I'm moving this blog to http://www.msmvps.com/ehlo/.

I think that the msmvps.com site is more appropriate for technical content than Spaces. So, don't forget to update your feed reader ;-)

Since the beggining of the month I'm an MVP in Windows Server System - Exchange Server.

If you want to know more about the MVP Program, you can check it here. You can also check my profile.

There are great Exchange documentation sources on the internet. The Microsoft Exchange Team is probably the most active team in producing good technical documents. Also there are other dedicated sites who publish regular articles.

But there's nothing like the smell of paper and a fat Exchange book looks good on any shelf. Unfortunately the price of books is not as cheap as it should be (at least for me, who lives in a country with one of the smallest buying power in Europe).

So, if I can't buy the real thing, I'll have to find alternative sources. Most of the authors of Exchange books offer sample chapters of their work. I decided to gather all the sample chapters available publicly. I call it Poor Man's Library:

• Microsoft Exchange Server 2003 Distilled, Scott Schnoll
Exchange Server 2003 Tips and Tricks

• Special Edition Using Microsoft Office Outlook 2003, Patricia Cardoza
Managing Outlook Folders in Office 2003

• Microsoft® Exchange Server 2003 24seven, Jim McBee; Barry Gerber
Chapter 4: Understanding Exchange 2003 Data Storage

• CYA Securing Exchange Server 2003 & Outlook Web Access, Henrik Walther, Patrick Santry
Chapter 5 Securing the Outlook Web Access Server

• Mastering™ Microsoft® Exchange Server 2003 ,Barry Gerber
Chapter 4: Exchange Server 2003 Architecture

• Microsoft Exchange Server 2003 Delta Guide, David McAmis, Don Jones
Chapter 8 "Security"

• Learning Exchange Server 2003, William Boswell
Migrating from Legacy Exchange
Chapter 5, “Managing Recipients and Distribution Lists”

• Anti-Spam Tool Kit, Paul Wolfe  Charlie Scott  Mike Erwi
Chapter 11, Anti-Spam Servers for Windows
Chapter 5, "Blocking spammers with DNS blacklists"

• Microsoft Exchange Server 2003, Tony Redmond
Chapter 8, "Performance and clusters"

• The Administrator Shortcut Guide to Email Protection, Paul Robichaux
Chapter 3, "Server-Side Antivirus Protection"

• Mission-Critical Microsoft Exchange 2003, Jerry Cochran
Chapter 5, "Protecting and Recovering Exchange data"

• MCSA/MCSE Implementing and Managing Exchange Server 2003 Exam Cram 2, Orin Thomas, Will Schmied and Ed Tittel
Chapter 6, “Managing, Monitoring, and Troubleshooting the Exchange Organization”

• The Definitive Guide to E-Mail Management and Security, Kevin Beaver
Chapter 6, “Managing e-mail effectively”

• Microsoft Exchange Server 2003 Unleashed, Rand Morimoto
Chapter 15 "Migrating from Exchange v5.5 to Exchange Server 2003"

• Secure Messaging with Microsoft Exchange 2003, Paul Robichaux
Chapter 13 "Securing Outlook" 

• Monitoring and Managing Microsoft Exchange Server 2003, Mike Daugherty
Chapter 9, "Backup and recovery operations"

• The Definitive Guide to Windows 2000 and Exchange 2000 Security, Archie Reed, Darren Mar-Elia, and Sean Daily
Chapter 8 "Managing Exchange 2000 Post-Migration Tasks"

• Secure Messaging with Microsoft® Exchange Server 2000, Paul Robichaux
Chapter 4: Threats and Risk Assessment

• Microsoft® Exchange 2000 Server Resource Kit, Microsoft Corporation
Chapter 6 Deployment Strategies

• Configuring Exchange Server 2000, Liz Mason
Chapter 1 What’s New in Exchange 2000

• Microsoft Exchange Server in a Nutshell, Mitch Tulloch
Chapter 2 Architecture and Operation

 

If you know any other sample chapters, please let me know.

(Or fun with the Pocket PC Emulator).

Pocket PC emulation should be a simple thing, right? That's what I thought!

According to a post at You Had Me At EHLO, to install a Pocket PC emulator, this is what you'll need:

1. Install ActiveSync 3.7 (meanwhile version 3.8 was released)
2. Install Pocket PC SDK 2003
3. Install Pocket PC SDK 2003 Emulator Images
4. Install Visual Studio .NET 2003 (!)

I had to do some tests with Exchange ActiveSync, so instead of installing all that stuff on my machine, I asked for a virtual one (Virtual Server 2005). At the end of the long installation process, when I tried to run the emulator for the first time, I got the message on the picture.

"You just had to try, didn't you?". You have to laugh.

The reason for this beahviour is that, somehow, the Pocket PC Emulator and the Virtual Machine software share some code. Fortunately there's a solution: Visual Studio .NET 2005 Beta 1. After installing the new version I was finally able to mess around with the emulator.

I was reading Eileen Brown's WebLog when I realized that I really don't know how to apply Exchange service packs and hotfixes. Damn! All these years of working experience should have teached me more.

There's a not so new KB article, Q328839, that has the right procedures, so be sure that you follow them religiously. Your Exchange data is definitely something you don't want to mess around.

Consolidation is a word you probably hear a lot by these days. We see bigger and bigger Exchange Servers with huge stores and thousands of users. As the size of databases grows, backup technologies must keep up by evolving rapidly and becoming more fast and reliable.

Whether you do it by obligation of a service level agreement (SLA) or for any other reason such as compliance or a disaster recovery plan, there’s no way you can live without backup. Besides that, online backup is one of the most important operations to keep a healthy Exchange infrastructure.

From a Sysadmin’s point of view, the backup time windows is one of his/hers main concerns, even if he/she isn’t tied with a high demanding SLA. So much data, so little time!

 

There are many solutions from different vendors to backup an Exchange infrastructure (http://www.microsoft.com/exchange/partners/backup.asp), but you’ll be perfectly well served with the tool provided by Microsoft, Windows Backup (NTBackup).

And if time is a problem, on a fat Exchange database you’ll probably want to try a 2-step backup approach: backup to disk first and then dump the resulting file to tape. In this kind of backup there are a couple of things you can do to improve backup performance and that’s what I’m going to explain next.

 

The first tweak you may try is to modify specific registry values that optimize the data throughput of the built-in backup engine. These entries are located under the key HKEY_CURRENT_USER\Software\Microsoft\Ntbackup\BackupEngine\ (if you don’t see the BackupEngine subkey you’ll have to run Windows Backup at least once). If you schedule a backup job, don’t forget that HKEY_CURRENT_USER must correspond to the user configured to run the job.

There isn’t much information provided by Microsoft about these entries, so I’ll advise you to change them to the values provided by Microsoft IT:

 

Logical Disk Buffer Size = 64

Max Buffer Size = 1024

Max Num Tape Buffers = 16

 

Out of the box, NTBackup will give a data throughput of about 640 MB/min, when performing disk-to-disk backup. With these registry optimizations you’ll be able to reach 1200 MB/min, that’s twice the throughput you had before!

 

The next major tweak to improve performance is to get a new version of NTBackup. That’s right, Microsoft will release a new version of NTBackup with Windows Server 2003 Service Pack 1. The good news is that you can put your hands on this new version today, just call Microsoft PSS and ask for the hotfix mentioned on article Q839272.

Basically you’ll get a revised version of NTBackup that provides a new command-prompt switch, /FU. The switch enables a “file unbuffered” setting to bypass the cache manager and thus resolving a cache contention issue. This change provides a number of benefits during the disk-to-disk backup process:

 

• Sustainable throughput over time (remember the 1200 MB/min data throughput? Without the revised version that throughput will suffer some degradation)

• Reduction in processor utilization (peak utilization reduced to 30 percent on average)

• Elimination of impacts to the system process during the backup job

 

I made some basic testing and measures with and without this new switch. The measures were made by backing up a 2GB file to a SAN disk on an HP StorageWorks Enterprise Virtual Array 5000. For this specific hardware, Microsoft also recommends that you disable mirrored write-back cache on all dedicated backup disks. I present you the results on the next table.

Without /FU     With /FU

Mirrored Write-Back                         1:41              1:18

Mirrored cache disabled                   1:42              1:09

 

You can notice a 23% improvement just by using the /FU switch. This value grows up to 33% when you disable the specific HP EVA 5000 mirrored write-back cache.

 

I showed you how to improve backup performance by modifying some registry values and by using a revised version of Windows Backup. Don’t forget that there are many other things involved in a backup solution, so you’ll have to do further testing on your own environment, but with the tweaks I mentioned is almost a certain that you’ll see a boost on throughput.

 

There are some articles you should check in order to get more information:

 

“How to Back Up and Restore an Exchange Computer by Using the Windows Backup Program”

http://support.microsoft.com/?kbid=258243

 

“System performance is negatively affected when Ntbackup.exe writes to a destination .bkf file”

http://support.microsoft.com/?kbid=839272

 

“Backup Process Used with Clustered Exchange Server 2003 Servers at Microsoft”

http://www.microsoft.com/technet/itsolutions/msit/operations/exchbkup.mspx

*** I'M NO LONGER MAiNTAINING THIS BLOG, SO PLEASE CHECK MY NEW ONE: http://msmvps.com/ehlo/category/1456.aspx ****

 

So far, these are the known issues with the script:

#1- Hidden DLs won't migrate
Solution 1: unhide all objects before running the script
Solution 2 (not tested yet): try an LDAP filter on the LDIFDE command. Modify the command after the -r switch:
 
[...] -r "(&(objectClass=groupOfNames)(msExchHideFromAddressLists=TRUE))" [...]
 
You can find more information about LDIFDE in the following KB article:
"Using LDIFDE to Import and Export Directory Objects to Active Directory", http://support.microsoft.com/kb/q237677/
Then you can use the same filter with CSVDE.
Of course you'll have to run the commands outside the script.

#2- You get an empty file when you run the CSVDE command
Solution 1: modify the LDAP properties on Exchange 5.5, so that you can search more than the default number of items
Solution 2: run the CSVDE command directly on the Exchange 5.5 server (only supported on Windows 2000 Server).

#3- You cannot run the CSVDE command
Solution 1: check the permissions. Are you using an NT account with the propper permissions?
Solution 2: integrate WINS. Try replicating the WINS information from the NT domain to your current WINS server. You might prefer using an lmhosts file.
Solution 3: run the CSVDE command directly on the Exchange 5.5 server (only supported on Windows 2000 Server), then copy the file to server where you're running the script.
Solution 4 (not tested yet): try to do a directory export using Exchange Admin. Make sure you have the following fields:
 
DN,objectClass,Admin-Display-Name,rdn,cn
 
Take a look at Q155414 and Q261112 articles for an explanation on how to select field headers.

 

Any feedback about these issues is welcome. You can reach me by posting a comment here, or by the email address provided inside the script.

[For up-to-date information, please visit http://msmvps.com/ehlo]

 

I recently published this article on the MSD2D.com site. I'll try to post here any developments I make on the script.

 

Almost 40% of the current Microsoft Exchange customers are still using Exchange 5.5. Probably most of them have plans to migrate to the latest version, Exchange 2003 SP1, in the near future. There is lots of literature available about the right procedures for such a task, so if we’re not talking about something very complex, the migration process should be painless.

One of the difficulties you should be aware of (and now I’m speaking particularly for those who are about to migrate) is the migration of the old Exchange 5.5 Distribution Lists (DLs) to the new Universal Distribution Groups (UDGs) in Active Directory, when in an inter-organization scenario.

Migrating DLs in the same organization doesn't represent any challenge, because you can use Active Directory Connector (ADC). Normally, you’ll use Active Directory Connector (ADC) to automate this task. When in the same organization, the ADC replicates all the Exchange Server Distribution Lists to Active Directory as Universal Distribution Groups. But when you do synchronization from an Exchange Directory on a different organization, all you get on Active Directory is mail enabled contacts.

 

The only way I know to migrate DLs in this scenario (without using third party tools) is by exporting the DLs, and then using the LDIFDE or CSVDE command-line utilities to convert them to UDGs.

I had recently the opportunity to work on a client who needed this DL migration process, so a couple of colleagues of mine, Paulo Lopes and Paulo R. Lopes (they’re not related, before you ask), with a little contribution from myself, came up with the method I’ll describe next.

 

You can run the following command to perform a DL export from an Exchange 5.5 server (E55SERVER) in a Windows NT 4.0 Domain (NT4DOMAIN), using an NT4 account (NT4ACCOUNT) as the credentials:

 

ldifde -m -f DL_E55_OUT.txt -s E55SERVER -u -r "(objectClass=groupOfNames)" -l objectClass,rdn,cn,mail,otherMailbox,Extension-Attribute-1,Extension-Attribute-2,Extension-Attribute-3,Extension-Attribute-4,Extension-Attribute-5,Extension-Attribute-6,Extension-Attribute-7,Extension-Attribute-8,Extension-Attribute-9,Extension-Attribute-10,Extension-Attribute-11,Extension-Attribute-12,Extension-Attribute-13,Extension-Attribute-14,Extension-Attribute-15,textEncodedORaddress,uid,member -b NT4ACCOUNT NT4DOMAIN *

 

Then you must run a CSVDE export, in order to get the right Display Name:

 

csvde -f MB_E55_OUT.txt -s E55SERVER -u -r "(objectClass=*)" -l objectClass,Admin-Display-Name,rdn,cn -b NTACCOUNT NT4DOMAIN *

 

The last step to import the DLs to Active Directory is to run LDIFDE again:

 

ldifde -i  -f DL_E55_IN.txt -s <GC_SERVER> -j .\

 

The main problem with this method is that you’ll have to do some tweaking on those LDFIDE and CSVDE files in order to import them properly to the Active Directory. This can become a long, long time-consuming task (I know, I’ve been there). So I decided to create a script in order to automate this process.

Here is a brief description of what the script does:

 

1. Extracts Distribution Lists to a file using LDIFDE;

2. Extracts Exchange 5.5 Directory to a file using CSVDE (this is only necessary to match a user's display name to his account name);

3. Modifies the first extracted file so that it can be imported using LDIFDE. Here is where the script does all its magic;

4. Imports DLs to Active directory as UDGs.

 

You still have to use ADC to synchronize the GAL. In fact, you must first import Exchange 5.5 users if you want the migrated DLs to be populated. So I strongly advise you to read the following KB article:

XGEN: How to Configure a Two-Way Recipient Connection Agreement for Exchange Server 5.5 User, http://support.microsoft.com/?kbid=296260

 

Don’t forget that before you can run the script, you’ll have to modify the following variables:

strDN: the Distinguished Name of the destination OU

E55Server: the Exchange 5.5 server

GCServer: the Global Catalog server

NTUser: the NT User Account to connect to the source domain

NTDomain: the NT source domain

 

I don’t wish to bother you with one of those big disclaimers about responsibility or copyright, so I’ll just say that I’m offering you this script with the best of intentions, but you should always test before doing anything that can compromise your production environment. Besides that, feel free to distribute it to all your friends and to modify it, although I would appreciate that you drop me an email in case of new improvements.

Any feedback is always welcome.

The script is availbale on this link:

http://www.msd2d.com/fileUploads/f9bcb0b1-7263-4d97-9b49-14ac6d62ff26/DLMig_0.3.10.zip

This is a copy of an article I wrote for MSD2D.com:

 

Anyone who knows Exchange has probably heard by now that Exchange is a memory eater. As a rule of thumb one might say that the first measure to improve Exchange performance is to provide more memory to the server.

The store process is the main responsible for this behaviour, since store.exe starts it will grab as much memory as it can possibly get. This behaviour is often wrongly seen as a problem or as a memory leak, but actually it’s a normal and expected operation. Besides, Exchange can return memory to the operating system using an algorithm known as Dynamic Buffer Allocation. And yes, you can limit the maximum amount of memory that Exchange uses by reducing the ESE Buffer size.

 

By these days, memory is not as expensive as it used to be, so it’s easy to find Exchange servers with a couple of GB of RAM. But with all this memory, you’ll have to give a little help to make Exchange use it wisely. If you have a server with more than 1GB of RAM, there are some configuration parameters you can change in order to optimize Exchange memory usage.

 

I’ll describe the modifications you should do just for Exchange 2003 running on Windows 2003. There are slightly differences for Windows 2000, but I will not mention them in order to keep this article shorter (if you really want to know the differences feel free to drop me an email).

You should not make any modifications to servers that do not contain any mailboxes or public folders (front-ends or bridgeheads), neither to Exchange Server computers which are at the same time Active Directory Domain Controllers or Global Catalogs.

 

1. First of all you should add the switches /3GB and /USERVA=3030 to boot.ini. The /3GB switch modifies the way virtual address space is created so that 3 gigabytes are available for user mode applications. By default, Windows reserves 2GB for kernel and another 2GB for user mode processes. The /USERVA switch is a more precise tuning Microsoft recommends that increases the system page table entries (PTE) by 42MB.
2. Configure the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\HeapDeCommitFreeBlockThreshold registry value to 0x00040000. The HeapDecommitFreeBlockThreshold registry key specifies the number of contiguous bytes above which the memory is decomitted rather than retained for reuse, thus avoiding virtual memory fragmentation.
3. If you have a server with more than 2 GB of memory, it may help to increase the size of the Store Database Cache (aka ESE buffer). Because of virtual address space limitations, this value must not be set higher than 1200 MB. You should use Windows Performance utility to monitor the memory of the server before you change this setting. To do this, monitor the following performance object and value:

Performance object: Process
Performance counter: Virtual Bytes
Instance: STORE

If you have a server that is configured with the /3GB and the virtual bytes counter is at 2.5 GB when the server is heavily loaded, you may be able to increase your maximum buffer size by about 300 MB, for a total size of 1200 MB. But keep in mind that increasing the buffer size may adversely affect server performance, so you’ll have to be very careful with this setting.

To modify the ESE Buffer size you may use the ADSI Edit utility. Under Configuration Container expand CN=Services, CN=Microsoft Exchange, CN=OrganizationName, CN=Administrative Groups, CN=First Administrative Group, CN=Servers, CN=servername. Under CN=servername, right-click CN=InformationStore, and then click Properties. Find the msExchESEParamCacheSizeMax property and in the Edit Attribute box, type the value that you want to assign to it (make sure that you enter a value that is a multiple of 8,192).  Click Set, and then click OK.

4. Verify that the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\SystemPages registry value is set to 0.

 

After making all of these modifications you must restart your server for these changes to take effect.

 

Remember that there is no point in having a dedicated Exchange server with more than 4GB of memory. Although this may constitute a surprise for some of you, Exchange Server does not support instancing, Physical Address Extension (PAE), or Address Windowing Extensions (AWE). Therefore, 4 GB of RAM is the maximum amount of memory that an Exchange Server computer can efficiently use.

 

If you want to know more about Exchange Server memory usage, there are some Knowledge Base articles dedicated to this issue:

 

“How to Optimize Memory Usage in Exchange Server 2003”

http://support.microsoft.com/?kbid=815372

 

“Using the /Userva Switch on Windows Server 2003-based computer that are running Exchange Server”

http://support.microsoft.com/?kbid=810371

 

“The "HeapDecommitFreeBlockThreshold" registry key”

http://support.microsoft.com/?kbid=315407

 

“CPU and Memory Scalability for Exchange 2000 and Exchange 2003”

http://support.microsoft.com/?kbid=827281

 

“How to troubleshoot virtual memory fragmentation in Exchange Server 2003 and Exchange 2000 Server”

http://support.microsoft.com/?kbid=325044

Primeiro que tudo, desculpem-me o plágio do título deste post. É que eu vi este trocadilho recentemente algures na internet, embora nao me lembre onde.

Pois bem, ainda não decidi ao certo o que escrever neste blog, se será uma continuação do meu outro blog que tenho num concorrente do MSN Spaces :-)

Por isso enquanto não "posto" aqui, fazem favor de se dirigirem a http://ehlo.blogspot.com.

* For those of you who don't understand Portuguese, don't worry! I've just said a bunch of silly things.