Wednesday, December 26, 2007

Public Folders Error on ESM Id no: c0070000



I wish there would be a way to turn the GUI totally off on the server. There really should be no reason to open a browser and surf on the internet from a server anyway. We discovered following error on our dedicated public folder server, ESM was crapping out and generating errors.

Problem:

IE 7.0 ESM is Crashing upon opening public folders

Cause

The following DLL files won't seem to like IE 7.0.

Exchange System Manager (ESM), the application crashes with the following errors:

App: contentfilter.dll; module hhctrl.ocx app: maildsmx.dll; module unknown app: exadmin.dll; module

Solution:

Uninstall IE 7.0 and leave IE 6.0

Best,

Oz ozugurlu

Tuesday, December 25, 2007

The Microsoft Exchange Transport Service



Exchange 2007 is for sure rock solid messaging application. The more I dive into it, I understand the exchange is trying to be the, the future SMTP mail relay gateway and the next generation messaging application. To be honest I must say, I am very impressed with all hard work have been done behind this great messaging application, Exchange 2007. In reality, most of the enterprise networks already using UNIX appliance as their mail gateways. Where I work, we use IronPort as our mail gateways. We had some other vendor over years and replaced recently those appliances to IronPort mail gateways. I have not logged into IronPort since we deployed them. Why because I did not need too, it has been working solid and incredible performance, where a million e-mails hits our gateways in 1 HR time interval.

It is going to be very hard for exchange to replace some of these, appliance in the near future as mail gateways, since UNIX has its own reputation over years and working rock solid.

The design of exchange 2007 seems to be covering all bases, as these UNIX appliances in the market. Why Exchange never to be considered as mail relay gateway in the past. If you try to install exchange 2003 on windows and try to place in DMZ most likely, you would lose your job, since this would not be a secure implementation.

  • Why is that?

First reason is windows operation system; unfortunately, it is not as secure as UNIX, yet. Secondly, the primary protocol for Exchange 2003, SMTP is part of IIS (SMTP Stack). Installing IIS on top of none secure OS, could bring great chance of being hacked.

Now what has changed? With Exchange 2007

The SMTP stack is the core infrastructure of Exchange. Without it, we cannot send and receive e-mail messages. Microsoft rewrote the SMTP Transport Stack and start running as the Network Service account. This reduced the risks that are associated with denial of service attacks. Of course, this eliminated the dependency on IIS and reduced the risk of being hacked for DMZ type of deployment.

The Microsoft Exchange Transport Service

For small companies who do not have money-getting exchange 2007 seems to be the way to go. For large enterprise, networks will implement exchange 2007 in other roles and take advantage of the great messaging application. I hope new Edge role is going to be used in the future as well. Microsoft Server OS has done great improvement and getting much better in my opinion. Smart shell (power Shell) , being able to turn the GUI off on the DMZ type of implementation and taking advantage from Shell (Using SSH perhaps) will bring the Microsoft Server OS to a quality level as others out there in the very near future.

Best Regards,

Oz ozugurlu,



530 5.7.1 Client was not authenticated



After successful installation of exchange 2007 following message, appears on the test mail. Technical details of permanent failure "PERM_FAILURE: SMTP Error (state 12): 530 5.7.1 Client was not authenticated"Basic Exchange 101, fire up command line and use telnet command on port 25 to the mail server within the network to see what is going on .

In CMD

Telnet 10.10.10.7 25

  • 220 exc07.smtp25.org Microsoft ESMTP MAIL Service ready at Tue, 25 Dec 2007 18:5
  • 1:08 -0500
  • helo
  • 250 exc07.smtp25.org Hello [10.10.10.7]
  • mail from:telnet25@gmail.com
  • 530 5.7.1 Client was not authenticated

We are getting "530 5.7.1 Client was not authenticated"

Cause:

The anonymous users do not have permission on the "Default receive connector."

  • Click on Server configuration
  • Click on Hub Transport, select default receive connector and go to properties
  • Click on Permission group
  • Tick the check box where is says "Anonymous users"

Now try the telnet on port 25 to your mail server, everything should work.

Now we will achieve the same results from exchange management shell. First mission is to figured out the name of the connector so, after opening management shell

[PS] C:\>Get-ReceiveConnector

Here is the output

EXC07\Default EXC07

EXC07\Client EXC07

Now I know the name of the receive connectors. (EXC07 is the name of my Exchange server)

I will use following command to achieve the same results from management shell.

[PS] C:\>Set-ReceiveConnector "default exc07" -PermissionGroups:c

The options are

  • ExchangeUsers
  • ExchangeServers
  • ExchangeLegacyServers
  • AnonymousUsers
  • Partners

Whichever you like, both will work.

Best,

Oz ozugurlu

Friday, December 21, 2007

BES and Worker-Treats

The way Blackberry server discovers the mailboxes for the BES users by using MAPI and rapping worker treats into the MAPI session. Worker treats are processes build into the BES server, to discover and establish state full connection to the hidden BES mailbox on the each user mailbox. Each BES server is capable of handling 100 worker treads and up to 2000 users.

Mailbox moved within the same server, from one mail store to another one, will break the BB connection for the user got moved, due to limitation build into the BES user mailbox discovery process. Because BES scans users mailboxes for changes in the Server DN (distinguish name).

Blackberry Server normally generates 3 to 4 times more MAPI traffic then a regular MAPI user. The BES is being used in conjunction with latency caused severe problems. Not also BES experience but also other aspect of the network will suffer as consequence of this problem.

The size of the mailbox is not what causes the latency but specifically the number of items in your Outlook folders. The number of open items results the same behavior in poor outlook experience the famous Christmas balloon "exchange is retrieving data from such exchange server" everyone's favorite message will appears from the outlook.

Happy Holidays

Best

Oz ozugurlu

Thursday, December 20, 2007

An internal processing error has occurred. Id no c1041427



Exchange 2000 mail store would not mount and generate the following errors. After looking around I discovered two steps approach to remedy the dilemma and I wanted to post here for those who might need it.

Problem:

Information store won't mount. The mail service is interrupted on exchange 2000. Application log shows MSExchangeIS 9564.

Solution:

The first thing to check is to make sure the AV software is not causing the issue. Open registry editor on the offended exchange server and drill down to following registry key

  • HKLM
  • System
  • CurrentControlSet
  • Services
  • MSExchangeIS
  • VirusScan
  • Set enabled to 0 to disable the AV
  • Exit from registery (save)

Restart the information store service and mount the mail stores.

If this won't help you, keep reading, there might be corruption on the either databases or the log files.

What Is a "Shadowed Header?"

Exchange Server database, checkpoint, and log files begin with a 4-kilobyte (KB) header section. The header contains important identification and configuration information about the file. Headers can be viewed with the Eseutil utility by using the /MH (database file), /ML (transaction log file), or /MK (checkpoint file) options.

Now it is time to perform some clean up

  • Stop all exchange services.
  • Configure your Anti-Virus program according to article KB245822.
  • Save your current log files that are usually located on x:\Program Files\exchsrvr\MDBDATA\Exxxxxxx.Log to a temporary folder.
  • Delete all *.log files in the x:\Program Files\exchsrvr\MDBDATA.
  • Check that the folder "(x:\Program Files\exchsrvr\MDBDATA)" only contains the following files:
  • e00.chk
  • res1.log
  • res2.log
  • If not, move all extra files to a temporary folder.( including e00.chk, res1.log, res2.log )
  • Start all Exchange Services and mount the Information Store service.

Best regards,

Oz Ozugurlu

"How useful was this article? Want to see a tip not listed? Please leave a comment."


Tuesday, December 18, 2007

How to recover deleted items from Public folders.




This is one of the common tasks for exchange administrators and it is easy to accomplish. First, download PFDEVAdmin by clicking the link here. Open PFDEVAdmin and follow the simple step described below. Second, follow the simple steps described in KB#924044.

Move to the PFDEVAdmin folder, and then double-click the PFDAVAdmin.exe file.

  • On the File menu, click Connect.
  • In the Exchange server box, type the name of the Exchange server to which you want to connect.
  • In the Global Catalog box, type the name of the global catalog server.
  • If it is required, click to clear the Authenticate as currently logged-on user check box. Type an appropriate user name, password, and domain in the respective boxes.
  • In the Connection area, click Public Folders, and then click OK.
  • Expand Public Folders, and then click the parent folder of the deleted folder.
  • Right-click the parent folder, and then click Show deleted subfolders. The deleted subfolder is shown in red.
  • Right-click the subfolder, and then click Recover folder.
  • Click OK to acknowledge the Recovery succeeded message. The recovered folder name appears as Folder_Name Recovered.
  • Test access to the folder by using an e-mail client.
  • In Exchange System Manager, right-click the recovered folder, and then rename the folder.


 

Regards,

Oz ozugurlu

Thursday, December 13, 2007

Enterprise Exchange dedicated DC/GC Design Part 2




Isn't it the dream for every exchange administrators to have dedicated DC/GC servers for Exchange servers only? Our goal is simple we will dedicate GC for exchange server in enterprise environment. Pointing DS access to the DC's is not good enough. Those of you experts know already the meaning of Multi Master Replication model with AD 2000 and 2003 and how it works.

Follow the simple steps below to get to work done.

Step by Step

Prepare a DC/GC to be used by Exchange servers only

  • Open local GPO
  • Local computer Policy
  • Administrative templates
  • System
  • Net logon
  • DC Located DSN records
  • Priority Set in the DC locator DNs SRV Records
  • Double click on it
  • Enabled
  • Set priority anything greater than "0" ( I set all DC's to 100 in this example)
  • Save the GPO and give a data and some logical name.

Go to Event log and you will see this DC is no longer authenticating users, and being used by DSAccess only

SRV resource records

Specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.

The Priority field in the SRV record sets the preference for target hosts (specified in the SRV record's Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.

To specify the Priority in the DC Locator DNS SRV resource records, click Enabled, and then enter a value. The range of values is 0 to 65535. If this setting is not configured, it is not applied to any DCs, and DCs use their local configuration.


Best

Oz ozugurlu

Wednesday, December 12, 2007

BES Migration for Enterprise Network practices.




We are in the middle of big migration to new Datacenter. I have build migration strategy for the existing enterprise BES farm, 7 BES servers, several thousands of users. I have decided to share some of the questions and answers I had to include my assessment and migration plan with you all. I hope, this document will may assist you in regards to BES migration. As always do not forget to backup your database with any type of operations. Make sure the communication with end users has taken place and all required permission for the migration is worked out. (Politics)

Question:

Moving BES SQL Database to different location then BES servers would or would not cause issues such as bad user experience latency and etc.

Answer:

If it is all possible avoid doing this action. Mail agent, dispatcher services and other BES services depends on SQL database, these services interact with the SQL database in day to day operations with BES server; these are extended resources therefore latency will be issues if the Database is in the different location (latency factor) when BES servers in another location

Question:

What would be good way of accomplishing moving existing BES server from one location to another location in heavily used BES environment.

Answer:

Stand up new BES server in the new location add them into existing BES farm. Move the SQL database to the new location, step moving SQL database is included into this assessment.

  1. Move BES database into new location
  2. Move BB users from existing server BES server to newly build BES server.
  • Move users in batch not all of them at the same time. Moving BES users is not extensive process as moving
  • Mailboxes, recommended are 80 to 100 users at a time.

3.When all users are moved into new BES far in the new location , wait for some time and make sure Bes operation are stable as it was.

  • Schedule down time for upgrade path and follow the steps to upgrade the BES servers to latest version Latest SP version BES 4.1 SP4

It is critical and important to remember the first server upgrade is the most important. Work with BES support to get the first server upgraded correctly, this process will upgrade the SQL database automatically. After this is done, it is fairly easy to upgrade the rest of the Bes server since installing BES binaries is the only task

Migration BES Database step by Step

Here are the steps to migrate your BlackBerry Enterprise Server Database from one machine to another SQL Server:

  1. Backup the existing database. Stop BlackBerry Enterprise Server Services if SQL will be down.
  2. Copy the .MDF and .LDF files of your BlackBerry Enterprise Server Database to a safe location.
  • Once the new SQL machine is up, run the CreateDB RIM tool. The goal of running the tool is to have it create the BlackBerry Enterprise Server's custom error messages, procedures, jobs and triggers in SQL. It also creates a database.
  • This is usually done during a BlackBerry Enterprise Server install, but can be run manually with CreateDB.
  1. So what we'll do is run CreateDB so it can create all the jobs, etc. that we'll need and it will also create a database. We'll just create a temporary database then delete it.
  2. Extract your version of BlackBerry Enterprise Server to a temporary location. Copy the Database folder to the SQL Server. This Database folder contains CreateDB.
  3. You'll see a file in the Database folder called BESMgmt.cfg. This is the configuration file CreateDB will use to run its database scripts. Open BESMgmt.cfg with Notepad.
  4. Starting from the top of the file you'll see the "DATABASE_NAME" variable. Change this from BESMgmt and call the database something temporary like "BESTemp."
  5. Scroll down the file and locate "USERID" and "PASSWORD." Specify these for SQL Authentication. Leave blank to use the account you're logged in with.
  • Scroll down the BESMgmt.cfg file and find the "SERVER" value. Since we'll be running this locally "local"
  • will work just fine unless you use a SQL Server instance name. If so specify the SQL Server instance by changing "local" to this format: <servername>\<instancename>. So, for example: SQL01\Instance01.
  • Save and close the BESMgmt.cfg file.
  • Login to SQL with the SA account. Open a command prompt and navigate to the Database folder where CreateDB resides.

Type the following command:

createdb besmgmt.cfg

Press Enter. It will create the BESTemp database and run all the other necessary scripts to run a BlackBerry Database on SQL.

  • Place your production BES Database in the SQL database folder. Mount your production database.On the BlackBerry Enterprise Server locate the Start Menu > Programs > BlackBerry Enterprise Server and click BlackBerry Server Configuration. On the Database Connectivity tab ensure it's pointing to the correct database.
  • Start BlackBerry Enterprise Server Services
  • When it's complete open the SQL Management Studio and delete the BESTemp database. It's not necessary to keep.

Best,

Oz ozugurlu

Microsoft cluster service components




We are in the middle of standing up new clustered exchange servers into our new data center. Part of the process is to build the new cluster servers and move mailboxes over to new exchange server. We probably will build a new cluster within a year and go for exchange 2007. Knowing the cluster components are critical therefore I have decided to post below table here at my blog. Microsoft Cluster Service is consisting of several device drivers and services. These modules reside on top of the Operating system (Windows enterprise edition) and behave as a service. The cluster service provides basic functions that the operating system needs in order to support clustering

  • Understanding each component is crucial going trough setting up and managing clusters.
  • It makes daily admin life easier in my opinion.

Component

Role/Function

Node Manager

Maintains resource group ownership of cluster nodes

based on resource group node preferences and the

Availability of cluster nodes.

Resource Monitor

Utilizes the cluster resource API and RPCs to maintain

communication with the resource DLLs. Each monitor runs

as a separate process.

Failover Manager

Works in conjunction with the resource monitors to

manage resource functions within the cluster such as

failovers and restarts.

Checkpoint Manager

Maintains and updates application states and registry

keys on the cluster quorum resource.

Configuration Database Manager

Maintains and ensures coherency of the cluster database

on each cluster node that includes important cluster

information such as node membership, resources,

resource groups, and resource types.

Event Processor

Processes events relating to state changes and requests

from cluster resources and applications.

Membership Manager

Manages cluster node membership and polls cluster

nodes to determine state.

Event Log Replication Manager

Replicate system event log entries across all cluster

nodes.

Global Update Manager

Provides updates to the Configuration Database

Manager to ensure cluster configuration integrity and

consistency.

Object Manager

Provides management of all cluster service objects and

the interface for cluster administration.

Log Manager

Works with the Checkpoint Manager to ensure that the

recovery log on the cluster quorum disk is current and

consistent.


Best

Oz ozugurlu


Tuesday, December 4, 2007

IronPort SMTP Mail Gateways



We have implemented IronPort devices and dumped our legacy SMTP gateways. I am truly impressed with IronPort performance, heads up no wonder it is called IronPort. I had to prepare a little summary sheet for IronPort and decided to share here with you all

IronPort is capable of performing following

IP reputation is called reputation Filtering ( checks the sender IP reputation).The Sender Base Reputation Service provides an accurate, flexible way for users to reject or throttle suspected spam based on the connecting IP address of the remote host.

On SMTP hand Shake Iron, port is also capable of performing,

  • RBL List (Real Time Block List)
  • IP Reputation
  • RDNS Check (Reverse DNS check to make sure, sender is coming from domain)
  • Domain reputation
  • Sender Base Reputation Service (SBRS) Score

The Sender Base Reputation Service (SBRS) score is a numeric value assigned to an IP address based on information from the Sender Base Reputation Service. The Sender Base Reputation Service aggregates data from over 25 public blacklists and open proxy lists, and combines this data with global data from Sender Base to assign a score from -10.0 to +10.0, as follows:

Score

Meaning

-10.0

Most likely to be a source of spam

0

Neutral, or not enough information to make a recommendation

+10.0

Most likely to be a trustworthy sender


The lower (more negative) the score, the more likely that a message is spam. A score of -10.0, means that this message is "guaranteed" to be spam, while a score of 10.0 means that the message is "guaranteed" to be legitimate.

How Does IronPort identifies Spam?

IronPort Anti-Spam filtering is based on Context Adaptive Scanning Engine (CASE) ™, and is the first anti-spam scanning engine to combine email and web reputation information following areas.

  • Eliminate the broadest range of email threats — detect spam, "phishing," zombie-based Attacks, and other "blended" threats.
    Deliver the highest accuracy — anti-spam rules based on email and web reputation from Sender Base Reputation Service.
  • Offer ease of use — due to reduced hardware and administrative costs. Deliver industry leading performance — CASE uses dynamic early exit criteria and off-box network calculations to deliver breakthrough performance.
  • Address the needs of international users — IronPort Anti-Spam is tuned to deliver industry-leading efficacy world-wide IronPort Anti-Spam filtering is based on Context Adaptive Scanning Engine (CASE) ™, and is the first anti-spam scanning engine to combine email and web reputation information to: Eliminate the broadest range of email threats — detect spam, "phishing," zombie-based attacks, and other "blended" threats.
    Deliver the highest accuracy — anti-spam rules based on email and web reputation from
  • Sender Base Reputation Service. Offer ease of use — due to reduced hardware and administrative costs. Deliver industry-leading performance — CASE uses dynamic early exit criteria and off-box network calculations to deliver breakthrough performance. Address the needs of international users IronPort Anti-Spam is tuned to deliver industry-leading efficacy world-wide
  • IronPort designed IronPort Anti-Spam from the ground up to detect the broadest range of email threats. IronPort Anti-Spam addresses a full range of known threats including spam, phishing and zombie attacks, as well as hard-to-detect low volume, short-lived email threats such as "419" scams. In addition, IronPort Anti-Spam identifies new and evolving blended threats such as spam attacks distributing malicious content through a download URL or an executable. To identify these threats, IronPort Anti-Spam uses the industry's most complete approach to threat detection, examining the full context of a message-its content, methods of message construction, the reputation of the sender, and the reputation of web sites advertised in the message and more.
  • Only IronPort Anti-Spam combines the power of email and web reputation data, leveraging the full power of the world's largest email and web traffic monitoring network — Sender Base — to detect new attacks as soon as they begin.

    Lowest False Positive Rate

    IronPort Anti-Spam and IronPort Virus Outbreak Filters are powered by IronPort's patent-pending Context Adaptive Scanning Engine (CASE) ™. CASE provides breakthrough accuracy and performance by analyzing over 100,000 message attributes across four dimensions:


    • Email reputation — who is sending you this message?
    • Message content — what content is included in this message?
    • Message structure — how was this message constructed?
    • Web reputation — where does the call to action take you?

Analyzing multi-dimensional relationships allows CASE to catch a broad range of threat while maintaining exceptional accuracy. For example, a message that has content claiming to be from a legitimate financial institution but that is sent from an IP address on a consumer broadband network or that contains a URL hosted on a "zombie" PC will be viewed as suspicious. In contrast, a message coming from a pharmaceutical company with a positive reputation will not be tagged as spam even if the message contains words closely correlated with spam.

Best,

Oz ozugurlu

Sunday, December 2, 2007

IronPort C350

Finally, we have replaced our mail gateways to Iron Port C350. We deployed 3 Iron Port in our network and God knows how much we suffered with old mail gateway appliance. It was horrible experience including support and the product itself. No need to mention names. Those of you know me personally I will recommend not to buy and what to buy as dedicated mail relay gateway, ping me at any time.

I will write more about Iron Port, let me tell you, incredible device, awesome support engineers so far. The Shell is UNIX, and most of the basic Unix commands works like a charm. Incredible flexible and noticeable powerful mail gateway, no wonder 90% percent of the government business using Iron Port in Washington DC.

Be carefully when you decide to buy dedicated mail gateway, wrong decision will give you big head and lost of revenue eventually.

Best Regards,

Oz ozugurlu