Ant Drewery

I often work with dual monitors and recently needed to compare two Excel spreadsheets side by side. I found that although they showed as separate instances on the Windows Taskbar I couldn’t have them displayed on separate screens. After some investigation I found that to do what I wanted I had to force Excel to open each document as a separate instance of the application. To do this try the following:

In Explorer go to Tools > Folder Options.

Choose the File Types tab then find XLS under Extensions. Highlight it and click the Advanced button.

Select Open then the Edit button.

Now in the Application used to perform action field go to the end and add a space followed by "%1". Be sure to include the quotes. You also need to unselect Use DDE. OK all of your changes. Now when you open multiple Excel spreadsheets each will be a separate instance of the application so you can move them to separate monitors. The downside is that you’ll use more of your PC resources.

This issue has been addressed in Excel 2007 beta 2.

Technorati Tags: Excel

This is fairly old news now but something I thought worth documenting as it affected our two BES installations.

Microsoft have changed the Full Mailbox Access permissions in Exchange so that it no longer implies Send As rights. Recent fixes for store.exe include this change. When applied it affects 3rd party applications like BlackBerry Enterprise Server which previously only used Full Mailbox Access rights for the application account.

You can avoid disruption by a small amount of preparation before applying the latest Exchange fixes. You’ll need to grant the BES admin account Send As rights on the Active Directory user accounts of your BB users. You could do this individually but it would be easier to do it at OU level. You’ll need to take into account the inheritance configuration on your OUs to decide the best location(s) to set the permissions. To see the Security tab on your OU properties you’ll need to enable the Advanced Features in Active Directory Users & Computers. This is done via the View menu:

When viewing the Security tab click the Advanced button. Now click the Add button to add your BES service account. You’ll be presented with a list of permissions. Change the drop down box to User Objects then tick Allow Send As. Once you’ve Ok’d back to ADUC your permissions will be set.

Any administrative users will need to be addressed separately. Administrative users include anyone who is a member of the following groups:

Enterprise Admins
Schema Admins
Domain Admins
Administrators
Cert Publishers
Backup Operators
Replicator Server Operators
Account Operators
Print Operators

It should be noted that it is good security practice not to have admin rights on your everyday mail-enabled account. 

To handle the administrative users the appropriate permissions need to be set on the AdminSDHolder container. The easiest way to do this is with the dsacls command. To use it you’ll need the Windows Server 2003 Support Tools installed. The syntax of the command is as follows:

Once all your permissions are set and verified you can go ahead and install the Exchange patches knowing that your BlackBerry users will continue to function as before. 

Technorati Tags: BlackBerry, BES

Our initial lab deployment of Exchange 2007 doesn’t contain an Edge Transport server yet so I wanted to be able to route inbound SMTP email directly to a Hub Transport server from our MIMEsweeper servers. I had expected this to work ‘out of the box’ but found the connection kept failing as it was an anonymous source.

The Hub Transport server has 2 Receive Connectors that are created by default:

The Default RC accepts inbound connections on port 25 and the Client RC accepts connections from remote clients on port 587. Whilst I understand the purpose of the Default RC I’ll need to do some more research into when and how the Client RC is used.

I looked at the properties of on the Default RC but couldn’t see anything that might help me. There are various options available for authentication but none that seemed to allow anonymous access.

A little more digging led me to the Exchange Management Shell and a Cmdlet called set-ReceiveConnector.

With the following command line I managed to get my Default RC to accept email from non-authenticated sources. 

set-ReceiveConnector -identity "Default LABCRWEXHT1" -PermissionsGroups AnonymousUsers

The moral of the story? Get used to the Exchange Management Shell as there’s no avoiding it!

Technorati Tags: Exchange 2007

This is just a quick tip that I came across whilst decommissioning 7200 series BlackBerry handhelds.

Version 4 of the handheld software has a ‘wipe handheld’ option which unfortunately isn’t present in version 3. To get around this you can simply enter the password incorrectly 10 times. This will wipe all data and configuration from the device.

Technorati Tags: BlackBerry

I have a stake in a London based fire protection company and sometimes get involved with their IT. Being a small company they run MS Small Business Server 2003 and connect to the internet using ADSL and a fixed IP address. For their email the MX reccord points to their internal server via a port mapping on their firewall. I also wanted to give them a secondary MX record with a store and forward service in case their server or Internet connection is down for a prolonged period. I looked at various commercial services but eventually decided to make use of their dedicated web server hosted by their ISP. The server runs Fedora Core and includes Qmail as part of the build.

I’m far from being skilled in Linux/Qmail but I can stumble my way through when necessary. There’s a plethora of resource material on the Internet and I use a little Unix and Sendmail at work. Dave Sill has produced the excellent Life With Qmail guide that will get you started with Qmail.

Firstly you’ll need an SSH client. I use PuTTY. Once logged in to your server navigate to /var/qmail/control.

Next vi the rcpthosts file. (I’m sure there are other editors but I learnt the basics of vi back at university on VAX/VMS systems so stick with what I know.) Add to the file the domain you want to store and forward for e.g. griffinfire.co.uk. Save your changes and exit.

Now vi the smtproutes file. Here you need to add the SMTP domain and destination host in the following format SMTPdomainname:FQDNofdestinationhost e.g. griffinfire.co.uk:mail.griffinfire.co.uk. Save and exit.

And that’s all there is to it.

You can’t adjust the delivery retry intervals in Qmail but it will keep the messages for 1 week before expiring. This is longer than the defaults for some other messaging systems (Exchange 2003 defaults to 48 hours, MIMEsweeper is 72 hours) and therefore ideal for a store and forward service.

With some slight further configuration it should also be possible to access the stored email via a web interface which would be useful in a DR scenario. This is on my to-do list and I’ll blog the process once done.

Technorati Tags: Qmail

Another problem we get from time to time with MIMEsweeper for SMTP 5.2 is corruption of the LDAP lists. This initially manifests itself with an error like this in the event log on the configuration server:

———————————
Event Type: Error
Event Source: InfrastructureService
Event Category: (539)
Event ID: 10265
Date: 27.07.2006
Time: 11:47:28
User: N/A
Computer: CRWEXMSW1
Description:The PCS LDAP node configuration processor was unable to update the consolidated digest file for the PCS LDAP address list ‘78f39c28-cf8c-440c-84ac-67e4533c4f4c’.
The domain index file for the address list ‘PMM Users’ is invalid.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
———————————

If you reboot the configuration server you’ll find that the Infrastructure Service won’t start. If you run pmi.is.exe -debug you will see errors relating to PCS LDAP in the output.

To fix this try the following:

Stop all the MIMEsweeper services on the PCS.

Move the files in the following folders to a safe location.

C:\Program Files\Clearswift\MIMEsweeper for SMTP\Data\Configuration\Server\PcsLdapAddressLists 

C:\Program Files\Clearswift\MIMEsweeper for SMTP\Data\Operations\Configuration\PcsCache\PcsLdapAddressLists

Restart the MIMEsweeper services.

Now go into your policy editor and update all of your LDAP lists. Once this is complete save/apply your policy. 

Technorati Tags: MIMEsweeper

Having been recently taken over we’re now working on transitioning data and systems to the new company. As a result there are a large number of email redirections in place whilst the users and applications move across to the new organisation. The vast majority of redirections are handled in a controlled format using contacts in Active Directory and the delivery options on user objects. However, despite our best efforts we do suffer the occasional mail loop. This is usually when a user has set an OOF message on their mailboxes in both organisations and also set a rule to forward and auto-reply. (Note: We need auto-replies and OOF messages enabled between the two Exchange organisations). The detrimental effects are limited through the use of mailbox limits but that can still leave us with thousands of messages to clean up once the loop has been stopped. To help us with this task we use ExMerge.

Run the wizard and choose Extract or Import (Two Step Procedure). On the next screen choose Step 1: Extract data from an Exchange Server mailbox.

When you get to the Source Server screen enter the appropriate Exchange server name then hit the Options button:

 The first tab you want is Import Procedure and choose Achive data to target store. This option will extract the data from the mailbox rather than just copy it:

Next go to the Folders tab and restrict your export to the Inbox (if required):

Now you need the Message Details tab so that you can restrict your export to only the looped messages. In the example below I’m removing messages with "Out of Office" in the subject:

Now hit OK and complete the rest of the ExMerge wizard to select the mailboxes you want to extract from and the destination for the resulting PST. Double check the contents of the PST before you delete it!

Technorati Tags: ExMerge, Exchange 2003

We run Clearswift’s MIMEsweeper for SMTP 5.2 as our SMTP gateway. We have 4 policy servers (2 x Tampa, 2 x Crawley) connected to one configuration server (Crawley). I’ll spare you my rant about Clearswift and MIMEsweeeper but suffice to say I won’t be recommending it to anyone who needs a reliable messaging hygiene solution for a high volume enterprise environment. (FWIW, I’ve been working with MIMEsweeper since 1998 and until its current incarnation have always been a stong supporter of the product.)

We’ve had a plethora of issues with MIMEsweeper version 5 but one in particular keeps re-occurring. Despite having applied their hotfix, every few weeks MIMEsweeper’s spam solution, SpamLogic, takes on a mind of it’s own and starts trapping an unacceptable amount of false positives. When this happens the SpamLogic databases need to be reset to their default configuration. To do this connect to each policy server in turn and do the following:

• Go to the c:\Program Files\Clearswift\MIMESweeper for SMTP\Data\SpamLogic folder.
• Rename spamlogic.db to spamlogic.old.
• Copy spamlogic.bak to spamlogic.db.

This way the original spamlogic.bak is preserved as you’re going to be needing it again in the future! Once you’ve completed these steps restart the MIMEsweeper Security Service.

You can disable the SpamLogic auto-training feature at anytime but then your databases will remain static and your detection rates drop as the type of spam evolves.

Technorati Tags: MIMEsweeper

We have a total of 4 Storage Area Networks attached to our primary Exchange clusters. We have 2 HP MSA 1000’s , an EMC CLARiiON CX300 and an EMC CLARiiON CX500. When designing our storage solutions I try to ensure a maximum database size of 50GB and leave twice that amount of free space so there is room for DB maintenance if necessary. I would normally put all databases for a storage group on a single RAID 1+0 array. This way there’s a little give and take with the DB sizes. For example if I planned to have 4 mailbox stores in a storage group I would make the partition at least 300GB (4 x 50Gb for stores + 2 x 50GB free space for maintenance).

Unfortunately I haven’t been as strict with our older hardware and have learnt an important "battlefield lesson" (thanks go to Gary for the post title). We have a server (an old HP ML570 ) that we have been using as a transitional area for mailboxes that we’re manually archiving. As it doesn’t normally contain much production data we’ve been a little lax with our housekeeping and have allowed the 2 stores to grow in excess of 90GB in size (although with plenty of white space) and allowed the free space to drop to around 15GB. We had a failed drive on the box at the weekend and the RAID controller didn’t do too good a job of keeping things going resulting in corrupted stores/logs. We mounted empty stores to allow the affected users to continue working but now have to copy almost 200GB of data across the network to attempt a repair or restore (I believe strongly in keeping an original intact copy of the corrupt DBs/logs when trying any repair procedure). We are running a restore using a recovery storage group on an alternative server but until we have a safe copy of the old DBs on another box we cannot risk deleting the originals to make room for merging the data back.

We’re out of empty drive bays and the server doesn’t support USB so for now we’re just waiting for the copy to complete. 24 hours and counting…

Technorati Tags: Exchange, SAN, storage

The company I work for has been bought by another and we are currently transitioning our IT systems. As part of this transition the users are being given mailboxes in the new organisation. Until the decommisioning of existing systems is complete some users have a need to access their original mailbox and public folders which they are achieving via Outlook Web Access.

The users working with public folders via OWA found that they could not reply or forward messages exceeding 2MB in size. A Google search returned this article which provided the solution.

On each front-end server the following registry entry needs to be created: 

Location: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA
Value: maxPFReplyForwardSize
Type: REG_DWORD
Value Data: X

Where X is the maximum size you want to set in kilobytes (remembering to set the base to decimal).

Technorati Tags: Exchange 2003, OWA, Outlook Web Access