Windows Multiple Desktops

I was looking for a virtual desktop solution on windows platform so that I can manage my works easier and don't get caught in a messy screen full of windows! Microsoft has provided a free tool on it as part of its PowerToys package (Virtual Desktop Manager) but I was expecting something more flexible which I finally ended up with VirtuaWin. With VirtuaWin you can easily move between four different desktops and transfer your open windows to any desktop you like.

Openfire an easy to use IM Server

Openfire (formerly wildfire) from "Ignite Realtime" is a free and easy to install IM server based on XMPP protocol which is available for Windows, Linux and Mac platforms.
I have tried the windows version and it worked nice. Its client is named "spark" and there is a web-based client (Sparkweb) available as well.
I got to this simple and easy IM server while I was searching for a Linux client for Microsoft Live Communication Server. I have crawled a lot a of forums and after all it seems that there is no solution to that in the Linux world yet. Some posts on using Wine was available but the people who tested it didn't come out with a positive result.

How to Send Windows Events to Syslog Server

Once we have our Syslog server up and running we can easily configure all our network devices and Linux/Unix like servers to send their events to the Syslog server but this is not true for Microsoft Windows Servers as Microsoft do not support Syslog.
There are free softwares to convert Microsoft Windows Event Viewer logs into Syslog format and send it over to our Syslog server though.
I am going to introduce three different windows to Syslog forwarders here.
I have introduced the first one before and still insist on using the first one since it has more flexibility over the others like filtering out any messages we don't like to be forwarded or adding other applications log files and its development team is more active:
1- Datagram SyslogAgent
2- Eventlog to Syslog (Purdue University)
One of my visitors noted this one and I ran an initial test on it and it seems to be working fine and it is worth to see what he/she has commented:

"Purdue University has an outstanding Eventlog to Syslog utility. It's lightweight and completely free. It also runs on Win2k3, Vista, 32-bit and 64-bit systems.
I use it to forward event logs from about 160 servers, and have had no issues whatsoever."

3- NTSyslog
I had some issues with this one last time I tried to set it up so I gave up on this one.

Dig DNS Lookup in Windows!

Every System Administrator dealing with DNS administration knows the power of "dig" command-line tool in Linux/Unix environment. But there are times when an administrator needs to monitor and troubleshoot DNS from a Windows station and she would then realizes the deprivation!
The good news is that many Linux/Unix tools have been ported to windows (Check my post about Windows IPFW) and one of them is the "dig" utility.

The windows version of "dig" can be downloaded and installed from here: http://members.shaw.ca/nicholas.fong/dig/


For those who are new to "dig" the following link helps:
Dig Howto: http://www.madboa.com/geek/dig/

A great Free IE7 add-on

IE7Pro is a free IE7 add-on which brings a lot of great features to your browsing.
The followings are the features I like the most about IE7Pro:
Search Bar: This makes IE7 search like Firefox which brings up a search bar and you can run live lookups.
Tab History: Keeps a history of all opened tabs and I can easily browse from this list
Tab Recovery: If for any reason IE7 closes unexpectedly and I have had a couple of opened tabs it will show me the list of opened tabs the next time I run IE7.
Save Session: if I save a session by loading it the next time it will open all tabs I had open at time the I saved the session. (Very useful and time saving)
Save Pages as Images: This is really wonderful! I can save a whole page in .PNG format and it works very quick.
Page Auto Refresh: This way I can set an interval on each tab which IE7 will automatically reload the page!
Auto-scroll: Once enabled it will scroll down a page automatically with a tunable speed.

Exchange Server 2007 Component Architecture

Microsoft changed the Exchange Server architecture dramatically in its 2007 edition and instead of just a Back-End and Front-End role there are five different roles; Hub-Transport, Edge-Transport, Mailbox, Client Access and Unified Messaging.

Download Microsoft Exchange Server 2007 Component Architecture Diagram From Here:
Microsoft Exchange Server 2007 Component Architecture

GFI Endpoint Security

For those who are very concerned over host security in terms of information theft or malicious code infections through CD/DVD, USB Storages,Tape Devices, Serial and Parallell ports, Printers, etc. GFI Endpoint will be the solution.
It works in a client/Server manner which the Endpoint Server controls hosts by deploying an agent to every desired host. (GFI also provides its agent in .msi file which is very good for large Active Directory Deployments.)
Endpoint makes it possible to block or put restrictions on each device type (Read-Only or Full-Access) based on users or groups and provides great reporting on all events.
If someone has Full-Access permission over any kind of available devices it will log all applications which were used and the filenames which were transfered or printed.
If you are wondering how to block access to USB and CD drives try GFI Endpoint.
For more info check GFI EndpointSecurity Here!

Exchange Server Event ID:505

Yesterday I was called in by a customer to resolve a mount issue on a Microsoft Exchange Server 2003 database. This one was new to me and easy to resolve!
I could see "Event ID: 505" in application logs saying:

Information Store (2028) An attempt to open the compressed file "drive:\Exchsrvr\MDBDATA\priv1.edb" for read / write access failed because it could not be converted to a normal file. The open file operation will fail with error -4005 (0xfffff05b). To prevent this error in the future you can manually decompress the file and change the compression state of the containing folder to uncompressed. Writing to this file when it is compressed is not supported."

Exchange server 2000 service pack 3 and later versions can not open databases which are compressed with NTFS compression feature. So the only resolution would be to uncompress the folder holding exchange server databases. for me this worked nice but Microsoft also recommends running an offline defragmentation (eseutil /d "database location") before mounting the database.
For more info check this:
Database does not mount, and you receive error 0xfffff05b after you apply SP3 to Exchange 2000

Windows Installation Over Network!

I don't like these kind of things but I had to figure out how to boot a PC with a blank hard disk, create partitions for OS installation, format them and then start windows XP installation over network, which needs all the required drivers for TCP/IP support in MS-DOS only environment.
MS-DOS boot disk with TCP/IP networking enabled can be obtained for free at:
Universal TCP/IP Network Bootdisk
If your hard disk is not formatted you can aquire standard MS-DOS boot disks from here which comes with FDISK and FORMAT commands:
Free Boot Disks

After creating partitions and formatting them with the standard MS-DOS boot disk the Universal TCP/IP network bootdisk (Supports both static and DHCP configuration) helps creating and connecting to a network drive which holds the installation files.

Free Windows TFTP and Syslog server!

It might sound crazy but I got a Cisco PIX firewall at home (PIX 501) and my internet traffic is running through it with a PPPoE connection and I have configured it to accept remote VPN connections as well in case I need to access my data at home while at work.
I was looking for a free and light TFTP server to backup my PIX configuration regularly and I found exactly what I was looking for at http://tftpd32.jounin.net/. tftpd32 is not just a TFTP server but also a DHCP and Syslog server as well. The next question was running TFTP as a service which I found the answer here: HOW TO install Windows tftpd as service.

Access is Denied: c0070005

I was called in by a customer to look into a problem they had been experiencing for a long time. On their Active Directory Domain Controller, when the administrator user logs in it receives an "Access is Denied" dialogue box with "Win32" facility and "ID no: c0070005" as bellow in "Active Directory Users and Computers" by right-clicking on every object:


Another symptom was that the administrator user could not run Exchange Server System Manager. But a user with administrator privilege did not get any of these errors.
There are a lot of causes and resolutions mention on different forums, Microsoft official support website and blogs but finally I found one matching and resolving my problem Here!
The problem was that someone or some process had added Administrator user account to the "Guests" and "Domain Guests" group! I suspect that an application or process did this modification and not a user!

Changes in Exchange Server 2007

Here is a list of things that were considered a requirement or limitation in exchange 2003 but we can say "NO" to, in exchange 2007:

• Installing SMTP and NNTP services prior to exchange 2007 installation not required anymore.
• No need to run ForestPrep and DomainPrep manually. Exchange 2007 installation will handle this automatically.
• OWA users don't need to have Microsoft Word, Excel, Powerpoint and even PDF reader installed to view attachment of these sort. The new OWA will convert them to HTML.
• You don't need a VPN tunnel if you have received a link to a file share or sharepoint service via OWA. The LinkAccess retrieves the document.
• If clients are running Outlook 2007 there is no need to worry about the configuration. Exchange Server 2007 automatically discovers the client and configures its Outlook profile upon log in.
• No need to consider Exchange Routing Groups anymore. The exchange routing topology is simplified and is build on existing Active Directory Sites.
• No "Recipient Update Service" anymore!
• No "Front-end" and "Back-end" servers! In the new modular architecture things are different and the "Edge-Transport" role takes the position of front-end which is also more secure. An outstanding security relief is that "Edge-Transport" does not need to be joined to the domain! I like this very much.
  
• There is no "Recipient Policies" in exchange 2007. Instead we have "Accepted Domains" and "Email Address Policy". Changes to recipients apply in real-time now.
  
• In Exchange 2003, Journaling was possible at the mail-box level but Exchange 2007 has gone beyond that and journaling can be accomplished per-database, per-user, per-distribution group and also it can be narrowed to internal or external emails.
• No "Storage" size limit on Exchange 2007 Standard Edition (75GB on Exchange 2003+SP2)
• Global Address List browsing is possible in OWA 2007 like it is in Microsoft Outlook (We could only search GAL in OWA 2003)

Well, there are more cool stuff in Exchange 2007 and this list just points out the facts that I was interested in so it is incomplete because my knowledge on new features in Exchange 2007 is not thorough.
I will try to add more lines to this list upon progress in my findings.

Firewalling Windows Servers with IPFW

For some time I spent thinking of an IPTable like firewall for host protection on windows servers and I didn't know whether there is one available until I gave it a try and surprisingly found WIPFW. I find it very cool to have a unix based firewall on my windows boxes!
WIPFW is the Windows version of FreeBSD IPFW firewal and It can be used on any version of windows, starting with windows 2000.
It gives a lot of flexibility in the way rules can be applied to different sort of traffic and it can also keep track of the states of packets as well. There are a lot of great features that comes with it and it can be checked through its online documentation. Any IPTable administrator can figure it out quickly.

Some missing features in its current release(0.2.8) are as follow:

• Unable to change packet contents
• No traffic shaping capabilities
• Does not support SNAT and DNAT

Check here for documentation and product download:
WIPFW: Windows Operable Version of BSD IPFW

Check also here for more info on WIPFW:
Jameser's Tech Tips: Stateful Packet Filter for Windows

Learn more about the original IPFW:
ONLamp - BSD Firewalls: IPFW
IPFW How-To

What's new in Outlook Web Access 2007

This flash presentation from Microsoft gets you through the new features of Outlook Web Access(OWA) in Exchange Server 2007. Microsoft is making it possible to do away with Outlook software with these great improvements. Now, everything can be done by OWA as easy as the standalone software. I really love these guys at Microsoft!
Do not miss this:
Microsoft Exchange Outlook Web Access

Microsoft FTP Service Default Behavior!

On Microsoft FTP server when there is a folder named after the logged in user in the defined FTP root folder then once the user has logged in, it jumps to that folder automatically. This is what I knew from some time ago but some days ago I made a new discovery! When there is no relevant folder to the logged in user, Microsoft FTP service does not give up easily and looks to see whether it can find a folder named "default" and jumps to that directory if it is located in the FTP root folder! I am not happy with these undocumented behaviors and I couldn't find any answer on how to change these defaults.

Add Syslog Support to Windows Servers

Windows does not support syslog but with a free add-on this ability can be added to all servers. SyslogAgent runs as a service on Windows Servers and it can convert all logs including logs in event viewer and service log files like those IIS generates for FTP, WWW and SMTP to syslog format and sends it to a central syslog server.
SyslogAgent is under GNU license, so it is free:
Datagram Free SyslogAgent

Does Windows Support SNMP v3?

Moving towards SNMP v3 needs some thinking before the final decision to make sure all parties included in the migration are capable of that! This includes the Managers and Agents.
Managers can be a major concern since many of them do not support SNMP v3 nodes which can cause the whole move to collapse in the planning phase!!!
Agents includes all Devices like Switches, Routers, Firewalls or operating systems (Windows and unix/linux family). Many devices come with SNMP v3.
For Unix and Linux servers the Net-SNMP provides a complete solution for the move but for Microsoft Windows servers it should be mentioned that the SNMP service which is built into the operating system does not support SNMP v3 but luckily there is an alternative which is installing the Windows version of Net-SNMP:
Installing Net-SNMP on Windows

Get Acquainted with Exchange Server 2007

Exchange Server 2007 has not only introduced a complete different interface but also has brought many new concepts! There is no need to get scared about the changes that come with this revolutionized edition as it is all about to bring us simplicity and integration. Here are some informative and useful links that gives some idea about the changes:

Understanding Exchange Server 2007 server roles
Step by step Setup walkthrough for Exchange 2007 Beta-2
The new Exchange 2007 Management Console overview
Recipient Management in Exchange 2007 - Overview
Exchange Server 2007 recipient management one-liners Part-1
Exchange Server 2007 Recipient Management One-Liners Part-2
How to do your top Exchange Server 2003 recipient tasks in Exchange Server 2007
Top Exchange 2003 Recipient Problems and how they're fixed in Exchange 2007

Mailbox & Message Size Limitations!

Mailbox and message size limitation must be a concern for every administrator dealing with mail and messaging servers and sometimes it is difficult to convince yourself or users why there should be strict limitations on mailbox and message size.
Check this out to learn about issues that might arise when not having such policies in place:
Thinking about Mailbox and Message Size Limits

IE 7.0 Beta 2 BUG?

I don't know whether I can call this a bug or a local problem! when I download PDF files with IE 7.0 Beta 2 they are all corrupted while using Firefox with the same PDF file everything is OK!

Top 11 Hidden Features in OWA

Follow the link to learn about 11 hidden features in Outlook Web Access for Exchange Server 2003

Top 11 Hidden Features in Outlook Web Access for Exchange 2003

Upgrading Exchange Server From 2000 to 2003

I have gone through a lot of different exchange server tasks from implementation and troubleshooting but the upgrade task was always out of my list since last week. Last week I started an exchange server upgrade with a lot of panic and concern. It was one of the rare cases which I was completely reluctant taking responsibility but I got through it smoothly. I expected database problems after the upgrade so after the upgrade which was without a single error or glitch the first thing I checked were the databases and jumped out when all the database were mounted! Maybe I did take the task too difficult or I was very lucky! Anyway the upgrade process was from an exchange 2000 on a windows 2000 server with service pack 4 and all hotfixes applied and the only change I did was removing the instant messaging service that is among the services Microsoft recommends to remove before exchange 2003 upgrade and deleting the content of the badmail folder. Of course I did a full backup from exchange databases and also from the system state data.

Considerations when you upgrade to Exchange Server 2003

Publishing Web Server on ISA 2004

A couple of weeks ago I was working at a customer site who wanted to publish their POP3 and SMTP server as well as their web server. Publishing the SMTP and POP3 server was as simple as going through the mail server publishing wizard but it took me two days to find out out why the web publishing wizard didn't work as expected! It was nothing wrong with the the rules created by the wizard, Something was grabbing the traffic on port 80 so that the traffic couldn't reach the destined web server and this was the local IIS on ISA 2004 server. Stopping the "Default Web Server" and restarting IIS on the ISA 2004 server fixed the issue.

NAV Corporate and ISA 2004 On The Same Server

For Scenarios that Microsoft ISA 2004 and Norton antivirus Corporate Edition are located on the same server installing NAV Clients and Communication between NAV Clients and Server becomes an issue. If installing NAV Clients will be done locally from workstations creating a UDP protocol for sending port number 38293 and 1024-4999 and creating an Access Rule for this new protocol to allow traffic from Local Host to Internal network and vice versa makes it work (Note: Two Separate Access Rules Must Be Created). An Access rule for NetBIOS traffic from Internal Network to Local Host must also be created.
Although by this approach the client installation obstacle is overcome but NAV clients can not communicate with NAV Server and Outbound TCP port 2967 and 1024-4999 should also be opened in both directions.

Lock Down Exchange Server in 10 Steps

Exchange Server: Lock it down in 10 steps

Recommended Exchange Server Mailbox Size Limits

If you are concerned about you users mailbox size and the polices you need to enforce check this post for mailbox size recommendations. It will help your considerations:
Recommended Mailbox Size Limits

Downloads from Microsoft

Microsoft USB Flash Drive Manager

Use this application to backup and restore presentation, pictures, songs and applications from and to USB Flash Drive devices and take them with you. Use USB Flash Drives to store personal data, to keep your network configuration and to share information with your friends. Microsoft USB Flash Drive .

Microsoft Time Zone

Do you have relatives that live far away? Do you work with people from other countries? Use this simple utility to keep track of the time in other part of the world. Share your ideas without waking up your buddies.

Download Security at Home Videos

Some video downloads from Microsoft to learn:
- Protecting your computer from spyware
- What you should know about phishing scams
- Dealing with spam e-mail
- Keeping your computer up to date
- Protecting your privacy online
- Security overview
- Defending against viruses and worms
Check the following link for available downloads:
Download Security at Home Videos

Exchange Server 2003 and Domain Controllers - A Summary

Things to know for those planning or already having Exchange Server 2003 on domain controller.
Exchange Server 2003 and Domain Controllers - A Summary

Customize, Hide and Block Access to GAL

By default all mail and mailbox enabled users in Exchange server are available for access to everyone in the organization while some large organizations may not like this default behavior that lets people have access to all names and email addresses so they may force some policies to limit users access to employee information in Global Address List. Learn how to conform your exchange GAL security to organization policy:
How to Manage Address Lists When You Host Virtual Organizations

Finding Contacts in Public Folders with LookOut

Although it makes my outlook startup slow down but I needed a great search tool able to look up different contact folders in public folder at the same time instead of running the same query on every folder so I am using Lookout from Lookout Software again!

Top 10 KBs for Exchange Server Mobility

Microsoft TechNet: Top 10 KBs for Exchange Server Mobility: "Top 10 KBs for Exchange Server Mobility"

Windows 2003 RRAS & VPN

I have set up my first VPN server on a windows 2003 RRAS today and it works fine as now. A great improvement to RRAS in Windows 2003 is its built-in basic firewall which blocks every traffic coming from the WAN connection including ICMP requests and exclusions can be defined easily on ICMP traffic, applications and services to let the traffic pass the firewall. Once a client is connected to the VPN server over internet it acts as if it has locally connected to the LAN drop and all resources are accessible normally. Outlook 2003 will download headers on slow connection to retrieve data from Microsoft Exchange on requests. I tried to connect to our servers from the Remote Desktops console and this also worked fine. The PPTP VPN connection is the only concern regarding security so I will work on it to make L2TP work for us.

Microsoft Outlook SMS Add-in

This new Microsoft Outlook 2003 add-in helps sending SMS through Outlook 2003 and keep archiving sent messages like any email.
Office 2003 Add-in: Microsoft Outlook SMS Add-in (MOSA)

Exchange Server: Help Yourself

Some useful Exchange Server 2003 documentations and guides:
Microsoft TechNet: Exchange Server 2003 Operations Guide
Worksheet: Disaster Recovery Preparation for Exchange Server 2003
What to Do When an Exchange Store Won't Mount

Enterprising the Instant Message

The study found that the three leading uses of IM were not for customer or partner facing communications. The top three uses of IM in the enterprise noted by respondents were, casual intra-company communication, personal use and presence awareness.

We can not see any customer-partner relationship on the list! But still worth to implement internal IM solutions like Microsoft "Exchange Instant Messaging Service" or "Live Communication Server" because:
1- Improves staff loyalty towards their desks!!
2- No excuses over hovering around!
3- Presence awareness
4- Instant communication
5- face-to-face communications by establishing video sessions
6- Remote collaboration through application sharing session
7- Instant remote assistance
8- Instant file transfer
9- More fun at work :D

Enterprising the Instant Message

The 12 Commandments of Exchange Deployments

For those looking for Exchange Server deployment recommendation here are the "12 Commandments of Exchange Deployments" from Brien M. Posey (MVP & MCSE):

1- Do not connect your mail server directly to the Internet
2- Do not use questionable hardware
3- Place Branch Offices into Routing Groups
4- Do Not Install Exchange on a Domain Controller
5- Make global catalogs globally accessible
6- Use a front end/back end configuration when possible
7- Purchase Exchange-level antivirus software before you deploy Exchange
8- Think about redundancy when setting up routing group connectors
9- Plan for patch management
10- Do not overload a single Exchange server
11- Have an antispam plan
12- Take a training class

Follow the link to get the details on each commandment:
The 12 Commandments of Exchange Deployments

Protecting Microsoft Exchange with ISA Server 2004 Firewalls

Another great ISA Server topic from "Thomas W Shinder" telling how to protect Exchange Server by ISA 2004 and minimum changes to the current network.
Protecting Microsoft Exchange with ISA Server 2004 Firewalls

Being a Microsoft Exchange Fan!

I didn't mean to write on exchange server when I first started this blog but it turns out most posts are Exchange related now! I have become a Microsoft Exchange Server fan and dealing with this lovely and challenging beast cheers me up!

Protecting Exchange Data from Hard Disk Failure

For every Exchange Server Administrator failure on mailbox stores that seem to be from the lack of storage space is a nightmare and special considerations and monitoring is needed to stay away from long downtime when a drive reaches its capacity and mailbox stores stop functioning. Making daily full backups, making sure half of the drive is empty and keeping transaction logs and Exchange database files on separate disks are recommendation to stay safe.
328794 - How to protect Exchange data from hard disk failure

Customize SMTP Email Addresses by Recipient Policies

Using Recipient Policy in Exchange Server we can define the SMTP namespace that our mail system accepts emails from as well as the way email addresses are generated for each individual recipient. Basically the format that is used in recipient policy is @domainname and no control over individual email addresses is given by default. To customize and define the email alias scheme we can provide some arguments like %s (surname) and %g (first name). This means I can define a naming policy for generating email aliases using firstname and last name combinations. Lets take a look at some examples:
1)The SMTP namespace is "itbuzzer.net" and alias should be generated in "Firstname.Lastname" format: %g.%s@itbuzzer.net --> saeed.pazoki@itbuzzer.net
2) The SMTP namespace is "itbuzzer.net" and the policy should use the users Firstname plus the first 3 letters of the Lastname: %g%3s@itbuzzer.net --> saeedpaz@itbuzzer.net
Microsoft emphasizes that this replacement arguments should not be used in the default recipient policy and a new recipient policy should be created to prevent problems.
In the following KB more replacement arguments are explained:
822447 - How to Modify an SMTP E-Mail Address by Using Recipient Policies

Create a Black Hole to Kill NDRs

A "Black Hole" is a mail-enabled distribution group that has no members but SMTP email addresses! Black holes can be configured to address the issue that arises when an employee leaves and the corresponding mailbox is removed which results in the generation of NDRs when emails sent to that email address.
MS Exchange Blog : Black Holes - not just a space thing!

Configure MX Records for Incoming SMTP E-Mail Traffic

Exchange Server does not receive internet emails when MX record is not configured properly. This document explains why MX is necessary and goes over a couple of possible exchange scenarios and comes up with MX and A record configurations, Load Balancing, Fault tolerance and finally how to test the MX record configuration.
Configure MX Records for Incoming SMTP E-Mail Traffic

Outlook 2003 Junk E-mail Filter Update

Microsoft has released another update to Outlook 2003 Junk Email Filter which enhances junk e-mail detection:
Download details: Update for Outlook 2003: Junk E-mail Filter (KB870765)

How to defragment Exchange databases

This KB gives a short explanation of Exchange server online and offline database defragmentation and then focuses on offline defragmentation by using ESEUTIL utility.
328804 - How to defragment Exchange databases

Top tips for Outlook 2003

This topic is a digest of all features every Outlook 2003 user needs to know and great tips to make living easier with outlook 2003. Covers email, calendar, contact, keyboard shortcuts, customization, notes and task tips. Worth reading it even for Outlook gurus!
Microsoft Office Assistance: Top tips for Outlook

Prevent unsolicited commercial e-mail in Exchange 2000 Server

This KB article explains how Exchange Server 2000 can be protected against being relayed for unsolicited commercial email messages by preventing relaying, configuring IP address restrictions, implement authentication, set message limits, using reverse DNS lookup and configuring SMTP connectors.
319356 - How to prevent unsolicited commercial e-mail in Exchange 2000 Server

Exchange Support Tool: ExchDump

Download details: Exchange Support Tool: ExchDump: "ExchDump is a command line utility that gathers Exchange configuration information from various sources used in troubleshooting support issues. The utility DOES NOT make any registry changes or modifications to the operating system. The configuration information is written to one of two different output files."

W32/Rbot-EN : Worm and Backdoor

Back in my post on Monday, August 02 I explained how I was dealing with an issue brought about by a file named "Ethernet32m.exe" sitting in registry causing serious network problems by removing server hidden share folders. Today I could finally find a report on this saying it is a Worm and Backdoor that helps a remote user access the infected system through IRC:
Sophos virus analysis: W32/Rbot-EN

Exchange Server Badmail Deletion and Reporting

When it comes to disk space Microsoft Exchange talks as a beast eating up space which in many cases brings trouble to exchange admins. When Microsoft Exchange's drive becomes full it will unmount mailbox stores to protect against any data lost and alerting the system administrator. In many cases it is not the Exchange database that fills up the drive but it might be the Badmail folder or Transaction Logs that are wasting space. So, with some considerations in mind when implementing Exchange server, Backup strategy and some regular monitoring especially on badmail folder downtimes can be avoided with disk full errors. Going into the details will make it a long talk but for just dealing with Microsoft Exchange Badmail folder there are some scripts available which helps Exchange Server administrators to monitor the size of badmail folder regularly or even purge them automatically. Follow the link for details and downloading badmailreport and deletebadmail scripts:
MS Exchange Blog : Dealing with Badmail

Why is Exchange Store.exe so RAM hungry?

Why is Exchange Store.exe so RAM hungry?: "It is absolutely normal for Store.exe to grab as much RAM on the server as it can possibly get - as long as Store thinks it needs it to optimize performance. Store was written to do so."

Is "Ethernet32m.exe" a Trojan Horse or what?

Around two weeks ago I received a call from a customer complaining their server is not able to send and receive emails, Workstations are experiencing problems accessing network resources, Internet connection is overloaded and obscure "Net Send" application pop-up from an unknown source apparently from outside.
Looking into the problem showed that something malicious is running in the background on the server which removes the server hidden share folders (This is why users reported "The network name can not be found")and consumes the whole internet bandwidth by sending traffic to a range of IP addresses (the kind of traffic didn't bother me as I was supposed the fix the problem ASAP). Finally after examining the registry content (like HKLM\Software\Microsoft\Windows\CurrentVersion\Run)we could find out a file named "ethernet32m.exe" is loaded by server startup and is running as a service. No reports on the web for ethernet32m.exe to be a malicious file nor we could find any resource saying this is a system file. So we carefully made backup of System State data, switched to safe mode, removed WINDY\SYSTEM32\ethernet32m.exe, searched registry for any ethernet32m.exe entry and removed them all and back to normal operation mode again... It was gone!
I am still curious to know what exactly it was and how it could reach the server while the server console was locked! The Anti Virus solution recorded many Netsky, MyDoom and Beagle on client machines which all were quarantined but no logs on the server.

Exchange Server 2003 Technical Reference Guide

This guide is for Exchange Server experts who require detailed information about the architecture and interaction among core components of Microsoft Exchange Server 2003.

Download details: Exchange Server 2003 Technical Reference Guide

Lookout Your Desktop Search Engine!?

This Outlook Add-in is now free for everyone! And can be downloaded from Microsoft Download Center. Once installed it will index all the data on Outlook (Emails, Tasks, Calendars, Contacts, Notes and Posts) and additional folders outside outlook on any drive can also be set to be indexed which turns this add-in into a desktop search engine without exaggeration.
It also gives the option to restrict search to specific times, only contacts, only emials, only in files or results with attachment.
Download details: Lookout V1.2

UPDATE: I don't know why but Microsoft has removed Lookout from its Download Center! Lookout can be downloaded from "Lookout Software" website.

Download The Antivirus Defense-in-Depth Guide

The Antivirus Defense-in-Depth Guide provides an easy to understand overview of different types of malware, or malicious software, including information about the risks they pose, malware characteristics, means of replication, and payloads. The guide details considerations for planning and implementing a comprehensive antivirus defense for your organization, and provides information on defense-in-depth planning and related tools that you can use to help reduce your risk of infection. The final chapter of the guide provides a comprehensive methodology to help you quickly and effectively respond to and recover from malware outbreaks or incidents (More)

Download the complete solution in PDF here:
Download details: The Antivirus Defense-in-Depth Guide

Windows Hidden Share Folders

When Microsoft Windows hidden folders like IPC$ (Remote IPC), ADMIN$ (Remote Admin) or C$ are removed, serious network access issues will arise... "The network name can not be found" will pop-up when trying to access resources inside Network neighborhood or My Network Places and "This server is not configured for transactions" when trying to join a workstation to a domain. The work-around is to recreate the folders by "Net Share" command:
Net share ADMIN$
Net share IPC$
Net share C$=C:
But fixing the problem gets difficult when a Trojan, Worm or Backdoor disconnects these drives as part of its process by simply issuing commands in the background like:
net share /delete IPC$ /y
net share /delete ADMIN$ /y
net share /delete C$ /y
net share D$ /delete
net share C$ /delete
net share /del IPC$ /y
net share /del e$ /y
net share /del d$ /y
net share /del C$ /y
net share /del admin$
And this is done on regular basis resulting the disappearance of system hidden shares every couple of minutes. Hard and time consuming task to find out what is really causing the disappearance of these system crucial share folders!

All-In-One Tools Download For Exchange

Exchange 2003: All-In-One Tools Download

Know your ExMerge Lessons?

Some interesting links that give explanations over Exchange Server ExMerge tool and how it can help:
1- EXMerge is your friend

2- Some Questions and Answers About the Exmerge Utility:

What Are the Possible Uses of Exmerge?
You can use Exmerge to extract mail from a damaged private information store. Exmerge puts this mail into .pst files that you can import back into an undamaged private information store.
You can use Exmerge to locate and remove a specific e-mail message from the private information store (for example, virus mail).
You can use Exmerge to migrate users between different organizations and sites by copying the users' mail to .pst files that you can then import into the new organization or site.
You can use Exmerge to extract folder rules.
In some situations, you can even use Exmerge as a brick-level backup agent, although Exmerge does not have the ability to write the data to a backup tape. (More)

3- Using EXMERGE To Delete Message From Your Exchange Server :

One question that seems to come up a lot is “How can I delete a message from all the users mailboxes”, this question gets asked for many reasons, such as someone sent an email to the wrong group of people, you know that a message is in your system that contains an attachments that you do not want your users opening, you can probably think of a few more reasons... More

4- How can I delete all occurrences of a message from a Microsoft Exchange Server 2003 mail database?

Although you can recall sent messages in Exchange, recalling a message doesn't reliably delete all occurrences of it. Sometimes you'll want to remove all traces of a message--for example, when a former employee sends a malicious email message to current employees. You can use the Mailbox Merge Wizard (Exmerge) utility... More

5- Cleaning the Nasty Stuff Off Your Exchange Server

Exchange NDRs Can Not Be Customized

Have you ever thought that customizing some of the Exchange Server non-delivery reports can reduce the number of IT support calls and help end users find out what is going wrong and whether they have to call for support or they can handle the problem on their own?
Let's say you have limited your Exchange users from sending out emails larger than 5MB in size. Now, when users send emails larger than 5MB they receive a non-delivery report with an error code and some odd text from the users standpoint! At best the user calls for support and at worst she ignores the report and assumes that all emails have been delivered! So, customizing the non-delivery report and replacing a friendly report with some instructions to scatter attachments into different emails would be a nice option IF IT WAS SUPPORTED UNDER MICROSOFT EXCHANGE SERVER!
In the last few days I spent a lot of time looking for a way to customize Exchange NDRs and couldn't find any resolution through Microsoft Online Support and searching the web. Finally someone from Microsoft PSS reached my post at Microsoft's newsgroup :

There is currently no functionality built into Microsoft Exchange that allows you to modify the text of an NDR.

Should Outlook 2003 block graphics from downloading?

By default Outlook 2003 doesn't download pictures from external sources included in HTML codes. Putting images inside HTML codes is a method that spammers use to find active and working email addresses so leaving this feature intact is suggested but if you receive regular HTML emails find the work-around here:
Set Outlook 2003 to automatically download graphics
You can also stick to the default settings and force picture downloads on every email individually or adding a specific sender or domain to to safe sender list by right clicking on a blocked image and select the options available:

Repairing Exchange databases with ESEUTIL

I have been called in to repair Exchange Server databases a couple of times so far. All had the same symptom; the mailbox stores couldn't mount and it came after a server migration, power failure or backup restore.
In all those cases I couldn't fix the problem without the help of ESEUTIL, Event Viewer and Microsoft's online support. This very interesting post goes through a step by step process to troubleshoot and fix an Exchange database issue by using ESEUTIL and some other great notes that an Exchange server administrator should not miss :
Repairing Exchange databases with ESEUTIL - when and how?
You feel like standing in the middle of hell when your Exchange Server stops functioning during business hours and you keep receiving calls from sales, marketing, accounting and worse of all, your Boss!!!

Spike : Copy, Paste, Collaborate on the Net!

This is something that comes to everyone's interest, especially those having no email system in place or working in a workgroup environment or home networks. An easy to use and handy tool that help you share the content of your clipboard in the network! It means that once you copy a text, PDF, MP3, Word Document, ... File into the clipboard, members of the network running spike on their machine can copy and paste it to their machines,it is that easy!!
Download It From Here :
Spike from Porchdog Software

Some Guidelines:
1- By default your clipboard will be shared and exposed to everyone having spike installed so not a bad idea to remove the checkmark next to share on the context menu of History clipboard entry and create a new clipboard and share this new created clipboard. This way you can easily drag & drop those contents which you want to be shared from History to the new created clipboard in my case "secure" :

2- Still want to expose your clipboard to everyone but looking for security? Go to Network tab in preferences and just set a password so that everyone trying to access your clipboard should first present a password:

THANKS TO THIS POST:
Adam's Mindspace

Configuring an Inbound and Outbound SMTP Relay

Thomas Shinder which is popular for his great "Configuring ISA Server 2000" and "ISA Server Beyond" books has started the first part of an article addressing how to configure an inbound and outbound SMTP relay to keep the mail server secure. In This part he has tried to go through the relay concept, what a relay is and why it is important. He has also pointed out to an online utility whereby you can check your relay configuration and make sure it is not open to Spammers:
Configuring an Inbound and Outbound SMTP Relay

Deployment changes in Exchange 2003 SP1

Check for descriptions of some major changes and features coming with Exchange Server SP1 :
Deployment changes in Exchange 2003 SP1
by the way, don't scare away... I am not going to just talk about Microsoft Exchange!

Service Pack 1 for Exchange Server 2003

Microsoft Exchange 2003 SP1 now available :
Download Microsoft Service Pack 1 for Exchange Server 2003

Don't miss the Release Notes if you don't want missing Your Exchange Server after applying SP1!!!
SP1 Release Notes

Issue : Two SMTP domains, one single Exchange Server!?

I am supposed to work on a new Microsoft Exchange scenario. A customer (abc.com) has acquired another company (def.com) and they want a single exchange server handle both smtp domains and I haven't done this before! Once I worked on a scenario where the customer wanted to share the same smtp domain with another exchange server! They needed more space at their office so moved some of their departments to a different location and then two exchange servers with the same smtp domain were in place. The following link will help to accomplish this:

How to Configure Exchange to Forward Messages to a Foreign Messaging System That Shares the Same SMTP Domain Name Space

This new one doesn't seem difficult but a couple of things must be taken into account :
1- The customer is using a scheduled dial-up connection for mail delivery
2- The exchange server is using another mail server on the public network as its smart host.
3- A third party pop3 connector is handling delivery to the smart host
I think The difficult part is calling the ISP and asking for MX records!

Port Requirements for the Microsoft Windows Server System

Check this out! A complete list of ports used in Microsoft Server Systems with lots of other interesting links. This should definitely be kept in your favorites:

Port Requirements for the Microsoft Windows Server System