Saturday, February 25, 2006

Microsoft Logos

I just found the following link on Microsofts site. If your certified in Microsoft technology, there's a new way to download logos.


Tuesday, February 21, 2006

How to recreate Exchange IIS virtual directories

Brian Posey wrote an article that is worth taking note of. He explains how to recreate the IIS virtual directories for OWA. This can be useful if there is corruption in the metabase, or if data deletion occurs to the files and folders needed.
Link to the article:,295582,sid43_gci1167561,00.html?track=NL-368&ad=541160

Overview of steps:
1. Backup IIS - This will ensure that further damage isn't done
2. Delete all the IIS virtual directories
a. Exadmin, Exchange, ExchWeb, Microsoft-Server-ActiveSync, OMA, and Public directories.
3. Delete the DS2MB metadata using Metabase Exploerer (IIS Resource Kit)
a. DS2MB stands for Directory Service to Metabase. It exists to bring over configuration information from AD to IIS. Remember that some OWA administration is actually done through ESM. Those changes come over with the help of DS2MB. I'm assuming that when DS2MB is deleted, the virtual directories are repopulated using the information in AD.
4. Restart the System Attendant and/or reboot the server to recreate the virtual directories.
5. Reset permissions on the ExchWeb virtual directory.
a. The article recommends enabling anonymous access and integrated Windows authentication on the ExchWeb directory. Anonymous access was already enabled when I tried this in my lab, and Integrated Windows Authentication was not needed.

KB Articles:
Overview of DS2MB
How to reset default virtual directories that are required to Provide Outlook Web Access, Exchange ActiveSync, and OMA

Monday, February 20, 2006

Delegating Admin Tasks

I'm a big fan of delegating only the admin rights that people need. It's easier to just give everyone full rights, but that's not very Elegant. Anyway, I read an article at today that corvers how to create a taskpad to delegate common administrative tasks.

Friday, February 17, 2006

HP Remote Management / ILO

Had an issue today where we needed to change the IP address of the ILO card. Normally, this can be done through one of two ways:
1. Through the ILO interface
a. https://iloipaddress
2. By rebooting the server and pressing F8

Neither of these methods was an option which allowed us to find a Utility from HP called "HP Lights-Out Online Configuration Utility." Its basically a command line tool that takes an XML file as input for ILO configuration settings. To get the utility to work, we had to install the following:
1. HP Proliant iLO Advanced and Enhanced System Management Controller Driver
2. HP Proliant Integrated Lights-Out Management Interface Driver
3. HP Lights-Out Online Configuration Utility
4. HP Insight Diagnostics Online Edition

Not sure which ones are needed, but the utility wouldn't work untill we installed all of the above.
Steps to change IP address:
1. C:\>hponcfg /w ilo_ip.xml - Exports configuration
2. Edit ilo_ip.xml to reflect new IP address
3. C:\>hponcfg /f ilo_ip.xml - Imports configuration

In the documentation, I also saw that this could be used to change the password.

Tuesday, February 14, 2006

Troubleshooting mail delivery and queues

Had an issue late this afternoon where the queue "messages awaiting directory lookup" had over 5K messages in it. I wanted to point to the following documents which detail how to troubleshoot each queue:
Troubleshooting Mail Flow and SMTP
Exchange Transport and Routing Guide
Modifying Logging Settings for MSExchangeTransport
Exchange Transport and Routing Guide

Basically, Queue buildup in "messages awaiting directory lookup" is related to AD connectivity. Here's a couple of ways to test AD connectivity:
telnet dcname 389 / 3268 (dc / gc)
lpd dcname 389 / 3268 (dc / gc)
dcdiag dcname

It turns out that one of the sites only has a single domain controller, which was probably overwhelmed. Lesson: Exchange needs at least two domain controllers local to it's site. Connectivity re-established by itself, but the queue continued to grow. We tried restarting the SMTP service, but it was stuck in a stopping state. There's a couple options available for this situation:
1. Force the smtpsvc to stop:
sc stop smtpsvc /force

2. Issue an iisreset /restart command which will bring down all the services related to inetinfo.exe (including SMTP).
IIS Library
It's important to note that if IISreset cannot bring down inetinfo.exe gracefully, then it will force it to stop. This can be avoided by providing the /noforce switch.


Friday, February 10, 2006


Consolidate Two Groups
I came across two queries that I wanted to pass along. The first allows you to consolidate groups. The query was posted by Mike Thommes who found it in a posting by Jerold Schulman. Here is my modified version

dsquery group -name GrpConsolidate **gets the DN of the target group
dsget group %groupdn% -members **get the members of the group
findstr /I /V /L /G: **regardless of case, print only lines that do NOT contain a match, and search strings literally, in file
dsmod group %groupdn% -addmbr **addms members to the group

Below is a combinations of these scripts to get everything to work.

c:\>dsquery group -name GrpConsolidate dsget group -members > c:\temp\target_group_members.txt

c:\>dsget group %sourcegroupdn% -members findstr /I /V /L /G:c:\temp\target_group_members.txt dsmod group <%targetgroupdn% -addmbr

The second query was from a request I made to the Exchange newsgroup on I needed to find a generic way to populate a group from a text file with SMTP addresses. Here's what Joe Richards (Joeware), and Michael B. Smith helped me develop:

Copy A Group
c:\>dsquery group -name [groupname]
-This will give you the dn of both groups

c:\>dsget group [sourcegroupdn] -members > c:\source_group_members.txt
- exports the DN of all the members to a text file

c:\>for /f %i IN (source_group_members.txt) do dsmod group [targetgroupdn] -addmbr %i
- parses through the text file and adds each DN to the variable %i, then the value of %i is passed to the dsmod query.


Create a group from a list of SMTP addresses

-- ReadSMTP.cmd --
for /f %%V in (smtp.txt) do dsquery * forestroot -q -filter "&(objectCategory=user)(proxyaddresses=smtp:%%V)" -attr distinguishedName >> UserDN.txt
-- ReadSMTP.cmd --

-- FillGroup.cmd --
for /F "delims=;" %%V in (userdn.txt) do dsmod group "[Group DN]" -addmbr %%V -q
-- FillGroup.cmd --

The same could be done using adfind and admod from I decided to use the ds* tools because they don't required the download and I wanted to keep it simple. Basically, I needed to hand this task off to another admin and I thought a script might complicate things.

How to use DSAdd to create multiple accounts.


C:\>for /f %i IN (userdn.txt) do dsadd user %i -pwd Password1

On a side note, if there is a space in the DN, you'll have to specify no delimeter (the default delimeter is a space)
C:\>for /f "delim=" %i IN (userdn.txt) do dsadd user %i -pwd Password1

Wednesday, February 08, 2006

Transaction Logs

If a backup is completing successfully, Exchange will flush all logs that have been committed to the database. So normally, all committed transaction logs will be flushed if:
1. All databases in the Storage Group are backed up
2. All databases in the Storage Group are mounted during the backup

The store determines what logs will be deleted by looking at the first log that has not yet been committed and deleting all log files previous to that. You can view the first uncommitted transaction log by running eseutil /mk on the checkpoint file.

After the backup completes, ESE Event ID 224 will be logged telling you what series of transaction logs will be deleted: If eseutil /mk E01.chk outputs E010000G then E0100005 - E010000F will be deleted. The purging process is sequential and will purge all log files in the series with one caveat - the purge process will stop if it goes to delete a log file that is missing. So in the above example, if log E010000A is missing, then only logs E0100005 - E0100009 will be deleted. In this scenario, after the next backup, Exchange will again try and purge all log files that have been committed. This time eseutil /mk E01.chk outputs E01000016 as the uncommitted log file and therefore E010000B - E0100015 will be purged.

If transaction logs are not purging, sooner or later you'll run out of disk space. If you have to create space in a hurry do not move the log files, compress them (in my lab I've seen 3 GB worth of log files compress to 1.5 GB). For recovery scenarios and for the purge process to complete successfully, do not move the transaction logs.

Transaction logging in Exchange server 2003:

Using ESEUTIL to determine which transaction logs have been committed:

How to remove Exchange server transaction logs:

Message Restrictions and Size Limits

Interesting read about how Exchange applies message restrictions / size limits.
Exchange Insider
It's important to note that for internal messages, the restriction setting on individual accounts trumps global settings.
For Internet email, global settings are applied: 322679


Tuesday, February 07, 2006

Free IPod...??

Hey [friend's name], Check out this site
Click here:

Wednesday, February 01, 2006

Designing Storage for Exchange 2003

Exchange Storage Design

The point of proper storage design is to ensure that each users gets enough IOPS. Consider the IOPS that the storage can provide:
* RAID 10 ( 2R 1W) RAID 5 (4R 1W)
* 15K rpm disks - 180 IO/second Before Controller
-Maximum Throughput = 180 X 80% (buffer) X .75 (RAID Factor) = 108 IO/second
-RAID 10 Factor = (R + W)/(R + 2W)
-RAID 5 Factor = (R + W)/(R + 4W)
* 10 Disks at RAID 10 - 1080 IO/second (Max IO/second that the disk will give you)
Using the example above, 1000 users would be able to receive 1.08 IOPS each.

JetStress can also be used to verify that 10 (15K RPM) disks at RAID 10 successfully sustain 1080 IOPS. Increasing the threadcount of JetStress will determine the most IOPS that those 10 disks can give you. As the thread count is increased, it's expected that the IOPS will not go above 1080.

Also, don't forget to consider IOs per database (since databases will be on seperate disks). If you pace 500 users on one database and 1500 on another, you will not achieve the required IOPS/user.

How many disks are needed?
To work this backwards we would need to following information:
* Mailboxes per server 1000
* Users I/O profile - 1.5 * IOPS = 1000 * 1.5 = 1500
*Read ratio(4 / (2+1) = .8
*Write Ratio (1 - .8) = .2
*RAID PENALTY for RAID 10 - 2 - Each write requires 2 disk I/O

(IOPS X Read Ratio) + [RAID Penalty](IOPS X Write Ratio)
Spindle Speed Behind Controller (180)

*Result = 1800 / 180 = 10

Exchange Team Blog - Disk Sizing
Exchange Team Blog - Disk IO
Petri - Exchange Sizing