Monday, 17 October 2011

Collection: Exchange Server 2003 (3)

101.      What is a Smart Host? Where would you configure it? 
Smarthosts are used to connect Exchange Server to an external (to the organization) messaging system. Typical use of a smarthost involves relaying outbound SMTP email to a non-Exchange SMTP host in perimeter networks; or to an ISP or hosted service provider that may offer functionality like mail relaying and spam and virus scanning

A smarthost is a common term for a server that accepts outbound mail and passes it on to the recipient.

A smart host is a type of mail relay server which allows an SMTP server to route e-mail to an intermediate mail server rather than directly to the recipient’s server. Often this smart host requires authentication from the sender to verify that the sender has privileges to have mail forwarded through the smart host. This is an important distinction from an open relay that will forward mail from the sender without authentication. Common authentication techniques inc Set Up Private Outbound DNS
Route mail to Outbound Services by setting up an external DNS server. For an overview of Private Outbound DNS concepts, see Alternate Option: Set up Private Outbound DNS.

Select the Start Menu -> Programs -> Microsoft Exchange -> System Manager.
Expand the top level -> Servers -> <Your Mail Server> -> Protocols -> SMTP.

Right-click Default SMTP Virtual Server & select Properties.

Click the Delivery Tab.

Click Advanced to go to the Advanced Delivery dialog box.

If you have a Smarthost set to point to Outbound Services for mail filtering, clear the Smarthost. The Private Outbound DNS will replace your Smarthost for routing.
Click Configure.

Click Add and enter the appropriate IP address for your system. Click OK.

The appropriate IP address depends on your system. To find what system to use, see Identify Your System.
IP Address to use for Private Outbound DNS

Click OK again. You should see your IP address listed as an External DNS.

Click OK twice to return to the System Manager.
In System Manager, restart your mail server.
 lude SMTP-AUTH and POP before SMTP.
102.      What are Routing Groups? When would you use them?
Routing groups   These are logical group of servers based on the company’s physical topology, used to control mail flow and public folder referrals. Routing groups share one or more physical connections. In a routing group, all Exchange servers communicate and transfer messages directly to one another, using Simple Mail Transfer Protocol (SMTP) virtual servers. In a native mode organization, routing groups can include servers from different administrative groups. However, in a mixed mode organization, routing groups cannot span multiple administrative groups, due to backward compatibility with Exchange Server 5.5. This is because the routing topology in Exchange 5.5 is defined by sites, and sites provide the functionality of both the administrative group and the routing group.
103.      What are the types of Connectors you can use in Exchange?
Routing group connectors   A routing group connector enables message transfer between two routing groups. The following Exchange connectors can be used to establish message transfer paths between routing groups:
Routing group connectors   A routing group connector provides a one-way connection path in which messages are routed from servers in one routing group to servers in another routing group. Routing group connectors use Simple Mail Transfer Protocol (SMTP) to communicate with servers in connected routing groups. Routing group connectors provide the best connection between routing groups.

SMTP connector   An SMTP connector can be used to connect routing groups, but this is not recommended. SMTP connectors are designed for external message delivery. SMTP connectors define specific paths for e-mail messages that are destined for the Internet or an external destination, such as a non-Exchange messaging system.
X.400 connectors   Although you can use X.400 connectors to connect routing groups, X.400 connectors are designed to connect servers running Exchange with other X.400 systems or to servers running Exchange Server 5.5 outside an Exchange organization. A server running Exchange Server 2003 can then send messages over this connector using the X.400 protocol.

Connectors to non-Exchange messaging systems  
These connectors support message transfer and directory synchronization between Exchange and non-Exchange messaging systems. When appropriate connectors are implemented, the user experience is similar on both messaging systems and the transfer of messages and other information between the Exchange and non-Exchange messaging system is transparent to the user. However, some message properties might be lost during message conversion from an Exchange format to a non-Exchange format, or vice versa.

Using X.400 Connectors
In the beginning of this chapter, you learned that the X.400 MTA handles message transfer both within the organization and to servers outside it. Normally, the X.400 message transfer is handled within routing groups and not between them. You can, however, configure X.400 connectors to connect two routing groups in the same Exchange organization. The primary reason to do this is when you need to strictly control bandwidth usage between the routing groups. You can also use X.400 connectors to connect an Exchange routing group with a foreign X.400 messaging server.
The key reason for using an X.400 connector instead of another type of connector is that the X.400 connector incurs less overhead than other connectors when sending large messages. This means that sending large messages through an X.400 connector requires less bandwidth than sending the same messages through other types of connectors.
Understanding X.400 Connectors
Because X.400 connectors are more complex than other types of connectors, they're difficult to use. Unlike other connectors, X.400 connectors have several variations, including these:
TCP/IP X.400 connectors Used to transfer messages over a standard TCP/IP network. Use this connector when you have a dedicated connection such as a T1 line. Because most X.400 messaging systems support TCP/IP, this is the most common type of X.400 connector used.

X.25 X.400 connectors Configured to connect to an X.25 adapter on a remote mail server. With this connector, you can support standard X.25 protocols as long as an X.25 adapter is available and you know the X.121 address of the remote server.
Before you configure an X.400 connector, you must install and configure an X.400 transport stack that is the same type as the connector. The transport stack contains configuration information that the connector needs to properly transport messages. The available transport stacks include the TCP/IP X.400 stack and the X.25 X.400 stack.

104.      What is the cost option in Exchange connectors?
          Cost is used to detect the best path.

105.      What is the Link State Table? How would you view it?
          Link State Algorithm (LSA)
It contains information about whether the Link is up or down. It is very similar to OSPF protocol. Every 60 seconds it updates this information.

Exchange Server 2003 determines the route that an e-mail must take based on the status and availability of connectors between different routing groups and to external messaging systems through an SMTP connector or other connectors.
Every exchange server stores its status information in a Link State Table (LST). The Link State Table is a small table which requires about 32 bytes per entry which is held in the Exchange Servers' RAM.
All information will be collected by the Routing Group Master (RGM) of the routing group. The Routing Group Master uses TCP Port 691 to talk with other exchange servers in the routing group and is responsible for generating / updating the LST and for the distribution of the LST to each exchange server in the routing group.
The updated LST is propagated to other routing groups through Bridgehead Servers. The Routing Group Master (RGM) then sends the updated information to the Bridgehead Server, and then the Bridgehead Server sends the information to Bridgehead Servers in other Routing Groups over TCP Port 25.

Figure 6: Link State Table
The Link State Table lists all connectors, and their status, in an Exchange Server 2003 organization. The following information is included in the LST:
Link status
There are only two states for any given link: up or down. For this reason, connection information, such as whether a link is active or in a retry state, is not propagated between servers running Exchange Server 2003, and it is only available on the server involved in the message transfer. Exchange Server 2003 only considers routing messages by using connectors with a link status of up.
Link cost
The Link State Table stores costs for each connector. Exchange Server 2003 uses the cost values stored in the link state table to select the least cost route for a message. Costs are configured on each connector, and Exchange Server 2003 records them in the Link State Table.

106.      How would you configure mail transfer security between 2 routing groups?

107.      What is the Routing Group Master? Who holds that role?
          When you create a routing group, the first server in that routing group is assigned the role of routing group master. The routing group master maintains current link state information for its routing group and propagates it to the other servers within the routing group.

108.              What is DS2MB?
Directory Service/Metabase Synchronization process (DS2MB process). In short the DS2MB process overwrites new configuration information in the local metabase (the metabase is kind of a registry for IIS) with configuration information that was last set in Active Directory by using the Exchange System Manager snap-in.

DS2MB is short for Directory Service to Metabase and the purpose of this process is to transfer configuration information from Active Directory to the IIS Metabase. The configuration is stored in the IIS Metabase instead of the registry mainly for performance and scalability reasons. The DS2MB process is a one-way write from Active Directory to the IIS Metabase, which means that the Metabase never writes back to Active Directory.
This can be done either by using the Metabase Explorer tool form the IIS 6.0 Resource Kit, or by using ADSUtil which by default is located in the AdminScripts folder under Drive:\Inetpub. Lastly there’s a method which involves editing directly in the Metabase.xml file using Notepad or a similar text editor.

DS2MB is synchronizing exchange configuration setting in AD to the IIS Metabase. It depends upon Netlogon service, when changes take place in AD, DS2MB job to replica the changes to Metabase, when changes happens DS2MB gets notified within 15 Seconds.

Remember for you interview one day with Microsoft (-:

Metabase update service, also referred to as the directory service/metabase synchronization process, or DS2MB (because this process is implemented in DS2MB.dll) is a component in Exchange Server 2003 that is used to synchronize several Exchange configuration settings in Active Directory with counterpart settings in the IIS metabase. The function of DS2MB is to replicate configuration information from Active Directory to the local IIS metabase.

The DS2MB process copies entire subtrees from Active Directory, without changing the shape of the subtree. This is a one-way write from Active Directory to the metabase; the metabase never writes to Active Directory. The DS2MB process does not add or compute any attribute when copying. The paths in the metabase are called keys. Properties can be set at each key, and each property can have attributes that customize that property. All identifiers that are present in the directory service image of the subtree are required in the metabase, including identifiers such as KeyType. In addition, the Relative Distinguished Name of the object in the directory is mapped directly to the key name in the metabase.

DS2MB Operations

The metabase update is a subprocess that is launched when System Attendant is started. The operation of SMTP, POP3, IMAP4, Outlook Web Access and Outlook Mobile Access are all dependent on the replication by DS2MB. DS2MB registers with the config domain controller after startup, enabling the config domain controller to notify DS2MB of any changes that are made to the Exchange configuration. This notification occurs within 15 seconds of the change. As soon as the change is replicated to the configuration domain controller, the change should be replicated to the metabase by DS2MB. DS2MB tracks changes to directory objects based on update sequence numbers (USNs).

1.    What is Forms Based Authentication?

Exchange Server 2003 has greatly improved the Outlook Web Access (or OWA for short) experience when compared to older Exchange versions. Besides the nice new GUI, spell-checking in different languages, drag-and-drop features, S/MIME and more, Exchange Server 2003 has added a new logon method that can be used on OWA.
Exchange Server 2003 offers a feature called "form-based authentication" that can make your Outlook Web Access more secure.  Instead of entering the username and password in an annoying pop-up screen, when configured with Forms-Based Authentication (or FBA for short), OWA will display a logon screen that enables the user to select various options and get a generally better look for the logon process.
FBA can also be used to enable compression and other nice features. Exchange Server 2003 Outlook Web Access (OWA) supports forms-based authentication technology. Also known as cookie authentication .Forms-based authen
When you enable this authentication method, OWA stores the user’s name and password in a cookie, rather than client’s browser. After a certain period of inactivity, the cookie is automatically cleared. This offers better security because the user’s credentials are not cached on the client’s computer. The credentials are only valid for the duration of the session and there’s no "Remember my password" option available to the client.

To configure form-based authentication in Exchange, go to the Properties of the Exchange Virtual Server (see Fig. 1) and check the box "Enable Forms Based Authentication." Optionally, you can also select a Low or High level of compression. The main difference between High and Low compression is that High compresses both static and dynamic pages, while Low only static pages. However, to avoid putting extra loads on your server you should not select this option if you only have one Exchange Server in your environment.
You need to restart the IIS service after you enable forms-based authentication by simply typing iisreset at the command prompt.
Once you’ve enabled form-based authentication, you might also want to configure the time-out value for cookie authentication. With OWA, clients can select one of the two security options:
  • Public or shared computer The default option is ideal for kiosks or other computers that are in a shared environment. The user session will time-out after 15 minutes of inactivity with this option.
  • Private computer Useful when clients don't share their computers with others and desire a longer session time-out value. Select it and the cookie will last for 24 hours before it's cleared.
You can change the default time-out values by modifying the registry. There are two settings in the registry for clients: PublicClientTimeout and TrustedClientTimeout. The first value refers to the "Public or shared computer" security option on the OWA logon screen, which defaults to 15 minutes. The second value refers to the "Private computer" security option, which defaults to 24 hours.
Here are the two registry settings that can be added. The values are set in minutes between 1 and 43200 (i.e. 30 days). If the PublicClientTimeout and TrustedClientTimeout registry values do not exist then OWA uses the default values mentioned above.
Registry location:
Value name: PublicClientTimeout
Value type: REG_DWORD
Value data: Between 1 and 43200
Base: Decimal
Value name: TrustedClientTimeout
Value type: REG_DWORD
Value data: Between 1 and 432000
Base: Decimal
To set a cookie time-out value of 36 hours for "Private computer," you use a value of 864 (see Fig. 2). You need to restart the W3SVC service after you make these registry modifications. You can type net stop w3svc and net start w3svc at the command prompt to restart the service.

Figure 1. Configuring forms-based authentication for OWA.

Figure 2. Modifying client session time-out value in registry.
  1. .
If you have a front-end/back-end server environment, make sure that you only enable forms-based authentication on the frontend -- do not enable this feature on the backend. If you are not using a front-end server, then enable forms-based authentication on the mailbox server. Check out Microsoft’s Knowledge Base article 830827, "How to manage Outlook Web Access features in Exchange Server 2003," for more information on this topic.
Whether you are using forms-based authentication or not, OWA should always be secured with Secure Socket Layer (SSL) to ensure data is transferred securely across the Internet. Fortunately, you can’t configure forms-based authentication unless SSL is enabled. Forms-based authentication offers administrators additional security by storing the user’s name and password in a cookie, rather than client’s browser. You can control the session time-out value by modifying the registry for public and private computers. This allows you to manage the period of inactivity on client’s computer before the session cookie is automatically cleared. 

3.    What are Recipient Policies?
When you perform the initial install of Exchange, the Recipient Update Service is installed and a default recipient policy is created. This policy is responsible for ensuring that all mail-enabled objects in the Exchange organization have a valid SMTP address following the naming format. You can create a new policy that can be configured to create each SMTP address following a different naming convention such as Microsoft has a list of best practices to follow when creating and/or editing recipient policies.
  • Create a new recipient policy and assign it a higher precedence rather than editing the default policy
  • Keep the number of recipient policies to a minimum
  • Rebuild the RUS with caution
4.    How would you work with multiple recipient policies?

In Exchange Server 5.5 or Microsoft Exchange 2000 Server mixed-mode, only the default recipient policy is in effect. The default recipient policy is created based on the site addressing of the Exchange Server 5.5 site. The default recipient policy that is based on the site addressing of the Exchange Server 5.5 site permits backward compatibility with Exchange Server 5.5. In native-mode, multiple recipient policies can be in effect on different groups of users.
Create Recipient Policies in the Exchange System Manager
Click Start, point to Programs, point to Microsoft Exchange, click System Manager
In the left System Manager window pane, click to expand Organization, click to expand Recipients, and then click Recipient Policies.

Note In the right pane, there is a Default Policy that applies to all recipients. In mixed mode, there is a Default Policy for each site.
Right-click Recipient Policies, point to New, and then click Recipient Policy.
Specify an LDAP filter (that is, to whom the policy applies) and the e-mail addresses for these recipients.
Also note that Exchange 2000 and Exchange 2003 support automatic generation of secondary e-mail addresses.

5.    What is the "issue" with trying to remove email addresses added by recipient policies? How would
you fix that?
6.    What is the RUS?
The Recipient Update Service (RUS) is a very important component in your Exchange installation, it is RUS that is responsible for updating address lists and email addresses in your Active Directory.
The Recipient Update Service (RUS) is a Microsoft® Exchange 2003 service that updates recipient objects within a domain with specific types of information. For example, the RUS updates recipient objects with e-mail addresses and address list membership at scheduled intervals. Usually an administrator is responsible for determining the intervals at which this service runs.
When you modify or create a recipient policy, the e-mail addresses for the address types that you have modified or added will be generated the next time the RUS is scheduled to run. The RUS only processes changes that were made since the last time it was run, so it is very efficient.

10. What is a Front End server? In what scenarios would you use one?
Microsoft® Exchange Server2003 and Microsoft Exchange2000 Server support using a server architecture that distributes server tasks among front-end and back-end servers. In this architecture, a front-end server accepts requests from clients and proxies them to the appropriate back-end server for processing. A front-end server is a specially configured server running either Exchange Server2003 or Exchange 2000 Server software.
Many organizations that implement Microsoft Outlook Web Access (OWA) based on Exchange Server 2003 or Exchange 2000 Server don't connect client browsers directly to the Exchange server on which the user's mailbox is located. Rather, a front-end Exchange server accepts the OWA connection from a client, then proxies the connection to the back-end server on which the user's mailbox resides. The front-end model offers the advantage of letting all users specify the same URL to access their mailboxes.
However, the traditional front-end model also has disadvantages, especially with regard to authentication. Let's look at how the traditional front-end server model works and examine the limitations of that model's authentication method. Then, I outline an alternative mechanism for using a variant of the front-end server configuration to implement a normalized namespace with OWA. This alternative approach avoids the drawbacks of Basic authentication while letting all users enter the same URL to access their email
11. What type of authentication is used on the front end servers?
New for Exchange Server 2003 is the ability for the Exchange front-end server to use Kerberos authentication for HTTP sessions between the front-end and its respective back-end servers. While the authentication is now using Kerberos, the session is still being sent using clear text. Therefore, if the network is public or the data is sensitive, it is recommended that you use Internet Protocol security (IPSec) to secure all communication between the Exchange front-end and back-end servers

12. When would you use NLB?
When the load on the Front-End server is more.

14. What are the 4 types of Exchange backups?

Several backup methods are written that do not use the Microsoft backup API. The following is an overview of backup methods that you can use.

This article divides backups into two categories: what Microsoft supports and does not directly support.
Exchange Backups that Microsoft Supports
1.    Online Backups and Types of Online Backups
2.    Offline Backups
Exchange Backups that Microsoft Does Not Directly Support
1.    Open File Agent Backups
2.    Mailbox (Brick) Level Backups
3.    Snap or Snapshot and Hot Split Backups
For More Information

Online Backups and Types of Online Backups
Online backups are backups done while Exchange services are running. None of the Exchange services have to be stopped for this backup to complete.

Online backup does not mean that you try to back up Exchange database files and Exchange folder structure while Exchange services are running. Online backup means backing up a separate Microsoft Exchange or Microsoft Exchange Server object that is available in backup software. You can do an online backup using Backup if you install Exchange administrator or Exchange System Manager in Exchange 2000 Server on a server that will do a backup. If you use third-party backup software, you have to install the Exchange Agent or Exchange-aware backup software. Agents are popular because they extend the functionality of third-party backup software. You will be backing up Exchange Directory (Exchange Server version 5.5) or Microsoft Exchange Information Store service objects. You will not be able to select individual files to back up or select individual mailboxes that need to be backed up.

If you try to back up actual Exchange Server files and folders while services are running, backup will complete but with files that are skipped. Database files are skipped because the Exchange database engine has opened them, and only one program can have exclusive access to a single file on the disk. If disaster strikes and this is the only type of backup available, it is possible that Exchange information will not be recoverable.

When backing up Exchange Server databases, there are four backup types available:
Normal (or Full)   The normal backup process backs up the directory or Exchange store in its entirety, as well as the log files. To restore from a normal backup, only one normal backup is needed. A normal backup marks the objects it has backed up so that incremental and differential backups have context. This is accomplished by backing up the entire database and all the log files, and then purging the log files.

Copy   The copy backup is the same as a normal backup except no marking takes place to give incremental and differential context. This means that performing an incremental backup after a copy backup is equivalent to performing it before a copy backup. Use a copy backup to get a full backup of the directory or Exchange store without disturbing the state of ongoing incremental or differential backups.

Incremental   An incremental backup backs up the subset of the component that has changed since the last normal or incremental backup. Then it marks these objects as backed up. To restore from incremental backups, each incremental backup since the last normal backup and the normal backup are needed. An incremental backup backs up only the log files, and then purges them.

Differential   A differential backup backs up changes in the directory or Exchange store that have occurred since the last normal backup. To restore from differential backups, one differential backup and one normal backup is required. A differential backup backs up only the log files but does not purge them.

To restore an online backup in Exchange 2000 Server, you need the Microsoft Exchange Information Store service running, and the stores that are being restored need to be dismounted. To restore an online backup in Exchange Server 5.5, you need to have the Microsoft Exchange System Attendant service running.
Offline Backups
Offline backups are backups of Exchange files and folders when Exchange services are not running. If services are not running, backup software can have exclusive access to database files and can back them up.
Planned offline backups will result in consistent database files. When Exchange services are being gracefully shut down, all transactions are being committed to the database. Resulting databases will be consistent, marked consistent or clean shutdown, depending on what version of Exchange you are running.
Unplanned offline backups are backups that are taken when the server fails. Database files are copied to some location because that is the only type of backup available. If Exchange Server fails before this backup, databases do not have to be consistent, so they might need repair after the restore procedure. Make sure to check if the backup was before or after the failure or Exchange Server problem.
minus Exchange Backups that Microsoft Does Not Directly Support

For backup methods that are not supported, there is no guarantee that the methods will work. You should contact your third-party backup software or hardware vendor in case of problems with backup. The backup vendor should be the primary source of support in the case that any of the following backups are used. Microsoft will work with any customer that has any backup type. However, if the backup was created by one of the following methods, the only help that Microsoft might be able to provide is disaster recovery, which might involve data loss.
Open File Agent Backups
There are third-party backup programs that use special ways to do a file-level backup of files that are already opened by some other application, such as Exchange Server. This might or might not work. In most cases, it will not work for Exchange. There is no guarantee that this type of backup will back up all mailbox and public folder data, and that you will be able to recover from disasters such as this. Open file agent backups, in most cases, back up inconsistent databases.

Mailbox (Brick) Level Backups
There are several third-party backup programs that can back up and restore individual mailboxes, rather than whole databases. Because those backup solutions do not follow Microsoft backup guidelines and technology, they are not directly supported.
There are known problems with some versions of mailbox-level backup programs including loss of free/busy data and incomplete restores. Every effort is made to help, and to look at the errors and issues that you are having with this type of backup and restore, to determine if there are Exchange problems documented that could cause this error.

Snap or Snapshot and Hot Split Backups
This type backup provides benefits somewhat in between offline and open file agent backups. These backups are typically done on a hard disk instead of tape devices, which allows much faster transfer rates.
Traditionally, the snapshot backup is done when databases are stopped. Because they are consistent, the restore procedure is similar to offline restore procedures. Those types of snapshot backups require downtime when backing up.
There are some backups that perform what is called a Hot Split backup. This can be thought of as a snapshot backup with an open file agent running. The result is a fast backup that does not require downtime, but the backed up databases are inconsistent. Because of that, the backup vendor might need to be contacted to make sure that data is restored without any loss.

A server running Microsoft Windows Server™ 2003 will support snapshot backups, and they are supported in Exchange Server 2003. They will utilize the Volume Snapshot service of Windows Server 2003, and they will require both the Exchange snapshot DLL and the special storage hardware.

Online v Offline Backup
An online backup means that email is not interrupted.  New in Windows 2003 is the Volume Shadow Copy (VSS) service which makes it possible to backup without dismounting the Exchange stores.  Most proprietary programs like Backup Exec, Legato or ArcServe have agents or add-ons which specifically hook into the Windows 2003's VSS APIs.
Offline backup.  Dismount the Store, then backup.  Not your first choice.  The main reason that I can think of for choosing an offline backup, is if the online backup failed.  The disadvantages are that the logs are not purged and that unlike an online backup, the database cannot be verified.
Another possible scenario is that you are about to undertake risky restore.  So you create a rollback position by backing up what you have already, before you try a restore.

ASR (Automated System Recovery)
I wanted to give you a timely reminder that Exchange 2003 relies on the underling Windows Server 2003 operating system.  In a worst case scenario you will have to rebuild the operating system before you restore the Exchange .edb databases.  An ASR backup and recovery disk is the fastest way of building a base from which you can restore those .edb files.  Before you tackle an ASR recovery, I assume you have tried Last Known Good, Safe Mode and the Recovery Console.
In NT 4.0 days this process was known as RDISK. Both RDISK and ASR suffer from a fatal flaw, that is they are no good unless the disk information is up-to-date.  So, if you going to make ASR diskettes, make sure you repeat the procedure every time the hardware changes in any significant way.
Backup Media Tactics
It is usually fastest to backup to disk.  So, your tactics could be initially backup to disk, followed by a backup to a central server or to a local tape drive.  Perhaps the best strategy would be to employ a tape library on a SAN.

Summary of Backup Methods in Microsoft Exchange Server 2003
If you want to successfully restore your Exchange 2003 server, then spend time and plan your backup strategy carefully.  Make a full backup your first choice, and wherever possible, avoid incremental backups since they take too long to restore.

115) What is DSACCESS?   
DSAccess is a component that optimizes the communication between Active Directory and components within exchange server. For example, Components such as Information Store and message categorizer.

Exchange components that needs to interact with active directory uses DSAccess to retrieve information instead of directly communicating with Domain Controller or Global Catalog servers.
DSAccess is also helpful for better system performance as it maintains a cache which helps in reducing LDAP queries that exchange server components does on active directory and thus load is reduced on both domain controllers as well as global catalog servers.
Note: A global Address List (GAL) query from Microsoft Outlook client does not use this cache.
The system Attendant service is responsible for initializing DSAccess which is in form of a DLL file i.e., DSACCESS.DLL. There are also two more dll's associated which are DSCMGS.DLL and DSCPERF.DLL.
Lets say, we want to see which processes are using DSACCESS.DLL. for this we will be using tasklist.exe (windows 2003 and XP) from command prompt.
tasklist -m dsaccess.dll
This will give you output similar as shown below. 

DSAccess also have another important task to do, and that is "Discovery Process". In this discovery process DSAccess determines the complete active directory structure and accordingly chooses domain controller and global catalog servers that can be used by exchange.
To see which domain controller and global catalog is being used by DSAccess, we need to open ESM (exchange system manager) and drill down to server, then open the properties page of server and go to Directory Access tab. 

Note: This is available only if Exchange 2003 SP2 is installed. In prior versions you will need to use DSADIAG.EXE to get the list of domain controllers and global catalogs that are being used by DSAccess.

116)     When would you use offline backup?
You must perform an offline defragmentation in the following situations:
After performing a database repair (using Eseutil /p)
After moving a considerable amount of data from an Exchange Server database.
When an Exchange Server database is much larger than it should be.

118)     What is the dumpster?

When you delete an item from your mailbox, the item will be kept on the dumpster for as long as configured for your mailbox or for the mailbox database to which your mailbox belongs. As administrator you need to keep in mind however that when you move a mailbox from one mailbox database to another mailbox database, t hat the content of the dumpster is not moved for that mailbox and therefore lost.

How to Recover Deleted Emails in Outlook

When you delete an email in Outlook it goes to the Deleted Items folder.
Like the Recycle Bin on the Desktop, this gives you a second chance if you delete an email by accident.

Where do emails go when you delete them out of the Deleted Items folder?
If Outlook is using an account on an Exchange server, the answer is the Dumpster - the American word for a skip.
This is the place Exchange stores deleted emails for a length of time, called the Retention Period, the length of which can set by an administrator, before finally and permanently deleting them.
The Arrowmail Exchange servers have a Retention Period of 14 days.

The Dumpster
The good news is that you can access the Dumpster yourself from within Outlook.
Here's how:-
Select the Deleted Items folder then click:-
Tools - Recover Deleted Items…

A window opens showing all the emails deleted from the Deleted Items folder which haven't exceeded the Retention Period.
Select one or more emails you want to recover, click on Recover Selected Items and they will appear back in the Deleted Items folder:-

There's also the option to purge items from the Dumpster if there's a particular email you want to make disappear for good.

You can also access the dumpster from Outlook Web Access, from the Options page:-

The Hidden Dumpster
This is fine for emails that have passed through the Deleted Items folder, but it's possible to "hard delete" items straight to the Dumpster from any folder by holding down the Shift key while deleting an email.

With Outlook open and an email selected in the Inbox, you're 4 key-presses away from disaster:-
Ctrl+a then Shift+Del
This means "Select all emails in the Inbox" then "move them all to the hidden dumpster".
I've lost count of the number of support calls I've had where this has happened.

Emails hard deleted from any folder go to the Dumpster but, by default, you can only retrieve ones that have passed through the Deleted Items folder.

To be able to access the entire Dumpster you need to make a Registry change.
(Remember that care should always be taken when editing the Registry as there are settings in there that can render your Windows installation inoperable.)

Click: Start - Run and type regedit then click OK to open the Registry Editor.
Navigate to:-

Click: Edit - New - DWORD Value
Rename the new value: DumpsterAlwaysOn
Double-click this new value and set its value to 1:-

Close Regedit
Close Outlook, if it's open, restart it and the Recover Deleted Items… option will now be enabled for every folder, including those that contain Contacts, Calendar items, etc.

You'll need to make this Registry edit on every PC from which you want to access the hidden dumpster.
There's no way to access the hidden part of the Dumpster from Outlook Web Access.

Recovering Deleted Emails from the Cache on another PC
If some major catastrophe has happened with your email, and missing items are not recoverable from any part of the Dumpster, there may still be some things you can do.

If you've been using Outlook with Exchange, in cached mode, on another PC, which is currently turned off, this PC will have a full copy of your Outlook data in a local OST file.
This data will be as up-to-date as the last time you used Outlook on that PC, hopefully before the current problem occurred.

The last thing you want to happen is for this PC synchronise with Exchange and so delete the items you're after from its cache so, before you turn this PC on or open Outlook, make sure that it's NOT connected to the Internet.
Maybe pull out the network cable or turn off the wireless card.

When you open Outlook on this PC, while it's off-line, you should see all the missing items still there. The first task is to copy them to a local PST file:-

From within Outlook, click:-
File - New - Outlook Data File…
Select Outlook Office Personal Folders File then click OK
Click OK then OK to accept the default location and name of the new PST file.

You'll now see a new set of folders in Outlook called Personal Folders.

Drag-and-drop all the items you need from the mail folders, contacts, calendar etc. in the Exchange folders to the equivalent place in Personal Folders.
When the copying process has completed you can safely re-enable your Internet connection and allow Outlook to synchronise with Exchange.

The next thing to do is to copy the items you've saved to Personal Folders, back into your Exchange folders, as the synchronisation process will have just deleted them from there.
Exchange will accept these as valid new items and will copy them back, first to your mailbox on the server, and then to the local caches on all the other computers where you use Outlook.

When you're sure that this has worked, right-click on Personal Folders and select
Close "Personal Folders".

The local cache of your Exchange data, held on a PC, is your insurance against a failure of the Exchange server that could be unrecoverable.
Maybe the building housing the server and the backup tapes has burnt down.
You could then arrange to have your incoming emails diverted to a POP3 mailbox and access a SMTP server so that your email is functional again.
I've seen someone working this way, more than 2 years after the Exchange server they were using disappeared.

Archiving Email
This is where a separate copy of all incoming and/or outgoing emails are stored on the
mail-server in a read-only folder, separate from your mail mailbox which you can access and search through when the original of an email is nowhere to be found.
If this is the only reason you have for keeping a mail archive then it's not too hard, or expensive, to organise such a system for keeping the last 30 days' emails.

15. What are the e00xxxxx.log files?
All transactions are first logged to the current log file E00.LOG. If it gets full it will be saved to a file of the log generation E00xxxxx.LOG. The log files are by default stored in the same directories as the database files. The current log file E00.LOG (Note: E00 will be increased by 1 for each additional storage group.), which contains the most recent  transactions. As soon as it gets full, Exchange will automatically save a copy in a log generation file like E00xxxxx.LOG, where xxxxx is a five digit hexadecimal number. The handling of the log generation depends on whether circular logging is enabled or not.

16. What is the e00.chk file? 
 File- The checkpoint file is used to track which transactions have been committed to the database and which transactions have to be committed to the database. The name of the file is EX0.chk (X stands for the storage group) and its size is 8KB.
The checkpoint file E00.CHK has an important role in Exchange database logging. First of, it maintains the current checkpoint. The current checkpoint always points to  the last transaction that was successfully committed to the database. During normal  operation, the Exchange Server always writes transactions to the log files first as
they provide sequential access. This is much faster than writing to the database  directly since it provides random access. The server will eventually write  transactions to the databases as soon as it has idle time. The last transaction
committed is pointed to by the current checkpoint. In case of a database corruption, it allows the Exchange Server to roll-forward from the last backup to the  last known consistent state.

The checkpoint file also maintains the backup checkpoints. Backup checkpoints are  used to store the position of the current checkpoint at the beginning of a backup session to a temporary location.

17. What is circular logging? When would you use it?

As stated before, all transactions are first logged to the current log file E00.LOG. If it gets full it will be saved to a file of the log generation E00xxxxx.LOG. This process is called transaction log rollover. The way the current log file is rolled over depends on the logging mechanism used. Microsoft Exchange provides circular and sequential logging mechanisms.
Circular logging automatically overwrites transaction log files after the data they contain has been committed to the database. It reduces disk storage space  requirements; however, if circular logging is enabled, you cannot perform incremental backups.
To enable circular logging, go to the Properties window of a Storage Group and choose the General tab.

Circular logging (disabled by default) uses transaction log technology but does not maintain previous transaction log files. Instead, it maintains a window of a few log files, then removes the existing log files and discards the previous transactions after the transactions in the transaction log files have been committed to the database.

This helps to manage disk space and keeps transaction logs from building up, but it prevents you from using differential or incremental backups, because they require  the past transaction log files. In fact, because circular logging purges some transaction log files, you may not be able to recover to a point of failure by roll  forward through the transaction log files—one or more may be missing. For this reason it is a good idea to disable circular logging on all Storage Groups (default setting). You can manage disk space easily enough by performing regular online  backups, which purge the log files from the hard disk after they have been backed up.

120)     How would you plan for, and perform the offline defrag? 
Exchange 2003 defragments the Exchange database every night. But this is only an online defrag of the database. An online defrag doesn’t reduce the size of the information store. To reduce the size of the databases, you must use an offline defrag.

When should I use an offline defrag?
Under normal conditions you don't need an offline defrag, but when you add tons of new users due to a merger or aquisition or when you delete many objects from the store it can be necessary to do an offline defrag.
You can do a space dump with ESEUTIL /MS to determine the space. Also ensure that you have 110% free diskspace associated with the Exchange database size.

Figure 4: ESEUTIL /MS

120)     What is the isinteg command? What is the eseutil command? 
ESEUTIL is a tool to defragment your exchange databases offline, to check their integrity and to repair a damaged/lost database.
ESEUTIL is located in the \EXCHSRVR\BIN directory. This directory is not in the system path so you must open the tool in the BIN directory or enhance the system path with the \EXCHSRVR\BIN directory.

1.     Name all the client connection options in Exchange 2003.
       Outlook 2000/2003   
       Outlook Web Access.
       Outlook Mobile Access.
       RPC over Http/Https.

2.    What is Direct Push? What are the requirements to run it?

'Direct Push' technology is an additional feature added to Microsoft Exchange 2003 with a new service pack that adds messaging and security features currently also known as AKU2. Exchange Server enabled to push Outlook messaging directly to a phone device running Windows Mobile 5, using a subscriber's existing wireless phone account (instead of the device having to "pull" e-mail from the server). To achieve pushmail with any e-mail provider (i.e. other than Exchange) there is a plug-in from for emansio (formerly VGS Mail) that enables push mail with any e-mail provider, i.e. Google mail etc.

3.     How would you remote wipe a PPC?
 Remote Wipe
The Microsoft Exchange ActiveSync Mobile Administration Web tool enables the remote wipe feature added in SP2. This tool enables administrators and help desk professionals to manage the process of remotely erasing lost, stolen, or otherwise compromised mobile devices. After the remote wipe has been completed, the administrator receives an acknowledgement that the mobile device has been wiped. The ability to perform a remote wipe is useful when an end user loses his or her mobile device, or if the device is stolen and there is a risk that personal or confidential information could be accessed.
This feature is enabled over a Web application that is restricted to Exchange Administrators by default. Other individuals can be added as required. Using this Web application, you can perform the following tasks:
  • View a list of all mobile devices that are being used by any enterprise user.
  • Send or cancel remote wipe commands to mobile devices.
  • View the status of pending remote wipe requests for each mobile device.
  • View a transaction log that indicates which administrators have issued remote wipe commands, in addition to the mobile devices those commands pertain to.
  • Delete an old or unused partnership between devices and users.

4.     What is Cached Mode in OL2003/2007? 
Outlook 2002 and earlier gives you the capability to use an offline file with an Exchange Server account. The offline file is a local copy of your mailbox data stored on your computer's local hard disk. By using an offline file, you can continue working with your mailbox even when your server isn't available. So, you can still read e-mail messages you've already downloaded, work on tasks, compose messages, and perform all of the other standard tasks you can accomplish by using Outlook when your computer is connected to the server.
In Outlook 2003, offline file capability is improved with better connection management and synchronization. The offline file feature in Outlook 2003 is called Cached Exchange Mode.
To turn on Cached Exchange Mode for your account in Outlook 2003
1.    Exit Outlook.
2.    Click Start, click Control Panel, and then double-click Mail.
3.    In the Mail Setup dialog box, click E-mail Accounts.
4.    In the E-mail Accounts Wizard, select View or change existing e-mail accounts, and then click Next.
5.    Select Microsoft Exchange Server, and then click Change.
6.    Select the Use Cached Exchange Mode check box, click Next, and then click Finish

The next time that you start Outlook, it will begin creating the local cache copy of your mailbox and synchronize your local cache with the mailbox on the server. If you have a lot of items in your mailbox, synchronization might take time. It's best to synchronize the two the first time through a local connection to your server, rather than through a remote connection (such as using RPC over HTTP).
To set up an offline file in Outlook 2002
1.    Exit Outlook.
2.    Click Start, click Control Panel, and then double-click Mail.
3.    In the E-mail Setup dialog box, click E-mail Accounts.
4.    In the E-mail Accounts Wizard, select View or change existing e-mail accounts, and then click Next.
5.    Select the Microsoft Exchange Server account, and then click Change.
6.    On the third page of the wizard, click More Settings.
7.    In the Microsoft Exchange Server dialog box, click the Advanced tab, and then click Offline Folder File
8.    Select a location and file name for the Office Folder file (.ost).
9.    Do one of the following:
§  To accept the defaults and create the file, click OK.
§  Type a location and file name in the File box, and then click OK.
10. In the Microsoft Exchange Server dialog box, click OK, click Next, and then click Finish.
11. Close any remaining dialog boxes.

Using Remote Mail
Outlook includes a specific feature called Remote Mail, which you can use to view message headers (that is, the summary information about messages, including the subjects and senders of the messages) and to manage messages without downloading them. Why is that important when you work away from the office? If you receive a lot of mail, particularly with documents or other attachments, downloading your mail over a slow connection (such as a dial-up connection) seems to take forever. By using Remote Mail, you can download just the header, and then look at the subject and sender to determine whether you want to download the message itself. If so, you mark the message header for download and review the remaining message headers. When you've marked all of the headers for the messages that you want downloaded, you can direct Outlook to download the messages.
Remote Mail is also helpful for cleaning out junk e-mail messages from your mailbox without taking the time required to download the messages. Just mark the headers for deletion so that Outlook deletes the messages from your mailbox the next time Outlook connects to the server.
Remote Mail was originally a feature specific to Exchange Server accounts; but because Outlook evolved, so has this handy feature. You can still use Remote Mail for Exchange Server accounts, but as explained in detail in Microsoft Office Outlook 2003 Inside Out, you can use Remote Mail for non–Exchange Server accounts as well.
The following link has complete instructions on setting up and using Remote Mail for Exchange Server: Use Remote Mail to download headers and messages.
 Note   You must add an Offline Folder file (.ost) to your Outlook profile to use Remote Mail. You can't use Remote Mail if you are using Cached Exchange Mode in Outlook 2003.

5.    What are the benefits and "issues" when using cached mode? How would you tackle those issues?
1. By using an offline file, you can continue working with your mailbox even when your server isn't available. So, you can still read e-mail messages you've already downloaded, work on tasks, compose messages, and perform all of the other standard tasks you can accomplish by using Outlook when your computer is connected to the server.

          2. You need not be Online to view your emails.

If you have a lot of items in your mailbox, synchronization might take time.

6.    What is S/MIME? What are the usage scenarios for S/MIME?
            S/MIME (Secure Multi-Purpose Internet Mail Extensions) is a secure method of sending e-mail that uses the Rivest-Shamir-Adleman encryption system . An alternative to S/MIME is PGP/MIME, which has also been proposed as a standard.

S/MIME (Secure / Multipurpose Internet Mail Extensions) is a protocol that adds digital signatures and encryption to Internet MIME (Multipurpose Internet Mail Extensions) messages described in RFC 1521. MIME is the official proposed standard format for extended Internet electronic mail. Internet e-mail messages consist of two parts, the header and the body. The header forms a collection of field/value pairs structured to provide information essential for the transmission of the message. The structure of these headers can be found in RFC 822. The body is normally unstructured unless the e-mail is in MIME format. MIME defines how the body of an e-mail message is structured. The MIME format permits e-mail to include enhanced text, graphics, audio, and more in a standardized manner via MIME-compliant mail systems. However, MIME itself does not provide any security services. The purpose of S/MIME is to define such services, following the syntax given in PKCS #7 (see Question 5.3.3) for digital signatures and encryption. The MIME body section carries a PKCS #7 message, which itself is the result of cryptographic processing on other MIME body sections. S/MIME standardization has transitioned into IETF, and a set of documents describing S/MIME version 3 have been published there.

S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encryption). S/MIME specifies the application/pkcs7-mime (smime-type "enveloped-data") type for data enveloping (encrypting): the whole (prepared) MIME entity to be enveloped is encrypted and packed into an object which subsequently is inserted into an application/pkcs7-mime MIME entity.
S/MIME functionality is built into the vast majority of modern e-mail software and interoperates between them.

S/MIME Certificates

Before S/MIME can be used in any of the above applications, one must obtain and install an individual key/certificate either from one's in-house certificate authority (CA) or from a public CA such as one of those listed below. Best practice is to use separate private keys (and associated certificates) for Signature and for Encryption, as this permits escrow of the encryption key without compromise to the non-repudiation property of the signature key. Encryption requires having the destination party's certificate on store (which is typically automatic upon receiving a message from the party with a valid signing certificate). While it is technically possible to send a message encrypted (using the destination party certificate) without having one's own certificate to digitally sign, in practice, the S/MIME clients will require you install your own certificate before they allow encrypting to others.
A typical basic personal certificate verifies the owner's identity only in terms of binding them to an email address and does not verify the person's name or business. The latter, if needed (e.g. for signing contracts), can be obtained through CAs that offer further verification (digital notary) services or managed PKI service. For more detail on authentication, see Digital Signature.
Depending on the policy of the CA, your certificate and all its contents may be posted publicly for reference and verification. This makes your name and email address available for all to see and possibly search for. Other CAs only post serial numbers and revocation status, which does not include any of the personal information. The latter, at a minimum, is mandatory to uphold the integrity of the public key infrastructure

1 comment: