MicromissionS

The default values for DatabaseMaxCacheSize is 128 (MB) but if the Exchange server that running HUB Transport or Edge Transport has 4 (GB) or more of RAM installed; why not to increase their performance.

MS Transport Service uses Extensible Storage Engine (ESE) for its mail transport functionality; this feature provide more benefits over the earlier versions of Exchange server which use NTFS file system for mail transport functionality:

• ESE writes transactions to log files and to the RAM first. Then, ESE writes the transactions to the database file.
• ESE increases transactional integrity of data that is stored in the queue.
• Using this feature make all messages queue to be held on one location, the transport mail queue. While in Exchange 2003 or earlier mail could be stored in two locations during processing: file folder structure and local information store database.

Although ESEs –cache size in the Mailbox server role is increased dynamically, in the transport service is not. Instead ESE cache has a maximum size of 128 (MB), which is by default set in DatabaseMaxCacheSize parameter in the EdgeTransport.exe.config file.

The default size is sufficient in the typical usage; but it is recommended to increase the max size to 512 (MB) in case of having 4 (GB) on the Transport server. The Exchange 2007 resource monitor tracks the number of used version buckets that are currently stored in memory.

When the number of used version buckets exceeds the thresholds that are specified in the EdgeTransport.exe.config file, the resource monitor logs event ID 15004. This event indicates that the server is experiencing resource back pressure. A back pressure event is a staged process in which the following behavior occurs:

• When the first threshold is reached, the transport server tries to block new incoming SMTP messages.
• When the second threshold is reached, the transport server prevents new Mailbox server connections. This is to allow the transport server time to try to clean uncommitted transactions from memory and to put the transactions into the queue database file.

To increase the DatabaseMaxCacheSize value in Exchange 2007:

• Log on to the Hub Transport or Edge Transport server.
• Start Windows Explorer, and then locate the following folder:
  

  %ProgramFiles%\Microsoft\Exchange Server\Bin

• In the details pane, open the EdgeTransport.exe.config file by using a text editor such as Notepad
• Locate the DatabaseMaxCacheSize parameter. To do this, press CTRL+F, type databasemaxcachesize in the Find what box, and then click Find Next. The parameter appears as follows:
  

  <add key = “DatabaseMaxCacheSize” value=”134217728″ />

• Replace the value with 536870912. The parameter should appear as follows:
  

  <add key = “DatabaseMaxCacheSize” value=”536870912″ />

• Save the changes to the EdgeTransport.exe.config file, and then restart the Microsoft Exchange Transport service. To restart the service, follow these steps:
  • Click Start, click Run, type cmd, and then click OK.
  • At the command prompt, type:
    

    net stop msexchangetransport && net start msexchangetransport

    and then press ENTER.

Join the forum discussion on this post - (1) Posts

In my earlier article “The New In Exchange Server 2007 Service Pack 2” I talked about the new Service Pack, and here I will say something about my experience to deploy this service pack on SCC setup…

Here I will talk only on mailbox role; I have SCC deployed on Two Nodes Failover-Cluster in MS Windows Server 2008 Enterprise Edition.

In the preparation phase, I found on the internet that some prerequisites must be considered before SP2 installation:

• Windows Installer Version 4.5: which already installed because the target Exchange server is running on Windows Server 2008 with Service Pack 2; and it is already presented in.
• SNMP service must be stopped.
• Remote Registry: must be RESTARTED.
• MS Operation Manager: must be stopped if it is deployed.
• Any pending MS updates must be finalized before.
• Any Real-Time monitoring agent must be suspended.
• Any Antivirus or Security software must be suspended during SP2 installation.

I begun with manually Schema Update using the Administrative Command Line Interface while this process can be achieved inline of the roles upgrade, off course the installation account should be member of Schema Admins & Enterprise Admins security groups.

setup /PrepareSchema

setup /PrepareAD

Then by the installer setup to upgrade CAS, HT and Edge respectively that is the order I used.

Finally, I started SP2 installation process on the two SCC Nodes; and the whole process will be achieved from Administrative Command Line Interface, and the process will go in the followed sequence:

1. Passive node upgrade.
2. Clustered Mailbox service instance.
3. Moving the Clustered mailbox service instance to the upgraded passive node.
4. Upgrade the remaining nodes.

From an Administrative CLI on SP2 installation binaries run the following command:

Setup.com /m:upgrade

Then reboot this node and follow SP2 prerequisites… now open Exchange Management Shell and stop the Mailbox cluster service instance then move it to the upgraded node by running the following commands:

Stop-ClusteredMailboxServer –id –StopReason “Service Pack 2 Upgrade”

Move-ClusteredMailboxServer –id –TargetNode –MoveComment “Service Pack 2Upgrade” –Confirm:$false

Then and while the Clustered Mailbox Service instance is stopped open run the following command to upgrade the instance:

setup.com /upgradeCMS

After successful CMS upgrade move to the previously active node and run:

With the same consideration in the prerequisites, then and now you have Exchange 2007 SP2 deployed, and now you can start CMS again but this time you have it with the new features of SP2.

Join the forum discussion on this post - (1) Posts

As per my earlier article, the public folders database is fully mounted but I found a new problem; the Default Offline Address Book is not updated with any new changes or any new mailbox.

By diagnosing this issue, I found that when manually update the “Default Global Address List” which is the source of OAB content, I found list of warnings as bellow:

WARNING: The recipient “/Microsoft Exchange System Objects/Offline Address Book – \/o=First Organization\/cn=addrlists\/cn=oab” is invalid and could not be updated.

WARNING: The recipient “/Microsoft Exchange System Objects/Offline Address Book – First Administrative Group” is invalid and could not be updated.

WARNING: The recipient “/Microsoft Exchange System Objects/Schedule+ Free Busy Information – First Administrative Group” is invalid and could not be updated.

WARNING: The recipient “/Microsoft Exchange System Objects/OAB Version 2″ is invalid and could not be updated.

WARNING: The recipient “/Microsoft Exchange System Objects/OAB Version 3a” is invalid and could not be updated.

These are system public folders from the Exchange 2003 server and they are mail-enabled in Exchange 2003 system, while in Exchange 2007 the system public folders are not mail-enabled, on other hand these warnnings is because these PFs have incompatible aliases format with Exchange 2007… once changing their aliases format to compatible one with the Exchange 2007 alias format (Only by removing the spaces) OR by mail-disable them; these warnings are disappeared, and the “Default Global Address List” is fully generated.

Join the forum discussion on this post - (1) Posts

Three days ago while working on an Exchange 2003/2007 migration project, by mistake; I killed the old Exchange 2003 and I followed it by deleting the legacy administrative group, which cause corrupting of the Public Folder Database on the new Exchange this Database hold the “Offline Address Book”, Free Busy folders, Systems folders, each time to open Exchange Management Console and navigating to the Public Folder Database a failure occurred with the following warning message:

——————————————————–

Microsoft Exchange Warning

——————————————————–

The following warning(s) were reported while loading topology information:

get-PublicFolderDatabase

Completed

Warning:

Object MAILBOX-SERVER\STORAGE-GROUP\Public Folder Database has been corrupted and it is in an inconsistent state. The following validation errors have occurred:

Warning:

PublicFolderHierarchy is mandatory.

Warning:

PublicFolderHierarchy is mandatory.

——————————————————–

OK

——————————————————–

After rebooting the mailbox server the Public Folder Database unable to be mounted with the following error message:

——————————————————–

Microsoft Exchange Error

——————————————————–

Failed to mount database ‘Public Folder Database’.

Public Folder Database

Failed

Error:

Exchange is unable to mount the database that you specified. Specified database: MEC-HQ-MSG\SG-02\Public Folder Database; Error code: MapiExceptionADPropertyError: Unable to mount database. (hr=0×80004005, ec=2418).

——————————————————–

OK

——————————————————–

Now Outlook 2003 is blocked; all Outlook 2003 users were prompt an error message declaring:

Your Exchange Server Administrator has blocked the version of outlook that you are using. Contact your Administrator for assistance.

——————————————————–

OK

——————————————————–

Bby researching, I found that PublicFolderHierarchy might be hosted on the deleted Administrative Group. So, using ADSI utility I checked that it is on the new Administrative Group, but what had happened was that the Exchange system considers the old Public folder on the old server is the MAPI one, and Public folder tree owner is the old public folder database on the old server.  So to resolve this issue using the ADSI utility:

1. Right click CN=Folder Hierarchies -> New Object

2. Selected msExchPFTree for the class

3. For the value we entered, "Public Folders" and clicked next

4. Clicked on the "More Attributes" button, selected msExchPFTreeType and set the value to 1. Note: This is very important that this value is set to a value of 1 as this tells Exchange that this is a MAPI Tree.

5. Click Ok and then finish

Populate msExchOwningPFTreeBL attribute object of the PF Stores in the organization (Since this attribute is not directly editable, you have to follow the below steps to do this for each PF store)

1. Get properties of the newly created "Public Folders" Tree object in ADSIEdit.

2. Copy the distinguishedname value to the clipboard and then click cancel.

3. Navigate to the Storage group that contains the Public Folder Store for this server and get properties of the server.

4. Locate the msExchOwningPFTree attribute and paste in the value that was copied to the clipboard in step 2. Click OK.

5. Restart the Information Store Service

Join the forum discussion on this post - (1) Posts

In Exchange 2010 all Outlook clients use Client Access Server even the entourage clients need to connect to CAS in order to access mailbox.

In Exchange 2010, MAPI access and directory access has been transferred to the Client Access server. This is to provide all data access through a single, common path.

I like that… Outlook MAPI clients will talk to MAPI on a Middle Tier layer (CAS) which then talk to Mailbox server, same for directory information Outlook talk to NSPI endpoint located on Middle Tier layer (CAS), NSPI talks to Active Directory Driver which talks to Active Directory Service.

Unlike in Exchange 2007; Outlook MAPI clients will talk to RPC proxy which is installed on the CAS then it will talk directly to MAPI RPC component on the Mailbox server and the NSPI endpoint in Active Directory.

Oh… Exchange 2010 require RPC encryption, which means that clients with outlook 2003 will not be able access their mailboxes by default, and to configure Outlook 2003 to use RPC encryption:

1. Click Tools > E-Mail Accounts > View or Change an Existing Account.
2. Select the account and click More Settings.
3. Select the Security Tab.
4. Select Encrypt data between Microsoft Office Outlook and Microsoft Exchange Server.
5. Click OK.

OR… by disabling RPC encryption requirement on Exchange 2010 Client Access Server:

Set-RpcClientAccess –Server <CAS server> –EncryptionRequired $false

But the recommended solution it configure Outlook 2003 to use RPC encryption.

Many new features for each server role have introduced in the “Service Pack 2” to include:

·        Exchange Server 2010 Support: now to deploy Exchange 2010 server with Exchange server 2007 coexistence it is a must to have all Client Access Servers in the organization upgraded to Exchange Server 2007 SP2, in addition all Exchange servers in the AD Site of Exchange server 2010 deployment must be upgraded to Exchange server SP2.

·        Windows Server Backup Support: Windows Server 2008 Backup feature was not support Exchange-aware Data but by deploying Exchange server SP2; Volume Snapshot plug-in will be installed to add the ability to Windows Server Backup to backup Exchange-aware VSS data, this new feature support will affect small organizations in decision to provide native
backup solution for the Exchange server 2007.

·        Enhancement on The Mailbox Access Auditing Capabilities: on MS Exchange IS resource a set of Diagnostics Logging categories for Mailbox Access Auditing logging, each category corresponds to a different type of resource access, and each category can be enabled independently, which enable administrators to specify the level of logging.

a.   The Folder Access category lets you log events that correspond to opening folders, such as the Inbox, Outbox, or Sent Items folders.

b.   The Message Access category lets you log events that correspond to opening messages.

c.   The Extended Send As category lets you log events that correspond to sending a message as a mailbox-enabled user.

d.   The Extended Send On Behalf Of category lets you log events that correspond to sending a message on behalf of a mailbox-enabled user.

Each category supports logging levels from zero (not enabled) to five (maximum logging).
Higher logging levels increase the amount and detail of logged data

·        Dynamic Active Directory Schema Validation: The dynamic AD schema update and validation feature allows for future schema updates to be dynamic deployed as well as proactively preventing conflicts whenever a new property is added to the
AD schema. Once this capability is deployed it will enable easier management of future schema updates and will prevent support issues when adding properties that don’t exist in the AD schema

·        Public Folder Quota anagement: Exchange 2007 Service Pack 2 provides a more efficient way to manage Public Folder quotas by improving the current cmdlets and removing the dependency on the Public Folder Distributed Authoring and Versioning Administration to perform management tasks.

·        Centralized rganizational Settings: new cmdlet parameters that have been added that enable centralized management of many of the Exchange organization settings.

Type 1 VMMs such Microsoft Hyper-V and VMware ESX Server run hypervisor on the hardware layer directly. Throughout the hypervisor all CPU processes and memory I/Os are performed directly by the guest OS in dependently from the admin OS, which makes the performance at essentially the same of making the operations on the hardware directly.

There are two approaches for the hypervisor. Microkernalized hypervisor, such as Microsoft Hyper-V the admin OS performs in addition to CPU and memory management, the admin OS hosts the independent hardware vendor drivers, so no third-party binary runs in the hypervisor layer and only standard windows-64 drivers are required, guest OS have the ability to access the hardware in one of two ways, based on the guest OS. For enlightened guest OS (has Hyper-V integration services) a very fast memory-based bus, VMBus is used to expose the guest OS to the network, storage devices and etc…, for enlightened guest OS use emulated hardware throughout the admin OS. The hypervisor catch I/O access and redirects it to the admin OS for emulation.

In monolithic hypervisors, such as VMware ESX server handle all hardware access for their guest OS instances. This hypervisor have to host drivers of all hardware that are installed on the physical machine, to include storage, network, I/O devices and etc… Drivers must be installed in hypervisor, which drivers is common to guest OSs and the admin OS, and a special driver is required for the hypervisor, which in regards limit hardware support.

Microsoft has just released the Beta version of the new Exchange server 2010 with code name “E14”.

Exchange 2010 comes with new features and improvements:

1. Improved Storage Reliability: E14 has brought new 70% I/O reduction, with new architecture the fail over designed around the mailbox database level instead of Server level “known as DB mobility”; which enable Organizations to run High-Available Exchange environment without dealing with clustering, RAID Disks or Enterprise disks solutions (SAN).

2. MailTips: no more over-quota email message sent accidently.

3. Conversation View.

4. More internet browsers support for OWA.

All of these and will continue…

One of the important security issues is to keep the internal resources hidden and unknown from outside.

Received: from Internal-FQDN-NAME-1 ([PUBLIC-IP-ADDRESS]) by bay0-pamc1-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Fri, 03 Apr 2009 10:40:14 -0700

Received: from Internal-FQDN-NAME-2 (INTERNAL-IP-ADDRESS-1) by Internal-FQDN-NAME-1 (INTERNAL-IP-ADDRESS-2) with Microsoft SMTP Server (TLS) id 8.1.358.0; Fri, 03 Apr 2009 20:40:50 +0300

Received: from Internal-FQDN-NAME-3 ([INTERNAL-IP-ADDRESS-3]) by Internal-FQDN-NAME-2 ([INTERNAL-IP-ADDRESS-1]) with mapi; Fri, 03 Apr 2009 20:42:12 +0300

In Exchange 2007, by default “ANONYMOUS LOGON” has “Send Routing Header” permission granted on the all send connectors, and this is the key subject.

If we remove “Send Routing Header” permission from “ANONYMOUS LOGON” on the Internet-Send-Connector, then all of the information about the internal server will be removed from the message header.

ADSIEdit.MSC -> CN=Configuration -> CN=Services -> CN=Microsoft Exchange -> CN=”Organization Name” -> CN=Administrative Groups -> CN=Exchange Administrative Group -> CN=Routing Groups -> CN=Exchange routing Group -> CN=Connections -> CN=”Send Connector Name”

By running the command below the “Send Routing Header” permission will be removed from “ANONYMOUS LOGON” on the Internet-Send-Connector:

Get-SendConnector “Connector Name” | Remove-ADPermission -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITY\Anonymous Logon”

Noting that the “Microsoft Exchange Transport” Service have to be restarted in order to get effective.

I don’t know why I did not find it anywhere as part of the pre-migration process; because if you have it, your installation of mailbox role will keep failing.

While Microsoft keeps saying the LDAP filters are supported in Exchange 2007, but you cannot edit them from Exchange 2007 console, if you try migrating to Exchange 2007 mailbox role, and if you have Recipient Policy or Address List that is configured with LDAP filters you may experience:

Error:

The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error.

The service can’t work properly because Email Address Policy ‘CN=NAME,CN=Recipient Policies,CN=First Organization,CN=Microsoft Exchange, CN=Services, CN=Configuration, DC=DOMAIN,DC=COM’ has an invalid filter rule (PurportedSearch). The error is ‘ANR is not supported.’. Use the Exchange Management Console to correct this problem. New users, contacts, and groups won’t be fully provisioned until this is fixed.

That because not all LDAP filters are supported in Exchange 2007. In Exchange 2007 new OPATH filters replace the old LDAP ones, so before migrating the mailbox role it is very important to make sure of the LDAP filters used in the Recipient Policies & Address Lists are compatible with OPATH ones.