September 23, 2010 Leave a comment

As I mentioned in my last post – Server Roles – Hub Transport,  all messages that pass through Exchange 2007 environment end up passing through the Hub Transport Server(s). This is critical when using the journaling feature.

Journaling is the ability to record all communications in an organization. E-mail communications are one of many different communication mechanisms that you may be required to journal. It is not unique to Exchange, I personally used it with Domino Server but other mail services offer the same functionality.

The #1 use case in my view is the compliance world where companies are required by law (or regulation) to archive information for years (in some cases up to 7 years!). This mean keeping every email – sent or received, internal or external, with attachments or without them and in some cases appointments, tasks and instant messaging. Sound big and scary?

Journaling help messaging administrators to collect all this information at one point. Going back to the opening paragraph, given the fact that all the messages go through one point – Hub Transport make journaling easier and much more effective.

Let’s go over some of the technical aspects of journaling in Exchange 2007 using Microsoft TechNet. Journaling in Exchange Server 2007 makes use of the new role-based topology in Exchange. all messages are processed by Hub Transport servers when going to or coming from Mailbox and Unified Messaging servers, other Exchange systems, third-party applications, and the Internet. All Hub Transport servers contain a transport agent called the journaling agent, which is responsible for applying journal rules to messages. Since the journaling agent is located on the Hub Transport servers, it encounters and evaluates every message before the message reaches its recipient. The Journaling agent acts on messages after categorization—this ensures access to all the message’s recipient and sender attributes, and it allows the agent to determine if the message was sent directly to a recipient or if it was received via distribution group expansion. It can also tell whether the recipient was on the To, the Cc, or the Bcc lines of a message that originated from within the Exchange Server 2007 organization.

Journaling in Exchange 2007  has a great fine tuning ability. You can specify journaling rules which let you select specific users for journaling. Rules also let you determine the scope of messages to journal, with options for Internal, External, and Global. Using the rules you can configure journaling to collect a user’s e-mail, voicemail, and faxes all in his Inbox and make journaling more flexible and much more efficient.

There are 2 types of journaling:

  • Standard journaling – enables the Journaling agent in Exchange 2007 to journal all messages sent to and from recipients and senders, located on a specific mailbox database on a computer running the Mailbox server role
  • Premium journaling – enables the Journaling agent in Exchange 2007 to use rules that you can configure to match the specific needs.
    This journaling type requires Exchange Enterprise Client Access License (CAL)

Journal Reports is the message that exchange generate when a message matches a journal rule and is to be submitted to the journaling mailbox. You can read all about it here. Information that is available through journaling is processed by the journaling agent that tries to capture as much detail as possible about the original message and populate as many fields as it can in the journaling report.


Server Roles – Hub Transport

September 21, 2010 1 comment

You can’t point one server role as more important than others but I find the Hub Transport role to be the most exciting. Yes, Mailbox role has all the data and Client Access allow connectivity in more ways than ever before but this is where the brains meet reality and its also where my past (aka networking life) meet the present: routing mail like routing packets is complicated and vital for the proper functioning of the network.

In Microsoft Exchange Server 2007, transport refers to the process of transferring messages from one server to another server. Hub Transport server role is responsible for all messaging transport inside the organization. Microsoft requires you to place at least one Hub Transport server into every Active Directory site that contains a mailbox server (but it doesn’t require a dedicated box).

To get an idea of the required hardware check Microsoft’s planning page or this great post from Andy Grogan’s blog, both dive deep into the requirements and options so I’ll skip the details. As for the software requirements – it can be installed as a stand alone component or share the same box with few of the other server roles in smaller environments.

One task that the Hub Transport role perform is communication with the Edge Transport role:

  • it hands off Internet-bound messages to the Edge Transport role for processing
  • it takes inbound messages that the Edge Transport server has accepted from the Internet

Hub Transport’s major message processing job is Internal Mail Flow. After the initial installation of Exchange 2007 we have to manually configure Send and Receive connectors to establish mail flow between the organization and the Internet. While “Default Server Name“, the default Receive connector is created as part of the installation (and doesn’t accept anonymous connections), no Send connectors are created by default.
In a larger environment with multiple Hub Transport servers, the internal mail flow is managed by the intra-organization Send connector and the default Receive connector.
When messages are transferred between a Mailbox server and the Hub Transport server, the MAPI protocol is used. When messages are sent and received between Hub Transport servers, SMTP is used.

Configuring a new connector is done vie Exchange Management Console-> hub Transport-> New Connector. This is how it looks on the server:

Other Hub Transport tasks are Messaging Policy and Compliance Features & Anti spam & Anti virus protection.

Coming from the Wall street banking industry I know how compliance became a major part in day-to-day life of IT administrators. Exchange 2007 make a huge step forward in helping messaging administrators to provide a complete compliance solutions as all messages that pass through the Exchange environment end up passing through the Hub Transport Server(s). If you never had to comply with one of the regulatory powers I’m not sure you’ll be able to appreciate it as much as I do but this is big. It allows monitoring mail of all types from one point and help saving time and money.

Communication session between servers can have an optional authentication stage which are well described in this Transport Permissions Model document. As I mentioned, Hub Transport reject anonymous connections out of the box. In order to allow connections it is required to either allow anonymous (anyone said security hazard?) or define permissions for session authentication and authorization.

This is just the basics. If you want to know more, cover the links as they offer more details.
If you have any corrections, addition or general comments feel free to share.

Exchange 2007 – Server Roles

September 18, 2010 Leave a comment

When Microsoft worked on Exchange 2007 they looked for a way to improve the administrative and management experience. As part of this effort Exchange 2007 introduced five server roles, each provides specific functionality and features. This is the list of roles:

This post will cover the highlights of each role but expect a more detailed posts later on.

Mailbox Role – holds the Exchange databases within which the user mailboxes and public folders are contained. It provides MAPI access for Outlook clients and obviously required with any kind of Exchange implementation.
Exchange 2007 Mailbox role enhance the Active Directory integration that was available in earlier versions.

Client Access Role – the old Front-End server (used in Ex2000\2003) was updated and is now a dedicated role. This role (as the name indicate) cover all the optional connections: MS-Outlook, Outlook Web Access, Exchange ActiveSync (viva la iPhone ;)), Outlook Anywhere, POP3 & MAPI4

Hub Transport Role – handles internal mail flow by routing messages to next hop: another Hub Transport server, Edge server or mailbox server. Exchange 2007 Hub Transport role uses AD site info to determine the mail flow. all its configuration information is stored in AD and any other Hub Transport servers you install will get their configuration from AD.

Edge Transport Role – The Edge Transport server role cannot coexist on the same computer with any other server role, it is deployed in the perimeter network and handle all Internet-facing mail flow, provide protection against spam, and provide secure message paths between business partners.

Unified Messaging Role – enables voice mail, e-mail, and fax messages to be stored in a user’s mailbox. Users can get access to their mailbox from a telephone or from a computer. Unified Messaging (UM) is a new feature added in Exchange 2007.

Exchange 2007 Installation with problems

September 16, 2010 Leave a comment

I was installing a lab with Exchange 2007 32-bit.

WHAT? 32-bit? didn’t I say that starting with Exchange 2007 there is only a 64-bit version?
Relax 🙂

Exchange 2007 has an evaluation version that run on 32-bit and while not supported for production is great for labs (specially when your available lab is 32-bit).

I was setting the lab and started the installer. To make it interesting I did not complete the prerequisites so we can see them on the screen.
The screens are just like the regular installation but after the installer completed the screen was full of errors. This was good because it show you all the components that Exchange require. So let’s see what I learned…

The first installation step is Organization Prerequisites:

The first item – the user account used for the installation has to be a member in both Schema Admins and Enterprise Admins groups. This task is easy – open the ADUC console and under groups add the user to both groups:

Next we are alerted that the installation require the domain functionality level must be raised to 2000 native or higher. Using the same console you can right-click the domain and choose the ‘raise Domain Functional Level’ option. I choose the Server 2003 level:

Next is the Hub Transport Role Prerequisites section

You can see a reference to a time zone update.

Here you also get for the first time the warning:

The 32-bit version of Exchange Server 2007 is not supported for production use

Still under Hub Transport, the next requirement is IIS. These are the instruction for 2003 & 2008 servers.

The Client Access Role Server also require different IIS components and the same time zone update.

The Unified Messaging Server Role Prerequisites point us again to the time zone update and the Microsoft Core XML services.

Last is the Mailbox Role Server which also require the IIS functionality and either Enterprise Administrators or Exchange Organization Administrators group membership.

One important note – don’t forget to log-off after you add the user account to the Schema & Enterprise Admin groups, if you run the installer without logging yourself out of the machine you will not have the permissions and receive the same error messages.

Update Rollup 1 for Exchange Server 2007 Service Pack 3

September 10, 2010 Leave a comment

Update Rollup 1 for Exchange Server 2007 Service Pack 3 (SP3) resolves issues that were found in Exchange Server 2007 SP3 since the software was released. This update rollup is highly recommended for all Exchange Server 2007 SP3 customers and is available here.

This update includes new fixes for the following server roles:

  • Client Access
  • Edge Transport
  • Hub Transport
  • Mailbox
  • Unified Messaging

Here you can see the full list of fixes in this update.
Use the How to Install the Latest Service Pack or Update Rollup for Exchange 2007 page for more details.

Exchange “How Do I?” Videos

September 9, 2010 Leave a comment

I came across this great Microsoft resource with dozens of “How Do I” Exchange videos.
While most of the videos are Exchange 2010 oriented, most of them are good for 2007.
There is another good list here.

Categories: Exchange 2007 Tags:

How x64 changed Exchange

September 6, 2010 Leave a comment

Correct me if I’m wrong but Exchange 2007 is the first 64-bit only product from Microsoft. What is the big deal you ask? The answer in few quick points:

  • access to more RAM
  • Less disk I/O for Exchange (because we get more RAM)
  • Reduced hardware requirements
    Better performance (per same hardware)

If you read my Exchange 2007 Database – Part I & Part II you know that database performance is crucial for the user experience and server functionality. Exchange as an application server is built on top of the database, mainly Extensible Storage Engine (ESE) which it shares with Active Directory and as such, it uses big tables and constantly update them. Updating tables is a tedious job that read and mostly write to the disk (where the database is located) because the memory availability is limited compare with the size of the database.

Items that are used the most (like Inbox messages and rules, Calendar meetings and contacts information) will be re-read over and over creating a massive performance impact on the disk. Using 64-bit platform make more available RAM and as a result, less read actions. The immediate impact is faster access to the information – better user experience and less overhead on the server.

Checkpoint is another place where we notice the difference. Checkpoint is a way to hold writing of data to disk until we have the resources. If you remember, I mentioned this concept in Part I of the database review as I was explaining the transaction log role. Since the data is already written to the transaction logs we can safely wait with writing to the database and wait for a better time when the performance will not be affected. This is where checkpoint come to play:

  • Some of the data is updated frequently and if we hold on writing it to the database we save the re-write of its updates. Think of a calendar meeting that is sent internally. In most cases it will get approval\rejection\tentative updates within couple of minutes. If we write this data for every single update it will raise the I/O significantly while holding it save dozens of writes.
  • Nearby data changes that are written at the same time save I/O. If we wait and 2 Inbox items are updated and then written at the same time we save on access to the disk. Now multiple the close items (mail, calendar, etc.) and you get a significant improvement.

Checkpoint depth (20MG per Storage Group in Exchange 2007) determine how long we wait before writing the data, it is the size of the logs we keep in memory.

Tip: Writing to logs is sequential and with most disk it is handled much better than writing to the database. That is why writing to the logs though using the same theoretical I/O doesn’t cost as much as writing to the database.