Exchange can be uninstalled through GUI and Add/Remove. Before uninstalling Exchange, the following needs to be done:
1. We should move the mailbox to other server
2. Sometime there could be mailboxes left in ADUC or there could be some orphan entries, in this case:
a. Run LDAP query to check these user entries by running the LDP command.
To manually remove the Exchange,
· Follow KB Article 260338 to remove registry entries
· Remove exchange reference from ADSIEDIT by following KB Article 833396, though this article is for E2K3, but the same follows for E2K as well/
· ldifde command can be used to export user accounts:
ldifde –d “distinguished name” –f
Single Instance Storage [SIS]
If the same email is sent to multiple recipient then only one instance of the data being sent to users. This saves the size of database instead of having multiple instances of data in the same database.
If mail is sent to users in 2 different storage groups then we have 2 instances of the same mail. If user deletes the mail, only then the pointer of that mail to that user gets deleted.
Defragmentation
Also known as Offline Defragmentation. The following command is used:
eseutil /d “path of the edb file”
the speed of Defragmentation is 4 to 5 GB per hour.
As shown in the above figure, two mails 4 and 5 get deleted as a result white spaces are created. Defragmentation removes these white spaces resulting in decreasing the size of the database.
Logical size of the database: the actual content present in the database that might or might not include the white spaces.
Physical size of the database: the actual size of database.
White spaces must be removed from the database to avoid db corruption. To check the white spaces in the database, the following command is used:
eseutil /ms “path of edb file”
Defrag requires free space equivalent to 110% of the database size. For example the size of database is 50 GB, then 55GB free hard drive space must be there to run the defrag utility. On completion of defrag, the isinteg command needs to be run which removes pointers from table entries that are already deleted.
Isinteg –s
EXMERGE Utility
· Helps in importing / exporting multiple PSTs
· Breaks SIS. Increases the database size. Need to consider the database size in standard version before importing PSTs.
· Exmerge knows which PST is related to which mailbox
· Users whose PST are imported must have mailbox connected to them
· Before running the Cleanup Agent, must check the retention limit or else if limit set to zero, then the mailbox will get deleted permanently.
· To run Exmerge, 2 permissions are required: “Send As” and “Receive As”. These permissions are given in mailbox store in which there are user mailboxes.
Mailbox store properties – Security Tab – Administrator account – check in permissions send as and receive as
· When permissions are grayed out, it means it is explicit permission coming from parent (inherited).
To see the snapshots of Exmerge utility, Click here
ExBPA Utility
· Analysis Exchange Infrastructure
· Highlights the problems
· Performs Health Check
MBCONN Utility
Reconnects multiple users and create multiple AD users
Helps in creating a txt file through which multiple users can be created in active directory using ldifde command.
Ldifde –I –f “path of the textfile.txt”
EXCHANGE AND ANTIVIRUS
Pre-requisites before installing antivirus:
Antivirus must be exchange aware
Email sent or received is passed through a smartserver. There is Spam fighting agents like antivirus that checks the email is valid or not. Antivirus installed on exchange server gets integrated with information store services [MSExchangeIS]. We can check the virus scan key under MSExchangeIS. The value of this key must be set to zero.
Antivirus must not scan exchange related folders like
Installation folder
Database
Log Files
Inetsrv folder (Contains IIS database)
PUBLIC FOLDERS
By default public folder store is created when exchange is installed
Public folders are used to publish common information at organisation level.
Two components of PF: Public Folder Store and Public Folder Tree
Public folders are email enabled.
By default, every user is able to see public folders and add information to it by posting a message or creating new folders.
A child public folder cannot be created by anyone else apart from the owner, unless permissions are given.
Anything created in public folder is a “POST”
Any folder created in Outlook or at server is only a PF Tree or structure, the content gets stored in the public folder store (database: pub1.edb and pub1.stm)
PF Tree is also called as MAPI tree as it can be accessed through Outlook
Each PF store has one associated PF Tree.
The default PF Tree is a MAPI Tree. MAPI Tree is unique to the organisation.
NON=MAPI Trees can be created and accessed through OWA
By default, Public Folders are hidden from GAL. To view the same:
Public Folder properties – Exchange Advanced Tab – Uncheck “Hide from Exchange Address List
There are 3 types of permissions in Public folder: Client Permission, Directory Rights and Administrative Rights
There are four major categories of roles in Client Permission: None, Owner, Author, Publisher, and Contributor. These roles can be set to users based on which they can edit, create or delete Public Folders. Permissions can also be set for users who should not have access to these folders.
Event ID: 1216 for standard edition and Event ID: 1217 for enterprise edition
REPLICATION OF PUBLIC FOLERS
Public Folder properties – Replication Tab – Add the second server – Apply – Ok [Replication starts between the two servers]. Users of the 1st server take a lot of time to access the content of the public folder in the second server and vice versa, to avoid this latency, replication is done.
Replication of Public Folders is scheduled with lowest priority.
To check replication, increase the diagnostic logging of MSExchangeIS with relevant category to maximum [KB Article: 842273]
Replication happens with mail flow.
Like USN, CN [Content/Change Number] tracks down the list of changes made on any server.
Information Store creates CN for any change in public folder
This message is sent to all servers which have the replica of the affected public folder
Exchange treats these messages as system messages and are addressed to system mailbox. It contains data in binary form.
As per replication schedule the information store sends all replication messages out to other servers.
Receiving servers accept the replication message and CN is compared to their existing CN, hence the PF is updated with changes.
If CN list indicates that other replicas have newer update than available on server, the server requests a backfill.
Public folder store is a database whose folders are by default have access to all email enabled users in the organization. The user when opens his profile in outlook is always able to see the Top Level Hierarchy
PF has three types of replications - namely hierarchy, content and backfill. There is event id attached to each one of them, which indicate the working of the same.
Hierarchy - 3018 and 3028 for outgoing messages and incoming messages respectively. This replication is done at the organization level for public folders. All folders created within the default Public folder (MAPI) are visible to all users. The hierarchy replication by default is done every 5 minutes.
Content - 3020 and 3030 for outgoing messages and incoming messages respectively. The content of the public folder store is not replicated by default, a replica of the exchange server needs to be created in the replica tab of the public folder so that the pf store contents can be replicated. This is done to avoid latency in bandwidth and to avoid any failures in any of the exchange servers. Though, even without replication, the content of the folder can be visible, but could take a long time to access. The content replication is done every 15 minutes.
Backfill - 3014 and 3024 for outgoing and incoming messages request respectively. / 3019 and 3029 for outgoing and incoming messages response respectively. This replication is done automatically when content replication is taking place. If there is any kind of miss in the sequence of pages being replicated, the backfill replication contacts the source server by sending a message that the missing page was not received and the source resends the same.
Status – 3017 and 3027 for outgoing messages and incoming messages respectively. Tells the other server whether the store is alive or not.
TROUBLESHOOTING PF REPLICATION [KB Article: 842273]
1. Check for latest service packs and hotfixes installed.
2. Check the mail flow between the two exchange servers by sending mail from one user to another.
3. Check PF Configuration [proxyAddress attribute ]
4. Check the replica entry. Use PFDAVAdmin tool.
5. Enable diagnostic logging on both servers to maximum to check event IDs
6. Post an item so that all events could be tracked
a. Event ID: 3018 on source server for hierarchy replication
b. Event ID: 3028 on destination server for hierarchy replication
c. Event ID: 3020 on source server for content replication
d. Event ID: 3030 on destination server for content replication
e. Event ID: 3014 on source server for backfill request replication
f. Event ID: 3024 on destination server for backfill request replication
g. Event ID: 3018 on source server for backfill response replication
h. Event ID: 3028 on destination server for backfill response replication
i. Event ID: 3017 on source server for status replication
j. Event ID: 3027 on destination server for status replication
7. Modify any old public folder
8. Enable Message tracking on both servers and then check from message center as to where the message is being stuck.
10. If message stuck in local delivery queue – override permission by adding a DWORD skipPublicMDBRestriction and set value to 1. [KB Article: 830181]
11. Check authentication level “integrated with windows” must be checked.
12. If the message indicates some other name apart from the target server, check for “smarthost”.
13. Ask for any other server hosted, if yes, then remove the entry of that server from smarthost field and create a SMTP connector (routing groups) and mention the name of that server. By this way, the smarthost will be bypassed for replication.
14. SMTP service routing engine must be restarted.
15. Check for any antivirus installed and temporarily disable the same.
PFDAVADMIN Tool
Add/Remove replica in multiple public folders
If some folders do not replicate after making changes, the item level permissions can be checked.
Set limit on specific folders
Check DACL [Discretionary ACL] for damaged permission so as to bring default permissions back
Recover deleted folders [will be visible in the tool in red color]
Can give client permissions on specific folder.
RECIPIENT UPDATE SERVICE [RUS]
RUS stamps the email address but recipient policy defines which email address is assigned to mailbox based on filter [LDAP Query].
Filter defines which email address is to be stamped on which user.
Default email policy: usermailboxname@domainname applicable on all mailboxes and mail enabled groups.
RUS has a ABV_DG.DLL file that gets loaded in memory when system attendant service is running and RUS starts working.
RUS stamps an email after every 15 minutes.
Email Address Policy: By default all email stamp applicable to all mailboxes in an organisation
Primary SMTP: It shows senders email address. At any given time there can be only one primary SMTP. The user can send email only through this.
Secondary SMTP: when multiple users send email to my different email addresses, yet I receive all of them in my mailbox. For example, my primary email account – rd@wipro.com and I want that if people send mail to my other account rd@support.wipro.com I should be able to receive them in my primary mailbox.
Can have multiple email addresses associated with one mailbox
Can define unlimited secondary email addresses
Cannot send mail through secondary email address
Default Policy properties – select email address policy tab – click on new button – define secondary address – secondary email address in small letters (we can set secondary email to primary)
For example there are some users in US and some in India and want different email addresses like
For US users: @wipro.co.us
For Indian users: @wipro.co.in
In the above scenario, new Recipient policy needs to be defined.
Right click on Recipient Policy – New Recipient policy – select Email Address check box – give any name – define LDAP Query – click Modify button – select Advanced tab – select field and search users who are in US – define new email address: New LDAP Query is generated. Users that get filtered with this query get the secondary email address from default policy. Recipient policy with highest priority will apply first for the user.
The LDAP filter Attribute is PURPORATEDSEARCH
GLOBAL ADDRESS LIST [GAL]
Address List is a logical grouping of users of similar types based on criteria.
All email enabled / exchange recipients are listed in GAL.
Contains address list of all users, groups, contacts and public folders
showInAddressBook attribute contains the distinguished name of GAL or address list to which the user belongs.
OFFLINE ADDRESS BOOK [OAB]
If the outlook profile is configured in cache mode then OAB can be checked in local account folder.
OAB is updated through a mail message sent by Exchange to OAB folder under system public folder.
OAB provides access to GAL when user is offline
OAB does not have its own filter.
Outlook must be configured in cache mode to view OAB.
SYSTEM POLICY
To make management of mailboxes easy like setting limits on mailboxes on different stores
There are three types of system policy, namely:
Server Policy
PF Store Policy
Mailbox Policy
Some Attributes STAMPED by RUS
showInAddressBook
HomeMDB: defines user resides in which store. Contains the distinguished name of the mailbox store. Domain partition
ProxyAddress: defines email address types like SMTP and X.400
mail: displays email address of user
msExchHideFromAddressList: if value set to TRUE, then that user or public folder will not be listed in GAL and will also remove entries from showInAddressBook attribute.
For mail enabled recipients, three important attributes are:
mailNickName: contains the first part of the email address
LegacyExchangeDN: defines the organisation name, AG name and alias of the users, groups and public folders. Incase of PF, instead of alias name the GUID is displayed.
displayName: displays only alias
msExchHomeServerName: shows user belongs to which server.
hideDLMembership: the value is set to TRUE for those users who should not be able to see the complete GAL. for example, users in the sales department should be able to see users in their department only.
Difference between Enterprise RUS and Domain RUS
Enterprise RUS is created with the first exchange server in the forest. Like PF store, System Attendant and MTA are mail-enabled objects at the enterprise level. This is updated when there is a change in the recipient policy and modifications in the forest. It will stamp email to those objects that are present in the configuration partition.
Domain RUS is responsible only for a single domain. It cannot stamp child or trusted domain. Stamps the proxyAddress (based on recipient policy) of the users and groups. Updates everytime a user is created, deleted or modified. It will stamp email to those objects that are present in the domain partition.
Working of RUS
Open RUS property and check that it is pointing to the functional exchange server and Domain Controller.
Update interval should be “Always Run”
Force RUS by selecting “Update Now” – will stamp only those user objects are have been newly created or not have been stamped. Attribute: msExchReplicateNow – value will be set to TRUE.
“Rebuild” option can also be forced – will stamp all the users in the address list, right from the beginning. This is not recommended as when rebuild is working, nothing else can be done on the server. Attribute: msExchDoFullReplication – value will be set to TRUE.
msExchPoliciesIncluded: contains the objectGUID of policy followed by a user.
msExchPoliciesExcluded: contains the objectGUID of policy not followed by a user. These two attributes are checked in domain partition for a particular user, group, PF or contact.
TROUBLESHOOTING RUS
check configuration
Check replication. [dcdiag and netdiag]
check proxyAddress
remove garbage value from gatewayProxy
policy
check GAL
Check the filter
Run policytest
Dial-Tone
Dial-tone is method of restoring a corrupted database using the recovery storage group (E2K3).
1. Dismount the store
2. Move the database (edb and stm) files and log files (if any) to a different location.
3. Mount the store. Though the store will be blank yet the mail flow would start.
The dial-tone database is running.
4. Create a Recovery Storage Group.
5. Add the database making sure the path is where the db files were moved to. Make sure the database can be overwritten is checked.
6. Restore the database using the ntbackup tool.
7. check the state of the database – Clean shutdown. Try to commit all log files.
8. Use the Exmerge utility to merge the restore database with dial-tone database.
9. Dismount the dial-tone store.
10. Mount the recovery store
When DB size is reached 16 GB in standard version, stores get dismounted
Increase the size of database by 1 GBCurrentControlSet / Services / MSExchangeIS /
Mount the stores
Stop the SMTP service so that there is no mail flow.
Set the mail retention limit to zero
Ask users to delete unwanted emails
Force Online Maintenance to run. This will create whitespaces in the database for deleted mails. It generates Event ID: 700 and when finished event ID: 701 and 1221 is generated. Online Maintenance is also called as Online Defragmentation.
Dismount the stores
Run Offline Defrag to delete whitespaces.
Remove the registry entry.
Mount the stroes.
[1] For each store there is a separate GUID in registry under PrivateGUID. This GUID can be matched with system mailbox GUID for that store.
No comments:
Post a Comment