Monday, October 30

Exchange 2007 database - still ESE?

Hi all, the answer that all of us waiting for, is Exchange 2007 databse to put into SQL? Exchange 2007 will still use ESE, the same database used in previous versions of Exchange. However, as usual, improvements made, however, whatever knowledge that we know about ESE database still counts. This article, just spell out some of the most interesting changes are:

The .STM file is gone!! At last. This make lots of confusion when it comes with Exchange server 2000. Whenever you do any maintenance stuff, you have to treat them as one, sounds not right? it is how it should be. Now, the entire database is in the single .EDB file, same as Exchange 5.5. Sometimes the old ways really are the best! ha... olden days...

Transaction log files are now 1 MB in size rather than 5 MB and the file sequence numbers can now go above 1 million.

Till here, hope have time to share more.

Maximum processor and memory configuration for Exchange


Just to share, do you know that Exchange only be able to adopt a maximum of processor and memory? No point you put it to the max.

For Exchange 2003
Gateway or Bridghead can support up to 2 dual-core with 2GB ram
Front End Server can support up to 2 dual-core with 2GB ram
Mailbox Server can support up to 4 dual-core with 4GB ram

For Exchange 2007
Edge Transport/Hub Transport can support up to 2 dual-core with 8GB ram
CAS or UM Server can support up to 2 dual-core with 8GB ram
Mailbox Server can support up to 4 dual-core with 32GB ram

P/S please take note that MSFT do not recommend to host more than 4000 mailboxes in a server, regardless of Exchange 2003 or Exchange 2007

This is the power of 64 bit, peers...

Tuesday, October 17

Lots of people sharing on how to install Exchange 2007 via command Shell. How about uninstall?

Lets see:

Log on to the server on which you want to remove one or more Exchange 2007 server roles.
Open a Command Prompt window and navigate to the directory where you installed the Exchange Server 2007 files.

Navigate to the \bin directory.

ExSetup.exe /mode:uninstall /role:

Where , in a comma-separated list:

  • Mailbox (or MB, or M)
  • UnifiedMessaging (or UM, or U)
  • ManagementTools (or MT, or T)
  • HubTransport (or HT, or H)
  • ClientAccess (or CA, or C)
  • EdgeTransport (or ET, or E)

Upgrading to Exchange 2007 - From Exchange 5.5/2000/2003/Lotus Notes

Dear all, lots of our customers are asking, how to move from Exchange 5.5 to Exchange 2007.

This table explain all:

Exchange 5.5
Inplace Upgrade - Not Supported
Transition- Not Supported
Direct Migrate- Upgrage/Migrate to E2000/E2003 first

Exchange 2000
Inplace Upgrade - Not Supported
Transition- Supported
Direct Migrate- Supported

Exchange 2003
Inplace Upgrade - Not Supported
Transition- Supported
Direct Migrate- Supported

Mixed E2000/E2003
Inplace Upgrade - Not Supported
Transition- Supported
Direct Migrate- Supported

Lotus Notes
Inplace Upgrade - Not Supported
Transition- Not Supported
Direct Migrate- Using thrid party tool

Monday, October 16

Personal Firewall or IPSec

IPSec or Personal Firewall?

Recently, Microsoft Malaysia shares lots of info on IPSec. From vendor point of view, we explain it as below:

IPSec and a personal firewall can be used to permit or prevent communications on the network, when should you use one or the other? While the answer is not always clear, my dear customers, peers and friends, here are some guidelines:

A personal firewall is not equipped to provide secure communications between computers - this is for sure. The purpose of a personal firewall is to block or allow communications between the computer. For example, a personal firewall cannot encrypt communications. When you need to secure communications, IPSec should be your choice.

IPSec was not designed to act as a personal firewall - this also you need to put into your consideration. It can only permit or block communications based on port numbers, or IP address. Nowadays, new firewalls provide stateful filtering and application layer filtering, neither of which can be done by IPSec.

IPSec can be scripted in a Windows Server 2003 or Windows 2000 domain, IPSec policies can be configured in Group Policy and deployed to thousands and thousands of computers. IPSec also can block incoming and outgoing communications, while some firewalls only block incoming communications - thats what by default of Windows Firewall.

Finally, IPSec can be applied to systems during startup to protect communications before all services are initialized. Many personal firewalls do not do this.

DNS - SRV records for Active Directory

SRV records are the important elements for Active Directory to function properly. In this session, just a quick share on What SRV records used for Active Directory:

This is a Microsoft-specific subdomain that stores SRV records for domain controllers with roles in AD. These roles include domain controllers, global catalog servers, and primary domain controller emulators.

This contains records for domain controllers based on site. Microsoft Clients like Windows 2000/XP/Vista can use this record to locate domain controllers and global catalog servers that are in their site, so that they can avoid using services across the WAN.

This contains domain controllers in the AD domain. If windows clients need to find a DC in a specific site, they will look here. The TCP protocol will be used to request the information.

Kerberos clients can use UDP port 88 to request tickets and port 464 for password changes.

Zone information that should be replicated to all DCs in the domain that have the DNS service installed.

Zone information that should be replicated to all DCs in the forest that have the DNS service installed.

Use nslookup to query for SRV service location records, you should:

NOTE: you will need to have reverse lookup zone setup

Type nslookup and then press Enter.
Type set type=all and then press Enter.
Type ldap.tcp.dc._msdcs.domainname and then press Enter.
Repeat this process for as many SRV records as you want to confirm.


ldifde is an Important tools for system administrations. Recently, one of our customer called up for tools to update 600 objects in Active Directory - My God - am I going to do one by one?

Let us intro and explain a bit on LDIFDE.
LDIFDE stands for Lightweight Directory Access Protocol Interchange Format (LDIF) Directory Exchange, a utility for bulk import/export of data between line-delimited (LDIF) text files and Active Directory. Unlike CSVDE, ldifde can add, delete, or modify multiple user accounts, groups, computers, printers, or other AD objects in a single batch operation - solve the problem.

You can create one file called C:\newusers.txt, copy the text shown below and save it, which creates three new user accounts:

# Create user account for Poo
dn: CN=Poo,OU=Support,DC=London,DC=com
objectClass: users
AMAccountName: Poo
displayName: Poo Malaysia
AccountControl: 514

# Create user account for Jen
dn: CN=Jen,OU=PM,DC=London,DC=com
objectClass: users
AMAccountName: Jen
displayName: Jen Project Manager
AccountControl: 514

# Create user account for Gavin Lai
dn: CN=Gavin Lai,OU=Management,DC=london,DC=com
objectClass: users
AMAccountName: Glai
displayName: Gavin Lai
AccountControl: 512

Use ldifde to import the previous file into AD to create the users:

ldifde -i -f C:\newusers.txt

Wednesday, October 11

Outlook 2007 Autodiscover

As known, Exchange 2007 and Outlook 2007 provide a good feature - Autodiscover. However, default, the Autodiscover is disabled by default, you will need to enable it via Exchange Management Shell. The command to enable shown as below: New-AutodiscoverVirtualDirectory -Server MyServer
Some of reasons might make you want to disable it. The command shell:
Remove-AutodiscoverVirtualDirectory -Server MyServer

have fun!

Hardware - Processor, Memory for Exchange 2007

Lots of our customer is asking on, what hardware we should purchase to fit in Exchange server 2007? Actually, there are many factors to consider when selecting hardware. The most critical factors to consider are choice of processor, amount of memory, and selecting of storage. We will only cover Processor and Memory in this article.

The difference between previous versions of Exchange Server and Exchange 2007 is the move from a 32-bit platform to a 64-bit platform. For production, only the 64-bit version of Exchange 2007 running on the x64-based version of Microsoft Windows Server 2003. The change from a 32-bit platform to a 64-bit platform requires a new approach to choosing server hardware for Exchange 2007, especially with respect to processor and memory.

Selecting the Appropriate Processor
For production environments, you must choose a processor that will work with the x64-based version of Windows Server 2003. The following server processors support the x64-based versions of Windows Server 2003, thereby supporting Exchange 2007:
AMD, Intel Xeon with EM64 technology. You have to also know that the Intel Itanium (IA64) processor will not work with Windows Server 2003 x64-based versions; therefore, it cannot work with Exchange 2007. Exchange 2007 is designed to run only on x64-capable processors such as those listed above, and it will not run on Itanium-based systems.

Dual-core processor is so famous now, this will definately benefit Exchange Server 2007. The performance benefit for Exchange Server from dual-core technology depends upon the specific processor used. The findings from Exchange Server 2003 dual-core testing have been summarized in Microsoft Knowledge Base article 827281, please visit this article!

Exchange 2007, with 64 bit hardware enables much better memory utilization than previous versions of Exchange Server. For example, because of the virtual address space limitations of a 32-bit platform, Exchange Server 2003 is limited to using 4 GB or less of physical memory. Exchange 2007 can use upwards of 16 GB of memory and beyond.

NOTE: Altlhough this is the hardware suggestion for Exchange 2007, you should have different sizing on the Exchange 2007 role in specific.

Exchange 2007 UM ports

Unified Messaging - the new features in Exchange 2007. Take quite a while for me to find the following information. Just wish to share with those who are looking for it. This article is about TCP/UDP ports used.

NOTE: This info is plug from Microsoft Info:

UM Protocols and Services
Exchange 2007 Unified Messaging features and services rely on both static and dynamic TCP and UDP ports to ensure correct operation of the computer that is running the Unified Messaging server role.

Session Initiation Protocol (SIP) is a protocol that is used for initiating, modifying, and ending an interactive user session that involves multimedia elements such as video, voice, instant messaging, online games, and virtual reality. It is one of the leading signaling protocols for Voice over IP (VoIP), together with H.323. Most VoIP standards-based solutions use either the H.323 or Session Initiation Protocol (SIP) protocols. The VoIP protocols typically support features such as call waiting, conference calling, and call transfer.

SIP clients such as IP/VoIP gateways and IP-PBXs can use TCP and UDP port 5060 to connect to SIP servers. SIP is only used in setting up and tearing down voice or video calls. All voice and video communications occur over RTP.

Real-time Transport Protocol (RTP) defines a standard packet format for delivering audio and video over a given network, such as the Internet. RTP only carries voice/video data over the network. Call setup and tear-down are generally performed by the SIP protocol.

RTP does not require a standard or static TCP or UDP port to communicate with. RTP communications occur on an even UDP port, and the next higher odd port is used for TCP communications. Although there are no standard port range assignments, RTP is generally configured to use ports 16384-32767. It is difficult for RTP to traverse firewalls because it uses a dynamic port range.

T.38 is a faxing standard and protocol that enables faxing over an IP-based network. The IP-based network then uses SMTP and MIME to send the message to a recipient's mailbox. T.38 allows for IP fax transmissions for IP-enabled fax devices and fax gateways. The devices can include IP network-based hosts such as client computers and printers. In Exchange 2007 Unified Messaging, the fax images are separate documents encoded as TIFF images and attached to an e-mail message. Both the e-mail message and the TIFF attachment are sent to the recipient's Exchange 2007 UM-enabled mailbox.

UM Web Services
The UM Web Services installed on a computer that is running Exchange 2007 that has the Client Access server role installed use IP for network communication between a client, the UM server, the Client Access server, and computers that are running other Exchange 2007 server roles. There are several Exchange 2007 Outlook Web Access and Microsoft Office Outlook 2007 client features that rely on the UM Web service to operate correctly.

The Unified Messaging client features that rely on the UM Web Service are as follows:

The voice mail options that are available with Exchange 2007 Outlook Web Access, including the Play on Phone feature and the ability to reset a PIN.

The Play on Phone feature found in the Outlook 2007 client.

When an organization uses the Play on Phone and other client features in Exchange 2007 Unified Messaging, a computer that is running the Client Access, Hub Transport, and Mailbox server roles within the same Active Directory site is required in addition to the computer or computers that have the Unified Messaging server role installed.

Port Assignments
Table 1 shows the IP ports that Unified Messaging uses for each protocol and whether the IP ports that are used for each protocol can be changed.

SIP - UM Service

Ports are hard-coded and cannot be set by using the XML configuration file.

SIP - Worker Process
5061 and 5062

Ports are set by using the XML configuration file.


Port range above 1024
The range of ports can be changed in the registry.


Dynamic port above 1024
Ports are defined by the system.

UM Web service
Dynamic port above 1024

Friday, October 6

Features no longer supported by Exchange 2007

Recently, had a long chat with few customers that using Exchange 2003, planning to move to Exchange 2007. Think about few features that no longer supported.

Exchange Server 2007 no longer supports the following features:
  • OWA access to Public Folders. Windows SharePoint Services is the next answer. However, If OWA access to public folder content is important, retain a replica of all folders on an Exchange Server 2003 server and configure access to the public folders on that server.
  • IMAP and NNTP access to Public Folders. Exchange Server 2007 no longer supports Network News Transfer Protocol (NNTP) because Exchange Server customers very rarely used it. Public folder access through IMAP generally wasused for access to newsgroups. Because NNTP is no longer supported, IMAPaccess also is not required. To provide access to public folders, use Outlook :)
  • Outlook Mobile Access (OMA). Because of the high latency of cellular networksand the limitations of browsers, the user experience when accessing ExchangeServer mailboxes through OMA was not satisfactory. Exchange Server 2007 offers enhancements to EAS that provide a much better experience for mobile deviceusers.
  • Coexistence with Exchange 5.5 Server!! This is important thing should know. Bad news to those still stick with 5.5 now. Exchange Server 2007 does not supportcoexistence with Exchange 5.5 Server because the capabilities of Exchange Server2007 depend on Active Directory. Organizations that are still using Exchange 5.5 Server must migrate to Exchange Server 2003 before upgrading to ExchangeServer 2007. Exchange 5.5 Server can exist in a separate organization with nodirect interoperability with Exchange Server 2007.
  • GroupWise and Lotus Notes connector and migration tools.
  • Administrative groups. In Exchange Server2007, you can configure permissions at the server level as well as at the organization-wide (forest) level. To maintain backward compatibility with Exchange Server 2003, all Exchange Server 2007 servers are installed in a single administrative group defined in Active Directory.
  • Routing groups. The Exchange Server 2007 routing topology is based on ActiveDirectory sites and site connectors, not routing groups. To maintain backward compatibility with Exchange Server 2003, all Exchange Server 2007 servers are installed in a single routing group defined in Active Directory.
  • Active/active clustering. When migrating toExchange Server 2007, consider implementing to active/passive clustering orimplementing CCR.
  • Interoperability with X.400 messaging systems.

Good news and Bad news... start to plan now!

Edge Transport Server is for Exchange 2007 only?

Few customer discussed and feedback to us, they are now in Exchange 2000, 2003, how can they benefit from Exchange 2007 - with minimum of investment?

The quickest thing popup in our mind is - The Edge Transport Server Role in Exchange 2007!

The Edge Transport server role is designed to be the Simple Mail Transport Protocol(SMTP) gateway server between LAN email and the Internet. To ensure security,the computer that runs the Edge Transport server role should be deployed in a perimeter network (DMZ) and should not be a member of the Active Directory forest.

How it can help? Lets go into what an EdgeTransport server provides:
  • Connection, recipient, sender, and content filters
  • Sender identity and sender reputation analysis
  • Attachment filters
  • Antivirus control (by using third-party software)- we will highly recommend Antigen.
  • Because the Edge Transport server is not part of an Active Directory domain, it usesActive Directory Application Mode (ADAM) to access recipient information.
  • On the Edge Transport server, you create connectors to define message-flow paths intoand out of your organization. You can define multiple Edge Transport servers to provideload balancing and high availability

Summary, although you are using Exchange 2000 or 2003, you still can benefit using Exchange 2007 - if you are not planning to full move to Exchange 2007, which we recommended.

For Exchange 2007 administrators, PLEASE TAKE NOTE that you are not be able to install other server role into Edge Transport Server Role.