Monday, August 30, 2004

TechNet Magazine subscription

CMP is offering free subscriptions to TechNet Magazine. Just fill out an online form.

Saturday, August 28, 2004

Do I need more than 4GB of RAM in Exchange servers?

In response to a recent post about the /3GB switch and an inquiry from my project leader, Clayton, I thought this would be a good blog topic.

Do you need more than 4GB of RAM in your Exchange servers? No, no, no, no. Never. (Well, in no Exchange situation that I can think of). The Exchange STORE.EXE is the biggest use of physical memory, but I have never seen it allocate more than 2GB of RAM. The system attendant (MAD.EXE) and IIS (INETSRV.EXE) both like lots of RAM, but I have never seen this allocate more than a few hundred MB. So, there is never a reason for more than 4GB of physical RAM in an Exchange server.

Save your money. Buy my book or something instead. Or just send cash! :-) (I'm kidding here for those of you that take everything so seriously!)

Friday, August 27, 2004

Much ado about the /3GB switch

Do you need to put the /3GB switch on to your Exchagne server? Most definitely if you have more than 1GB of physical memory. Don't forget the /USERVA=3030 switch, too. This works on all Windows 2003 servers (well, Server, Enterprise Server, and Datacenter). The /3GB switch works on all Windows 2000 Advanced Server and Datacenter servers, but not standard edition.

Here is an example of one of mine.

boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Enterprise" /fastdetect /3GB /USERVA=3030


Evan Dodds explains this really well in his blog.
The Exchange team also has some indepth information and links on this courtesy of Nino Bilic

Tuesday, August 24, 2004

How do I create a 'catch-all' mailbox?

Frequently, I am asked if it is possible to create a catch-all mailbox. Or create a mailbox for any unresolved recipients. For example, if I own the somorita.com domain, but anything that does not come in to a 'known' recipient should be directed to the unknown@somorita.com mailbox. Well, you CAN do this with an NDR mailbox by configuring the Exchange 2000 or Exchange 2003 SMTP virtual server with the SMTP address of the mailbox to deliver unknown recipient's mail messages.

However, this still generates an NDR back to the sender.

Microsoft KB 324021: How to create a "catchall" mailbox sink for Exchange 2000 discusses how to do this for Exchange 2000, but it creates a single mailbox for the entire domain. Known addresses and unknown addresses.

However, one of the slickest, and most reasonable add-on products I have seen for Exchange 2000 or 2003 is called MailBasketMD from TurboGeeks. Save yourself some time and programming headaches and pick up this product. You will be glad you did. It is very configurable and you can configure different mailboxes for different domains. So, if I owned (which I don't) @mcbee.com, then I could direct all mail for that domain to my mailbox except for the known addresses.


Sunday, August 22, 2004

Ebook: Email Management and Security by Kevin Beaver

If you have not yet bought my book (Exchange 2003 24seven) and Paul Robichaux's book (Exchange 2003 Security), then ignore this blog entry. Just kidding.

Realtimepublishers.com has published a new Email Management and Security book by Kevin Beaver. You can read this for free when you sign up.

Actually, this ebook is not even Microsoft specific, but it contains some really good information that all e-mail managers should know. Here is a chapter breakdown.

Ch 1: A Look at Corporate E-Mail Concerns
Ch 2: Fighting Malicious Code
Ch 3: Understanding and Preventing Spam
Ch 4: E-Mail Content Filtering
Ch 5: E-Mail Security In-Depth
Ch 5: Managing E-Mail Effectively

Saturday, August 21, 2004

IMF does not work when server names are long

I installed the new Microsoft Intelligent Message Filter (IMF) for Microsoft Exchange 2003 SP1 on two of my biggest customer's bridgehead servers. Anxiously, I added the IMF's perfmon counters so I could get an idea of how much spam was coming in and how I could best tune the IMF.

For a couple of days, all the counters remained at 0. In the middle of a number of more pressing fires burning, I dropped it for a few weeks. I was pretty disappointed because this particular customer's servers are spam magnets! I happen to mention it to some fellow MVPs and Mark Fugatt told me that this was a recently discovered issue with IMF. But only if you have server names 15 characters or longer. Yep, you got it! My customer, in ther desire for global standardization, have 15 character server names.

A hotfix has been released and it seems to be working great. I'm now trying to work out that "sweet spot" where I can comfortably Archive or Delete spam.

Thanks Mark!

SMTP error when sending to disabled mailbox on Sun One mail server

One of the truly most obscure errors I have came across recently is in an Exchange 2003 deployment for the U.S. Army. The Army sends most of their mail through a centralized system called AKO; this allows all Army active duty personnel and civilians to have a single address regardless of where they are currently serving.

A user (a user with a couple of stars on his lapel) reported this NDR): (I have removed the real SMTP addresses for privacy sake).

Final-Recipient: rfc822;xyzzy.zyzz@us.army.mil
Action: failed
Status: 2.1.5
Diagnostic-Code: smtp;250 2.1.5 xyzzy.zyzz@us.army.mil and options OK.

Final-Recipient: rfc822;abc.asdfas@us.army.mil
Action: failed
Status: 2.1.5
Diagnostic-Code: smtp;250 2.1.5 abc.asdfas@us.army.mil and options OK.

Final-Recipient: rfc822;jsksfa.dlkadf@us.army.mil
Action: failed
Status: 2.1.5
Diagnostic-Code: smtp;250 2.1.5 jsksfa.dlkadf@us.army.mil and options OK.

Upon further investigation this in the SMTP protocol log on the Exchange 2003 bridgehead server:

04:44:54 143.69.243.33 RCPT - TO:+NOTIFY=FAILURE,DELAY
004:44:54 143.69.243.33 RCPT - TO:@us.army.mil>+NOTIFY=FAILURE,DELAY
004:44:54 143.69.243.33 RCPT - TO:@us.army.mil>+NOTIFY=FAILURE,DELAY
004:44:54 143.69.243.33 RCPT - TO:+NOTIFY=FAILURE,DELAY
004:44:54 143.69.243.33 RCPT - TO:@us.army.mil>+NOTIFY=FAILURE,DELAY
004:44:54 143.69.243.33 RCPT - TO:@us.army.mil>+NOTIFY=FAILURE,DELAY
004:44:54 143.69.243.33 RCPT - TO:@us.army.mil>+NOTIFY=FAILURE,DELAY
004:44:54 143.69.243.33 - - mailto:250+2.1.5+xyzzyy.zxcvas@us.army.mil+and+options+OK.
004:44:54 143.69.243.33 - - mailto:250+2.1.5+xyzzyy.zxcvas@us.army.mil+and+options+OK.
004:44:54 143.69.243.33 - - mailto:250+2.1.5+xyzzyy.zxcvas@us.army.mil+and+options+OK.
004:44:54 143.69.243.33 - - mailto:250+2.1.5+xyzzyy.zxcvas@us.army.mil+and+options+OK.
004:44:54 143.69.243.33 - - 452+4.2.1+Mailbox+temporarily+disabled:+xyzzyy.zxcvas@us.army.mil
004:44:54 143.69.243.33 - - mailto:250+2.1.5+xyzzyy.zxcvas@us.army.mil+and+options+OK.
004:44:54 143.69.243.33 - - mailto:250+2.1.5+xyzzyy.zxcvas@us.army.mil+and+options+OK.
004:44:54 143.69.243.33 - - 250+2.1.5+xyzzyy.zxcvas@us.army.mil+and+options+OK.


Basically, the Sun One mail server spit back a 452 4.2.1 Mailbox temporarily disabled message for only ONE mailbox. The rest of the messages were all delivered normally, but the VIP received an NDR for everyone AFTER the undeliverable recipient.

Apparently, similar problems exist in this situation for Exchange 5.5 and 2000. Microsoft has a hotfix you can now get from PSS that addresses this issue, but it was a pain to track down.

Friday, August 20, 2004

Exchange 2000 SP3 July Rollup fix

Microsoft has released the July 2004 rollup fix for Exchange 2000 SP3. More information is available on the Exchange team's blog.

Tuesday, August 17, 2004

Exchange 2003 OWA XBox Theme

Crazy about the XBox? The Exchange team has created a new "XBox" theme for OWA. See the Exchange Team's blog (You had me at EHLO) for more information.

Everyone else was mentioning this, so, I figured I would just follow the herd. I'm really more of an Outlook 2003 person. But, this means that I have to carry around a notebook all the time.

- Jim

ADModify.NET tool rocks!

I have seen this blogged and in newsgroups for over a year, but had not really played with it until recently. The hellomate.typepad.com blog by Meirick, Hobson & Lefkovics has had this blogged for quite some time (those guys rock, too!)

Anyway, Microsoft's PSS group has created a tool called ADModify.NET (formerly just ADModify) that is awesome. You can make a lot of bulk changes to the Active Directory from a nice GUI interface without having to learn how to use LDIFDE or ADSIEdit. I am totally impressed with this utility; it has made my life a lot easier several times. I am particularly happy with the ability to use it to REMOVE extra SMTP addresses, such as addresses that were used during a migration.

The latest version of ADModify.NET is 2.0.1.37645. It includes not only the bulk change abilities, but the ability to 'undo' changes since all changes are logged to an XML file prior to being made. You can also import mailbox rights for Exchange 2000/2003 mailboxes.

You can download this tool from Microsoft's FTP site.

Use this utility with caution. With great power comes great responsibility.


Thursday, August 12, 2004

The Exchange Server 2003 Technical Reference Guide

This has been popping up in everyone's blogs. I hate to be left out.

Microsoft has just published the Exchange 2003 Technical Reference Guide. If you want to know the technical nitty gritty of Exchange, this 480 page document is for you!

I only wish I had had this guide when I wrote my Exchange Server 2003 24seven book! It would have made finding some of these super technical details a lot easier.

Wednesday, August 11, 2004

Free sample chapter: Understanding Exchange 2003 Data Storage

Sybex has posted a free sample chapter from my Microsoft Exchange Server 2003 24seven book. Chapter 4 is Understanding Exchange 2003 Data Storage. This chapter gives you information on storage usage, the database engine, restrictions, and looking at the internals of the database (of course, I did not get in to too much detail in this one.)

The chapter is in PDF format.

Help when in need: Calling Microsoft PSS

*Taken from Chapter 5 of Exchange Server 2003 24seven by Jim McBee
Microsoft Product Support Services (PSS) is Microsoft’s technical support organization. Their
home page is http://support.microsoft.com. Professional support options range from peer-to-peer support to telephone support. Telephone support is currently US$245 per incident; while this may seem expensive, believe me, when an Exchange server is down and the users are burning you in effigy in the company parking lot, $245 is cheap.
When you call and get a support technician on the phone, don’t be surprised or offended if they start at the beginning and ask you a lot of elementary questions. They have to double-check everything you have done before they can look into more advanced problems. Once or twice, one of these basic questions has helped me locate a problem that I was convinced was more complicated than it really was.

I always encourage people to call PSS if they truly need assistance. PSS engineers are not mind-readers, nor do they know every bit of Exchange code. You will do both yourself and the PSS engineer a big favor if you have all of your ducks in a row before you call. The following is a list of things that you should have or should have done before you call:
  • Attempt a graceful shutdown and restart of the server in question, if applicable.
  • Perform a complete online backup if possible; if not, do a complete offline backup.
  • Have a complete, documented history of everything you have done to solve the problem. At the first sign of trouble, you should start keeping a chronological log of the things you did to fix the problem.
  • Be at a telephone physically at the server’s console or be in a place where you can access the server remotely via the Remote Desktop Client. Your support call will be very brief if you cannot immediately begin checking things for the PSS engineer.
  • Have the usernames and passwords that will provide you the right level of administrative access. If you don’t have those, have someone nearby who can log you in.
  • Save copies of the System and Application event logs. Be prepared to send these to PSS if requested. Don't ever purge your event logs when you are having a problem. If you need to, save copies first.
  • Know the location of your most recent backup and how to access it when needed.
  • Keep copies of all error messages. Don’t paraphrase the message. Screen captures work great in this case. Pressing Alt+Print Scrn and pasting into a WordPad document works great, too. I usually create a document with screen captures along with notes of what I was doing when I saw each message.
  • Be patient; telephone support is a terribly difficult job. A little kindness and patience on your part will most certainly be returned by the PSS engineer.

You may also be asked to run Microsoft's Configuration Capture Utility reports. Depending on the report, it will take a snapshot of your system's configuration and zip the files up in to a ZIP file. These files will help your PSS support engineer learn more about your configuration without having to ask a lot of questions. See Microsoft KB article 818742 Overview of the Microsoft Configuration Capture Utility (MPS_REPORTS)

Tuesday, August 10, 2004

Outlook Web Access does not open some messages

Outlook Web Access may have problems opening some messages. The commonality is usually that the message has a period at the end of the subject line, but it may also have other special characters in the subject line.

This problem is probably because the URLScan.DLL has been installed on the IIS Server. The URLSCAN.DLL feature was designed to help prevent directory traversal by a hostile intruder. Character sequences that are blocked include two periods ("..").

For more information on URL Scan, see KB 823175: Fine-tuning and known issues when you use the Urlscan utility in an Exchange 2003 environment If you have installed the IIS Lockdown tool on an Exchange 2000 / Windows 2000 server, then URLScan gets installed automatically.

You can allow certain URL sequences by editing the \%windir%\system32\inetsrv\urlscan\urlscan.ini file. Below is an example of the section of


[DenyUrlSequences]
.. ; Do not permit directory traversals.
./ ; Do not permit trailing dot on a directory name.
\ ; Do not permit backslashes in URL.
% ; Do not permit escaping after normalization.
& ; Do not permit multiple Common Gateway Interface processes to run on a single request.

You can comment out the character sequences that you want to allow. In order for a message with a period at the end of subject line to be opened, you must comment out the ".." line.


Monday, August 09, 2004

Trial iSCSI software

iSCSI (IP SCSI) is all the rage with storage types now. StarWind working as server allows you to
share CD/DVD burners over the network and use your favorite CD/DVD burning application (we hope it's our Grab & Burn) to burn CD/DVD remotely, share tape drives over the network and use your favorite tape backup application (we hope it's our StarTape) to backup to tape drive remotely share hard disk drives over the network for fast storing large amounts of data (replication) at block-level rather then doing this at file-level backup whole server storage subsystem over the network w/o putting machine down work with the virtual volumes, dynamic volume snapshots, incremental backups create extremely fast RAM disk drives for temporary data storing mount standard ISO and MDS images into created Virtual DVD drives.

This software package combined with StarPort working as a client allows you to share CD/DVD burners over the network and use your favorite CD/DVD burning application (we hope it's our Grab & Burn) to burn CD/DVD remotely share tape drives over the network and use your favorite tape backup application (we hope it's our StarTape) to backup to tape drive remotely
share hard disk drives over the network for fast storing large amounts of data (replication) at block-level rather then doing this at file-level backup whole server storage subsystem over the network w/o putting machine down work with the virtual volumes, dynamic volume snapshots, incremental backups create extremely fast RAM disk drives for temporary data storing mount standard ISO and MDS images into created Virtual DVD drives.

Thanks to Rod Fournier for the tip.

Sunday, August 08, 2004

Exchange Server and the -1018 error

One of the most dreaded things an Exchange administrator can ever see is an error in the event log that includes the description -1018 JET_errReadVerify Failure. The -1018 code indicates that either the checksum in a database page does not match with the checksum the ESE database engine calculates when it reads the page. Or the page pointer points to a page that contains now data.

This error normally shows up in the Application event log when a user opens a message or attachment that is stored on the page in question or during the nightly backup.

The usual solution is to restore the database from backup. However, if a -1018 error occurs once, it will probably re-occur at some point in the future. These problems are usually related to the disk, SCSI adapter, device driver, or firmware. Start by updating the SCSI device driver and the firmware on the SCSI adapter.

To learn more about -1018 errors, see the following KB article:
KB 314917: Understanding and analyzing -1018, -1019, and -1022 Exchange database errors

Microsoft engineer Mike Lee recorded a great support webcast last year that is also helpful: Microsoft Exchange: Understanding and Resolving Error -1018