Gerod Serafin's WebLog

Monday Morning at Tech-Ed 2006

I thought I would start off with a picture of Cliff Chao with some people on the Expo Hall floor.  Cliff is the one with the small head.  :)

Here is another picture of Boston from the Convention Center.

One thing I like about going to Tech-Ed is seeing what we tell the public.  A lot of the stuff they talk about has been internal knowledge and I like to tell others about it, but can’t.  Once the beans are spilled at Tech-Ed, its fair game though.

Some things overheard that are just a little funny:

·         “Do more with more” – This was a line that Mary Lynn Rajskub from “24” fame said.  She was there Sunday night.  She did a good job.

·         “How many of your users are asking for less mailbox space?” – Steve Tramack (HP) 

·         “IT jokes are stooped.” – a note that was passed around during one of the sessions.  It kept getting brought up when lame jokes were presented.

·         “It is just so hard to find good Speedos anymore.” – Don’t ask.

ESRP session:

I went to a presentation where Matt Gossage spoke.  I knew him as the Exchange performance “go to” guy.  If you wanted to know anything about how to speed up Exchange, he was most likely the guy you wanted to talk about since he was a tester.  Now he is a PM for the CXP group.  CXP stands for Customer eXPerience.  Matt was talking about ESRP (Exchange Solution Reviewed Program).  This was the first time I had heard of it even though it was announced late 2005.

ESRP is a program where partners test their solutions for SANs and they then submit it to the Microsoft Product Group for review.  It gets checked for completeness and then they submit the results for you to view.  Why is this so cool?  Because configuring and testing a SAN with Exchange can be very difficult. 

Take a look at the solutions listed there.  There are solutions for 2000, 4000, 6000, and even 40,000 mailbox environments that have been tested.  Can you imagine how much work you would have to do to test a 40,000 mailbox setup?  And the great thing is that a lot of these solutions are designed to be “bricks”.  If you have a 12,000 mailbox environment you could use 2 of the 6000 mailbox solutions together.

A beta build of Jetstress 2007 will be released in July of 2006.  It will be 64 bit.

For testing you can use these tools:

• Exchange Server Profile Analyzer (EPA) – This looks at your databases to allow you to create a profile of your environment.
• System Center Capacity Planner 2006 – Using the profile from EPA you can plan deployments of Exchange 2003.
• Jetstress – This stresses your SAN as Exchange would. 

Documentation on Storage performance:

• Optimizing Storage for Exchange 2003 – Newly updated to include:
  • The number of items in a folder affects performance.
  • The number of mailboxes on a server affects performance.
  • The number of databases on a server affects performance.
  • Single Instance Storage and Exchange 5.5 upgrades.
  • Blackberry impact on storage
  • User Profiles
• Exchange Server 2003 Performance and Scalability Guide
• Troubleshooting Exchange Server 2003 Performance -or just run the Microsoft Exchange Server Performance Troubleshooting Analyzer Tool (EXPTA)

More to come...

Not Live from Boston – It’s Tech-Ed 2006!!! (Sunday)

It’s been 3 days since I got here and I finally have gotten around to writing an update.

Sunday:

It took no less than an hour to get from the hotel to the convention center.  I am not kidding.  SUNDAY!!!  It’s not even a work day.  Why is traffic so bad here?

I got registered.  Here is a picture of the bag, since I know you are wondering...

What swag is in it?  The usual stuff: magazines, CDs, a few DVDs.  What DVDs?  Beta 2 versions of Office System 2007, Office SharePoint Server 2007, Office Groove Server 2007, Office Project Server 2007, Windows Vista (x86 and x64) and Windows Server Code Name “Longhorn”.

After checking in, I went to dinner only to look at the schedule and realize that the Keynotes were that night from 7:00 to 9:30.  That was not what I expected. 

Some things that I picked up from the Keynotes:

MaaS – This was a new acronym for me.  It means “Management as a Service”  Not sure how common that acronym is since I only saw it was listed 4 times together on Google.  I’m proud to say that Live.com found it more often than that.  It also contained more recent blog entries on it.  Way to go guys!!!  Back to MaaS – Exchange Hosted Services and the newly announced Forefront Client Security Services are examples of this.

The next version of Microsoft Operations Manager will be called System Center Operations Manager.  MOM just sounds better than SCOM, don’t you think?  “MOM takes care of my Enterprise” has a nice ring to it.  I’ll stop there.

Bob Muglia spoke of 4 Promises –

1) Manage Complexity, Achieve Agility – Bingo!  (kidding) 

• We are looking to do Virtualization at three levels: Hardware, OS and Application.
• I think I heard that Softricity (another acquisition intent) allows you to run two versions of Office on one desktop.
• There was a demo of the Virtual Machine Manager (in Longhorn?) that allows you to dynamically hot add memory and CPUs to your Virtual servers.
• Another demo: There is a wizard you can run to migrate a Physical server to Virtual Server.
• System Center Operations Manager will have a task to add more memory to a Virtual Server instance if needed.  You can even have it done automatically.
• Deployment of Vista is better with a System Image manager that allows you to see the components of an image and modify them.
• SMS allows you to run an inventory of your machines to find out what machines you can deploy Vista on.

2) Protect Information, Control Access

• Windows Update allow 250 Million computers to be updated within 72 hours of patch release.
• Forefront was mentioned again.  You can find information about it at http://www.microsoft.com/forefront/default.mspx .  It seems like a Suite of products that include Antigen for Exchange, SharePoint and Microsoft Client Protection.
• I heard that Antigen for Exchange removes only the infected files from zip files and lets the clean files through.  That was nice to know.
• Antigen for SharePoint recognizes when you rename a file so that it’s extension is different and will still block it if that attachment type is not allowed.

3)  Advance the Business with IT Solutions

• The Products that do this are Visual Studio and Expression.  I’m not a developer, so this was over my head.

4)  Amplify the impact of your People

• Outlook Voice Access (OVA) – New to Exchange Server 2007.  This is the ability to check your email over the phone.  Actually it does more than that.  Evidently there is a lot of buzz over this.  In the spirit of being “Honest and Respectful”:  I’m not sure I would use this, but I suppose that there are those that would love to have this.  It looks innovative to me which I am very happy to see.  The speech recognition of the product seems good.  The voice also sounds very good.  I just hate to have people reading to me.  I like to read too much.
• The future of search allow us to search the intranet and find content and then sort it by the writer’s Social relevance to me in the company.  That way I can find data that is more relevant to my job.  I’ve used this, and it is very interesting.
• I heard the term Wiki again.  On a side note: I used to live in Hawaii and when I lived there my roommate and I used to say “wiki wiki wiki” every time we saw the Wiki Wiki buses at the Airport.  Turns out that is where the term Wiki comes from.
• Slide Library – This was spoken of by Bill Gates in 2005, but this was the first time I saw this.  It is part of SharePoint which along with Powerpoint 2007 allows you to do a search of your PPT library for that one Slide that you need to add to your own slide deck.  Then you choose to add it. 
• Over 600K laptops are lost every year?  Bitlocker would be helpful in those instances.  Some estimates from other companies put this at 1-2 Million.

Well that is it for Sunday.  I’ll add some more later.

I'll be at Tech-Ed 2006

Just a note to let everyone know that I'll be at Tech-Ed 2006 in Boston.  I'll be there with one of my favorite customers from Healthcare and Life Sciences.  Go ahead and email me if you would like to meet up for lunch or something.  The more the merrier.  As Starsky says:  "No, seriously, come on, do it. Do it. "

New tools for Exchange 2003

There are some "new" or updated tools up on the Exchange 2003 download site. 

1. Exchange MAPI Client and Collaboration Data Objects 1.2.1
   Ok, not a tool.  But it is interesting to note that this got posted.  As the site says: "Starting with the Beta 2 release of Microsoft Exchange Server 2007, neither the Messaging API (MAPI) client libraries nor CDO 1.2.1 are provided as part of the product. The result is missing functionality that many server applications depend on. This tool provides access to these APIs, thereby providing access to the contents of the Exchange store and Active Directory."  Expect to learn more about this later. 
2. Jetstress (English only)
   This has been updated with some fixes.
3. MAPI Editor (English only)
   The filename still is MFCMAPI.exe but now it is called MAPI Editor.  Stephen Griffin calls it the "next version of MFCMAPI".  Makes sense.
4. Microsoft Exchange Server Best Practices Analyzer Tool, Version 2.7
   Even more rules...  When will it ever end?  Hopefully never.  Wouldn't it be great if this was just part of the product?  <wink>  That would be so cool.
5. Profile Analyzer (English only)
   Updated version.  Also known as EPA.  Read about it here.
6. Public Folder DAV-based Administration Tool (English only)
   Updated version.  Use it a lot. 
   
   And...  Drumroll please......
   
7. Quota Message Service (English only)
   This is now officially supported by Microsoft.  Yay!  Oh wait, that's me. 

Vulnerability in Word Could Allow Remote Code Execution

I work with Exchange Server, but all Microsoft employees are very aware of security.  I am posting this just so you are aware.

Stephen Toulouse has posted some blurbs about a security vulnerability in Word 2003 and Word XP.

http://blogs.technet.com/msrc/archive/2006/05/20/429612.aspx

http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx

You can also read more (such as the workarounds until a fix is released) at http://www.microsoft.com/technet/security/advisory/919637.mspx
I'm thinking that the above link will be updated with developments.  It is version 1.0 at the time I write this.

Keep an eye on this one...

Permissions Changes in Exchange 2003 Post SP2

Under the heading of: "You may already be aware of this, but we wanted to make sure..."

We recently updated the KB article that addresses this issue. http://support.microsoft.com/kb/912918

Update: Post SP2 hotfix and formatting.

MSExchangeSA Event 9325

In the Event log on the server that generates your OAB you may see the following:

Event Type: Error
Event Source: MSExchangeSA
Event Category: OAL Generator
Event ID: 9325
Description:
OALGen will skip user entry 'Display Name' in address list '\Global Address
List' because the SMTP address '' is invalid.
- Default Offline Address List

If you check the user that is mentioned in the event you may find that all of the SMTP proxy addresses look fine on the "E-mail Addresses" tab in Active Directory Users and Computers (ADU&C).  However if you look at the "E-mail" field on the "General" tab you may notice that the address there doesn't match the Primary SMTP address on the "E-mail Addresses" tab (the one next to the bold SMTP).  These have to match.

About the only place I have found this documented is in the link in the actual event.  You know the one that says:

For more information, see Help and Support at:
http://go.microsoft.com/fwlink/events.asp

That link will take you to here, where it says:

"This Error event indicates that the user account specified in the event description has not been included in an offline address list because of an incorrectly configured SMTP address. For example, an incorrectly configured SMTP address is an address that contains a dash "-", an underscore "_", or no characters after the @ symbol. Incorrectly configured SMTP addresses can occur in the following circumstances:

• A script modified either a user's primary SMTP proxy address attribute or e-mail address attribute. These attributes must match for a user to be added to an offline address list.

• An administrator modified the e-mail address of a user on a computer that did not have the Exadmin.dll extensions loaded. "

If you have administrators using ADU&C but don't have the Exchange extensions loaded, then they may think that this is the right place to change someone's email address.  If they had the proper extensions this would also change the Primary SMTP address as well, but since they don't...  The next time the server generates the OAB, it will skip this user and your users with Outlook 2003 in cached mode may be missing that mailbox.

I'd be remiss if I didn't mention that OABInteg also helps you with this issue.  See Dave Goldman's blog for more about that.

Exchange "12" is now Exchange Server 2007

Well it is officially public now.  The name is Exchange Server 2007. 
http://www.microsoft.com/exchange/preview/default.mspx

And Vivek also is telling us that Monad is now called PowerShell.
The downloads also have been updated to show this.

Cross Site Moves and Profiles Afterwards

I gave some thought to some of the issues you might experience after a cross-site move of mailboxes.

The main thing is that you must either recreate the profile or run the Exchange Profile Update Tool (ExProfRe.exe).  Just putting changing the name of the server in the profile is not enough.

Please take a look at the information found at:
873214 The Exchange Profile Update tool
http://support.microsoft.com/default.aspx?scid=kb;EN-US;873214

The first sentences of the article pretty much spells it out:

“After you move a mailbox across an administrative group, any Microsoft Outlook profiles that were in use for this mailbox no longer function correctly. Mailbox servers can refer Outlook to the correct server after mailboxes have been moved within an administrative group, but this process does not work correctly for mailboxes that are moved across an administrative group. Security settings for e-mail messages, calendaring, free and busy information, public folder moderation, and delegation may not work. You must update the profile for 100 percent functionality after such a move.”

More information can be found at:
838235 TechNet Support WebCast: Mixed-mode site consolidation in Microsoft Exchange Server 2003 Service Pack 1
http://support.microsoft.com/default.aspx?scid=kb;EN-US;838235
The transcript of this presentation is available for those who would rather read it.

In that transcript it says:

"... when we move mailboxes cross-site we're actually eliminating the object that represents the mailbox in 5.5 and creating a new object in a different site. So if you don't run that Exchange Profile Redirector Tool, the profile on your Outlook client will then still believe that it is associated with the distinguished name of the source site mailbox, meaning that the profile will make assumptions about who it actually is. Even though you can get into your mail after you do a cross-site move, and you can even send and receive mail after a cross-site move without running that Exchange Profile Redirector, if you don't run the Exchange Profile Redirector you'll have weird little issues going on because we will make assumptions about who we are that will be incorrect. So you need to run that Profile Redirector Tool. "

OAB changes in Exchange 2003 SP2

Many people are aware of the changes in Exchange 2003 SP2 with the V4 OAB.  What many are not aware of are the changes with the other two versions of the OAB, V3a and V2.

Starting with SP2, when a change is done in your environment that would have required a full download of the OAB previously, we now actually throw an event that says:

Event ID     : 9360
Category     : OAL Generator
Source       : MSExchangeSA
Type         : Error
Generated    : 4/17/2006 10:52:34 AM
Machine      : ServerName
Message      : OALGen encountered an error while generating the changes.oab file for version 2 and 3 differential downloads of address list '\Global Address List'.  The offline address list has not been updated so clients will not be able to download the current set of changes.  Check other logged events to find the cause of this error.

If the cause of the problem was intentional or cannot be resolved, OALGen can be forced to post a full offline address list by creating the DWORD registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeSA\Parameters\OAL post full if diff fails' and setting it to 1 on this server.  When OALGen next generates the offline address list, clients will perform a full OAB download.  After that time, the registry key should be removed to prevent further full downloads.

- Default Offline Address List

Read that error again...  It is telling you that the server has stopped generating OAB for those older versions.  So your clients that are not running Outlook 2003 SP2 and that are using OSTs will probably give an error when trying to download the OAB.

The good news is that prior to that error we throw another event that explains what happened.  For instance you may see the following:

Event ID     : 9340
Category     : OAL Generator
Source       : MSExchangeSA
Type         : Warning
Generated    : 4/17/2006 10:52:34 AM
Machine      : ServerName
Message      : A new parent Legacy Exchange DN container value '/o=Organization/ou=Site/cn=NewRecipientsContainer' was found during generation of the differential update file for offline address list '\Global Address List'.  This will force clients using this offline address list to do a full download of the offline address list.

Now this is useful.  If I go to that site I may find a recipient container that is not needed and I could remove that container.  Or perhaps it is an X500 address that was added with a typo to a mailbox.  I can fix that and then next time the OAB generation run we should be fine.

For more information regarding this, look at Dave Goldman's blog.  It is kind of deep, but if you take the time to read it, you will learn a lot.

CTRL-F in Outlook

Does anyone else find the fact that you have to do an F4 in Outlook to Find something extremely annoying?  I use CTRL-F for every other application to do a Find.  But evidently Forwarding is more important. 

I found that Jenson Harris wrote about this in detail as to why this is the case.

I still don't like it...  :)

Scripts for Exchange

I am in Redmond today and next week.  It is always nice to get away from my office since I tend to have time to poke around in areas that I normally don't. 

I like scripts.  The power a few short lines of code can possess never ceases to amaze me.  That is why I am really looking forward to Exchange 12 (We are still calling it that publicly, right?) and Monad.

I ran across the Microsoft Exchange Community-Submitted Script Center today.  If you are looking for scripts that run on Exchange 2003 take a look there.  I've mentioned Glen's site before as well.  He has some good stuff up there.  I have found that his scripts don't always work in every environment, but they are very useful if you don’t know where to start.

Also Monad Beta 3.1 is now available for download.  You can get the x86 version here.

The Script Center has more information on Monad as well.

You can find the first published book on Monad here.

New EXBPA update available

On March 20, 2006 we released an updated set up rules for EXBPA.  Next time you fire up EXBPA you should be notified of this.  This will update the rules to 2.11.2.0.  You can verify this by clicking on "About the Exchange Server Best Practices Analyzer"

If you have to do a manual download then you can go to: http://go.microsoft.com/fwlink/?LinkId=34290

There are some 50 new rules in this update.  One of them really makes me happy:  We recommend using StorPort instead of SCSI Miniport drivers.  Happy days...

New Hotfix for those pesky 9548 Events...

One of the more common events we see in organizations that are migrating to Exchange 2003 from 5.5 is the 9548.

Event Type: Warning
Event Source: MSExchangeIS
Event Category: General
Event ID: 9548
Date: Date
Time: Time
Computer: Computer Name
Description: Disabled user /o= Organization Name /ou= Administrative Group Name /cn=Recipients/cn= Computer Name does not have a master account SID. Please use Active Directory MMC to set an active account as this user's master account.

This event occurs when you have a disabled user account that is not configured correctly.  The mailbox may not be able to receive mail and the mailbox may not be able to be logged in to by certain users.  In the past we had a utility called NoMas.exe that would fix these accounts, but it was a manual process to run it unless you set it up to run at a scheduled time.

The great news is that we have released a Post SP1 hotfix that should make administrators jobs a little easier.  The Post SP2 hotfix is soon to be released.

903158 A hotfix is available to modify the way that Exchange Server 2003 handles a disabled Active Directory user account that is associated with an Exchange Server 2003 mailbox
http://support.microsoft.com/default.aspx?scid=kb;EN-US;903158

You will need to call Microsoft Support to receive the hotfix.

(Kudos to Alex Seigler and others for helping to push this fix through...)

(Edit: The post SP2 version of this hasn't been released yet.)

What value should I put in the MinUserDC registry key?

There has been some confusion as to what number should be put into the MinUserDC registry key if you decide to use it.  Most people use this registry key to reduce the load on their PDC emulator (PDCE).

298879 Exchange Server 2003 and Exchange 2000 Server may experience performance problems when the PDC emulator is used for DSAccess
http://support.microsoft.com/default.aspx?scid=kb;EN-US;298879

If you read that article it may seem that setting the number to one less than the total number of DCs in the site might be a good idea.  But, what number should you subtract 1 from?  If you have other DCs from other domains in the Site, should they be included?  Will this limit the total number of DCs that the Exchange uses?  What if I figure out that there are 10 DCs available and I set MinUserDC at 9?  If I have 1 DC stop working, then won't the PDCE be used?  Should I set the number at 8 then?  But then, what if 2 go down...?

The easy answer to this is: Don't worry about it.  If your overall goal is to not use the PDCE, then set the value at "1".  The way this works is that as long as there is at least more than one DC available, then we won't ever use the PDCE.  Simple enough...

Next time DSAccess goes through and creates the list of DCs available to decide which ones to use, it won't include the PDCE in that list.  Unless, of course, there is only one server available then we will use the PDCE if it is the only one still running.

Setting this number at 1, doesn't limit the total number to only 1 DC.  (Well, I suppose it would if you only had 2 DCs.)  It really is like a switch.  If you have the number "X" as the value and we have more than "X" DCs available, the option to use the PDCE is switched off and we don't use the PDCE.

I hope that this makes more sense now.