Fast, Flexible Deployment and Configure Exchange Server 2003 Smith Mangmeetakun Technology Specialist Microsoft (Thailand) Limited.

Fast, Flexible Deployment and Fast, Flexible Deployment and Configure Exchange Server 2003Configure Exchange Server 2003

Smith MangmeetakunSmith Mangmeetakun

Technology SpecialistTechnology Specialist

Microsoft (Thailand) LimitedMicrosoft (Thailand) Limited

AgendaAgenda Configure the common messaging tasksConfigure the common messaging tasks

Mailboxes & E-mail Management Mailboxes & E-mail Management Manage Message RoutingManage Message Routing Backup and Disaster PreparednessBackup and Disaster Preparedness Best Practice Validation: ExBPA (Exchange Best Best Practice Validation: ExBPA (Exchange Best

Practice Analyzer) Practice Analyzer) Messaging Hygiene (Anti-Virus & Anti-Spam) Messaging Hygiene (Anti-Virus & Anti-Spam)

Secure Implementing to publish Exchange Secure Implementing to publish Exchange Server to Internet Server to Internet

Fast & Flexible monitoring Exchange 2003 Fast & Flexible monitoring Exchange 2003 Health StatusHealth Status

Mailbox & E-mail ManagementMailbox & E-mail Management

The common problemsThe common problems Incompatibility MIME/Non-MINE Character set from Incompatibility MIME/Non-MINE Character set from

non-specific charset messagenon-specific charset message Thai (Windows-874) and UTF-8Thai (Windows-874) and UTF-8

Manage multiple e-mail domainManage multiple e-mail domain Disk Quota polity managementDisk Quota polity management Deleted itemsDeleted items Send/Receive message size policySend/Receive message size policy Distribution Group ManagementDistribution Group Management

Mailbox & E-mail ManagementMailbox & E-mail Management

Internet Message FormatInternet Message Format Multiple Mailbox StoreMultiple Mailbox Store Query-based Distribution GroupQuery-based Distribution Group

Management Message RoutingManagement Message Routing

The common problemsThe common problems Sending & Receiving message size restrictionSending & Receiving message size restriction Specific message routing pathSpecific message routing path Co-exist with another mail systemCo-exist with another mail system Bulk outgoing e-mail interrupt day-to-day operationBulk outgoing e-mail interrupt day-to-day operation

Note: First turn-on Connector Delivery Restrictions from Note: First turn-on Connector Delivery Restrictions from article 277872article 277872

Management Message RoutingManagement Message Routing

Send/Receive message restrictionSend/Receive message restriction Schedule Message DeliverySchedule Message Delivery

Backup and Disaster PreparednessBackup and Disaster Preparedness

Backup PreparednessBackup Preparedness Create and maintain a backup policyCreate and maintain a backup policy Separate Information Store and System State backup in Separate Information Store and System State backup in

Windows Backup 2003Windows Backup 2003 Do not overlook the IIS MetabaseDo not overlook the IIS Metabase

Disaster Recovery FeaturesDisaster Recovery Features Deleted Mailbox RetentionDeleted Mailbox Retention Recovering from a disasterRecovering from a disaster

Recovery Storage GroupRecovery Storage Group Dial-Tone methodDial-Tone method

Alternate Server RecoveryAlternate Server Recovery

Disaster Recovery Features Disaster Recovery Features Dial-Tone Method: What and How Dial-Tone Method: What and How

Purpose: to minimize user downtime when Purpose: to minimize user downtime when recovering from a backup.recovering from a backup.

Example situation: Corrupted Mailbox Store.Example situation: Corrupted Mailbox Store. Requirements (preparations):Requirements (preparations):

Recent backupRecent backup Cumulative log filesCumulative log files Recovery Storage GroupRecovery Storage Group

Exchange features used.Exchange features used. Recovery Storage GroupRecovery Storage Group Exmerge 2003Exmerge 2003 Mailbox Store re-creationMailbox Store re-creation

Recovering from a disasterRecovering from a disaster

Microsoft Exchange Server Best Practice Microsoft Exchange Server Best Practice Analyzer Tool (ExBPA)Analyzer Tool (ExBPA)

ExBPA is a diagnostic tool that will interrogate an Exchange deployment ExBPA is a diagnostic tool that will interrogate an Exchange deployment and gather configuration settings and perform tests and then analyze and gather configuration settings and perform tests and then analyze the results and generate a report on issues found.the results and generate a report on issues found.

ExBPA can be used in a variety of ways, including:

• As part of a customer health check, it can collect detailed information on a customer deployment and look for well-known miss-configuration issues or other problems.

• As part of a PSS issue, it can be used to do the initial data gathering from the customer and automate some of the analysis needed.

ExBPA ArchitectureExBPA Architecture

One tool runs against all versions of ExchangeOne tool runs against all versions of Exchange You generally install the tool on a Windows XP workstation, You generally install the tool on a Windows XP workstation,

and it remotely collects the dataand it remotely collects the data Don’t need to install any components on the serverDon’t need to install any components on the server

ExBPA is written in managed code (C#)ExBPA is written in managed code (C#) Input/output data model is XML basedInput/output data model is XML based Analysis engine is based on XPathAnalysis engine is based on XPath

Internet

ConfigurationHelp Detailed Articles

ExBPA Core Engine

Dispatcher

CollectorsAnalyzer

User Interface

Data FileInternet

ConfigurationHelp Detailed Articles

ExBPA Core Engine

Dispatcher

CollectorsAnalyzer

Data File

ActiveDirectory

ExchangeServer

ExchangeServer

ExchangeServer

ExBPA in actionExBPA in action

E-mail Hygiene E-mail Hygiene

E-mail hygiene is more than just AV/ASE-mail hygiene is more than just AV/AS Threats:Threats:

Virus infected e-mailVirus infected e-mail UCE/Spam e-mailUCE/Spam e-mail Denial of Service (DoS) attacksDenial of Service (DoS) attacks Mail bombing and NDR attacksMail bombing and NDR attacks Directory Harvesting Attacks (DHA)Directory Harvesting Attacks (DHA) E-mail impersonation (spoofing) and E-mail impersonation (spoofing) and

phishing attacksphishing attacks Unauthorized e-mail submission and relayUnauthorized e-mail submission and relay

Gateway Server Transport

Exchange Server 2003

Mailbox ServerStore

JunkMail

Folder

JunkMail

Folder

Inbox

Exchange 2003 OWA

Outlook 2003

SCL = Spam Confidence Level

Exchange/Outlook Anti-Spam IntegrationExchange/Outlook Anti-Spam Integration

Spam?

UserSafe & BlockedSenders

Exchange IMFISV Products

Allow/Deny ListsDNS

Block Lists

Recipient & Sender Filtering

Message + SCL

Spam?

UserSafe & BlockedSenders

Inbox

UserSafe & BlockedSenders

Overview of Exchange Server 2003 Overview of Exchange Server 2003 and antivirus softwareand antivirus software

File-level scannersFile-level scanners MAPI scannersMAPI scanners Virus scanning API scannersVirus scanning API scanners ESE-based scannersESE-based scanners

823166 Overview of Exchange Server 2003 and antivirus software

Email HygieneEmail Hygiene

Secure Implementing to publish Exchange Secure Implementing to publish Exchange Server to InternetServer to Internet

Integrated with ISA Server 2004 to provide following features:Integrated with ISA Server 2004 to provide following features: Mail Server Publishing Wizards:Mail Server Publishing Wizards:

OWA – Web browser clientsOWA – Web browser clients OMA, ActiveSync – PDAs, SmartPhones and other Windows Mobile OMA, ActiveSync – PDAs, SmartPhones and other Windows Mobile

devicesdevices RPC/HTTP – Outlook 2003RPC/HTTP – Outlook 2003 Full Outlook MAPI client – all versions of Microsoft Outlook (except Full Outlook MAPI client – all versions of Microsoft Outlook (except

Outlook Express)Outlook Express) Integrated SMTP ProtectionIntegrated SMTP Protection

Enforcing compliance of SMTP commands with Internet standardsEnforcing compliance of SMTP commands with Internet standards Blocking disallowed SMTP commands (e.g, NOOP)Blocking disallowed SMTP commands (e.g, NOOP) Buffer overflow protectionBuffer overflow protection SMTP message pre-screening and processor offloading with attachment SMTP message pre-screening and processor offloading with attachment

and keyword filteringand keyword filtering Firewall capabilities:Firewall capabilities:

Application layer inspectionApplication layer inspection Authentication solutionsAuthentication solutions Firewall protectionFirewall protection Logging and MonitoringLogging and Monitoring RPC filteringRPC filtering

ISA 2004 IntegratedISA 2004 Integrated

Exchange Management Pack for Microsoft Exchange Management Pack for Microsoft Operations managerOperations managerHelps Increase Server AvailabilityHelps Increase Server Availability

Included with Exchange Included with Exchange 2003*2003*

Out-of-box monitoring and Out-of-box monitoring and alerting for Exchangealerting for Exchange

Complete monitoring for Complete monitoring for solution: >1700 rulessolution: >1700 rules

Enhances server availability Enhances server availability through proactive server through proactive server managementmanagement

Provides monitoring of Provides monitoring of client, server and Active client, server and Active DirectoryDirectory

Built-in knowledge reduces Built-in knowledge reduces issue resolution timeissue resolution time

Exchange Management Pack for Exchange Management Pack for Microsoft Operations managerMicrosoft Operations manager

Session SummarySession Summary

This session demonstrate how to configure This session demonstrate how to configure your Exchange Server 2003 in a proper way to your Exchange Server 2003 in a proper way to help you meet the time constraint.help you meet the time constraint. Mailboxes Management Mailboxes Management E-mail management E-mail management Message Routing Message Routing Backup & Restore Backup & Restore Best Practice Validation: ExBPA (Exchange Best Best Practice Validation: ExBPA (Exchange Best

Practice Analyzer) Practice Analyzer) Messaging Hygiene (Anti-Virus & Anti-Spam) Messaging Hygiene (Anti-Virus & Anti-Spam) Integrated with ISA 2004 Integrated with ISA 2004 Integrated with MOM 2005 (Management Pack) Integrated with MOM 2005 (Management Pack)

© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

AppendixAppendix

XCON: Connector Delivery Restrictions May XCON: Connector Delivery Restrictions May Not Work Correctly Not Work Correctly

Disaster Recovery Features Disaster Recovery Features Dial-Tone Method: 4 StepsDial-Tone Method: 4 Steps

Exposing SCL (Spam Confidence Level) in OutlookExposing SCL (Spam Confidence Level) in Outlook

File-level scanners – Exclusion pathsFile-level scanners – Exclusion paths Exchange Resource SitesExchange Resource Sites

XCON: Connector Delivery Restrictions XCON: Connector Delivery Restrictions May Not Work CorrectlyMay Not Work CorrectlyPSS ID Number: 277872PSS ID Number: 277872

Start Registry Editor (Regedt32.exe). Start Registry Editor (Regedt32.exe). Locate and click the following registry key: Locate and click the following registry key:

HKEY_LOCAL_MACHINE/System/CurrentControlSet/SerHKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Resvc/Parameters/ vices/Resvc/Parameters/

On the Edit menu, click Add Value, and then add the On the Edit menu, click Add Value, and then add the following registry value: Value Name: following registry value: Value Name: CheckConnectorRestrictionsCheckConnectorRestrictionsData Type: REG_DWORDData Type: REG_DWORDRadix: HexadecimalRadix: HexadecimalValue: 1 Value: 1

Quit Registry Editor. Quit Registry Editor. Restart the Microsoft Exchange Routing Engine service Restart the Microsoft Exchange Routing Engine service

and the Simple Mail Transfer Protocol (SMTP) services and the Simple Mail Transfer Protocol (SMTP) services for this change to take effect.for this change to take effect.

Disaster Recovery Features Disaster Recovery Features Dial-Tone Method: 4 StepsDial-Tone Method: 4 Steps

1.1. Remove Corrupted database. Exchange creates Remove Corrupted database. Exchange creates a blank store (the “Dial-tone” database)a blank store (the “Dial-tone” database)

2.2. Restore from backup to Recovery Storage Restore from backup to Recovery Storage GroupGroup

3.3. Swap the Recovery Storage and Dial-tone files.Swap the Recovery Storage and Dial-tone files.

4.4. Exmerge Dial-tone database into Recovered Exmerge Dial-tone database into Recovered database.database.

Exposing SCL (Spam Confidence Level) Exposing SCL (Spam Confidence Level) in Outlookin Outlook

SCL.CFG:SCL.CFG:;**********The CFG file**********;**********The CFG file**********[Description][Description]MessageClass=IPM.NoteMessageClass=IPM.NoteCLSID={00020D31-0000-0000-C000-CLSID={00020D31-0000-0000-C000-

000000000046}000000000046}DisplayName=SCL Extension FormDisplayName=SCL Extension FormCategory=StandardCategory=StandardSubcategory=FormSubcategory=FormComment=This forms allows the SCL to be Comment=This forms allows the SCL to be

viewed as a columnviewed as a columnLargeIcon=IPML.icoLargeIcon=IPML.icoSmallIcon=IPMS.icoSmallIcon=IPMS.icoVersion=1.0Version=1.0Locale=enuLocale=enuHidden=1Hidden=1Owner=Microsoft CorporationOwner=Microsoft CorporationContact=Your NameContact=Your Name[Platforms][Platforms]Platform1=Win16Platform1=Win16Platform2=NTx86Platform2=NTx86Platform9=Win95Platform9=Win95[Platform.Win16][Platform.Win16]CPU=ix86CPU=ix86OSVersion=Win3.1OSVersion=Win3.1[Platform.NTx86][Platform.NTx86]CPU=ix86CPU=ix86

OSVersion=WinNT3.5OSVersion=WinNT3.5[Platform.Win95][Platform.Win95]CPU=ix86CPU=ix86OSVersion=Win95OSVersion=Win95[Properties][Properties]Property01=SCLProperty01=SCL[Property.SCL][Property.SCL]Type=3Type=3NmidInteger=0x4076NmidInteger=0x4076DisplayName=SCLDisplayName=SCL[Verbs][Verbs]Verb1=1Verb1=1[Verb.1][Verb.1]DisplayName=&OpenDisplayName=&OpenCode=0Code=0Flags=0Flags=0Attribs=2Attribs=2[Extensions][Extensions]Extensions1=1Extensions1=1[Extension.1][Extension.1]Type=30Type=30NmidPropset={00020D0C-0000-0000-C000-NmidPropset={00020D0C-0000-0000-C000-

000000000046}000000000046}NmidInteger=1NmidInteger=1Value=1000000000000000Value=1000000000000000;**********END CFG;**********END CFG

Exposing SCL (Spam Confidence Level) in Exposing SCL (Spam Confidence Level) in Outlook (cont)Outlook (cont)

1. Go into Tools | Options | Other | Advanced Options | Custom Forms | Manage Forms

2. Hit the Install button, and choose SCL.CFG …install into your Personal Forms Library

3. Hit OK several times to return to the main Outlook screen

4. Right-click on the Column headings in your Inbox (other any other folder) and choose "Field Chooser"

5. Pull-down the scroll-bar and choose "Forms…"6. Set focus to your Personal Forms, choose the SCL

Extension Form, then click Add7. Drag and drop the SCL property into your column

headings …and voila!

File-level scanners – Exclusion pathsFile-level scanners – Exclusion paths

Exclude the following foldersExclude the following folders Exchange databases and log files (Exchsrvr\Mdbdata)Exchange databases and log files (Exchsrvr\Mdbdata) Exchange MTA files (Exchsrvr\Mtadata)Exchange MTA files (Exchsrvr\Mtadata) Additional log files (Exchsrvr\server_name.log)Additional log files (Exchsrvr\server_name.log) The virtual server folder (Exchsrvr\Mailroot).The virtual server folder (Exchsrvr\Mailroot). The working folder that is used to store streaming .tmp The working folder that is used to store streaming .tmp

filesfiles The temporary folder that is used in conjunction with The temporary folder that is used in conjunction with

offline maintenanceoffline maintenance Site Replication Service (SRS) files (Exchsrvr\Srsdata)Site Replication Service (SRS) files (Exchsrvr\Srsdata) Microsoft Internet Information Services (IIS) system files Microsoft Internet Information Services (IIS) system files

in the %SystemRoot%\System32\Inetsrv folder.in the %SystemRoot%\System32\Inetsrv folder.

Exchange Resource SitesExchange Resource Sites Microsoft ExchangeMicrosoft Exchange

http://www.microsoft.com/exchangehttp://www.microsoft.com/exchange MS Exchange OrgMS Exchange Org

http://www.msexchange.orghttp://www.msexchange.org You Had Me At EHLOYou Had Me At EHLO

http://blogs.technet.com/exchange/default.aspxhttp://blogs.technet.com/exchange/default.aspx Exchange The BlogExchange The Blog

http://msmvps.com/exchangehttp://msmvps.com/exchange MS Exchange BlogMS Exchange Blog

http://hellomate.typepad.com/exchangehttp://hellomate.typepad.com/exchange