Google

Home
Most Popular
Petals

*
2006/07/17
 20:55:45

Exchange notes

So I've found some fun things while upgrading from Exchange 2000 to an Exchange 2003 cluster. First is unable to categorize does not mean Journaling. Lots of "Messages Awaiting Directory Lookup", querying all the servers that the servers were using to figure out why they were complaining about it, only finding entries about Journaling and how to fix/disable it. Turns out it's not that it sees the msExchMessageJournalRecipient with bad data, but just it isn't able to access the object to read that attribute. The fix is to enable inherited permissions on the server object in ESM. I suspect the cause of the problem was adding another Exchange domain necessitated additional ACEs for the Exchange groups in the new domain. But the question of why it was broken in the first place is up in the air.

The second piece is I think why. I found after "fixing" the above that the admins couldn't get into any mailboxes. This is default behavior (it sets a Deny ACL on the mailboxes), but apparently was fixed at some point by breaking inheritance and removing the Deny. Proper fix if the server admins should be mailbox admins as well is to add an ACL to the Server object allowing full control for the admin (non-inherited Allow overrides an inherited Deny in DACLs). It'd also likely be possible to fix at the Organization or Administrative group level, but that requires work to make the Security tab visible, and is more likely to break if future versions change those permissions (or add additional ACEs in delegation and one has to figure out how to fix again). Probably better to just do it per server or store.

Third is that Exchange follows MX records for intra-domain routing. This was discovered when changing this to get names set up for externally established DNS names. This is the most pressing argument I've seen for split DNS (if mail should go through a central hub), which is unfortunate since there's not a clean workaround. That is other than a front end server architecture (everything seems to push that way in the end). It'd be nice if they just made an OWA URL that would be used for server referrals.

Thats it for now. Between those problems and replacing a failed drive in another machine, I'm calling it a day.

*
2003/04/30
 00:19:44
Well, the day was going good... Lets just say I was reminded again of why I hate Exchange and most Microsoft products in general... Anyways, since Curt is leaving today was my day to learn about everything related to the print servers. That wasn't too bad, but I'm sure there's something key that we've missed somewhere. I really should have done some work on a project today, but instead I hung out at the Help Desk talking to people and listening to people complain about how slow the printers are after they sent a couple print jobs well over 130MB through the system, and realised several hours later that since I had been there through 3 different shifts it was probably time to go find something productive to do. Oops. Oh well, homework is overrated anyways...
*
2002/10/05
I think I've finally caught up on sleep... After upgrading from Exchange 5.5 to Exchange 2000 (successfully, but with little sleep) in 2 days without playing around with the software at all first, and then 2 tests and a bunch of homework during the week, I came home last night and slept for a good 15 hours. Much better now. BTW, if you're planning on upgrading from Exchange 5.5 to Exchange 2000, beware that depending on the migration method some extra mailbox permissions may be lost, and that MS reworked the way permissions are applied now (the integration with active directory means permissions to additional boxes are applied based on user rather than based on primary box). And now k5 is slow, so can't catch up there very easily...