Sunday, May 28, 2006

Error: 7515 - Intelligent Message Filter attempted to filter a message with ID... error code is 0x800710f0

I see Event Id 7515 from the MSExchangeTransport pop up in the event logs of servers on which the Exchange 2003 SP2 Intelligent Message Filter (IMF) is enabled. This is because, by design, the IMF does not filter messages larger than 3MB. Heaven help us if spammers start sending messages. We know spammers are going to hell, but if they start sending spam larger than 3MB, they are going to burn in a very special level of hell. A level they reserve for child molesters and people who talk at the theater. But, I digress....

Microsoft has released a KB that explains this, see KB 907691: "Intelligent Message Filtering in Exchange Server 2003 does not scan messages that are larger than 3 MB". Though this shows up as an "error", it is really a "feature". Here is the error, in case you are interested:

Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7515
Date: 5/27/2006
Time: 4:18:26 AM
User: N/A
Computer: HNLEX01
Description:An error occurred while Microsoft Exchange Intelligent Message Filter attempted to filter a message with ID <000d01c68197$db290060$030ba8c0@tambdymiemz3i9>, P1 From smtp:cheyne@somorita.com and Subject Re: photos. This message will not be filtered. The error code is 0x800710f0.

Saturday, May 27, 2006

Intelligent Message Filter configuration "typo"


I have been using the IMF more and more lately. I use it in some organizations as the only spam-protection system and in others I use it to supplement other anti-spam systems (I'm going to write an article or a blog entry on this sometime soon). It is reasonably good and it is FREE. :-)

However, there is one issue that Exchange admins that use it should be aware of.

On the Store Junk E-mail Configuration section, the threshold text says "Move messages with an SCL rating greater than or equal to:" This is actually a typo and it should not include the "or equal to:". It should say "Move messages with an SCL rating greater than:" So, if you want all messages with an SCL of 5 or higher to be put in the Junk E-mail folder, you need to set the Store Junk E-mail Configuration setting to "4".

Exchange and Office 2007 Roadshow

Microsoft and Windows IT Pro are sponsoring the Exchange & Office 2007 Roadshow. I'll be presenting at the Johannesburg and Munich events. I'll be presenting these with Paul Robichaux, Devin Ganger, and Glenn Fincher. Here is the description from the Windows IT Pro web site:

Get the facts about deploying Exchange & Office 2007 in one information-packed day. Independent Exchange and Office experts will present practical, real-world information in three tracks -- Exchange 12 for the IT Pro, Delivering Better Inbox Value, and The Business Value of Office 2007. Each presentation will end with a question-and-answer session. You'll come away from the Get Ready for Exchange & Office 2007 Roadshow with a clear understanding of how to implement a best-practices migration to Exchange Server 2007, how to use Exchange Server 2007's new capabilities to improve your messaging environment, and how you and your end users can get the most out of Office 2007.

Thursday, May 25, 2006

Cheap SSL certs or running with the big dogs?

Okay, I'm cheap, I admit it. I always search for the lowest airfares, buy my gas at Costco (about $55 per week a this point!), use Froogle like crazy, turn the ketchup bottle upside down to get as much out as possible, and I buy SSL certs from www.godaddy.com or www.instantssl.com when setting up OWA server.

I recently saw a downside to this. Usually, there is no "liability" issues associated with setting up an OWA server. At least, not liability like there is setting up an e-commerce site. So, the big dog's SSL certs such as VeriSign or Thawte (which come with a certain amount of liability protection), are not necessary.

Several of my customers that have just migrated to Exchange 2003 used www.godaddy.com for the SSL certs. Now, they want Windows Mobile and ActiveSync support. The problem is that the root CA that GoDaddy uses is NOT trusted by the Windows Mobile devices. When you try to configure ActiveSync, you get errors like INTERNET_45 or INTERNET_55 on the mobile device. (I just blogged this a few months ago).

So, you have to install your root CA's certificates on the mobile device. Interested? Here is more information:

So, the other thing I have to admit is, that I'm lazy. If I really don't want to have 100 Windows Mobile users bring their devices in to IT so that I can install my cheapie CA's cert on each device.

The Moral of the Story?
I'm getting there! So, the moral of the story is, when you get ready to purchase OWA certs, ask yourself if you are going to be supporting Windows Mobile devices. If so, is it still going to be cheaper to purchase the cheaper than manually installing a bunch of certs. Irate and / or inconvenienced users and IT resources do have a cost.

Wednesday, May 24, 2006

Windows 2003 Domain Rename and Exchange error

I have been working with a company that wants to rename their forest root domain (for political reasons). We have gone through the planning, made sure that everything meets the prerequisites. Forest and domains are in Windows 2003 functional level, E2K3 server is E2K3 SP2, I have the necessary rights, all the DC's are healthy and available on the network, yet when I ran the rendom.exe /upload I got this message:

C:\DomainRename>rendom /upload
Found Exchange Server(s) in the forest.Domain rename is supported only if Exchange server version is Exchange 2003 SP1 and above.
: The server is unwilling to process the request. :8245

I posted questions on newsgroups and used up some techie karma asking everyone I knew that might know the solution. I searched high, I searched low and everything pointed to the forest or a domain not being in Windows 2003 functional level. The problem was, in all my searches, I was including the code 8245 in the search.

Finally, today I called PSS. The second technician I talked to said, have you seen KB 891370: "You receive an error message when Rendom.exe changes the DNS or NetBIOS name of a domain in Windows Server 2003"

The problem is there were a couple of Exchange system policies that did not have a versionNumber attribute. Once I corrected this, rendom.exe /upload ran fine. Hopefully this has corrected the problem. It is just embarassing that I did not come across this on my own. Too bad the KB article does not include the whole error.

If you are planning a domain rename, read the documentation thoroughly and get the latest version from Microsoft's web site. Renaming a domain is not a trivial operation.

Tuesday, May 23, 2006

Dell to start using AMD chips

I attended a presentation recently that was given by an AMD techie. He talked about transistors, power consumption, and heat output until I was about to pass out, but he summed it up really nicely in saying that servers with AMD Opteron chips use less power and put out less heat. That really hit home for me since one of my current customer's is currently maxed out (with respect to power and A/C) in their data center.

Of course, this customer has a about 4 dozen racks full of Dell servers and Dell does not use the AMD chip set. Finally, though, Dell has changed their mind and will start building servers with the AMD Opteron chip set. I'm looking forward to playing with some AMD 64-bit servers. See the article Dell Moves Toward AMD Chips Amid Earnings Drop.

Saturday, May 20, 2006

Exchange 2003 Advanced Administration

Finally, the 2nd edition of Exchange 2003 24seven is now on the shelves and available from Amazon. The name has been changed, though, to Microsoft Exchange 2003 Advanced Administration. If you have the first edition, not much has changed.

Friday, May 19, 2006

Microsoft releases new SmartPhone emulator


Microsoft has released the newest SmartPhone / Windows Mobile emulator tool. In the past, you had to run the SmartPhone / Windows Mobile / PocketPC emulators in Visual Studio. However, they have now released a standalone device emulator. It is pretty slick and includes the Windows Mobile 5 MSFP emulator for the SmartPhone. Now you can test SmartPhone applications and learn more about ActiveSync without having to actually have a SmartPhone and a data plan.

This text from Microsoft's site:
The Microsoft Device Emulator 1.0 is a standalone version of the same ARM based Device Emulator that ships as part of Visual Studio 2005. The standalone emulator is intended for situations when you want to demonstrate or test your application on a computer that does not have Visual Studio 2005 installed. In addition, we are offering the Windows Mobile 5.0 MSFP operating system images that you can use with the Device Emulator.

When you download it, make sure you download both the V1Emulator.zip (install this first) and the efp.msi.

Thursday, May 18, 2006

Exchange fix breaks Blackberry and Goodlink clients

Microsoft has released a new security for Exchange 2003. This update is the KB 895949: "Send As" permissions behavior change in Exchange 2003" fix. I have kind of ignored this fix for the past few weeks, but had to get on top of it when it was about to effect one of my customers.

By default, the “Send As” permission has been implicitly included in the “Full Mailbox Access” permission. If a group was delegated Full Control permissions to the organization or an administrative group (without blocking the "Send As" and "Receive As" permissions) then the group members would get full mailbox access. This is necessary for service accounts for client-proxy servers such as the RIM Blackberry server and the Goodlink server (for allowing Treo users access to Exchange mailboxes.)

There are only 3 exceptions to the change in this behavior:
  • The owner of the mailbox
  • The associated external account for a mailbox
  • A delegate of the mailbox owner
Once the fix is applied, the BlackBerry Enterprise Server will see errors in its event logs such as these:
[40700] (12/13 15:38:10):{0xFF0} {} Receiving packet from device, size=111, TransactionId=-2099843783, Tag=147, content type=CMIME, cmd=0x3[30112] (12/13 15:38:10):{0xFF0} {} Receiving message from device, RefId=1607656887, Tag=147, TransactionId=-2099843783[20265] (12/13 15:38:10):{0xFF0} {} MAPIMailbox::Send(ppMAPIMessage) - SubmitMessage (0x80070005) failed[20265] (12/13 15:38:10):{0xFF0} {} MAPIMailbox::Send(ppMAPIMessage) - SubmitMessage (0x80070005) failed[20000] (12/13 15:38:10):{0xFF0} {} Send() failed: SUCCESS, Tag=147[40277] (12/13 15:38:10):{0xFF0} {} Sending message error to device for message 1607656887[40583] (12/13 15:38:10):{0xFF0} {} Sending packet to device, Size=46, Tag=222, TransactionId=-1012978472

You need to delegate the Blackberry or Goodlink service account the Send As permissions to the necessary mailbox, OU, or entire domain, in Active Directory. See Microsoft KB 912918: Users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003 for information on how to do this for a single mailbox or an entire domain.

Thanks to Steve Head for reminding me that there is another article that also discusses this vulnerability and on which platforms it may cause problems. See KB 916803: Vulnerability in Microsoft Exchange Server could allow remote code execution.