Saturday, August 22, 2009

Deploying Edge Transport Server Role:

This article gives you the step by step procedure for installing the Microsoft exchange server 2007 – edge server role and configuring the connection with the hub transport server. As we now, edge server role is used as the front end security wall with antispam and antivirus protections and not parted of domain, which is basically hosted in the DMZ zone.

1. Basic server check-up likes recommended hardware resources and server 2003/2008 OS, latest SP and appropriate patches.

2. N/w Card configuration – Two NIC cards, one for public/external and the other for private/internal.

3. Check the Name resolution between hub transport and the edge server. Also configure the edge server for the external name resolution.

Set-TransportServer -Identity ExEdge01 –ExternalDNSAdapterEnabled $false –ExternalDNSServers

Note : If the name resolution b/w hub and edge server doesn’t work, then the edge synchronisation fails.

4. Installing ADAM SP1 : Active Directory Application Mode SP1 is the one which acts as a tunnel passage for passing the limited AD related i.,e Domain related information from Hub transport server to the edge server.

5. Install Core edge exe : Run the setup.exe from the exchange installation disk, go for the custom type installation, select the edge server and complete the installation.

6. Check the Edge related configuration EMC, will find option like antispam, accepted domains and others, I will leave this up to you for exploring.

7. Since Exchange 2007 rollup 4 has some important updates, install the rollup 4 package also.

8. Restart the edge server after completing the above and run the command “test-servicehealth” to check all edge related services are up and running.

9. Ports to be opened : Edge server used custom ports for communication with the hub server. If firewall is placed in b/w hub server and edge server, the following ports have to be opened.

• LDAP 50389/tcp
• Secure LDAP 50636/tcp
• SMTP 25/tcp
• RDP 3389/tcp (optional)

10. Creating the edge subscription file in Edge server,

New-EdgeSubscription -FileName "C:\EdgeSubscriptionInfo.xml"

11. Copy the xml file to the Hub server.

12. Mapping the edge subscription file in Hub Server,

New-EdgeSubscription -filename "C:\EdgeSubscriptionInfo.xml" -CreateInternetSendConnector $true -site "Default-First-Site-Name"

13. By Default, the edge synchronisation happens at four hour intervals. For immediate sync,

Start-EdgeSynchronization

14. Edge server is ready, just verify connectors in Edge EMC console, will show the current hub server related connectors.

Hope the above is informative.

Thanks
Logan
Logu_microsoft@hotmail.com | 971552596187

Monday, August 17, 2009

Logon Event 528 Log:

This article explains about finding the user logon details using the normal event log and also how to interpret to event log details. In server side, environment it is always wise to have the user logon and logoff audits. If you check for the event log 528 under the security logs, you will find some of the positive hits. The typical 528 log entry will have the below information,

  • user name
  • domain
  • logon id
  • logon type
  • logon process
  • authenication package
  • workstation name


In Particular, logon type is the one which needs to be paid attention.

2

Interactive

User logged on to the computer's console.

3

Network

User logged on to the computer over the network (e.g., through a drive mapping). Note: On Win2K and later systems, event ID 528 doesn't log this logon type; for network logons, Win2K and later OS versions log event ID 540 with logon type 3.

4

Batch

Batch logon (commonly logged when a COM+ server component starts up).

5

Service

Service logon (required by user accounts configured as account for services).

7

Unlock

Workstation unlocked.

8

NetworkCleartext

Network logon, but with a clear-text password. By default, Windows doesn't allow clear-text password logons unless you explicitly enable them. (However, all versions of Microsoft IIS use clear-text passwords for Basic authentication.)

9

NewCredentials

User used alternative credentials to connect to a resource on the network or used the RunAs command to start programs under a different user account.

10

RemoteInteractive

User logged on to the computer remotely using Terminal Services or Remote Desktop.

11

CachedInteractive

Domain user logged on with cached credentials. Usually logged when a traveling user logs on to a notebook with his or her domain account but no domain controller (DC) is available. Note that event ID 537, not event ID 528, logs this event.

Using the above, we can find the exact mode of logon and also the user details.

Hope the above is useful.

Thanks

Logan

Logu_microsoft@hotmail.com | 971552596187

Saturday, August 15, 2009

To list the DB size in all mailbox server

This script can be used to list the each database size in the exchange org. This can be easily modified as per your need.

###############################################

# Script for finding all the database size in GB present in the organization.
# please use redirect '<' for reporting# Eg, .\Tofinddbsize.ps1 > report.txt

$exchangeservers = Get-ExchangeServer where-object {$_.admindisplayversion.major -eq 8 -and $_.IsMailboxServer -eq $true }

foreach ($server in $exchangeservers)
{
$db = Get-MailboxDatabase -server $server
foreach ($objItem in $db)
{
$edbfilepath = $objItem.edbfilepath

$path = "`\`\" + $server + "`\" + $objItem.EdbFilePath.DriveName.Remove(1).ToString() + "$"+ $objItem.EdbFilePath.PathName.Remove(0,2)

$dbsize = Get-ChildItem $path $ReturnedObj = New-Object PSObject

$ReturnedObj Add-Member NoteProperty -Name "Server\StorageGroup\Database" -Value $objItem.Identity

$ReturnedObj Add-Member NoteProperty -Name "Size (GB)" -Value ("{0:n2}" -f ($dbsize.Length/1024MB))

Write-Output $ReturnedObj
}
}

###############################################

Thanks

LOGAN

logu_microsoft@hotmail.com 971552596187

To find the disconnected mailbox in the mailbox servers.

This script can be used to find the disconnected mailbox in your exhange organisation by just giving display name as input. This will be helpful if you have many mailbox servers in your org. The below script has been tested and works fine.

###################################################

Write-Host
$search = read-host "Type part of DisplayName Ex Tom* *sson *middle* , searching mailbox servers one by one... "

Write-Host
Write "Press ctrl-C to stop search once you found your mailbox"

$exchangeservers = Get-ExchangeServer where-object {$_.admindisplayversion.major -eq 8 -and $_.IsMailboxServer -eq $true }

foreach ($server in $exchangeservers)
{

Write-Host
Write "Searching $server"

Get-MailboxStatistics -Server $server where { $_.DisconnectDate -ne $null } where { $_.DisplayName -like "$search" } fl

}

Write-Host
Write "Finished"

################################################

Thanks

Logan

logu_microsoft@hotmail.com 971552596187

Wednesday, August 12, 2009

Find the mailbox count per db in a server

This script can be used to find the mailbox count per database by giving the mailbox server name. This can be modified easily as per your need.

#####################################################

# script for finding the no of mailbox's per mailboxdatabase
write-host $server = read-host "Type the server name:"
foreach ($db in get-mailboxdatabase -server $server)
{
if ($db.getType().fullname -like "*PublicFolderDatabase")
{
$dbType = "Public"
}
else
{
$dbType = "Private"
$dbUserCount = (get-mailbox -database $db -erroraction silentlycontinue).count
}
$retObj = new-object psobject
$retObj add-member noteproperty -name "Server" -value $db.Server
$retObj add-member noteproperty -name "Name" -value $db.Identity
$retObj add-member noteproperty -name "Users" -value $dbUserCount
$retObj
}

#################################################

Please let me know if you have any queastions.

Thanks

Logan
logu_microsoft@hotmail.com 971552596187

Find the mailbox which exceeds the quota limit

The below is the script to find the mailbox in which the mailbox size limit has been exceeded.

##################################################

#Script to find the mailbox which exceeds the quota limit
#in the mailbox server.
Write-host
$server = read-host "Please Enter the Mailbox server name:"
get-MailboxStatistics -server $server where {"IssueWarning","ProhibitSend","MailboxDisabled" -contains $_.StorageLimitStatus} format-Table DisplayName,database,storagelimitstatus,Totaldeleteditemsize,TotalItemSize

###################################################

Thanks

Logan
971552596187

Monday, August 10, 2009

Difference between BIS and BES

This article is about the blackberry service type and their differences. Also i have briefed about the respective email flow architecture. There are two types of BlackBerry service that are available to purchase.

#One is designed for individuals and small businesses (BIS)
#The other is designed for large companies and organisations (BES).

The ways in which they work are very different.

Difference between BIS and BES

BIS – (For individuals and small businesses)

The BlackBerry Internet Solution provides a wireless solution tailored to meet the needs of individual users and small and medium-sized businesses (SMB). The BlackBerry Internet Service, a component of the BlackBerry Internet Solution, allows wireless connectivity to Internet-based email and other applications. The architecture for BlackBerry Internet Service,
including Internet browsing functionality, is shown in the diagram below: BlackBerry Internet Service leverages centrally hosted wireless gateways, allowing users to access up to 10 supported email accounts and Internet browsing functionality* without the need to install and manage a BlackBerry Enterprise Server.

Fig1 : BIS (Please click on the figure to maximize)
Fig2 : BES (Please click on the figure to maximize)

BES

The BlackBerry Enterprise Solution allows the wireless extension of corporate email and applications with the BlackBerry Enterprise Server™, an important component of the solution, and would be managed by the organisations own internal I.T. department. The typical architecture of the BlackBerry Enterprise Solution is shown in the diagram below: The BlackBerry Enterprise Server is installed and managed behind the corporate firewall and includes integrated support for extending corporate messaging solutions, including Microsoft Exchange, IBM Lotus Domino and Novell GroupWise. The BlackBerry Enterprise Server also acts as a wireless gateway allowing the BlackBerry Browser and custom applications on the BlackBerry device to connect to corporate applications and web servers, as well as to Internet-based web servers.

Hope the above info is useful. Please ping me if you have any queastions.
Thanks
Logan
971-552596187

MFCMAPI Utility for Outlook - To delete the hidden or corrupted rules:

This instruction set describes how to delete corrupted and hidden rules from a user’s mailbox in Outlook 2000 and Outlook 2003.

Symptoms of a client affected by Corrupted and Hidden Rules:

SPAM Appliance filter does not automatically move identified SPAM mail to Junk E-Mail Folder.
User created server or client based Outlook rules will not function or only some will not function.

Download MFCMapi.exe from the internet.

1. In Outlook 2000/2003:

a. On the Tools menu, click Rules and Alerts.
b. In the Rules and Alerts dialog box, click Options.
c. In the Options dialog box, click Export Rules.

2. Use MFCMapi to remove all rules that are applied to a client’s mailbox. To do this, follow these steps

a. Open the folder C:\_localdata, double click mfcmapi.exe and then click OK.
b. On the Session menu, click Logon and Display Store Table.
c. If you are prompted to select a profile, click the client’s mail profile in the Profile Name list, and then click OK.
d. Double-click the mailbox that contains the inbox rules that you want to delete.
e. Expand Root Container, and then expand Top of information Store.
f. Right-click Inbox and then click Open Associated Contents Table.
g. Use the Horizontal Scroll Bar to bring the Message Class column in view.
h. IMPORTANT! Highlight and delete ONLY items named IPM.Rule.Message and IPM.ExtendedRule.Message.
i. Once you hit the delete key you will be prompted to choose the type of deletion. Using the drop down box select, Permanent delete passing DELETE_HARD_DELETE (unrecoverable).
j. Close all MFCmapi windows and restart Outlook. Double check that all client rules have been removed by going into ToolsàRules and Alerts.

3. Import the backed-up rules into Outlook. To do this, follow these steps:

In Outlook 2000/2003:

a. On the Tools menu, click Rules and Alerts.
b. In the Rules and Alerts dialog box, click Options.
c. In the Options dialog box, click Import Rules.
d. Locate the rules that you backed up in step 2, click Open, and then click OK.

So, reopen the outlook, should be the end of the story.

Hope the above is informative.

Thanks

Logan
971-552596187

Reason for duplicate items in Outlook

Most of the Outlook users would have faced the problem of getting duplicate emails or calendar entries. In this article, I have listed down the possible reason for getting the duplicate entries.

There can be many reasons why a user would see multiple messages in their mailboxes. The most likely ones are outlined here.

1. The message has actually been sent more than once by the originator. Check the date in the "Date:" clause. If the dates are different, then the message was sent by the originator more than once.
2. The user is an alias of another account and both accounts received a copy of the mail. To see if this has occurred, open both messages and view the complete header. Look at the last "Received:" clause. This clause will say who the message saw sent to. If there are different addresses, then this explains why the message appeared twice.
3. The user gets mail forwarded from another account and both accounts received a copy of the message. Use the same check as above to see if this is the case.
4. One mail server between the sender and recipient is (incorrectly) duplicating the message. To see if this has occurred, open both messages and view the complete header. Match each of the "Received:" clauses until you find two that are different. These two received clauses will give a different time for the receipt of the message. This clause identifies the server that is duplicating email messages. You will need to contact the owner of the server for further investigation.

Other items to help determine the cause of the duplicate messages appearing include taking a look in the headers of the messages themselves. The topmost Received header will contain a unique ID for the message consisting of 8 characters.

You can then take a look in the SMTP log for the server and search for this unique ID. This will show you the exact SMTP transaction that caused the message to enter your server. You will be able to see exactly which users the message was delivered to.

If the unique ID's are different then the messages are the result of more than one transaction. Likely reason being that the message was delivered to the server more than once. Again this can be confirmed from the logs.

When trying to debug these issues it is helpful if you enable all of the logging options for the SMTP service.

Reasons why you might see a message being sent more than once can include

1. Misconfiguration of the sending server
2. High CPU usage on your server for extended periods of time, causing connections to time out and thus the remote server retries the message again.
3. Malformed content being sent by the remote server

If you use the Anti-spam option to scan content for restricted words and do not limit the scanning to a certain number of lines, you are likely to see periods of high CPU usage on your server, particularly if you frequently process messages containing large attachments.

Hope the above detail is useful.

Thanks
Logan
971-552596187

HTTP Status Codes in IIS 6.0

This article explains the need for understanding the HTTP status codes. The IIS 6.0 helps to display the appropriate status code for the built in core website. Most HTTP status codes have three digits, for example, 401. Some status codes have three digits followed by a decimal point, and one or two more digits (for example, 300.12). In such a case, the number that follows the decimal point is called the sub status code.
The following is the Status Code Range and the respective Code Types.
100 Informational
200 Successful
300 Redirection
400 Client Error
500 Server Error
Under each status code, there will be a sub status code and it will have its own description on the issue.
Thanks
Logan
Logu_microsoft@hotmail.com
971-552596187

Expansion server in exchange server 2003

This article explains the function and role of expansion server in the exchange server 2003.
1. Expansion server generally routes the message that are sent to a single distribution list or group of users listed in that group.
2. It is also responsible for expanding the group to its individual members and also will resolves the name of the recipients.
3. Importantly it is used to determine the most efficient path for routing the messages.
4. To find the expansion server for a distribution group, Right click the distribution group àproperties à Exchange advanced à Expansion server à click the drop down button to list.
5. In detail,
a. When user selects group from GAL in outlook. The outlook obtains the GAL via NSPI(Name Service Provider Interface) request sent to a GC.
b. Once the name verification succeeds, it will turn the recipient address bold.
c. When user sends, outlook uses MAPI to transmit the message to the user’s home exchange server.
d. Exchange server sees that the recipient is a group, and it sends an LDAP query to GC for the member’s list along with the email attributes.
6. By default any server can in the exchange organization can acts as a expansion server. This option is recommended because it totally avoids the single point of failure. Assigning particular server as a expansion server for particular group will result in failure if that particular server is unavailable.
Hope the above is informative.
Thanks
Logan
Logu_microsoft@hotmail.com
971-552596187