Mastering
Microsoft Exchange Server 2003
(Sybex, 2003)
By Barry Gerber
Additions and Corrections to the First
Edition
Also Includes Useful New Information
(Updated 5/02/2004)
NEW: Check Out the Great Free Windows and Exchange
Tools at JoeWare.net
Click here for the tools index.
NEW: Microsoft Exchange Server TechCenter
The Exchange Server TechCenter has tons of useful Exchange information and downloads.
NEW: Microsoft’s Best Practices Analyzer Tool
This application checks to see where you may have violated best practices in your Exchange installation. Download here.
NEW: Jim McBee with Barry Geber, Microsoft Exchange Server 2003 24seven, Sybex, 2004. This is a great advanced companion to my book. “A meticulous, thorough, and readable guide that will help you maximize performance, security, and reliability.” Paul Robichaux, Partner, 3sharp LLC.
NEW: Download Exchange 2003 tools here.
NEW: Download your free copy of the 400
page Exchange
2003 Technical Reference Guide from Microsoft here.
1. What Version
of Windows Server 2003 Is Required for the Two Different Versions of Exchange
Server 2003?
You can run either version of Exchange 2003 on any version
of Windows 2003 but the Web Edition. So, if you need Exchange 2003 Enterprise
Edition, you can run it on Windows 2003 Standard Edition. However, if you need
such advanced features as server clustering for better performance and
increased system reliability and availability you’ll have to run at least
Windows 2003
2. What Do I Need
to Do First When Upgrading Exchange 2000 Running on Windows 2000
Exchange 2003 can run on Windows 2000. Exchange 2000 cannot run on Windows 2003. So, you must first upgrade Exchange 2000 to Exchange 2003, then upgrade Windows 2000 to Windows 2003. [This is to correct the Warning at the bottom of page 115.]
3. How do I Add
Additional E-Mail Domains To My Exchange 2003 Server?
You need to do three things for each e-mail domain (e.g., add @x.com in addition to your existing domain @y.com):
1. Manually or automatically give specific users addresses that use the new e-mail domain.
2. Create a recipient policy for the new e-mail domain.
3. Register Host and MX records for the new domain in a public Internet server.
[This is to correct the sidebar “Supporting Multiple E-Mail Domains in a Single Exchange Organization” on page 614. See Chapter 16 for information on completing steps 1, 2 and 3.]
You can do a lot more to enhance multi-domain support. For details, check out Microsoft Knowledgebase article 318635.
This article works for Exchange 2003, but not for Exchange 2000. The main problem has to do with logging into OWA. With Exchange 2000, I couldn’t log into OWA using a login name fashioned from the user alias and an added UPN (User Principal Name), for example ssmith@x.com. With Exchange 2003, it worked fine. For more on UPNs see the Knowledgebase article.
The fixes are noted below:
Create an HTTP virtual server (In Exchange System Manager: Servers > Protocols > HTTP) for each e-mail domain you’ve added. Give it a name that makes it easy to see which e-mail domain you’re working with. Make the host header the name of the mail server for the e-mail domain as set in the MX and Host record for the e-mail domain (e.g. mail.x.com) and set Mailboxes For to the domain name, e.g. x.com. The Use the full email address to login to OWA. Thanks to Daniel Goepfrich at DFG Consulting for this one.
Then you need to do the following after configuring any new HTTP virtual servers you create. Be sure to wait until the new virtual server has been fully created by the system in IIS.
Open the Internet Services Manager on the server that supports the Exchange server with an HTTP virtual server you created (Programs > Administrative Tools > Internet Services Manager). This is usually the Exchange server itself. Find the HTTP virtual server you need to modify; right-click on the server and select Properties. Tab to the Directory Security property page and click the Edit button for Anonymous Access and Authentication Control. Make sure only Basic Authentication is selected. Click the Edit button for Basic Authentication and set the Domain Name to a backslash. Close the dialog box and that should do it.
You can also do the above while configuring a new HTTP virtual server (click the Authentication button on the Access property page), but I like to do it afterwards when the new virtual is fully created in IIS.
This is based on instructions given by Evan Morris in this Windows and .Net Magazine article.
4. How Do I
Troubleshoot RPC Over HTTP?
Check out this very useful Microsoft Knowledgebase article.
5. When Did the
Active Directory Connector Become a Part of Exchange Server?
The Active Directory Connector first saw the light of day in Exchange 2000. It continues to be available in Exchange 2003. [This is to correct the first sentence under “Active Directory Connector” on page 75. I didn’t update the sentence correctly when revising the content of “Mastering Microsoft Exchange 2000 Server” for “Mastering Microsoft Exchange Server 2003.”]
6. What Is the
Difference Between DNS and DSN?
DNS stands for “Domain Name System.” DSN stands for “Delivery Status Notifications.” DNS is the place a computer goes to resolve a domain name into an IP address or vice versa. DSN is an SMTP Virtual Server queue which holds nondelivery reports awaiting delivery. [This is to correct an erroneous item in the book’s index (page 778) that refers to the word DNS instead of the word DSN when indexing the section “DSN Messages Pending Submission” on page 445.]
7. Should I Be Able to Ping One of My New Servers Using Its Fully Qualified Public Domain Name After Following the Directions on Page 179?
Probably not. Assuming you followed the directions in the book and used a .local domain, you should only be able to ping the server as a member of its local domain (e.g. bg01.bgerber.local as opposed to bg01.bgerber.com). When your server is properly added to a public DNS (see the Note on page 411), you will be able to ping it using its fully qualified public domain name. [This is to correct an error in the last paragraph on page 179. I didn’t update the paragraph correctly when revising the content of “Mastering Microsoft Exchange 2000 Server” for “Mastering Microsoft Exchange Server 2003.”]
8. How Do I
Prevent A User from Sending or Receiving Internet (SMTP) Mail?
1.
Remove the user’s SMTP address or addresses on the
E-mail Addresses property page of the user’s Properties dialog box found in
Active Directory Users and
2. If you don’t have one, add an SMTP Connector (See Chapter 13, pages 447 – 457) and add the user to the Reject Messages From field on the Delivery Restrictions property page of the SMTPC. (See page 451.)
9.
Why Does An Exchange 2003 Server Installed on a Windows 2003 Domain
Controller Shut Down or Reboot So Slowly?
Windows 2003 DCs shut down faster than Windows 2000
DCs. This means that Active Directory
will usually shut down before the 4 core Exchange services have shut down. This leads the Exchange services to shut down
more slowly. The solution is to shut
down the core Exchange services before rebooting or shutting down the DC. You can do this by typing net stop MSExchangeSA /yes at a command prompt.
You can also create a batch file with this command in it and
double-click the file’s icon to shut down the Exchange services.
10. How Do I Create A New Mailbox As Per Page 273?
You must create a new user (User B) to create the new
mailbox (Mailbox B). You must then give access
permissions to the user who is going open Mailbox B (User A). You do this as follows:
Active Directory Users and
Add User A and
give Read and Full Mailbox Access permissions. Also use
the Advanced
button to give User A the same permissions as SELF, being
sure that
permissions apply to object, subcontainers and children objects.
11. How Do I Add Permissions to Create a Public Folder Using
Exchange System Administrator As Per Page 278?
Go to Folders > Public Folders in Exchange System
Manager and open the properties dialog box for Public Folders. Be sure to give
yourself standard and advanced permissions equivalent to Administrator.
12. How Do I Tell Outlook 2003 I Want To Have A Local Copy of My
Exchange Mailbox?
Check the box labeled Use Cached Exchange Mode on the
Server Settings page of the E-mail Accounts Wizard. [This is to correct Figure 10.12 and the related text in Chapter 10. In
the pre-release version of Outlook 2003 the checkbox was labeled Use Local Copy
of Mailbox.]
13. Why Can’t I
Search More Than One Public Folder Or Subfolder With Outlook?
If you try to select two public
folders or subfolders or a public folder and subfolder, a dialog box opens
saying “The folder you selected does not let you search other folders at the
same time. To search other folders, clear the check box next to this folder.”
This happens because only one public folder or subfolder can be searched at a
time with Outlook. You can select the Public Folders folder and
search all public folders. This is intentional and not a bug. You can search as
many non-public folders and subfolders as you want within a mailbox.
14. Where Can I Get More Help Installing
or Upgrading to Exchange 2003?
Check out the Exchange 2003 Deployment Guide.
15. How Do I Download POP3 E-mail From Other Servers
and Deliver It to Exchange Mailboxes?
Check here for a number of options.
16. How Do I Change user_name
as in the SMTP Address user_name@bgerber.com?
You do this by editing an Exchange recipient policy. Check here
for instructions. *** Be sure the recipient
policy that creates your new address is the first policy in the list. To change a policy’s place in the list,
right-click the policy and select All Tasks > Move Up or Move Down.
17. How Can I Emulate A List Server On An Exchange
200x Server?
This doesn’t allow users to auto-register for a list, but it works pretty well and the mailbox is subject to all virus and spam filters running on your Exchange server.
1. Create a mailbox (e.g., discussiraq).
2. Create a distribution group (e.g., discussiraqdist).
3. Create an Outlook rule for the mailbox that forwards all messages to the distribution group.
4. Add names of list members to the distribution group.
5. Tell all list members to send messages to the mailbox (e.g., discussiraq@bgerber.com – NOTE: this is not a valid address).
Any message sent to the mailbox will be forwarded to all members of the distribution group. When a member replies to a message from the mailbox, the address in the TO field will be that of the mailbox. If you simply send messages to a distribution list, when recipients reply to messages, replies only go to the person who sent the message to the list. Because you’re forwarding messages, you’ll see forwarding information in the messages. So the format won’t look as clean as with a list server.
18. What Spam Filters Are Available in Exchange 2003?
Chapter 18 (pp. 707- 709) covers two of the spam filters that are available in Exchange 2003: sender and connection filtering. A third filter is available, recipient filtering. You can see the tab for recipient filtering in Figure 18.14 on page 708. With recipient filtering you can prevent message coming in from the Internet addressed to a specific Exchange recipient. Both sender and recipient filtering support blocking or blacklisting. They don’t allow for whitelisting, which specifies senders or recipients whose messages are allowed to come through SMTP Virtual Servers. [This is to correct omission of recipient filtering in Chapter 18.]
19. Why Must The Forward and Reverse Lookups for My
Exchange SMTP Server Produce the Same Results?
More and more receiving SMTP servers are checking to see if the forward and reverse lookups for a sending SMTP server match. If they don’t, the receiving servers treat the contact as an effort to send spam using a spoofed e-mail address. Often these servers don’t mention spam. They might just tell you the e-mail address you’re trying to send to doesn’t exist or they might just cut off communications. If a forward lookup for mail.xyz.com returns the IP address 192.168.0.115, then a reverse lookup for the IP address should yield mail.xyz.com. ISPs get the forward lookup right, but they often use their own naming conventions for reverse lookups. So, the reverse lookup for mail.xyz.com might look something like this: adsl-192-168-0-115.dsl.lsan03.pacbell.net. You can check how your Exchange SMTP server is treated in forward and reverse lookups at http://www.dnsstuff.com/ (forward lookup = DNS Lookup = 1st item in 3rd column; reverse lookup = Reverse DNS Lookup = 2nd item in 2nd column). Have patience, dnsstuff.com isn’t available all the time. If forward and reverse lookups don’t match, ask your IPS to fix it so the reverse lookup yields the correct result. For one that works, forward lookup bgerber.com and use the IP address you get for the reverse lookup.
20. Why Do I Get an Error When I Try to Backup Both
the Exchange Information Store and the
See this Microsoft Knowledgebase article. The solution is to backup the information store and the system state separately. From my own experimentation, it appears that a single backup of both works fine, if the information store is backed up first followed by the system state. If the backup goes the other way, the backup fails. I don’t believe there’s any way to control the order of the backup. So, it’s best to backup each separately.
21. SMTP Messages Are Not Going Out Or Are Being
Returned And I Don’t Know Why. Help!
There are lots of reasons for this, but many have to do with the IP address of your SMTP server being designated as a spamming e-mail server. Mastering Exchange Server 2003 includes instructions for testing your Exchange server’s SMTP host’s link to another SMTP host using the Telnet command. You can actually see what the other SMTP host is saying to your host. Check it out at pages 465-467.
22. I Need Help Setting Up RPC Over HTTP
(ROH)
Check out the four URLs below. For
more detailed information, go to http://support.microsoft.com/search/?adv=1
and search for “rpc over http,” being sure to select “Exchange Server 2003” by
clicking “Specify a Product or Version.”
http://support.microsoft.com/default.aspx?scid=kb;en-us;840255&Product=exch2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;833401&Product=exch2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;833003&Product=exch2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;827330&Product=exch2003
23. How Do I Hide Address Lists From Certain Groups?
Check out this article.
24. How Do I Create The Equivalent of Exchange 2000’s
M: Drive in Exchange 2003?
See this Microsoft Knowledgebase article.
The drive can have any drive letter. So, I’ll refer to it as the “M:” drive. Be
careful when accessing the “M:” drive. Check out the Microsoft Knowledgebase on
cautions you must exercise with the “M:” drive. You can usually view items on
the drive, but don’t use the drive to backup and don’t write to it unless you
know what you’re doing. You could destroy all or part of one or more user
Exchange mailboxes.
25. The secedit
Command on Page 216 Returns a Syntax Error, Why?
Refreshes local and Active Directory–based Group Policy settings, including security settings. This command supersedes the now obsolete /refreshpolicy option for the secedit command.
/target:{computer|user}
Processes only the Computer settings or the current User settings. By default, both the computer settings and the user settings are processed.
/force
Ignores all processing optimizations and reapplies all settings.
/wait:value
Number of seconds that policy processing waits to finish. The default is 600 seconds. 0 means "no wait"; -1 means "wait indefinitely."
/logoff
Logs off after the refresh has completed. This is required for those Group Policy client-side extensions that do not process on a background refresh cycle but that do process when the user logs on, such as user Software Installation and Folder Redirection. This option has no effect if there are no extensions called that require the user to log off.
/boot
Restarts the computer after the refresh has completed. This is required for those Group Policy client-side extensions that do not process on a background refresh cycle but that do process when the computer starts up, such as computer Software Installation. This option has no effect if there are no extensions called that require the computer to be restarted.
/?
Displays help at the command prompt.
The following examples show how you can use the gpupdate command:
gpupdate
gpupdate /target:computer
gpupdate /force /wait:100
gpupdate /boot
|
Format |
Meaning |
|
Italic |
Information that the user must supply |
|
Bold |
Elements that the user must type exactly as shown |
|
Ellipsis (...) |
Parameter that can be repeated several times in a command line |
|
Between brackets ([]) |
Optional items |
|
Between braces ({}); choices separated by pipe (|). Example: {even|odd} |
Set of choices from which the user must choose only one |
|
|
Code or program output |
26. What Are Some Good Exchange Web Sites?
Jim Mcbee's web site: http://www.somorita.com
Check out the Windows & .Net
Magazine web site (http://www.winntmag.com/
and http://www.winntmag.com/MicrosoftExchangeOutlook/).
Be sure to get on the Exchange mailing list.
Keep an eye on http://www.slipstick.com and http://www.swinc.com/resource/resources.htm
TechRepublic also has some good
stuff. Go to http://techrepublic.com.com/
and search for what you need.
Guy Thomas's web site (especially
good for scripting, etc., but be sure to test his scripts carefully): http://computerperformance.co.uk