MS Exchange Interview Questions 1. What must be done to an AD forest before Exchange can be deployed? Setup.exe /forestprep 2. What Exchange process is responsible for communication with AD? DSACCESS 3. What 3 types of domain controller does Exchange access? Normal Domain Controller, Global Catalog, Configuration Domain Controller 4. What connector type would you use to connect to the Internet, and what are the two methods of sending mail over that connector? SMTP Connector: Forward to smart host or use DNS to route to each address 5. How would you optimise Exchange 2003 memory usage on a Windows Server 2003 server with more than 1Gb of memory? Add /3Gb switch to boot.ini 6. Name the process names for the following: System Attendant? MAD.EXE, Information Store – STORE.EXE, SMTP/POP/IMAP/OWA – INETINFO.EXE 7. What is the maximum amount of databases that can be hosted on Exchange 2003 Enterprise? 20 databases. 4 SGs x 5 DBs. 8. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog?
9.
25 110 143
SMTP POP3 IMAP4
135
RPC
389
LDAP
636
LDAP (SSL),
3268
Global Catalog
465
SMTP/SSL,
993
IMAP4/SSL,
563
IMAP4/SSL,
53
DNS ,
80
HTTP ,
88
Kerberos ,
-
-
-
- 102 110 POP3 ,
-
X.400 ,
119 NNTP , 137 - NetBIOS Session Service
-
139 - NetBIOS Name Service ,
-
379
LDAP (SRS) ,
443
HTTP (SSL) ,
-
445 - NetBIOS over TCP 563
NNTP (SSL) ,
691
LSA ,
993
IMAP4 (SSL) ,
994
IRC (SSL) ,
995
POP3 (SSL) ,
-
-
-
1503
T.120 ,
1720
H.323 ,
1731 Audio conferencing , 1863 - MSN IM 3268 GC , 3269 GC (SSL) , 6001 Rpc/HTTP Exchange Store , 6002 HTTP Exchange Directory Referral service , 6004 Rpc/HTTP NSPI Exchange Directory Proxy service/Global Catalog , 6667 IRC/IRCX , 6891 - 6900 - MSN IM File transfer , 6901 - MSN IM Voice , 7801 - 7825 - MSN IM Voice[/b]
What are the prequisite for installation of Exchange Server The pre requsite are IIS, SMTP, WWW service ,NNTP, W3SVC NET Framework ASP.NET Then run Forestprep The run domainprep
10. Which protocol is used for Public Folder ?
ANS: SMTP
11. What is the use of NNTP with exchange ? ANS: This protocol is used the news group in exchange 12. Disaster Recovery Plan? Ans: Deals with the restoration of computer system with all attendent software and connections to full functionality under a variety of damaging or interfering external condtions. 13. About the new features in Exchange 2003: 1.Updated Outlook Web Access. 2.Updated VSAPI (Virus Scanning Application Programming Interface) but in Exchange Server 2003 Enterprise, there are Specific Features which : 3.Eight-node Clustering using the Windows Clustering service in Windows Server (Ent.&Datacenter) 4.Multiple storage groups. 5..X.400 connectors which supports both TCP/IP and X.25.
14. What would a rise in remote queue length generally indicate? - This means mail is not being sent to other servers. This can be explained by outages or performance
issues with the network or remote servers. 15. What would a rise in the Local Delivery queue generally mean? This indicates a performance issue or outage on the local server. Reasons could be slowness in consulting AD, slowness in handing messages off to local delivery or SMTP delivery. It could also be databases being dismounted or a lack of disk space. 16. What are the disadvantages of circular logging?
In the event of a corrupt database, data can only be restored to the last backup. 17. What is the maximum storage capacity for Exchange standard version? What would you do if it reaches maximum capacity?” 16GB.Once the store dismounts at the 16GB limit the only way to mount it again is to use the 17GB registry setting. And even this is a temporary solution. if you apply Exchange 2003 SP2 to your Standard Edition server, the database size limit is initially increased to 18GB. Whilst you can go on to change this figure to a value up to 75GB, it’s important to note that 18GB is the default setting HKLM\System\CurrentControlSet\Services\MSExchangeIS\{server name}\Private-{GUID It therefore follows that for registry settings that relate to making changes on a public store, you’ll need to work in the following registry key: HKLM\System\CurrentControlSet\Services\MSExchangeIS\{server name}\Public-{GUID} Under the relevant database, create the following registry information: Value type: REG_DWORD Value name: Database Size Limit in GB Set the value data to be the maximum size in gigabytes that the database is allowed to grow to. For the Standard Edition of Exchange, you can enter numbers between 1 and 75. For the Enterprise Edition, you can enter numbers between 1 and 8000. Yes, that’s right, between 1GB and 8000GB or 8TB. Therefore, even if you are running the Enterprise Edition of Exchange, you can still enforce overall database size limits of, say, 150GB if you so desire. Exchange 2000 Server Question 18. You are the Exchange Administrator for your company. A hard disk on one of the Exchange 2000 Server computers fails. The failed hard disk contained the Exchange 2000 System files. The hard disk that contained the transaction log files and exchange databases was not affected by the failure. You replace the failed hard disk. You need to bring the server online, but the only available does not include the system files. What should you do? A. Reinstall Exchange 2000 Server by running setup/DomainPrep on the server. B. Reinstall Exchange 2000 Server by running setup/DisasterRecovery on the server. C. Perform a normal installation of Exchange 2000 Server on the server. Create a new database that uses the same database names and paths as the original installation. D. Perform a normal installation of Exchange 2000 Server on the server. Create a storage group that uses the same database names and paths as the original installation. 19. You are the Exchange Administrator for your company. You configure an Exchange 2000 Server computer as a recovery server for single mailbox recovery. You restore the database files from your production exchange server’s online backup to recovery server. You specify the correct names and paths of the databases, but you are not able to mount the databases. What should you do? A. Run ISINTEG-patch and then mount the databases. B. Change the transaction log file path to match the transaction log file path of the original server. C. In system manager, select the This database can be overwritten by a restore check box, and then mount the databases. D. Enable circular logging on the storage group, and then restart the information store service. 20. You are the Exchange Administrator for your company. A power failure causes one of the Exchange 2000 Server computers shut down abruptly. You restore power to the exchange server, but the hard disk that contains the transaction log files was damaged. You replace the failed hard disk, but its contents are unrecoverable. When you restart the server, the mailbox store will not mount. You examine the header of the database, and find it to be in an inconsistent state. You back up the exchange database files to a safe location, and now you need to bring the mailbox store online with most current data possible. Which two actions should you take before mounting the database? (Each correct answer presents part of the solution. Choose two) A. Run ESEUTIL/R on the database. B. Run ESEUTIL/P on the database. C. Run ESEUTIL/G on the database. D. Run ISINTEG-patch in the MDBData folder. E. Run ISINTEG-fix on the database. 21. You are the Exchange Administrator for your company. The only domain controller on your Windows 2000 network is named as server 1. The only Exchange 2000 Server computer on the network is named server 2. Server 1 fails, and you do not have a backup of the server. You reinstall the domain controller and create a new forest. You need to allow the users in this new forest to access the exchange mailboxes on server2. What should you do? A. Run setup/DisasterRecovery on server 2, and then run the mailbox clean up agent on the mailboxes. B. Perform a normal reinstallation of Exchange 2000 Server on Server 2. Configure the new installation to use your original database files, and then reconnect the mailboxes to the new user accounts. C. Join server 2 to the new domain created by server 1, and then run the mailbox cleanup agent on the mailboxes. D. Run EXMERGE against the exchange databases, and save the output to a file. Run setup/DomainPrep on server2, and then import the EXMERGE data files exchange. 22. You are the administrator of an exchange organization that has the Exchange 2000 Server computers.Each server supports 1,500 mailboxes. Some users are using Microsoft outlook 2000, and some are using outlook web access.
Recently, you enabled SSL for the default web site on all servers and now require all outlook web access users to connect by using secure HTTP. Users report that all the servers are much slower than they were before you enabled SSL. You must keep additional level of security provided by SSL, but you need to improve server responsiveness. What should you do? A. Install an additional Exchange 2000 Server computer to support the secure HTTP users, and configure it as a front-end server. B. Remove SSL and implement TLS on the SMTP and IMAP4 virtual servers. C. Install two additional Exchange 2000 Server computers, and move the outlook web access users to the new server. D. Specify digest authentication on the default web site, and disable integrated Windows authentication. E. Enable Windows 2000 IPSec for the network adapter that supports SQL. 23. You are the Exchange Administrator for your company. The public folders in your organization contain more than 10,000 documents. You want to make it easier and faster for users to find specific documents. What should you do? A. Configure a public folder store policy, and add the public folder store to the policy. B. Configure a public folder store policy, and create a full-text index on the public folder store. C. Configure a public folder store policy, and set the replication for the public folder store policy to always run. D. Create a new public folder tree, configure a public folder store policy in this tree, and then create a fulltext index for the public folder store. 24. You are the exchange administrator for your company. You have a mail box store policy for mailbox storage limits in effect for your entire exchange organization. The policy is shown in the exhibit. You add a new exchange 2000 server computer. After the server runs for a few weeks, you notice that several mailboxes are considerably over the limits that are. You need to configure the server to enforce the limits that you set. What should you do? A. Configure a new mailbox store policy for the new server. B. Configure a new server policy and add the new server to this policy. C. Set storage limits on the existing mailbox store on the new server. D. Add the default mailbox store on the new server to the mailbox store policy. 25. You are the exchange administrator of your company. Your network is configured as shown in the exhibit. Click the exhibit button. All of your employees connect to your exchange 2000 server computers by using the Microsoft outlook 2000 or outlook express while in office and outlook web access outside the office. You examine the exchange 2000 log files and notice that unknown users on the internet are using your exchange 2000 express server computers to relay SMTP messages to users outside of your company. You need to prevent unauthorized use of your SMTP server while still allowing all of your users to connect to your exchange servers whether the users are in the office or out of the office. In addition, users must still be able to exchange internet e-mail messages with anyone. What should you do? A. Create a rule on the firewall to allow only the computers on the LAN to access IP addresses 192.169.1.0/24 by using port 25, port 80 and port 110. B. Create a rule on the firewall to allow only the computers on the perimeter network to access IP address 192.168.1.0/24 by using the port 25, port 80 and port 110. C. Configure the SMTP virtual servers to accept SMTP connections from only IP address 192.168.1.0/24 and 92.168.2.0/24. D. Configure the SMTP virtual servers to accept connections from anyone and to allow relaying for only IP addresses 192.168.1.0/24. 26. You are the Exchange Administrator for an international company. You have Exchange 2000 Server computers located in 15 countries worldwide. You create a routing group for each country and a routing group connector between each country and the routing group for your main office. The networks in three of these countries are configured with 56-Kbps connections to your WAN. The networks in the other 12 countries have faster connections. You select several public folders and configure them to replicate to the Exchange servers in each of these three countries. You need to configure the public fold replication to occur during non-business hours during those three countries. You also need to prevent the users in these three countries from accessing public folders that have not been replicated to the Exchange servers located in their country. What should you do? A. Configure the replication interval for the selected public folders to always run. Configure the connection time for the routing group connectors for each of the three countries and the main office to occur at midnight. B. Configure the replication interval for the selected public folders to run at midnight. Configure the routing group connector for each of three countries to disallow public folder referrals. C. Configure the replication interval for the selected public folder to run at midnight. Configure the routing group connector for the main office to disallow public folder referrals. D. Configure the connection time for the routing group connectors for each of the three countries and the main office to occur at mid night. Set the routing group connector cost to 1. E. Configure the connection time for the routing group connectors for each of the three countries and the main office to occur at mid night. Set the routing group connector cost to 100.
27.
You are the network administrator for Contoso Ltd. The company hires a consultant named Amy Jones from Litware Inc. Amy requires access to your network. She prefers to receive all of her e-mail at her
[email protected] address. You want Amy’s name to appear in the exchange address book, but you want e-mail messages to be sent only at her litware.com address. What should you do? A. Create a user account that has an exchange mailbox in active directory. Change the SMTP address on the email address tab to the user property sheet to the
[email protected] . B. Create an e-mail enabled contact object for Amy Jones and specify the SMTP
[email protected] as the e-mail address in active directory.
C.
C. Create a user account that does not have an exchange mailbox in active directory. Use exchange task wizard to assign an SMTP address for
[email protected]
D.
D. Create a user account that does not have an exchange mailbox in active directory. Enter
[email protected] as the e-mail address on the General tab of the user property sheet.
28. You are the administrator of seven Exchange 2000 server computers. Each server supports 1,800 mailboxes. Each server’s mailboxes are distributed among five mailbox stores that are located in two storage groups. All mailbox store settings are configured at the default values. Tape backups on all servers occur between 4 A.M and 7 A.M. Users on the night shift report that sending and operating messages often takes several seconds between 1 A.M and 2:30 A.M. Response times are acceptable at other times. You need to improve the response times between 1 A.M and 2:30 A.M. What should you do? A. Configure full-text indexing to use a lower amount of system resources. B. Schedule the tape backups to back up each of the mailbox stores at different times across a wider period of time. C. Configure the warning interval of each of the mailbox stores so that warnings run on a custom schedule. D. Configure the maintenance interval of each of the mailboxes stores so that maintenance is staggered across a wider period of time. 29. You are the exchange administrator of Miller textiles. Eric, the manager of human resources wants potential job candidates to send their resumes to
[email protected]. Eric wants to prevent employees in other departments from being able to view these messages. Eric creates a Microsoft outlook public folder named job inquires. You need to configure the job inquiries folder to accept e-mail messages from job candidates. Which two actions should you take? (each correct answer presents part of the solution. Choose two) A. Enable anonymous access for the job inquiries folder. B. Change the name of the job inquiries folder in the address list to
[email protected] C. Change the SMTP address of the job inquiries folder to
[email protected] D. Make the job inquiries folder visible in the address list. E. Change the permissions role for the default user to contributor. 30. You are the Exchange Administrator for your company. You recently implemented instant messaging. Some users report that they are unable to logon to the instant messaging server. You verify that you can log on to the server and communicate with other users on the network. You need to configure your network to allow all users to log on to the instant messaging server. What should you do?
A.
Use system manager to change the permissions on the instant messaging protocol. Grant the Everyone group read permission. B. Use system manager to change the permissions on the instant messaging protocol. Grant the user who are unable to log on the execute permission. C. Use the Active Directory users and computers console to select the users who are unable to log on. Run Exchange task wizard and enable instant messaging. D. Use the Active Directory users and computers console to select the users who are unable to log on. Change the protocol settings for these users.
31. You are the Exchange Administrator for your company. Your Exchange 2000 Server computer has a single storage group
that contains three mailbox stores and one public folder store. You perform nightly backups, altering between a normal backup of two of the mailbox stores on one night and a normal backup of the other mailbox store and public folder store the following night. You notice hat the transaction log files are not being purged, and they are now consuming nearly all the available disk space. You need to continue to perform alternating nightly backups of the mailbox stores and the public folder store, but you must make sure that the transaction log files are not taking up too much of hard disk space. What should you do? A. Configure the storage group to disable circular logging. B. Install a new physical disk and move the transaction log files to the new disk. C. Perform a nightly incremental backup of the entire storage group in addition to the current backups. D. Perform differential backups of the mailbox stores and the public folder store instead of normal backups.
32. You are the Exchange Administrator for your company. You are configuring your Exchange 2000 Server computer to support a disaster recovery plan. The server has three hard disks, Disk0, disk1, and disk2. The system files are stored on
disk 1. Currently, disk1 and disk2 are not in use. You perform nightly online backups of the exchange databases.You must configure the server to minimize the loss of data if one of the hard disks fails. What should you do? A. Place the log files on disk 1. Place the .edb and .stm files on disk 2. Enable circular logging on the exchange server. B. Place the log files on disk 1. Place the .edb files on disk 2. Enable circular logging on the exchange server. C. Place the log files on disk 1. Place the .edb and .stm files on disk 2. Disable circular logging on the exchange server. D. Place the log files on disk 1. Place the .stm files on disk 2. Disable circular logging on the exchange server. Microsoft Exchange Server interview questions
33. What is a Distribution List? In e-mail applications, a distribution list is a group of mail recipients that is addressed as a single recipient. Distribution lists are used to send e-mail to groups of people without having to enter each recipient's individual address. A distribution list is different from an e-mail list in that members cannot reply to the distribution list's name to send messages to everyone else in the group. Distribution list is a term sometimes used for a function of email clients where lists of email addresses are used to email everyone on the list at once. This can be referred to as an electronic mailshot. It differs from a mailing list, electronic mailing list or the email option found in an Internet forum as it is usually for one way traffic and not for coordinating a discussion. In effect, only members of a distribution list can send mails to the list. 34. GAL, Routing Group, Stm files, Eseutil & ininteg - what are they used for? (.STM) Streaming store file. A file used by Microsoft Exchange (mail) server to store user emails. The file is called a streaming file since data is added to it sequentially in its native format. The data itself inside the STM file is not encoded or encrypted in any way so if a store is dismounted the file can be viewed using a text editor. ESEUTIL is a repair utility. It is a tool to defragment your exchange databases offline, to check their integrity and to repair a damaged/lost database. ESEUTIL is located in the \EXCHSRVR\BIN directory. This directory is not in the system path so you must open the tool in the BIN directory or enhance the system path with the \EXCHSRVR\BIN directory. GAL : is Global Address List, it contains most if not all email addresses in your Exchange organization. 35. What is MIME & MAPI? MIME = Multipurpose Internet Mail Extensions It defines non-ASCII message formats. It is a coding standard that defines the structure of E-Mails and other Internet messages. MIME is also used for declaration of content from other Internet protocols like HTTP, Desktop environments like KDE, Gnome or Mac OS X Aqua. The standard is defined in RFC 2045. With MIME it is possible to exchange information about the type of messages (the content type) between the sender and the recipient of the message. MIME also defines the art of coding (Content-Transfer-Encoding). These are different coding methods defined for the transportation of non ASCII characters in plain text documents and non text documents like Images, Voice and Video for transportation through text based delivery systems like e-mail or the Usenet. The non text elements will be encoded from the sender of the message and will be decoded by the message recipient. Coding of non ASCII characters is often based on “quoted printable” coding, binary data typically using Base64-coding. There is an extension of this Standard called S/MIME (Secure Multipurpose Internet Mail Extensions) that allows the signing and encryption of messages. There are other e-mail encryption solutions like PGP/MIME (RFC 2015 and 3156). MAPI = Messaging Application Programming Interface It's the programming interface for email. It is a Microsoft Windows program interface that enables you to send e-mail from within a Windows application and attach the document you are working on to the e-mail note. Applications that take advantage of MAPI include word processors, spreadsheets, and graphics applications. MAPI-compatible applications typically include a Send Mail or Send in the File pulldown menu of the application. Selecting one of these sends a request to a MAPI server
36. List the services of Exchange Server 2003? There are several services involved with Exchange Server, and stopping different services will accomplish different things. The services are interdependent, so when you stop or start various services you may see a message about having to stop dependent services. If you do stop dependent services, don't forget to restart them again when you restart the service that you began with. To shut down Exchange completely on a given machine, you need to stop all of the following services: Microsoft Exchange Event (MSExchangeES) This service was used for launching event-based scripts in Exchange 5.5 when folder changes were detected. Exchange 2000 offered the ability to create Event Sinks directly, so this use of this service has decreased. This service is not started by default. Microsoft Exchange IMAP4 (IMAP4Svc)
This service supplies IMAP4 protocol message server functionality. This service is disabled by default. To use IMAP4 you must enable this service, configure it to auto-start, and start the service. Microsoft Exchange Information Store (MSExchangeIS) This service is used to access the Exchange mail and public folder stores. If this service is not running, users will not be able to use Exchange. This service is started by default. Microsoft Exchange Management (MSExchangeMGMT) This service is responsible for various management functions available through WMI, such as message tracking. This service is started by default. Microsoft Exchange MTA Stacks (MSExchangeMTA) This service is used to transfer X.400 messages sent to and from foreign systems, including Exchange 5.5 Servers. This service was extremely important in Exchange 5.5, which used X.400 as the default message transfer protocol. Before stopping or disabling this service, review MS KB 810489. This service is started by default. Microsoft Exchange POP3 (POP3Svc) This service supplies POP3 protocol message server functionality. This service is disabled by default. To use POP3 you must enable this service, configure it to auto-start, and start the service. Microsoft Exchange Routing Engine (RESvc) This service is used for routing and topology information for routing SMTP based messages. This service is started by default. Microsoft Exchange System Attendant (MSExchangeSA) This service handles various cleanup and monitoring functions. One of the most important functions of the System Attendant is the Recipient Update Service (RUS), which is responsible for mapping attributes in Active Directory to the Exchange subsystem and enforcing recipient policies. When you create a mailbox for a user, you simply set some attributes on a user object. The RUS takes that information and does all of the work in the background with Exchange to really make the mailbox. If you mailbox-enable or mail-enable objects and they don't seem to work, the RUS is one of the first places you will look for an issue. If you need to enable diagnostics for the RUS, the parameters are maintained in a separate service registry entry called MSExchangeAL. This isn't a real service; it is simply the supplied location to modify RUS functionality. This service is started by default. Microsoft Exchange Site Replication Service (MSExchangeSRS) This service is used in Organizations that have Exchange 5.5 combined with Exchange 2000/2003. This service is not started by default. Network News Transfer Protocol (NntpSvc) This service is responsible for supplying NNTP Protocol Server functionality. This service is started by default. Simple Mail Transfer Protocol (SMTPSVC) This service is responsible for supplying SMTP Protocol Server functionality. This service is started by default. Core Exchange Server 2003 Services Topic Last Modified: 2005-05-23 The following figure illustrates the core components of Exchange Server 2003, together with their service dependencies. Core components are System Attendant, the Exchange Information Store service, the IIS Admin service, the SMTP service, and the Exchange installable file system (ExIFS). All of these services must be running on every Exchange Server 2003 server to guarantee a fully functioning messaging system. Core Windows services and their dependent core Exchange Server 2003 services
IIS Admin service and SMTP service are integrated with IIS, as discussed in the previous section. The SMTP service must run on every server running Exchange Server 2003 because all messages sent to or from local recipients must pass through the SMTP transport engine. If the SMTP service is stopped or unavailable, Exchange Server 2003 cannot deliver messages. For more information about the routing architecture of Exchange Server 2003, see Message Routing Architecture. The core components of Exchange Server 2003 have the following responsibilities. • Microsoft Exchange System Attendant service System Attendant is one of the most important services in Exchange Server 2003. This component has many responsibilities, including maintaining communication with Active Directory, generating offline address lists, performing message tracking, and so forth. The executable file is Mad.exe and is located in the \Program Files\Exchsrvr\Bin directory. There are several registry keys that System Attendant uses for its various internal components under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\, such MSExchangeSA, MSExchangeDSAccess, MSExchangeAL, MSExchangeFBPublish, MSExchangeMU, and MSExchangeADDXA. The following table lists the responsibilities of System Attendant. Internal System Attendant components and their responsibilities Component
Responsibility
Comments
DSAccess Component
Locating domain controllers in the network and providing other Exchange services with Active Directory information
System Attendant must find domain controllers and global catalogs in the network, so that the Exchange services can access recipient and configuration information. To find domain controllers, System Attendant uses ADSI to do a server-less binding. To proxy directory access from other Exchange components, such as Exchange store and SMTP transport engine, to Active Directory, System Attendant includes a DSAccess component (DSAccess.dll). DSAccess also caches directory information to reduce the number of queries to Active Directory. For more information about roles of domain controllers and global catalogs, and DSAccess, see Exchange Server 2003 and Active Directory.
DSProxy Component
Proxying legacy MAPI clients to Active Directory
System Attendant's DSProxy component (Dsproxy.dll) refers Outlook 2000 and later versions to a global catalog server so that the MAPI client can communicate with Active Directory to get access to the global address list. DSProxy also relays directory communication for older MAPI clients that cannot be referred directly. For more information about DSProxy see Exchange Server 2003 and Active Directory.
Free/Busy Component
Maintaining free/busy information for Outlook Web Access users
System Attendant is involved when publishing free/busy information in Outlook Web Access. When a user creates an appointment, the Exchange store extracts the free/busy information from the user's calendar and sends the data in a message to the System Attendant mailbox. The free/busy component (Madfb.dll) processes these messages and publishes the free/busy information in the SCHEDULE+ FREE BUSY system public folder. For more information about publishing free/busy information, see Exchange Information Store Service Architecture.
Mailbox Manager Component
Managing mailboxes
The mailbox manager component enforces message retention policies and mailbox quotas that you can use to manage mailbox store sizes.
Metabase update service
Replicating settings from Active Directory to the IIS metabase
The Directory Service to metabase update service (Ds2mb.dll) is an internal component of System Attendant. The Metbase Update Service replicates protocol settings from Active Directory to the IIS metabase to apply Internet protocol settings that you configure in Exchange System Manager to the Internet protocol engines, such as the SMTP service. For more information about the metabase update service, see Exchange Server 2003 and Active Directory.
Offline Address Generating offline address books The offline address book generator (Oabgen.dll) creates address lists Book in the Exchange store on an offline address list server. Users can Generator then connect to this server and download the offline address lists. Offline address lists provide access to address information when a user is working remotely and does not have a permanent connection to the server. Because offline address lists are stored in a hidden public folder, it is possible to replicate the offline address lists to multiple servers. Recipient Applying recipient policies and Update Service generating proxy addresses
The Recipient Update Service (Abv_dg.dll) is the System Attendant component that monitors all mail-enabled user objects and recipient policies, and applies recipient policies to mail-enabled user objects. For more information about the Recipient Update Service, see Exchange Server 2003 and Active Directory.
Server Monitor Component
Monitoring server resources
System Attendant monitors server resources at periodic intervals and updates link state information (LSI) through Windows Management Instrumentation (WMI). System Attendant also updates the routing table so that the routing engine can make informed routing decisions based on the current status of servers and connectors. For more information about link state information, see Message Routing Architecture. System Attendant is also responsible for maintaining the message tracking logs if message tracking has been enabled on a server.
System Attendant Component
Verifies computer account configuration
The computer account of an Exchange server must be a member of a global security group called Exchange Domain Servers to grant Exchange Server 2003 the required access permissions to Active Directory. System Attendant verifies, in the background, that the computer account belongs to this group.
•
Exchange Information Store service The Microsoft Exchange Information Store service is another very important component in Exchange Server 2003, because it maintains the messaging databases that contain all server-based mailboxes and public folders. The executable file of the Exchange Information Store service is Store.exe, located in the \Program Files\Exchsrvr\Bin directory. The corresponding registry key is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS. The Exchange store uses Extensible Storage Engine (ESE) to maintain the messaging databases and supports a variety of clients through corresponding store extensions. The following figure illustrates how the various client types can access messaging data. Exchange store architecture and supported messaging clients
•
MAPI clients communicate directly with the Exchange Information Store service through MAPI RPCs. Internet clients, however, use protocol engines integrated with IIS, as explained earlier in this section. Internet clients and Web applications communicate with the Exchange store through IIS protocol engines. This communication takes place through a store driver, Epoxy.dll, and store extensions, such as ExSMTP.dll or ExIMAP.dll. The EPOXY layer is a fast inter-process communication (IPC) mechanism based on shared memory, which is used by Drviis.dll and store extensions to coordinate their processing. For example, when delivering an inbound message through SMTP, Drviis.dll uses the Exchange installable file system to create a message item in the Exchange store, and then communicates with ExSMTP.dll through EPOXY to instruct the Exchange store to further process the message (that is, to place the message into the recipient's mailbox). For more information about the interaction between Drviis.dll, Epoxy.dll, store extensions, Store.exe and ExIFS, see Exchange Information Store Service Architecture. Exchange Installable File System The Exchange installable file system is a kernel-mode driver, implemented in ExIfs.sys, which IIS protocol engines and Web applications can use to read and write items from and to messaging databases. To gain access to the databases, the ExIFS file system driver must communicate with the Exchange store. This is accomplished through a store extension (ExWin32.Dll) and a user-mode wrapper (Ifsproxy.dll). The Exchange store, on the other hand, uses ESE to access .stm and .edb files, which are files that reside on a drive formatted with the NTFS file system. The following figure illustrates this architecture. The ExIFS architecture
As mentioned in Exchange Server 2003 Technical Overview, a mailbox store or public folder store is made up of a streaming database (.stm) and a MAPI database (.edb). The IIS components use ExIFS to work with streaming databases, while MAPI clients, such as Outlook, work with MAPI-based databases (.edb). A streaming database holds Internet messages in their native format, such as MIME, while an .edb database stores e-mail messages in MAPI format. The Exchange store must keep both the streaming databases and the corresponding MAPI-based databases synchronized. To accomplish this, the Exchange store must communicate with ExIFS, in addition to ESE. For example, when allocating free space in a database, ExIFS requests space from ESE. ESE must track which pages in the streaming database are reserved and committed. Thus, the Exchange Information Store service depends on ExIFS. The registry key for ExIFS is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EXIFS. For more information about ExIFS and the architecture of the Exchange store, see Exchange Information Store Service Architecture. Note: ExIFS is the only kernel-mode component in Exchange Server 2003.
37. How would you recover Exchange server when the log file is corrupted? To resolve this issue, you must remove the corrupted log file from your Microsoft Exchange 2000 Server computer. To remove the corrupted log file, follow these steps: 1. Perform an offline backup of the Exchange databases in the storage group that contains the corrupted log file. Important When you perform an offline backup, the Exchange 2000 computer is unavailable to users whose mailboxes are stored in the storage group that you are backing up. The Exchange 2000 computer is unavailable to the users because you must dismount the databases in the storage group. a. To dismount the databases in the storage group, follow these steps. 1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager. 2. Expand Servers, expand the server that you want, and then expand Storage Group. Note If you have administrative groups defined, expand Administrative Groups, expand Administrative Group, expand Servers, expand the server that you want, and then expand Storage Group. 3. Right-click an information store, click Dismount Store, and then click Yes to continue. 4. Dismount the remaining stores that are listed under Storage Group. b. Back up the storage group by using the Microsoft Windows 2000 version of Windows Backup. You can run Windows Backup on any computer in the forest that is running Exchange 2000. To back up the storage group, follow these steps: 1. Click Start, point to Programs, point to Accessories, point to System Tools, and then click Backup. 2. Click Backup Wizard, click Next, click Back up selected files, drives, or network data, and then click Next. 3. Expand Microsoft Exchange Server, expand ServerName, expand Microsoft Information Store, click to select the check box for the storage group that you want to back up, and then click Next. 4. In the Backup media or filename box, specify a location where you want your backup to be stored, click Next, and then click Finish to start the backup. When the backup is finished, continue to step 2. 2. Use the Eseutil utility (Eseutil.exe) to determine whether the databases are in a consistent state or in an inconsistent state. A consistent state is the same as a clean shutdown state. An inconsistent state is the same as a dirty shutdown state. To determine whether the databases are in a consistent state or in an inconsistent state, follow these steps: a. Make sure that the databases in the storage group are dismounted. b. Change to the C:\Program Files\Exchsrvr\Bin folder, and then run the eseutil /mh command by using the following syntax: eseutil /mh "C:\Program Files\Exchsrvr\Mdbdata\Database.edb" Note This step assumes that you installed Exchange 2000 on drive C. This step also assumes that you are running Exchange 2000 in the Program Files\Exchsrvr\Bin folder and that the .edb files are in the Program Files\Exchsrvr\Mdbdata folder. If you have performed an upgrade, the database files might be located in the C:\Exchsrvr\Mdbdata folder. If you have multiple storage groups, the database files might be located in a folder that is different from the Mdbdata folder. c. In the output results, locate the output line that is labeled "State." If the database state is consistent, you will see "State: Clean Shutdown." If the database is inconsistent, you will see "State: Dirty Shutdown." For additional information about where to find the Eseutil utility, click the following article number to view the article in the Microsoft Knowledge Base: 170091 XADM: Location of the Eseutil utility For additional information about Eseutil command line switches, click the following article number to view the article in the Microsoft Knowledge Base: 317014 XADM: Exchange 2000 Server Eseutil command line switches 3. If the databases are consistent, move all the log files out of the folder where your database files are located, and then mount the stores. The folder where your database files are located is typically the Exchsrvr\Mdbdata folder. As with any
situation where a log file has been corrupted, some data loss will occur. 4. If the databases are inconsistent, you can try to perform a soft recovery of the files. Important To perform a soft recovery, you must stop the Microsoft Exchange Information Store service. When the Information Store service is stopped, all users who have their mailboxes stored on the server will not be able to send and receive mail. To perform a soft recovery of the files, follow these steps: a. Click Start, point to Programs, point to Administrative Tools, and then click Services. b. Locate and then right-click the Microsoft Exchange Information Store service, click Stop, and wait for the Information Store service to stop. c. At the command prompt, change to the folder where the database and the log files are located. For example, change to the C:\Program Files\Exchsrvr\Mdbdata folder. d. Run the following command in the folder where the database and the log files are located: "C:\Program Files\Exchsrvr\Bin\Eseutil" /r E00 Note Replace E00 with the three-character log file base name. For additional information about the soft recovery procedure, click the following article number to view the article in the Microsoft Knowledge Base: 313184 HOW TO: Recover the information store on Exchange 2000 in a single site 5. If the soft recovery is unsuccessful, you can try to perform a recovery of the Exchange database by restoring from a backup. The databases in the storage group must remain dismounted if you try to restore from a backup. Note If you enabled circular logging for the storage group that the inconsistent database is located in, you can only recover the data that was in the database when you performed the last working full backup. To determine if circular logging is enabled, right-click the storage group, click Properties, and then view the status of the Enable Circular Logging check box. • If you restore the databases from an online backup, only replay transaction logs that are older than the log file that is corrupted. For additional information about how to restore Exchange from an online backup, click the following article number to view the article in the Microsoft Knowledge Base: 232938 The "Last Backup Set" check box and hard recovery in Exchange • If you restore the databases from an offline backup, empty the database log folders and the transaction log folders. Only restore the .edb files and the .stm files. For additional information about offline backup and restore procedures for Exchange, click the following article number to view the article in the Microsoft Knowledge Base: 296788 Offline backup and restoration procedures for Exchange 6. If there are no backups available that you can use and if the database remains in an inconsistent state, you can try to repair your databases by using the eseutil /p command. Note If you use the eseutil /p command, you may lose some Exchange 2000 data. The command is a hard command. A hard command is also known as a forcible-state recovery command. Microsoft recommends that you use this command only if the public information store or the private information store does not return to a consistent state after you perform the steps that are described earlier in this article. For more information about the ramifications of using the eseutil /p command, click the following article number to view the article in the Microsoft Knowledge Base: 259851 Ramifications of running the eseutil /p or edbutil /d /r command in Exchange 38. How can you recover a deleted mail box ? In Exchange, if you delete a mailbox, it is disconnected for a default period of 30 days (the mailbox retention period), and you can reconnect it at any point during that time. Deleting a mailbox does not mean that it is permanently deleted (or purged) from the information store database right away, only that it is flagged for deletion. At the end of the mailbox retention period, the mailbox is permanently deleted from the database. You can also permanently delete the mailbox by choosing to purge it at any time. This also means that if you mistakenly delete a mail-enabled user account, you can recreate that user object, and then reconnect that mailbox during the mailbox retention period. Configure the deleted mailbox retention period at the mailbox store object level. To Delete a Mailbox in Exchange 1. Right-click the user in Active Directory Users and Computers. 2. Click Exchange Tasks. 3. Click Next on the Welcome page of the Exchange Task Wizard. 4. Click Delete Mailbox. 5. Click Next, click Next, and then click Finish.
The mailbox is now flagged for deletion and will be permanently deleted at the end of the mailbox retention period unless you recover it. To Reconnect (or Recover) a Deleted Mailbox 1. In Exchange System Manager, locate the mailbox store that contains the disconnected mailbox. 2. Click the Mailboxes object under the mailbox store. 3. If the mailbox is not already marked as disconnected (the mailbox icon appears with a red X), right-click the Mailboxes object, and then click Cleanup Agent. 4. Right-click the disconnected mailbox, click Reconnect, and then select the appropriate user from the dialog box that appears. 5. Click OK. Note Only one user may be connected to a mailbox because all globally unique identifiers (GUIDs) are required to be unique across an entire forest . To Reconnect a Deleted Mailbox to a New User Object 1. In Active Directory Users and Computers, create a new user object. When you create the new user object, click to clear the Create an Exchange Mailbox check box. You will connect this user account to an already existing mailbox. 2. Follow steps 1 through 4 in the preceding "To Reconnect (or Recover) a Deleted Mailbox" section. To Configure the Mailbox Retention Period 1. Right-click the mailbox store, and then click Properties. 2. On the Limits tab, change the Keep deleted mailboxes for (days) default setting of 30 to the number of days you want. 3. Click OK. 39. what is the use of ESUtil.exe ? Repair the database. ESEUTIL is a tool to defragment your exchange databases offline, to check their integrity and to repair a damaged/lost database. ESEUTIL is located in the \EXCHSRVR\BIN directory. This directory is not in the system path so you must open the tool in the BIN directory or enhance the system path with the \EXCHSRVR\BIN directory. You can use the Eseutil utility to defragment the information store and directory in Microsoft Exchange Server 5.5 and to defragment the information store in Microsoft Exchange 2000 Server and in Microsoft Exchange Server 2003. Eseutil examines the structure of the database tables and records (which can include reading, scanning, repairing, and defragmenting) the low level of the database (Ese.dll). Eseutil is located in the Winnt\System32 folder in Exchange Server 5.5 and in the Exchsrvr/Bin folder in Exchange 2000 and in Exchange 2003. The utility can run on one database at a time from the command line. 40. What are the port Numbers for pop3, imap, smtp port, smtp over ssl, pop3 over ssl, imap over ssl ? 41. Difference between Exchance 2003 and 2007? Exchange Server 2003 Exchange Server 2003 may be run on the Windows 2000 Server if the fourth service pack has already been installed. It may also be run on 32 bit Windows Server 2003. There is a new disaster recovery feature that is even better than before. It allows the server to experience less downtime. The Exchange Server 2003 received some features form Microsoft Mobile Information server as well. These include Outlook Mobile Access as well as ActiveSync. Improved versions of anti-spam and anti-virus were also included. Management tools for mailboxes and messages have been improved and Instant Messaging and Exchange Conferencing Server are now separate products. There are two versions available of Exchange Server 2003. These include the Enterprise edition and the Standard edition. There are many other features that are available on Exchange Server 2003. Exchange Server 2007 When Exchange Server 2003 was released there were no immediate plans as to what would happen to the product. A 2005 edition was dropped and it was not until the end of 2006 that the new version was released. Some of the new features included integration of voicemail, improved filtering, Web service support, and Outlook Web Access interface. The new edition was run on a 64 bit x 64 version of Windows Server. This increase the performance significantly. There are quite a few improvements to Exchange Server 2007. These include better calendaring, improved web access, unified messages, and better mobility. From a system protection standpoint there is more clustering, antivirus, anti spam, and compliance included. The IT experience is improved overall with a 64-bit performance. Deployment is better; routing is simplified as well as the command line shell and GUI. 42. What is required for using RPC over Https with MS Outlook ? You can configure user accounts in Microsoft® Office Outlook® 2003 to connect to Microsoft Exchange Server 2003 over the Internet without the need to use virtual private network (VPN) connections. This feature — connecting to an Exchange account by using Remote Procedure Call (RPC) over HTTP — allows Outlook users to access their Exchange Server accounts from the Internet when they are traveling or are working outside their organization's firewall. There are several requirements for this feature. These include:
Microsoft Windows® XP with Service Pack 1 and the Q331320 hotfix (or a later service pack) installed on users' computers
Outlook 2003 Microsoft Exchange Server 2003 e-mail accounts Microsoft Windows Server™ 2003 (required for server components only)
SERVER REQUIREMENTS RPC over HTTP/S requires Windows Server 2003 and Exchange Server 2003. RPC over HTTP/S also requires Windows Server 2003 in a Global Catalog role. CLIENT REQUIREMENTS • The client computer must be running Microsoft Windows XP Professional Service Pack 1 (SP1) or later. If you're running SP1, you must install the following update package: Outlook 2003 Performs Slowly or Stops Responding When Connected to Exchange Server 2003 Through HTTP - 331320 If you have installed Windows XP SP2, you do NOT have to install the update package. You can also run Windows Server 2003 as the client operating system. • The client computer must be running Microsoft Office Outlook 2003. RECOMMENDATIONS Here are some of Microsoft's (and my) recommendations when using Exchange with RPC over HTTP: • Use basic authentication over Secure Sockets Layer (SSL) - You should enable and require the use of SSL on the RPC proxy server for all client-to-server communications. • Use an advanced firewall server on the perimeter network - A dedicated firewall server is recommended to help enhance the security of your Exchange computer. Microsoft Internet Security and Acceleration (ISA) Server 2000 is an example of a dedicated firewall server product. • Obtain a certificate from a third-party certification authority (CA) - When using the Basic Authentication you MUST use an SSL-based connection, and you will have to configure a Digital Certificate for your Default Website. Read Configure SSL on Your Website with IIS for more on this issue. A Digital Certificate needs to be obtained from a CA (Certification Authority), either a 3rd-party commercial CA such as Verisign, Thawte and others, or from an internal CA. Windows 2000/2003 has a built-in CA that can be installed and used, however, when issuing a Digital Certificate from your internal CA you MUST be 100% sure that the client computers that are going to connect to the server are properly configured to trust this CA. Most operating systems are pre-configured to trust known 3rd-party CAs such as Verisign, Thawte and others. However unless these computers are made members of the Active Directory domain where you've installed your CA, they will NOT automatically trust your internal CA, and thus your connection will fail! In these scenarios, when a user tries to connect by using RPC over HTTP/S, that user loses the connection to Exchange and is NOT notified. In such scenarios you must import the ROOT CA Digital Certificate into the client computers in order to make them trust your CA. When using 3rd-party trusted CAs, in most cases you won't be required to import anything to the client computers, however you will be required to pay a few hundred dollars for such a Digital Certificate. Additionally, if you use your own certification authority, when you issue a certificate to your RPC proxy server, you must make sure that the Common Name field or the Issued to field on that certificate contains the same name as the URL of the RPC proxy server that is available on the Internet. 43. If you have deleted the user, after you recreated the same user. How you will give the access of previous mail box ? Reconnect the Deleted user’ s mailbox to the recreated user. Provided the recreated user doesn’t have mailbox . 44. If NNTP service get stoped, what features of exchange will be effected ?
45. Which protocol is used for Public Folder ?
NNTP Network News Transfer Protocol, both nntp and imap helps clients to access the public folder. but actually, Smtp send the mails across the public folder.
46. What is latest service pack Exchange 2003? SP2 47. What is latest service pack Exchange 2000? SP4 48. What is the name of Exchange Databases? priv1.edb 49. How many databases in Standard Exchange version 1 50. How many databases in Enterprise Exchange version 20 51. What is Storage Group? The Exchange store has several logical components that interact with each other. These components can reside on a single server, or they can be distributed across multiple servers. This topic provides details about the following primary components of the Exchange store: • Storage groups (including recovery storage groups)
• •
Mailbox databases Public folder databases
Storage groups An Exchange storage group is a logical container for Exchange databases and their associated system and transaction log files. Storage groups are the basic unit for backing up and restoring data in Microsoft Exchange (although you can restore a single database). All databases in a storage group share a single backup schedule and a single set of transaction log files. Exchange Server 2007 Enterprise Edition supports up to 50 storage groups. Exchange 2007 Standard Edition supports up to five storage groups.
52. What is mail store? MAIL STORE The mail store is a directory or Universal Naming Convention (UNC) path where the POP3 service stores all e-mail until users retrieve it to their client computer. The basic structure of the mail store, or mail root, is a directory on the local hard disk where all e-mail is stored. When a domain is created, the POP3 service creates a corresponding directory in the directory that has been designated for the mail store. For each user with a mailbox in that domain, POP3 creates a directory in the domain directory. E-mail that a user receives is stored as an individual file within the user's directory until the user retrieves it using a POP3 e-mail client. The following is an example of the path to an e-mail message in the mail store: C:\inetpub\mailroot\mailbox\example.com\P3_someone.mbx\P347865.eml where mailroot corresponds to the mail store directory, example.com to the domain directory, P3_somone.mbx to the directory for a mailbox named someone and P347865.eml to a single saved e-mail message. The directory and file permissions for each directory in the mail store are identical. When you configure the mail store, the permissions are set so that only local or domain administrators and the local network service, which the POP3 service is configured to run under, are assigned permissions to the directories. No other user is assigned read/write permissions. The mail store's functionality depends on having adequate hard disk space available. To ensure the mail store's functionality, you should develop a disk-space requirement estimate based on the number of users on the server, the volume of e-mail that they will receive, and the average size of the e-mail they will receive. In addition, you can protect the server from situations where the mail store's disk usage might increase unexpectedly by implementing disk quotas. Disk quotas monitor and control disk space that is used on NTFS file system volumes. For more information, see Configuring disk quotas for the POP3 service. Notes Because the mail store can potentially use large amounts of disk space, you should either set a disk quota limit on the volume of the mail store (to control its disk space usage) or set it to use a volume other than the one where the operating system is installed. This will prevent the possibility of the operating system running out of disk space if the mail store becomes too large. For more information, see Set the mail store. For more information on disk quotas, see Configuring disk quotas for the POP3 service. The mail store must be configured to use either a directory on the local hard disk or a UNC path; other storage options, such as mapped drives, are not supported. You cannot set the mail store to the root directory of the hard disk, for example C:\, or to a directory in which files are currently in use. If you restore the mail store from a backup or move it to a new location, you must reset the permissions on the mail store directory using the command-line procedure described in Set the mail store. If you transfer the mail store to a new directory, you must move the mail store directory to ensure the directory retains the correct ownership; copying the mail store will not work. Physical access to a server is a high security risk. To maintain a more secure environment, restrict physical access to the server where the mail store resides. 53. Explain Exchange transaction logs Before changes are actually made to an Exchange database file, Exchange writes the changes to a transaction log file. After a change has been safely logged, it can then be written to the database file. One of the most important components of Exchange server is the transaction logs. Exchange server was designed to write all transactions to these log files and commit the changes to the databases when the system allows. Users can send and receive messages without touching the database thanks to this write-ahead method of logging. When a message is sent, the transaction is first recorded in the transaction logs. Until the transaction is committed to the Exchange database (EDB), the only existence of this data is in the system memory and the transaction logs. In the event of a crash, you lose the contents of the memory and all you are left with is the record in the transaction log. These transaction logs are crucial to the recovery of a failed Exchange server, whether it was a minor crash that required a reboot, or a more catastrophic failure requiring the deployment of your disaster recovery plans. The same goes for other transactions such as received messages, deleted items and messages moved to different folders. 54. What is default size for Transaction logs? 5 MB for 2003 and 1 MB for 2007 55. Why exchange is using transaction logs? Why not to write to data directly to the Exchange database? One of the most important components of Exchange server is the transaction logs. Exchange server was designed to write all transactions to these log files and commit the changes to the databases when the system allows. Users can send and receive messages without touching the database thanks to this write-ahead method of logging. When a message is sent, the transaction is first recorded in the transaction logs. Until the transaction is committed to the Exchange database (EDB), the only existence of this data is in the system memory and the transaction logs. In the event of a crash, you lose the contents of the memory and all you are left with is the record in the transaction log. These transaction logs are crucial to the recovery of a failed Exchange server, whether it was a minor crash that required a reboot, or a more catastrophic failure requiring the deployment of your disaster recovery plans. The same goes for other transactions such as received messages, deleted items and messages moved to different folders. For this reason, it is recommended to house the transaction files on a redundant storage system, like a RAID 1 array, so that in the event of a hardware failure, no data is lost. Losing a set of transaction logs will not prevent you from restoring from your backups, but you will lose all the messages and changes since the last full backup.
56. How exchange database gets defragmented? There are two types of Exchange database defragmentation: online and offline. Online Defragmentation Online defragmentation is one of several database-related processes that occur during Exchange database maintenance. By default, on servers running Exchange 2000 Server and Exchange Server 2003, Exchange Server database maintenance occurs daily between 01:00 (1:00 A.M.) and 05:00 (5:00 A.M.). Online defragmentation occurs while Exchange Server databases remain online. Therefore, your e-mail users have complete access to mailbox data during the online defragmentation process. The online defragmentation process involves automatically detecting and deleting objects that are no longer being used. This process provides more database space without actually changing the file size of the databases that are being defragmented. Note: To increase the efficiency of defragmentation and backup processes, schedule your maintenance processes and backup operations to run at different times. Offline Defragmentation Offline defragmentation involves using the Exchange Server Database Utilities (Eseutil.exe). ESEUTIL is an Exchange Server utility that you can use to defragment, repair, and check the integrity of Exchange Server databases. It is available through the following sources: If you are running Exchange 2000 Server, ESEUTIL is located in the E:\Support\Utils folder of your Exchange 2000 CD (where E:\ is the drive letter of your CD-ROM drive). If you are running Exchange Server 2003, ESEUTIL is located in the F:\Program Files\exchsrvr\bin directory after running Exchange Server 2003 Setup (where F:\ is the drive letter of the drive to which you installed Exchange Server). You can only perform offline defragmentation when your Exchange Server databases are offline. Therefore, your e-mail users will not have access to mailbox data during the offline defragmentation processes. During the offline defragmentation process, Eseutil.exe creates a new database, copies the old database records to the new one, and then discards unused pages, resulting in a new compact database file. To reduce the physical file size of the databases, you must perform an offline defragmentation in the following situations: After performing a database repair (using Eseutil /p) After moving a considerable amount of data from an Exchange Server database. When an Exchange Server database is much larger than it should be. Defragmenting an Exchange 2000 or Exchange 2003 database Defragmenting a database requires free disk space equal to 110 percent of the size of the database being processed. 1. In Exchange System Manager, right-click the information store that you want to defragment, and then click Dismount Store. 2. At the command prompt, change to the Exchsrvr\Bin folder, and then type the eseutil /d command, a database switch, and any options that you want to use. For example, the following command runs the standard defragmentation utility on a mailbox store database: C:\program files\exchsrvr\bin> eseutil /d c:\progra~1\exchsrvr\mdbdata\priv1.edb Use the following database switch to run Eseutil defragmentation on a specific database: eseutil /d
[options] 57. What is white space, and how can it be reclaimed? White space is nothing but free space. When the 16 GB database size limit is reached on the Standard version of Exchange and white space must be reclaimed in order to mount the database. If you are running Exchange Server 2003, then Service Pack 2 (SP2) should be installed to raise the limit to 75 GB. Free Space Reclamation The version store is the area of the database that manages version control. When a transaction is committed to the database, a cleanup process returns space that is freed by modify and delete transactions to the database. For each modify or delete operation, the existing version of the record is written to the version store so that the database maintains a copy of the old version until the new version is written to the database. After the transaction is committed to the database, any space that is freed from deleted records and long values is returned to the table or index that owns the space. Until the change is committed to the database, requests for the object continue to access the old version. If the transaction is rolled back, the version store record is used to undo the transaction. The version store has a size limit that is the lesser of the following: one-fourth of total random access memory (RAM) or 100 MB. Because most domain controllers have more than 400 MB of RAM, the most common version store size is the maximum size of 100 MB. If too many large changes or deletions occur simultaneously, it is possible for the version store to run out of processing space. In this event, cleanup of free space is suspended temporarily. On domain controllers running Windows 2000 Server, the most common cause of version store overload is large-scale bulk deletions. Bulk deletions and database growth in Windows 2000 Delete operations are the most CPU-intensive operations that the version store processes. On domain controllers running Windows 2000 Server, bulk deletions, such as the deletion of an entire tree of objects at one time, can cause a temporary condition in which free space cannot be returned to the database in a timely fashion because the cleanup process cannot keep up with the deletions. Event ID 602 is logged in the Directory Services event log to indicate this condition.
During the time that pages are being skipped by the cleanup process, free space is not released to the database, and space is not reclaimed until the next scheduled online defragmentation occurs. In the meantime, processing requirements can cause the database to grow. In particular, when bulk deletions or other bulk changes coincide with database additions, significant growth can occur. In addition, space from the deletion of long values is not returned to the database by online defragmentation. As a result of these conditions, the directory database on domain controllers running Windows 2000 Server can actually increase in size following a bulk deletion. On domain controllers running Windows Server 2003, the effects of these conditions are greatly reduced by improvements in version store cleanup and online defragmentation. However, if event ID 602 is logged in the Directory Services event log, running online defragmentation manually can alleviate the problem. On domain controllers running Windows 2000 Server, the only way to prompt online defragmentation is to change the garbage collection interval to the minimum value of one hour to force garbage collection and online defragmentation to occur as soon as possible. Improved space processing in Windows Server 2003 Two improvements in the Windows Server 2003 processing of free space eliminate the database growth problems that can result from large-scale bulk deletions: • The threshold at which the database begins skipping cleanup operations is increased from 5 percent to 90 percent. • Space is reclaimed from long-value deletions. The threshold of maximum pages that can be processed by the version store is the limiting factor in whether the cleanup process can keep pace with deletions. The version store cleanup process can take place only as long as the version store has sufficient space. With a maximum version store size of 100 MB, only 5 MB (5 percent) is available in Windows 2000 Server, and this low threshold is responsible for early suspension of the cleanup process. The threshold of 90 MB (90 percent) in Windows Server 2003 eliminates this problem. For this reason, large-scale bulk deletions that can be problematic on domain controllers running Windows 2000 Server present no significant growth concerns on domain controllers running Windows Server 2003. In addition, online defragmentation on domain controllers running Windows Server 2003 returns the space that is freed by long values to the long-value table, which further optimizes the availability of space in the database. 58. What time online maintenance runs by default in Exchange? Exchange Server database maintenance occurs daily between 01:00 (1:00 A.M.) and 05:00 (5:00 A.M.).
59. What event log exchange logs after online defragmentation standard version? What would you do if it reaches
What is the maximum storage capacity for Exchange maximum capacity?”
For Exchange Server 5.5, an Event 179 from source ESE97 is logged for each database at the beginning of online defragmentation. An Event 180 signals completion of online defragmentation. An Event 183 indicates that online defragmentation did not complete, but has been suspended and will finish later. Online defragmentation may be suspended if the online maintenance period that is defined for the database expires before online defragmentation completes. In this case, online defragmentation will resume where it left off during the next online maintenance window. In Microsoft Exchange 2000 Server and in Microsoft Exchange Server 2003, event ID 700 signals the beginning of a full pass, and event ID 701 signals the completion of a full pass. You may view or adjust the Information Store Maintenance schedule in the Exchange Server Administrator program for individual databases. The free space that is reported by Event 1221 is a conservative estimate. If you perform offline defragmentation, you will recover at least the amount of space that is reported as free. All space in an Exchange database is owned either by the database root or by particular tables in the database. Event 1221 estimates free space by calculating the number of empty pages owned by the messages table, the attachments table, and the database root. Free pages that are owned by other tables in the database are not taken into account.
60. . Retention Period: The retention period specifies how long Exchange will keep items that users have deleted. Upon
deleting an item, Exchange marks the item for complete removal based on the retention period. The default retention period is set to 30 days:
61. boot process in windows nt/xp/2000/2003 A Windows Server 2003 Intel-based boot sequence requires a number of files. A list of these files, their appropriate locations and the stages of the boot process associated with each file are listed in Table 1.2. Note: Systemroot represents the path to your Windows Server 2003 installation folder, which by default is C:\Windows
TABLE 1.2: Files Used in the Windows Server 2003 Boot Process File Ntldr Boot.ini Bootsect.dos Ntdetect.com Ntbootdd.sys Ntoskrnl.exe Hal.dll System Device drivers
Location System partition root (C:\ ) System partition root System partition root System partition root System partition root systemroot\System32 systemroot\System32 systemroot\System32\Config systemroot\System32\Drivers
Boot Stage Preboot and boot Boot Boot (optional) Boot Boot (optional Kernel load Kernel load Kernel initialization Kernel initialization
Note: The string systemroot (typed as %systemroot%) represents the folder in the boot partition that contains the Windows Server 2003 system files. The boot loader phase varies by platform. Since the earlier phases are not specific to the OS, the boot process is considered to start: • For x86 or x64: when the partition boot sector code is executed in real mode and loads NTLDR
•
For IA-64: when the IA64ldr.efi EFI program is executed (later referred as simply IA64ldr) From that point, the boot process continues as follows: An NTLDR file, located in the root folder of the boot disk, is composed of two parts. The first is the StartUp module and immediately followed by the OS loader (osloader.exe), both stored within that file. When NTLDR is loaded into memory and control is first passed to StartUp module, the CPU is operating in real mode. StartUp module's main task is to switch the processor into protected mode, which facilitates 32-bit memory access, thus allowing it to create the initial Interrupt descriptor table, Global Descriptor Table, page tables and enable paging. This provides the basic operating environment on which the operating system will build. StartUp module then loads and launches OS loader. NTLDR's OS loader includes basic functionality to access IDE-based disks formatted for NTFS or FAT file systems, or CDFS (ISO 9660), ETFS[clarify] or UDFS[clarify] in newer operating system versions. Disks are accessed through the system BIOS, through native ARC routines on ARC systems, or via network using TFTP protocol. It should be noted that all BIOS calls are done through virtual 8086 mode beyond this point, because the BIOS can not be accessed directly within protected mode. If the boot disk is a SCSI disk and the SCSI controller is not using real-mode INT 0x13, an additional file, Ntbootdd.sys is loaded to handle disk access in place of the default routines. This is a copy of the same SCSI miniport driver that is used when Windows is running. The boot loader then reads the contents of boot.ini to locate information on the system volume. If the boot.ini file is missing, the boot loader will attempt to locate information from the standard installation directory. For Windows NT machines, it will attempt to boot from C:\WINNT. For Windows XP and 2003 machines, it will boot from C:\WINDOWS. At this point, the screen is cleared, and in the Windows 2000 or later versions of NTLDR and IA64ldr which support system hibernation, the root directory default volume as defined in boot.ini is searched for a hibernation file, hiberfil.sys. If this file is found and an active memory set is found in it, the contents of the file (which will match the amount of physical memory in the machine) are loaded into memory, and control is transferred into the Windows kernel at a point from which hibernation can be resumed[1]. The file is then immediately marked as non-active, so that a crash or other malfunction cannot cause this (now-outdated) memory state to be re-loaded. If a state resume fails, the next time NTLDR runs it will ask the user whether to try resuming again or to discard the file and proceed with normal booting. If boot.ini contains more than one operating system entry, a boot menu is displayed to the user, allowing the user to choose which operating system is to be loaded. If a non NT-based operating system such as Windows 98 is selected (specified by an MS-DOS style of path, e.g. C:\), then NTLDR loads the associated "boot sector" file listed in boot.ini (by default, this is bootsect.dos if no file name is specified) and passes execution control to it. If an NT-based operating system is selected, NTLDR runs ntdetect.com, which gathers basic information about the computer's hardware as reported by the BIOS. At this point in the boot process, NTLDR clears the screen and displays a textual progress bar, (which is often not seen on XP or 2003 systems, due to their initialization speed); Windows 2000 also displays the text "Starting Windows..." underneath. If the user presses F8 during this phase, the advanced boot menu is displayed, containing various special boot modes including Safe mode, with the Last Known Good Configuration, with debugging enabled, and (in the case of Server editions) Directory Services Restore Mode. Once a boot mode has been selected (or if F8 was never pressed) booting continues.
If an x64 version of Windows is being booted (Windows XP Professional x64 Edition or Windows Server 2003 x64 Editions), the CPU is now switched into Long mode, enabling 64-bit addressing. Next, the Windows kernel Ntoskrnl.exe and the Hardware Abstraction Layer hal.dll are read into memory. If either of these files fails to load, the message "Windows could not start because the following file was missing or corrupt" is displayed to the user, and the boot process comes to a halt. If multiple hardware configurations are defined in the registry, the user is prompted at this point to choose one. With the kernel in memory, boot-time device drivers are loaded (but not yet initialized). This information (along with information on all detected hardware and Windows Services) is stored in the HKLM\SYSTEM portion of the registry, in a set of registry keys collectively called a Control Set. Multiple control sets (typically two) are kept, in the event that the settings contained in the currently-used one prohibit the system from booting. HKLM\SYSTEM contains control sets labeled ControlSet001, ControlSet002, etc., as well as CurrentControlSet. During regular operation, Windows uses CurrentControlSet to read and write information. CurrentControlSet is a reference to one of the control sets stored in the registry. Windows picks the "real" control set being used based on the values set in the HKLM\SYSTEM\Select registry key: • Default will be NTLDR or IA64ldr's choice if nothing else overrides this.
•
If the value of the Failed key matches Default, then NTLDR or IA64ldr displays an error message, indicating that the last boot failed, and gives the user the option to try booting, anyway, or to use the "Last Known Good Configuration". • If the user has chosen Last Known Good Configuration from the boot menu, the control set indicated by the LastKnownGood key is used instead of Default. When a control set is chosen, the Current key gets set accordingly. The Failed key is also set to the same as Current until the end of the boot process. LastKnownGood is also set to Current if the boot process completes successfully. For the purposes of booting, a driver is either a "Boot" driver that is loaded by NTLDR or IA64ldr prior to starting the kernel and started before system drivers by the kernel, a "System" driver, which is loaded and started by ntoskrnl.exe after the boot drivers or an "Automatic" driver which is loaded much later when the GUI already has been started. "Boot" drivers are almost exclusively drivers for hard-drive controllers and file systems (ATA, SCSI, file system filter manager, etc.); in other words, they are the absolute minimum that ntoskrnl.exe will need to get started with loading other drivers, and the rest of the operating system. "System" drivers cover a wider range of core functionality, including the display driver, CD-ROM support, and the TCP/IP stack. The appropriate file system driver for the partition type (NTFS, FAT, or FAT32) which the Windows installation resides on is also loaded. With this finished, control is then passed from NTLDR or IA64ldr to the kernel. At this time, Windows NT shows the famous "blue screen" displaying number of CPUs and the amount of memory installed, whilst Windows 2000, XP and 2003 switch into a graphical display mode to display the Windows logo. A. A. Firstly the files required for NT to boot are • Ntldr - This is a hidden, read-only system file that loads the operating system
• • •
Boot.ini - This is read-only system file, used to build the Boot Loader Operating System Selection menu on Intel x86-based computers Bootsect.dos - This is a hidden file loaded by Ntldr if another operating system is selected
Ntdetect.com - This is a hidden, read-only system file used to examine the hardware available and to build a hardware list. • Ntbootdd.sys - This file is only used by systems that boot from a SCSI disk. The common Boot sequence files are • Ntoskrnl.exe - The Windows NT kernel
• • •
System - This file is a collection of system configuration settings Device drivers - These are files that support various device drivers
Hal.dll - Hardware Abstraction Layer software The boot sequence is as follows 1. Power on self test (POST) routines are run 2. Master Boot Record is loaded into memory, and the program is run 3. The Boot Sector from Active Partition is Loaded into Memory 4. Ntldr is loaded and initialized from the boot sector
5.
Change the processor from real mode to 32-bit flat memory mode Ntldr starts the appropriate minifile system drivers. Minifile system drivers are built into Ntldr and can read FAT or NTFS 7. Ntldr reads the Boot.ini file 8. Ntldr loads the operating system selected, on of two things happen * If Windows NT is selected, Ntldr runs Ntdetect.com * For other operating system, Ntldr loads and runs Bootsect.dos and passes control to it. The Windows NT process ends here 9. Ntdetect.com scans the computer hardware and sends the list to Ntldr for inclusion in HKEY_LOCAL_MACHINE\HARDWARE 10. Ntldr then loads Ntoskrnl.exe, Hal.dll and the system hive 11. Ntldr scans the System hive and loads the device drivers configured to start at boot time 12. Ntldr passes control to Ntoskrnl.exe, at which point the boot process ends and the load phases begin 6.
I have a Windows NT 4.0 SP6a Server that takes 45 min to boot. It get to step 8. below, at seems to hang for the larger part of the time. Then, it will finish the boot process and work fine. It is just a pain if I ever have to reboot. 1. Power on self test (POST) routines are run 2. Master Boot Record is loaded into memory, and the program is run 3. The Boot Sector from Active Partition is Loaded into Memory 4. Ntldr is loaded and initialized from the boot sector 5. Change the processor from real mode to 32-bit flat memory mode 6. Ntldr starts the appropriate minifile system drivers. Minifile system drivers are built into Ntldr and can read FAT or NTFS 7. Ntldr reads the Boot.ini file 8. Ntldr loads the operating system selected, on of two things happen * If Windows NT is selected, Ntldr runs Ntdetect.com * For other operating system, Ntldr loads and runs Bootsect.dos and passes control to it. The Windows NT process ends here 9. Ntdetect.com scans the computer hardware and sends the list to Ntldr for inclusion in HKEY_LOCAL_MACHINE\HARDWARE 10. Ntldr then loads Ntoskrnl.exe, Hal.dll and the system hive 11. Ntldr scans the System hive and loads the device drivers configured to start at boot time 12. Ntldr passes control to Ntoskrnl.exe, at which point the boot process ends and the load phases begin
WINDOWS SERVER 2003 BOOT PROCESS: COMMON ERRORS & SOLUTIONS The boot process starts when you turn on your computer and ends when you log on to Windows Server 2003. There can be various reasons for startup failures. Some can be easily corrected, while others might require you to reinstall Windows Server 2003. This article will help you understand and troubleshoot most of the errors commonly occurring during the Windows Server 2003 boot process. While diagnosing a server error, it is important to first determine at which stage the error occurred. A server error can occur when the server is booting, during its running time or even when it is shutting down. The Boot Process The boot process will slightly differ depending on whether your server is using an x86-based processor or an Itaniumbased processor. This article exclusively deals with x86-based boot Process If you are running Windows Server 2003 on an x86-based platform, the boot process consists of six major stages: 1. The pre-boot sequence
2. The boot sequence 3. Kernel load sequence 4.
Kernel initialization sequence
5. 6.
Logon sequence
Plug and Play detection
Many files are used during these stages of the boot process. The following sections describe the steps in each boot process stage, the files used, and the errors that might occur. Stage 1: Pre-Boot Sequence A normal boot process begins with the pre-boot sequence, in which your computer starts up and prepares to boot the operating system. The computer will search for a boot device based on the boot order that was configured in the computer’s BIOS settings. Steps in the Pre-Boot Sequence The preboot sequence is not truly a part of windows booting process. The pre-boot sequence consists of the following steps: 1.
2.
When the computer is powered on, it runs a power-on self-test (POST) routine. The POST detects the processor you are using, how much memory is present, the hardware is recognized and what BIOS (Basic Input/Output System) your computer is using. The BIOS points to the boot device and the Master Boot Record (MBR) is loaded. It is also sometimes called the master boot sector or even just the boot sector. The MBR is located on the first sector of the hard disk. It contains the partition table and master boot code, which is executable code used to locate the active partition.
3.
The MBR points to the Active partition. The active partition is used to specify “the partition” that should be
4.
used to boot the operating system. This is normally the C: drive. Once the MBR locates the active partition, the “boot sector” is loaded into memory and executed. The Ntldr file is copied into memory and executed. The boot sector points to the Ntldr file, and this file
executes. The Ntldr file is used to initialize and start the Windows Server 2003 boot process. Possible Errors & Solutions If you see errors during the pre-boot sequence, they are probably not related to Windows Server 2003, since the operating system has not yet been loaded. The following table lists some common causes for errors and solutions . Symptom
Corrupt MBR
Improperly configured hardware
Cause
Solution
There are many viruses that affect MBR and corrupt it.
You can protect your system from this type of error by using a virus-scanning software. Most of the commonly used virus-scanning programs can correct an infected MBR.
If the POST cannot recognize your hard drive, the pre-boot Recheck your device configuration, driver stage will fail. This error can occur even if the device was settings. Also check for any hardware working properly and you haven't changed your malfunction and failure. configuration.
This can happen if you used the Fdisk utility and did not If the partition is FAT16 or FAT32 and on a No partition is create a partition from all of the free space. If you created basic disk, you can boot the computer to marked as your partitions as a part of the Windows Server 2003 DOS or Windows 9x with a boot disk. Then active installation and have dynamic disks, marking an active run Fdisk and mark a partition as active. partition is done for you during installation. Corrupt or missing Ntldr file
There are chances that, Ntldr file may be corrupted or deleted by virus attack. . Back to the Top
Stage 2: Boot Sequence
You can restore this file through Automated System Recovery or a Windows Server 2003 boot disk.
62. how do you configure memory dump if c:,d:,e: & paging file is configured so and so way?
Overview of memory dump file options for Windows Server 2003, Windows XP, and Windows 2000 On This Page
Complete memory dump Kernel memory dump Small memory dump Configure the dump type Tools for the various dump types Definitions Registry values for startup and recovery Test to make sure that a dump file can be created Default dump type options Maximum paging file size Technical support for x64-based versions of Microsoft Windows You can configure Microsoft Windows Server 2003, Microsoft Windows XP, and Microsoft Windows 2000 to write debugging information to three different file formats (also known as memory dump files) when your computer stops unexpectedly as a result of a Stop error (also known as a "blue screen," system crash, or bug check). You can also configure Windows not to write debugging information to a memory dump file. Windows can generate any one of the following memory dump file types: • Complete memory dump
• Kernel memory dump • Small memory dump (64 KB)
MORE INFORMATION Complete memory dump A complete memory dump records all the contents of system memory when your computer stops unexpectedly. A complete memory dump may contain data from processes that were running when the memory dump was collected. If you select the Complete memory dump option, you must have a paging file on the boot volume that is sufficient to hold all the physical RAM plus 1 megabyte (MB). By default, the complete memory dump file is written to the %SystemRoot%\Memory.dmp file. If a second problem occurs and another complete memory dump (or kernel memory dump) file is created, the previous file is overwritten. Note The Complete memory dump option is not available on computers that are running a 32-bit operating system and that have 2 gigabytes (GB) or more of RAM. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 274598 Complete memory dumps are not available on computers that have 2 or more gigabytes of RAM
Kernel memory dump A kernel memory dump records only the kernel memory. This speeds up the process of recording information in a log when your computer stops unexpectedly. Depending on the RAM in your computer, you must have between 150MB and up to 2GB of pagefile space available based on server load and the amount of physical RAM available for page file space on the boot volume. This dump file does not include unallocated memory or any memory that is allocated to User-mode programs. It includes only memory that is allocated to the kernel and hardware abstraction layer (HAL) in Windows 2000 and later, and memory allocated to Kernel-mode drivers and other Kernel-mode programs. For most purposes, this dump file is the most useful. It is significantly smaller than the complete memory dump file, but it omits only those parts of memory that are unlikely to have been involved in the problem. By default, the kernel memory dump file is written to the %SystemRoot%\Memory.dmp file. If a second problem occurs and another kernel memory dump file (or a complete memory dump file) is created, the previous file is overwritten.
Small memory dump A small memory dump records the smallest set of useful information that may help identify why your computer stopped unexpectedly. This option requires a paging file of at least 2 MB on the boot volume and specifies that Windows 2000 and later create a new file every time your computer stops unexpectedly. A history of these files is stored in a folder. This dump file type includes the following information: • The Stop message and its parameters and other data
• A list of loaded drivers • The processor context (PRCB) for the processor that stopped • The process information and kernel context (EPROCESS) for the process that stopped • The process information and kernel context (ETHREAD) for the thread that stopped • The Kernel-mode call stack for the thread that stopped This kind of dump file can be useful when space is limited. However, because of the limited information included, errors that were not directly caused by the thread that was running at the time of the problem may not be discovered by an analysis of this file. If a second problem occurs and a second small memory dump file is created, the previous file is preserved. Each additional file is given a distinct name. The date is encoded in the file name. For example, Mini022900-01.dmp is the first memory dump generated on February 29, 2000. A list of all small memory dump files is kept in the %SystemRoot%\Minidump folder.
Configure the dump type To configure startup and recovery options (including the dump type), follow these steps. Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps. 1. Click Start, point to Settings, and then click Control Panel. 2. Double-click System. 3. On the Advanced tab, click Startup and Recovery.
Tools for the various dump types You can load complete memory dumps and kernel memory dumps with standard symbolic debuggers, such as I386kd.exe. I386kd.exe is included with the Windows 2000 Support CD-ROM. Load small memory dumps by using Dumpchk.exe. Dumpchk.exe is included with the Support Tools for Windows 2000 and Windows XP. You can also use Dumpchk.exe to verify that a memory dump file has been created correctly. For more information about how to use Dumpchk.exe in Windows XP, click the following article number to view the article in the Microsoft Knowledge Base: 315271 How to use Dumpchk.exe to check a memory dump file For more information about how to use Dumpchk.exe in Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base: 156280 How to use Dumpchk.exe to check a memory dump file For more information about Windows debugging tools, visit the following Microsoft Web site: http://www.microsoft.com/whdc/devtools/debugging/default.mspx
Definitions • Boot volume: The volume that contains the Windows operating system and its support files. The boot volume can be, but does not have to be, the same as the system volume.
• System volume: The volume that contains the hardware-specific files that you must have to load Windows. The system
volume can be, but does not have to be, the same as the boot volume. The Boot.ini, Ntdetect.com, and Ntbootdd.sys files are examples of files that are located on the system volume.
Registry values for startup and recovery The following registry value is used: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl CrashDumpEnabled CrashDumpEnabled CrashDumpEnabled CrashDumpEnabled
REG_DWORD REG_DWORD REG_DWORD REG_DWORD
0x0 0x1 0x2 0x3
= = = =
None Complete memory dump Kernel memory dump Small memory dump (64KB)
Additional registry values for CrashControl: 0x0 = Disabled 0x1 = Enabled AutoReboot REG_DWORD 0x1 DumpFile REG_EXPAND_SZ %SystemRoot%\Memory.dmp
LogEvent REG_DWORD 0x1 MinidumpDir REG_EXPAND_SZ %SystemRoot%\Minidump Overwrite REG_DWORD 0x1 SendAlert REG_DWORD 0x1
Test to make sure that a dump file can be created For more information about how to configure your computer to generate a dump file for testing purposes, click the following article number to view the article in the Microsoft Knowledge Base: 244139 Windows feature lets you generate a memory dump file by using the keyboard
Default dump type options • Windows 2000 Professional: Small memory dump (64 KB) • Windows 2000 Server: Complete memory dump • Windows 2000 Advanced Server: Complete memory dump • Windows XP (Professional and Home Edition): Small memory dump (64 KB) • Windows Server 2003 (All Editions): Complete memory dump
Maximum paging file size Maximum paging file size is limited as follows: x86 Maximum size of a paging file
4 gigabytes
Maximum number of paging files 16 Total paging file size
x64
IA-64
16 terabytes
32 terabytes
16
16
64 gigabytes 256 terabytes 512 terabytes
Note When the Physical Address Extension (PAE) option is enabled for an x86-based processor, you can set the paging file size to a maximum of 16 terabytes (TB). However, we recommend that you set the paging file size to 1.5 times the installed physical memory.
Technical support for x64-based versions of Microsoft Windows Your hardware manufacturer provides technical support and assistance for x64-based versions of Windows. Your hardware manufacturer provides support because an x64-based version of Windows was included with your hardware. Your hardware manufacturer might have customized the installation of Windows with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your x64-based version of Windows. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware. For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site: http://www.microsoft.com/windowsxp/64bit/default.mspx For product information about x64-based versions of Microsoft Windows Server 2003, visit the following Microsoft Web site: http://www.microsoft.com/windowsserver2003/64bit/x64/editions.mspx
63. TELL ME WHY WE R USEING EXCHANGE SERVER? This is a mail server.. we can use this Server to send mails in Intranet as well as outside. 64. What is a smarthost?
A smarthost is a common term for a server that accepts outbound mail and passes it on to the recipient.
DNSThis is the standard for sending mail. When Exchange needs to send mail to another domain it will look for the MX records of that domain and will attempt to contact the mailserver directly. SmarthostIn this case Exchange takes your outgoing mail and sends it to another mailserver (which is called a “smarhost”, hence the name). The smarthost will deliver your mail to the other mailservers on your behalf. This is exactly what you do when you use Outlook Express to send mail using your ISP SMTP servers. 65. A Exchange server is having bandwidth issues, explain how you would look at fixing the issue? TECHNICAL INTERVIEW QUESTIONS – EXCHANGE 2003 66. Tell me a bit about the capabilities of Exchange Server.
67. What are the different Exchange 2003 versions?
Standard Exchange version , Enterprise Exchange version
and Small Business Server.
68. What's the main differences between Exchange 5.5 and Exchange 2000/2003? The primary differences are... -Exchange 2000 does not have its own directory or directory service; it uses Active Directory instead. -Exchange 2000 uses native components of Windows 2000 (namely, IIS and its SMTP, NNTP, W3SVC and other components, Kerberos and others) for many core functions. -SMTP is now a full peer to RPC, and is it the default transport protocol between Exchange 2000 servers. -Exchange 2000 supports Active/Active clustering and was recently certified for Windows 2000 Datacenter. -Exchange 2000 scales much higher. -It boasts conferencing services and instant messaging. 69. What is the latest Exchange 2003 Service Pack? Name a few changes in functionality in that SP.
70. What are the major network infrastructure for installing Exchange 2003? Hardware Requirements There are several factors that affect the hardware requirements for Exchange Server 2003: the number of users that will be accessing the server; the size and number of messages transferred on a daily basis (not to mention during peak usage periods); availability requirements; and so on. These factors will have a significant influence on the type of hardware you use for your deployment. However, Table 2-1 contains some minimum hardware requirements. While Table 2-1 contains the minimum requirements to install Exchange Server 2003 ,that configuration is sufficient for only the smallest of Exchange environments supporting only a handful of users, or for testing in a lab. In most cases, the Microsoft recommended requirements for Exchange Server 2003 in Table 2-2 are a more reasonable starting point. However, remember that this is only a starting point; your organization’s specific needs will dictate your system requirements. Table 2-1 Minimum Hardware Requirements for Exchange Server 2003
Component Processor Operating system Memory Disk space installed Drive Display File system including
Minimum requirements Pentium 133 Windows 2000 Server + SP3 256 megabyte (MB) 200 MB on system drive, 500 MB on partition where Exchange Server 2003 is CD-ROM drive VGA or better All partitions involving Exchange Server 2003 must be NTFS file system (NTFS), System partition Partition storing Exchange binaries Partition containing Exchange database files Partition containing Exchange transaction logs Partitions containing other Exchange files.
Tip Installing Exchange Server 2003 on an existing server will increase the burden on that server. You should use System Monitor to establish a performance baseline for your server prior to installing Exchange Server 2003 to determine if the server hardware is adequate to support Exchange and also so you can later determine the effect that the Exchange Server 2003 installation has had on your server’s overall performance. Table 2-2 Recommended Hardware Requirements for Exchange Server 2003
Component Processor Operating system Memory Disk space Drive Display
Recommended requirements Pentium III 500 (Exchange Server 2003, Standard Edition) Pentium III 733 (Exchange Server 2003, Enterprise Edition) Windows Server 2003 512 MB 200 MB on system drive, 500 MB on partition where Exchange Server 2003 is installed. Separate physical disks for the Exchange binaries, database files, and transaction logs. CD-ROM drive SVGA or better File system All partitions involving Exchange must be NTFS, including System partition Partition storing Exchange binaries Partition containing Exchange database files Partition containing Exchange transaction logs Partitions containing other Exchange files
71. What are the disk considerations when installing Exchange (RAID types, locations and so on).
RAID -5, 200 MB on system drive, 500 MB on partition where Exchange Server 2003 is installed. Separate physical
disks for the Exchange binaries, database files, and transaction logs..
72. You got a new HP DL380 (2U) server, dual Xeon, 4GB of RAM, 7 SAS disks, 64-bit. What do you do next to install Exchange 2003? (you have AD in place)
73. Why not install Exchange on the same machine as a DC? Are there any other installation considerations?
• • • •
Microsoft recommends against installing Exchange on a domain controller, but does support this practice in environments that need to run this way. However, if you do find that you need to run Exchange on a domain controller--perhaps for budgetary reasons--make sure you know the limitations and make an informed decision: Once Exchange is installed on the domain controller, you cannot reduce the server to member server status. Normally considered a best practice, don't use the /3GB switch on domain controllers that are also running Exchange as this can result in Exchange using too much system RAM. A shut down or restart of a domain controller running Exchange can take more than 10 minutes due to the order in which services are unloaded for a shutdown. Before you restart these servers, manually stop the Exchange services to avoid these delays. This installation method seriously hinders your high availability efforts as Exchange will use only the services offered by the host domain controller and will not seek out others if the AD services (i.e. Global Catalog servers) experience a problem. In general, unless you absolutely have to run Exchange on a domain controller, you should try to install Exchange to a member server. Exchange on a DC One question that often pops up in the Exchange world is whether it's a good idea (or not, as the case may be) to install Exchange on a domain controller. Generally, this has not been recommended in the past, with the two most common reasons being: An increase in disaster recovery complexity. This was certainly true in an NT4 environment, but it would be fair to say that, since much of Exchange's configuration information is stored in Active Directory (assuming Exchange 200x), this is no longer so much of an issue. The performance impact of locating these two services on the same machine. Logic dictates that separating these two roles will be best for performance, since the domain controller has plenty of other work to do. Exchange 2003 running on a domain controller is supported, but you should be aware of the following additional reasons on why this isn't such a good idea: The old "my Exchange server takes a long time to shut down" issue When Exchange 2003 is installed on a domain controller, it will take around 10 minutes to shut this server down. The technical reason is because the Active Directory service shuts down before the Exchange services, causing DSAccess to go through several timeouts before terminating. The workaround, as before, is to manually stop the Exchange services before shutting down the server. Memory management I've heard it said to not use the /3GB boot.ini switch on the server if Exchange is on a domain controller to prevent Exchange from dominating the memory. DSAccess will no longer failover Normally, if Active Directory services are busy or not responding, the Exchange services will failover to use other domain controllers. When Exchange is on a domain controller, this failover will not occur; this is by design. Security considerations You can decrease your attack surface area by not installing Exchange on a domain controller. Since all services run under the LocalSystem context, any attacker that gains access to Active Directory will also be able to gain access to Exchange. More security considerations Your Exchange administrators will have log on locally rights to the Exchange server. Do you also want them to be logging on locally to your domain controllers? Installing Exchange on a domain controller is best avoided. However, there are situations when you cannot practically avoid this. I know, as I've been involved in several projects where we've installed Exchange on a domain controller, mainly in the branch-office scenario. Outlook 2003's cached mode will now give us the chance to review this situation on future projects. 1. It is recommended and I second the motion, not to install Exchange 2003 on a DC though it can be done. This is a decision you'll really have to think about (This will get you started http://www.microsoft.com/technet/prodtechnol/exchange/Analyzer/7423376e-686b-4cda-b90f-cf5cff4f8981.mspx). It's best to run Exchange on it's own server. If you are running Exchange Server 2003 on a domain controller, using the domain controller promotion tool (DCPromo) to change the computer role is not supported, and it is known to break components such as Microsoft Outlook® Mobile Access (<- an issue listed below). If you are running Exchange Server on a domain controller without Small Business Server, consider the following issues: • Exchange Server and Active Directory are both resource-intensive applications. There are performance implications to be considered when both applications are running on the same computer. • If Exchange Server is running on a domain controller, you must also make that domain controller a global catalog server. • Several Exchange Server directory components, such as Directory Service Access (DSAccess), Directory Service Proxy (DSProxy), and the Message Categorizer will not fail over to any other domain controller or global catalog server. • You should not take advantage of the /3GB startup switch in Windows because it could cause Exchange Server to consume all memory, therefore reducing the memory available for Active Directory.
• System shutdown will take considerably longer if the Exchange Server services are not stopped before shutting down or restarting the server. • This configuration is less secure because Exchange administrators will have local administrative access to Active Directory, enabling them to elevate their own privileges. Additionally, any security vulnerability found in either Exchange Server or Active Directory exposes the other to compromise.
74. How would you prepare the AD Schema in advance before installing Exchange? By running Forestprep. 75. What type or permissions do you need in order to install the first Exchange server in a forest? In a domain? Permissions for Installing New Exchange Server 2003 Servers After ensuring that your organization meets the necessary prerequisites, the procedures referenced in this topic guide you through the deployment process. This process includes installing the first Exchange Server 2003 computer into your organization. Table 1 lists the required permissions or roles for the procedures referenced in this topic. Procedure
Required permissions or roles
Enable Microsoft Windows® 2000 Server or Microsoft Windows Server™ 2003 services
•
See Windows 2000 or Windows Server 2003 Help
Run ForestPrep on a domain controller (updates the Active Directory schema)
• • • •
Enterprise Administrator
• •
Domain Administrator
• • • •
Enterprise Administrator
• •
Exchange Full Administrator role applied at the organization level
Run DomainPrep
Install Active Directory Connector (ADC)
Install Exchange 2003 on the first server in a domain
• Install Exchange 2003 on additional servers in the domain
Run Active Directory Account Cleanup Wizard
Schema Administrator Domain Administrator Local Machine Administrator
Local Machine Administrator
Schema Administrator Domain Administrator Local Machine Administrator
Exchange 5.5 Administrator under the organization, site, and configuration nodes (if installing into an Exchange 5.5 site) Local Machine Administrator
• • • •
Exchange Full Administrator role applied at the administrative group level
•
Enterprise Administrator
Exchange 5.5 Site Administrator (if installing into an Exchange 5.5 site) Exchange 5.5 service account password Local Machine Administrator
For more information about managing and delegating permissions and user and group authorities, see the Exchange Server 2003 Administration Guide. Procedure
Required permissions or roles
Enable Microsoft Windows® 2000 Server or Microsoft Windows Server™ 2003 services
•
See Windows 2000 or Windows Server 2003 Help
Run ForestPrep on a domain controller (updates the Microsoft Active Directory® directory service schema)
• • • •
Enterprise Administrator
• •
Domain Administrator
Install Exchange Server 2003 on the first server in a domain
• •
Exchange Full Administrator role applied at the organization level
Install Exchange Server 2003 on additional servers in the domain
•
•
Exchange Full Administrator role applied at the administrative group level Exchange Server 5.5 Site Administrator (if installing into an Exchange Server 5.5 site) Local Machine Administrator
•
Exchange Full Administrator applied at the organization level
Run DomainPrep
•
Install the first instance of a connector
Schema Administrator Domain Administrator Local Machine Administrator
Local Machine Administrator
Local Machine Administrator
76. How would you verify that the schema was in fact updated? use adsiedit.msc to verify the changes. Steps for Extending the Schema Before you install one of the new features that is described in Active Directory Schema Update or before you add a domain controller running Windows Server 2003 R2 to a forest for the first time (unless it is the first domain controller in a new forest), you must first extend the schema with the Adprep tool. Perform the following steps to extend the schema: • Verify Active Directory functionality before you apply the schema extension • Apply the schema extension • Verify the schema extension VERIFY ACTIVE DIRECTORY FUNCTIONALITY BEFORE YOU APPLY THE SCHEMA EXTENSION Verify Active Directory functionality before you update the schema to help ensure that the schema extension proceeds without error. At a minimum, ensure that all domain controllers for the forest are online and performing inbound replication. To verify Active Directory functionality before you apply the schema extension 1. Log on to an administrative workstation that has the Windows Support Tool Repadmin.exe installed. Note The Support Tools are located on the operating system installation media in the Support\Tools folder. 2. 3.
Open a command prompt, and then change directories to the folder in which the Windows Support Tools are installed. At a command prompt, type the following, and then press ENTER: repadmin /replsum /bysrc /bydest /sort:delta All domain controllers should show 0 in the Fails column, and the largest deltas (which indicate the number of changes that have been made to the Active Directory database since the last successful replication) should be less than or roughly equal to the replication frequency of the site link that is used by the domain controller for replication. The default replication frequency is 180 minutes. For more information about additional steps that you can take to verify Active Directory functionality before you apply the schema extension, see article 325379 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=71057). APPLY THE SCHEMA EXTENSION Use the following procedure to apply the Windows Server 2003 R2 schema extension to the Active Directory schema. To apply the Windows Server 2003 R2 schema extension to the Active Directory schema 1. Log on to the computer that holds the schema master operations role (also known as flexible single master operations or FSMO) as a member of the Schema Admins group and the Enterprise Admins group. If you are not sure which computer holds the schema master operations role, type the following at a command prompt, and then press ENTER: Netdom query FSMO Note The built-in Administrator account in the forest root domain is a member of the Schema Admins group by default. 2. 3.
Verify that the schema operations master has performed inbound replication of the schema directory partition since the last time that the server restarted. Type the following at a command prompt, and then press ENTER: repadmin /showrepl Locate the version of Adprep, either in the \cmpnents\R2 folder of the Windows Server 2003 R2 Disc 2 or from Microsoft hotfix 919151, that is compatible with the version of Windows that runs on your schema master. Each version of Windows Server 2003 R2 (x86-based or x64-based) ships with a single version of Adprep on Disc 2 that is compatible only with operation masters that run that version of Windows Server 2003 R2 (x86-based or x64based). If your schema master is running run an x86-based version of Windows, run the x86-based version of Adprep. If your schema master is running run an x64-based version of Windows, run the x64-based version of Adprep. If your schema master does not run a version of Windows that is compatible with the version of Adprep that you plan to run, but your forest contains a domain controller that does run a compatible version of Windows, transfer the schema master role to that domain controller. Continue to step 4, and transfer the role back to the original role holder after the schema update is complete. If you do not have a compatible domain controller, obtain the hotfix described in article 919151 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=82345). To determine the version of the Windows operating system that is running on the schema master, type the following at a command prompt, and then press ENTER: winver Important Be sure to use the version of Adprep that is on Windows Server 2003 R2 Disc 2 or hotfix 919151, not the version of Adprep that is on Windows Server 2003 R2 Disc 1.
4.
Run adprep /forestprep. Change directories to the location that contains the appropriate Adprep version. Type the following command at the command prompt, and then press ENTER: cd cmpnents\R2\ADPREP adprep /forestprep Note
When you change the schema on the schema operations master, the changes are automatically propagated to all other domain controllers in the forest. Therefore, it is not necessary to perform this operation on other domain controllers. Also, there is no need to run adprep /domainprep in any child domain where you have already installed a domain controller running Windows Server 2003 with Service Pack 1 (SP1); the necessary domain partition updates were performed when the domain controller running Windows Server 2003 SP1 was installed. VERIFY THE SCHEMA EXTENSION After you run Adprep, you can use the Windows Support tool ADSI Edit to verify the schema extension. To verify the schema extension 1. Log on to an administrative workstation that has ADSI Edit installed. 2. Click Start, click Run, type adsiedit.msc, and then click OK.
3. 4. 5. 6. 7. 8.
Double-click Configuration Container, and then double-click CN=Configuration,DC=forest_root_domain where forest_root_domain is the fully qualified domain name (FQDN) of your forest root domain. Double-click CN=ForestUpdates. Right-click CN=Windows2003Update, and then click Properties. Verify that the Revision attribute value is 9, and then close the Properties dialog box. Double-click Schema. Right-click CN=Schema,CN=Configuration,DC=forest_root_domain where forest_root_domain is the FQDN of your forest root domain.
9. Click Properties. 10. On the Attribute Editor tab, for Select a property to view, select objectVersion, and verify that the attribute Value(s) equals 31. 77. What type of memory optimization changes could you do for Exchange 2003? Add /3Gb switch to boot.ini 78. How would you check your Exchange configuration settings to see if they're right? Send and Receive and Email. 79. What are the Exchange management tools? How and where can you install them?
Tools for Exchange Server 2003 Add Root Certificate (English only) May 24, 2004. Add a custom root certificate to your Microsoft Windows Mobile�based Pocket�PC. Address Rewrite (English only) May 24, 2004. Rewrite return e-mail addresses on outgoing messages sent from a non-Microsoft mail system to Exchange Server and destined to external or Internet addresses. ArchiveSink (English only) May 24, 2004. Archive message and log recipient details and other information about messages sent to or received by your server that is running Exchange Server. ASP.NET Mobile Controls Device Updates Update the supported devices you can use with Microsoft Outlook Mobile Access on your Exchange server. Authoritative Restore (English only) May 25, 2004. Force a restored directory database to replicate to your other servers after restoring from a backup by using this tool. Auto Accept Agent August 3, 2005. Automatically process meeting requests for resource mailboxes. The agent checks the availability of the resource mailbox based on the resource schedule (not free/busy) and accepts or declines new or updated meeting requests. Badmail Deletion and Archiving (English only) September 21, 2004. Delete or archive files automatically in the Badmail directory of specified Simple Mail Transfer Protocol (SMTP) virtual servers. Calendar Connector for Lotus Notes/Domino August 1, 2007. The updated Microsoft Exchange Server 2003 Calendar Connector for Lotus Notes/Domino is used for coexistence and migration of free/busy calendar data between Microsoft Exchange Server 2003 and Lotus Domino. Collaboration Data Objects, Version 1.2.1 August 1, 2007. Provides access to data in any MAPI store through a set of strongly typed interfaces that correspond to the common Microsoft Office Outlook items types, including Message, Appointment, and Person. Connector for Lotus Notes/Domino August 1, 2007. The updated Microsoft Exchange Server 2003 Connector for Lotus Notes/Domino is used for coexistence and migration of message flow, calendar requests, and directory synchronization between Microsoft Exchange Server 2003 and Lotus Domino. Deployment Tools September 21, 2004. Find out the steps you should take, the diagnostic tools you should use, and the Setup links to help you successfully install Exchange Server�2003 (requires Exchange Server�2003 Service Pack 1 [SP1]). Disable Certificate Verification (English only) May 24, 2004. Disable the Secure Sockets Layer (SSL) certificate check that is performed on a server running Exchange ActiveSync. Domain Rename Fixup August 12, 2005. Repair Exchange Server attributes in Active Directory directory service after using the Microsoft Windows Server�2003 domain rename tool. All Exchange servers in the renamed forest must be running Exchange Server�2003 SP1. E-Mail Journaling Advanced Configuration (English only) May 25, 2004. Augment the current Exchange Server archiving features and capture recipients on expanded distribution lists, Bcc recipients, and other message details. Error Code Lookup (English only) May 24, 2004. Determine error values from decimal and hexadecimal error codes in Microsoft Windows operating systems. Exchange ActiveSync Mobile Web Administration (English only) February 1, 2006. Manage the process of remotely erasing lost, stolen, or otherwise compromised mobile devices. Exchange MAPI Client and Collaboration Data Objects 1.2.1 August 1, 2007. Starting with the Beta 2 release of Microsoft Exchange Server 2007, neither the Messaging API (MAPI) client libraries nor CDO 1.2.1 are provided as part of the product. The result is missing functionality that many server applications depend on. This tool provides access to these APIs, thereby providing access to the contents of the Exchange store and Active Directory. Exchange Server 2003 Management Pack Configuration Wizard (English only) March 7, 2007. Configure test mailboxes, message tracking, and monitoring services in the Exchange�2000 Server and Exchange Server�2003 Management Packs with this graphical user interface. Exchange Server ActiveSync Certificate-Based Authentication (English only) August 1, 2007. Provides several tools to help an Exchange administrator configure and validate client certificate authentication for Exchange Server ActiveSync. Exchange Server Management Pack for Microsoft Operations Manager 2005 June 6, 2007. The Exchange Server Management Pack includes rules and scripts to track performance, availability, and reliability of Exchange components, such as Internet-related services, Extensible Storage Engine, System Attendant, Microsoft Exchange Information Store service, and SMTP.
ExchDump (English only) March 12, 2004. Gather Exchange Server configuration information from various sources used in troubleshooting support issues with this command-line tool. GroupWise Migration Tools Get the Connector for Novell GroupWise for Exchange�2000 Server or Exchange Server�5.5 Service Pack�4, a GroupWise Migration Wizard demo, and more. For the Exchange Server�2003 version of these tools, explore the Exchange Server�2003 CD. GUIDGen (English only) May 24, 2004. Generate globally unique identifiers (GUIDs) with this tool. Information Store Viewer (MDBVU32) (English only) May 24, 2004. The Information Store Viewer tool has been replaced by the MAPI Editor. The new tool, while still providing the functionality of the older tool for tasks such as browsing storage, is easier to use and is more stable. MAPI Editor is downloadable from this Exchange Server 2003 Tools page. Inter-Organization Replication (English only) September 21, 2004. Replicate public folder and free and busy information between Exchange Server organizations. Jetstress (English only) August 1, 2007. This tool has been revised to work with Exchange 2007 and is backward compatible with Exchange 2003. You will be directed to the new version when you click the tool name. LegacyDN (English only) May 25, 2004. Change Exchange�2000 Server and Exchange Server�2003 organization names and administrative group names on critical system objects. You can also use this tool to view or change legacyExchangeDN values. Load Simulator 2003 (LoadSim) (English only) August 1, 2007. Load Simulator 2003 has been replaced with the new Exchange Load Generator for Exchange Server 2007. Exchange Load Generator works with Exchange Server 2003 as well. Lotus Applications Migration Tools Get Office Outlook Connector for Lotus Domino, Importer for Lotus cc:Mail archives, Microsoft Application Analyzer 2006 for Lotus Domino, and more. Mailbox Merge Wizard (ExMerge) (English only) August 3, 2005. Extract data from mailboxes on one Exchange server and then merge that data into mailboxes on another Exchange server. MAPI Editor (English only) June 7, 2006. This tool, which replaces the current Information Store Viewer (MDBVU32), provides access to the contents of Messaging API (MAPI) stores. This is done through a graphical user interface. Microsoft Baseline Security Analyzer August 4, 2005. Scan for missing security updates for Exchange Server�5.5 and later. Visit the Microsoft TechNet site to find out the details. Microsoft Exchange Best Practices Analyzer, Version�2.8 June 6, 2007. Better integration with Microsoft Operations Manager 2005 enables you to identify and help resolve configuration issues before problems arise. Microsoft Exchange Intelligent Message Filter Find out how you can improve productivity and trim costs while lessening spam by exploring the resources listed on this page. Microsoft Exchange Intelligent Message Filter Update with Microsoft Update December 19, 2005. Starting with Exchange Server 2003 SP2, you can update your Intelligent Message Filter spam definitions using Microsoft Update. Microsoft Exchange Troubleshooting Assistant, Version 1.1 (English only) April 4, 2007. Access the following functionality by using the Exchange Troubleshooting Assistant: Exchange Performance Troubleshooter, Exchange Database Recovery Management, and Exchange Mail Flow Troubleshooter. Microsoft Search Administrative Tool (MSSearch) April 6, 2005. Use this command-line tool to perform administrative tasks against a full-text index such as enabling and disabling a full-text index for searching, obtaining the current status of a full-text index, and stopping the current population on a full-text index. Migration Wizard for Lotus Notes/Domino August 1, 2007. The Microsoft Exchange Server 2003 Migration Wizard for Lotus Notes/Domino is used for migrating Lotus Domino Accounts and mailboxes to Exchange Server 2003 and Active Directory. MTA Check (English only) May 24, 2004. Look for message transfer agent (MTA) database consistency and perform repairs. Outlook Web Access Web Administration May 25, 2004. Administer Microsoft Outlook Web Access with this Web-based tool. Profile Analyzer (English only) January 3, 2007. This tool has been revised to work with Exchange 2007 and is backward compatible with Exchange 2003. You will be directed to the new version when you click the tool name. Profile Redirector or Exchange Profile Update November 2, 2005. Exchange Redirector (ExProfRe.exe), also known as the Exchange Profile Update tool, updates Microsoft Office Outlook profiles after moving mailboxes across Exchange Server organizations or administrative groups.
Public Folder DAV-based Administration (English only) April 4, 2007. Use the Exchange Server Public Folder Distributed Authoring and Versioning (DAV)-based Administration tool (PFDAVAdmin) to perform various management tasks related to public folders and mailboxes. Note that this tool now works with Exchange Server 2007. Quota Message Service (English only) June 7, 2006. Generate custom quota messages that inform users that they have exceeded their message quotas. This tool is a mailbox agent, and it uses template messages to format the body of the quota messages. SMTP Internet Protocol Restriction and Accept/Deny List Configuration (English only) May 24, 2004. Programmatically set Internet Protocol (IP) restrictions on an SMTP virtual server. SMTPDiag May 3, 2006. Determine whether SMTP and DNS are configured to reliably deliver mail to an external e-mail address. Software Development Kit (SDK) Development Tools December 3, 2004. Get tools and components for creating and debugging collaborative applications on Exchange Server. Stress and Performance�2003 (English only) March 7, 2007. This tool has been revised to work with Exchange 2007 and is backward compatible with Exchange 2003. You will be directed to the new version when you click the tool name. Up-to-Date Notifications Binding Cleanup (English only) May 2, 2005. View and remove existing up-to-date notifications event registration items (bindings) on an individual as well as on a bulk level. Up-to-Date Notifications Troubleshooting (English only) May 24, 2004. Solve common notification issues and test e-mail message delivery to specified mobile devices with this troubleshooting tool. User Monitor (English only) April 8, 2005. Enables system administrators to view and evaluate individual user's usage and experience with Exchange Server. WinRoute May 25, 2004. Get a visual representation of the Exchange Server routing topology and the status of the different routing components. Workflow Designer for Exchange Server May 2, 2007. The Workflow Designer for Exchange Server is no longer available to download. Click the tool name to go to the download page where you can download documentation that fully explains why the tool has been removed, and what you can use instead of this tool. 80. What types of permissions are configurable for Exchange? 81. How can you grant access for an administrator to access all mailboxes on a specific server? How do I grant the administrator(s) (or any other user) full mailbox right on Exchange 2000/2003 mailboxes? In Microsoft Exchange Server 5.5, when you grant Service Account Admin privileges on the Site container to a Microsoft Windows account, you grant that account unrestricted access to all mailboxes. Because Exchange 2000 and Exchange Server 2003 do not use a service account, even accounts with Enterprise Administrators rights are denied rights to access all mailboxes, by default. This means that Exchange Full Administrators do not have the right to open any mailbox found on any server within the Exchange organization. In fact, if your logon account is the Administrator account or is a member of the Domain Admins or Enterprise Admins groups, then you are explicitly denied access to all mailboxes other than your own, even if you otherwise have full administrative rights over the Exchange system. However, unlike Exchange Server 5.5, all Exchange 2000/2003 administrative tasks can be performed without having to grant an administrator sufficient rights to read other people's mail. This default restriction can be overridden in several ways, but doing so should be in accordance with your organization's security and privacy policies. In most cases, using these methods is appropriate only in a recovery server environment. Granting right to a specific mailbox Use the following procedure to grant access to an Exchange 2000 or an Exchange 2003 mailbox: Note: You must have the appropriate Exchange administrative permissions to do so. 1. Start Active Directory Users and Computers. 2. On the View menu, ensure that the Advanced Features check box is selected. Note: This is not necessary on Exchange Server 2003 because of the fact that the Exchange Advanced tab is exposed by default. 3. Right-click the user whose mailbox you want to give permissions to and choose Properties.
4.
On the Exchange Advanced tab, click Mailbox Rights.
5. 6. 7. 8.
Notice that the Domain Admins and Enterprise Admins have both been given Deny access to Full Mailbox access. Click Add, click the user or group who you want to have access to this mailbox, and then click OK. Be sure that the user or group is selected in the Name box. In the Permissions list, click Allow next to Full Mailbox Access, and then click OK.
9. Click Ok all the way out. Warning: If the Group or User name list is empty and you only see one line with the name of SELF - do NOT touch the permission settings before you read SELF Permission on Exchange Mailboxes.
= Bad!
= Good Note: If the purpose of granting such access is to permit use of the EXMERGE utility (see Delete Messages from Mailboxes by using EXMERGE for an example of such a requirement), grant Receive As permissions. You can also grant Full Control permissions if you want complete access. Granting right to a mailboxes located within a specific mailbox store Use the following procedure to grant access to Exchange 2000 or an Exchange 2003 mailboxes found on a specific mailbox store: Note: You must have the appropriate Exchange administrative permissions to do so. 1. Start Exchange System Manager. 2. Drill down to your server object within the appropriate Administrative Group. Expand the server object and find the required mailbox store within the appropriate Storage Group. Right-click it and choose Properties.
3. 4. 5. 6. Note:
In the Properties window go to the Security tab. Click Add, click the user or group who you want to have access to the mailboxes, and then click OK. Be sure that the user or group is selected in the Name box. In the Permissions list, click Allow next to Full Control, and then click OK. Make sure there is no Deny checkbox selected next to the Send As and Receive As permissions.
7. Click Ok all the way out. Granting right to a mailboxes located on a specific server Use the following procedure to grant access to Exchange 2000 or an Exchange 2003 mailboxes found on a specific server: Note: You must have the appropriate Exchange administrative permissions to do so. 1. Start Exchange System Manager. 2. Drill down to your server object within the appropriate Administrative Group. Right-click it and choose Properties.
3. 4. 5. 6. Note:
In the Properties window go to the Security tab. Click Add, click the user or group who you want to have access to the mailboxes, and then click OK. Be sure that the user or group is selected in the Name box. In the Permissions list, click Allow next to Full Control, and then click OK. Make sure there is no Deny checkbox selected next to the Send As and Receive As permissions.
7. Click Ok all the way out. Note: It might take some time before the changes you've made will take effect. The amount of time needed is influenced by the number of domain controllers, Global Catalogs and site replication schedules and intervals. On one domain with one site containing multiple domain controllers it might take up to 15 minutes before you can begin using these new permissions. On single servers that are also DCs you can speed up the process by restarting the Information Store service. 81. What is the Send As permission? How to grant Send As permission "Send As" allows one user to send an email as though it came from another user. The recipient will not be given any indication that the email was composed by someone other than the stated sender. "Send As" can only be granted by a system administrator. "Send on Behalf of" may be more appropriate in many situations, it allows the recipient to be notified both who the author was and on who's behalf the email was sent The following procedure will allow system managers to grant users the ability to send as another: 1. Log onto the server running Exchange. 2. Run Active Directory Users and Computers. 3. Under the "View" menu ensure that "Advanced Features" is ticked. 4. Find the user's account that you want to be able to send as, and open up the account properties. 5. Select the "Security" tab. 6. Click [Add ...] (under "Group or user names") and add the user (users or group) that is to be granted permission to send-as this account. 7. For each account added, highlight the account under "Group or user names" and in the "Permissions for ..." window grant the account "Send As" permission. 8. Click [OK] to close the account properties dialog. Note: If there is an account for which a number of people need to be able to send as (such as an account used as a single point of contact for a distribution lists) then administratively it may be simpler to add a group of users who should have that permission and grant the permission to the group and not to the accounts individually. The process of sending an email as coming from another account is the same as sending on behalf-of. Set Mailbox Send as Permission To set up a mailbox so another person can send mail on behalf of that person (send as) follow the procedure below. This procedure works when using Exchange 2000 for the mail server. For example if you have a person who is an executive with an office assistant, they may want the office assistant to be able to send mail on their behalf. In the procedure below, the first user whose properties are vied would be the executive, and the user granted the permission is the office assistant. Open Active Directory Users and Computers. On the Menu, select "View".
Either double click the user who you want someone else to send e-mail on behalf of or right click the user and select "Properties" A user properties dialog box will appear. Select the "Exchange General" tab.
Click the "Delivery Options" button. A "Delivery Options" dialog box will appear. To the right side of the box labeled "Grant this permission to", click the "Add" button.
A select recipient dialog box will appear. Select the recipients that you want to be able to send mail on behalf of the user whose properties you are editing.
Click OK to close the select recipient dialog box. Click OK to close the "Delivery Options" dialog box. Click OK to close the user properties dialog box. 82. What other management tools are used to manage and control Exchange 2003? Name the tools you'd use.
83. What are Exchange Recipient types? Name 5. Exchange Server 2003 allows you to create several different types of recipient objects: mailbox-enabled users, mailenabled users, contact recipients, group recipients and public folder recipients. This tutorial explains how these various types of Exchange Server recipient objects work, when to use them and how to configure them. Part 1: Exchange Server mailbox-enabled and mail-enabled recipients There is a world of difference between an Exchange Server mailbox-enabled recipient object and a mail-enabled recipient object. An Exchange Server mailbox-enabled recipient object is a user who actually has a user account on your system. On the other hand, a mail-enabled recipient object is a user who does not have a valid user account, but who does have an email address that reflects your organization's domain. You would typically create a mail-enabled Exchange Server recipient object for someone who doesn't actually work for your company, but who needs to maintain the appearance of working there. By using a mail-enabled recipient object, you would be able to publish an external user's email address as [email protected]. Any email messages sent to that address would pass through your Exchange server and be forwarded to that person's normal email account in his own domain. The process for creating an Exchange Server mail-enabled user is fairly similar to the procedure for creating a mailboxenabled user. Both processes start with creating a user account. Exchange Server extends the user creation wizard and gives you a chance to create an Exchange Server mailbox for the user, as shown in Figure A. If you wanted to create a mailbox-enabled user, you would create an Exchange Server mailbox for the new user and then complete the account creation process in the normal way. Figure A: Set up an Exchange mailbox to create a mailbox-enabled user object.
If you are creating a mail-enabled recipient though, you would deselect the "Create an Exchange Mailbox" checkbox shown in Figure A prior to completing the account creation process. Since a mail-enabled recipient is someone who has no business logging onto your network, you also need to disable that user account right away. To disable an Exchange Server mail-enabled recipient, right click on the user account in the Active Directory Users and Computers (ADUC) console and select the "Disable Account" command. Now it's time to mail-enable the user account: Right click on the account and select the Exchange Tasks command to launch the Exchange Tasks Wizard. Click Next to bypass the wizard's Welcome screen and you will see a list of the tasks that can be applied to the user object.
Select the "Establish Email Address" option from the list and click Next to see the screen shown in Figure B. Figure B: You must enter the user's external email address.
As you can see in Figure B, the user's alias is filled in automatically. However, you must enter the user's external email address. This is the user's real email address where he normally receives his email. Click the modify button and you will be prompted to select the type of address that you want to enter. Select the SMTP Address option and click OK. Enter the user's external email address and click OK once again. The "External Email Address" field on the screen shown in Figure B will now be filled in. Click Next, followed by Finish, to complete the process. You will be able to tell that the process was successful because the newly mail-enabled user will now appear in the Exchange Server Global Address List (GAL). Part 2: Exchange Server contact recipients An Exchange Server contact recipient object is very similar to a mail-enabled recipient object in that it points to an external email address. Contact recipient objects and mail-enabled recipient objects have totally different purposes though. An Exchange Server contact recipient object also points to an external email address, but its purpose is not to provide an email address from your domain to an external recipient. Instead, its goal is to make it easier for your users to send messages to that external person. For example, let's say that your company outsources printing to a local print shop, and your employees regularly email documents there. If you create a contact recipient object for the print shop, its email address will be added to your Exchange Server Global Address List (GAL). This will save your users the time and effort of having to manually type in the print shop's email address every time they want to send email. When you create a contact recipient, you do not have to create a user account. However, you do have to create an Active Directory object to link to the external email address. To create an Exchange Server contact recipient: Open the Active Directory Users and Computers (ADUC) console. Right click on the Users folder and select New -> Contact to view the New Object -- Contact dialog box. Enter a first name, last name, full name, and display name and click Next. This screen asks if you want to create an Exchange Server email address. Make sure that the "Create an Exchange Email Address" checkbox is selected and click the Modify button. You will now be asked what type of address you want to enter. Select the SMTP address option and click OK. Enter the recipients email address and click OK one more time. Click Next, followed by Finish, to create the new contact recipient object. The newly created contact will reside in the Users folder (or whatever folder you created it in) of the ADUC console. You can tell it apart from a normal user because the contact's icon looks like a business card rather than a person. Now that you have created the new contact, it should appear on the Exchange Server Global Address List. When you view the GAL through Microsoft Outlook, you will be able to tell that the entry uses an external mailbox, because Microsoft Outlook will display a globe icon next to the contact. Part 3: Exchange Server group recipients For all practical purposes, a group recipient object is the same as an Exchange Server distribution list. It is basically just a group that has been mail-enabled (not mailbox-enabled). When an email message is sent to the group's email address, the message is forwarded to the group members' individual mailboxes. To create an Exchange Server group recipient object:
Open the Active Directory Users and Computers (ADUC) console and select the Users container. Right click on the Users container and select New -> Group To view the New Object -- Group dialog box. Enter a name for the group and then set the group type to Distribution. Click Next to see a screen asking you if you want to create an Exchange Server address for the group. Make sure that the "Create an Exchange Email Address" checkbox is selected and click Next. Click Next one more time, followed by Finish, to create the Exchange Server group recipient object. To add users to the group, click on the group, select Properties, and click the Add button on the Members tab. Part 4: Exchange Server public folder recipients The last type of Exchange Server recipient object that I want to talk about is a public folder recipient -- also known as a mail-enabled public folder. A public folder recipient is simply an Exchange Server public folder that has an email address associated with it. There are many different uses for mail-enabled Exchange public folders, but the first example that comes to mind is a situation in which your company launches a new product and wants to receive feedback from customers. With a a mailenabled Exchange public folder, you could receive all customer feedback in a central location, instead of flooding multiple personal mailboxes with those messages. To create an Exchange Server public folder recipient object: Open Exchange System Manager. Navigate through the console tree to Administrative Groups -> your administrative group -> Folders -> Public Folders -> the public folder you want to mail enable. Right click on the Exchange Server public folder you want to mail enable and select the All Tasks -> Mail Enable command. The folder is technically now mail-enabled, but you still need to verify that an email address has been assigned to the Exchange public folder. To do so, right click on the folder and select Properties. Select the Email Addresses tab to view the SMTP address assigned to the Exchange public folder. Use the Add and Edit buttons to add an alternate address or to modify the existing address, if necessary.
84. You created a mailbox for a user, yet the mailbox does not appear in ESM. Why?
You wanted to change mailbox access permissions for a mailbox, yet you see the SELF permission alone on the permissions list. Why?
WHAT HAPPENS WHEN I CREATE A MAILBOX IN EXCHANGE 2003? I have been asked this question a fair bit recently by members of my team, or indeed staff whom have delegated rights to the ESM whom worry when the don’t see the new mailbox that they have created appear in the Exchange System Manager. The most recent related question that I have been asked is “why is the only permission on the mailbox the self permission”, which prompted me to have a look around the web for some information, whereas I understand why the mailbox does not appear in the ESM and why the self permission is the sole permission upon creation I was hoping to find some resources on the web to distribute to my team. I was very surprised to find that although I tracked down a very good explanation for the “self” permission, I could not find anything that really explains what happens when you go through the mailbox creation process, therefore I have decided to write my own explanation (and await the flogging from people that know better!) Ok, a common misconception about creating a Mailbox is that when you have completed the Mailbox creation Wizard there is a nice shiny mailbox created in the store that you have chosen. This is not the case, the Mailbox wizard at this stage only updates the following attributes in Active Directory with the values that are specific to you Exchange Organisation;
• • • • • • • • •
homeMDB - Home Location of your Mailbox in the correct Exchange Database homeMTA - Your Native Message Transport Agent legacyExchangeDN - Used for compatibility with Exchange 5.5 systems mail - Your primary e-mail address mailNickname - Your mailbox alias msExchHomeServerName - The server which your mailbox is located on msExchMailboxGuid - GUID of the Primary samAccount for the mailbox msExchMailboxSecurityDescriptor - Defines mailbox rights proxyAddresses - Additional Addresses.
What then happens is the Recipient Update Service will run (usually every 15 minutes) and stamp the mail and proxy
addresses to the account in Active Directory - at this stage there is still no physical mailbox in the Exchange store (which can be verified by check the mailbox list from the ESM). In addition to the above if you check the “Exchange Advanced” tab and click ”Mailbox Rights” (you will need to turn on the Advanced Features of ADUC) you will see that the only permission on the mailbox at this point is the “self” permission. This situation happens because the securityDescriptor object (msExchMailboxSecurityDescriptor) is not read from Active Directory until the user first logs on to the mailbox or the mailbox is sent an item of mail.
A common misconception is that the Recipient Update Service plays a part in both the mailbox creation and indeed the configuration of security permissions on the mailbox, however the RUS does not work out any permissions (as that is not its job) it is the store service that works these out when the user logs on or mail is received which co-incidentally is the point where the store process creates the mailbox in the database based upon the data that is contained in Active Directory for the account. 85. What are Query Based Distribution groups?
QUERY-BASED DISTRIBUTION GROUPS
A query-based distribution group works much like a standard distribution group. The difference being that the querybased Distribution Groups assign group membership based on LDAP queries. Query-based distribution groups are only supported when running in Exchange Server 2003 Native Mode. The main advantage of creating a query-based distribution group is that administrators can dynamically assign members to the group – you do not have to manually add/remove accounts from the query-based distribution group. You can use the Filter option to define group membership for the query-based distribution group. Then, when new account objects are created, these objects too are added to the group when they defined as being mail-enabled in Active Directory. The different Filter options for defining a query-based distribution group are listed here: Users with Exchange Mailboxes Users with External Mail Addresses Mail-Enabled Groups Contacts with External Email Addresses Mail-Enabled Public Folders Customer Filters
HOW TO CREATE A QUERY-BASED DISTRIBUTION GROUP
Open the Active Directory Users and Computers console. Click the View menu and enable the Advanced Features option. Navigate to and expand the Organizational Unit that should contain the query-based distribution group. Click the Action menu and select New and then Query-Based Distribution Group. Provide a name for the query-based distribution group Click Change, and then select the domain and organizational unit. The filter will be applied to all users in the organizational unit. Select the Users with Exchange Mailbox option. Click Next and then click Finish.
86. What type of groups would you use when configuring distribution groups in a multiple domain
forest? 87. Name a few configuration options for Exchange recipients. 88. Name a few configuration options related to mailbox stores. 89. What are System Public Folders? Where would you find them? Types of public folders There are two types of public folders in Exchange 2003: Public Folder System Folder Puchange distinguishs between different public folder trees: ONE public folder tree type called “MAPI Clients” and MANY public folder tree types called “General purpose” Every public folder tree must be associated with an Exchange 2003 Public Folder Store. Public folders under the MAPI public folder tree are visible in Outlook. Public folders under the General purpose public folder tree are visible in Explorer and various other clients, except Outlook, like HTTP clients. System Folder System folders are hidden folders for internal Exchange System Management. Exchange needs this System Folders for Offline Address Book generation, Free+Busy information and many more. Exchange generates the following System Folders: EForms Registry Events Root Nntp Control Folder Offline Address Book Schedule+ Free Busy StoreEvents System Configuration To view System Folders start Exchange System Manager, navigate to Public Folders and right click “View System Folders”.
Figure 2: Display System folders in ESMblic folders Public folders are the visible public folders for your users to organize and publish informations. You can create as much public folders you want. 90. How would you plan and configure Public Folder redundancy? Okay. Go to the individual mailbox stores (not the storage group) on Server A. Open the properties page and set the Default Public folder store to Server B. 91. How can you immediately stop PF replication? 92. How can you prevent PF referral across slow WAN links? 93. What types of PF management tools might you use? New Tools Available for Public Folders and Mailbox Management, and for Mobility With the release of Microsoft® Exchange Server 2003 Service Pack 2 (SP2), you now have two new tools that can make your day-to-day operations tasks easier and more productive. 1.The Microsoft Exchange Server Public Folder Distributed Authoring and Versioning (DAV)-based Administration tool, version 2.4, is a tool previously available for internal use only, but now is available publicly. This tool helps IT Administrators to manage various server tasks related to: Public folders Mailboxes 2.The Microsoft Exchange ActiveSync Mobile Administration Web tool is part of the overall new Mobility feature that was introduced with SP2. This tool enables IT Administrators to manage the process of remotely erasing or wiping lost, stolen, or otherwise compromised mobile devices. For more information about downloading these tools, see Tools for Exchange Server 2003. Download these tools to start taking advantage of the many tasks they can perform both for public folder and mailbox administration, and for an enhanced administrator mobility experience. The following sections describe the tools in more detail. Microsoft Exchange Server Public Folder Distributed Authoring and Versioning (DAV)-based Administration Tool The Microsoft® Exchange Server Public Folder Distributed Authoring and Versioning (DAV)-based Administration tool version 2.4 (PFDAVAdmin 2.4) is an Exchange 2000 and later tool that assists Exchange administrators in fulfilling various server management tasks. As the name of the tool implies, many of these tasks are related to public folder management, but this tool can be used with mailboxes, too. What PFDAVAdmin Can Do Probably the most popular usage of PFDAVAdmin is permissions management of public folders. This tool is especially useful when correcting problems in permissions caused by M drive scanning or modifications made through a non-MAPI interface. Another common usage is to export or import folder permissions set on public folders and mailboxes. The following examples show additional you can do with PFDAVAdmin. Content Report Did you ever want to know how many items each public folder contains? Or do you want to know when the newest item was created in a folder? The Content Report menu is here to help you. Use this menu to create a report for all the public folders or any single folder (and its subfolders) with information such as the following: Item count Size of the folder Largest item size in the folder Most recent modification date of any item in the folder Centralized Permission change Did you ever want to assign certain permission to all the user mailboxes, such as reviewer permission on Calendar folders of all the users? You can use Propagate ACE to add the permission to all the folders named Calendar, or you can export or import permissions through text files. Note: For Calendar folders, you must take an extra action. For more information, see Microsoft Knowledge Base article 237924, "PRB: ACL: Outlook 2000 Doesn't Properly Read ACL Settings." Permission Migrate Do you need to migrate from an Exchange Server 5.5 organization to a new Exchange Server 2003 organization? If you do, you may also want to migrate the permissions of public folders rather than manually assigning the permissions on Exchange Server 2003. You can use PFInfo to export the permissions of Exchange Server 5.5 public folders and use PFDAVAdmin to import the file into Exchange Server 2003. Frequently Asked Questions
The following questions are frequently asked. Question Does PFDAVAdmin only work against public folders? Answer No, in spite of its name, PFDAVAdmin works against mailboxes as well. Question Can you run PFDAVAdmin against Exchange Server 5.5? Answer No, PFDAVAdmin works only with Exchange 2000 and later servers. However, PFDAVAdmin can work with the data you exported from Exchange Server 5.5 with tools such as PFInfo. Question Is it possible to run PFDAVAdmin from a command line? Answer Yes. You can specify various switches to indicate what type of operations you want to perform, as well as the scope of the operations. To see what options are available, type pfdavadmin -? at a command prompt. Question Can you run PFDAVAdmin from a computer that is not a member of the forest where the target Exchange server resides? Answer Yes. This feature is new with version 2.4. Also, you can use an account that is not a member of the Exchange forest if it has appropriate Exchange Administrator permissions (for example, in a resource forest scenario). Question What is the typical 'folders per hour' that PFDAVAdmin can process? Answer This answer depends on many factors such as the hardware specifications of the server and client, and the types of operations (Export Permissions, Export Replica Lists, Content Report). generally, you can get a higher performance when you run PFDAVAdmin against Exchange Server 2003 than against Exchange 2000 Server. Also, for Exchange Server 2003, it is faster when installed on Microsoft Windows Server™ 2003. As a broad estimate, 20,000 to 50,000 folders per hour is a good benchmark. Do note, though, that the performance in version 2.4 is significantly improved over the previous versions. Microsoft Exchange ActiveSync Mobile Administration Web Tool The Microsoft Exchange ActiveSync Mobile Administration Web tool enables administrators to manage the process of remotely erasing lost, stolen, or otherwise compromised mobile devices. By using the Exchange ActiveSync Mobile Administration Web tool, administrators can perform the following actions: View a list of all devices that are being used by any enterprise user. Select or cancel the selection of devices to be remotely erased. View the status of pending remote erase requests for each device. View a transaction log that indicates which administrators have issued remote erase commands, in addition to the devices that those commands pertained to. Installation To install the Exchange ActiveSync Mobile Administration Web tool on a front-end server that runs Exchange Server 2003 with Service Pack 2 (SP2), run the .msi package. The installation package creates the MobileAdmin virtual directory, through which the tool can be accessed. When installed correctly, the Exchange ActiveSync Mobile Administration Web tool is available from any remote computer that has a browser that can access the virtual directory associated with the tool. However, to access the Exchange ActiveSync Mobile Administration Web tool from the same computer that it is installed on, you must use one of the following approaches: Add the server name to the Local intranet list for Internet Explorer: In Internet Explorer, click Tools, click Internet Options, click Security, click Local intranet, and then click Sites. Use localhost as the server name when specifying the mobileAdmin URL in the browser (for example, https://localhost/mobileAdmin). Adding Administrators By default, access to the Exchange ActiveSync Mobile Administration Web tool is restricted to Exchange administrators and local administrators. A user from either of these groups can enable additional users to access the tool by modifying the security settings on the MobileAdmin folder in the installation directory. You make this change by right-clicking the folder, and then selecting sharing & security, which displays the Insert Folder Security properties dialog box. By using this user interface, an administrator can add a user or group by clicking Add and then entering the name of the user or group to which the administrator wants to grant access. Similarly, a user or group can be removed by selecting that user or group and then clicking Remove. Using the Tool The Welcome Screen presents the Administrator with a list of available administrative options. Select one of these options to start the associated Web page. The following options are displayed on the Welcome page. Remote Wipe Run a remote wipe command for a lost or stolen mobile device Transaction Log View a log of administrative actions, noting time/action/user Running and Monitoring a Remote Device Wipe The Remote Device Wipe administrator console provides the following functions: Issue a remote wipe command for a lost or stolen mobile device. To issue a remote wipe command, search for a user’s mobile devices by specifying the user’s name. The tool displays the device ID, device type, and the time the device last synchronized with the server for each of the user's devices. Locate the desired device, and then click Wipe. The tool then displays the up-to-date status for the device, displaying when or if the device has been successfully wiped. View the status on a pending remote wipe command. When a Wipe action is specified for a device, it stays active until the administrator specifies otherwise. This means that, after the initial remote wipe has been completed, the server continues to send a remote wipe directive if the same device ever tries to reconnect. Undo (cancel) a remote wipe command if a lost or stolen device is recovered. If a lost device is recovered, the administrator can cancel this directive to enable the device to successfully connect again. You cancel the wipe by locating the mobile device that has the remote wipe action set, and then clicking Cancel Wipe. Delete a device partnership. The administrator can use the remote wipe console to delete a device partnership from the server. This action has the effect of cleaning up all state associated with a specified device on the server and is primarily useful for housekeeping purposes. If a device tries to connect after its partnership has been deleted, it will be forced to re-establish that
partnership with the server through a recovery process that is transparent to both the IT administrator and the device user. This action is carried out by locating the mobile device, and then clicking Delete. Viewing a Log of Remote Wipe Transactions The transaction log displays the following information for all critical administrative actions performed with the Exchange ActiveSync Mobile Administration Web tool: Date Time Date and time when the action was executed User The user who executed the action Mailbox The mailbox that the action pertained to Device ID The device that the action pertained to Type The type of device that the action pertained to Action The action taken by the administrator 94. What are the differences between administrative permissions and client permissions in PF? Using Public Folder Permissions
The following sections discuss how to use public folder permissions. Understanding the Three Types of Public Folder Permissions You can control access to public folders using the following types of permissions: Client permissions These settings control who can use client applications to access folders and messages. By default, all users have permissions to read and write content in the public folder. You can change permissions for all users or create different permissions for specific users. The default client permissions do not include the Exchange administrative roles (Exchange Full Administrators, Exchange Administrators, or Exchange View Only Administrators). Depending on the type of public folder that you are working with, you may see different forms of the client permissions. Folders in the Public Folders tree use MAPI permissions. Folders in general-purpose public folder trees use Windows 2000 Server permissions. Directory rights These settings are normal Active Directory permissions, and control who can change the e-mail– related attributes of a mail-enabled public folder. Exchange stores these attributes in Active Directory, in the public folder's directory object in the Microsoft Exchange System Objects container. The default directory permissions include extensive permissions for the domain local Administrators group. Normally, any user that you have assigned to one of the Exchange administrative roles is a member of this group. Administrative rights These settings control who can use Exchange System Manager (or a custom administration program) to change the replication, limits, and other settings for a public folder. Some of these permissions are inherited from the public folder store and include permissions for the Exchange administrative roles. These permissions are Windows 2000 Server permissions, although they reside only in the public folder store. If you are working with a public folder tree that has multiple levels of public folders, you can modify client permissions or administrative rights for a single folder, and you can use the Propagate Settings command to propagate the changes to all subfolders of that folder. To propagate client permissions, use Propagate Settings with the Folder rights option. To propagate administrative rights, use Propagate Settings with the Administrative rights option. Special Considerations for Working with Client Permissions When you use Exchange System Manager to view client permissions for a public folder, the information that you see can depend on what type of folder tree you are working with. You also have access to different views of the same information. The procedures in this section provide information about how to use and how not to use the different views. To view permissions that control client access to a public folder In Exchange System Manager, right-click the folder that you want to change, and then click Properties. In the Properties dialog box, click the Permissions tab, and then click Client permissions.
After you click Client permissions, one of two different dialog boxes appears, depending on the type of public folder tree with which you are working. If you are working with a folder in the Public Folders tree, you see a dialog box that contains MAPI permissions and roles.
If you are working with a folder in a general-purpose public folder tree, you see a dialog box that contains Windows 2000 Server permissions, users, and groups. You can also use Exchange System Manager to view the Windows 2000 version of the permissions on a folder in the Public Folders tree. Caution: Although you can view the Windows 2000 Server version of the Public Folders tree permissions, do not attempt to edit the permissions in this view. The Windows user interface that displays the permissions formats the ACL in such a way that Exchange Server will no longer be able to convert the permissions to their MAPI form. If this happens, you will no longer be able to use Outlook or the regular Exchange System Manager dialog boxes to edit the permissions. To view the Windows 2000 version of MAPI permissions In Exchange System Manager, right-click the folder whose permissions you want to view, and then click Properties. From the Properties dialog box, click the Permissions tab, and then press and hold the CTRL key and click Client permissions. The resultant dialog displays as below. Note that all of the permissions check boxes are cleared:
To see the actual permissions information, click Advanced. The resulting dialog box is shown below:
To view detailed permissions information, click a permissions entry and then click View/Edit. Remember, do not use this dialog box to edit the permissions. As stated earlier, using this interface to modify permissions would save the changes in a form that Exchange Server could not convert to the MAPI format. The following screenshot shows an example of the detailed Windows 2000 Server permissions information you can view.
Designating a User as a Public Folder Delegate You can configure a mail-enabled public folder so that a user can send mail on the public folder's behalf. For example, if the folder serves as a shared storage location or workspace for a group of users, one user could send notifications to the group. A custom application could also perform such a function, if you created an account for it to use. To give a user the ability to send mail on behalf of a public folder From Exchange System Manager, expand Folders, right-click the public folder for which you want to give a user the ability to send mail and click Properties. Click Exchange General, and then click Delivery Options. Click Add to specify a user. You may need to make additional modifications if the following conditions apply: The user's mailbox resides in a domain that is different from the public folder's domain. The user's mailbox resides on a server that is located in a site that does not contain any domain controllers for the domain that hosts the public folder.
Use one of the following additional steps: Add the Exchange Domain Servers security group of the child domain with Read permissions to the ACL of the Microsoft Exchange System Objects container in the parent domain. This method is the recommended method for working around this problem. Move one domain controller from the parent domain to the user's Exchange Server 2003 site. Maintaining the Minimum Permissions Required for Mail-Enabled Public Folders This section explains the minimum permissions that are required for mailbox stores and public folder stores to function correctly. If you modify the default client permissions and roles on a mail-enabled public folder, make sure you maintain the Contributor role for the Anonymous account. Otherwise, mail sent to the public folder will be returned as undeliverable. When the public folder receives e-mail from a user who has no permissions on the folder, it treats the mail as a message posted using the Anonymous account. Note: This is a change from Exchange Server 5.5, where the default role of the Anonymous account was None. Maintaining the Minimum Permissions Required for Mailbox Stores and Public Folder Stores If you modify the default permissions on Exchange Server 2003 mailbox stores and public folder stores, make sure you maintain the following minimum permissions: Administrators group Full Control Authenticated Users group Read and Execute, List Folder Contents, and Read Creator Owner None Server Operators group Modify, Read and Execute, List Folder Contents, Read, and Write System account Full Control You may experience difficulties in mounting the mailbox stores or public folder stores if you do not maintain these permissions for these groups and accounts. The following error messages and events indicate that the accounts and groups in the preceding list do not have the correct permissions: An internal processing error has occurred. Try restarting Exchange System Manager or the Microsoft Exchange Information Store service, or both. MAPI or an unspecified service provider. ID no: 00000476-0000-00000000. Information Store (2520) An attempt to determine the minimum I/O block size for the volume "[drive:\]" containing "[drive:\]Exchsrvr\Mdbdata\" failed with system error 5 (0x00000005): "Access is denied." The operation will fail with error -1032 (0xfffffbf8). Error 0xfffffbf8 starting Storage Group [dn of storage group] on the Microsoft Exchange Information Store. The MAPI call 'OpenMsgStore' failed with the following error: The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server computer is down for maintenance. The MAPI provider failed. Microsoft Exchange Server Information Store ID no: 8004011d-0526-00000000. You may also encounter problems when mounting public folder stores if you have cleared the Allow inheritable permissions from parent to propagate to this object option for the public folder hierarchy. The following error messages indicate that you have cleared this option: The store could not be mounted because the Active Directory information was not replicated yet. The Microsoft Exchange Information Store service could not find the specified object. ID no: c1041722. To restore the permissions required by Exchange Server: In Exchange System Manager, right-click the Folder container, select the public folder tree, and then click Properties. In the Properties dialog box, click the Security tab, click Advanced, and then select Allow inheritable permissions from parent to propagate to this object. Wait for Active Directory to replicate the change to all of the domain controllers. Right-click the public folder store and click Mount Store. 95. How can you configure PF replication from the command prompt in Exchange 2003? Replicating Public Folders from Exchange 2000 to Exchange Server 2003 Just as the mailboxes are migrated from one set of Exchange 2000 servers to another set of Exchange Server 2003 systems, the public folders should be replicated before retiring the old Exchange 2000 servers. Previously, this procedure involved a manual replication of folder hierarchy, which could prove to be a tedious process. Microsoft addressed this drawback with a new utility called PFMigrate, which is accessible via the Exchange Deployment Tools. PFMigrate can create public and system folder replicas on new systems, and remove them from old servers. The following procedure outlines how to use PFMigrate to migrate from an Exchange 2000 Server to an Exchange Server 2003 system: Open a Command Prompt (select Start, Run; type cmd; and press Enter). Type cd D:\support\Exdeploy and press Enter. To create a report of current public folder replication, type the following: pfmigrate.wsf /S:OLDSERVERNAME /T:NEWSERVERNAME /R /F:c:\LOGNAME.log This generates a report named LOGNAME.log on the C: drive. OLDSERVERNAME should be the name of the Exchange 2000 system, and NEWSERVERNAME should be the new Exchange Server 2003 system. To replicate System Folders from the Exchange 2000 server to the Exchange 2003 server, type the following: pfmigrate.wsf /S:OLDSERVERNAME /T:NEWSERVERNAME /SF /A /N:100 /F:c:\LOGNAME.log To replicate Public Folders from Exchange 2000 to Exchange Server 2003, type the following:
pfmigrate.wsf /S:OLDSERVERNAME /T:NEWSERVERNAME /A /N:100 /F:c:\LOGNAME.log After all public folders have replicated, the old replicas can be removed from the Exchange 2000 Servers by typing the following, as illustrated in Figure 16.11: pfmigrate.wsf /S:OLDSERVERNAME /T:NEWSERVERNAME /D Figure 16.11. Command-line PFMigrate functionality.
The LOGNAME.log file can be reviewed to ensure that replication has occurred successfully and that a copy of each public folder exists on the new server. A sample log from this procedure is illustrated in Figure 16.12. Figure 16.12. Sample PFMigrate log file.
TIP Become familiar with the command-line options that are available with the PFMigrate tool, because they can be useful for managing the replication of public folders across a newly deployed Exchange Server 2003 environment. 96. What are the message hygiene options you can use natively in Exchange 2003? 97. What are the configuration options in IMF? IMF SCL Configuration - getting it right Correct SCL configuration is the key to a successful Exchange Intelligent Message Filter setup. With a good understanding of SCLs we can get the best results out of IMF. In this article I look at how to do this with the help of windeveloper IMF Tune, a freeware application released for this purpose. Note: This article makes references to WinDeveloper IMF Tune, an application that was available as freeware at the time of writing. IMF Tune is today a commercial product. The Intelligent Message Filter IMF, is one of the anti-spam products with the least configuration settings I ever came across. It boils down to four settings, Gateway SCL, Gateway Action, Junk Email SCL, and enabling of IMF per SMTP virtual server. The lack of options may easily give the impression that the configuration is trivial. What's an SCL by the way? The SCL rating is a value from 0 to 9 assigned to emails as a classification of their likelihood of being spam. 0 indicates lowest probability whereas 9 indicates near certainty of the email being spam. Values in between indicate a varying degree of certainty. Given the SCL value, an administrator is expected to decide what to do with the email. Emails with ratings at the lower range of SCL values are typically permitted to go through as valid email. High SCL ratings enable Administrators to be brave and take drastic actions such as delete, reject or archive. Values in between typically require emails to be deposited to the Junk Email folder for verification by the end-recipient. So effectively our goal is that of identifying these three SCL value ranges. Getting them wrong may lead to many valid emails ending in the Junk Email folder. Getting them totally wrong (and some do!!) may lead to loss of valuable emails.
Quick IMF Configuration Tour Before delving deeper into SCLs, let's have a very quick look at the IMF configuration to make sure everyone is in sync. The main IMF configuration settings are available from: | Global Settings | Message Delivery <properties> | Intelligent Message Filtering <property sheet>
Here you will find Gateway SCL, Gateway Action and Junk Email SCL. The Gateway settings are used to filter emails scoring very high SCLs. At this end one can configure IMF to reject, delete or archive emails. The Junk Email SCL identifies the emails that should be deposited to the Junk Email folder. Obviously this is set to a lower value than the Gateway SCL. Note that there is a typo in the IMF configuration. The text "Move messages with an SCL rating greater than or equal to:" should read "Move messages with an SCL rating greater than:". Combining these two SCL values we end up with three buckets for email classification as depicted below:
Enabling of IMF per virtual server is done from: | Servers | <Exchange Server> | Protocols | SMTP | 'Intelligent Message Filtering'
What does the SCL really mean? The first point to make clear is the fact that the SCL range between 0 and 9 is not linear. Let's rephrase this. Do SCL values such as 4 or 5 indicate 50:50 chance of an email being spam? Does it mean that half of these emails are spam and half ham? The answer is no. Such linearity would make large part of the SCL values useless. Using IMF Archiving feature it is possible to get an idea how the level of certainty changes from one SCL value to another. To compile this table I just looked at a few sample emails between SCL1 and SCL 9, hence the values are purely indicative to illustrate this point. X-SCL
Confidence Level (%)
1
52.68
2
57.43
3
63.87
4
67.41
5
82.82
6
90.50
7
94.72
8
97.82
9
99.58
As already said these values are purely indicative but it is clear that anyone rejecting/deleting/archiving emails with SCL lower than 7 is looking for trouble. Also values up to 3 or 4 can cause quite a large number of false positives. Did I already say these values are purely indicative? This means that in practice one has to see IMF in action to see the real meaning of SCL values. My aim so far was to block anyone (see the newsgroups) from doing crazy stuff. What we need is to start off with some reasonable SCL values and fine tune our settings by checking what is being filtered. Initial SCL settings Putting myself in the position of an administrator deploying IMF for the first time this is how I would start the configuration settings: Gateway Action
NoAction
Gateway SCL
8
In this case this is not relevant, but 8 would be my starting value for any other gateway action setting.
Junk Email SCL
4
Emails with SCL values between 0 and 4 will go straight to the inbox. All the rest goes to the Junk Email folders.
Starting with no gateway action is wise. It is first best to build your confidence in IMF before giving it the trust to remove emails. This is of course true for any other application as well. Once configuration is done make sure to enable IMF per virtual SMTP server as shown previously. Next we need to check which emails are ending in the Junk Email folder and which in the Inbox. Note that for the Junk Email folder to be active, must be enabled through Outlook 2003: Tools | Options | Preferences | Junk E-mail... or through OWA: Options | 'Privacy and Junk E-mail Prevention'. WinDeveloper IMF Tune freeware It is now time to verify how well our initial SCL settings are doing. There are two things to check: Valid emails ending in the Junk Email folder (false positives). Spam remaining unfiltered ending in the recipient Inbox (false negatives). To do this we need to identify the SCL ratings for mails with false results. This information is not readily available unless a tool such as WinDeveloper IMF Tune is used. IMF Tune processes all emails whose SCL score is larger than the Junk Email SCL. It then prefixes their subject with the SCL score as shown below.
IMF Tune now enables us to look into the Junk Email folder and see how each of the individual emails is being classified. The subject prefix enables us to sort all emails by SCL which is very useful. Let's say a number of false positives are identified with SCL 5. The next step would be to determine what would happen if we were to raise the Junk Email SCL level to 5. Naturally this will cause all emails with rating of 5 or less to remain unfiltered. So it is best to determine how many false negatives will this cause. Sorting emails by SCL rating will enable us to visualize this. If a good number of emails with SCL 5 are valid then one should certainly raise this level. On the other hand if this is a small percentage it might be best to leave it as is. This decision can only be taken by analyzing real live data. IMF Tune is not configurable. It reads the IMF configuration every 5 minutes and adjusts which emails to process accordingly. Hence on changing the IMF configuration, for a short while, you may end up with some missing SCL prefixes at the Junk Email folder or some SCL prefixes at the Inbox. To avoid this restart the IIS Admin service, otherwise just be patient for a few minutes. IMF Tune only processes Junk Email. The subject is clearly an important piece of information which is best left alone for legitimate emails. So IMF Tune is most useful when analyzing false positives. If a significant amount of spam is reaching your Inbox then you may of course lower the Junk Email SCL. You may then use IMF Tune to analyze the result of this change. Determining the Gateway SCL settings is another area where IMF Tune comes handy. We started our IMF setup with no gateway action. Now that the system has been running for some time it is good to look at the emails being assigned high SCL values such as 8 and 9. Most organizations are unlikely to get false positives at this level. If you feel enough confident in IMF SCL ratings at this end, then you may want to switch to archiving or even something more drastic like delete or reject. To conclude this, my client is currently using archiving as Gateway Action, 8 for Gateway SCL and 5 for Junk Email SCL. He is also using another commercial Anti-spam product. I didn't discuss the ramifications of this but in effect it means that these settings are specific to his particular setup. I hope you will find WinDeveloper IMF Tune helpful and make sure to grab your copy by following the link at the references section. I will be happy to hear your feedback through the www.windeveloper.com contact form. Intelligent Message Filter IMF is a plugin provided by Microsoft that greatly improves Exchange 2003's spam fighting capability. Microsoft doesn't give the administrator the ability to allow users to retrain the filters like you can in CRM114 or bogofilter, but IMF is still very useful. Microsoft uses a concept known as the Spam Confidence Level (SCL) to determine whether or not a particular message is spam. Each message is scored with an integer value from 0 to 9, with 0 indicating a non-spam message. Values from 1 to 9 indicates a spam message, with a lower number indicating that a message is likely not spam and a higher number indicating that a message is probably spam. Each message is scored, and then depending upon its score, the message can be rejected, deleted, or moved to a junk email folder, which is UceArchive at the system level or Junk Email for individual users. Unfortunately, Microsoft doesn't enable the administrator to easily view SCL scores for messages. However, the References contain links to web pages that step you through the process of viewing SCL scores for both Outlook messages and spam messages, which end up in the UceArchive folder. Installation In a large Exchange installation with many servers, IMF should be run on the machines we call the email relay machines. These are MS Exchange servers that process email messages between the Internet (or non-Exchange servers) and the Exchange mailbox servers your users login to in order to read their messages. Microsoft refers to the machines that IMF
is to be installed on as bridgehead machines. In smaller shops where there is no email relay, IMF can be installed directly on the MS Exchange mailbox servers. The IMF update must be downloaded from the MS Exchange IMF site, http://www.microsoft.com/exchange/downloads/2003/IMF/default.asp, under the link called Exchange Intelligent Message Filter. After you've downloaded the update, install the package. The only options available during install are checkboxes called Management Tools for Intelligent Message Filter and Intelligence Message Filter Functionality, which are both enabled by default. Configuration The main IMF configuration screen is available by going to Global Settings==>Message Delivery==>(rightclick)==>properties==>Intelligent Message Filtering, which should bring up a screen similar to Figure 10.2. Figure 10.2. Intelligent Message Filtering tab.
The IMF default values need to be changed because the software ships with values that won't work correctly in a production environment. There are two thresholds, which can be set within the IMF configuration. The first is at the server level and is located at the top of the IMF screen, titled Gateway Blocking Configuration. The second is at the bottom of the IMF setup tab and is called Store Junk Email Configuration; it is processed when the message enters a user's email box. After the configuration has been set up via the IMF screen, the filter must then be made active, which is covered in the Enabling IMF section of this chapter. Gateway Blocking Configuration When a message is presented to the Exchange server by a remote MTA, the Gateway Blocking Configuration defines what the IMF system will do with the message after it is scored. The field named Block Messages with an SCL Rating Greater Than or Equal To: specifies the score to match or exceed. We suggest setting this value to 8 initially and adjusting it as necessary. If an SCL of a message is at or above this score, the action on the message can be one of the following: Archive Delete No Action Reject Archive causes the messages to be filed in the UceArchive folder (see the "UceArchive" section later). The Delete action causes the message to be accepted by the server and then deleted. This setting should be used with caution, as messages are irretrievably lost when this option is selected. The No Action setting allows you to see how the IMF system would score messages without causing anything to happen to them. This setting is good for the paranoid administrator who would like to see how IMF scores messages before implementing IMF on real clients. Finally, the Reject setting causes the server to reject the message back to the originating MTA when the SCL score meets the criteria. Like the Delete setting, this action should be used with caution because messages are essentially lost when the Reject action is performed. Store Junk E-mail Configuration The Store Junk E-mail Configuration setting is what IMF should do with messages as they are being delivered into the recipient's email box. This score defines the threshold at which messages should be delivered into a user's junk email folder rather than his or her inbox. The field is called Move Messages with an SCL Rating Greater Than or Equal To, and a
good value to start off with is 4. If you are afraid your users will not go into their junk email boxes to view false positives, then set this value to a higher number. However, more spam will likely end up in your user's inbox. Enabling IMF After configuring the IMF values, you must activate filtering. This is accomplished by going to the following click chain: root==>servers==>name of server==>SMTP==>Intelligent Message Filtering==>(right-click)==>properties, which should bring up a screen similar to the one shown in Figure 10.3. Figure 10.3. Enabling IMF.
Click the Default SMTP Virtual Server checkbox and click the OK button. Your server is now running with IMF enabled. Ongoing Maintenance A couple of ongoing tasks need to be performed. One task is viewing the UceArchive folder, and another is viewing the performance statistics of the IMF system. UceArchive When the Gateway Blocking Configuration item called When Blocking Messages is set to Archive, messages above the SCL are placed in a folder called UceArchive. The administrator should view this folder periodically to be sure that no legitimate email messages have slipped past the filters. Unfortunately, Microsoft doesn't provide an easy way to view message scores. Appendix G contains a link to a program called IMF Archive Manager, which enables the administrator to easily view messages in the UceArchive along with their scores. The UceArchive folder can be viewed by viewing the following directory path: drive letter:\Program Files\Exchsrvr\Mailroot\vsi 1\UceArchive. In the UceArchive folder, each message that has been archived is saved as an email message. A message is viewed by double-clicking on it, which should bring up Outlook so that the message can be forwarded if necessary. Figure 10.4. UceArchive folder. [View full size image]
Be sure to delete the confirmed spam messages on a regular basis to prevent your disk from filling up. Performance Data If you would like to view statistics on how IMF is running, the IMF utility includes data for the built-in Windows performance monitor. To view IMF data, bring up the Windows monitor by clicking on the following path: Start==>Programs==>Administrative Tools==>Performance. When on the Performance screen, click the + (add) button in the toolbar. On the Add Counters screen, make sure the All Counters and All Instances radio buttons are active, and select MSExchange Intelligent Message Filter in the Performance Object drop-down box. Then click the Add button and the Close button. The real-time display of all of the performance variables related to IMF should start, similar to Figure 10.5. Figure 10.5. IMF performance monitoring. [View full size image]
This is useful for determining how busy your server is and for troubleshooting problems. The individual performance characteristics or variables can be selected as needed.
Stop spam at your server with the Exchange Intelligent Message Filter Takeaway: Spam is quickly rendering e-mail useless. You can block spam at your Exchange 2003 server using Microsoft's Intelligent Message Filter. Here's how.
For more Microsoft Exchange server tips, check out TechRepublic's Tech Tips for Exchange Administrators CD-ROM. Packed with more than 100 technical solutions, this tips collection simplifies Exchange 5.5, 2000, and 2003 administration. Few people would deny that the spam problem has grown to epidemic proportions. While there are a lot of enterpriselevel antispam products available for Exchange, most are very expensive and none of them are 100-percent effective. In an effort to turn the tide on the war against spam, Microsoft has released a free antispam component for Exchange Server 2003 called the Intelligent Message Filter. Some background information As you probably know, Microsoft owns MSN and Hotmail. For many years now, MSN and Hotmail mailboxes have been favorite targets of spammers, perhaps rivaled only by AOL mailboxes. Because of this, Microsoft needed to do something to rid these mailboxes of the endless assault by spammers to avoid losing customers. Unfortunately, spam is really hard to define. To paraphrase Supreme Court Justice Stewart Potter, you may not be able to give a hard and fast definition of spam, but you know it when you see it. Because of this simple fact, Microsoft asked thousands of volunteers to identify messages coming into their Hotmail or MSN mailboxes as being either spam or legitimate. Microsoft then came up with a program that checks roughly half a million different characteristics of inbound messages. What's nice about the program is that it doesn't just look for characteristics of spam; it also looks for characteristics common to legitimate mail. This improves accuracy tremendously over intelligent mail filtering solutions that merely look for characteristics of spam. The software then uses all of the message's characteristics to compute a mathematical probability of whether or not the message is spam. After using this program successfully in Hotmail, Microsoft decided to create a version of it for Exchange called the Intelligent Message Filter. Acquiring the Intelligent Message Filter The Intelligent Message Filter is free for owners of Microsoft Exchange Server 2003. You can download it from Microsoft's Exchange 2003 Web site. The download is roughly 9 MB in size. Before you install the filter
Before I show you how to configure the Intelligent Message Filter, you need to understand that the Intelligent Message Filter works at the SMTP virtual-server level of Exchange. This means two things. First, if you have someone within your office who sends you lots of junk mail, the Intelligent Message Filter won't filter that mail because it's local rather than SMTP based. Second, if you have more than one SMTP virtual server, you will have to configure the Intelligent Message Filter separately for each one. Installing the Intelligent Message Filter Begin by opening the ExchangeIMF.MSI file that you downloaded. When you do, Windows will launch the Microsoft Exchange Intelligent Message Filter Installation Wizard. Click Next to bypass the wizard's Welcome screen and you will see the software's end-user license agreement. Accept the license agreement, click Next, and you will be prompted for the components you wish to install. There are two components to choose from: the Intelligent Message Filter Functionality option, which is the actual Intelligent Message Filter program, and the Management Tools For Intelligent Message Filter option. If this is the first server on which you are installing Intelligent Message Filter, then you should select both options. It is also possible to install the management component onto a machine that's running Windows XP so that you can manage the Intelligent Message Filter without actually having to sit down at the server console. Make your selections, click Next, and Windows will begin copying the necessary files. When the copy process completes, click Finish to complete the installation. Determining the gateway threshold Once the Intelligent Message Filter is installed, you must determine the gateway threshold value. The idea here is that your Exchange Server is acting as a mail gateway. Messages come into the server from the Internet and are placed into user's mailboxes. The idea behind setting the gateway threshold value is that the Intelligent Message Filter assigns a value to every inbound message. The value is based on the likelihood of the message being spam. This is where the gateway threshold value comes in. If a message's value exceeds the gateway threshold value, the Intelligent Message Filter assumes that the message is spam and doesn't even bother placing the message into the destination mailbox. The default gateway threshold value is 8, but this value is not suitable for all installations. If the gateway threshold value is set too low, the Intelligent Message Filter may start flagging legitimate mail as spam. If the gateway threshold value is set too high, on the other hand, users' inboxes may be flooded by spam. It's a very fine balancing act, and this is why it's important to find out the appropriate value for your organization based on the mail that you receive rather than simply accepting the defaults. To figure out the appropriate value for your gateway threshold, you will have to use the Performance Monitor. When you install the Intelligent Message Filter, you are also installing a set of corresponding Performance Monitor counters. The tricky part, however, is that these counters are not readily available. The counters become available only after messages begin passing through the filter. Fortunately, there is a way to have messages pass through the filter without actually taking any action on the messages. To do so, open the Exchange System Manager and navigate to Global Settings | Message Delivery. After doing so, rightclick on Message Delivery and select the Properties command from the resulting shortcut menu. This will cause Exchange to display the Message Delivery Properties sheet. Select the Intelligent Message Filtering tab, then verify that all thresholds are set to a value of 8. You must also verify that the When Blocking Message option is set to No Action, as shown in Figure A. Figure A
Configure the Intelligent Message Filter to take no action for right now.
Click OK and then navigate through System Manager to Administrative Groups | your administrative group | Servers | your server | Protocols | SMTP | Intelligent Message Filtering. Right-click on the Intelligent Message Filtering option and select the Properties command from the resulting shortcut menu. Select the check box next to the SMTP virtual server for which that you want to enable Intelligent Message Filtering, as shown in Figure B. Click OK, and you should now be able to access the Performance Monitor counters. If not, you may have to reboot your server. Figure B
You must enable Intelligent Message Filtering for each SMTP virtual server that you want to use it with. At this point, open the Performance Monitor and remove any existing performance counters by selecting them and clicking the X icon. Next, click the + icon to reveal the Add Counters dialog box. Select the MSExchange Intelligent Message Filter performance object, then select the Total Messages Assigned An SCL Rating Of 0 counter. Click the Add button and repeat the process to add the counters for SCL levels 1 through 9. When you're finished, click Close and then click the icon that formats the data as a bar graph. You should now see an empty graph similar to the one shown in Figure C. Figure C
This is how Performance Monitor should be configured. You'll want to wait at least one business day for the Performance Monitor to collect an accurate sampling of data. If your organization doesn't get a lot of e-mail, you may need to wait longer. At any rate, you will eventually have a graph that looks something like the one shown in Figure D. Figure D
This is what a fairly typical set of results will look like. In this case, though, Figure D is a mock up. I use a pop3 utility to download all of my e-mail from my ISP to my Exchange Server and, therefore, my server doesn't receive any SMTP mail. Even so, the chart in Figure D shows a fairly typical set of results. As you look at Figure D, you will notice that there are ten different bars on the chart. The bar on the far left represents the number of received e-mails with an SCL (spam confidence level) of 0. The bar to the far right represents the number of messages with an SCL of 9. If an e-mail message has an SCL of 0, it means that the Intelligent Message Filter is positive that the message is legitimate. Likewise, if the SCL rating is 9, then the Intelligent Message Filter is positive that the message is spam. Messages with SCL ratings below 5 are most likely legitimate mail, while messages with an SCL rating above 5 are most likely spam. This doesn't mean that you should set the gateway threshold value at 5, however. If you look at Figure D, you will notice that some SCL ratings were much more common than others. Particularly, 6, 7, and 8 were the most common ratings. There was a very sharp rise in mail volume from an SCL value of 5 to an SCL value of 6. Therefore, in this particular case, you would probably want to set the gateway threshold value to 6. The reason is that all messages with an SCL of 6 or higher would be treated as spam at the gateway level. As you can see in the figure, this would eliminate most of the inbound mail. On the other hand, if there had been relatively few messages with an SCL rating of 6, but a lot of messages with an SCL rating of 7, then you would probably want to set the gateway threshold value to 7. The trick is to set the gateway threshold value to the number corresponding to the SCL rating where you see the sharpest rise above seemingly legitimate mail. In this case I picked 6 because there were only about five messages with an SCL of 5, but there were about 40 messages with an SCL of 6. Now that you know how to figure out the appropriate gateway threshold, it's time to actually set it. To do so, return to the Intelligent Message Filtering tab of the Message Delivery Properties sheet. Next, select the appropriate SCL rating value within the Gateway Blocking Configuration section. Before the gateway will filter any spam though, you will need to change the When Blocking Messages option from No Action to either Archive, Delete, or Reject. Controlling spam for users Now that you have set the gateway threshold value, you have gotten rid of most of the spam that's coming into your organization. However, there is still a lot of mail coming in that might or might not be spam. Since there is a possibility that some of this mail might be legitimate, you don't want to have your Exchange Server getting rid of it at the gateway level. Instead, it's better to have the users to make a decision as to whether the mail is legitimate or not. One way of accomplishing this is to configure the Intelligent Message Filter to move potential spam that has not already been filtered at the gateway level to a user's Junk E-Mail folder within Outlook. To do so, let's look at Figure D one last time. In the figure, you will notice that there is quite a bit of mail that has been assigned an SCL rating of 0 or 1. The number drops off significantly at 2 and climbs again at 3. The graph is a good indication (at least in this case) that SCL levels 3 through 5 are questionable messages that could potentially be spam. This being the case, we will tell the Intelligent Message Filter to move any messages with an SCL rating of 3 or above into the user's Junk E-mail folder. The messages won't actually be deleted—they are simply being moved to a location in which they will not show up in the user's Inbox, but in which the user is free to review them if necessary. To set this threshold value, return to the Intelligent Message Filtering tab of the Message Delivery Properties sheet and set the Store Junk E-Mail Configuration value to the appropriate level (in this case 3). Spam control within Outlook So far we have configured the Intelligent Message Filter to make some educated guesses as to what messages should and should not be classified as spam. Unfortunately, the Intelligent Message Filter is not perfect in its judgment, so it is prudent for users to help the Intelligent Message Filter out a little bit by configuring Outlook to recognize both legitimate mail and spam. For example, I receive a bi-weekly newsletter through e-mail called the Relevant Security News. It's a newsletter packed with information about IT security. Even though this newsletter is very important to me, my spam filter simply sees it as something that was mass mailed, and therefore flags it as spam. To counteract the problem, I set up a whitelist and placed the e-mail address that distributes my newsletter on it. The idea behind a whitelist is that senders who are on the list never have their messages flagged as spam, regardless of the message content. Likewise, you can also set up a blacklist. Blacklisted sender's messages are always flagged as spam, regardless of whether the message is legitimate or not. Almost every antispam program has a blacklist/whitelist feature, and this is generally how the feature works. In an Intelligent Message Filtering environment, the blacklist and whitelist work a little bit differently than you might expect. The reason is the gateway filtering option. Remember all of those messages that we configured the Intelligent Message Filter to delete at the gateway level? Those messages will never be compared to a user's blacklist or whitelist, because
the blacklist and whitelist are mailbox-level features. When you delete messages at the gateway level, you are deleting them before they can ever even reach the mailbox level. Because of this, some administrators prefer to set the gateway threshold to a very high level, such as 8 or 9, so that only the most blatantly obvious spam is deleted. This allows more messages to make it to the mailbox level where they can be compared against the user's blacklist and whitelist prior to being moved to the user's Junk Mail folder. So how do you manage all of those messages that do make it to the mailbox level? The first step is for the users to set up whitelists and blacklists. They can do so by opening Outlook 2003 and selecting the Options command from the Tools menu. When the Options properties sheet appears, the users can click the Junk E-Mail button. Tabs then become available for setting up whitelists and blacklists. In Outlook, these options are referred to as the safe senders list and the blocked senders list. If you happen to have a blacklist or whitelist in another antispam program, Outlook provides a way to import these lists. There is also an option to consider any messages from someone with an entry in the user's Contacts folder as safe. Outlook allows users to place about 2,000 entries on the safe senders list.
98. What are virtual servers? When would you use more than one? An SMTP virtual server is an instance of the SMTP service running on an Exchange server. It is bound to a particular IP address (or group of IP addresses) and port, usually the well-known TCP port 25.
Windows Exchange Servers use the word 'Virtual' in many contexts. To begin with, one physical machine can act as a server for several Virtual SMTP domains, for example ourcomp.com and mergecomp.net. Moreover, in addition to SMTP, one Exchange Server can also control Virtual servers for IMAP4, NNTP and POP3. From another point of view, you could interpret these Exchange Virtual servers as aliases for physical folders in Microsoft's IIS. In a completely different context, the term Virtual Server is used in clustering. The Outlook clients connect not to the individual Exchange 2003 nodes, but to a Virtual server with a virtual IP address.
99. Name some of the SMTP Virtual Server configuration options. Introduction to Virtual Servers in Exchange Server 2003 Finding Microsoft's Virtual Servers must be one of the longest 'drill downs' in the Exchange 2003 System Manager. It's as though one of Exchange server's most important configuration settings is hidden away, rather than being visible as a top level folder. Topics for Virtual Servers in Exchange Server 2003 • Explaining Virtual Servers • How to Configure a Microsoft Virtual SMTP server • Summary Explaining Virtual Servers Windows Exchange Servers use the word 'Virtual' in many contexts. To begin with, one physical machine can act as a server for several Virtual SMTP domains, for example ourcomp.com and mergecomp.net. Moreover, in addition to SMTP, one Exchange Server can also control Virtual servers for IMAP4, NNTP and POP3. From another point of view, you could interpret these Exchange Virtual servers as aliases for physical folders in Microsoft's IIS. In a completely different context, the term Virtual Server is used in clustering. The Outlook clients connect not to the individual Exchange 2003 nodes, but to a Virtual server with a virtual IP address. How to Configure a Virtual SMTP server
• • •
Opposite is a diagram to help you navigate to the various Virtual Servers folders. Once you have found your Exchange 2003 server object, expand the Protocols folder. Each protocol has its own Virtual server. SMTP for MAPI clients (Outlook), HTTP is for OWA (Outlook Web Access). We are most interested in the Default SMTP Virtual Server. As its name suggests, this is the container where you check settings for regular SMTP mail. (See this SMTP server object at the very bottom of the screen shot.) SMTP Virtual Server • General Tab - For Connection Filter and Port Numbers Access Tab - For Permissions Messages Tab - For Limits Delivery Tab - DNS Settings
General Tab - Filter One of the most important jobs in the Virtual Server is to configure any Filters that you set at the Global Settings, Message Delivery Tab. See Global Settings here.
To find the screen shot opposite click on the Advanced Tab next to the IP address. Select the IP address and Edit, now the Identification dialog box will appear, see diagram opposite. At last you can check: Apply Sender, Recipient or Connection Filter. General Tab - Port Numbers Rather like IIS, each SMTP Virtual server needs a unique combination of IP address and Port number. Here are the common Exchange port numbers: Default Secure Port HTTP 80 443 IMAP4 143 993 NNTP 119 563 POP3 110 995 SMTP 25 25 Access Tab The access tab is where you configure authentication. Who will be allowed to use your SMTP Virtual server? Authenticated users - yes, but anonymous users? I think not, but you decide. Messages Tab The first section deals with setting limits - if any. For example, what would be the maximum number of recipients for your company's emails? The lower section invites you to configure accounts to hold NDR (non deliverable reports). This is where you troubleshoot the location of the BadMail folder and the Queue directory. Delivery Tab As ever, DNS plays a central role in name resolution. Most likely your servers are registered on the internet as being authoritative for your email domain. This involves MX (Mail exchange) records on the InterNic servers that point to your Exchange 2003 server. The other side of the DNS coin is that your server must be able to deliver outgoing email. If your server is (rightly) protected by a firewall delivering external email can be an extra challenge. The answer is to forward the name resolution to a Smart host on the outside of the firewall. Reverse DNS Configuring, Perform reverse DNS lookup, seems like a great idea to prevent spammers spoofing addresses in their evil emails. However, everyone that I have talked to has found that it slows down the system so much, that they put Reverse DNS lookup in that pigeon hole: 'more trouble than it's worth '.
Summary of Windows Exchange Server 2003 - Virtual Server Once you discover where Microsoft's SMTP Virtual servers are hiding, then you can get on with the important task of configuring the Exchange 2003 server to accept your email, while not relaying spam. Remember the link between Global Settings and SMTP filtering. 100.What is a Mail Relay? Name a few known mail relay software or hardware options. Often referred to as an e-mail server, a device and/or program that routes an e-mail to the correct destination. Mail relays are typically used within local networks to transmit e-mails among local users. (For example, all of the student and faculty e-mail of a college campus.) Mail relays are particularly useful in e-mail aliasing where multiple email addresses are used but the mail relay forwards all messages to the specified e-mail addresses to one single address. A mail relay is different than an open relay, where an e-mail server processes a mail message that that neither originates or ends with a user that is within the server’s local domain (i.e., local IP range). What Is A Mail Relay? The first mechanism to be used against attacks is a mail relay. A mail relay is basically just a simple mail server that accepts e-mails, filters it according to pre-defined criteria and then delivers them to another server. Your mail relay will only allow mails that are destined to user in your SMTP domain to be relayed to the internal server. A mail relay could also filter out viruses and junk e-mail if you install the right software package for it. You would definitely want one of those so that your Exchange server will not be directly connected to the Internet for inbound connections. A mail relay is typically placed in a DMZ, which a dedicated network, protected by a Firewall and separated from both the internal LAN and the Internet. This allows the Firewall administrator to determine who is trying to get into the mail relay and what is passing from the mail relay to the internal LAN.
Tips Regarding Mail Relay deployment Don't forget the mail relay! Make sure that you secure the mail relay as much possible, install new security related patches, etc. One of the perks of having a mail relay is that you can reboot it more often than you could an Exchange Mailbox server. Linux is no more secure than Windows and more difficult to manage, so make sure you have the knowledge to handle it if you choose Linux as your solution. Don’t over-do your junk e-mail detection or you'll be fishing out deleted e-mails from your mail relay forever. Better choose a solution that blocks some junk mail at the mail relay level, and the rest at the server level, delivering suspected mail to a folder in the users' mailbox. Using a different anti-virus at the mail relay level than the one you use internally can lessen the chances of infections. Usually backing up mail relays is not really required but when your Exchange server is unavailable due to maintenance, internal virus outbreak or a Firewall problem you should be able to backup your mail relay so that a sudden crash doesn't take all your mail away. Monitor your mail relay queue to find out if there is a problem sooner rather then later. If you have POP3/SMTP clients, use the mail relay as an outgoing mail server instead of Exchange. This allows you to uncheck the SMTP authentication checkbox of the Exchange SMTP virtual server Relay options that is used by Trojan attacks. Trojans hijack username and password on workstations using various methods. They use this information to authenticate to the Exchange SMTP virtual server. Then they spoof the mail so that it appears as if it is coming from a valid IP for a large Internet E-mail supplier. However if you uncheck this option regular SMTP clients that you might find in most large enterprises such (For example, UNIX and Mac clients) will not be able to use Exchange to send mail. This quite alright as your mail relay can be configured for this purpose.
Can I Use My Front End Server as a mail relay? Front End Servers are the not the ideal candidate for a mail relay, security-wise, they can be configured as such like any other Exchange server. You would need to have at least on mailbox store available for some SMTP operations. However I think it is best to separate this functions and place them in separate DMZs so that hacking one of them doesn't expose both of them. Virus, Trojan and denial of service attacks are quite common these days and Exchange is a popular target for these attacks due its popularity and inherent vulnerabilities. Mail relays can be used to thwart most attacks. I'm constantly discovering that although the concept of mail relays is not new they can be used against the latest sophisticated attacks, just long as they're not the weakest link in the chain of e-mail delivery. 101.What is a Smart Host? Where would you configure it? Smarthosts are used to connect Exchange Server to an external (to the organization) messaging system. Typical use of a smarthost involves relaying outbound SMTP email to a non-Exchange SMTP host in perimeter networks; or to an ISP or hosted service provider that may offer functionality like mail relaying and spam and virus scanning A smarthost is a common term for a server that accepts outbound mail and passes it on to the recipient. A smart host is a type of mail relay server which allows an SMTP server to route e-mail to an intermediate mail server rather than directly to the recipient’s server. Often this smart host requires authentication from the sender to verify that the sender has privileges to have mail forwarded through the smart host. This is an important distinction from an open relay that will forward mail from the sender without authentication. Common authentication techniques inc Set Up Private Outbound DNS Route mail to Outbound Services by setting up an external DNS server. For an overview of Private Outbound DNS concepts, see Alternate Option: Set Up Private Outbound DNS.
1 . Select the Start Menu -> Programs -> Microsoft Exchange -> System Manager. 2 . Expand the top level -> Servers -> -> Protocols -> SMTP. 3.Right-click Default SMTP Virtual Server & select Properties.
4.Click the Delivery Tab.
5 . Click Advanced to go to the Advanced Delivery dialog box.
6 If you have a Smarthost set to point to Outbound Services for mail filtering, clear the . Smarthost. The Private Outbound DNS will replace your Smarthost for routing. 7 Click Configure.
.
8 . Click Add and enter the appropriate IP address for your system. Click OK.
The appropriate IP address depends on your system. To find what system to use, see Identify Your System. System IP Address to use for Private Outbound DNS 5 64.18.4.12 6 64.18.5.12 7 64.18.6.12 8 64.18.7.12 20 64.18.9.14 200 207.126.147.11 201 207.126.154.11 9 . Click OK again. You should see your IP address listed as an External DNS.
10.Click OK twice to return to the System Manager. 11.In System Manager, restart your mail server. lude SMTP-AUTH and POP before SMTP. 102.What are Routing Groups? When would you use them? Routing groups These are logical group of servers based on the company’s physical topology, used to control mail flow and public folder referrals. Routing groups share one or more physical connections. In a routing group, all Exchange servers communicate and transfer messages directly to one another, using Simple Mail Transfer Protocol (SMTP) virtual servers. In a native mode organization, routing groups can include servers from different administrative groups. However, in a mixed mode organization, routing groups cannot span multiple administrative groups, due to backward compatibility with Exchange Server 5.5. This is because the routing topology in Exchange 5.5 is defined by sites, and sites provide the functionality of both the administrative group and the routing group. Tip: SMTP works well over any type of TCP/IP connection. Therefore, a routing group does not necessarily define regions on a computer network with high network bandwidth. Routing groups can span slow network connections, if the
connection is permanent and reliable. For example, if all servers in Figure 5.1 can communicate directly through TCP/IP, you might consolidate all Exchange servers into one routing group, thus eliminating four of the five bridgehead servers and all routing group connectors. This significantly streamlines the routing group topology. In Figure 5.1, the bridgehead server running a connector to the non-Exchange messaging system must remain connected to the external messaging system. Note, however, that all servers in a routing group periodically poll the routing group master. Gaining control over server-to-server communication might require you to implement multiple routing groups, which might be especially important if communication over wide area network (WAN) connections generates costs. For more information about the design and configuration of routing group topologies, see Exchange Server 2003 Transport and Routing Guide (http://go.microsoft.com/fwlink/?LinkId=26041). 103.What are the types of Connectors you can use in Exchange? Routing group connectors A routing group connector enables message transfer between two routing groups. The following Exchange connectors can be used to establish message transfer paths between routing groups: Routing group connectors A routing group connector provides a one-way connection path in which messages are routed from servers in one routing group to servers in another routing group. Routing group connectors use Simple Mail Transfer Protocol (SMTP) to communicate with servers in connected routing groups. Routing group connectors provide the best connection between routing groups. Note: The Routing Group Connector (note the capitalization) is a specific type of connector that can only be used to connect routing groups with each other. Other connectors that can connect routing groups are the SMTP connector and X.400 connector. However, these connectors can also be used to connect an Exchange organization to an external messaging system through SMTP or X.400. To avoid confusion, this guide uses "Routing Group Connector" to refer to the specific connector that can only be used between routing groups and "routing group connector" to refer to all types of connectors that can be used to connect routing groups. SMTP connector An SMTP connector can be used to connect routing groups, but this is not recommended. SMTP connectors are designed for external message delivery. SMTP connectors define specific paths for e-mail messages that are destined for the Internet or an external destination, such as a non-Exchange messaging system. X.400 connectors Although you can use X.400 connectors to connect routing groups, X.400 connectors are designed to connect servers running Exchange with other X.400 systems or to servers running Exchange Server 5.5 outside an Exchange organization. A server running Exchange Server 2003 can then send messages over this connector using the X.400 protocol. Note: X.400 connectors are available only in Exchange Server 2003 Enterprise Edition. Connectors to non-Exchange messaging systems These connectors support message transfer and directory synchronization between Exchange and non-Exchange messaging systems. When appropriate connectors are implemented, the user experience is similar on both messaging systems and the transfer of messages and other information between the Exchange and non-Exchange messaging system is transparent to the user. However, some message properties might be lost during message conversion from an Exchange format to a non-Exchange format, or vice versa. Using X.400 Connectors In the beginning of this chapter, you learned that the X.400 MTA handles message transfer both within the organization and to servers outside it. Normally, the X.400 message transfer is handled within routing groups and not between them. You can, however, configure X.400 connectors to connect two routing groups in the same Exchange organization. The primary reason to do this is when you need to strictly control bandwidth usage between the routing groups. You can also use X.400 connectors to connect an Exchange routing group with a foreign X.400 messaging server. The key reason for using an X.400 connector instead of another type of connector is that the X.400 connector incurs less overhead than other connectors when sending large messages. This means that sending large messages through an X.400 connector requires less bandwidth than sending the same messages through other types of connectors. Understanding X.400 Connectors Because X.400 connectors are more complex than other types of connectors, they're difficult to use. Unlike other connectors, X.400 connectors have several variations, including these: TCP/IP X.400 connectors Used to transfer messages over a standard TCP/IP network. Use this connector when you have a dedicated connection such as a T1 line. Because most X.400 messaging systems support TCP/IP, this is the most common type of X.400 connector used. X.25 X.400 connectors Configured to connect to an X.25 adapter on a remote mail server. With this connector, you can support standard X.25 protocols as long as an X.25 adapter is available and you know the X.121 address of the remote server. Before you configure an X.400 connector, you must install and configure an X.400 transport stack that is the same type as the connector. The transport stack contains configuration information that the connector needs to properly transport messages. The available transport stacks include the TCP/IP X.400 stack and the X.25 X.400 stack. 104.What is the cost option in Exchange connectors? Cost is used to detect the best path.
105.What is the Link State Table? How would you view it? Link State Algorithm (LSA) It contains information about whether the Link is up or down. It is very similar to OSPF protocol. Every 60 seconds it updates this information. Exchange Server 2003 determines the route that an e-mail must take based on the status and availability of connectors between different routing groups and to external messaging systems through an SMTP connector or other connectors. Every exchange server stores its status information in a Link State Table (LST). The Link State Table is a small table which requires about 32 bytes per entry which is held in the Exchange Servers' RAM. All information will be collected by the Routing Group Master (RGM) of the routing group. The Routing Group Master uses TCP Port 691 to talk with other exchange servers in the routing group and is responsible for generating / updating the LST and for the distribution of the LST to each exchange server in the routing group. The updated LST is propagated to other routing groups through Bridgehead Servers. The Routing Group Master (RGM) then sends the updated information to the Bridgehead Server, and then the Bridgehead Server sends the information to Bridgehead Servers in other Routing Groups over TCP Port 25.
Figure 6: Link State Table The Link State Table lists all connectors, and their status, in an Exchange Server 2003 organization. The following information is included in the LST: Link status There are only two states for any given link: up or down. For this reason, connection information, such as whether a link is active or in a retry state, is not propagated between servers running Exchange Server 2003, and it is only available on the server involved in the message transfer. Exchange Server 2003 only considers routing messages by using connectors with a link status of up. Link cost The Link State Table stores costs for each connector. Exchange Server 2003 uses the cost values stored in the link state table to select the least cost route for a message. Costs are configured on each connector, and Exchange Server 2003 records them in the Link State Table. 106.How would you configure mail transfer security between 2 routing groups? 107.What is the Routing Group Master? Who holds that role? When you create a routing group, the first server in that routing group is assigned the role of routing group master. The routing group master maintains current link state information for its routing group and propagates it to the other servers within the routing group.
108..Explain the configuration steps required to allow Exchange 2003 to send and receive email from the Internet (consider a one-site multiple server scenario). 108.What is DS2MB? Directory Service/Metabase Synchronization process (DS2MB process). In short the DS2MB process overwrites new configuration information in the local metabase (the metabase is kind of a registry for IIS) with configuration information that was last set in Active Directory by using the Exchange System Manager snap-in. DS2MB is short for Directory Service to Metabase and the purpose of this process is to transfer configuration information from Active Directory to the IIS Metabase. The configuration is stored in the IIS Metabase instead of the registry mainly for performance and scalability reasons. The DS2MB process is a one-way write from Active Directory to the IIS Metabase, which means that the Metabase never writes back to Active Directory. This can be done either by using the Metabase Explorer tool form the IIS 6.0 Resource Kit, or by using ADSUtil which by default is located in the AdminScripts folder under Drive:\Inetpub. Lastly there’s a method which involves editing directly in the Metabase.xml file using Notepad or a similar text editor.
DS2MB is synchronizing exchange configuration setting in AD to the IIS Metabase. It depends upon Netlogon service, when changes take place in AD, DS2MB job to replica the changes to Metabase, when changes happens DS2MB gets notified within 15 Seconds. Remember for you interview one day with Microsoft (-: Metabase update service, also referred to as the directory service/metabase synchronization process, or DS2MB (because this process is implemented in DS2MB.dll) is a component in Exchange Server 2003 that is used to synchronize several Exchange configuration settings in Active Directory with counterpart settings in the IIS metabase. The function of DS2MB is to replicate configuration information from Active Directory to the local IIS metabase. The DS2MB process copies entire subtrees from Active Directory, without changing the shape of the subtree. This is a one-way write from Active Directory to the metabase; the metabase never writes to Active Directory. The DS2MB process does not add or compute any attribute when copying. The paths in the metabase are called keys. Properties can be set at each key, and each property can have attributes that customize that property. All identifiers that are present in the directory service image of the subtree are required in the metabase, including identifiers such as KeyType. In addition, the Relative Distinguished Name of the object in the directory is mapped directly to the key name in the metabase. DS2MB Operations The metabase update is a subprocess that is launched when System Attendant is started. The operation of SMTP, POP3, IMAP4, Outlook Web Access and Outlook Mobile Access are all dependent on the replication by DS2MB. DS2MB registers with the config domain controller after startup, enabling the config domain controller to notify DS2MB of any changes that are made to the Exchange configuration. This notification occurs within 15 seconds of the change. As soon as the change is replicated to the configuration domain controller, the change should be replicated to the metabase by DS2MB. DS2MB tracks changes to directory objects based on update sequence numbers (USNs). 101.What is Forms Based Authentication? Exchange Server 2003 has greatly improved the Outlook Web Access (or OWA for short) experience when compared to older Exchange versions. Besides the nice new GUI, spell-checking in different languages, drag-and-drop features, S/MIME and more, Exchange Server 2003 has added a new logon method that can be used on OWA. Exchange Server 2003 offers a feature called "form-based authentication" that can make your Outlook Web Access more secure. Instead of entering the username and password in an annoying pop-up screen, when configured with Forms-Based Authentication (or FBA for short), OWA will display a logon screen that enables the user to select various options and get a generally better look for the logon process. FBA can also be used to enable compression and other nice features. Exchange Server 2003 Outlook Web Access (OWA) supports forms-based authentication technology. Also known as cookie authentication .Forms-based authen When you enable this authentication method, OWA stores the user’s name and password in a cookie, rather than client’s browser. After a certain period of inactivity, the cookie is automatically cleared. This offers better security because the user’s credentials are not cached on the client’s computer. The credentials are only valid for the duration of the session and there’s no "Remember my password" option available to the client. To configure form-based authentication in Exchange, go to the Properties of the Exchange Virtual Server (see Fig. 1) and check the box "Enable Forms Based Authentication." Optionally, you can also select a Low or High level of compression. The main difference between High and Low compression is that High compresses both static and dynamic pages, while Low only static pages. However, to avoid putting extra loads on your server you should not select this option if you only have one Exchange Server in your environment. You need to restart the IIS service after you enable forms-based authentication by simply typing iisreset at the command prompt. Once you’ve enabled form-based authentication, you might also want to configure the time-out value for cookie authentication. With OWA, clients can select one of the two security options: • Public or shared computer The default option is ideal for kiosks or other computers that are in a shared environment. The user session will time-out after 15 minutes of inactivity with this option. • Private computer Useful when clients don't share their computers with others and desire a longer session timeout value. Select it and the cookie will last for 24 hours before it's cleared. You can change the default time-out values by modifying the registry. There are two settings in the registry for clients: PublicClientTimeout and TrustedClientTimeout. The first value refers to the "Public or shared computer" security option on the OWA logon screen, which defaults to 15 minutes. The second value refers to the "Private computer" security option, which defaults to 24 hours. Here are the two registry settings that can be added. The values are set in minutes between 1 and 43200 (i.e. 30 days). If the PublicClientTimeout and TrustedClientTimeout registry values do not exist then OWA uses the default values mentioned above. Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ MSExchangeWeb\OWA Value name: PublicClientTimeout Value type: REG_DWORD Value data: Between 1 and 43200 Base: Decimal Value name: TrustedClientTimeout Value type: REG_DWORD
Value data: Between 1 and 432000 Base: Decimal To set a cookie time-out value of 36 hours for "Private computer," you use a value of 864 (see Fig. 2). You need to restart the W3SVC service after you make these registry modifications. You can type net stop w3svc and net start w3svc at the command prompt to restart the service.
Figure 1. Configuring forms-based authentication for OWA.
Figure 2. Modifying client session time-out value in registry. 1.
. If you have a front-end/back-end server environment, make sure that you only enable forms-based authentication on the frontend -- do not enable this feature on the backend. If you are not using a front-end server, then enable forms-based authentication on the mailbox server. Check out Microsoft’s Knowledge Base article 830827, "How to manage Outlook Web Access features in Exchange Server 2003," for more information on this topic. Whether you are using forms-based authentication or not, OWA should always be secured with Secure Socket Layer (SSL) to ensure data is transferred securely across the Internet. Fortunately, you can’t configure formsbased authentication unless SSL is enabled. Forms-based authentication offers administrators additional security by storing the user’s name and password in a cookie, rather than client’s browser. You can control the session time-out value by modifying the registry for public and private computers. This allows you to manage the period of inactivity on client’s computer before the session cookie is automatically cleared.
102.How would you configure OWA's settings on an Exchange server? 103.What are Recipient Policies? When you perform the initial install of Exchange, the Recipient Update Service is installed and a default recipient policy is created. This policy is responsible for ensuring that all mail-enabled objects in the Exchange organization have a valid SMTP address following the [email protected] naming format. You can create a new policy that can be configured to create each SMTP address following a different naming convention such as [email protected]. Microsoft has a list of best practices to follow when creating and/or editing recipient policies.
• •
Create a new recipient policy and assign it a higher precedence rather than editing the default policy Keep the number of recipient policies to a minimum
•
Rebuild the RUS with caution 104.How would you work with multiple recipient policies? In Exchange Server 5.5 or Microsoft Exchange 2000 Server mixed-mode, only the default recipient policy is in effect. The default recipient policy is created based on the site addressing of the Exchange Server 5.5 site. The default recipient policy that is based on the site addressing of the Exchange Server 5.5 site permits backward compatibility with Exchange Server 5.5. In native-mode, multiple recipient policies can be in effect on different groups of users.
Create Recipient Policies in the Exchange System Manager 1. Click Start, point to Programs, point to Microsoft Exchange, click System Manager 2. In the left System Manager window pane, click to expand Organization, click to expand Recipients, and then click Recipient Policies. Note In the right pane, there is a Default Policy that applies to all recipients. In mixed mode, there is a Default Policy for each site. 3. Right-click Recipient Policies, point to New, and then click Recipient Policy. 4. Specify an LDAP filter (that is, to whom the policy applies) and the e-mail addresses for these recipients. Also note that Exchange 2000 and Exchange 2003 support automatic generation of secondary e-mail addresses.
105.What is the "issue" with trying to remove email addresses added by recipient policies? How would you fix that? 106.What is the RUS? The Recipient Update Service (RUS) is a very important component in your Exchange installation, it is RUS that is responsible for updating address lists and email addresses in your Active Directory. Many people ask a simple question, "I just created a new mailbox, but when I look at the users properties in Active Directory Users and Computers, nothing is listed on the Email Address Tab, what did I do wrong?", well the simple answer is nothing, the RUS takes it's time to update all the information in AD, so give it some time and everything will appear. The Recipient Update Service (RUS) is a Microsoft® Exchange 2003 service that updates recipient objects within a domain with specific types of information. For example, the RUS updates recipient objects with e-mail addresses and address list membership at scheduled intervals. Usually an administrator is responsible for determining the intervals at which this service runs. When you modify or create a recipient policy, the e-mail addresses for the address types that you have modified or added will be generated the next time the RUS is scheduled to run. The RUS only processes changes that were made since the last time it was run, so it is very efficient. 107.When would you need to manually create additional RUS? 108.How would you modify the filter properties of one of the default address lists? 109.How can you create multiple GALs and allow the users to only see the one related to them? 110.What is a Front End server? In what scenarios would you use one? Microsoft® Exchange Server2003 and Microsoft Exchange2000 Server support using a server architecture that distributes server tasks among front-end and back-end servers. In this architecture, a front-end server accepts requests from clients and proxies them to the appropriate back-end server for processing. A front-end server is a specially configured server running either Exchange Server2003 or Exchange 2000 Server software. Many organizations that implement Microsoft Outlook Web Access (OWA) based on Exchange Server 2003 or Exchange 2000 Server don't connect client browsers directly to the Exchange server on which the user's mailbox is located. Rather, a front-end Exchange server accepts the OWA connection from a client, then proxies the connection to the back-end server on which the user's mailbox resides. The front-end model offers the advantage of letting all users specify the same URL to access their mailboxes. However, the traditional front-end model also has disadvantages, especially with regard to authentication. Let's look at how the traditional front-end server model works and examine the limitations of that model's authentication method. Then, I outline an alternative mechanism for using a variant of the front-end server configuration to implement a normalized namespace with OWA. This alternative approach avoids the drawbacks of Basic authentication while letting all users enter the same URL to access their email 111.What type of authentication is used on the front end servers?
New for Exchange Server 2003 is the ability for the Exchange front-end server to use Kerberos authentication for HTTP sessions between the front-end and its respective back-end servers. While the authentication is now using Kerberos, the session is still being sent using clear text. Therefore, if the network is public or the data is sensitive, it is recommended that you use Internet Protocol security (IPSec) to secure all communication between the Exchange front-end and back-end servers
112.When would you use NLB? When the load on the Front_End server is more. 113.How would you achieve incoming mail redundancy? 114.What are the 4 types of Exchange backups? Overview of Exchange Server Backup Methods Several backup methods are written that do not use the Microsoft backup API. The following is an overview of backup methods that you can use. This article divides backups into two categories: what Microsoft supports and does not directly support. Exchange Backups that Microsoft Supports 1. Online Backups and Types of Online Backups
2. Offline Backups Exchange Backups that Microsoft Does Not Directly Support 1. Open File Agent Backups 2. 3.
Mailbox (Brick) Level Backups
Snap or Snapshot and Hot Split Backups For More Information Online Backups and Types of Online Backups Online backups are backups done while Exchange services are running. None of the Exchange services have to be stopped for this backup to complete. Online backup does not mean that you try to back up Exchange database files and Exchange folder structure while Exchange services are running. Online backup means backing up a separate Microsoft Exchange or Microsoft Exchange Server object that is available in backup software. You can do an online backup using Backup if you install Exchange administrator or Exchange System Manager in Exchange 2000 Server on a server that will do a backup. If you use thirdparty backup software, you have to install the Exchange Agent or Exchange-aware backup software. Agents are popular because they extend the functionality of third-party backup software. You will be backing up Exchange Directory (Exchange Server version 5.5) or Microsoft Exchange Information Store service objects. You will not be able to select individual files to back up or select individual mailboxes that need to be backed up. If you try to back up actual Exchange Server files and folders while services are running, backup will complete but with files that are skipped. Database files are skipped because the Exchange database engine has opened them, and only one program can have exclusive access to a single file on the disk. If disaster strikes and this is the only type of backup available, it is possible that Exchange information will not be recoverable. When backing up Exchange Server databases, there are four backup types available: Normal (or Full) The normal backup process backs up the directory or Exchange store in its entirety, as well as the log files. To restore from a normal backup, only one normal backup is needed. A normal backup marks the objects it has backed up so that incremental and differential backups have context. This is accomplished by backing up the entire database and all the log files, and then purging the log files. Copy The copy backup is the same as a normal backup except no marking takes place to give incremental and differential context. This means that performing an incremental backup after a copy backup is equivalent to performing it before a copy backup. Use a copy backup to get a full backup of the directory or Exchange store without disturbing the state of ongoing incremental or differential backups. Incremental An incremental backup backs up the subset of the component that has changed since the last normal or incremental backup. Then it marks these objects as backed up. To restore from incremental backups, each incremental backup since the last normal backup and the normal backup are needed. An incremental backup backs up only the log files, and then purges them. Differential A differential backup backs up changes in the directory or Exchange store that have occurred since the last normal backup. To restore from differential backups, one differential backup and one normal backup is required. A differential backup backs up only the log files but does not purge them. Note: In few cases, performing a differential or incremental backup is disabled, for example, immediately after an offline defragmentation or while circular logging is enabled. To restore an online backup in Exchange 2000 Server, you need the Microsoft Exchange Information Store service running, and the stores that are being restored need to be dismounted. To restore an online backup in Exchange Server 5.5, you need to have the Microsoft Exchange System Attendant service running. Offline Backups Offline backups are backups of Exchange files and folders when Exchange services are not running. If services are not running, backup software can have exclusive access to database files and can back them up. Planned offline backups will result in consistent database files. When Exchange services are being gracefully shut down, all transactions are being committed to the database. Resulting databases will be consistent, marked consistent or clean shutdown, depending on what version of Exchange you are running. Unplanned offline backups are backups that are taken when the server fails. Database files are copied to some location because that is the only type of backup available. If Exchange Server fails before this backup, databases do not have to
be consistent, so they might need repair after the restore procedure. Make sure to check if the backup was before or after the failure or Exchange Server problem. Exchange Backups that Microsoft Does Not Directly Support For backup methods that are not supported, there is no guarantee that the methods will work. You should contact your third-party backup software or hardware vendor in case of problems with backup. The backup vendor should be the primary source of support in the case that any of the following backups are used. Microsoft will work with any customer that has any backup type. However, if the backup was created by one of the following methods, the only help that Microsoft might be able to provide is disaster recovery, which might involve data loss. Open File Agent Backups There are third-party backup programs that use special ways to do a file-level backup of files that are already opened by some other application, such as Exchange Server. This might or might not work. In most cases, it will not work for Exchange. There is no guarantee that this type of backup will back up all mailbox and public folder data, and that you will be able to recover from disasters such as this. Open file agent backups, in most cases, back up inconsistent databases. Mailbox (Brick) Level Backups There are several third-party backup programs that can back up and restore individual mailboxes, rather than whole databases. Because those backup solutions do not follow Microsoft backup guidelines and technology, they are not directly supported. There are known problems with some versions of mailbox-level backup programs including loss of free/busy data and incomplete restores. Every effort is made to help, and to look at the errors and issues that you are having with this type of backup and restore, to determine if there are Exchange problems documented that could cause this error. Snap or Snapshot and Hot Split Backups This type backup provides benefits somewhat in between offline and open file agent backups. These backups are typically done on a hard disk instead of tape devices, which allows much faster transfer rates. Traditionally, the snapshot backup is done when databases are stopped. Because they are consistent, the restore procedure is similar to offline restore procedures. Those types of snapshot backups require downtime when backing up. There are some backups that perform what is called a Hot Split backup. This can be thought of as a snapshot backup with an open file agent running. The result is a fast backup that does not require downtime, but the backed up databases are inconsistent. Because of that, the backup vendor might need to be contacted to make sure that data is restored without any loss. A server running Microsoft Windows Server™ 2003 will support snapshot backups, and they are supported in Exchange Server 2003. They will utilize the Volume Snapshot service of Windows Server 2003, and they will require both the Exchange snapshot DLL and the special storage hardware. Introduction to Exchange 2003 Backup Methods Microsoft Exchange server has the usual range of backup methods, full, incremental and differential. What's new is Windows Server 2003 supplying the Volume Shadow Copy Service, which speeds up online Exchange 2003 backups. Topics for Microsoft Exchange 2003 Backup Planning Volume Shadow Copy Types of Exchange Server 2003 Backup Online v Offline Backup ASR (Automated System Recovery) Backup Media Tactics Summary Volume Shadow Copy Service (VSS) Windows Server 2003 provides a new Volume Shadow Copy (VSS) service, which produces a mirror of the file system. The purpose of this VSS* is to allow the operating system to carry on working with the live data, while backup locks onto a shadow copy of the files. Microsoft even provide a VSS API (Volume Shadow Service Application Program Interface) specifically for backup to hook into these Exchange 2003 databases. Now here is the strange part, the Windows Server 2003 Backup utility itself, does not make full use of this VSS API; instead it uses the streaming API. It is claimed that if Windows 2003 Backup did maximise this VSS API, then it would put out of business the companies who have made their reputation on backup software. See more about Volume Shadow Service. * Volume Shadow Copy Service uses the VSS API. Not to be confused with the VSAPI which is the new Exchange 2003 Virus Scanning API. Types of Exchange Server 2003 Backup Full Backup Make it your reflex to make a full backup of Exchange. Here are two killer reasons why a full backup is so much better than the alternatives; you only need one tape for a restore and a full backup purges the transaction logs. Only resort to differential or incremental if the time taken by the full backup is unacceptable. If the duration seems too long for a full backup, try work-arounds like faster tapes, backup to disk then to tape. Anything to avoid having to use incremental or differential backups. Differential Backup If you have tried every trick in the book, and a full backup still takes too much time, then choose a differential rather than incremental backup. Remember that when you restore differential tapes, there must be a full backup as a reference point. Traditionally, the full backup is made at weekends, complimented by a differential backup on each weekday night. Times may vary but the guideline would be the hours of lowest user activity. Unfortunately, differential backups do not purge or truncate the transaction logs, so not only does the differential backup get slightly bigger each day, but the logs are using up more and more disk space until you perform the next full backup.
Incremental Backup Avoid this method. To prove my point try a test restore on a Friday. Calculate how many tapes you need and how long it will take. Realize that there is a five times greater chance of a slip up before the data is recovered, than with a full backup. Another clue that this is a poor method is that SQL and other relational databases do not allow incremental backups. Two tiny pieces of good news, incremental backups are quick and they do delete old portions of the transaction logs. Copy Backup This is a specialist method which is useful if you need to take a snapshot of the system without altering the archive bit. Differential and Incremental backups take their cue from the archive property of the files, so my point is that a copy backup doesn't affect other backup schedules that you have in place. Daily Backup This method surprised me, I thought that it would backup any file within the last 24hrs. Not so. It only backed up files that had changed since midnight, time stamp 0:00. I cannot recommend this method for Exchange 2003. Online v Offline Backup An online backup means that email is not interrupted. New in Windows 2003 is the Volume Shadow Copy (VSS) service which makes it possible to backup without dismounting the Exchange stores. Most proprietary programs like Backup Exec, Legato or ArcServe have agents or add-ons which specifically hook into the Windows 2003's VSS APIs. Offline backup. Dismount the Store, then backup. Not your first choice. The main reason that I can think of for choosing an offline backup, is if the online backup failed. The disadvantages are that the logs are not purged and that unlike an online backup, the database cannot be verified. Another possible scenario is that you are about to undertake risky restore. So you create a rollback position by backing up what you have already, before you try a restore. ASR (Automated System Recovery) I wanted to give you a timely reminder that Exchange 2003 relies on the underling Windows Server 2003 operating system. In a worst case scenario you will have to rebuild the operating system before you restore the Exchange .edb databases. An ASR backup and recovery disk is the fastest way of building a base from which you can restore those .edb files. Before you tackle an ASR recovery, I assume you have tried Last Known Good, Safe Mode and the Recovery Console. In NT 4.0 days this process was known as RDISK. Both RDISK and ASR suffer from a fatal flaw, that is they are no good unless the disk information is up-to-date. So, if you going to make ASR diskettes, make sure you repeat the procedure every time the hardware changes in any significant way. Backup Media Tactics It is usually fastest to backup to disk. So, your tactics could be initially backup to disk, followed by a backup to a central server or to a local tape drive. Perhaps the best strategy would be to employ a tape library on a SAN. Summary of Backup Methods in Microsoft Exchange Server 2003 If you want to successfully restore your Exchange 2003 server, then spend time and plan your backup strategy carefully. Make a full backup your first choice, and wherever possible, avoid incremental backups since they take too long to restore. 115)What is DSACCESS? DSAccess is a component that optimizes the communication between Active Directory and components within exchange server. For example, Components such as Information Store and message categorizer. Exchange components that needs to interact with active directory uses DSAccess to retrieve information instead of directly communicating with Domain Controller or Global Catalog servers. DSAccess is also helpful for better system performance as it maintains a cache which helps in reducing LDAP queries that exchange server components does on active directory and thus load is reduced on both domain controllers as well as global catalog servers. Note: Global Address List (GAL) queries from Microsoft Outlook client does not use this cache. The system Attendant service is responsible for initializing DSAccess which is in form of a DLL file i.e., DSACCESS.DLL. There are also two more dll's associated which are DSCMGS.DLL and DSCPERF.DLL. Lets say, we want to see which processes are using DSACCESS.DLL. for this we will be using tasklist.exe (windows 2003 and XP) from command prompt. tasklist -m dsaccess.dll This will give you output similar as shown below.
DSAccess also have another important task to do, and that is "Discovery Process". In this discovery process DSAccess determines the complete active directory structure and accordingly chooses domain controller and global catalog servers that can be used by exchange. To see which domain controller and global catalog is being used by DSAccess, we need to open ESM (exchange system manager) and drill down to server, then open the properties page of server and go to Directory Access tab.
Note: This is available only if Exchange 2003 SP2 is installed. In prior versions you will need to use DSADIAG.EXE to get the list of domain controllers and global catalogs that are being used by DSAccess. Exchange 2003 System Attendent does not start. Hello Friends, Here if have got a new topic to post, may be some of you guys n gals face this problem while setting up exchange 2003 on member server of DC using /DisasterRecovery switch. We setup exchange 2003 using disasterrecovery switch when information related to our exchange server is already present in AD. Setup goes smoothly and you get a message which says to restore database from backup, we click ok and then setup wizard resume its job, here it tries to start Exchange System Attendent service and keeps trying to do it for long time, things doesn't goes ahead. but if we see our Event viewer (our friend) you will get error 9022, 9149, and 1005. This is because the exchange server container in AD does not proper permissions.
Ok, now we will solve this issue. Go to the DC, make sure you have support tools installed. If not then install it from your windows 2003 server CD-ROM, you can find it in support/Tools directory of your CD-ROM. After finishing installation of support tools, 1. Goto Start > Run.. type adsiedit.msc then press Enter 2. we need to drill down Configuration > Services > Microsoft Exchange > Administrative Group > First Administrative Group > Servers 3. Here we will see our server name. Right Click on server goto properties, goto Security tab and see the last group "Exchange Domain Servers" click on it and you will get the list of permissions given to this group. You will find "Full Control" is not enabled, and this is what we have to do. Enable it and click Apply.. Ok.. 4. Now go to your exchange server and try to restart System Attendent service, also MTA Stack and Information Store will be stopped, start them also.. And its done :-) DSAccess is what Exchange services use to access information in the Active Directory. In order for it to find the correct information, DSAccess needs to talk to Global Catalog servers, even if those servers are not in a domain where Exchange is installed. DSAccess will only talk to GCs that it has rights to. It will check to see if it has rights to that GC by checking if it has privileges to the Security Access Control List (SACL) on the GC. These rights are only propagated by the Recipient Update Service (RUS) and you can only create a RUS for domains that have been DomainPrepped. If you follow this chain, you’ll see that it comes down to "DSAccess needs to be able to talk to a GC", and in order to do that the GC has to be in a domain which has been DomainPrep’d and has a RUS pointed at it. So if you have a parent-child domain configuration, with Exchange only in the child domain, and GCs in the parent domain, you will have to run DomainPrep in the parent domain AND create a new RUS on an Exchange server in the child domain and point that RUS at the parent domain. Now I know you’re all asking the question "What if you don’t have a GC, or Exchange servers, or users getting Exchange mailboxes in the parent domain?" The answer is: "Then you don’t need to DomainPrep the parent domain." So if all your GCs are in the child domain, and none are in the parent domain, and there are never going to be any Exchange resources in the in the parent domain, then you don’t need to DomainPrep it or create a RUS for it. But that configuration doesn’t happen very often and the consequences for not DomainPreping the parent are bad enough (like the Exchange Information Store service won’t start) that we tell everyone to always domainprep the parent domain. What is the Dial-Tone server scenario? Dial-Tone failover is the process of bringing up a new Exchange server (2000-2007) with the same name as the failed server from production. The server will mount blank databases and be able to immediately allow end-users to send/receive email. None of the historical email, calendar entries or Public Folder data will be available, but new mail will flow. You can read up on the process for Exchange 2007 here: 116)When would you use offline backup? You must perform an offline defragmentation in the following situations: After performing a database repair (using Eseutil /p) After moving a considerable amount of data from an Exchange Server database. When an Exchange Server database is much larger than it should be. 117)How do you re-install Exchange on a server that has crashed but with AD intact? 118)What is the dumpster? When you delete an item from your mailbox, the item will be kept on the dumpster for as long as configured for your mailbox or for the mailbox database to which your mailbox belongs. As administrator you need to keep in mind however that when you move a mailbox from one mailbox database to another mailbox database, t hat the content of
the dumpster is not moved for that mailbox and therefore lost. How to Recover Deleted Emails in Outlook When you delete an email in Outlook it goes to the Deleted Items folder. Like the Recycle Bin on the Desktop, this gives you a second chance if you delete an email by accident. Where do emails go when you delete them out of the Deleted Items folder? If Outlook is using an account on an Exchange server, the answer is the Dumpster - the American word for a skip. This is the place Exchange stores deleted emails for a length of time, called the Retention Period, the length of which can set by an administrator, before finally and permanently deleting them. The Arrowmail Exchange servers have a Retention Period of 14 days. The Dumpster The good news is that you can access the Dumpster yourself from within Outlook. Here's how:Select the Deleted Items folder then click:Tools - Recover Deleted Items…
A window opens showing all the emails deleted from the Deleted Items folder which haven't exceeded the Retention Period. Select one or more emails you want to recover, click on Recover Selected Items and they will appear back in the Deleted Items folder:-
There's also the option to purge items from the Dumpster if there's a particular email you want to make disappear for good. You can also access the dumpster from Outlook Web Access, from the Options page:-
The Hidden Dumpster This is fine for emails that have passed through the Deleted Items folder, but it's possible to "hard delete" items straight to the Dumpster from any folder by holding down the Shift key while deleting an email. With Outlook open and an email selected in the Inbox, you're 4 key-presses away from disaster:Ctrl+a then Shift+Del This means "Select all emails in the Inbox" then "move them all to the hidden dumpster". I've lost count of the number of support calls I've had where this has happened. Emails hard deleted from any folder go to the Dumpster but, by default, you can only retrieve ones that have passed through the Deleted Items folder. To be able to access the entire Dumpster you need to make a Registry change. (Remember that care should always be taken when editing the Registry as there are settings in there that can render your Windows installation inoperable.) Click: Start - Run and type regedit then click OK to open the Registry Editor. Navigate to:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Options Click: Edit - New - DWORD Value Rename the new value: DumpsterAlwaysOn Double-click this new value and set its value to 1:-
Close Regedit Close Outlook, if it's open, restart it and the Recover Deleted Items… option will now be enabled for every folder, including those that contain Contacts, Calendar items, etc. You'll need to make this Registry edit on every PC from which you want to access the hidden dumpster. There's no way to access the hidden part of the Dumpster from Outlook Web Access. Recovering Deleted Emails from the Cache on another PC If some major catastrophe has happened with your email, and missing items are not recoverable from any part of the Dumpster, there may still be some things you can do. If you've been using Outlook with Exchange, in cached mode, on another PC, which is currently turned off, this PC will have a full copy of your Outlook data in a local OST file. This data will be as up-to-date as the last time you used Outlook on that PC, hopefully before the current problem occurred. The last thing you want to happen is for this PC synchronise with Exchange and so delete the items you're after from its cache so, before you turn this PC on or open Outlook, make sure that it's NOT connected to the Internet. Maybe pull out the network cable or turn off the wireless card.
When you open Outlook on this PC, while it's off-line, you should see all the missing items still there. The first task is to copy them to a local PST file:From within Outlook, click:File - New - Outlook Data File… Select Outlook Office Personal Folders File then click OK Click OK then OK to accept the default location and name of the new PST file. You'll now see a new set of folders in Outlook called Personal Folders. Drag-and-drop all the items you need from the mail folders, contacts, calendar etc. in the Exchange folders to the equivalent place in Personal Folders. When the copying process has completed you can safely re-enable your Internet connection and allow Outlook to synchronise with Exchange. The next thing to do is to copy the items you've saved to Personal Folders, back into your Exchange folders, as the synchronisation process will have just deleted them from there. Exchange will accept these as valid new items and will copy them back, first to your mailbox on the server, and then to the local caches on all the other computers where you use Outlook. When you're sure that this has worked, right-click on Personal Folders and select Close "Personal Folders". The local cache of your Exchange data, held on a PC, is your insurance against a failure of the Exchange server that could be unrecoverable. Maybe the building housing the server and the backup tapes has burnt down. You could then arrange to have your incoming emails diverted to a POP3 mailbox and access a SMTP server so that your email is functional again. I've seen someone working this way, more than 2 years after the Exchange server they were using disappeared. Archiving Email This is where a separate copy of all incoming and/or outgoing emails are stored on the mail-server in a read-only folder, separate from your mail mailbox which you can access and search through when the original of an email is nowhere to be found. If this is the only reason you have for keeping a mail archive then it's not too hard, or expensive, to organise such a system for keeping the last 30 days' emails. 115.What are the e00xxxxx.log files? All transactions are first logged to the current log file E00.LOG. If it gets full it will be saved to a file of the log generation E00xxxxx.LOG. The log files are by default stored in the same directories as the database files. The current log file E00.LOG (Note: E00 will be increased by 1 for each additional storage group.), which contains the most recent transactions. As soon as it gets full, Exchange will automatically save a copy in a log generation file like E00xxxxx.LOG, where xxxxx is a five digit hexadecimal number. The handling of the log generation depends on whether circular logging is enabled or not. 116.What is the e00.chk file? File- The checkpoint file is used to track which transactions have been committed to the database and which transactions have to be committed to the database. The name of the file is EX0.chk (X stands for the storage group) and its size is 8KB. The checkpoint file E00.CHK has an important role in Exchange database logging. First of, it maintains the current checkpoint. The current checkpoint always points to the last transaction that was successfully committed to the database. During normal operation, the Exchange Server always writes transactions to the log files first as they provide sequential access. This is much faster than writing to the database directly since it provides random access. The server will eventually write transactions to the databases as soon as it has idle time. The last transaction committed is pointed to by the current checkpoint. In case of a database corruption, it allows the Exchange Server to roll-forward from the last backup to the last known consistent state. The checkpoint file also maintains the backup checkpoints. Backup checkpoints are used to store the position of the current checkpoint at the beginning of a backup session to a temporary location. 117.What is circular logging? When would you use it? Database Circular Logging As stated before, all transactions are first logged to the current log file E00.LOG. If it gets full it will be saved to a file of the log generation E00xxxxx.LOG. This process is called transaction log rollover. The way the current log file is rolled over depends on the logging mechanism used. Microsoft Exchange provides circular and sequential logging mechanisms. Circular logging automatically overwrites transaction log files after the data they contain has been committed to the database. It reduces disk storage space requirements; however, if circular logging is enabled, you cannot perform incremental backups. To enable circular logging, go to the Properties window of a Storage Group and choose the General tab.
Circular logging (disabled by default) uses transaction log technology but does not maintain previous transaction log files. Instead, it maintains a window of a few log files, then removes the existing log files and discards the previous transactions after the transactions in the transaction log files have been committed to the database. This helps to manage disk space and keeps transaction logs from building up, but it prevents you from using differential or incremental backups, because they require the past transaction log files. In fact, because circular logging purges some transaction log files, you may not be able to recover to a point of failure by roll forward through the transaction log files—one or more may be missing. For this reason it is a good idea to disable circular logging on all Storage Groups (default setting). You can manage disk space easily enough by performing regular online backups, which purge the log files from the hard disk after they have been backed up. 118.What's the difference between online and offline defrag? Online Defragmentation Online defragmentation is one of several database-related processes that occur during Exchange database maintenance. By default, on servers running Exchange 2000 Server and Exchange Server 2003, Exchange Server database maintenance occurs daily between 01:00 (1:00 A.M.) and 05:00 (5:00 A.M.). Online defragmentation occurs while Exchange Server databases remain online. Therefore, your e-mail users have complete access to mailbox data during the online defragmentation process. The online defragmentation process involves automatically detecting and deleting objects that are no longer being used. This process provides more database space without actually changing the file size of the databases that are being defragmented. Note: To increase the efficiency of defragmentation and backup processes, schedule your maintenance processes and backup operations to run at different times. Offline Defragmentation Offline defragmentation involves using the Exchange Server Database Utilities (Eseutil.exe). ESEUTIL is an Exchange . Offline defragmentation can be done only when you dismount the database. 119.How would you know if it is time to perform an offline defrag of your Exchange stores? You must perform an offline defragmentation in the following situations: After performing a database repair (using Eseutil /p) After moving a considerable amount of data from an Exchange Server database. When an Exchange Server database is much larger than it should be. Generally speaking you should only use ESEUTIL under the following Circumstances (there are generally no exceptions): • When you have no usable backup of your Exchange Databases – Repair Scenarios
•
When you have had a lot of transient behaviour in the database – Defrag Scenarios – for example; o A large number of users have either left the company, or moved to another store within the environment You have installed a archiving solution into your environment and it has been running for at least 5 months o You have hit a limit on the Database (in the standard Edition of Exchange only) – this scenario should not happen when using SP2 of Exchange 2003 or Exchange 2007 When you have good reason (good means Application Event Log errors) that suggest a corruption in the Database – Integrity Scenarios When you wish to replay log files into the Database
o
• • •
When it is recommended by Microsoft Product Support Services, or when you are confident about using the command syntax and you are sure that it is going to be of benefit to you
120)How would you plan for, and perform the offline defrag? Defrag Exchange 2003 defragments the Exchange database every night. But this is only an online defrag of the database. An online defrag doesn’t reduce the size of the information store. To reduce the size of the databases, you must use an offline defrag. When should I use an offline defrag? Under normal conditions you don't need an offline defrag, but when you add tons of new users due to a merger or aquisition or when you delete many objects from the store it can be necessary to do an offline defrag. You can do a space dump with ESEUTIL /MS to determine the space. Also ensure that you have 110% free diskspace associated with the Exchange database size.
Figure 4: ESEUTIL /MS
121)What is the isinteg command
What is the eseutil command? ESEUTIL is a tool to defragment your exchange databases offline, to check their integrity and to repair a damaged/lost database. ESEUTIL is located in the \EXCHSRVR\BIN directory. This directory is not in the system path so you must open the tool in the BIN directory or enhance the system path with the \EXCHSRVR\BIN directory. Using ISINTEG for Exchange DB testing ISINTEG is used to check and fix the integrity of the Information Store DB in Exchange. It is the only tool that understands the Exchange DB at a mail and object level rather than at the pages/table level which ESEUTIL operates at. Given that this tool requires the DB to be dismounted you won't be running it all the time. Really you only need to run it when you are having specific problems perhaps with corrupted items in a mailbox for example. The follows links are a great source of help if you are planning to run this tool on your DB. Isinteg is a utility that searches through an offline information store for integrity weaknesses. You can also repair issues that Isinteg detects. Isinteg is run at a command prompt. When Isinteg is run at a command prompt, the following switches are available. This is also the usage display (-? switch). isinteg [-pri] [-pub] [-fix] [-l [logfilename]] Switch Result ------ ------ -? Usage is displayed. -pri Check private information store (default). -pub Check public information store. -fix Repair information store. -l [logfilename] Store log information in logfilename. Default is isinteg.pri or isinteg.pub. -patch Offline backup restore patch. Note Microsoft Exchange 2000 Server no longer uses the Isinteg -patch switch. The Isinteg -patch procedure is performed automatically when the Messaging Database (MDB) starts. Exchange 2000 also has the following additional switch. Switch Result ------ ------ -s Server name. In Exchange 2000 you must specify the database on which you are running Isinteg (for example, isinteg -s Server1 -test allfoldertests). For more information about the Exchange 2000 version of this command, click the following article number to view the article in the Microsoft Knowledge Base: You can use the Isinteg.exe tool to check and to fix the integrity of the information store databases including the private information store, Priv.edb, and the public information store, Pub.edb. MORE INFORMATION To view the command-line help about usage of Isinteg.exe, type the following command line from a command prompt: c:\program files\exchsrvr\bin>isinteg /? Output: Microsoft Exchange Information Store Integrity Checker v6.0.4417.0 Copyright (c) 1986-2000 Microsoft Corp. All rights reserved. Usage: isinteg -s ServerName [-fix] [-verbose] [-l logfilename] -test testname[[, testname]...] -s ServerName -fix check and fix (default - check only) -verbose report verbosely -l filename log file name (default - .\isinteg.pri/pub) -t refdblocation (default - the location of the store) -test testname,... folder message aclitem mailbox(pri only) delfld acllist rcvfld(pri only) timedev rowcounts attach morefld ooflist(pri only) global searchq dlvrto peruser artidx(pub only) search newsfeed(pub only) dumpsterprops Ref count tests: msgref msgsoftref attachref acllistref aclitemref newsfeedref(pub only) fldrcv(pri only) fldsub dumpsterref Groups tests: allfoldertests allacltests isinteg -dump [-l logfilename] (verbose dump of store data) To run Isinteg.exe to fix and to check the integrity of the information store, run the following line from a command prompt: c:\program files\exchsrvr\bin>isinteg -s servername -fix -test alltests For example: exchsrvr\bin\isinteg -s server1 -fix -test alltests
NOTE: You need to first start the information store service and dismount the databases; you can only check databases that are offline. Output: Databases for server SERVERNAME: Only databases marked as Offline can be checked (In this case only 1-Mailbox Store (SERVERNAME) can be checked). Index Status Database-Name Storage Group Name: First Storage Group 1 Offline Mailbox Store (SERVERNAME) 2 Online Public Folder Store (SERVERNAME) 3 Online Second Mailbox Store Enter a number to select a database or press Return to exit http://support.microsoft.com/kb/301460/ http://www.msexchange.org/tutorials/Exchange-ISINTEG-ESEUTIL.html http://support.microsoft.com/kb/182081 120.How would you monitor Exchange's services and performance? Name 2 or 3 options. You have Monitoring and Tools Options in ESM 121.Name all the client connection options in Exchange 2003. Outlook 2000/2003 Outlook Web Access. Outlook Mobile Access. RPC Over Http/Https.
122.What is Direct Push? What are the requirements to run it? 'Direct Push' technology is an additional feature added to Microsoft Exchange 2003 with a new service pack that adds messaging and security features currently also known as AKU2. Exchange Server enabled to push Outlook messaging directly to a phone device running Windows Mobile 5, using a subscriber's existing wireless phone account (instead of the device having to "pull" e-mail from the server). To achieve pushmail with any e-mail provider (i.e. other than Exchange) there is a plug-in from for emansio (formerly VGS Mail) that enables push mail with any e-mail provider, i.e. google mail etc. Direct Push is just a heartbeat away Background Exchange 2003 introduced the Always Up To Date notification feature (AUTD) that kept devices up to date by sending SMS triggers to the device. The triggers were sent from the enterprise as SMTP messages to the SMTP front end at the mobile operator. They were then sent through the SMS gateway as SMS messages to the device. This approach had some limitations since not all mobile operators did the SMTP to SMS conversion. Even when they did, there was latency involved with SMS messages and there were end-to-end reliability issues. Also some mobile operators charged for each incoming SMS message so that added an extra dimension to the cost of staying up to date. To alleviate these issues, Exchange 2003 SP2 introduced Direct Push. Direct Push Architecture Direct Push is a client initiated HTTP connection to the server where the device opens a connection to the Exchange Server and keeps it alive for a duration known as the heartbeat interval. Basically the client sets up the connection, chooses the appropriate heartbeat interval and tears down and reestablishes the connection if and when necessary. The server sends notifications about new items over this connection and the client synchronizes to get the new items. A new AirSync command called PING has been introduced for Direct Push. This command is sent as part of the POST request from the device. Summary of Interaction between the client, EAS server and Exchange 1. Device issues a PING command. 2. When the EAS server receives a PING command it does the following: · If the Ping command contains the heartbeat interval or folder list, it stores the information in AUTDSTATE.XML in the user's mailbox. The device does not need to send these parameters up again unless they change. · If the Ping command did not contain the heartbeat or folder list, it retrieves them from the mailbox server. · EAS subscribes to notifications for the folders. It issues DAV subscriptions using the SUBSCRIBE command. · Since there is a small window between the last SYNC and the SUBSCRIBE where changes could have occurred, EAS checks for changes. If there is a change, the server immediately notifies the client to sync by issuing a response to the PING command with a Status of 2. It does an UNSUBSCRIBE to delete the DAV subscription. If no changes have occurred, the server continues to wait for UDP notifications from the mailbox server. · If a notification arrives within the heartbeat interval, the server will inform the client to sync. A response to the PING command is issued with a Status of 2 indicating that there are changes. Otherwise, after the heartbeat interval elapses, the server will return a response to the PING command with a Status of 1 indicating that there are no changes. It does an UNSUBSCRIBE to delete the DAV subscriptions before issuing the PING response. Deployment Considerations for Direct Push 1. In order to use Direct Push, only the Exchange 2003 Front End servers need to be upgraded to SP2. However it is highly recommended that SP2 be installed on all Exchange Front End and back end servers.
If the Front End servers are load balanced, all the Front End servers need to be upgraded around the same time. 2. When there is new mail, the BE sends a UDP notification to the FE. Direct Push requires that UDP port 2883 be open from the BE to the FE. The port can be configured using the registry value UDPListenPort under HKLM\SYSTEM\CurrentControlSet\Services\MasSync\Parameters. If this value is set through the registry, the value must be greater than or equal to 1 and less than or equal to 65535. 3. With Direct Push, the device keeps a connection open to the Exchange server. If you have a firewall between the device and the Exchange server, you must increase the idle connection timeout on the firewall. Please note that this is the idle connection timeout (i.e.) when there is no data transfer between client and server. For more information, please refer to KB titled "Enterprise firewall configuration for Exchange ActiveSync Direct Push Technology" available at http://support.microsoft.com/?kbid=905013 4. If you are using ISA 2000, you need to add a registry key on the ISA server to use direct push. Please refer to the KB titled "The ISA Server response to client options requests is limited to a predefined" available at http://support.microsoft.com/?ID=304340 for information on how to add the registry key. Heartbeat Interval The device specifies the heartbeat interval as part of the PING command. This dictates how long the server must keep the connection alive. The device will dynamically converge to the highest possible heartbeat interval for a given network, based on the mobile operator timeouts, firewall timeouts etc. The higher the heartbeat interval, the better it is for battery life. So the heartbeat is optimized for a given network. You can change the minimum and maximum heartbeat interval settings on the server through the registry. The settings are MinHeartbeatInterval and MaxHeartbeatInterval under HKLM\SYSTEM\CurrentControlSet\Services\MasSync\Parameters The defaults are 1 and 45 minutes respectively. Note that the maximum is hard coded to 59 minutes since the maximum possible DAV subscription lifetime is 60 minutes. You can also specify a heartbeat alert threshold. The server maintains a sliding window of the last 200 heartbeat intervals supplied by clients. If the average from this sample is less than or equal to the alert threshold, there will be a warning in the event log "The average of the most recent heartbeat intervals used by clients is less than or equal to x. Please check your firewall settings to ensure that they permit requests to Exchange ActiveSync to live for at least 15 minutes." The alert threshold and sample size can be configured through the registry. The settings are HBiSampleSize and HbiAlertThreshold under HKLM\SYSTEM\CurrentControlSet\Services\MasSync\Parameters Configuring Direct Push on the Server By default, Direct Push is enabled in Exchange 2003 SP2. However you can enable/disable it in Exchange System Manager. In ESM expand Global Settings, right-click on Mobile Services, Properties and check/uncheck the box for "Enable Direct Push over HTTP(S)"
You can also change this setting on a per-user basis using Active Directory Users and Computers. In ADU&C, click on the user, Properties, Exchange Features tab, under Mobile Services enable/disable Up-to-Date Notifications. This controls both SMS based AUTD and Direct Push for the user. Configuring Direct Push on the client A Direct Push capable device will automatically negotiate the protocol with the server and configure itself to use Direct Push. The sync schedule is set to "As new items arrive". Direct Push Initialization 1. Verify that Exchange ActiveSync is loaded and IP-based AUTD is initialized by checking the application log on the FE for events below. Exchange Activesync gets initialized on the first sync attempt. Event Type: Information Event Source: Server ActiveSync Event Category: None Event ID: 3002 Date: 3/19/2006 Time: 12:44:08 PM User: N/A Computer: 1B25A Description: Microsoft Exchange ActiveSync has been loaded: Process ID: [3048]. Event Type: Information Event Source: Server ActiveSync Event Category: None Event ID: 3025 Date: 3/19/2006 Time: 12:44:19 PM User: N/A Computer: 1B25A Description: IP-based AUTD has been initialized. 2. Verify that the FE is listening on port 2883. To check if the server is listening on the AUTD port, you can run "netstat -ano". Here are results before and after IPbased AUTD has initialized. Before
Proto
Local Address
Foreign Address
UDP UDP
0.0.0.0:1985 0.0.0.0:3456
*:* *:*
Proto
Local Address
Foreign Address
UDP UDP UDP
0.0.0.0:1985 0.0.0.0:2883 0.0.0.0:3456
*:* *:* *:*
State
PID 1928 3356
After State
PID 1928 3048 3356
Netstat provides the Process ID which matches the EAS process per the initialization event in the application log. Another way to check if the server is listening on the AUTD port is to use PortQry(available on Microsoft.com). This lists the process that is listening on the port Process ID: 3048 (w3wp.exe) PID 3048 3048 3048
Port TCP 31479 TCP 31480 UDP 2883
Local IP 172.29.8.222 172.29.8.222 0.0.0.0
State ESTABLISHED ESTABLISHED
Remote IP:Port 172.29.9.107:3268 172.29.9.107:389 *:*
123.How would you remote wipe a PPC? Remote Wipe The Microsoft Exchange ActiveSync Mobile Administration Web tool enables the remote wipe feature added in SP2. This tool enables administrators and help desk professionals to manage the process of remotely erasing lost, stolen, or otherwise compromised mobile devices. After the remote wipe has been completed, the administrator receives an acknowledgement that the mobile device has been wiped. The ability to perform a remote wipe is useful when an end user loses his or her mobile device, or if the device is stolen and there is a risk that personal or confidential information could be accessed. This feature is enabled over a Web application that is restricted to Exchange Administrators by default. Other individuals can be added as required. Using this Web application, you can perform the following tasks: • View a list of all mobile devices that are being used by any enterprise user. • Send or cancel remote wipe commands to mobile devices. • View the status of pending remote wipe requests for each mobile device. • View a transaction log that indicates which administrators have issued remote wipe commands, in addition to the mobile devices those commands pertain to. • Delete an old or unused partnership between devices and users. 124.What are the issues with connecting Outlook from a remote computer to your mailbox? How would you solve those issues? Name 2 or 3 methods 125.What is Cached Mode in OL2003/2007? Outlook 2002 and earlier gives you the capability to use an offline file with an Exchange Server account. The offline file is a local copy of your mailbox data stored on your computer's local hard disk. By using an offline file, you can continue working with your mailbox even when your server isn't available. So, you can still read e-mail messages you've already downloaded, work on tasks, compose messages, and perform all of the other standard tasks you can accomplish by using Outlook when your computer is connected to the server. In Outlook 2003, offline file capability is improved with better connection management and synchronization. The offline file feature in Outlook 2003 is called Cached Exchange Mode. To turn on Cached Exchange Mode for your account in Outlook 2003 1. Exit Outlook.
2. 3. 4. 5. 6.
Click Start, click Control Panel, and then double-click Mail. In the Mail Setup dialog box, click E-mail Accounts. In the E-mail Accounts Wizard, select View or change existing e-mail accounts, and then click Next. Select Microsoft Exchange Server, and then click Change. Select the Use Cached Exchange Mode check box, click Next, and then click Finish.
The next time that you start Outlook, it will begin creating the local cache copy of your mailbox and synchronize your local cache with the mailbox on the server. If you have a lot of items in your mailbox, synchronization might take time. It's best to synchronize the two the first time through a local connection to your server, rather than through a remote connection (such as using RPC over HTTP). To set up an offline file in Outlook 2002 1. Exit Outlook.
2. 3. 4. 5. 6. 7.
Click Start, click Control Panel, and then double-click Mail. In the E-mail Setup dialog box, click E-mail Accounts. In the E-mail Accounts Wizard, select View or change existing e-mail accounts, and then click Next. Select the Microsoft Exchange Server account, and then click Change. On the third page of the wizard, click More Settings.
In the Microsoft Exchange Server dialog box, click the Advanced tab, and then click Offline Folder File Settings. 8. Select a location and file name for the Office Folder file (.ost). 9. Do one of the following: To accept the defaults and create the file, click OK. Type a location and file name in the File box, and then click OK.
10. In the Microsoft Exchange Server dialog box, click OK, click Next, and then click Finish. 11. Close any remaining dialog boxes.
Using Remote Mail Outlook includes a specific feature called Remote Mail, which you can use to view message headers (that is, the summary information about messages, including the subjects and senders of the messages) and to manage messages without downloading them. Why is that important when you work away from the office? If you receive a lot of mail, particularly with documents or other attachments, downloading your mail over a slow connection (such as a dial-up connection) seems to take forever. By using Remote Mail, you can download just the header, and then look at the subject and sender to determine whether you want to download the message itself. If so, you mark the message header for download and review the remaining message headers. When you've marked all of the headers for the messages that you want downloaded, you can direct Outlook to download the messages. Remote Mail is also helpful for cleaning out junk e-mail messages from your mailbox without taking the time required to download the messages. Just mark the headers for deletion so that Outlook deletes the messages from your mailbox the next time Outlook connects to the server. Remote Mail was originally a feature specific to Exchange Server accounts; but because Outlook evolved, so has this handy feature. You can still use Remote Mail for Exchange Server accounts, but as explained in detail in Microsoft Office Outlook 2003 Inside Out, you can use Remote Mail for non–Exchange Server accounts as well. The following link has complete instructions on setting up and using Remote Mail for Exchange Server: Use Remote Mail to download headers and messages. NOTE You must add an Offline Folder file (.ost) to your Outlook profile to use Remote Mail. You can't use Remote Mail if you are using Cached Exchange Mode in Outlook 2003. 126.What are the benefits and "issues" when using cached mode? How would you tackle those issues? Benefits 1. By using an offline file, you can continue working with your mailbox even when your server isn't available. So, you can still read e-mail messages you've already downloaded, work on tasks, compose messages, and perform all of the other standard tasks you can accomplish by using Outlook when your computer is connected to the server.
2. You need not be Online to view your emails. Issues If you have a lot of items in your mailbox, synchronization might take time. 127.What is S/MIME? What are the usage scenarios for S/MIME?
S/MIME (Secure Multi-Purpose Internet Mail Extensions) is a secure method of sending e-mail that uses the Rivest-Shamir-Adleman encryption system . An alternative to S/MIME is PGP/MIME, which has also been proposed as a standard. S/MIME (Secure / Multipurpose Internet Mail Extensions) is a protocol that adds digital signatures and encryption to Internet MIME (Multipurpose Internet Mail Extensions) messages described in RFC 1521. MIME is the official proposed standard format for extended Internet electronic mail. Internet e-mail messages consist of two parts, the header and the body. The header forms a collection of field/value pairs structured to provide information essential for the transmission of the message. The structure of these headers can be found in RFC 822. The body is normally unstructured unless the e-mail is in MIME format. MIME defines how the body of an e-mail message is structured. The MIME format permits e-mail to include enhanced text, graphics, audio, and more in a standardized manner via MIME-compliant mail systems. However, MIME itself does not provide any security services. The purpose of S/MIME is to define such services, following the syntax given in PKCS #7 (see Question 5.3.3) for digital signatures and encryption. The MIME body section carries a PKCS #7 message, which itself is the result of cryptographic processing on other MIME body sections. S/MIME standardization has transitioned into IETF, and a set of documents describing S/MIME version 3 have been published there. S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encryption). S/MIME specifies the application/pkcs7-mime (smime-type "enveloped-data") type for data enveloping (encrypting): the whole (prepared) MIME entity to be enveloped is encrypted and packed into an object which subsequently is inserted into an application/pkcs7-mime MIME entity. S/MIME functionality is built into the vast majority of modern e-mail software and interoperates between them.
S/MIME CERTIFICATES Before S/MIME can be used in any of the above applications, one must obtain and install an individual key/certificate either from one's in-house certificate authority (CA) or from a public CA such as one of those listed below. Best practice is to use separate private keys (and associated certificates) for Signature and for Encryption, as this permits escrow of the encryption key without compromise to the non-repudiation property of the signature key. Encryption requires having the destination party's certificate on store (which is typically automatic upon receiving a message from the party with a valid signing certificate). While it is technically possible to send a message encrypted (using the destination party certificate) without having one's own certificate to digitally sign, in practice, the S/MIME clients will require you install your own certificate before they allow encrypting to others. A typical basic personal certificate verifies the owner's identity only in terms of binding them to an email address and does not verify the person's name or business. The latter, if needed (e.g. for signing contracts), can be obtained through CAs that offer further verification (digital notary) services or managed PKI service. For more detail on authentication, see Digital Signature. Depending on the policy of the CA, your certificate and all its contents may be posted publicly for reference and verification. This makes your name and email address available for all to see and possibly search for. Other CAs only post serial numbers and revocation status, which does not include any of the personal information. The latter, at a minimum, is mandatory to uphold the integrity of the public key infrastructure.
128.What are the IPSec usage scenarios for Exchange 2003? Used for communications between Front-End and Back-End Exchange servers. 129.How do you enable SSL on OWA? SSL Enabling OWA 2003 using your own Certificate Authority Why spend money on a 3rd party SSL certificate, when you can create your own for free? In this article I will show you step by step how you create your own SSL Certificate, which among other things is needed in order to properly secure Outlook Web Access on your Exchange 2003 Server. Configuring the Certificate Authority The first thing to do is to decide which server should hold the Certicate Authority (CA) role, it could be any server as long as it’s at least a member server. If you have a single box setup, such as a Small Business Server (SBS), the decision shouldn’t be very hard. Note: In order to add the Certificate Service Web Enrollment component (subcomponent to CA), which we’re going to use in this article, the server needs to be running IIS, so if you haven’t already done so, install IIS before continuing with this article. If you plan on installing the CA component on the Exchange server itself, then there’s nothing to worry about, because as you know, Exchange 2003 relies heavily on IIS, which means It’s already installed. To install the CA component, do the following: Click Start > Control Panel > Add or Remove Programs Select Add/Remove Windows Components Put a checkmark in Certificate Services Below screen will popup as a warning, just click Yes > then Next
We now have to select what type of CA to use, choose Enterprise root CA and click Next
In the following screen we have to fill out the Common name for our CA, which in this article is mail.testdomain.com. Leave the other fields untouched and click Next >
We now have the option of specifying an alternate location for the certificate database, database log, and configuration information. In this article we will use the defaults, which in most cases should be just fine. Now click Next >
The Certificate Service component will be installed, when it’s completed, click Finish
Creating the Certificate Request Now that we have installed the Certificate Services component, it’s time to create the Certificate Request for our Default Website. We should therefore do the following: Click Start > Administrative Tools > Internet Information Services (IIS) Manager Expand Websites > Right-click Default Website then select Properties Now hit the Directory Security tab Under Secure Communications click Server Certificate…
As we’re going to create a new certificate, leave the first option selected and click Next >
Because we’re using our own CA, select Prepare the request now, but send it later, then click Next >
Type a descriptive name for the Certificate and click Next >
We now need to enter our organization name and the organizational unit (which should be pretty self-explanatory), then click Next >
In the next screen we need to pay extra attention, as the common name reflects the external FQDN (Fully Qualified Domain Name), to spell it out, this is the address external users have to type in their browsers in order to access OWA from the Internet. Note: As many (especially small to midsized) companies don’t publish their Exchange servers directly to the Internet, but instead runs the Exchange server on a private IP address, they let their ISP’s handle their external DNS settings. In most cases the ISP creates a so called A record named mail.domain.com pointing to the company’s public IP address, which then forwards the appropriate port (443) to the Exchange servers internal IP address. When your have entered a Common Name click Next >
Now it’s time to specify the Country/Region, State/Province and City/locality, this shouldn’t need any further explanation, when you have filled out each field, click Next >
In the below screen we have to enter the name of the certificate request we’re creating, the default is just fine, click Next >
In this screen we can see all the information we filled in during the previous IIS Certificate Wizard screens, if you should have made a mistake, this is your last chance to correct it. If everything looks fine click Next >
And finally we can click Finish. Getting the Pending Request accepted by our Certificate Authority Now that we have a pending Certificate Request, we need to have it accepted by our CA, which is done the following way: On the server open Internet Explorer Type http://server/certsrv Note: In order to access the Certsvr virtual folder, you may be prompted to enter a valid username/password, if this is the case use the Administrator account. When you have been validated the Windows 2003 Server will most probably block the content of the CertSrv virtual folder, which means you wil have to add it to your trusted sites in order to continue. Now that you’re welcomed by the Certificate Services, select Request a Certificate
Click advanced certificate request
Under Advanced Certificate Request click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file
Now we need to insert the content of the certreq.txt file we created earlier, you can do this by clicking the Browse for a file to insert or by opening the certreq.txt file in notepad, then copy/paste the content as shown in the screen below, then click Submit >
Now select Base 64 encoded then click Download certificate
Click Save
Choose to save the certnew.cer on the C: drive > then click Save
Close the Microsoft Certificate Services IE window. Appending the Certificate to the Default Website Okay it’s time to append the approved Certificate to our Default Website, to accomplish this we need to do the following: Click Start > Administrative Tools > Internet Information Services (IIS) Manager Expand Websites > Right-click Default Website then select Properties Now select the Directory Security tab Under Secure Communications click Server Certificate… > then Next
Select Process the pending request and install the certificate > click Next >
Unless you have any specific requirements to what port SSL should run at, leave the default (443) untouched, then click Next >
You will now see a summary of the Certificate, again if you should have made any mistakes during the previous wizard screens, this is the final chance to correct them, otherwise just click Next >
The Certificate has now been successfully installed and you can click Finish
Enabling SSL on the Default Website We have now appended the Certificate to our Default Website, but before the data transmitted between the clients and the server is encrypted, we need to click the Edit… button under Secure Communications. Here we should put a checkmark in Require Secure Channel (SSL) and Require 128-bit encryption just like below:
Now click OK. Testing our SSL enabled Default Website Now that we have gone through all the configuration steps necessary to enable SSL on our Default Website, it’s time to test if our configuration actually works. From the server (or a client) open Internet Explorer, then type: http://exchange_server/exchange
You should get a screen similar to the one shown below:
This is absolutely fine, as we shouldn’t be allowed to access the Default Website (and any virtual folders below) through an unsecure connection. Instead we should make a secure connetion which is done by typing https, therefore type below URL instead: https://exchange_server/exchange The following box should appear:
Note: You may have noticed the yellow warning sign, this informs us The name on the security certificate is invalid or does not match the name of the site. Don’t worry there’s nothing wrong with this, the reason why it appears is because we aren’t accessing OWA through the common name, which we specified when the certificate was created. When you access OWA from an external client through mail.testdomain.com/exchange, this warning will disappear. Click Yes You will now be prompted for a valid username/password in order to enter your mailbox, for testing purposes just use the administrator account, like shown below:
Now click OK We should now see the Administrator mailbox.
Notice the yellow padlock in the lower right corner, a locked padlock indicates a secure connection, which means OWA now uses SSL. Final words Even though it’s possible to run your OWA environments without securing it with a SSL certificate, I strongly advise against doing so, as this would mean any traffic send between the external OWA clients, and the Exchange server would be sent in cleartext (this includes the authentication process). As you now know SSL provides us with 128-bit encryption, but be aware enabling SSL in your OWA environment isn’t an optimal security solution, in addition to enabling SSL, you should at least have some kind of firewall (such as an ISA server) placed in front of your Exchange server(s). You might also consider enabling the new Exchange 2003 functionality Forms Based Authentication, which provides a few additional benefits such as a new logon screen, which, among other things, uses session cookies to make the OWA sessions more secure, unfortunately the Forms Based Authentication functionality is out of the scope of this article, but I will at some point of time in the near future write another article covering this funtionality. 130.What are the considerations for obtaining a digital certificate for SSL on Exchange? 131.Name a few 3rd-party CAs. Verisign, Entrust, GlobalSign, Comodo, Thawte, Geotrust 132.What do you need to consider when using a client-type AV software on an Exchange server? 133.What are the different clustering options in Exchange 2003? Which one would you choose and why. It is not sufficient to simply upgrade front-end servers to Exchange 2003 for users to get the new interface. You must upgrade back-end servers to Exchange 2003 as well Interface matrix Ex2000 FE + Ex2000 BE = Ex2000 OWA Ex2003 FE + Ex2000 BE = Ex2000 OWA Ex2000 FE + Ex2003 BE = Not supported (AG protected) Ex2003 FE + Ex2003 BE = Ex2003 OWA Ability to Reply and Forward to Messages and Posts in Public Folders is only enabled when the client is using a front-end server. Forms-based authentication (FBA) is functional for deployments where the FE is Exchange 2003, but the mailbox is still on Exchange 2000. However, session timeouts are handled much better if the BE are also Exchange 2003
134. What do you have to do to secure a Exchange server from being a relay? 135. When a full backup runs what does it do to the log files? 136. What the basic steps to recovering a Lost Exchange/DC server? 137.what are the component of exchange 2003?
138.what are the pre windows requirement of exchange? s 139.how to configure server to keep deleted item? 140.is it possible to install exchange wethout ads? 141.what is use of .net framework and asp.net in exchange?
-
Exchange 2003 Enterprise Questions
142. What is the maximum number of exchange sites in a domain? 143. what is the maximum number of Exchange sites can you run in a forest? 144.What is the maximum number of containers can you create in an exchange server enterprise? 145.How can you convert a server into Domain controller, where exchange is running on top? )-: Tricky one 146.Can you rename Exchange server? Why or Why not? 147.What is the difference speaking of ISinteg and EseUtil ? Now here is the hard one 148.What event log shows up on the Exchange servers, shows available white space (1221) 149.What is an Mx record. 150.What are valid values for an Mx record? (IP, Glue, Cname?) 151.What happens if two mx records have the same preference? Different preference? 152.What is a TTL value? And why should I care? 153.What is the difference between EHLO and HELO? 154.How do front-end / back-end servers handle SMTP and OWA 155.How do you open a firewall to allow Outlook clients to get to the Exchange server (this is partially a trick question. I want to see if they know that the ports can be statically mapped, but that it is a bad practice and either OWA should be used or RPC over HTTP)
156.What is a good way to secure OWA servers that are accessible from the Internet (I'm looking for reverse-proxy solutions)
157. Understanding of antivirus solutions, message scanning, and what type of software to use on the server
158.Philosophy on service packs, updates, hotfixes, and scheduled maintenance 159. If clusters are involved, how to manage failovers, what can / can't
you run on a cluster (such as IS, MTA, SA, Chat, SRS, etc...), starting and stopping services, updates/service packs, etc...
160. If you are monitoring your Exchange server, what 5 - 10 important things would you monitor and
how
often? Ethical type questions, such as is it okay to look at other user's mail recreationally. (I have seen admins fired for that)
several
161.Minimum permissions to create mailboxes? Move mailboxes? Delete mailboxes 162.Exchange and Active Directory interaction, especially knowledge of global catalogs 163. Testing / diagnosis approach to Exchange problems (TELNET, NSLOOKUP, Port Query, DCDIAG, NETDIAG, etc...)
164.How would you get ExMerge running? Permissions required to run it to extract mail data. 165.Tell me about recipient policies and what the RUS does. What occasionally goes wrong with the
RUS during
infrastructure changes. 166.What would you do to make Exchange more resilient / available?
167.If a migration is involved, tell me about the ADC and the SRS functions. 168.Describe the IIS SMTP service. Others might be more concerned about architecture: Describe how you'd configure a server for $number users. 169.Which is better? More databases in fewer storage groups or more storage groups with fewer databases? Why? Others might be more concerned about day to day user support: Jane has gotten married, how would you modify her account? The CEO can't connect to Exchange, he's getting the error 'unable to open your default folder', what would you do to troubleshoot?
Troubleshoot 10 common Exchange problems 170.Users cannot access server– If you users can not access your Exchange system, but your system and Exchange services are running, there are several possible explanations. The first thing to check is that your network is responding properly. If users do have lost network connectivity, you will need to check their overall connectivity status, connectivity to other servers on the same switch as the Exchange server, also check the network controller in your Exchange system and verify that the system has connectivity to elsewhere on your network. Another possible reason for users not being able to connect to your Exchange system is if your Active Directory has stopped authenticating users. If your users cannot authenticate, then they will not be able to log into your Exchange system. 171.User’s messages are disappearing from their mailbox– If messages are disappearing from users mailbox, one common cause of this is the auto archive feature in Outlook. This happens when the PST file being archived to becomes corrupt. To correct this you must find the PST, and run the ScanPST.exe tool (included with Outlook) to repair the PST file. 172.A user’s account was mistakenly deleted from Active Directory, and now they cannot access their mail– If a users account has been deleted from Active Directory, their association to their mailbox is deleted. Normally, you can just right click the mailbox in Exchange System Manager and reconnect the mailbox to a new account. If this option is not available, you may need to run the Mailbox Cleanup on the Information Store containing the mailbox.
173.Outgoing mail is not being delivered, and is stuck in your queue – If your outgoing mail is not being delivered, and is stuck in your queue, the first corrective action you should take is to restart your SMTP service. If this does not work, you should check your DNS resolution. Perform an nslookup (with type=mx) on your mail server, and see if you can resolve several domains you commonly exchange mail with. If you cannot pull MX records for those domains, then you should perform and IPCONFIG /FLUSHDNS to flush your DNS cache. If this does not work, then you will need to begin troubleshooting your DNS infrastructure. 174.Mail is not being delivered to a Distribution List -If you have one (or more) distribution lists that are not receiving mail that is being sent to them, you need to check that the group type in Active Directory has not been changed from the group type Distribution to the group type Security. 175.Mail to a certain user is not being delivered, and a trace shows it as stopping at the step “Submitted to Categorizer” – If you have a message that is not being delivered, and a trace shows that it never goes past the step “Submitted to Categorizer” it shows that Exchange is unable to determine what should be done with the mail. One common cause of this, is that the message is being sent to a users contact. If this is the case, delete the contact and recreate it. This will often correct the problem, as the contact has become corrupt. 176.Some users passwords are rejected when attempting to access your system through IMAP --If a users password contains a special ASCII character (such as ½), they will not be able to access IMAP. Passwords must contain only standard characters and symbols to access IMAP. 177.SMTP Service keeps crashing-- – If you SMTP service keeps crashing, the first thing you should do is to empty your mail queues, then restart the service. Many times a corrupt piece of mail will cause the service to crash when it attempts to process it. 178.After switching your outgoing mail to deliver to a smart host, you mail sits in your queue- – This is due to a common mistake when setting up smart hosts. The IP address of the smart host must be surrounded in brackets, such as [192.168.1.1]. If you do not use the brackets, mail will not be delivered. 179.Your Exchange system must be restarted due to out of memory issues, when there is physical memory available-– In Exchange 2003, if your system has more than 1gb of physical ram, you must use the /3gb switch in the boot.ini file. This will allow Exchange to address 3 GB of virtual address, and only 1 GB of virtual address space is allotted to the operating system. How to defragment Exchange databases 180.I am planning for offline defragmentation (store Wise). As per my understanding we require 110% free space w.r.t the store size which need to be defragmented. But presently we have 50% free space only w.r.t store size. Can someone pl. tell me some idea so that defrag will be possible for such stores for which free space is only 50% instead of 110% You can try the following options: 1. Copy the stores to another computer where there is enough space. 2. Specify the temporary path to another drive with the /t switch. 3. Specify the temporary path to a shared folder on another computer with the /t switch. (Really NOT recommended. We are taking risk if the defragmentation cannot be finished successfully.) Refer to the below link 328804.KB.EN-US How to Defragment Exchange Databases http://support.microsoft.com/default.aspx?scid=KB;EN-US;328804
181.Checking the Exchange Service Pack Level Follow the instructions provided below: 1. Open Windows Explorer and go to the install folder of the Exchange server. 2. From the BIN directory, search for and select STORE.exe. 3. From to the Explorer menu, select File > Properties to view the properties of STORE.exe. Alternatively, you can right-click on STORE.exe to view the properties. 4.Select the Version tab to view the Exchange Service Pack Level of the Microsoft Exchange server.
182.HOW TO Configure Connectors to Reject Messages from Specific 1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager. 2. Expand the Administrative Groups object, expand the First Administrative Group object, expand the Routing Groups object, and then expand the routing group that you want to work with. 3. Expand the Connectors container, right-click the connector that you want to work with, and then click Properties. 4. Click the Delivery Restrictions tab. 5. Under By default, messages from everyone are, make sure that Accepted is selected. 6. Under Reject messages from, click Add.
7. In the Select Recipient dialog box, click the users, contacts, and groups from which you do not want to accept messages. All other senders are accepted automatically. Note To select a group of recipients, press and hold the CTRL key while you select the recipients. 8. Click OK twice. Note After you complete the procedure, enable restriction checking in the registry [/u] 183.Recipients do not recieve a email when it was replied to all We are using Exchange 2003 with sp1 , some user do not recieve an copy of email when it was replied to all also no NDR is received. This problem can occur when a user clicks Reply to all in an e-mail message, and a recipient is included whose e-mail address is malformed. For example, the e-mail address for one of the intended recipients may contain a mismatched delimiter, such as only one of the following pairs of delimiters: "",{},<> Microsoft is having a hotfix for the same , please follow the below link to download the same http://support.microsoft.com/kb/KB900719 184.New Features in Exchange Server 2003 SP 2 Storage - Database Size Limit Configuration and Management Video Intelligent Message Filtering Sender ID Filtering Specifying the Servers to Exclude from Connection Filtering Improved Offline Address Book Performance Moving Public Folder Content to a Different Server Manage Public Folders Settings Wizard Synchronizing the Public Folder Hierarchy Manually Stopping and Resuming Replication Tracking Public Folder Deletion Enabling/disabling MAPI Access for a Specific User Enabling Direct Push Technology Remote Wiping of Mobile Devices Global Address List Search for Mobile Devices Certificate-Based Authentication and S/MIME on Mobile Devices Exchange Server 2003 SP2 Overview Add even better protection, reliability, and easier administration as well as improved mobile messaging to your Exchange Server 2003 messaging environment when used with compatible devices. What Is SP2? SP2 is a cumulative update that enhances your Exchange Server 2003 messaging environment with: Mobile e-mail improvements Better protection against spam Mailbox advancements Mobile E-Mail Improvements SP2 offers a huge leap forward in mobility capabilities. With SP2, Exchange Server 2003 can offer a significantly improved Microsoft Outlook experience on mobile devices as well as additional security and device control. As always, the Exchange ActiveSync protocol does not require expensive software or outsourcing fees to access data on your server running Exchange Server. The mobility enhancements in SP2 give you: New seamless Direct Push Technology e-mail experience. No longer is there a reliance on short message service (SMS) to notify and ensure that your device automatically retrieves new e-mail from your Exchange server. SP2 uses an HTTP connection, maintained by the device, to push new e-mail messages, calendar, contact, and task notifications to the device. Additional data compression. This translates to a faster experience when sending and receiving messages and reduced sync times. Additional Outlook properties. This includes support for task synchronization and pictures in your list of contacts. In addition, you can now look up people by using the Global Address List (GAL) over the air. Greater control over device security. This includes:
Policy setting. Unlock a device with a password. Local wipe. Decide how many incorrect logon attempts are permitted before your data might be at risk. Remote wipe. Lost, stolen, or misplaced devices are never out of reach. You decide when it’s prudent to reset devices remotely over the Web.Such policies help to ensure corporate data or applications are not compromised when devices are lost or get into the wrong hands. New optional support for certificate-based authentication. This eliminates the need to store corporate credentials on a device. Added support for Secure/Multipurpose Internet Mail Extensions (S/MIME). With S/MIME, you can sign and encrypt messages coming to and from mobile devices. For details about the other mobility features in Exchange Server 2003, see New Mobility Features in Exchange Server 2003 SP2. Most mobile e-mail improvements, with the exception of support for tasks and for pictures in contacts lists, require that your device or the software on the devices be compatible with Exchange Server 2003 SP2. Windows Mobilebased devices require the Messaging and Security Feature Pack f or Windows Mobile 5.0. Licensees of the Exchange ActiveSync protocol can take advantage of these improvements through updates to their messaging applications or devices. The roadmap for those devices is owned and managed by the licensee. Better Protection Against Spam SP2 delivers improved protection against spam to help ensure a secure and reliable messaging environment, including: Updated and integrated Exchange Intelligent Message Filter. Based on the same patented SmartScreen filtering technology developed by Microsoft Research and now incorporated in Microsoft Office Outlook 2003, MSN Internet Software and Services, and MSN Hotmail, SP2 incorporates the latest data and updates to the Exchange Intelligent Message Filter. Improvements to this filter ensure a continued focus on identifying spam and reducing false positives. These updates include new capabilities in the fight against spam including blocking phishing schemes. Phishing schemes attempt through deception to fraudulently solicit sensitive personal information by masquerading as legitimate Web sites. New support for Sender ID e-mail authentication protocol. This new feature further helps prevent unwanted mailbox phishing and spoofing schemes by verifying the IP address of the e-mail sender against the purported owner of the sending domain. Spoofing attacks occur when one person or program is able to masquerade successfully as another to gain access to personal e-mail messages. The result of the Sender ID check is used as input to the Exchange Intelligent Message Filter. The sender must have registered a list of the valid IP addresses in DNS for accuracy. To learn more about Sender ID, see the Sender ID page on the Microsoft Safety site. Sender ID framework
Mailbox Advancements Drive down operational costs and the complexity of your messaging environments with advances such as: Increase in mailbox storage size limits to 75 gigabyte (GB) for Exchange Server 2003 Standard Edition in response to your feedback and evolving mailbox storage needs. New offline address book format offers significantly improved performance particularly when Outlook clients are operating in cached mode. Cached mode enforcement with added flexibility. You can grant access to a user who has configured Microsoft Office Outlook to run in cached mode, but deny access otherwise. This new feature is especially beneficial to organizations seeking to further site and server consolidation by taking advantage of the performance improvements enabled by cached mode.
Finer controls for public folders, including better replication and permissions management, safe removal of servers, and folder deletion logging to increase administrative efficiency. Full support for Novell GroupWise 6. x connectors and migration tools. Iberian and Brazilian Portuguese spelling checker for Microsoft Office Outlook Web Access.
4. What is the new major feature introduced in Exchange 2003, which was not included in Exchange 2000? 5. How can you recover a deleted mail box ? 7. What are the port Numbers for pop3, imap, smtp port, smtp over ssl, pop3 over ssl, imap over ssl ? 8. Difference between Exchance 2003 and 2007? 9. what is RPC over Http ? 10. What is required for using RPC over Https with MS Outlook ? 11. If you have deleted the user, after you recreated the same user. How you will give the access of previous mail box ? 12. What are the prequisite for installation of Exchange Server ? 13. What is the use of NNTP with exchange ? 14. If NNTP service get stoped, what features of exchange will be effected ? 15. Which protocol is used for Public Folder ?
51. What are administrative templates? 52. What's the difference between software publishing and assigning? 53. Can I deploy non-MSI software with GPO? 54. You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers etc.) on the computers in one department. How would you do that? Answer What When #2
are application partitions? do I use them Application Directory Partition is a partition space in Active Directory which an application can use to store that application specific data. This partition is then replicated only to some specific domain controllers. The application directory partition can contain any type of data except security principles (users, computers, groups).
0
Premkumar
Technical Interview Questions? 7. Can a workstation computer be configured to browse the Internet and yet NOT have a default gateway? 8. What is a subnet? 9. What is APIPA? 10. What is an RFC? Name a few if possible (not necessarily the numbers, just the ideas behind them) 11. What is RFC 1918? 12. What is CIDR? 13. You have the following Network ID: 192.115.103.64/27. What is the IP range for your network? 14. You have the following Network ID: 131.112.0.0. You need at least 500 hosts per network. How many networks can you create? What subnet mask will you use? 15. You need to view at network traffic. What will you use? Name a few tools 16. How do I know the path that a packet takes to the destination? 17. What does the ping 192.168.0.1 -l 1000 -n 100 command do? 18. What is DHCP? What are the benefits and drawbacks of using it? 19. Describe the steps taken by the client and DHCP server in order to obtain an IP address. 20. What is the DHCPNACK and when do I get one? Name 2 scenarios. 21. What ports are used by DHCP and the DHCP clients? 22. Describe the process of installing a DHCP server in an AD infrastructure. 23. What is DHCPINFORM? 24. Describe the integration between DHCP and DNS. 25. What options in DHCP do you regularly use for an MS network? 26. What are User Classes and Vendor Classes in DHCP? 27. How do I configure a client machine to use a specific User Class? 28. What is the BOOTP protocol used for, where might you find it in Windows network infrastructure? 29. DNS zones – describe the differences between the 4 types. 30. DNS record types – describe the most important ones. 31. Describe the process of working with an external domain name 32. Describe the importance of DNS to AD. 33. Describe a few methods of finding an MX record for a remote domain on the Internet. 34. What does "Disable Recursion" in DNS mean? 35. What could cause the Forwarders and Root Hints to be grayed out? 36. What is a "Single Label domain name" and what sort of issues can it cause? 37. What is the "inaddr.arpa" zone used for? 38. What are the requirements from DNS to support AD? 39. How do you manually create SRV records in DNS? 40. Name 3 benefits of using AD-integrated zones. 41. What are the benefits of using Windows 2003 DNS when using AD-integrated zones? 42. You installed a new AD domain and the new (and first) DC has not registered its SRV records in DNS. Name a few possible causes. 43. What are the benefits and scenarios of using Stub zones? 44. What are the benefits and scenarios of using Conditional Forwarding? 45. What are the differences between Windows Clustering, Network Load Balancing and Round Robin, and scenarios for each use? 46. How do I work with the Host name cache on a client computer? 47. How do I clear the DNS cache on the DNS server? 48. What is the 224.0.1.24 address used for? 49. What is WINS and when do we use it? 50. Can you have a Microsoft-based network without any WINS server on it? What are the "considerations" regarding not using WINS? 51. Describe the differences between WINS push and pull replications. 52. What is the difference between tombstoning a WINS record and simply deleting it? 53. Name the NetBIOS names you might expect from a Windows 2003 DC that is registered in WINS. 54. Describe the role of the routing table on a host and on a router. 55. What are routing protocols? Why do we need them? Name a few. 56. What are router interfaces? What types can they be? 57. In Windows 2003 routing, what are the interface filters? 58. What is NAT? 59. What is the real difference between NAT and PAT? 60. How do you configure NAT on Windows 2003? 61. How do you allow inbound traffic for specific hosts on Windows 2003 NAT? 62. What is VPN? What types of VPN does Windows 2000 and beyond work with natively? 63. What is IAS? In what scenarios do we use it? 64. What's the difference between Mixed mode and Native mode in AD when dealing with RRAS? 65. What is the "RAS and IAS" group in AD? 66. What are Conditions and Profile in RRAS Policies? 67. What types or authentication can a Windows 2003 based