Message size limit

A user on an Exchange 2003 server tried to send a 22MB email attachment and received an error. This was because in Global Settings -> Message Delivery a 20MB maximum size was configured.

When assigning logon/off scripts via group policy, you must use a UNC path.


Restricting RDP users

One of our clients has several inexperienced users connecting to a 2003 terminal server. To help protect the server, the following group policies have been enabled:

- User Config -> Admin Templates -> Start & Taskbar:
Add "Log off" to start menu
Disable and remove "Shutdown" from start menu
- User Config -> Admin Templates -> Windows Explorer:
Hide specified drives... (restricting all drives includes network drive letters!)

This hid most of the local drives on the server, leaving just the mapped network drive for the users' data. However, if they started typing a path in any address bar, folders in the "hidden" drives were listed as auto-complete options. To avoid this, I disabled autocomplete (effective for both Windows Explorer and Internet Explorer):

- User Config -> Windows Settings-> IE Maintenance-> Advanced-> Internet Settings

Exchange 6

Summary of latest Exchange topics covered in my study:
- How to mail enable a public folder (I haven't tested this)
- Free/Busy data is kept in a systm Public Folder
- RPC over HTTPS can replace a VPN for checking email with Outlook 2003
- You can configure real-time block lists (RBLs) to reduce spam

Recently had a client ask us to simplify their email setup. Every user's Outlook was configured w/ a POP3 account which saved mail into an Exchange mailbox (rather than a PST file). Starting with one user as my "guinea pig", I removed his POP3 account in Outlook (retaining only the Exchange account), and created an entry for him in the Exchange server's POP3 connector. Also reconfigured the server's SMTP connector with current information.

The first time I tried to send a message to my own email address it bounced back w/ error 550, so I enabled SMTP authentication in the connector.

Next, I tried emailing two people who share the organization's domain name but who don't use the Exchange server. That test bounced back w/ error 5.1.1 (recipient doesn't exist). I checked the recipient policy in System Manager and found that the check box for "This Exchange Organization is responsble for all mail delivery..." was grayed out. So...I created a new policy (leaving that check box blank) and created an additional SMTP connector just for this organization's domain - with relaying enabled. Many, many thanks to msexchange.org for their article on SMTP Namespace Sharing.


Negative ping times

A W2K3 terminal server (and domain controller) failed to apply my group policies when users logged into their RDP sessions recently. Today I set about to fix this. Checked the application event log and found that event 1054 had been logged every 5 minutes for the last five months (almost since the server was installed!). Filtering the log for event 6009 showed that the server had been restarted a handful of times during that period. Running gpresult in a user's RDP session returned an error “The user does not have RSoP data”. I checked DNS, restarted the netlogon service, ran ipconfig /registerdns, and checked file system permissions.

Eventually, I found a site that noted a correlation between group policy errors and AMD's multi-core CPUs. The server has an AMD processor, so I pinged the localhost and got some wild numbers in response. Installing a patch from AMD (their "Dual-Core Optimizer") resolved the incorrect ping times, the application log errors, and my issues with group policy!

Exchange 5

Learned about public folders and front-end Exchange servers this evening. The latter are helpful when you have lots of people using OWA or RPC over HTTPS. All Exchange servers are "back-end", until you specifically designate them as "front-end" and move any mailboxes off of them. Here's an article about using NLB on front-end servers.


Exchange 4

This evening I learned about:
- Address lists (e.g. creating lists other than the GAL; replacing the default OAB).
- Mailbox stores. It seems that a single mailbox store consists of two files, the .edb file and .stm file (MDBEF and MIME formats, respectively)...and one or more log files.
- Moving mailbox stores to different disks, and mailboxes into different stores.

In Exchange 2003 Standard w/ SP2, you can have a single mailbox store of up to 75GB. In the Enterprise version you can have up to 20 stores which, I think, can each be up to 8TB in size. Wow.

There's also something called circular logging which prevents Exchange from saving zillions of log files and thereby chewing up your disk space. The downside of enabling this is that it somehow reduces your disaster recovery options and requires that you regularly run a full backup of your stores. Of course, you can also keep logging enabled and do frequent backups & the backups will automatically delete the log files. So, there's little value in using circular logging.

The two database files, the .edb and .stm files have something to do with MAPI (i.e. "Outlook") and non-MAPI clients (i.e. everything else), but I'm not quite sure what.

Haven't figured out what an X400 address is, but one site says that you can't disable it.

Deleted items retention - it's a great feature. I've used it on two occasions to make people very happy. In one case, a user accidentally deleted her items. On the other occasion, an employee was terminated (but her user account was left enabled) and she logged in from home to delete emails via OWA. We recovered those emails, but what if the employee had known about DIRT (deleted items retention time) and what if the employee had purged those messages via OWA? We would've had to do a restore from backup...and that would've been very time-consuming ('cause so far, I've never restored an Exchange backup!). Microsoft tells how to hide the relevant command in Outlook via GP, but that won't help w/ OWA. There's a helpful post about this general topic at Experts-Exchange.


Exchange 3

Learned about recipient policies this evening. You can set the format (e.g. first.last) and suffix of email addresses for all (or just a subset) of your users.

Dynamically updated groups let people email everyone in Active Directory who is in a specific department or who has a middle initial of "J". This is for distribution groups who's membership changes frequently.


70-620 - Passed!

I passed the Vista exam (70-620) today.