Exchange 2007 Problems and Solutions

• Problems creating mailboxes

Error message: An Exchange 2007 server on which an address list service is active cannot be found.

Solution: Start Microsoft Exchange System Attendant service.

Other possible cause and solution:

1. rename DC

2. transfer all FSMO role to GC

3. Do not use a virtual server with a non-unique SID

Windows Server 2008

Windows 2008 Active Directory, deleting OUs

Today I found some new default permissions on Windows 2008 Active Directory Organizational Units (OU). I had created an OU in my nice new Windows 2008 Active Directory to provision servers into. Now that I have created my OU structure I tried to delete my redundant OU and received the error message.

You do not have sufficient privileges to delete MyOUName, or this object is protected from accidental deletion.

So I immediately switched on Advanced Features in Active Directory Users and Computers so that I can access the Security tab of the OU. When I clicked Advanced there was one explicit Deny permission set for Everyone with Special permissions. These Special permissions were Deny Delete and Deny Delete Subtree. Of course by un-checking these options I could delete the OU.

Posted by Brian Gibson
http://brianagibson.blogspot.com/2008/07/windows-2008-active-directory-deleting.html

What's new in Windows Server 2008

Solid Foundation

• Windows PowerShell, a new optional command-line shell and scripting language, enables administrators to automate routine system administration tasks across multiple servers.
• Windows Reliability and Performance Monitor provides powerful diagnostic tools to give you ongoing visibility into your server environment, both physical and virtual, to pinpoint and resolve issues quickly.
• Componentized Server Core installation option allows minimal installations where only the server roles and features you need are installed, reducing maintenance needs and decreasing the available attack surface of the server.
• Windows Deployment Services (WDS) provides a simplified, highly secure means of rapidly deploying Windows operating systems to computers by using network-based installation.
• Failover clustering wizards make it easy for even IT generalists to implement high-availability solutions, Internet Protocol version 6 (IPv6) is now fully integrated, and geographically dispersed cluster nodes no longer need to be on the same IP subnet or configured with complicated Virtual Local Area Networks (VLANs).
• Network Load Balancing (NLB) now supports IPv6 and includes multiple dedicated IP address support which allows multiple applications to be hosted on the same NLB cluster.

Virtualisation

• Windows Server 2008 Hyper-V, the next-generation hypervisor-based server virtualization technology, allows you to consolidate servers and use hardware more efficiently.
• Several enhancements to Terminal Services (TS) improve presentation virtualization.
• Simpler licensing terms makes using these technologies more straightforward.
• Support for the latest hardware-assisted virtualization technologies allows virtualization of very demanding workloads.
• New storage features, such as pass-through disk access and dynamic storage addition, allow VMs more access to data, and give external programs and services more access to data stored on VMs.
• Clustering of Windows Server virtualization (WSv) hosts or VMs running on WSv hosts and backup of VMs while they are running keep your virtualized servers highly available.
• Terminal Services (TS) RemoteApp and TS Web Access allow programs that are accessed remotely to be opened with just one click and appear as if they are running seamlessly on the end user's local computer.
• TS Gateway helps provide secure remote access to Windows-based programs through firewalls – without the need for a virtual private network (VPN).
• TS Licensing Manager adds the ability to track the issuance of TS per User Client Access Licenses (CALs). Built into Windows Server 2008, TS Licensing is a low-impact service the enables centralized administration, tracking, reporting, and efficient purchasing of TS per User CALs.

Exchange Migration Diary

If you will continue to use any features from Exchange 2003 that are not supported in Exchange 2007, you have planned to keep at least one Exchange 2003 server in your organization. The following Exchange 2003 feature is not supported in Exchange 2007:
· Novell GroupWise connector
· Network News Transfer Protocol (NNTP)

If you will continue to use any features from Exchange 2000 that are not supported in Exchange 2007, you have planned to keep at least one Exchange 2000 server in your organization. The following Exchange 2000 features are not supported in Exchange 2007:
· Microsoft Mobile Information Server
· Instant Messaging service
· Exchange Chat Service
· Exchange 2000 Conferencing Server
· Key Management Service
· cc:Mail connector
· MS Mail connector

If you choose to use Microsoft Virtual Server 2005 R2, you are limited to the 32bit versions of Exchange Server 2007.

What's new in Exchange 2007

• The complexity of the Exchange routing topology has been reduced by building on the existing Active Directory directory service site topology.

• Unified Messaging

• Role based administration model - Edge Transport, Hub Transport, Mailbox, Client Access and Unified Messaging

• SMTP protocol is provided by the Microsoft Exchange Transport service (MSExchangeTransport.exe).

• Only the Mailbox server role can be installed in a failover state. Therefore, if plan to deployed a clustered Mailbox server, you cannot install any other server roles on the same computer as the Mailbox server role.

• The standard license for Exchange 2007 enables you to create up to a five storage groups and to mount up to five databases. The enterprise license for Exchange 2007 enables you to you can create up to 50 storage groups and mount up to 50 databases.

• Only one public folder database can exist on each server.

• You cannot use the Exchange Management Console to change the log file location for remote Mailbox servers. To create storage groups on other Mailbox servers, use the New-StorageGroup cmdlet in the Exchange Management Shell.

• If local continuous replication (LCR) is enabled, you cannot enable circular logging. To make your changes to the circular logging settings effective, restart the Microsoft Exchange Information Store service, or dismount and then mount all of the databases in the storage group.

• When a mailbox size reaches or exceeds a specified storage quota limit, Microsoft Exchange Server 2007 sends a descriptive notification to the mailbox owner. Exchange 2007 allows you to customize the content of these notification messages.

• Exchange Server 2007 includes three Inbox features that provide high availability for Mailbox servers: Local continuous replication (LCR), cluster continuous replication (CCR), and single copy clusters (SCC). The continuous replication features use log shipping to create a second copy of a production storage group. In an LCR environment, the second copy is located on the same server as the production storage group. In a CCR environment, the second copy is located on the passive node in the cluster.

• The complexity of the Exchange routing topology has been reduced by building on the existing Active Directory directory service site topology. Exchange 2007 is a site-aware application and uses Active Directory sites as a basis for selecting which servers to communicate with directly. This means that no additional routing configuration is required when you deploy a pure Exchange 2007 organization.

• Exchange 2007 automatically routes by using minimal hops. Each Active Directory site is considered a hop. Exchange 2007 selects the most direct path between the source and the destination. If a Hub Transport server is unavailable in a site because of temporary network outages, mail is queued at the point of failure.

CISCO Commands

Leased Line

encapsulation {hdlc ppp}
compress [predictor stat mppc [ignore-pfc]]

show interfaces [type number]
show compress
show processes [cpu]

Cisco Cables

Cisco V.35 DCE Cable

Cisco V.35 DTE Cable

WAN Connectivity Option

3 general option for WAN connectivity:

1. Leased Line

Two most popular Data Link Protocol: HDLC and PPP

Functions in common:

- Both deliver data across a single point-to-point serial link

- Both deliver data on synchronous serial links; PPP also supports asynchronous serial links

WAN data -ink protocols are frame-oriented, just like LAN data-link protocols.

PPP

PPP was defined much later than HDLC, as a result, creator of PPP included many additional features that had not been seen in WAN data-link protocols up to that time. PPP has become the most popular and feature-rich WAN data-link layer protocol.

PPP LCP Features:

CHAP is the preferred method today because the identifying codes flowing over the link are created using a Message Digest 5 (MD5) one-way hash, which is more secure than the clear-text passwords sent by PAP.

2. Circuit switching/dial

3. Packet switching

Cisco Serial Cabling Options

We need a Cisco serial cable to connect the DTE (router) and DCE (CSU/DSU).

1. EIA/TIA-232 (RS-232)

EIA/TIA-232 DTE Cable Pinouts (DB-60 to DB-25)

2. EIA/TIA-449 (RS-449)

EIA/TIA-449 DTE Cable Pinouts (DB-60 to DB-37)

RS-449 is a faster version of EIA/TIA-232 (up to 2Mbps) capable of longer cable runs.

Leased Line

Two common type of leased lines used for private voice and/or data networking are

T1 and T3

both can operate over either copper or fiber optic.

T1 was developed by AT&T in 1960s, offer same same data rate as symmetric DSL (1.544Mbps), it can carry 24 digitized voice channels. If it's being used for telephone conversation, it plugs into the office phone system, if it's carrying data it plugs into the network's router.

T3 are a common aggregation of 28 T1 circuits that yields 44.736Mbps total network bandwidth.

A large company probably needs something more than a T1 line. Some of common lines designation:

• DS0 - 64 kilobits per second
• ISDN - Two DS0 lines plus signaling (16 kilobytes per second), or 128 kilobits per second
• T1 - 1.544 megabits per second (24 DS0 lines)
• T3 - 43.232 megabits per second (28 T1s)
• OC3 - 155 megabits per second (84 T1s)
• OC12 - 622 megabits per second (4 OC3s)
• OC48 - 2.5 gigabits per seconds (4 OC12s)
• OC192 - 9.6 gigabits per second (4 OC48s)

Configuring Leased Line (Cisco)

1. configure IP

2. HDLC and PPP configuration

- make sure configure same WAN data-link protocol on each end of the serial link

Spam Fighting

Older technology used to fight spam - Analyse message content using keywords
Newer techlonogy used to fight spam - Analyse both message content and header

How you can find a spammer's ISP?

The address in the "From:" field is almost certainly forged in order to throw you off the scent (and may even belong to an innocent third-party), so you have to learn to read the "full message headers", which are a bit like a log of an email message's travels through the internet.

http://spamcop.net/fom-serve/cache/19.html

Spammer Tricks

1. The Non-Dotted-Quad IP address e.g. 0266.0xaf.0x5a.012

2. The really Dotted-Quad IP address
e.g. http://10889035741470030830827987437816582766808.4153837 4868278621028243970633761010.913438523331814323877303020 44767688728495784090.54445178707350154154139937189082913 83522/
end up with http://216.242.154.226/

3. The username trick
e.g. http://jjf:fred@www.myreallysecurewebsite.com/

4. Page redirections

5. Frames

How spammers get our email address?

1. "Harvesting" in newsgroup/website

2. Buy from another spammer

3. Guess -when spammer concentrate on one domain, it's sometimes called "Dictionary Attack".

4. ISP sell to spammer, extremely rare

5. We give them when register to newsgroup/website

What can an individual do?

Many spam e-mails contain URLs to a website or websites. According to a Commtouch report in June 2004, "only five countries are hosting 99.68% of the global spammer websites", of which the foremost is China, hosting 73.58% of all web sites referred to within spam.[