Google
Search WWW Search msexchangetips.blogspot.com

Thursday, August 31, 2006

Blackberry: Optimizing Blackberry For Enterprise Class Environments

Summary:

Blackberry has become a very popular application providing mobile messaging services. In this article, I will go over how to design and optimize your Blackberry environment in conjunction with Exchange.

Blackberry is a very time sensitive application. Each second of latency from your BES (Blackberry Enterprise Server) to your Exchange server has an exponential affect in delivery times for messages. Therefore it is critical that your BES server and Exchange server are in close proximity (LAN) with ping response times of less than 35ms. In BES environments, the following holds true, "One bad apple ruins the bunch." What this means is that if your BES server communicates with multiple Exchange servers and one of those Exchange servers is on a high latency link above 35ms, then everyone suffers the latency affect. Therefore; follow the best practices below.

1. Configure your BES servers to communicate with the fewest number of Exchange servers as possible. For example, if you have 3 BES servers and 3 Exchange servers, configure BES1 to only host users on EX1, BES2 to EX2 and BES3 to EX3, rather than a full mesh environment.

2. What about if you hosts many Exchange servers which are geographically dispersed? Ideally you want to host your BES server in the same LAN as the Exchange server it hosts. However, if your organization hosts all it's BES servers in one location say HQ, and has Exchange servers geographically dispersed, design your BES according to the following:

Classify your Exchange servers in 3 tiers based on ping times from the BES servers. Classify your low latency Exchange servers <35ms in tier1, >35 to <60ms tier2, >60ms tier3. Now you want to follow the "One bad apple ruins the bunch" approach. Therefore, have one of your BES only hosts tier1 Exchange servers, another BES only host tier2 Exchange servers and another BES host tier3 users.

Depending on the size of your environment, number of BES servers and Exchange servers, you can classify the tiers anyway that suits your environment as long as you follow the "One bad apple ruins the bunch" approach.



James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: How To View All Registered Event Sinks

Summary:

In this article, I will go over how to view all registered event sinks within Exchange. Event sinks are basically a sub-routine that is fired at specific points in the message flow such as during transport. Most event sinks fire just before the message categorizer and right after. However, there are also sinks that run during message transfer. Many Exchange aware AV products register event sinks within Exchange. For example, before a message is sent to the categorizer, it is sent to the pre-submission queue where it is scanned for viruses or verified against the GAL. Other types of event sinks could be email disclaimers that are attached to say all outbound e-email or custom sinks that are fired based on rules you specify.

There may come a time where you need to view all registered event sinks. For example, you may have inherited an Exchange Server and which a previous admin may have registered custom event sinks that you are unaware of. In other circumstances, I've seen where products specifically AV software, in which the application was removed but the event sink was still registered and caused mail flow issues in which messages were stuck in the pre-submission queued.

To view all registered event sinks, follow the procedure below:

1. You need to download the smtpreg.vbs which you can get from the link below. I have heard that this file is also included in the Exchange SDK, but did not appear to be when I installed the SDK. You can also download the smtpreg.vbs from:

ftp://ftp.smtp25.org/Scripts/

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/smtpevt/html/6b7a017e-981e-45a1-8690-17ff26682bc7.asp


1. Once you have the smtpreg.vbs file, copy it to the root of your C:
2. Open command prompt, start run, cmd.

3. Type the following: C:\cscript smtpreg.vbs /enum

To pipe to a text file to easy viewing type:

C:\cscript smtpreg.vbs /enum > c:\file.txt

4. To remove the event sink. Go to your command prompt.

C:\cscript smtpreg.vbs /remove 1 sinkclass sinkname

1 = SMTP Virtual Service


Note: Sometimes duplicate sinks are registered. In this event, you will need to run this more than once. Re-run step 3 and verify the sink has been removed.


Another Method to view all event sinks is to download the Exchange SDK and launch Exchange Explorer.

Exchange SDK
http://www.microsoft.com/downloads/details.aspx?FamilyId=4AFE3504-C209-4A73-AC5D-FF2A4A3B48B7&displaylang=en


James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Wednesday, August 30, 2006

Exchange: Export GAL Using CSVDE

Summary:

One common request is "How do I export the contents of the GAL?" Unfortunately there are no native tools that simply export the contents without some work. There are some third party tools such as IMI GAL Exporter ver.3 which you can purchase for a few bucks. I have tested their trial version is appears to be a very neat utility. The other option is to use LDIFDE and CSVDE. Unfortunately, you have to know all the attributes listed in the GAL so you can export them out. I have provided the following CSVDE command to export most if not all the attributes in the GAL.

From a command prompt type the following command.Substitute the following string

"dc=corp,dc=company,dc=net" with your Fully Qualified Domain Name. Use Excel to open the file when complete.


C:\>csvde -r "(objectClass=user)" -d "dc=corp,dc=company,dc=net" -l disp
layname,title,description,company,department,assistant,
physicaldeliveryofficename,telephoneNumber,othertelephone,
mail,streetaddress,postofficebox,l,st,postalcode,co,homephone,
otherhomephone,pager,otherpager,mobile,othermobile,
facsimileTelephoneNumber,info,manager,memberOf -f c:\gal.csv

Connecting to "DC1.corp.company.net"
Logging in as current user using SSPI
Exporting directory to file c:\gal.csv
Searching for entries...
Writing out entries.............................................................




James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Tuesday, August 29, 2006

Exchange: Blackberry + Large MBs = Recipe for Latency

Summary:

Blackberry is a very resource intensive application and is known to be a very "chatty" application. I've heard BES (Blackberry Enterprise Server) is known to produce 5-6 times as much MAPI traffic as an average client, but never came across any documentation as to how this was figure was formulated. However, I have seen BES in conjunction with large mailboxes (1GB+) cause an exponential affect as far as performance degradation. Take the following case scenario below.


Case Scenario:

In this scenario, users were reporting "Outlook is requesting data" pop ups frequently. This would occur for BES users as well as non BES users. Now to give you the specifics of the hardware platform:

Hardware:
Proliant BL20P G2 (Backended to a SAN)
2 Quad Proc 2Ghz
4GB RAM

OS:
Windows 2003 Ent
Exchange 2003 Ent

This server hosted approximately 350 users and was originally sized to support 3,000 users. However, users were already complaining about Outlook latency.

Exchange Performance Analyzer, reported high RPC activity which was the source of the latency. No other bottlenecks were reported. We investigated disk I\O, memory, CPU and everything reported normal.

We consulted with our Microsoft ASE. The culprit was our BES users in which this server hosted approximately 186 with about half of them having mailboxes at 1GB and over. However, the size of the mailbox is not what causes the latency but specifically the number of items in your Outlook folders. This is because the more items you have, the more likelyhood that these items are stored in mutiple tables and pages within the database. Therefore, Exchange has to traverse this tree in order to link and process operations such as categorized views. Now large mailboxes in conjunction with BES, which is a very resource intensive application was a perfect "RECIPE FOR LATENCY" I've also seen desktop search engines also cause a similar affect in which 20 users running Google Desktop Search Engine caused the Exchange Store.exe process jump from a 2%cpu baseline to 17%cpu baseline.

What we ended up doing was to export the item count for all users on this server user PFDavadmin, (I have a blog on this referenced at bottom) and then filtered for users who had more than 10000 items. (Choose the figure that you want to work with) We then had users clean out their mailboxes.


References:

Outlook users experience poor performance when they work with a folder that contains many items on a server that is running Exchange Server 2003 or Exchange 2000 Server
http://support.microsoft.com/?id=905803

Exchange: Exporting Mailbox Properties Using PfdavAdmin
http://msexchangetips.blogspot.com/2006_08_01_msexchangetips
_archive.html

Microsoft Exchange Analyzers
http://www.microsoft.com/technet/prodtechnol/exchange
/downloads/2003/analyzers/default.mspx

Exchange 2000 Server and Exchange Server 2003 performance may be affected when desktop search engine software is running on Outlook or other MAPI client computers
http://support.microsoft.com/?id=905184




James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Monday, August 28, 2006

Exchange: Exporting SMTP Proxies Part 2

Summary:

The following script will export SMTP proxies from the specific OU's that you designate rather than exporting the entire domain.

You can also download this file from our ftp site at:

ftp://ftp.smtp25.org/[ James Chong Scripts ]


Dim x, zz
Set objRoot = GetObject("LDAP://RootDSE")
Set fso = CreateObject("Scripting.FileSystemObject")
Set txtstream = fso.CreateTextFile("c:\testfile.txt", True)
strDNC = objRoot.Get("DefaultNamingContext")
Set objOU = GetObject("LDAP://cn=users,dc=corp,dc=company,dc=net")
Call enummembers(objOU)
Set objOU = GetObject("LDAP://cn=builtin,dc=corp,dc=company,dc=net")
Call enummembers(objOU)

Call enummembers(objOU)
Sub enumMembers(objOU)
On Error Resume Next
Dim Secondary(20) ' Variable to store the Array of 2ndary email alias's
For Each objMember In objOU ' go through the collection

If ObjMember.Class = "user" Then ' if not User object, move on.

' I set AD properties to variables so if needed you could do Null checks or add if/then's to this code
' this was done so the script could be modified easier.

EmailAddr = objMember.mail

zz = 1 ' Counter for array of 2ndary email addresses
For each email in ObjMember.proxyAddresses
If Left (email,5) = "SMTP:" Then
Primary = Mid (email,6) ' if SMTP is all caps, then it's the Primary
ElseIf Left (email,5) = "smtp:" Then
Secondary(zz) = Mid (email,6) ' load the list of 2ndary SMTP emails into Array.
zz = zz + 1
End If
Next


txtstream.write Primary & vbcrlf

' Write out the Array for the 2ndary email addresses.
For ll = 1 To 20


txtstream.write Secondary(ll) & vbcrlf


Next
' Blank out Variables in case the next object doesn't have a value for the property

Primary = "-"
For ll = 1 To 20
Secondary(ll) = ""
Next
End If


' If the AD enumeration runs into an OU object, call the Sub again to itinerate


If objMember.Class = "organizationalUnit" or OBjMember.Class = "container" Then
enumMembers (objMember)
End If

Next
End Sub

txtstream.close

Const ForReading = 1
Const ForWriting = 2

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("C:\Testfile.txt", ForReading)


Do Until objFile.AtEndOfStream
strLine = objFile.Readline
strLine = Trim(strLine)
If Len(strLine) > 0 Then
strNewContents = strNewContents & strLine & vbCrLf
End If
Loop

objFile.Close

Set objFile = objFSO.OpenTextFile("C:\Testfile.txt", ForWriting)
objFile.Write strNewContents
objFile.Close

MsgBox "Done" ' show that script is complete



James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: LDIFDE Export Members of Distribution List

Summary:

This article will go over how to export members of a distribution list using LDIFDE.

There is MS KB article: http://support.microsoft.com/?kbid=555365
How to export the members of a distribution group in Exchange 2000/2003 using LDIFDE
which provides a sample of an LDIFDE command to export the properties.

ldifde -f export.ldf -d "cn=\Partners,ou=users,dc=microsoft,dc=com" -l member -s DC01

However, when you run the command, you receive no entries found:

Connecting to "DC01"
Logging in as current user using SSPI
Exporting directory to file export.ldf
Searching for entries...
Writing out entries
No Entries found

Cause:

Remove the slash in "cn=\"

In order to exporting any property for this user, you need to get the full DN. In order to get the full DN. Perform the following steps.

1. Start, Run, Adsiedit.msc (Part of Windows Server Support Tools)
2. Expand your Domain. This should mimic your OU structure.
3. Expand through your OU tree until you locate your group.
4. Once you have located your group CN=Group Name, right click properties.
5. Locate the attribute DistinguisedName and double click.
6. Copy the entire string which should be in the following format:
CN=My Group Name,CN=Users,DC=corp,DC=domain,DC=net
7. Enter in the following LDIFDE command.


C:\Documents and Settings\user>ldifde -f exportgroup.ldf -s MYDC -d
"cn=my group,cn=users,dc=corp,dc=redcross,dc=net" -l "member"


Note: if you would like to get more information other than group membership here is an example command:

C:\Documents and Settings\user>ldifde -f exportgroup.ldf -s MYDC -d
"cn=my group,cn=users,dc=corp,dc=redcross,dc=net" -l "dn, givenname, department, member"




James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Wednesday, August 23, 2006

Exchange: Attachments Gets Converted to ATT###.txt

Summary:

A user in your organization reports that attachments sent to him from an external party, is coming in as ATT###.txt


Cause:

In this scenario, a user called in stating that an attachment that was sent from an external party Excite.com is coming in as ATT###.txt. What we found out in this scenario is that the external contact was not composing a new message in Excite, but he was actually fowarding a message that he received in his Excite account to our internal user. When the external user composed a new message from his Excite account with an attachment, the internal user was able to receive the message. However, if the Excite user was to foward a message with an attachment to our internal user it would come in the format as ATT###.txt.


The way an existing mail with attachment is encoded by the messaging Server at Excite, causes the attachment to lose format. This may be caused by several other domains other than Excite.


James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: Exmon Tracelog -stop "Exchange Event Trace" Produces Invalid option given: Event

Summary:

When launching Exmon you receive "Unknown StartTrace error (183) This occurs because Exmon continues to collect data in an .ETL file although Exmon is not running. This file caps at 512MB. Once this is capped, Exmon cannot start because it cannot log any more data.

You perfmon the following task to stop the trace

From your resourcekit directory you type in the following command:

C:\Programfiles\resourcekit> Tracelog -stop “Exchange Event Trace”

You immediately receive:

Invalid option given: Event

You then enter the following command:

C:\Programfiles\resourcekit> Tracelog -l

The output shows that the "Exchange Event Trace" is running

Solution:

This occurs because you pasted Tracelog -stop “Exchange Event Trace” into your command prompt. Re-type the command and it should terminate the trace.



James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: Query Mailbox Creation Timestamp

Summary:

Unlike user creation timestamp which could be queried in ADSIEDIT, mailbox creation time is not stored in AD. To query mailbox creation time you need to query the MAPI properties of the Mailbox. In the MAPI property of the Mailbox, you will see a property "PR_Creation_Time" This property shows the date the mailbox was created. However, if the mailbox was moved, this time will not reflect the original creation time but rather the last mailbox move. This is because a mailbox move essentially creates a new mailbox. There is a method to get the original mailbox timestamp by looking at PR_NTSDModificationTime property the root of the IPM_Subtree in your mailbox. This property is the last modification time of the security descriptor. This timestamp does not change because it is at the root and the user will not see this folder. However, if you were able to view this property say for your inbox, the time may not be the same depending on whether or not you chagned permissions on your inbox such as giving another user rights or delegation to that folder.


This information can be useful in instances where you need to restore a mailbox from backup to determine if the user resided in the server where you need to restore the tape to. This article will go over how to manually view these properties using MFCMAPI and secondly how using a script to query this out for all users on an Exchange server. I would like to thanks Glen Scales (Exchange MVP Developer) for helping to creating this script.

Download all scritps from:
ftp://ftp.smtp25.org/


Manually Checking the Mailbox Creation Date.


1. Download MFCMAPI, also known as MAPI Editor. http://www.microsoft.com/downloads/details.aspx?FamilyID=55FDFFD7-1878-4637-9808-1E21ABB3AE37&displaylang=en

2. Launch MFCMAPI application. Click OK at the Microsoft Exchange Server MAPI Editor window. Click Session, and select Logon and Display Store Table.

3. You will now be prompted to create a profile. Note, you must be logged in with an account and mailbox profile that has full rights to your Exchange server, otherwise you will receive the following error message below when we open the temp table.

Error:
Code: MAPI_E_FAILONEPROVIDER === 0x8004011D
Function
File f:\df7830\extest\src\mfmapi\mapistorefunctions.cpp

4. Once logged in, go to MDB menu, Open Other User's Mailbox. Select the Mailbox you wish to open from the GAL and click ok and click ok at the prompt.

5. You will see a new dialog box with your mailbox name at the top. Highlight the root container. On the right pane, look for the following property

Property: 0x3FD60040

This is your orginal mailbox creation date.



Now to get last mailbox creation time such as when the mailbox was last moved to another store.


6. Highlight TOP of Information Store. On the right pane locate the following property:


PR_Creation_Time

----------------------------------------------------------------------------------

Now to script the original mailbox creation time by querying the PR_NTSDModificationTime at the root of the IPM_Subtree copy and paste the contents below into a text file and name that text file mborigtime.vbs. Save to C: drive.


servername = wscript.arguments(0)
PR_NTSDModificationTime = &H3FD60040
Set fso = CreateObject("Scripting.FileSystemObject")
set wfile = fso.opentextfile("c:\admin\mbCreationTime.csv",2,true)
wfile.writeline("Mailbox,CreationTime")
set conn = createobject("ADODB.Connection")
set com = createobject("ADODB.Command")
Set iAdRootDSE = GetObject("LDAP://RootDSE")
strNameingContext = iAdRootDSE.Get("configurationNamingContext")
strDefaultNamingContext = iAdRootDSE.Get("defaultNamingContext")
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
svcQuery = "Com.ActiveConnection = Conn
Com.CommandText = svcQuery
Set Rs = Com.Execute
while not rs.eof
GALQueryFilter = "(&(&(&(& (mailnickname=*)(!msExchHideFromAddressLists=TRUE)( (&(objectCategory=person)(objectClass=user)(msExchHomeServerName=" & rs.fields("legacyExchangeDN") & ")) )))))"
strQuery = " com.Properties("Page Size") = 100
Com.CommandText = strQuery
Set Rs1 = Com.Execute
while not Rs1.eof
call procmailboxes(servername,rs1.fields("mail"))
wscript.echo rs1.fields("mail")
rs1.movenext
wend
rs.movenext
wend
rs.close
wfile.close
set fso = nothing
set conn = nothing
set com = nothing
wscript.echo "Done"




sub procmailboxes(servername,MailboxAlias)

Set msMapiSession = CreateObject("MAPI.Session")
on error Resume next
msMapiSession.Logon "","",False,True,True,True,Servername & vbLF & MailboxAlias
if err.number = 0 then
on error goto 0
Set objInbox = msMapiSession.Inbox
Set objInfostore = msMapiSession.GetInfoStore(objInbox.StoreID)
Set objRootFolder = objInfostore.Rootfolder
Set Non_IPM_rootFolder = msMapiSession.GetFolder(objRootfolder.fields.item(&h0E090102),objInfoStore.ID)

Wscript.echo Non_IPM_rootFolder.fields.item(PR_NTSDModificationTime)
wfile.writeline(mailboxAlias & "," & Non_IPM_rootFolder.fields.item(PR_NTSDModificationTime))


else
wscript.echo = "Error Opening Mailbox"
wfile.writeline(mailboxAlias & "," & "Error Opening Mailbox")
end if
Set msMapiSession = Nothing
Set mrMailboxRules = Nothing

End Sub


7. Now open a command prompt. Go to:

C:\>mborigtime.vbs exservername

This will query all the orginal mailbox creation time for your exchange server and put the results to

C:\admin\mbCreationTime.csv


----------------------------------------------------------------------------------

Now to script the last time the mailbox was moved to another store by querying the PR_Creation_Time at the root of the IPM_Subtree copy and paste the contents below into a text file and name that text file lastmborigtime.vbs. Save to C: drive.


servername = wscript.arguments(0)
PR_Creation_Time = &H30070040
Set fso = CreateObject("Scripting.FileSystemObject")
set wfile = fso.opentextfile("c:\admin\lastmbCreationTime.csv",2,true)
wfile.writeline("Mailbox,CreationTime")
set conn = createobject("ADODB.Connection")
set com = createobject("ADODB.Command")
Set iAdRootDSE = GetObject("LDAP://RootDSE")
strNameingContext = iAdRootDSE.Get("configurationNamingContext")
strDefaultNamingContext = iAdRootDSE.Get("defaultNamingContext")
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
svcQuery = "Com.ActiveConnection = Conn
Com.CommandText = svcQuery
Set Rs = Com.Execute
while not rs.eof
GALQueryFilter = "(&(&(&(& (mailnickname=*)(!msExchHideFromAddressLists=TRUE)( (&(objectCategory=person)(objectClass=user)(msExchHomeServerName=" & rs.fields("legacyExchangeDN") & ")) )))))"
strQuery = " com.Properties("Page Size") = 100
Com.CommandText = strQuery
Set Rs1 = Com.Execute
while not Rs1.eof
call procmailboxes(servername,rs1.fields("mail"))
wscript.echo rs1.fields("mail")
rs1.movenext
wend
rs.movenext
wend
rs.close
wfile.close
set fso = nothing
set conn = nothing
set com = nothing
wscript.echo "Done"




sub procmailboxes(servername,MailboxAlias)

Set msMapiSession = CreateObject("MAPI.Session")
on error Resume next
msMapiSession.Logon "","",False,True,True,True,Servername & vbLF & MailboxAlias
if err.number = 0 then
on error goto 0
Set objInbox = msMapiSession.Inbox
Set objInfostore = msMapiSession.GetInfoStore(objInbox.StoreID)
Set objRootFolder = objInfostore.Rootfolder
Set Non_IPM_rootFolder = msMapiSession.GetFolder(objRootfolder.fields.item(&h0E090102),objInfoStore.ID)

Wscript.echo Non_IPM_rootFolder.fields.item(PR_Creation_Time)
wfile.writeline(mailboxAlias & "," & Non_IPM_rootFolder.fields.item(PR_Creation_Time))


else
wscript.echo = "Error Opening Mailbox"
wfile.writeline(mailboxAlias & "," & "Error Opening Mailbox")
end if
Set msMapiSession = Nothing
Set mrMailboxRules = Nothing

End Sub


Now open a command prompt. Go to:

C:\>lastmbcreationtime.vbs exservername

This will query all the orginal mailbox creation time for your exchange server and put the results to

C:\admin\lastmbCreationTime.csv




James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com

How useful was this article? Want to see a tip not listed? Please leave a comment.

Tuesday, August 22, 2006

Exchange: Block Host IP From Sending E-Mail

Summary:

You identify a malicious host IP and wish to block all messages orginating from this host. For example Host A is sending a large volume of emails to your Exchange server. You want to block A's email IP address. If A resides in your Exchange
Organization, A and your recipients will be MAPI clients. If A is a remote host from Internet, your recipients will be POP3 or IMAP4 clients.


Circumstance One
===============
If A is an internal client which resides in the same LAN, and you set
Routing Group Connector to allow mail flow between two different sites,
A will send email via the corresponding RGC. At this circumstance, you
need to restrict the RGC to prevent A from sending email. If you set a
SMTP Connector but not RGC, A will send email via the corresponding SMTP
Virtual Server. At this circumstance, you need to restrict the SMTPVS to
prevent A from sending email.

Circumstance Two
===============
If A is an external client which comes from Internet, and you set SMTP
Virtual Server to allow mail flow between your Exchange Organization and
Internet, A will establish a SMTP session to your SMTPVS in order to
send emails to your Exchange Server. At this circumstance, you need to
set the connection control on your SMTPVS to prevent A from sending
email.

Note: You should disable the opening relay first.

Understanding the above information, we can perform the following steps
to block A's email IP address:


Circumstance with RGC, let's set the connection restriction on
RGC:
------------------------------------------------------------------------
1. Open ESM, locate to Administrative Group\First Administrative
Group\Routing Groups\First Routing Group\Connectors.

2. In the right pane, right-click on a RGC, and open the "Properties"
page.

3. Click the "General" tab, and then choose "These servers can send
mail over this connector".

4. Click Add button, and then select your Exchange server with
"Default SMTP Virtual Server".

5. Click OK to add the server into the list.

6. Click OK to save the changes.

7. Configure the Connection Control on your SMTP Virtual Server to block User "A"

8. Restart the SMTP service and Exchange Routing Engine service.


Circumstance with SMTP Connector, let's set the connection
restriction on SMTP Connector:
------------------------------------------------------------------------

1. Open ESM, locate to Administrative Group\First Administrative
Group\Routing Groups\First Routing Group\Connectors.

2. In the right pane, right-click on a SMTPC, and open the
"Properties" page.

3. On the "General" page, click "Add" button to add your Exchange
server with "Default SMTP Virtual Server" as a Local Bridgehead.

4. Click OK to save the changes.

5. Configure the Connection Control on your SMTP Virtual Server as I
mentioned in my previous email.

6. Restart the SMTP service and Exchange Routing Engine service.


To Circumstance with SMTP Virtual Server, let's just set the
connection restriction on SMTPVS:
------------------------------------------------------------------------

1. Open ESM, locate to Administrative Group\First Administrative
Group\Servers\Protocols\SMTP.

2. Right-click "Default SMTP Virtual Server", and open the
"Properties" page.

3. Choose the "Access" tab, and then click "Connection" button of the
"Connection control" box.

4. Select "All except the list below", click Add button.

5. Select "Single computer", and then put the host IP address in the
"IP address" blank.

6. Click OK to save the changes.

7. Restart the SMTP service and Exchange Routing Engine service.


James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Outlook: Calendar Overlay

Summary:

Calendaring has become an integral feature for many organizations. One request that I hear often is "Can Outlook create an overlay view of multiple calendars rather than side by side view?"

Answer:

Unfortunately, Outlook (all versions, including Professional, Standar and Premier) does not provide the customized view based on different folder, but only single folder view. For this reason, two calendar, originates from two calendar folders, can not be overlayed. To obtain the overlayed effect, the only way is to manually export one calendar to a .pst and then merge it into another calendar. Otherwise, to acquire this feature, we must modifiy the source forms on which the calendar is based. For example, we must supplement the attributes that distinguish the items from different calendar. This feature is by design in Outlook.



James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: Transaction Log Files Growing Rapidly; Case Scenarios

Summary:

An Exchange admins worst nightmare is to come into work one morning to find out your partition housing your transaction log files has been filled up with an abundant amount of log files. You continue to monitor your disk space which is filling up at a rapid pace. What to do? In this article I will share my experience in dealing with these situations.

Note: If you are currently experiencing rapid log file growth and your partition housing your log files is running low on disk space, enable circular logging immediately. This will flush all log files as they are committed to your database. This will prevent your partition housing your log files from filling up and causing your store to dismount.

XADM: How to Modify the Circular Logging Setting
http://support.microsoft.com/kb/258470/


Case Scenario #1 Script Gone Haywire

In this scenario, I came into work to find out that the log files have grown tremendously and eating up disk space at rate of almost 1-2GB an hour. Because of the rate at which the logs being generated, users were complaining about messages being delayed. This is because the rate at which the log files were being committed to the database could not keep up with the rate that they were being generated in additional to a high store.exe process.

The root cause analyses was a script that an employee wrote which was part of our ticketing system. I ran MS Netmon which is a packet sniffer to determine if I could find the source of where the traffic was being generated from, which helped me to pinpoint it to our ticketing system.

You can download Netmon from ftp://ftp.microsoft.com/PSS/Tools/ The file is zipped and contains a password. The unzip password is "trace"



Case Scenario #1 Routing Loop (Migration)

In this scenario, I also experienced rapid log file growth. This scenario occured during a migration from 5.5 to 2003. The root cause analyses for this situation was more of how the organization's mail topology was configured.

This organization used a Sendmail server as it's frontend and thus hosted the MX record for the organization say abc.com. It then forwarded to the Exchange backend using an alias table. The Exchange backend environment thus hosted an internal MX record say xyz.local. The recipient policy of the Exchange org was configured as:

Primary: abc.com
Secondary: xyz.local

Internet mail would arrive to user@abc.com, the Sendmail server would lookup the alias table and forward to user@xyz.local which would deliver to the Exchange Org. Now because our Exchange Org did not host all users for for the recipient policy of abc.com, the SMTP Virtual Server was configured to "Send all unknown recipients to" another Sendmail smarthost.

The loop was caused because the alias table on the Sendmail server was not maintained. Therefore, when an email arrived at the frontend Sendmail server destined to user@abc.com, it would look up the alias table and see it mapped to user@xyz.local and forward it to the Exchange Org. The Exchange Org did not have this recipient and would foward it out to a Smarthost because "Send all unknown recipients to" was configured. This Smarthost would then send it back to the frontend Smarthost causing a loop.

Resolution was to enable "Filter Recipients who are not in the directory" in the Global Settings in Exchange System Manager in addition to having a procedure to maintain a current alias table.



James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Monday, August 21, 2006

Exchange: Forwarding Copy of User's Email or Public Folder to Another Account Via Event Sink

Summary:

Exchange offers Journaling which allows you to designate a mailbox to receive all emails sent and received from a particular store that you designate. However, Exchange does not give you the granularity to journal only one mailbox. In order to achieve this you will need to install a custom event sink provided below. Before I delve into the implementation of the event sink. I'll go over what event sinks are what they do.

Event sinks are basically a sub-routine that is fired at specific points in the message flow such as during transport. Most event sinks fire just before the message categorizer and right after. However, there are also sinks that run during message transfer. Many Exchange aware AV products register event sinks within Exchange. For example, before a message is sent to the categorizer, it is sent to the pre-submission queue where it is scanned for viruses or verified against the GAL.

Registering The Per User Journaling Event Sink. This event sink provided will forward a copy of all messages sent to your designated recipient to another mailbox such as your admin.



Download the files below (google)
1. SMTPReg.vbs
2. smtpjrnl.vbs


1. Create a directory on your C: drive called Journal. (Or anywhere you wish)

2. You will need the SMTPReg.vbs. Although I downloaded the Exchange SDK, this file was not included. However, I was able to locate it here. In the link, you will need to copy all the code in the [smtpreg.vbs Event Management Script] and paste it into notepad. Name this file as smtpreg.vbs and paste it into your C:\Journal directory.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/smtpevt/html/6b7a017e-981e-45a1-8690-17ff26682bc7.asp

3. Open notepad and copy the entire contents below and name this file smtpjrnl.vbs


script language="VBScript"

Sub ISMTPOnArrival_OnArrival(ByVal Msg, EventStatus ) on error resume next Dim RecpList recplist = LCase(Msg.EnvelopeFields("http://schemas.microsoft.com/cdo/smtpenvelope/recipientlist")) recplist = recplist & "SMTP:admin@yourdomain.com;" Msg.EnvelopeFields("http://schemas.microsoft.com/cdo/smtpenvelope/recipientlist") = recplist Msg.EnvelopeFields.update

End Sub

/script


4. In the recplist = recplist & "SMTP:admin@yourdomain.com;"
Enter the SMTP address in which you would like all of the forwarded emails to go to. (Include the quotes)

5. Open command prompt. Go to Start --> Run, type cmd, ok
CD CD journal

cscript smtpreg.vbs /add 1 onarrival smtpjrnl CDO.SS_SMTPOnArrivalSink "Rcpt to=internaluser@yourdomain.com"

(Note: This will forward any emails sent to your internal user or public folder SMTP address here to the SMTP address you specified in step 4)

6. If you wish to customize it so that mail from a particular domain say anything from hotmail sent to internaluser@yourdomain gets forwarded to admin@yourdomain.com, change the code in step 5 to: "Rcpt to:internaluser@yourdomain mail from:user@hotmail.com")

Now you will need to associate smtpreg.vbs to your smtpjrnl.vbs sinkcscript. Type the following command below in your command prompt.

smtpreg.vbs /setprop 1 onarrival smtpjrnl Sink ScriptName c:\journal\smtpjrnl.vbs

Note: If you receive Binding Dispaly Name Specified: smtpjrnlFailed to find binding with dispaly name: smtpjrnl, re-enter the command below. Note the smtpjrnl.vbs in the first line. It appears that there is a bug, sometimes it registers with out the .vbs other times it doesn't.

cscript smtpreg.vbs /setprop 1 onarrival smtpjrnl.vbs Sink ScriptName c:\journal\smtpjrnl.vbs

7. Test by emailing to internaluser@domain.com from an outside account. It should be forwarded to admin@yourdomain.com. There is a limitation to this. When sending internally, if the internaluser@domain.com and admin@yourdomain.com exists on the same Exchange server, it will not work even with public folders. This is by design. You can circumvent this if you use a frontend server that handles all your inbound mail and forwards to your backend Exchange servers.

8. To remove the event sink. Go to your command prompt. From your C:\Journal directory type the following command:

cscript smtpreg.vbs /remove 1 onarrival smtpjrnl

1 = SMTP Virtual Service
onarrival = sink class
smtpjrnl = sink name


James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Sunday, August 20, 2006

Exchange: Is a Windows Disk Level Defrag Required?

Summary:

In some instances, I've seen a partition in which Windows reported the partition as severely fragmented. The partition only contained the Exchange database and no other files. So the question is, do we and can we perform a Windows file level defrag?

Answer:

This answer is directly from Microsoft PSS.

"Based on your inquiry, I understand that you need to know if it is recommended to do a disk level defrag on an Exchange server. If I have misunderstood your concerns, please let me know.

According to your question, I'd like to point out that you can perform a disk level defrag on an Exchange server. However, if the disk holds only Exchange Server databases, it is not necessary to do disk-defragment because Exchange can do it internally. You may want to defrag the disk in order to improve the performance, but you may not see the result that you expected. Exchange uses and releases pages inside the database directly regardless the disk fragmentation. Exchange defragment is a file level defrag. Exchange online defragment will rearrange the data but not release the fragmentation space. Exchange offline defragment will rearrange the data and then release the free space. Therefore, the Exchange offline defragment is recommended. Anyway, you can do a disk level defrag after Exchange defragment if you want to do."


Best Regards,

Support Professional
Microsoft Professional Technical Support


Here is another article on MSExchangeteam blog that goes over this as well. I would consider reading this article as well, as it goes over some caveats when performing disk level defrags.

http://msexchangeteam.com/archive/2004/10/25/247342.aspx


James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Windows: Audit Changes Made to File Folders or Registry

Summary: This article will delve into auditing changes such as: Changing attributes, writing to, deleting, moving so it can be traced back to a process or user...

To track a Process or User that may be making modifications to a File Folders and Registry, perform the task below.


Caution: This degree of auditing will put a performance hit on the box.



To set up the local policy to Audit Process Tracking:
=====================================
1) Click Start then Run then type
"gpedit.msc" (without the quotes)
2) This will execute the Group Policy Object
3) Expand the following:
+Computer Configuration
+Windows Settings
+Security Settings
+Local Policies
+Audit Process Tracking
4) Under 'Audit these attempts' place a check on
- Failure
- Success
5) Once the policy has been set, run the following command to apply the policy
For Windows 2000: Secedit /refreshpolicy
For Windows XP or 2003: Gpupdate.exe



To set up the local policy to Audit Object access:
=====================================
1) Click Start then Run then type
"gpedit.msc" (without the quotes)
2) This will execute the Group Policy Object
3) Expand the following:
+Computer Configuration
+Windows Settings
+Security Settings
+Local Policies
+Audit Policy
4) Under 'Audit Policy' doubleclick 'Audit Object Access'
5) Under 'Audit these attempts" place a check on
- Failure
- Success



Auditing the registry
=====================================
1) Call up Regedt32 and browse to the key you want to audit
2) Windows 2000: Click the 'Security' menu and select 'Permissions'
Windows 2003/XP Click the 'Edit' menu and select 'Permissions'
3) Click the 'Advanced' button
4) Select the 'Auditing' tab and click the 'Add' button
5) Add the 'Everyone' group and click 'OK'
6) The resulting "Auditing Entry for " dialog box appears
7) In the "Apply onto" drop menu, select "This key and subkeys"
8) Choose the actions you want to audit for... commonly we want to track
changes to the registry... so we'll want to place a check on the following:
'Set Value' Successful and Failed
'Create Subkey' Successful and Failed
'Delete' Successful and Failed
9) Click OK
10) Clear the checkbox on "Allow inheritable auditing entries from parent to propagate to this object"
11) Click OK then OK again to exit
Auditing files or folders



=====================================
1) In Explorer.exe browse to the file or folder you want to audit
2) Click the 'Security' menu
3) Click the 'Advanced' button
4) Select the 'Auditing' tab and click the 'Add' button
5) Add the 'Everyone' group and click 'OK'
6) The resulting "Auditing Entry for " dialog box appears
7) In the "Apply onto" drop menu, select "This folder, subfolders and files"
8) Choose the actions you want to audit for...
For example, if attributes are being changed or files are being deleted
Place check marks under the following:
'Write Attributes' Successful
'Write Extended Attributes' Successful
'Delete Subfolders and Files' Successful
'Delete' Successful
'Change Permissions' Successful
9) Click OK
10) Clear the checkbox on "Allow inheritable auditing entries from parent to propagate to this object"
11) Click OK then OK again to exit



The Security Event log will reflect the following:
=====================================
Event ID of 560 and 562 detailing User audits
Event ID of 592 and 593 detailing Process audits



James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: NDR 571 - MAIL REFUSED - Reverse DNS failed; cannot resolve the domain in the HELO command

Summary:

You receive the following NDR when sending to a third party domain:


Your message has encountered delivery problems
to the following recipient(s):

user@externaldomain.com
Delivery failed
571 - MAIL REFUSED - Reverse DNS failed; cannot resolve the (yourmailserverhostname.domain.com) domain in the HELO command.

You verify that your domain does indeed have a Reverse DNS Record.

Cause:

The third party domain is performing HELO lookups, also known as forward DNS lookup. When initiating a SMTP session with a third party domain, the domain validates your domain name by performing a forward check, Domain to IP rather than IP to Domain in reverse DNS lookups. If you designed your DNS namespace for Active Directory and chose a namespace different than your public domain name ie. company.local, your Exchange server by default will advertise as HELO I'm hostname.company.local. The third party domain will attempt to lookup company.local in DNS and will fail and thus reject your E-Mail.

Resolution:

1. Open Exchagne System Manager. Navigate to Administrative Groups, Site, Servers, Servername, Protocols, SMTP, Default SMTP Virtual Server,

2. Highlight Default SMTP Virtual Server, right click properties.

3. Go to the Delivery Tab, and click Advanced Button.

4. In the "Fully-qualified domain name: field, enter your fully qualified external domain name. Click Check DNS to verify that it resolves.

5. Restart SMTP service.

James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: Your message has been delayed I/O error encountered

Summary:

Users are receiving the following Non Deliverable Message (NDR)when sending to third party domains:

Your message has been delayed and is still awaiting delivery to the following recipient(s):

Users@externaldomain.com
Message delayed


I/O error encountered


Cause:

In this instance, users were reporting that messages sent to Gmail were being delayed anywhere from hours to days. When telneting to Gmail's mail servers, sometimes it would accept the connection and would allow our server to send mail. However, other times I would receive "Connection lost" immediately. The issue at hand was that this organization sends bulk email to many third party domains.(Not SPAM) Gmail has a specific policy on bulk E-mailing. Therefore, Gmail will temporarily block your domain from sending too much bulk E-mail.


James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Saturday, August 19, 2006

Exchange: Understanding the Checkpoint File

Summary:

Before I delve into the importance of the Exchange checkpoint file, I'll begin with a real life scenario that will elaborate the importance of the checkpoint file within Exchange. Company ABC implemented a new Exchange server and was put into production. However the database was lost for reasons beyond the scope of this article. Since this was just put into production and backups had not been performed yet, there was no way to restore the database.

Solution:

This is where the Exchange log files and checkpoint file come into play. Exchange log files records all transactions before they are written to the Exchange database. Transactions could be new messages, mailbox moves or any other type of data manipulation. So how can we restore the database? This is where the checkpoint file comes in. The checkpoint file keeps track of what how much data from the logs have been written to the database. These files are in the format E01.chk. Therefore to restore the database, you want delete the checkpoint files. When you mount a new database, the database will replay all the log files. Since there is no checkpoint, the Exchange database has no way of knowing where it last left off so it is forced to replay all the log files again.

For more information about Exchange logfiles and checkpoint file refer to KB article:

http://www.microsoft.com/technet/prodtechnol/exchange/guides
/UseE2k3RecStorGrps/d42ef860-170b-44fe-94c3-ec68e3b0e0ff.mspx?mfr=true

James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: How to Configure Bulk Message Restrictions on DL's Using Admodify

Summary:

Restricting who has access to send to distribution lists or a particular user is a neat feature. For example, this comes in handy where you need to restrict who can send to a large distribution list or who can send to say a VP. However there is no native tools if you wish to configure restrictions on multiple Distribution lists or users at once. This can be accomplished by using ADMODIFY.

1. Download ADMODIFY

ftp://ftp.microsoft.com/PSS/Tools/Exchange%20Support%20Tools/ADModify/


2. Run Admodify and select all your DL's that you wish to perform restrictions on.

3. Once you have selected your DL's go to the custom tab. Select "Make a
Customized Attribute Modification" Attribute Name = Authorig,
Value= DN of user (Example:
CN=last\, first(Consultant),OU=Contractors,OU=Contractors,DC=HQ,
DC=Company,DC=net)

4. Open your DL's in ADUC and verify that the restrictions have been set.

The attribute for "From Authenticated Users Only" is msExchRequireAuthtoSendTo. If you would like to use this, enter this attribute in step 3 instead of Authorig.


James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: Semaphore Timeout Period Has Expired

Summary:

Messages are queued and in retry state to another Exchange server. When highlighting the queue in ESM, the queue information area reports Semaphore timeout period has expired.


Case 1:

Although there are multiple reasons that can cause this issue. My experience with this was that Mailguard was enabled on the PIX firewall between these Exchange servers. Enabling Mailguard on PIX will cause the remote Exchange server to not produce a valid SMTP banner. When telneting to the remote Exchange server, it produces something similar to the output below:

220******************************************************
*0*2******0***********************2002*******2***0*00

To correct this issue, consult the KB Article:


Cannot send or receive e-mail messages behind a Cisco PIX firewall
http://support.microsoft.com/?kbid=919091


Case 2:

I've also seen experienced this when on a system running Norton AV 9.X. Messages sent to another Exchange server running AV 9.X gets queued. When you perform a telnet session to the destination Exchange server running Norton AV 9.X, the message does not arrive at the destination Exchange server. To fix this issue, disable the Internet E-mail Auto-Protect scanner feature.

Outgoing e-mail to other internal Exchange servers is queued, and you receive an error message in Exchange Server 2003
http://support.microsoft.com/?kbid=919091

Case 3:

This may also be caused by black hole routers. On a TCP/IP-based wide area network (WAN), communication over some routes may fail if an intermediate network segment has a maximum packet size that is smaller than the maximum packet size of the communicating hosts--and if the router does not send an appropriate Internet Control Message Protocol (ICMP) response to this condition or if a firewall on the path drops such a response. Such a router is sometimes known as a "black hole" router.

How to Troubleshoot Black Hole Router Issues
http://support.microsoft.com/kb/314825/



James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com

How useful was this article? Want to see a tip not listed? Please leave a comment.

BlackBerry: Users Cannot Send or Reply From Handheld

Summary:

Blackberry users are able to receive messages to handheld but are not able to send or reply. When sending or replying to a message from the device, it produces an "X"

Cause:

In order to send or reply to messages using a Blackberry device, the BlackBerry service account must have "Send As" rights to the objects. If the user is unable to send or reply to messages, verify in ADUC that the BlackBerry service account has this right. In ADUC, find the user in question, and go to the security tab of this object. Verify that the BlackBerry service account has "Send As" right. In addition, if you recently applied Hotfix: 327825, this hotfix revokes any object that has "Send As" rights to objects that belong to any of the protected security groups.

• Administrators
• Account Operators
• Server Operators
• Print Operators
• Backup Operators
• Domain Admins
• Schema Admins
• Enterprise Admins
• Cert Publishers

Therefore, if your BlackBerry user is a member of any of these protected groups, your user will not be able to send or reply to messages using the device. To cirumvent this, it is recommended that you create separate accounts for your admins when performing administrative tasks. For example, use a convention such as ZZ-jdoe for their administrative account. For more information, consult the following KB article: http://support.microsoft.com/kb/907434/en-us

James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: Managing SMTP and IIS Log Files via Script

Summary:

Exchange can can log a number of transactions such as SMTP, IIS, or Message Tracking. These logs play an important role in troubleshooting, trending as well as a number of other things. However, Exchange or IIS does not provide an option to automatically purge SMTP or IIS logs. In this article, I will provide an example to manage these log files.

Procedure:

Since you want to always keep a copy of your log files, for example 30 days worth before purging them, what this script will do is first move all log files from the directory you specify to another partition E:\logs that are older than 30 days, then delete any log files older than 60 days from E:\logs.



1. Create a folder in C:\scripts (Or anywhere you want to designate)

2. Download WaRmZip from SoureForge. http://sourceforge.net/project/showfiles.php?group_id=88417&package_id=99571 Download file to C:\scripts

3. Open notepad and enter the following:

:: movelogs.bat
:: moves log files from the directory you specify below
::
@ECHO OFF

C:
CD\scripts\waRmZip16

waRmZip.wsf /r /q "C:\logs" /ma:30 /md:E:\Logs_Old

This script will move any log files older than 30 days from C:\logs to E:\logs_old folder. You will need to modify this line to point to where your SMTP or IIS logs are and your destination path. Save this file as movelogs.bat

4. Open notepad and copy the following:

:: deletelogs.bat
:: Delete logs older than 60 days to run every 60 days.
::
@ECHO OFF

C:
CD\scripts

waRmZip.wsf /r "E:\Logs_Old" /da:60 /df /q

Save this file as deletelogs.bat


5. Now go to scheduled tasks and schedule movelogs.bat to run monthly and deletelogs.bat to run every 60 days.

Note: Ensure you test this using test directories before implementing them into production. I have also provided these files on "Chong Man"s Exchange Resources" under links.


James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com

How useful was this article? Want to see a tip not listed? Please leave a comment.

Tuesday, August 15, 2006

PFDAVAdmin: Using Custom Bulk Operation

Summary:

PDAVAdmin 2.6 introduces a new feature which allows you perform bulk customizations on Public Folders using LDAP filters. I ran into a scenario in which an environment had created a Public Folder infrastructure in which all folders were created at the root level. This makes it difficult to choose a top level folder to propagate permissions. For example, if you wanted to add a user to have rights to all folders, you would have to perform this individually because there there no root folder to propagate down from. In this scenario, I was able to use PFDAVAdmin 2.6 to perform a bulk operation on the virtual Public Folder tree to add this user and propagate the permissions to all Public Folders.


To be safe, I would recommend exporting your permissions so that you will have a backup.


1. Download PFDavAdmin utility.

49e3-ada4-e2422c0ab424&DisplayLang=en>

2. Launch PFDAVAdmin by double clicking on the file; PFDavAdmin.exe

3. On the File menu, select Connect.

The "Connect" dialog will now appear as shown below.

a. In the Connect dialog box, enter the name of the Exchange
server the mailboxes reside on.

b. Check the "Authenticate as currently logged on user"
checkbox.

c. Select "Public Folders" under Connection and click OK.


4. Make sure Public Folders is highlighted at the root. On the Tools menu, select Options. Check the "Enable logging to file" checkbox and click OK.

The "Options" dialog box will now appear as shown below.

Make sure that the box labeled; "Enable logging to file", is
checked.

Make sure that the box labeled; "Enable extended logging",
is unchecked.

If you wish to backup your permissions first, go to Tools, menu, select export permissions, select all Public Folders, and choose XML as your format. You can use this file to import back in, in the event that your permissions get corrupted.

5. On the Tools menu, select Custom Bulk Operation.


a. Base Folder: Public Folder

b. Overall Filter: (&)(This default settings selects everything)

c. Operations: Click Add. Select Folder Permissions and click Ok.
Action set to merge. Select Permissions now, click Select button.
You will be prompted with a dialog "You will be presented will a
permissions diaglog you can use to configure permissions" Click Ok.

d. Click Add. Enter user name in the field and click search. Click Ok.
Give the user the appropriate permissions. Click Ok. You will be
presented with with a dialog "You will not be presented with a
permissions dialog to selecte entities that will be removed" If you
wish to remove users, you can from this procedure. Click Ok. If you
do not wish to remove anyone, Click ok. Click Ok once more. This user
that you added will now be propaged to all Public Folders.



James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

How useful was this article? Want to see a tip not listed? Please leave a comment.

Thursday, August 10, 2006

Exchange: Free/Busy Not Available After Mailbox Move

Summary:

After migrating mailboxes to another Exchange server, Free/Busy information may not be available. Viewing this user's Free/Busy, produces slashes with no information.

Solution:

Try running Outlook.exe /cleanfreebusy first. If you moved the mailbox across administrative groups, you will need to use the Exchange Profile Update Tool which you can download here http://support.microsoft.com/?kbid=873214. If you are also trying to query free/busy information from users across sites, try putting a local replica of that site's free/busy. If all fails, try deleting the PR_FREEBUSY_ENTRYIDS for the affected users MB using MFCMAPI.

Download MFCMAPI

1. Download MFCMAPI, also known as MAPI Editor. http://www.microsoft.com/downloa
ds/details.aspx?FamilyID=55FDFFD7-1878-4637-9808-1E21ABB3AE37&displaylang=en

2. Launch MFCMAPI application. Click OK at the Microsoft Exchange Server MAPI
Editor window. Click Session, and select Logon and Display Store Table.

3. You will now be prompted to create a profile. Note, you must be logged in
with an account that has full rights to your Exchange server, otherwise you will
receive the following error message below when we open the temp table.

Error:
Code: MAPI_E_FAILONEPROVIDER === 0x8004011D
Function
File f:df7830extestsrcmfmapimapistorefunctions.cpp

4. Once logged in, click MDB, and select Get Mailbox Table. A new window display
opens "Server Mailbox Table" From here, you can select the server name you wish
to work with. Select default settings and click OK.

5. You will now see all mailboxes enumerated. You will need to locate the user
that whos Free/Busy is not available.

6. Once you have double clicked the mailbox, highlight Root Container.

7. In the right pane, locate PR_FREEBUSY_ENTRYIDS, right click and select
Delete Property.

8. Expand Top of Information and highlight Inbox.

9. In the right window, if there is a property name of PR_FREEBUSY_ENTRYIDS,
right click on it and choose Delete Property

10. Exit out of MAPI Editor.

11. Go to start run, Outlook.exe /cleanfreebusy on the mailbox

James Chong
MCSE |M+, S+, MCTS, Security+
msexchangetips.blogspot.com

How useful was this article? Want to see a tip not listed? Please leave a comment.

Exchange: Exporting Mailbox Properties Using PfdavAdmin

Summary:

Microsoft's Pfdavadmin utility is a popular utility used to facilitate migrating public folder replicas or saving permissions. However, Pfdavadmin offers several other features. For example, Pfadavadmin can be used to export mailbox attributes and properties. One useful scenario I came across was to export total item counts for user's mailbox. It is well known that MAPI client experience is dictated by the total number of items within a mailbox rather than the mailbox size. A large item count can cause user's to receive, "Outlook is requesting data." Although this utility can be used to export many attributes or properties, this article will show an example of export user's total item count.


To get a listing of the number of mail items for each folder within each
mailbox, follow the steps below:

1. Download PFDavAdmin utility.

49e3-ada4-e2422c0ab424&DisplayLang=en>

2. Launch PFDAVAdmin by double clicking on the file; PFDavAdmin.exe

3. On the File menu, select Connect.

The "Connect" dialog will now appear as shown below.

a. In the Connect dialog box, enter the name of the Exchange
server the mailboxes reside on. You do not have to specify GC.

b. Check the "Authenticate as currently logged on user"
checkbox.

c. Select "All mailboxes" under Connection and click OK.


4. On the Tools menu, select Options. Check the "Enable logging to file"
checkbox and click OK.

The "Options" dialog box will now appear as shown below.

Make sure that the box labeled; "Enable logging to file", is
checked.

Make sure that the box labeled; "Enable extended logging",
is unchecked.

5. On the Tools menu, select Export Properties.

The "PropertyExportForm" will now appear as shown below.

a. Select "All folders".

b. Create an Output File such as c:\ItemCount.txt by
clicking on the Ellipse button, "..."

The "Save As" dialog box will now appear as shown below.

Browse to the folder where you want to save the file.

Enter the file name, "itemcount" and select "Text file
(*.csv)" as the "Save as type".

Finally click on the Save button to create the export file.

c. Check the following Properties to export:

PR_CONTENT_COUNT : 0x36020003

PR_DISPLAY_NAME : 0x3001001E

PR_FOLDER_PATHNAME : 0x66B5001E


6. Click on the button labeled, "OK".

PFDavAdmin will start to process all of the folders within the mailbox
and will display a progress bar.


When the Export Properties process completes you will see the screen
below;

Simply close this dialog box and exit out of the PFDavAdmin utility.


James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

How useful was this article? Want to see a tip not listed? Please leave a comment.

Wednesday, August 09, 2006

Using MFCMAPI To Delete Exchange Temp Table

Summary:

Duplicate messages are not only a nuisance but can be difficult to troubleshoot. Although there are several reasons why duplicate messages can occur, one known issue is caused by messages that are stuck within the temp table within the Exchange store. Temp tables are temporarily holding places within the Exchange store where messages are constructed. This can be caused by several reasons such as your AV application. This article will discuss how to delete the temp table so that duplicate messages are not re-generated. The process below will delete the temp table and create a new one.

Evan Dodds (Exchange MVP) does a great job explaining in depth about the temp table.
http://blogs.technet.com/evand/archive/2004/12/27/332752.aspx

You can also find additional info from MS Technet. http://www.microsoft.com/technet/prodtechnol/exchange/2003
/insider/Special_Mailboxes.mspx

When troubleshooting duplicate messages, note the message ID. This is critical in determining whether the original message is duplicating itself or if a client is possibly re-sending messages possibly due to a virus infection. Therefore, examine the headers at least two duplicate messages to examine the message ID. This article is assuming the message ID is the same and is stuck within the Exchange temp table. Note that deleting the temp table will delete any messages yet to be processed or queued. Therefore, perform this during non production hours.

Resolution:

1. Download MFCMAPI, also known as MAPI Editor. http://www.microsoft.com/downloads/details.aspx?
FamilyID=55FDFFD7-1878-4637-9808-1E21ABB3AE37&displaylang=en

2. Launch MFCMAPI application. Click OK at the Microsoft Exchange Server MAPI Editor window. Click Session, and select Logon and Display Store Table.

3. You will now be prompted to create a profile. Note, you must be logged in with an account that has full rights to your Exchange server, otherwise you will receive the following error message below when we open the temp table.

Error:
Code: MAPI_E_FAILONEPROVIDER === 0x8004011D
Function
File f:\df7830\extest\src\mfmapi\mapistorefunctions.cpp

4. Once logged in, click MDB, and select Get Mailbox Table. A new window display opens "Server Mailbox Table" From here, you can select the server name you wish to work with. Select default settings and click OK.

5. You will now see all mailboxes enumerated. You will need to locate the SMTP(Servername --GUID) mailbox. Note there can be more than one depending on how many stores you have. Therefore you will need to perform step 6 on the remainding SMTP (Servernam --GUID) mailboxes.

6. Once you have double clicked the mailbox, expand Root Container. You will see TempTable#. Highlight this, go to Actions menu and select delete folder. In the Deleted Selected Folder Window, check "Hard Deletion" and click OK. Right click your Root Container and select Refresh View. Your TempTable# should not appear. Repeat this step for all SMTP (Servername --Guid) mailboxes you have. Once complete, restart your IIS server. This will re-create your TempTable#.


James Chong (MVP)
MCITP | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

How useful was this article? Want to see a tip not listed? Please leave a comment.

Monday, August 07, 2006

BlackBerry Enterprise Server: Users Not Receiving Messages to Handheld After Mailbox Moves

Summary:

BlackBerry server maps user mailboxes by using a process called worker treads. Each worker tread is cable of handling multiple mailboxes. Each BES server is capable of handling 100 worker treads and up to 2000 users. Blackberry version [4.0.4.5], is capable of mapping worker treads back to a user mailboxes when a mailbox gets moved to a different store by scanning the GAL for changes in the Server DN.BES users may not receive messages to their handheld device after a mailbox move if the MAPI32.DLL version is not consistent on your BES servers and Exchange servers.

Note:

Mailbox moves within the same server are not updated by BES and thus messages will not be received by handheld until BES services are restarted. This is because BES scans users mailboxes for changes in the Server DN. Since mailboxes are moved within the same server, BES is unware of the mailbox move. This is by design.

Cause:

BES servers must have the same DLL versions for the following files as your Exchange server otherwise BES will not be able to reflect the mailbox move and users will not receive messages to their handheld device. In addition, your Exchange server will also experience a memory leak if your Emsmdb32.dll version is also not consistent with your BES and Exchange server.

MAPI32.DLL
Emsmdb32.DLL
CDO.DLL



Resolution:

Update the following files on all your BES servers to match that of your Exchange server. Do not copy and paste these files, you must apply the entire service pack.

MAPI32.DLL
Emsmdb32.DLL
CDO.DLL

Additional References:

Support - Memory leak causes ERR_RESOURCE_ALLOC error and truncated device message

Last Updated: 10 April 2006
Article Number: KB-03665



James Chong (MVP)
MCITP | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

How useful was this article? Want to see a tip not listed? Please leave a comment.

Active Directory: Scavenging Best Practices

Summary:

I recently came across an environment in which an Exchange Bridgehead were queueing Email to remote sites. ESM queue would report, "Could not connecto to destination server in DNS." When performing nslookup on the remote servername name it would fail to produce the record. After manually adding the record, mail flow would resume.

Cause:

In this instance, records were being scavenged. This was caused by multiple servers in the Domain having scavenging configured and replication delays and possibly unreliable links possibly causing the record to purged.


Resolution:

Scavenging best practices includes only setting scavenging on one server in the domain, otherwise, you can end up with many underlying issues including Active Directory replication problems. In addition, set your servers to be static hosts so that they are not eligible to be scavenged.

James Chong (MVP)
MCITP | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

How useful was this article? Want to see a tip not listed? Please leave a comment.

Sunday, August 06, 2006

Exchange: ESM Missing Public Folder Tree

Summary:

When expanding ESM, your public folder tree is missing, however users can navigate through the public folder tree in Outlook.

Cause:

You are missing your "msexchpftree" attribute in your configuration partition in Active Directory. Verify that CN=Public Folders exists in the following path:

From ADSI edit,
CN=Services,CN=Microsoft Exchange,CN=ORGANIZATION,CN=Administrative
Groups,CN=administrative_group,CN=Folder Hierarchies, (CN=Public Folders should exist)


Resolution:

From ADSI edit, navigate to CN=Services,CN=Microsoft Exchange,CN=ORGANIZATION,CN=Administrative
Groups,CN=administrative_group,CN=Folder Hierarchies. What you need to do is right click your CN=Folder Heirarchies and click new object and select msexchpftree. Enter Public Folders as the CN name, click next and click more attributes. Enter the Distinguished name CN=Public Folders,CN=Folder Hierarchies,CN=First Administrative
Group,CN=Administrative Groups,CN=MSexchange911,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=Domain,DC=net
Copy this distinguished name as you will need to paste it into another attribute. Click OK. Now you will need to locate your public folder store in ADSIEDIT.

Microsoft Exchange -> Org name -> Administrative Groups ->
First Administrative Group -> Servers ->
Server
name -> Information Store -> First Storage Group
On the right pane, go to the properties of the "public folder store". Select the property to view: "msExchOwningPFTree" and paste that DN from earlier, click OK. Verify that the public folder tree is now visible in ESM.


James Chong (MVP)
MCITP | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com
How useful was this article? Want to see a tip not listed? Please leave a comment.

Tuesday, August 01, 2006

Using Outlook Redemption to By Pass "A Program is trying to automatically send e-mail on your behalf"

Summary:

In Outlook SP2 and later versions, any application that tries to send e-mail is blocked to prevent the malicious propagation of viruses and worms. This article will provide a sample code using Outlook Redemption to bypass this security warning. This article will use Glen Scales "Message Tracking Logs Reports Script" as a sample in which mailbox reports is emailed using an Access Macro. First and foremost, I would like to thank and credit Glen Scales for this terrific script as it has come to be useful in my instances.

The first portion of this script is using Glen's Message Tracking Log Reports, which imports Exchange's Message Tracking logs into an Access Database. From here, I will use one of the custom Access queries included to email the report out while bypassing the "A Program is trying to automatically send e-mail on your behalf" warning message produced by Outlook.

Download Glen's Message Tracking Log Reports from:

http://www.outlookexchange.com/articles/glenscales/mtrackrs.asp

In this instance I have modified his script to only pull two user accounts from the message tracking log rather than the entire log file. Therefore I have edited this portion of the script:

size1 = objExchange_MessageTrackingEntry.size
If (RecipientAddress1 = "User1@mydomain.com") Or (RecipientAddress1 = "user2@mydomain.com") Then

wtowrite = "('" & condate(odate) & "','" & formatdatetime(odate,4) & "','" & ClientIP & "','" & EntryType & "','" & RecipientCount & "','" & replace(SenderAddress,"'","") & "','" & replace(RecipientAddress1,"'","") & "','" & left(replace(subject,"'"," "),254) & "','" & size1 & "')"
sqlstate1 = "INSERT INTO TrackingLogRaw ( [Date], [Time], [client-ip], [Event-ID], NoRecipients, [Sender-Address], [Recipient-Address], [Message-Subject], [total-bytes] ) values " & wtowrite
Cnxn1.Execute(sqlstate1)
End If
next
Next


Cnxn1.close

If you wish to pull all records use his orginal script in the link provided above.

1. Follow the instruction on Glen's site to implement the script.
2. Once you have implemented the script and is running,(verify that your trackinglograw has been populated) download Outlook Redemption.
http://www.dimastr.com/redemption/ Outlook Redemption provides extended objects to bypass the Outlook security warning.
3. Once you have installed Outlook Redemption, we will create a new module in Access. Click Module and select new. Paste the following code:

Option Compare Database

'------------------------------------------------------------
' Macro24
'
'------------------------------------------------------------
Function Command400_Click()
DoCmd.OutputTo acQuery, "Display-time-use", "HTML(*.html)", "C:\track" & Format(Date, "yymmdd") & ".html", False, "", 0
Set SafeItem = CreateObject("Redemption.SafeMailItem")
' create the Outlook session
Set objOutlook = CreateObject("Outlook.Application")
Set objNS = objOutlook.GetNamespace("MAPI")
objNS.Logon
' create the Message
Set objOutlookMsg = objOutlook.CreateItem(olMailItem)
SafeItem.Item = objOutlookMsg
With SafeItem
.to = "emailadmin@mydomain.com"
.Subject = "track"
.Body = "trackbody"
.Attachments.Add "C:\track" & Format(Date, "yymmdd") & ".html"
.Importance = 2 'High =2 low = 1
'.Display
.Save
.Send
End With


Set objOutlookMsg = Nothing
Set objNS = Nothing
Set objOutlook = Nothing
Set SafeItem = Nothing



End Function

4. This module runs the "Display-time-use" query in Access and saves it to C:\Track directory while appending current date, then emails the this file as an HTML attachment to the recipint specified in the .to field. Click the save icon and close.
5. In Access, go to Macros and click new. In the action drop down, select run code. In the Function Name towards the bottom, enter Command400_Click() File Save as Macro1. This Macro calls the Module created in step 4, so that the Macro can be scheduled as a task. Modules cannot be schedule and thus requires a Macro.
6. Now you can schedule a batch file to call this Macro. Create a batch file and enter the following:

CD C:\Program Files\Microsoft Office\OFFICE11msaccess.exe c:\Trackinglog.mdb /x macro1
exit

7. Run this batch file to test.

James Chong (MVP)
MCITP | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.
xml:lang="en" lang="en"> MS Exchange Tips: August 2006