Microsoft introduced its first analyzer tool for Exchange in 2004. Called by the catchy title Microsoft Exchange Server Best Practices Analyzer, the software proved to be so successful that similar software was rolled out for troubleshooting other aspects of Exchange.

Best Practices Analyzer emerged after Microsoft observed certain patterns when addressing critical situations with its support services. Critical situations require urgent assistance to solve a problem that’s disrupting service to an organization’s members and its important business operations. What Microsoft found was that not only were the number of critical situations growing, but that 60 percent of them were caused by configuration errors, not bugs in Exchange. Moreover, new critical situations arising in some shops were the same ones that had emerged in other organizations just a few months earlier.

Microsoft began by creating a utility to gather key information throughout an Exchange environment. When a customer faced a critical situation, they were told to run the utility and Microsoft would sift through the data to ferret out the root cause of a problem.

Collecting data was only the first step. Next, an engine was developed that could analyze the data and expose it to a set of rules. The rules established thresholds. If a key data item was outside the acceptable range in a threshold, the rule would “fire” and a red flag would be raised for support folks.

Continue reading Use Microsoft’s analyzing tools to keep Exchange humming

The most common question I have received as a result of this post on mail server misconfigurations is “how do I change my SMTP banner?” This article will tell you how to do so on several common mail server platforms. But first, let’s discuss why you want to.

Bad guys frequently use banner grabbing techniques as a part of the initial recon. It is a fairly innocuous activity that takes advantage of expected behaviours. To determine the type and version of mail server you are using, a bad guy need only connect to it on port 25, just like any other system would that is trying to send an email to one of your clients. IPS/IDS systems won’t alert on this, since to them it looks just like any other mail server trying to send mail, and unless you review every single log item, you probably won’t notice a connection that doesn’t actually send an email.

If, however, your SMTP does not reveal its version, all the bad guy knows is that he connected to your mail server. He is going to have to work a lot harder to identify your server, and that may be enough to trip an IDS/IPS alarm. Or, he may simply move on to easier pickings. Either way, make him work for it…don’t just give up all the information in your banner. Intrigued? Read on to learn how to change the SMTP banner on several popular mail server platforms.

Continue reading How to change your SMTP banner for fun and profit

Are your users on Microsoft Outlook and Exchange server  complaining about lethargic performance? Here are some things to troubleshoot when you want to quell the griping.

1. Antiquated Software. Are you still on Exchange 2003? That old 32-bit warhorse will have a tough time meeting the email demands of a modern organization. New 64-bit versions of Exchange–2007 and 2010–support more memory and bigger buffers, as well as other speed enhancements. As a result, they can be from five to 10 times more efficient than 2003 in handling mail. While upgrading to a new version of Exchange isn’t an immediate solution to your problems, it’s something to advocate as a long term solution.
2. Mailbox Limits. Both Exchange 2003 and 2007 have 2GB limits on mailbox sizes. However, Outlook users can  exceed those limits. The rub is, the greater that 2GB limit is exceeded, the bigger the hit the user will see in performance. One way to address that problem is to deploy an archiving solution. It will automatically archive a user’s emails when his or her mailbox approaches or exceeds the 2GB limit.
3. Overstuffed Folders. Too many messages stored in a single folder will impair Outlook’s performance. Microsoft recommends that between 3500 to 5000 messages should be placed in a single folder. An archiving solution can address this folder problem, too, as well as creating more top-level folders or sub-folders in folders with high growth rates such as Inbox, Sent and Calendar.
4. Anti-Virus Software. Local anti-virus software can make Outlook work harder than necessary. Each time a message is opened, its body and any attachments to it are scanned by the anti-virus software. That can result in delays of as much as 20 seconds. An alternative to local virus scans is to scan messages in transit at the Exchange Hub Transport servers. With malware scans performed at the servers, you can disable scanning at the client end of things and boost performance for your users.
   Continue reading 10 reasons why Outlook is running sooooo slowly

In large organizations it can be a very convenient capability to allow some of your co-workers access to your calendar. This feature supports collaboration and helps to avoid over scheduling of meetings and appointments. Along with that capability is another feature that can allow other users access to your mailbox. This other feature is referred to as granting delegation access.

Granting access for other users to access your mailbox understandably involves a very large amount of trust. However the benefits can be worth it if the conditions exist to give someone else access to your email. But disregarding the privacy issues there can also be problems with granting delegation access.

There are two methods used for granting someone else access to your email:

1. Granting Delegate access:  This method is used to grant access to one or more of your Outlook folders. These folders can include: Calendar, Inbox, Notes, Tasks, Contacts and Journal. The users who you grant delegate access to will also have the “Send on behalf of” right explicitly granted to them. The delegated users can access the delegated folders by clicking on “File”, then “Open” and then clicking on “Other Users Folder”. Delegated access can be restricted through additional steps if necessary. Note that a delegate can be given different permissions for different folders. This allows the owner to control access to items in their Exchange mailbox. Usually if access to your calendar or inbox has already been granted without any problems then the “Send on behalf of” capability can also be given at the discretion of the owner of the inbox.
2. Granting specific folder permissions: This method is probably the best one to begin with when giving someone else access to your inbox and other folders. This method provides the same functionality as the Grant Delegate access method but it does not automatically give the “Send on behalf of” right to the specified users who are given permissions to your folders. In addition the “permission granted” users will need to add your mailbox folders to their own Outlook account. Once they have added your folders to their account then they will be able to see only those folders which they have been given permission to view.

Granting access to others to view your mailbox and other folders, and to respond to your email messages received, should be implemented only after one has set up rules and policies to guide the granted delegate in what manner to use your mailbox and what the boundaries are for responding to email messages. Failure to do so can result in leaked email messages and confidential company information.

Continue reading Troubleshooting Delegated Email Issues

There have been many times in the past when I have started a project for a new customer and discovered that they are not using SSL for their email servers.  Usually after a brief discussion they agree to implement SSL in the new system we are installing for them.

Occasionally they agree but insist on doing it in a less than ideal manner.  And sometimes, although rarely, they decline our advice and continue without SSL.

What is SSL?

SSL stands for Secure Socket Layer and is an encryption protocol that secures communications between two parties over insecure networks such as the internet.  Although still commonly referred to as SSL its new name is actually TLS (Transport Layer Security) which more accurately describes its role of securing communications at the Transport layer of the OSI model (eg, the TCP protocol).

In an SSL/TLS secured communication the two parties (e.g. a web server and a web browser) agree on how to secure the connection they are establishing. Continue reading The Importance of SSL for Exchange Servers

Administration of Outlook will on occasion involve correcting behavior related to the Name Service Provider Interface (NSPI) used for communications between Outlook and Exchange Server. The NSPI is used to communicate with the Global Catalog and resolve domain names and domain lookups. The protocol is known as emsabp32 and is comparable to Lightweight Directory Access Protocol (LDAP).

During the course of operations you may sometimes get an alert indicating that the Name Service Provider Interface (NSPI) Proxy is able to communicate with the global catalog but it doesn’t support the NSPI service.

This error message can occur when running the Microsoft Exchange Server 2007 Management Pack for Operations Manager. This pack is used to monitor the Windows Application log on systems that are running Exchange Server 2007. If it detects that certain events or a particular event has occurred, such as Event ID 9176 as shown in the log below, then it will generate the previous alert.  Such an event or events will look like this:

Product Name       Exchange
Product Version    8.0 (Exchange Server 2007)
Event ID              9176
Event Source        MSExchangeSA
MOM Rule
Path          Microsoft Exchange Server/Exchange 2007/Mailbox/System Attendant
MOM Rule Name   “Name Service Provider Interface (NSPI) Proxy can contact the global catalog, but it does not support the NSPI service.”

In addition you may also get a Description field such as: “NSPI Proxy can contact Global Catalog fully qualified domain name (FQDN) of server but it does not support the NSPI service. After a Domain Controller is promoted to a Global Catalog, the Global Catalog must be rebooted to support MAPI Clients. Reboot fully qualified domain name of server as soon as possible.”

Continue reading Global Catalog Server Errors and Outlook

Will Exchange support boost Apple's corp cred?

Despite the crowing by fans of Apple computers that  their lovely machines are gaining traction in the corporate realm, resistance to OS X boxes by CIOs appears to still be strong, even with the much trumpeted support of Microsoft Exchange in the latest edition of the Mac operating system, Snow Leopard.

The logic behind the expectation that Exchange support will be a deal maker for corporate IT departments stems from the infectious behavior Apple products have had in the past on markets. The iPod’s popularity, for example, had a halo effect that enticed consumers to move to Apple computers. More to the point, when Exchange support was built-in to the iPhone, it began to win nods from more corporate users.

But there are indications that, at least initially, the halo effect may not be as strong this time around. One of those indicators is a recent “jury poll” taken by TechRepublic, a Web site targeted at IT professionals. In that poll, a “jury” of CIOs voted 12-0 against adding new Macs to their existing computer mix. All the executives voted “no” to the question, “Does the release of Snow Leopard make your IT department more likely to adopt more Mac OS X machines?

Continue reading Mac resistance still strong despite Exchange support

So far in this series of posts I have discussed the basic concepts of Exchange Server 2007 high availability, how to use Local Continuous Replication to protect mailbox databases on a single server, and how to cluster Exchange mailbox servers with Single Copy Clusters and Cluster Continuous Replication.  In this final post in the series I will discuss Exchange Server 2007 Standby Continuous Replication.

What is Standby Continuous Replication?

Standby Continuous Replication (SCR) for Exchange Server 2007 is a feature that was introduced with Service Pack 1.  SCR occurs between two servers – a source server and a target server.  The source server holds the active storage group and mailbox database, while the target server holds a replica of that storage group and mailbox database.

Exchange storage group and mailbox database information is replicated between the source and target server using asynchronous log shipping.  I described asynchronous log shipping in part one of this series on the fundamental concepts of Exchange Server 2007 high availability.  The same log shipping occurs in Local Continuous Replication and Cluster Continuous Replication.

SCR does not work like a cluster with automated fail over, rather it is much like LCR in that manual intervention is required in the event that the SCR source server experiences a failure.

Continue reading Exchange Server 2007 High Availability Part 5 – Standby Continuous Replication

It’s almost midnight when you’re woken from your peaceful slumber by a phone call from the boss. He’s calling from the pub in an inebriated state and is close to panic. “I’sh loshted my mobile and need it wiped … *hick* … immediately,” he slurs. Fortunately, with Exchange 2007 and Outlook Web Access (OWA), this is easy enough to do – without needing to make a visit to the office in the small hours of the morning.

Simply start up your computer and then (from Microsoft):

1. Open Outlook Web Access.
2. Log on to the device owner’s mailbox.
3. Click Options.
4. In the Navigation pane, select Mobile Devices.
5. Select the ID of the device that you want to wipe and remove from the list.
6. Click Wipe all data from device.
7. Click OK.
8. Click Remove Device from List.
9. Curse your boss, turn off your phone and go back to bed (okay, so this one isn’t actually part of Microsoft’s instructions but it is nonethless a step that you’ll probably wish to perform in order to ensure that the boss cannot disturb you again to tell you that he’s found the device and the remote wipe should be cancelled).

Step #8 is non-essential, but there’s really no point in not doing it as the device will otherwise continue to be wiped even after it has been found (which is bound to happen when he sobers up).

Note that it’s also possible to perform remote wipes with ES/SBS 2003, but do so you’ll need to have previously installed the Microsoft Exchange Server ActiveSync Web Administration Tool.

The world of hosted Exchange is about to get a lot bigger. This week in Hannover, Germany, Microsoft announced further developments on its “Software-plus-Services” initiative. The Business Productivity Online Suite will be available for trial runs for businesses of all sizes. Microsoft will also release Microsoft Office Communications Online, and the Business Productivity Online Deskless Worker Suite.

Microsoft’s Exchange Online and SharePoint Online were first announced last September for larger enterprises; they will now be available for any size business. Hosted Exchange of course isn’t anything new, and there have always been Microsoft hosting partners. The new service will be available both direct and through resellers, but there is some concern on the part of some hosting partners that Microsoft will cannibalize their business. The question is, whether you should use a hosted email service at all. As we’ve seen time and time again, the lowest common denominator of hosted email, the free services available such as Hotmail, have no place in the enterprise; and they definitely have no place in government agencies, where regulations demand accountability and archiving.

On-premises email does have numerous advantages in terms of security and control, but for smaller and SOHO businesses, the price advantage of the Software-plus-Services option may be the deciding factor. Microsoft Online Services is listing for $10 per user for Exchange Online, and $7.25 per user for SharePoint Online. For the most part though, the hosted solution can’t be seen as a replacement for an on-premises email server at the enterprise level, where the IT department can maintain control, and enjoy access to superior archiving facilities and third-party security controls. Microsoft’s press release for example, describes the “Deskless Worker Suite” as a solution for “occasional users;” many enterprises that deploy a hosted Exchange solution do so in conjuntion with an on-premise system as well.