On Track With Shack

Links for the SBS 2008 Build Day participants

2009-06-06T15:40:00.001-07:00

Yeah, that's right. Every body else look the other way.

Are you short on space and thinking about using restoring to an RSG located on a USB drive? Remember that you'll need that drive to have an admin share.
http://msexchangeteam.com/archive/2009/05/27/451488.aspx

You need to set up a dial-tone database, but you need to think carefully about how it will affect your cached Exchange Outlook users.
http://technet.microsoft.com/en-us/library/aa998698.aspx

This is a common problem that I usually hear about via the old, "Server runs fine for a few days and then nothing works, no connectivity at all" story.
http://blogs.technet.com/sbs/archive/2009/02/12/you-may-lose-network-connectivity-on-sbs-2008-when-using-a-driver-which-utilizes-tdi.aspx

This was fun. I need to come back and talk about troubleshooting mailflow hassles.

Advanced SBS 2008 Build Day in Portland

2009-06-04T23:40:00.000-07:00

This Saturday there's an event held at a New Horizons center in Portland that I'll be speaking at. It's an all-day thing, from 9am to 4pm, and it will be covering security, virtualization and Exchange. Yours truly will be gabbing and demoing for two full hours as part of this event. I'll be covering the following topics:

- Exchange Management: Tasks Beyond the SBS Console
- Recovering Exchange on SBS 2008: Backup and Disaster Recovery
- Troubleshooting Mail Hassles on SBS 2008

Tim Carney (of basbits.org fame) will probably be talking on a variety of topics, and SME's Dana Epp and Susan Bradley will also be presenting via Live Meeting. All of them are awesome people to learn from.

The event will showcase a live step-by-step build of SBS 2008, including joining clients to the domain and post-installation tasks.

The event includes lunch and snacks, and I think the paltry registration fee is primarily to cover those...

https://www.clicktoattend.com/invitation.aspx?code=137854

New Horizons
9800 SW Nimbus Ave
Suite 100
Beaverton, OR 97008
USA

VMWare - Cannot find a valid peer process to connect to

2009-02-23T23:21:00.000-08:00

I work a lot with VMWare Workstation, and tonight while I was doing some work on a lab environment, I realized that the VM containing my domain controller was not running. It had been running earlier, but now it was not. When I tried to start it again, I got the message "Cannot find a valid peer process to connect to". Google turned up all sorts of things, including people who said that everything was fine after they rebooted the host machine. Since I'm usually juggling three or four VMs at a time and each one takes around 8-10 minutes to shut down, I wasn't about to waste my time with that.

Instead I went into Task Manager and looked at the processes. I currently had two VMs running, one Windows 2003 server with Data Protection Manager that I'd given 1.5gb of memory to, and an Exchange 2007 server that I'd given 3gb to. In the Processes list, I could see three instances of vmware-vmx.exe, and two of them had a Peak Working Set that matched the amounts of ram that I'd allocated them. The remaining one showed a working set of 1.2gb, around the amount I'd allocated to the domain controller. Once I killed that process, I was then able to fire up that VM. Apparently it had crashed, but it had left a ghost process behind that was keeping that VM from starting up again.

So that's an easier way to go about it than rebooting your host workstation. Worked for me, but it might not work for you.

Trouble with reporting services during DPM installation

2009-01-31T01:38:00.001-08:00

If you're installing Data Protection Manager and you keep running into issues at the point that it tries to install SQL Reporting Services, you are probably dealing with a certificate error. You can't have a public cert installed in IIS, you need the simple kind that maps to the local NetBIOS name.

If you check the logs, you'll have something like this near the end of the log:

The remote certificate is invalid according to the validation procedure.

Chances are if you check the certs in this server's Personal store, there won't be a cert that matches the local server's NetBIOS name. There needs to be one. Check in the Trusted Root, and if there's one there, copy it into the Personal store. Make sure that the cert that matches your NetBIOS name is also the one that the Default Web Site is configured to use. But there may not be one there. That was the case for me tonight, and I figure that since it took me till 2am to find a solution, I'm sure as heck going to publish it.

Basically the next step if you don't have that cert is to request one from your local CA. But maybe you don't have a CA or you don't want to hassle with setting one up at 1am. What I did is this:

1. Go to my nearby Exchange 2007 server, open up the Exchange Management Shell, and (assuming your server's name is DPMSERVER1) do the following:

New-ExchangeCertificate -DomainName DPMSERVER1 -privatekeyexportable:$true

Then tell it "No" you don't want to overwrite the existing SMTP cert settings. This will generate a cert with your DPM server's NetBIOS name set as the Common Name.

2. Go into the cert MMC on the Exchange server and export this cert with the private key.

3. Copy the cert file over to your DPM server and import it into the Personal store there.

4. Then go into IIS and configure the Default Web Site to use that cert.

Now rerun setup AGAIN... Your installation should work if lacking the proper cert was your issue.

Troubleshooting ActiveSync - Outlook Email 0 Items

2009-01-22T00:27:00.000-08:00

Last week I worked on a problem for a client who had an interesting situation. He was using ActiveSync on his Exchange 2003 server, and it had been working perfectly until it didn't work perfectly. But the symptoms of the failure were very strange: there was only one--after an initial synchronization completed, all his local PDA Outlook folders were still empty. On a device that already had content synced to it, no new content would ever arrive.

I had him set me up a test account and put some mail in it, and I synced it to my Treo 700w. When hit "sync", I actually watched it checking for changes. At the bottom of the screen, ran through each step: Contacts, Calendar, Email and Tasks. I watched it sync 10 different Inbox items, but when the sync completed, the inbox was empty and the display said "Outlook Email 0 Items".

If I decided to send an email from the phone, that worked fine.

Running the test from TestExchangeConnectivity.com showed that everything was working, green the whole way.

I even removed all the Exchange virtual directories in IIS and allowed them to regenerate, but nothing changed in the behavior. For all practical purposes everything was working, but the devices (both real and emulated) didn't actually get any email.

SOLUTION:

Eventually we chose to uninstall Trend Messaging Security (we'd already disabled it to no avail), and immediately synchronization worked properly. I've also read about this happening with other mail-focused security applications like Symantec and Avast, so definitely keep this handy as a solution for this problem.

I've joined the team at Third Tier

2009-01-05T23:03:00.000-08:00

Last October, while at the SMBNation conference, Amy Babinchak and Eriq Neale invited me to work for them as a Third Tier support engineer. I accepted, and part of my time since then has been dedicated to resolving tickets opened on the Third Tier website. The nature of my daily work didn't really change much as a result of this, but it did shift the origin of it, and I've enjoyed getting to know Amy and Eriq better in the process.

So what's Third Tier?

Third Tier is a remote support business that aims to provide top-notch problem-resolution skills for technologists who need help with advanced projects. Rather than having SMB business owners call us for help, Third Tier exists to support "trusted advisors" within the SMB consulting space who need additional expertise with specific technologies. My own contribution to Third Tier is to handle most of the Exchange-related tickets.

I've been working actively for ThirdTier since November 2008, and have worked on quite a few tickets. As of today, all my open tickets have been closed with a 100% resolution rate. I like this work because it allows me to spend my time focused on what I'm best at, and I get to work on more interesting problems than I might otherwise.

How does Third Tier work? Basically if you have a need for technical assistance from a subject-matter expert and don't want to go through the queue at the software vendor, you open a new ticket at the Third Tier website. Along with the ticket, Third Tier requires a $175 PayPal payment to cover the first hour of work. The basic rate is $175 and hour for each subsequent hour. Most of my tickets have taken two hours to resolve, but I have worked on multiple sub-projects for some clients that have totaled quite a few hours as well.

I would say that as a whole, my work has shifted toward focused specialization on messaging and away from the sort of projects that might involve me in working on desktop issues of any sort. These hands are very grateful for that.

EULA

2008-11-07T09:29:00.000-08:00

Moving toward SBS 2008 - Part One

2008-10-04T11:47:00.000-07:00

I've had a lot of exposure to Small Business Server 2008 this year. In began with the early betas at the beginning of the year. I got the DVDs in the mail and built on on VMWare Workstation. Because it was such an early build, I used it just to get a feel for where the product team was going and see what their Exchange 2007 integration looked like.

In April I joined Eriq Neal and a team of authors who were contributing to write the SBS 2008 Unleashed book, which is due to be released in November, and that upped the ante for my involvement with the platform. Over the next several months I researched and tested and broke SBS 2008 on three separate builds, and eventually turned in my two chapters on Exchange backup and management.

I just finished up a week of training at Microsoft. It was focused on deep support for SBS 2008 and was taught by John Bay, who's been a senior support tech at Microsoft for more than a decade. What did we look at? Here are a few highlights from 40 hours of training:

- Migrations from SBS 2003 servers to SBS 2008 servers, observing the different ways that process can break and looking at our options for rescuing broken migrations.

- Close coverage of what the integrated backup will and won't do. I learned why Windows Backup was always failing to back up my Exchange store in my home lab builds, and while I didn't like the answer, it made sense. I also learned that there is a lot of confusion around how SBS 2008 backup works, most of which I had already been purged of by my work with Data Protection Manager 2007.

- I learned that even an expired ForeFront subscription can still serve to provide features that were left out when Exchange 2003 became Exchange 2007.

All in all, it was a very valuable week on the information level, and also good for continuing to strengthen relationships I have with SBS MVP community. I met some new people that I really enjoyed and got to hang out with some old friends as well. Great for creating a knowledge network.

FolderSync Failed - ActiveSync

2008-07-18T14:14:00.000-07:00

If you are running the TestExchangeConnectivity.com test and pass the OPTIONS test but then fail the next FolderSync test, you may pull your hair out going over every detail of an already immaculate configuration. There's one thing you might not do, given that it's not in most common ActiveSync troubleshooting guides.

1. Run the IIS Manager tool

2. Get properties on "Default web site".

3. On the Web Site tab, click Advanced

4. In the "Multiple identities for this website" area, click on the default entry and choose Edit

5. Make these changes - IP address: (All Unssigned), TCP port:80, Host Header Value: empty

6. Click OK to close out.

7. Restart the IIS Admin Service.

Now go and test again and see if this was your silver bullet.

TrainSignal Video series on Exchange 2007

2008-07-09T22:45:00.000-07:00

I guess I should have posted about this a few months ago, but last fall I spent a lot of time developing an Exchange 2007 video course for TrainSignal. The course ended up over 21 hours long, and I think I did a solid job on it.

The target audience is beginning Exchange admins and admins who have some Exchange 2003 experience but lack deep experience with Exchange 2007. The new version of Exchange is quite different from previous versions: the management experience is radically different, and the architecture has changed a lot too. One of the main things that is close to being the same is the database, but I've found that a lot of people who are administering Exchange servers don't know much about that anyway, regardless of what version we're looking at. So of course, I gave the database significant attention.

In this course, I created a fictional company, and the viewer and I are the consultants hired to implement a full Exchange 2007-based solution. In each video we have some objectives that have been given to us by company management, and we work through accomplishing those goals and testing them. Sometimes I take a bit of time out and go over some architecture so that we understand what it is we are doing, but the majority of the videos is spent working with the Exchange Management Console, working with PowerShell commandlets, and even working with GoDaddy, Digicert, DNS consoles, Active Directory and our router console to get things done.

One fun thing is that several of the people who have viewed the videos have actually contacted me to ask questions about configurations, and in some cases I've even worked on several projects with them. I like getting to know my audience.

Right now I'm working on another TrainSignal video that will cover more advanced Exchange 2007 backup and recovery topics. We'll be covering the difference between doing backups on Server 2003 vs Server 2008, we'll be looking at how to set up Data Protection Manager, and how to do several different types of restores, from mailbox to full server. We'll finish up with a detailed discussion of clustering options, but we won't actually be able to set up multi-server clusters. I did cover Local Continuous Replication in some depth in my original video, but full clustering coverage is beyond the scope of this upcoming video.

Test Exchange Connectivity Tool

2008-05-18T23:14:00.001-07:00

Well, I've been sucking up lots of data during the last couple of months, working a lot with SBS 2008 and Exchange 2007. In April I attended Interact08, a conference covering Office Communication Server 2007 and Exchange 2007 down in San Diego.

There was a lot of good content for the future there, but one of the best things I walked away with was knowledge of this tool, and I'm excited to share it with you:

http://www.testexchangeconnectivity.com/

It's a web application hosted by Microsoft and built by a couple of guys on the Exchange team, Shawn McGrath and Brad Hughes. It was built to assist troubleshooting Autodiscover, ActiveSync and Outlook Anywhere (that's RPC-over-HTTP for running on Exchange 2003 vernacular still). What the tool does is it methodically tests each step that's required for each of the services to work and tells you where the breakdown is. Trust me, for these technologies, that's huge. Using the "outlook /rpcdiag" method has been very limited in its usefulness to me, and the new tool is tremendous. I've probably used it almost twice a day for different clients to sort situations out that range from DNS records to certificate misconfiguration to permissions on the RPC virtual directory.

What I plan to do next here is to revisit the tool and tell you how to resolve some of the issues that the tool will alert you to. Not all of them are straightforward. For example, when you see that the "RPC Referral failed" or that the RPC ping didn't work, what's probably the issue? You do well to wonder, and I'll cover that for you soon.

Solutions and workarounds for Office 2007-related problems

2007-11-08T17:16:00.000-08:00

Problem: Can't print selected text from Outlook

Diagnosis: Outlook 2007 handles text and printing differently. Outlook 2003 worked with IE (in the background) to print. Outook 2007 doesn't. Many people are complaining about this, and I don't blame them. Maybe it will be fixed in a service pack.

Solution: Open up the email so it has it's own window. From the Other Actions dropdown menu, choose View in Browser. When the new window opens, select the text you want to print and choose Print. Click "Selection" on the Printing screen. Since IE allows "selected text printing," this is the workaround.

-------------------

Problem: Can't "Save-As" Wordperfect in Word 2007

Diagnosis: This feature doesn't exist in Word 2007. There is no add-in to allow that functionality.

Solution: There are plenty of formats that WordPerfect 12 can open, and Word 2007 can save in many of them. Even saving in Word 2000 format will allow WordPerfect to open it. The "Save-as Wordperfect" in Word 2003 saved documents as Wordperfect 5.x and 6.x files, not a later version, so that wasn't a direct format conversion anyway. There's no real difference between saving files as WP 5x files and saving them as Word 2003 files. Both will open with WP12 in much the same way.

To make Word 2007 save all documents in the Word 97-2003 format that WordPerfect can easily read, do the following in Word 2007:
1) Click the Office button
2) Click Word Options at the bottom of the dropdown
3) Open the Save options
4) Beside "Save Files in this Format," select Word 97-2003
5) Click OK

------------------

Problem: Can't insert hyperlinks to files on Share in an Outlook 2007 email.

Diagnosis: You're right. The option doesn't seem to exist in the same way, even though it exists in Outlook Web Access 2007. Seems to be somebody's half-baked idea of a security feature.

Workarounds:
1) Open the folder that has the file in it. Right click the file and drag it into the body of the email. When you let go of the mouse button, choose "Create hyperlink here" and it will build a file link for you. This is the easiest solution.

2) The links can also be created manually by typing file://F:\clients\1531\Agreement.wpd. If you copy the file path from explorer, all you need to type is "file://" and then paste the rest. If there is a space in the file path, you have to put the whole thing in brackets, like

<file//c:\program files\outlook\install.doc>

Sizing the SBS OS Partition

2007-11-03T17:52:00.000-07:00

How big a partition should you use for the operating system on a Windows Small Business Server? Normally I wouldn't find this subject worth blogging about, but it's started to get my attention that this is a problematic area.

Because Dell and other vendors are shipping many of their servers with mirrored OS drives preconfigured at 16gb, many technologists are making it a point of pride to make that sufficient, when in fact, it isn't. Someone will ask in the newsgroups what size partitions they should use for the OS, and many otherwise highly proficient net admins are recommending that 16gb or even 10gb should be enough, "when managed well." Poppycock.

By saying this, they imply that if you can't keep your OS problem-free on a small partition, you simply aren't as good a server admin. That's like a person saying that careful drivers need never carry a spare tire, since a driver who is a good driver won't be running over things likely to puncture a tire, and then going on to give prospective drivers advice about how to avoid flats. There may be some truth to it, since, for example, I consider myself a good driver and have never had a flat in 20 years of driving, but it's still a bad recommendation.

In my experience, it's safer to go with at least a 40gb OS partition. Might that be a waste of the space I never end up using on that partition? Since when is the goal to fill up a drive? Sometimes there are things that happen out of ones control that makes it worth the possibility of "wasting" up to 20gb.

For example, one of my clients is a 20-user engineering firm. The technical lead there decided to install Axium's accounting software on the server. He left the default paths, and it was installed on C:. It was a complex install and he spent several hours working with their support to get it all working. A few weeks later it comes up on my radar when I begin to get disk space alerts. Sure, they should have asked before installing, but it wouldn't have been as big an issue if I'd had more than a Dell-default 16gb OS partition.

There are other sources of temporary ballooning. It's easy to end up with Symantec AV and its definitions on C if you aren't on the ball during the install, etc.

In any case, it's more often helpful to have a larger partition just to keep the free-space ratio high to handle file fragmentation more efficiently and keep ample room available for ShadowCopy's use.

My basic question to system configurers: why set yourself up for a failure? Give yourself some space to accommodate whatever less-than ideal install situations may get forced on you. Especially since 20gb costs less than a billable hour. Choosing to work with 16gb or less is a decision to make the likelihood of additional billable time more likely.

Making a larger OS partition is a customer-centric decision, and in my mind choosing a smaller partition is on the same motivational continuum as choosing to overclock a server. "Because you can."

Annual Small Business Server Community Survey

2007-05-27T14:02:00.001-07:00

Kevin Beares, part of the team working to make the next version of Small Business Server a great product, needs feedback from the small business community in completing the annual SBS Community Survey.

This is an effective way to show the Microsoft SBS Product Team how important SBS User, News Groups and Blogs are to the SBS Community. Or are they? You let him know.

http://connect.microsoft.com/SBSCommunity/Survey/Survey.aspx?SurveyID=3232

Helping yourself

2007-05-16T12:56:00.000-07:00

I was doing a server migration project this weekend and I ran into a problem with Exchange. I butted my head against the issue for half an hour, trying different configurations and logging options, then went to Google to find some answers.

I found a well-explained solution in a couple of minutes...but it was written by me. I'd researched it for someone else and posted it three years ago. I had no recollection of it whatsoever.

That's just weird, thinking about all the problems I've solved and then forgotten about. I think that if, for only the silliest of reasons, my brain was going to be preserved for science, it would have to include some strategic Google searches. There's a lot of data that's passed through my brain that doesn't seem to live there anymore.

Exchange 2003 Performance Counters

2007-03-29T09:31:00.000-07:00

This is a fairly complete set of useful counters for monitoring Exchange Server performance. According to some of the official monitoring and troubleshooting documentation, there are thresholds for some of these values, and I've included them. Now I will say, it's relatively easy to come up with the counters you are going to use for monitoring, and easy to collect the data, it's more difficult to actually work with the data once you've got it. Unless you have a 3rd-party product to process your counters, there's a tedious manual process involved in averaging values in regular time windows. Not fun. And also remember that, depending on the collection interval you set, your averaging per snapshot will be degraded, and that has to be taken into account.

Additionally, not all of these counters are equal. Some are always critical, some are only referred to when troubleshooting a particular kind of degradation. I've put an asterix next to some critical ones, but my choices aren't definitive.

Logical Disk
* % Free Space < 10%

Memory
Pages/Sec > 1000
Available Bytes < 50mb

MSExchangeIS
* RPC Average Latency > 50 ms at all times
Connection Count (factor 10min inactivity timeout)
Client: Total Reported Latency
Active Connection Count (1 to 3 per real user)
User Count
RPC Requests > 30
Client: RPCs Failed: Server Unavailable
Client: RPCs Failed: Server Too Busy / sec
Client: RPCs Failed: Call Failed / sec
Client: RPCs Failed: Call Cancelled / sec
Client: RPCs Failed: All other errors / sec
Client: RPCs Failed: Access Denied / sec
Client: RPCs Failed / sec
Client: Background RPCs Failed / sec
Client: Foreground RPCs Failed / sec
* Client: Latency > 10 sec RPCs
Client: Latency > 5 sec RPCs
Client: RPCs Succeeded / sec
* RPC Operations / sec .20 per second, per user

MS Exchange IS Mailbox
Peak Client Logons
Active Client Logons > 4 per user
* Average Delivery Time

Paging File
% Usage > 50%

Physical Disk
* Avg. Disk Queue Length < 3 or 2 depending on log/data
Current Disk Queue Length < 3 or 2 depending on log/data
* Avg. Disk Write Queue Length < 3 or 2 depending on log/data
Disk Reads / sec - depends on disk vendor stats
Disk Writes / sec - depends on disk vendor stats

Processor
% Processor Time > 80%

SMTP Server
Remote Queue Length < 1000 & small variance
* Connection Errors / sec
Messages in Local Delivery Queue
DNS Queries / sec
Current Outbound Connections
Current Inbound Connections

System
Processor Queue Length < 2

---------------

These articles go into more depth on how to interpret these counters.

Performance TroubleShooting Basics:
http://msexchangeteam.com/archive/2005/09/28/411674.aspx

RPC Performance Counters Indicate Poor Performance:
http://technet.microsoft.com/en-us/library/d97e8f41-97b8-4858-b51c-bcaf48f48607.aspx

Tuning Exchange 2003 Performance:
http://technet.microsoft.com/en-us/library/d97e8f41-97b8-4858-b51c-bcaf48f48607.aspx

Finetuning Your Exchange Server:
http://gethelp.devx.com/techtips/exo_pro/10min/10min1299.asp

Perf Counters for Users, Logons & Connections:
http://msexchangeteam.com/archive/2006/09/11/428871.aspx

Using the Exchange Calendar Update Tool for DST issues on SBS networks

2007-03-03T11:57:00.000-08:00

There is a lot of confusion out there about DST updates, and part of the confusion is the fact that some solutions that are appropriate for the small business space aren't appropriate in an enterprise environment, and visa versa. Most small business consultants I have talked to are just distributing the Outlook Calendar Update tool to their users rather than centrally resetting the company appointments. Additional concerns are raised when you realize that the main DST patches were auto-deployed to users two weeks ago, and any new appointments created since then will be improperly altered if the Outlook Calendar Tool is run against them in the standard fashion this week. I have navigated these issues, and I would like to share what I have done.

I have run the Exchange Calendar Update Tool (version 2.0 (KB933146 updates the tool to v.2)) at two sites of 50+ users on servers running Exchange 2003 with SP2 and KB 926666.

Working assumption: all systems were set up for Automatic Updates or for regular Microsoft Updates and all workstations got the KB931836 patch within a few days of each other. I had already installed the KB926666 patch on the Exchange servers.

This was my process:

1) Download the following to a share on the server: Outlook Calendar Update Tool, Exchange Calendar Update Tool, and hotfix KB933146.

2) Create a new user in the domain called TempDSTUser. Do not add it to any groups besides the default Domain Users group.

3) Go to the Mail Store and add that TempDSTUser to the permissions list on the store root. By default the user will have Send/Receive-as permissions on all mailboxes, unlike any account that is a member of the Domain Admins group.

4) Check a bunch of systems and get an idea for what day KB931836 was installed. In my networks, it was usually installed on Feb 17th, 2007.

5) Log onto a workstation that has been patched with KB931836 and has Outlook 2003/2007 installed. Logon using the TempDSTUser account.

6) Use the Mail control panel tool to set up a new profile for the user pointed at the Exchange server. Make sure that it does not use cached mode. Make the new profile the default.

7) On the workstation, install all the tools and the hotfix in the order that they are listed above. Do not use the default directory for install (c:\program files\MsExTmz), instead use c:\MsExtmz. A Microsoft video demo warned about problems with using the default path.

8) Once installed, run c:\MSExTmz\MSExTmzCfg.exe

a. Input the server name. If you ran the hotfix mentioned above, the wizard should ask you for a Server Name, not a LegacyDN path.

b. Pick the profile that you set up on this workstation.

c. Click Next. The config program will extract the necessary list of users and build a batch file and some input files, putting them in a subfolder named after your Exchange server.

d. On the screen with the conflict.txt file listed, click Next

e. On the next screen, there are two parameters that need to be set:

i. The TZMove.exe path should be where the TZMove tool installed. Do not point to the TZMove.exe executable that was downloaded. The path should be C:\Program Files\Microsoft Office\Office12\Office Outlook Time Zone Data Update Tool\TZMOVE.EXE

ii. The log directory should default to c:\MSExTmz\%servername%
f. When you click Finish, a new directory will be created: c:\MSExTmz\%servername%, and the following files will be there:

i. Mailboxes_1.txt: This is the file that the Exchange/Outlook tool will parse to connect to and update calendars.

ii. Nonexistent.txt: This file is a list of users that did not have necessary parameters to be included in Mailboxes_1.txt. Copy the entries from this file and append them to the Mailboxes_1.txt file. Now go through the Mailboxes_1.txt file and remove entries that do not need updating, like the SystemMailbox and some of the mailboxes that you use for automated processes. Also, note that a good entry includes the following after the LegacyExchangeDN: servernameTime Zone. Copy that bit of text from the end of one line and paste it onto the end of every line that lacks that text until every line looks something like this:
/O=FIRST ORGANIZATION/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=TEMPDSTUSER server Pacific Standard Time

iii. MSExTmz_1.ini: This is the .ini file from which settings will be pulled for the actual calendar update. On the line called CommandLine, append the following switch: /ONLYCREATEDPREPATCH:2007-02-17T12:00:00Z - What this will do is only change the time on appointments that have been created before the date set here. In this example, I have used the date of February 17th, 2007, which is about when all the clients in this organization had the KB931836 patch installed. If you suspect that there is a wide variety of install dates for this patch in your organization, using this switch may not be the best idea. But if you do not use it, any new appointments created SINCE the KB931836 patch was installed will be incorrectly changed. So you have to decide which is worse.

iv. ConflictUsers.txt: This file is created but has not been populated with anything when I have run the tool.

v. Errors.txt: This file is created but has not been populated with anything when I have run the tool.

vi. MsExTmz_1.bat: This is the file you will run to actually update the appointments in your organization.

9) Run the MsExTmz_1.bat file and watch it parse through the Mailboxes_1.txt file. It will open each mailbox, search for appointments, and make changes. If there are no appointments that meet the criteria, it will say No Log File was written for user. If it finds appointments to change, a new logfile will be created in the C:\MsExTmz\%servername% directory with the name of the user in it. You can open these file to see exactly what was updated, which is a huge help when working on post-update questions with particular users.

10) What you see in the script running window will also be written to a text file called MsExTmz.log so that you can look through it for errors. Here are some you might run into:

a. An error that ends with 4011D usually means that the user account you are using was not set up with permissions on the user mailbox properly. Make sure you followed my steps 2 and 3 properly.

b. An error that ends with 4005 says that a timezone could not be found. Do not worry about it. You will manually set the timezone in step 8.f.ii

That is about it. I am still working on a good process for updating Public Folder calendars. The Outlook Calendar Tool is used to do this, and I will post my process soon.

I would be happy to get feedback from some of you who have also worked out your own methodologies.

No-listing: a cheap anti-spam strategy

2007-02-04T21:47:00.000-08:00

I read recently about a modest configuration change that administrators can make in their DNS records to significantly reduce the amount of inbound spam. I wouldn't advise it for an enterprise without a lot of testing, but it certainly intrigued me.

Known as "No-listing," it is not well-known yet, but is very uncomplex. You simply add a dummy MX record as the highest priority MX in your DNS. Make sure the target host is one that does not accept traffic on port 25, but is still an IP controlled by you. Mail servers following proper RFC protocol will attempt delivery at the first MX record, and after failing, will move to the second, third, and so on. Apparently the bulk of the spam-mailers do not bother to try additional MX records, and just ignore domains whose primary MX record does not respond. One writer about "no-listing" claims that 90% of his inbound spam was abated using this method and that to date he has had no problems receiving valid mail. Read more about no-listing here.

Office on the Go - The Treo 700w

2006-12-10T08:04:00.002-08:00

A few months ago a lawyer friend of mine asked me to help him find a phone that would solve several problems for him.

First, he wanted to be able to dictate into the phone and somehow get the dictation to his secretary instead of having to use a micro-cassette recorder and regularly Fed-Ex his tapes back to the office when out of town.

Second, he wanted to have access to his office calendar and contacts while out and about. But he said he didn't care about email.

I spent some time comparing phones that would handle dictation and would sync with Outlook, and I narrowed the search down to the Motorola Q and the Palm Treo 700w. I ended up going with the 700w because it ran Windows Mobile 5 operating system and I knew it would offer a cleaner path to working with Outlook and Exchange server. Both phones support EVDO, or Verizon's Wireless Broadband service, which we would need, as you shall see.

The phone has a built-in ability to voice-record, but this user needed as easy a transition as possible into technology and didn't need to be digging around in the phone's file system for .mp3 files, so for the dictation functionality I opted to use Pocket Dictate ($65) made by NCH Swift Sound. It installs on the phone and then one of the side buttons on the phone can be programmed to run Pocket Dictate as needed. Once a dictation has been taken, a couple of keypresses sends the dictation (using an SMTP client internal to PD) to a pre-defined email address using a highly compressed format. An EVDO connection is made, and the dictation is sent.

The only problem I ran into was that the Pocket Dictate program wasn't able to initialize the internet connection properly, and so to send out a dictation, the EVDO connection needed to already be up and running. So the working procedure ended up being as follows:

1 - Push the button to start Pocket Dictate
2 - Tap the record button on the screen
3 - Dictate as needed
4 - Push the stop button on the screen
5 - Open up Internet Explorer to initialize EVDO, then close the browser window
6 - Push the send button on the Pocket Dictate screen
7 - Push OK

NCH makes a free companion dictation player application that installs on the secretary's workstation and allows her to transcribe the dictations. I installed a USB transcriptionist's footpedal for her that integrated well with the app, and she was able to get rid of the old transcription machine entirely.

Teamed with the law office's Windows Small Business Server 2003, I was able to set the phone up to use Exchange ActiveSync, which allowed my client to access calendar, email, tasks and contacts on his phone while in court. His secretary was able to edit his calendar and contacts as needed, and his phone synced with the server on its own every 15 minutes.

I'm personally using this phone myself now, and here are the top four things I do with it besides make phone calls and use the sync functions:

- Listen to audio books I've downloaded from Audible using the EVDO connection

- Use the Notes feature to take down the titles of books I want to remember to look up later

- Text message Google's SMS service to find information I need while out like movie times, restaurants, and banks. Just send a text message like 'pho, boise id' to the number 46645 and you'll get a list of Vietnamese noodle houses local to Boise.

- Look up the definitions of words on Dictionary.com. Yesterday I was in an antique shop and there was this old clock that looked like it was made of wood, but when you touched it, you realized it was made of some sort of stone. A guy who seemed to be a friend of the proprietor was telling her that it was made of "adamantine." I was pretty sure that you wouldn't make a clock out of that, and I quickly used my phone to confirm that you might as well try and fashion a clock out of a diamond. But I didn't say anything. I just had to know.