Tuesday, February 27, 2007

Exchange and DST updates

Here are a few tidbits that may be helpful for those of you dealing with DST updates:

KB 930241: The Exchange 2003 database does not mount, and event IDs 9518 and 9519 are logged in the Application log (This appears to be the very latest version of STORE.EXE)
Blackberry OS updates - blackberry.com/dst2007
Blackberry Exchange 2007 compatibility - blackberry.com/go/exchange2007

Friday, February 23, 2007

E2K7 SP1 "official post"

Okay, I guess it is NOW official that the Exchange 2007 SP1 features can be discussed. Terry Myerson posted some information on the E2K7 SP1 release. First, it will probably be released in beta sometime around Arpil and be available sometime in the second half of 2007. Here are some improvements:
  • Standby Continuous Replication (SCR) is similar to cluster continuous replication (CCR) except that it replicates to a non-clustered server in a remote data center.
  • New mobility policies include enforcing encryption of main memory of mobile devies, specifying which applications can be run on a mobile device, disabling certain mobile device network interfaces (WiFi, Bluetooth, infrared), and ability to disable features on the device such as MMS, SMS, POP/IMAP, and cameras.
  • Outlook Web Access 2007 SP1 will include personal distribution lists, S/MIME, and rules editing, monthly calendar view, and deleted items recovery. Public folders are also supposed to be accessible via web services.
  • The Exchange Management Console will include public folder configuration, SendAs permission assignment, and POP3/IMAP4 configuration management.
  • IPv6 will be supported on Longhorn server.
  • The Move-Mailbox wizard will support moving data in and out of PST files. No word on whether it will be a >2GB capable PST or not.


Thursday, February 22, 2007

Daylight Savings Time debacle continues

Here is more from the ongoing saga of the Daylight Savings Time (DST) fix. In Microsoft's defense, they are not the only vendor out there whose customers are having a hard time.

Microsoft is now hosting daily technical chat sessions 10:00AM - 2:00PM (Pacific time) with Microsoft subject matter experts. To participate in a chat, visit the Chats page.

The technical chat schedule (live and on-demand) can be viewed here.

I am SO glad I live in Hawaii and am not as affected by this.

Network Connections service Starting and all network connections missing

I had a problem (of my own doing) last night that drove me crazy for a few hours. I was working on a problem on a Windows 2003 SP1 domain controller. After a reboot of a Windows 2003 server, the server was not connecting to the network. Also, the server took a long time to get past the "Applying Network Settings" screen. It seemed to be at least 5 minutes to get past the Applying Network Settings screen on startup.

Once the server was started, if I look in the Network Connections folder, there were not network adapters. The Network Connections service was hung on Starting. Lots of errors in the event viewer, but they were all because the network components were not started.

I went through Microsoft KB 825826: "How to troubleshoot missing network connections icons in Windows Server 2003 and in Windows XP", but had no luck.

This all started because I modified the Default Domain Controller Security policy. I had changed the "Impersonate a client after authentication" setting. It was originally set to Not Defined, but I changed it to just administrators. If you are going to explicitly set this value, it must include: Administrators, IIS_WPG, and SERVICE. Once I added these and rebooted again, everything was fine.

Wednesday, February 21, 2007

No more HP hardware!

I used to be a Compaq ASE and was a huge fan of their server hardware and workstations. I have a lot of friends at HP and they have some of the best messaging folks in the business. Recently I needed a 64-bit computer for Exchange Server 2007 so I bought a refurbished Presario. I did not even get it installed and running for almost 60 days (time constraints on my part). The CPU fan was WAY too noisy; I could not even keep it running in my office and still concentrate, so I finally took it in to Best Buy. A week later they informed me that the warranty period for refurbished equipment 90 days and that HP refused to service it. And my hardware was just a few days over the 90 day period. :-(

I was blown away that the warranty was just 90 days since Dell provides a 3-year warranty on refurbished equipment. This has peeved me off enough that I will never buy or recommend another piece of HP hardware.

Tuesday, February 20, 2007

Updates required for Exchange Server 2007

Getting an Windows 2003 server ready to support Exchange Server 2007 can be a bit time consuming since there are a number of updates that are not currently in the Microsoft or Windows Updates downloads. The E2K7 setup program is pretty good about letting you know what it needs, but here are a list of updates and software that should be installed prior to installing Exchange 2007:
  • .NET Framework 2.0
  • KB 907265: MMC 3.0 update is available for Windows Server 2003 and for Windows XP
  • KB 926139: Windows PowerShell v1.0 (remove any previous version that is installed)
  • KB 918980: FIX: The IRow::GetColumns function of the Exchange OLE DB provider...
  • KB 921181: File share witness feature and a configurable cluster heartbeats
  • KB 924441: A Windows Server 2003-based or Windows XP-based computer that is using an AMD PowerNow! driver stops responding
  • KB 928368: The Microsoft Exchange Information Store service stops responding on a computer that is running Windows Server 2003 and Exchange Server 2007
  • KB 898060: Installing security update MS05-019 or Windows Server 2003 Service Pack 1 may cause network connectivity between clients and servers to fail
  • KB 898790: Volume mount points on disks in a server cluster may intermittently become unavailable after you install Windows Server 2003 Service Pack 1
  • KB 919166: The address book function in Exchange 2007 is broken when an Exchange OWA client and a Windows Server 2003-based domain controller do not have the same locale setting
  • KB 904639: An access violation may occur when you try to run a 64-bit program that uses the interface remoting component of MDAC 2.8 on a computer that is running Windows Server 2003


Thursday, February 15, 2007

Nightmares and wascally wabbits

Normally, a picture of a rabbit might not give me bad dreams, but.... This "little" 17 pound bunny gives one reason to avoid the rabbit trails at night. He even has his own MySpace page.

Wednesday, February 14, 2007

Exchange 2007 Service Pack 1

I came across this on Josh Maher's blog. Danilo Bordini of Microsoft Brasil has posted some early plans for Exchange 2007 Service Pack 1. Keep in mind that these are "plans" and may not reflect reality.

- Text of post removed per Microsoft's request. If you have read the post previously, report to your nearest Microsoft office for reprogramming. :-) -


Monday, February 12, 2007

Exchange Connections Spring 2007 in Orlando

Exchange Connections Spring 2007 is coming. And very soon. April 1 - 5 in Orlando. I'm finally getting around to posting this (as I'm sitting here waiting on an E2K7 server to install in to a customer's network.) There are some great speakers lined up including Paul Robichaux, Tony Redmond, Kieran McCorry, Wendy Ferguson, Peter O'Dowd, Jurgen Hasslauer, Josh Maher, Devin Ganger, Kevin Miller, William Lefkovics, Lee Mackey, and more. I'll be there and am doing the following sessions:

EXC25: Exchange 2007: The First 100 Days
Follow the real-life implementation of an early adopter of Exchange 2007. This session will start with an overview of the organization’s Exchange 2000 architecture and some of their goals for an early implementation of Exchange 2007. The session will then cover the planning process, server consolidation factors, hardware requirements, existing software that integrates with Exchange, and meeting prerequisites. This session will also include many of the hurdles that this organization faced in completing their migration. [This will follow the progress, trials, and tribulations of two early adopters that deployed Exchange earlier this year.]

EXC27: Exchange 2003: Best Practices Day-to-Day
What should you be doing on a daily basis to keep your Exchange servers stable and running optimally? Topics in this session include the basic tasks that should be performed on every Exchange 2003 server and events to watch for in the event logs. What can you do to improve your Exchange operations, customize your operations, and tweak Exchange to meet the requirements of your organization? Also covered are some “worst” practices in Exchange management such as “over administering” the Exchange server and common configuration mistakes. [This is going to be a pretty busy session as it is combining my "day to day" session and my "tips and tricks" session.]

EXC26: Are You a Low-Hanging Fruit?
Hackers frequently target the simplest and easiest systems that they can exploit. If common exploits don’t work they usually move on. Is your Exchange system vulnerable to “low-hanging fruit” compromise? This session will start by covering simple things you can do with Exchange 2000/2003/2007 to ensure that you are not one of the low-hanging apples on the tree. After covering the basics, we will then cover additional security mechanisms that tools such as Microsoft ISA Server, Edge Transport services, and other tools can provide when implementing additional layers of security and message hygiene. [This session is a compressed version of a previous all-day session I used to do.]

Post Conference (April 5) workshop: Exchange 2007 for Exchange 2003 Administrators (9:00am - 4:00pm)
There has been a lot of hype and media attention surrounding Exchange 2007. The Exchange community has gotten their first look at Exchange 2007 in the summer of 2006. But what does the imminent release of Exchange 2007 mean to you as an Exchange 2003 administrator and your users? 64-bit hardware support, a revamped user interface through a new graphical user interface or Monad scripts, continuous replication, resource mailboxsupport, Edge services, improved mobile support, and unified messaging will all affect the way we manage our Exchange organizations and the services we provide to our user community. Topics in this workshop include:
• Determining a migration / upgrade path to Exchange 2007 from your current Exchange environment
• Implementing e-mail lifecycle management
• Implementing Outlook 2007 using the auto-discovery service
• Reviewing the new Exchange server roles
• Using new features for virus protection, spam reduction, and content filtering
• Using the new Exchange Management Console and Monad scriptlets
• Using local continuous replication to improve availability
• Implementing Exchange Edge services
• Reviewing new unified messaging features
• Taking advantage of resource mailboxes and the scheduling assistant

Exchange Server 2007 Road Show in the U.S.

The Windows IT Pro / Unified Messaging and Exchange Server 2007 road show is coming to a city near you. Me, too! Here is the schedule:

New York City - March 27 - (I'm giving the main session)
Atlanta - March 29 - (I'm giving keynote)
Denver - April 10 - (I'm giving keynote)
Chicago - April 12 - (I'm giving the main session)
San Francisco - April 17 - (I'm giving the main session)
Anaheim - April 19 - (I'm giving keynote)
Dallas - April 24
Boston - April 26

Registration is $99 in advance. You get a full day of technical content, lunch, a 12-month digital subscription to Windows IT Pro, a roadshow T-shirt, and more.

Granting permissions to mailboxes in Exchange 2007

An interesting topic came up in mailing list I am on. Administrator is trying ti fougre out how to give a user full access to another user's mailbox. This is done via the Exchange Management Shell. There is no Exchange Management Console interface for doing this. Here is the syntax if I want to give user Jim.McBee permission to the John.Galt mailbox.

Add-MailboxPermission John.Galt -User Jim.McBee -AccessRights FullAccess

You can also grant permission to open or access all of the mailboxes on an entire mailbox database. Let's day I want to give user Auditor permission to the Accounting Mailbox Database (assuming it is uniquely named), here is the syntax:

Add-ADPermission "Accounting Mailbox Database" -User Auditor -ExtendedRights Receive-As

Thanks to Microsoft's Ross Smith for this tidbit of information.


Sunday, February 11, 2007

New Exchange Documentation

Microsoft has released a series of documents on deploying Exchagne 2007 in different sized environments. Most organizations will fall in to the "Standard" or "Simple" categories.

Deploying a Standard Exchange Server 2007 Organization

Deploying a Simple Exchange Server 2007 Organization

Deploying a Large Exchange Server 2007 Organization

Deploying a Complex Exchange Server 2007 Organization


I can't believe it says that....

In the category of "I can't believe it says that", a friend sent me these. I got a really good laugh out of the first one:

This one, however, I had coffee coming out my nose.


Saturday, February 10, 2007

Mastering Exchange Server 2007 by Barry Gerber and Jim McBee - Coming soon

The manuscript is finally complete and the editors are working their magic. Mastering Exchange Server 2007 should be on bookshelves withing the next 2 months. I'll post more when it is available. This book should server as an introduction topic to Exchange Server 2007 for anyone that is both "new to product" as well as "new to version". The book is introductory level and covers the essential skills an administrator needs for getting ramped up on E2K7. It will not have more advanced topics that I covered in the 24seven or Advanced Administration book. However, I hope there will be a "Advanced Administration" book sometime around the E2K7 SP1 timeframe.

Exchange Daylight Savings Time fix

[My advice is still to wait another 2 weeks or so before applying this series of patches]
Okay, I am just as lost as you are. Microsoft is apparently not much farther behind the rest of us when it comes to being confused about this. The biggest and most painful change seems to be the switchover of times in a user's calendar. Microsoft has published a webcast that covers this topic. See KB 932046: "Support WebCast: The impact of daylight saving time on Microsoft Exchange Server and Microsoft Office Outlook" - http://support.microsoft.com/default.aspx/kb/932046

There is a new Windows hotfix that is also related to this: KB 931836 "February 2007 cumulative time zone update for Microsoft Windows operating systems" - http://support.microsoft.com/default.aspx/kb/931836

There is an updated version of the hot fix KB 930879: "How to address daylight saving time by using the Exchange Calendar Update Tool" which is the tool that updates the calendar entries. http://support.microsoft.com/?kbid=930879

Finally, Microsoft has provided a Virtual PC machine that includes the tools that perfom updates. I have not yet even seen this machine, but it is supposed to have everythign you need to run the Exchange Calendar Update Tool. The following is from someone on the Exchange Team at Microsoft:

The Virtual Machine for Microsoft Exchange Calendar Update Tool is now available on the Download Center at http://www.microsoft.com/downloads/details.aspx?FamilyId=03D4251D-370F-486D-BB2F-64FF14C546AD&displaylang=en. You can download this workgroup system, join it to your domain, and use it to run the Exchange Calendar Update Tool.

If you can, please help spread the word about this downloadable machine, as we built is specifically for customers to use to run the Exchange tool. Some larger customers will require several clients in order to perform a timely update. For example, in a recent MSIT pilot, we determined that it would take us about 10 clients running 24x7 for 3.1 days to update our 130,000 mailboxes. This worked out to about 2.9 mailboxes per minute. So the idea with the VHD is to download it once, copy it as many times as you need on your network, and run them concurrently to perform the updates.

Friday, February 09, 2007

Ironport and the RSA conference

I was in Los Angeles for a few days this past week visiting a customer and figured I would make a quick jaunt up to San Francisco for the RSA Conference. I spent most of Wednesday talking to vendors. I spent about 30 minutes in the Ironport (recently acquired by Cisco) and was really impressed with their technology. One of my customers just purchased an Ironport appliance and is quite pleased with it.

While I was in the Ironport booth, I got a really good industry report called "Internet Security Trends for 2007: A Report On Spam, Viruses, and Spyware." This is a good summary of the current state of "malware" and why some of this garbage is once again getting past your filters. You can download the report from Iron Port's Resources page, look under the Industry Reports section.

Thursday, February 08, 2007

Fight spam with "no listing"

Usually, when you create MX records for your organization, the lowest MX record points to the server that always accepts mail for your organization and the higher ones are the backups. If your primary fails, SMTP clients roll over to a secondary.

I recently read about a concept called "no listing or nolisting" and thought it was blogworthy. You create the lowest MX record and have it point to nothing, then the second highest points to a valid SMTP server. The premise is that spam 'bots and zombies are not smart enough to try the secondary MX records and thus they skip your domain.

I have not tried this yet, but it sounds like an interesting concept. You can read more about this here: "Nolisting: Poor Man's Greylisting"


Sunday, February 04, 2007

32-bit management tools for Exchange 2007

There is a 32-bit version of the Exchange 2007 Management Tools that includes the Exchange Management Console (EMC), the Exchagne Management Shell (EMS) extensions for the Windows PowerShell, the help files, the Exchange Best Practices Analyzer (ExBPA), and the Exchange Troubleshooting Assistant (ExTRA) which handles things like message tracking, database recovery, and mail flow troubleshooting. All in all, the download is almost 700MB!

These tools require the MMC 3.0, the .NET Framework 2.0, and the Windows PowerShell. If you don't have them, the installer will prompt you to install them. I recommend making sure the computer you are installing these on is completely up-to-date using Microsoft Update.

These tools will run on Windows XP Pro 32-bit edition. As far as I know, they do NOT run on Vista.

Saturday, February 03, 2007

Cleaning up Exchange 2000/2003 administrative groups - Do not delete the admin group that holds the public folders

For you early adopters out there that are migrating to Exchange Server 2007. When you get your last Exchange 2000/2003 server removed from your organization, you can remove the last routing groups and you can remove some of the administrative groups that held Exchange 2000/2003 servers. But do not, under any circumstances, remove the administrative group that hold the link to the public folder hierarchy. This is usually the First Administrative Group.

If you remove the administrative group that holds the public folder hierarchy, public folders will stop working for all clients. And you will spend several hours on the phone with Microsoft PSS trying to get this fixed.

Microsoft Daylight Savings Time (DST) fix - Avoid it for now

Never mind that the U.S. government once again has messed with the space-time continuum by changing when daylight savings time starts and stops (I guess creating daylight savings time in the first place is already messing with temporal mechanics.) Never mind that every device that keeps track of the date and time must be updated. Now, the vendor's of those devices must create fixes. Microsoft has a fix for his. Apparently the Exchange server fix for daylight savings time (DST) is generating quite whole slew of problems. Principally amoung them is that mailbox databases won't mount. Supposedly the problems are under investigation. Hopefully there will be an update for the fix or updated procedures.

My advice is to avoid the DST fix for a few more weeks.

Friday, February 02, 2007

Molly Ivins, you will be sorely missed

Molly Ivins was one of the rare newspaper columists that could inject humor, subtly, innuendo, or sly turn of phrase in to her writing. Or should could hit you over the head with something outrageously funny. I have found her to be one of the most quotable columnists in the U.S. papers. She was a good ol' girl from Texas with a master's degree from Columbia University. She died this week after "a scorching case of cancer". She was one of the most quotable figures in U.S. journalism. I wanted to share of a few of my favorite Molly Ivins quotes.

As as a writer with the New York Times, she found herself in hot water for describing an annual chicken slaughter contest in New Mexico as a "gang pluck."

She said of one congressman, "If his I.Q. slips any lower, we'll have to water him twice a day."

After Patrick Buchanan made his infamous "cultural war" at the 1992 Rupublican National Convention, speech, she said his speech "probably sounded better in the original German."

One year, when the Texas legislature was about to convene, she reported "Every village is about to lose its idiot."

On herself studying at a private school, "I spent my girlhood as a Clydesdale among thoroughbreds."

On George H. W. Bush (Bush the First) she said "Real Texans do not use the word 'summer' as a verb."

On George W. Bush, whom she knew since high school, she called him "Shrub" and "Dubya" and when on to co-author Shrub: The Short But Happy Political Life of George W. Bush (2000) and Bushwhacked (2003).

On the New York Times, she felt that the Times drained the life from her prose. "I was miserable, at five times my previous salary. The New York Times is a great newspaper; it is also no fun." She often showed up for work in blue jeans, barefoot, and with her dog. Her writing was often fueled by "truly impressive amounts of beer."

On Dallas, "the kind of town that would have rooted for Goliath to beat David."

On the civil rights, the ACLU, and Bill O'Reilly, "I know that sludge-for-brains like Bill O'Reilly attack the ACLU for being 'un-American,' but when Bill O'Reilly's constitutional rights are violated, the ACLU will stand up for him just like they did for Oliver North, Communists, the KKK, atheists, movement conservatives and everyone else they've defended over the years. The premise is easily understood: If the government can take away one person's rights, it can take away everyone's."

After the 2006 elections gave the Republicans a pretty serious series of defeats, Washington was abuzz with the spirit of bipartisanship, she wrote: "The sheer pleasure of getting lessons in etiquette from Karl Rove and the right-wing media passeth all understanding. Ever since 1994, the Republican Party has gone after Democrats with the frenzy of a foaming mad dog. There was the impeachment of Bill Clinton, not to mention the trashing of both Clinton and his wife--accused of everything from selling drugs to murder--all orchestrated by that paragon of manners, Tom DeLay.... So after 12 years of tolerating lying, cheating and corruption, the press is prepared to lecture Democrats on how to behave with bipartisan manners. Given Bush's record with the truth, this bipartisanship sounds like a bad idea on its face. These people are not only dishonest--they're not even smart."

Even on her own "scorching case of cancer", she found her sense of humor. "First the mutilate you; then they poison you; then they burn you. I have been on blind dates better than that."


Thursday, February 01, 2007

Exchange 2007 and Virtual Server support

This is from a larger post on Scott Schnoll's blog. A lot of people are asking about Exchange 2007 and virtualization support. Right now, it is not supported. Here is Scott's posting on that topic:

Exchange 2007 and Virtualization
Speaking of virtual environments and production environments be aware that it will be quite some time before Exchange 2007 is supported in production in a virtual environment. Virtual server support for Exchange Server 2007 is only supported in production using the 64-bit version, and neither Microsoft Virtual Server nor Microsoft Virtual PC support 64-bit guest systems. Our first 64-bit guest support will come with Hypervisor, which is coming for Longhorn within 180 days of Longhorn's release (note that is within 180 days, meaning, it could ship the same day as Longhorn, or it could ship 180 days after Longhorn ships). Exchange 2007 does not yet support Longhorn server (nor does it support Longhorn directory servers, so AD sites with Longhorn directory servers need to be isolated from AD sites that include Exchange 2007 servers). Support for Longhorn will arrive in a service pack (most likely SP1) for Exchange 2007. In summary, there won't be virtualization support for Exchange 2007 in production for some time.