Tuesday, April 24, 2007
Much like its cousin ESEUTIL you have to run it from the /bin directory of the c:\Program Files\exchsrvr directory as it is not added to the PATH system variable by default.
The easiest and safest option with ISINTEG is -test. Also don't forget to use -s [SERVERNAME] as this will tell ISINTEG what server to run the test on.
There are other flags that ISINTEG can use such as -patch, -verbose, and -l [LogFile]. But the one that you should be especially careful of is -fix. This has been know to kill an Exchange server, so make sure you have a back up of you Information Store before running this, as a bad store is still better than a bad installation of Exchange. You have been warned!
I learned a bit today after reading all of the myths, and as stated previously don't use anything the myths try to sell you. Most of the time the settings they are telling you to change simply do not get read by Windows XP, and if they do, hopefully they won't harm you system in any way.
Monday, April 23, 2007
ESEutil (Extensible Storage Engine utility) is the sister EXE to NTDSutil (New Technology Directory Service I believe). There are three sides to this utility that any Microsoft Exchange administrator should know how to use. The harmless checking options, the hairier defragmentation option, and finally the scariest restore options.
On a side note it should be mentioned to any new Microsoft Exchange administrators that ESEUTIL is not a part of the PATH system variable, and as such must be run from the Exchange/bin folder. If you find yourself using ESEUTIL frequently I would suggest adding it to your path as I have.
First there is the mostly harmless options /k, /mh, and /cc. These flags will do various things that Microsoft Exchange will normally do for you, such as re-run log files after you remount a store. The /mh flag will check the store to see if it was properly shut down and along the way will tell you when the last time it was backed up. This is an easy way to start learning how to use ESEUTIL properly.
Example: “eseutil /mh "d:\program files\exchsrvr\mdbdata\priv1.edb" (Assuming Exchange 2003 is installed on the d:\ drive.)”
This command should return “State: Clean Shutdown” within its output. Also you can use /mh to see how many /r commands have been run against it, with anything greater than zero being your number.
There are other simple flags to use such as /ml to check log files, /mm to dump the metadata (not truly useful to most administrators, but interesting to see none the less.), /mk to see information about the checkpoint file (.chk files).
ESEUTIL /k will run a similar function to running a checksum against a file to verify its integrity. It will only VERIFY the database, not repair as that is what /p and /r are for. This is most often used when Microsoft Exchange has been shut down improperly. On another side note it worth mentioning that hundreds of uninitialized pages are normal, but bad checksums or wrong page numbers are bad. Also you can verify log files with /k in the same way you verify stores.
Example: “eseutil /k "d: \program files\exchsrvr\mdbdata\priv1.edb" “
Just as easy to run is ESEUTIL with the /d flag. This will defragment the .edb file and recover lost disk space. This is much akin to running jetpack against the DHCP.mdb file to defragment the DHCP database in Microsoft Windows Server 2003 and not so much like defragmenting you hard drive with Windows built in defragmenter. You must dismount the store in order to run eseutil /d, but you do not need to stop the Information Store service to do so.
The last function of ESEUTIL, and by far the scariest function set is the restore options. The /r and /p flags can really muck up a Microsoft Exchange store quickly. These options will require their own blog entry so stay tuned for more.
A quick over view of all the options for Microsoft Exchange’s ESEUTIL.
Eseutil /cc Performs a hard recovery after a database restore.
Eseutil /d Performs an offline compaction of a database.
Eseutil /g Verifies the integrity of a database.
Eseutil /k Verifies the checksums of a database.
Eseutil /m Generates formatted output of various database file types. e.g. /mh
Eseutil /p Repairs a corrupted or damaged database.
Eseutil /r Performs soft recovery to bring a single database into a consistent or clean shutdown state.
Eseutil /y Copies a database, streaming file, or log file.
Tuesday, April 17, 2007
" The ProFTPd package can be automatically installed by Webmin. Click here to have it downloaded and installed using APT."
Unfortunally I found out that I already have an FTP server installed on the box, but I like the forward thinking of the Webmin crew to offer such an easy way to install software!
Tuesday, April 03, 2007
I did however find out that the current administrative password is strong, which is good news, now I just need to work on getting a stronger base password, and then go trough all of my accounts and make the necessary changes.
How strong is your password?
Monday, April 02, 2007
Small Business Server users should take note of this as the default install of Small Business Server has Microsoft Exchange 2003 Server running on your Active Directory Domain Controller with Microsoft SQL Server running as well. Also more than likely this same server is also running your Active Directory DNS server, DHCP server, WINS server and in some cases even your public Web Site running on IIS and an FTP server also running on IIS.
For all of this to work you need a client that supports S/MIME such as Outlook, Outlook Web Access, and most 3rd Party POP3 & IMAP4 clients. Also you need to both trust the same Certificate Authority (CA).
PKI's are best used with-in the same Active Directory Domain/Forest with a Windows 2003 Certificate Authority as the CA for the domain. Also Auto Enrollment must be enabled or all certificates would need to be manually approved by a CA administrator.
This configuration allows more ports opened on the external firewall and fewer ports opened on the internal firewall. Also, the data and log files that Exchange needs are keep more secure behind two firewall and no direct access from the Internet. The front-end server will then respond to all Internet SMTP requests and then forward them on to the back-end servers for delivery to users mailboxes.
While this method may be a "Best Practice" it requires at least twice as much hardware and software. You now need at least two servers, two firewalls, and two copies of Windows Server 2003 and Exchange server 2003. To allow this setup to withstand even more abuse you should then also Cluster the Exchange back-end server requiring Windows 2003 Enterprise Edition and Exchange Enterprise edition on the two back-end servers.
A heavily suggested setup is to have the Front-end server running Outlook Web Access (OWA) with a widely know Certificate Authority SSL certificate to provide data encryption to the clients over the public Internet. This requires TCP port 443 (for default installs). Also since the whole reason to have Microsoft Exchange is to send and recieve email with other organizations via the Internet you will need SMTP running over TCP port 25, with Anonymous Access allowed. These would then be the only two ports open on the public/external firewall. On the internal firewall you would need to open TCP port 80 to allow OWA access to the back-end servers, TCP/UDP ports 389 for LDAP (Lightweight Directory Access Protocol), TCP port 3268 for LDAPGC (Global Catalog), and all of this is running with in the confines of IPSEC which would need IP Protocol 51 for Authenticating Header, IP Protocol 50 for Encapsulating Security Protocol, UDP port 500 for the key exchange and TCP/UDP port 88 for KERBEROS.