latency but specifically the number of items in your Outlook folders. The number of open items results the same behavior in poor outlook experience the famous Christmas balloon "exchange is retrieving data from such exchange server" everyone's favorite message will appears from the outlook.

Happy Holidays

Best

Oz ozugurlu

Thursday, December 20, 2007

An internal processing error has occurred. Id no c1041427



Exchange 2000 mail store would not mount and generate the following errors. After looking around I discovered two steps approach to remedy the dilemma and I wanted to post here for those who might need it.

Problem:

Information store won't mount. The mail service is interrupted on exchange 2000. Application log shows MSExchangeIS 9564.

Solution:

The first thing to check is to make sure the AV software is not causing the issue. Open registry editor on the offended exchange server and drill down to following registry key

  • HKLM
  • System
  • CurrentControlSet
  • Services
  • MSExchangeIS
  • VirusScan
  • Set enabled to 0 to disable the AV
  • Exit from registery (save)

Restart the information store service and mount the mail stores.

If this won't help you, keep reading, there might be corruption on the either databases or the log files.

What Is a "Shadowed Header?"

Exchange Server database, checkpoint, and log files begin with a 4-kilobyte (KB) header section. The header contains important identification and configuration information about the file. Headers can be viewed with the Eseutil utility by using the /MH (database file), /ML (transaction log file), or /MK (checkpoint file) options.

Now it is time to perform some clean up

  • Stop all exchange services.
  • Configure your Anti-Virus program according to article KB245822.
  • Save your current log files that are usually located on x:\Program Files\exchsrvr\MDBDATA\Exxxxxxx.Log to a temporary folder.
  • Delete all *.log files in the x:\Program Files\exchsrvr\MDBDATA.
  • Check that the folder "(x:\Program Files\exchsrvr\MDBDATA)" only contains the following files:
  • e00.chk
  • res1.log
  • res2.log
  • If not, move all extra files to a temporary folder.( including e00.chk, res1.log, res2.log )
  • Start all Exchange Services and mount the Information Store service.

Best regards,

Oz Ozugurlu

"How useful was this article? Want to see a tip not listed? Please leave a comment."


Tuesday, December 18, 2007

How to recover deleted items from Public folders.




This is one of the common tasks for exchange administrators and it is easy to accomplish. First, download PFDEVAdmin by clicking the link here. Open PFDEVAdmin and follow the simple step described below. Second, follow the simple steps described in KB#924044.

Move to the PFDEVAdmin folder, and then double-click the PFDAVAdmin.exe file.

  • On the File menu, click Connect.
  • In the Exchange server box, type the name of the Exchange server to which you want to connect.
  • In the Global Catalog box, type the name of the global catalog server.
  • If it is required, click to clear the Authenticate as currently logged-on user check box. Type an appropriate user name, password, and domain in the respective boxes.
  • In the Connection area, click Public Folders, and then click OK.
  • Expand Public Folders, and then click the parent folder of the deleted folder.
  • Right-click the parent folder, and then click Show deleted subfolders. The deleted subfolder is shown in red.
  • Right-click the subfolder, and then click Recover folder.
  • Click OK to acknowledge the Recovery succeeded message. The recovered folder name appears as Folder_Name Recovered.
  • Test access to the folder by using an e-mail client.
  • In Exchange System Manager, right-click the recovered folder, and then rename the folder.


 

Regards,

Oz ozugurlu

Thursday, December 13, 2007

Enterprise Exchange dedicated DC/GC Design Part 2




Isn't it the dream for every exchange administrators to have dedicated DC/GC servers for Exchange servers only? Our goal is simple we will dedicate GC for exchange server in enterprise environment. Pointing DS access to the DC's is not good enough. Those of you experts know already the meaning of Multi Master Replication model with AD 2000 and 2003 and how it works.

Follow the simple steps below to get to work done.

Step by Step

Prepare a DC/GC to be used by Exchange servers only

  • Open local GPO
  • Local computer Policy
  • Administrative templates
  • System
  • Net logon
  • DC Located DSN records
  • Priority Set in the DC locator DNs SRV Records
  • Double click on it
  • Enabled
  • Set priority anything greater than "0" ( I set all DC's to 100 in this example)
  • Save the GPO and give a data and some logical name.

Go to Event log and you will see this DC is no longer authenticating users, and being used by DSAccess only

SRV resource records

Specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.

The Priority field in the SRV record sets the preference for target hosts (specified in the SRV record's Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.

To specify the Priority in the DC Locator DNS SRV resource records, click Enabled, and then enter a value. The range of values is 0 to 65535. If this setting is not configured, it is not applied to any DCs, and DCs use their local configuration.


Best

Oz ozugurlu

Wednesday, December 12, 2007

BES Migration for Enterprise Network practices.




We are in the middle of big migration to new Datacenter. I have build migration strategy for the existing enterprise BES farm, 7 BES servers, several thousands of users. I have decided to share some of the questions and answers I had to include my assessment and migration plan with you all. I hope, this document will may assist you in regards to BES migration. As always do not forget to backup your database with any type of operations. Make sure the communication with end users has taken place and all required permission for the migration is worked out. (Politics)

Question:

Moving BES SQL Database to different location then BES servers would or would not cause issues such as bad user experience latency and etc.

Answer:

If it is all possible avoid doing this action. Mail agent, dispatcher services and other BES services depends on SQL database, these services interact with the SQL database in day to day operations with BES server; these are extended resources therefore latency will be issues if the Database is in the different location (latency factor) when BES servers in another location

Question:

What would be good way of accomplishing moving existing BES server from one location to another location in heavily used BES environment.

Answer:

Stand up new BES server in the new location add them into existing BES farm. Move the SQL database to the new location, step moving SQL database is included into this assessment.

  1. Move BES database into new location
  2. Move BB users from existing server BES server to newly build BES server.
  • Move users in batch not all of them at the same time. Moving BES users is not extensive process as moving
  • Mailboxes, recommended are 80 to 100 users at a time.

3.When all users are moved into new BES far in the new location , wait for some time and make sure Bes operation are stable as it was.

  • Schedule down time for upgrade path and follow the steps to upgrade the BES servers to latest version Latest SP version BES 4.1 SP4

It is critical and important to remember the first server upgrade is the most important. Work with BES support to get the first server upgraded correctly, this process will upgrade the SQL database automatically. After this is done, it is fairly easy to upgrade the rest of the Bes server since installing BES binaries is the only task

Migration BES Database step by Step

Here are the steps to migrate your BlackBerry Enterprise Server Database from one machine to another SQL Server:

  1. Backup the existing database. Stop BlackBerry Enterprise Server Services if SQL will be down.
  2. Copy the .MDF and .LDF files of your BlackBerry Enterprise Server Database to a safe location.
  • Once the new SQL machine is up, run the CreateDB RIM tool. The goal of running the tool is to have it create the BlackBerry Enterprise Server's custom error messages, procedures, jobs and triggers in SQL. It also creates a database.
  • This is usually done during a BlackBerry Enterprise Server install, but can be run manually with CreateDB.
  1. So what we'll do is run CreateDB so it can create all the jobs, etc. that we'll need and it will also create a database. We'll just create a temporary database then delete it.
  2. Extract your version of BlackBerry Enterprise Server to a temporary location. Copy the Database folder to the SQL Server. This Database folder contains CreateDB.
  3. You'll see a file in the Database folder called BESMgmt.cfg. This is the configuration file CreateDB will use to run its database scripts. Open BESMgmt.cfg with Notepad.
  4. Starting from the top of the file you'll see the "DATABASE_NAME" variable. Change this from BESMgmt and call the database something temporary like "BESTemp."
  5. Scroll down the file and locate "USERID" and "PASSWORD." Specify these for SQL Authentication. Leave blank to use the account you're logged in with.
  • Scroll down the BESMgmt.cfg file and find the "SERVER" value. Since we'll be running this locally "local"
  • will work just fine unless you use a SQL Server instance name. If so specify the SQL Server instance by changing "local" to this format: <servername>\<instancename>. So, for example: SQL01\Instance01.
  • Save and close the BESMgmt.cfg file.
  • Login to SQL with the SA account. Open a command prompt and navigate to the Database folder where CreateDB resides.

Type the following command:

createdb besmgmt.cfg

Press Enter. It will create the BESTemp database and run all the other necessary scripts to run a BlackBerry Database on SQL.

  • Place your production BES Database in the SQL database folder. Mount your production database.On the BlackBerry Enterprise Server locate the Start Menu > Programs > BlackBerry Enterprise Server and click BlackBerry Server Configuration. On the Database Connectivity tab ensure it's pointing to the correct database.
  • Start BlackBerry Enterprise Server Services
  • When it's complete open the SQL Management Studio and delete the BESTemp database. It's not necessary to keep.

Best,

Oz ozugurlu

Microsoft cluster service components




We are in the middle of standing up new clustered exchange servers into our new data center. Part of the process is to build the new cluster servers and move mailboxes over to new exchange server. We probably will build a new cluster within a year and go for exchange 2007. Knowing the cluster components are critical therefore I have decided to post below table here at my blog. Microsoft Cluster Service is consisting of several device drivers and services. These modules reside on top of the Operating system (Windows enterprise edition) and behave as a service. The cluster service provides basic functions that the operating system needs in order to support clustering

  • Understanding each component is crucial going trough setting up and managing clusters.
  • It makes daily admin life easier in my opinion.

Component

Role/Function

Node Manager

Maintains resource group ownership of cluster nodes

based on resource group node preferences and the

Availability of cluster nodes.

Resource Monitor

Utilizes the cluster resource API and RPCs to maintain

communication with the resource DLLs. Each monitor runs

as a separate process.

Failover Manager

Works in conjunction with the resource monitors to

manage resource functions within the cluster such as

failovers and restarts.

Checkpoint Manager

Maintains and updates application states and registry

keys on the cluster quorum resource.

Configuration Database Manager

Maintains and ensures coherency of the cluster database

on each cluster node that includes important cluster

information such as node membership, resources,

resource groups, and resource types.

Event Processor

Processes events relating to state changes and requests

from cluster resources and applications.

Membership Manager

Manages cluster node membership and polls cluster

nodes to determine state.

Event Log Replication Manager

Replicate system event log entries across all cluster

nodes.

Global Update Manager

Provides updates to the Configuration Database

Manager to ensure cluster configuration integrity and

consistency.

Object Manager

Provides management of all cluster service objects and

the interface for cluster administration.

Log Manager

Works with the Checkpoint Manager to ensure that the

recovery log on the cluster quorum disk is current and

consistent.


Best

Oz ozugurlu


Tuesday, December 4, 2007

IronPort SMTP Mail Gateways



We have implemented IronPort devices and dumped our legacy SMTP gateways. I am truly impressed with IronPort performance, heads up no wonder it is called IronPort. I had to prepare a little summary sheet for IronPort and decided to share here with you all

IronPort is capable of performing following

IP reputation is called reputation Filtering ( checks the sender IP reputation).The Sender Base Reputation Service provides an accurate, flexible way for users to reject or throttle suspected spam based on the connecting IP address of the remote host.

On SMTP hand Shake Iron, port is also capable of performing,

  • RBL List (Real Time Block List)
  • IP Reputation
  • RDNS Check (Reverse DNS check to make sure, sender is coming from domain)
  • Domain reputation
  • Sender Base Reputation Service (SBRS) Score

The Sender Base Reputation Service (SBRS) score is a numeric value assigned to an IP address based on information from the Sender Base Reputation Service. The Sender Base Reputation Service aggregates data from over 25 public blacklists and open proxy lists, and combines this data with global data from Sender Base to assign a score from -10.0 to +10.0, as follows:

Score

Meaning

-10.0

Most likely to be a source of spam

0

Neutral, or not enough information to make a recommendation

+10.0

Most likely to be a trustworthy sender


The lower (more negative) the score, the more likely that a message is spam. A score of -10.0, means that this message is "guaranteed" to be spam, while a score of 10.0 means that the message is "guaranteed" to be legitimate.

How Does IronPort identifies Spam?

IronPort Anti-Spam filtering is based on Context Adaptive Scanning Engine (CASE) ™, and is the first anti-spam scanning engine to combine email and web reputation information following areas.

  • Eliminate the broadest range of email threats — detect spam, "phishing," zombie-based Attacks, and other "blended" threats.
    Deliver the highest accuracy — anti-spam rules based on email and web reputation from Sender Base Reputation Service.
  • Offer ease of use — due to reduced hardware and administrative costs. Deliver industry leading performance — CASE uses dynamic early exit criteria and off-box network calculations to deliver breakthrough performance.
  • Address the needs of international users — IronPort Anti-Spam is tuned to deliver industry-leading efficacy world-wide IronPort Anti-Spam filtering is based on Context Adaptive Scanning Engine (CASE) ™, and is the first anti-spam scanning engine to combine email and web reputation information to: Eliminate the broadest range of email threats — detect spam, "phishing," zombie-based attacks, and other "blended" threats.
    Deliver the highest accuracy — anti-spam rules based on email and web reputation from
  • Sender Base Reputation Service. Offer ease of use — due to reduced hardware and administrative costs. Deliver industry-leading performance — CASE uses dynamic early exit criteria and off-box network calculations to deliver breakthrough performance. Address the needs of international users IronPort Anti-Spam is tuned to deliver industry-leading efficacy world-wide
  • IronPort designed IronPort Anti-Spam from the ground up to detect the broadest range of email threats. IronPort Anti-Spam addresses a full range of known threats including spam, phishing and zombie attacks, as well as hard-to-detect low volume, short-lived email threats such as "419" scams. In addition, IronPort Anti-Spam identifies new and evolving blended threats such as spam attacks distributing malicious content through a download URL or an executable. To identify these threats, IronPort Anti-Spam uses the industry's most complete approach to threat detection, examining the full context of a message-its content, methods of message construction, the reputation of the sender, and the reputation of web sites advertised in the message and more.
  • Only IronPort Anti-Spam combines the power of email and web reputation data, leveraging the full power of the world's largest email and web traffic monitoring network — Sender Base — to detect new attacks as soon as they begin.

    Lowest False Positive Rate

    IronPort Anti-Spam and IronPort Virus Outbreak Filters are powered by IronPort's patent-pending Context Adaptive Scanning Engine (CASE) ™. CASE provides breakthrough accuracy and performance by analyzing over 100,000 message attributes across four dimensions:


    • Email reputation — who is sending you this message?
    • Message content — what content is included in this message?
    • Message structure — how was this message constructed?
    • Web reputation — where does the call to action take you?

Analyzing multi-dimensional relationships allows CASE to catch a broad range of threat while maintaining exceptional accuracy. For example, a message that has content claiming to be from a legitimate financial institution but that is sent from an IP address on a consumer broadband network or that contains a URL hosted on a "zombie" PC will be viewed as suspicious. In contrast, a message coming from a pharmaceutical company with a positive reputation will not be tagged as spam even if the message contains words closely correlated with spam.

Best,

Oz ozugurlu

Sunday, December 2, 2007

IronPort C350

Finally, we have replaced our mail gateways to Iron Port C350. We deployed 3 Iron Port in our network and God knows how much we suffered with old mail gateway appliance. It was horrible experience including support and the product itself. No need to mention names. Those of you know me personally I will recommend not to buy and what to buy as dedicated mail relay gateway, ping me at any time.

I will write more about Iron Port, let me tell you, incredible device, awesome support engineers so far. The Shell is UNIX, and most of the basic Unix commands works like a charm. Incredible flexible and noticeable powerful mail gateway, no wonder 90% percent of the government business using Iron Port in Washington DC.

Be carefully when you decide to buy dedicated mail gateway, wrong decision will give you big head and lost of revenue eventually.

Best Regards,

Oz ozugurlu


Wednesday, November 28, 2007

PRIV1.HTML file in Exchange 2000



The question came today from one of my peer at work was asking a question about priv1.html file, when we are performing defrag on exchange 2000 databases. What is this file about I never know exchange would use HTML file as database. My peer knew the priv1.edb file and what it does very well; nevertheless, the HTML file seemed to him a bit abnormal.

Summary:

priv1.edb, but it also has an escort file called priv1.stm. (priv1.html), for some weird reason windows reads this file as HTML file (go figure), which confuses some of the exchange administrators.

  • Priv1.edb files contain Rich Text Formatted (RTF) content messages.
  • A priv1.stm file contains non-RTF messages.

The priv1.edb holds message data from messages that are in native MAPI format, the STM file holds content for internet formatted messages. Both are required to get the database to function correctly.

The 16-GB size limit for the Exchange private mailbox store database and the 16-GB size limit for the Exchange public mailbox store database is the sum of the size of both the Priv.edb and the Priv.stm files.


When you put a limit on a mailbox,

  • You only limit the storage in the Priv.edb file.
  • You do not limit the storage in the Priv.stm file.

For example, a mailbox may appear to use only 250 MB of space in Exchange System Manager. However, the total space that the mailbox uses may be 450 MB. This difference occurs because the 200 MB of space that the Priv.stm file uses does not appear in Exchange System Manager.


 

When you do a defrag of the edb, the stm file is automatically also defragged.

Best

Oz Ozugurlu

Tuesday, November 27, 2007

Event ID logs 445; Exchange databases reached the 16 GIG limits



Problem:

Exchange server 2000 is not accessible. Event ID logs 445; Exchange databases reached the 16 GIG limits. This will cause interruption on the mail flow.

Event Type: Warning

Event Source: ESE

Event Category: Space Management

Event ID: 445

Date: 11/27/2007

Time: 3:51:57 PM

User: N/A

Computer: CHALBIRFS0

Description:

Information Store (5640) The database E:\Exchsrvr\mdbdata\priv1.edb has reached its maximum size of 16383 MB. If the database cannot be restarted, an offline defragmentation may be performed to reduce its size.


Solution:

I would love to say here, upgrade to exchange 2007 if all it is possible, at least to Exchange 2003 to get the advantage of 75Gig limit in DB. In some cases, decision makers (Managers) are very none sense, to be honest. I have seen million of times so far same scenario. For technical people it is very frustrating to deal with manager who has no clue about current technology. Remember this is the way it is and we have to leave with this. Follow the step below

ESEUTIL /D is the immediate action we have to take in this particular issue. We bumped the DB size to 17GIG with following registry hack.

  • Click Start, click Run, and then type regedit.exe. Locate the following key in the registry: HKEY_LOCAL_MACHINE
  • SYSTEM
  • CurrentControlSet
  • Services
  • MSExchangeIS
  • Private

Right click, new Dword Value, and name it "Temporary DB Size Limit" and enter value 1.Restart information store service for changes to take effect. Requires Service Pack 3 for Exchange 2000 and the following registry entry:

The C drive was out of space therefore we need to perform the Defrag to E drive, where we had plenty of free space

C:\>"C:\Program Files\Exchsrvr\BIN\ESEUTIL.EXE" -d "E:\Program Files\Exchsrvr\MD BData\priv1.edb" /te:\temp.edb

This was the Temp file is going to be created on the E Drive. Many o f you know if already the story behind the temp database. Exchange will create an empty database in this example is the Temp database and will copy good mail data into this DB. When exchange is done, it will tell you "Hey I have created brad new database, go ahead delete the original one and use this one instead."

Determine White Space Event id 1221. If it is too late and exchange databases are dismounted due to space problem, use ESEUTIL /MS determine the white space.

Space Dump with ESEUTIL /MS to determine the space. Also ensure that you have 110% free disk space associated with the Exchange database size.

You can check the integrity of your Exchange database with ESEUTIL /G

After running ESEUTIL, check the log file called "integ.raw "to see the results.

Let's talk about ISINTEG in general (Isinteg -fix -test alltests)

ISINTEG is the only repair utility that understands the Exchange database as an Exchange database (taken from MS support)

  • Isinteg understands the relationships between those tables and records that turn them into folders and messages.
  • At the end of an Isinteg fix run, you will likely see hundreds to thousands of warnings, no worries, but we need to worry if there is even one error, and rerun the Isinteg until there is no more errors are being reported.
  • Before you do this make sure,
  • The information store service is running
  • The mailbox store is dismounted
  • Isinteg -ServerName –Fix –Test alltests

Here are the final Steps:

  • Run ESEUTIL /MS (determine the space, you won't be blind)
  • Run Eseutil /P ( Hard Repair)
  • Run Eseutil /D. ( Defrag)
  • RUN Isinteg -fix -test alltests (fixes the logical problems)

    Example: isinteg -pri -fix -test alltests


Best,

Oz ozugurlu




Sunday, November 18, 2007

Active directory windows 2008, Read only DC (Domain Controllers)



The security aspect is getting more and more integrated into windows 2008 servers. Therefore, if we examine the new futures in active directory we will quickly realize, the security focus around most of the directors and DNS services. The read only DC concept is brand new; it makes me remember UNIX concept. The out the box Windows servers seems to be more robust and contains more granular delegation of task, which can be delegated to administrators.

Below some of the highlights, I have observed and wanted to share with you all.

Administrator role separation

  • Read only domain controllers (RODC) in windows 2008. More secure deployment with read only DC.
  • This is great for sites, which do not have IT support. (Providing local services, Print service, logon service)

We are not exposing full writable domain controller in the remote site (RODC)

  • RODC stores copy of the DIT database, no security principle ( no passwords). If the RODC gets compromised the DIT, Database have no passwords in it.
  • If there I changes made at the site, this wont effect the corporate site, since the DIT is read only.

Management

  • Great improvement o the DCPROMO, ADUC Distributes files system replication (DFSR)
  • Administration roles separation
  • Delegation of DCPROMO and RODC (more granular control)

DNS Improvements

  • Backbone of AD is still DNS, and DNS have many improvements in windows 2008 AD.
  • DNS has new located Flag, (based on site cost).
  • Read –Only active directory integration zone for RODC

RODC (Read Only Domain Controller)

The DIT Database is read only. The changes must be done on the writable DC, such as password changes. RODC is primary targeted to remote sites and Edge offices. The security treads Each RODC has its own Kerberos ticketing system.

Deploying RODC Requirements

Windows 2003 forest functional mode or later, and one at least DC must be running windows 2008 server. Domain functional level must be raise to windows 2003 or later.

  • RODC needs to forward the logon request to windows 2008 server
  • One RODC per site is recommended
  • NO RODC to RODC Replication
  • No plans to support Exchange to support RODC / GC ( Global Catalog

Best,

Oz Ozugurlu

Friday, November 16, 2007

Exchange 2007 Versions and some of the futures

Exchange 2007 Standard

  • SG (Maximum of five storage groups)
  • DB (Maximum of five databases)
  • OA (Support for Outlook Anywhere) formerly known as RPC/HTTPS
  • LCR (Local continuous replication)
  • RGG (Recovery storage group)
  • Database size (No limit)
  • Exchange 2007 Standard

Exchange 2007 Enterprise

Support all futures as standard edition

  • Up to 50 SG
  • Up to 50 DB ( MS recommends one SG and one DB)
  • Why it is, recommended this way? Log files for Entire SG, if you have one SG,

    If we segregate the logs for one DB which will be better (faster) than writing logs to more than one DB

  • Consider using different spindles for best performance, even in 64Bit architecture, which is common sense.
  • SCC (single Cluster Copy)
  • LCR (Local continuous replication LCR supports 1 Database per Storage Group
  • CCR (Cluster continuous replication ) CCR only supports 1 Database per Storage Group

Coexistence Requirements

  • Exchange 5.5 is not supported. If you still have, it get rid of it.
  • All Exchange Server 2003 servers must have SP2 installed
  • All Exchange 2000 Server servers must have SP3 and post-SP3 update rollup installed

Best,

Oz ozugurlu

Thursday, November 15, 2007

Getting ready to install Exchange 2007?

Below is nice table to have it handy going trough upgrading or implementing exchange 2007.

Exchange 2007 @ Hardware Requirements

Item

Minimum Requirements

CPU

Must be an x64 64-bit architecture server system that provides support for the Intel EM64T or AMD64 platform. The Intel Itanium IA64 platform is not supported; 32-bit x86 systems are not supported except in a management station role.

Operating system

Windows Server 2003 SP1 x64 or Windows Server 2003 R2 x64, Standard or versions. The management tools can be installed on a 32-bit Windows Server 2003 or Windows XP SP2 computer.

Memory

Minimum of 2GB RAM.

Hard disk space

Minimum of 200MB on the server's system drive. Minimum of 1.2GB on the server drive where the Exchange executables will be installed.

Optical drive

A DVD drive, local or network accessible, is required.


 

Exchange 2007 @ CPU Requirements

Server Role

Minimum CPU

Recommended CPU

Recommended Maximum CPU

Edge Transport

1 CPU core

2 CPU cores

4 CPU cores

Hub Transport

1 CPU core

4 CPU cores

4 CPU cores

Client Access

1 CPU core

4 CPU cores

4 CPU cores

Mailbox

1 CPU core

4 CPU cores

8 CPU cores

Unified Messaging

1 CPU core

4 CPU cores

4 CPU cores

Multiple roles

1 CPU core

4 CPU cores

4 CPU cores


 

Exchange 2007 @ Memory Requirements

Server Role

Minimum RAM

Recommended RAM

Recommended Maximum RAM

Edge Transport

2GB

Not less than 1GB per CPU core; 2GB minimum

16GB

Hub Transport

2GB

Not less than 1GB per CPU core; 2GB minimum

16GB

Client Access

2GB

Not less than 1GB per CPU core; 2GB minimum

8GB

Mailbox

2GB, but depends on number of storage groups

2GB plus 2MB–5MB per mailbox on the server

32GB

Unified Messaging

2GB

Not less than 1GB per CPU core; 2GB minimum

4GB

Multiple roles

2GB, but depends on number of storage groups

4GB plus 2MB–5MB per mailbox on the server

8GB


 

Best,

Oz ozugurlu