Archiving and Reducing Exchange Mailboxes and Stores (Part 2)
You have analyzed your current exchange store and deciding to buy a 3rd party solution so your users can maintain the large amount of emails they are accustomed to and retain all emails for legal/business purposes, and here are the options.
- Buy the Barracuda Message Archiver ( website link: http://www.barracudanetworks.com/ns/products/archiver-overview.php) which is a really simple installation and maintenance. I have used this before, and it gets the job done. I did have issues with restoring emails after being exported, but after some conversion and importing to pst files it worked. This isn’t my first pick, but is widely popular for message archiving.
- Buy GFI Mail Archiver (http://www.gfi.com/mailarchiver/) which is probably the most popular software mail archiving programs out there. Installation is a bit complex, but not extremely difficult. When purchasing buy at least 1 year of maintenance because you will be on the phone with them for the first month or two after implementation. This has various platforms to run on (SQL only, SQL + File System, and 2 others using SQL Express that you SHOULD NOT use). I wish they would simplify the installation with only one option, because it’s the best in almost any situation. SQL + File System gives the best reliability and scalability.
Using any of the above solutions will work wonders for retaining and keeping a lean exchange store. You will use Exchange’s built-in retention policies to keep all mailboxes at reasonable levels and never again will you have users screaming of slow outlook that is bloated beyond belief. I will mention that doing any of these solutions is a considerable time commitment when you factor importing old emails to these systems. In the end, it will give you peace of mind that you will always have copies of ANY email that your company receives, no matter what the user does with it. All these systems use journaling to essentially copy the message to these systems before the user touches it.
Archiving and Reducing Exchange Mailboxes and Stores (Part 1)
Overview
With todays reliance on email, many people use outlook as there filing system. Its not to uncommon to find 10GB+ mailboxes. This is becoming a common problem for many exchange administrators because they have no way to deal with the shear size of these mailboxes. Outlook archive system isn't sufficiant, because most time the PSTs it creates do not properly archive and isn't centralally located which causes a nightmare when looking for archived emails.
Find out where all that space is in your exchange store.
- Find the total size of your mdb file (ex.100 GB) and compare to your Exchange server folder size. This should be the same or close to it. I have seen instances where the Exchange log files spin out of control and accumulate a ton of space. If this is the case please consolidate your log files by doing a proper exchange backup (Backup Exec, Ntbackup **server2003**, Acronis for Exchange, etc…). DO NOT USE A IMAGE BACKUP, as this does not consolidate exchange logs.
- Run the following command from Exchange Management Shell (exports mailbox list with size to c:\mailboxsize.txt)
- Get-MailboxStatistics -Server EXCHANGESERVER | Sort-Object TotalItemSize -Descending | ft DisplayName,@{label="TotalItemSize(MB)";expression={$_.TotalItemSize.Value.ToMB()}},ItemCount >c:\mailboxsize.txt
- After finding the large mailboxes you can find what folders are taking up the most space in that mailbox. Run this from EMS (Exports folder list of specific mailbox to c:\mailboxfoldersize.csv)
- Get-MailboxFolderStatistics -Identity USERNAME -FolderScope "All" | select @{n="DisplayName";e={$mbx.displayName}},FolderPath,ItemsInFolder,@{n="FolderSize(MB)";e={$_.folderSize.toMB()}} | export-csv c:\mailboxfoldersize.csv
- From here you will be very informed of who or what is taking up all that exchange space. Sometimes it’s a simple export to PST from the server to clean inbox and sent items. Other times users still need direct access to those archived files and I’d recommend using a 3rd party software like GFI Mailarchiver for this. If you can’t spend any money, you could attach the PST to the mailbox via mapped drive, but this is NOT recommended, because the user has a tendancy to change or add email to the PST which isn’t good.
Disable RSS Feed in Outlook 2007 using GPO (Group Policy Object)
First install the 2007 Office system Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool version 2.0 if you haven't already done so.
In Group Policy Editor navigate to User Configuration -> Polices -> Administrative Templates -> Microsoft Office Outlook 2007 -> Tools | Account Settings -> RSS Feeds
-Default RSS Feeds -> Set to Disabled
-Synchronize Outlook RSS Feeds with Common Feed List -> Set to Disabled
-Turn off RSS Feature -> Enabled
After all these are set you can reboot the workstations or force a GPO update by using gpupdate /force
By disabling RSS feeds you are cleaning up space on your Exchange store and speeding up your users outlook. I recommend doing this in any business.
Fixing Certification Warning Popups in Outlook 2007 and 2010.
If your users are complaining of a certification popup when logging into outlook 2007 or 2010 you probably have some issues with your Certificates on Exchange Server. Deleting and creating new certificates can cause all sorts of problems, so I wouldn't recommend it. (Unless they are expired of course.)
I recently ran into this and it was because I used the shortname for my server instead of the FQDN (Fully Qualified Domain Name) when making my certificates common name. ex. SERVER instead of Server.domain.local
Everything is working properly except for end users receiving the popup message, but after running the following commands and recycling the application pool, all was fixed.
Here is the commands I typed in EWS (SERVER = Certificate Common Name)
Set-ClientAccessServer -Identity SERVER -AutodiscoverServiceInternalUri https://SERVER/autodiscover/autodiscover.xml
---------------
Set-WebServicesVirtualDirectory -Identity "EXGSERVER\EWS (Default Web Site)" -InternalUrl https://SERVER/ews/exchange.asmx
---------------
Set-OABVirtualDirectory -Identity "SERVER\oab (Default Web Site)" -InternalUrl https://SERVER/oab
---------------
Set-UMVirtualDirectory -Identity "SERVER\unifiedmessaging (Default Web Site)" -InternalUrl https://SERVER/unifiedmessaging/service.asmx
-Open IIS Manager.
-Expand the local computer, and then expand Application Pools.
-Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.
Now restart effected computers and the warning should be gone.
Edge Synchronization Creating and Renewing Certificates
Once a year you will need to create new edge certificates and re-establish the synchronization. Here is the steps to do this process (All commands are run in EWS):
Do your test emails to verify connectivity and you are finished.
Setting Email Retention Limits on Exchange 2007 Folders
Some Exchange Administrators overlook setting retention limits on mailboxes. This is very important in businesses without mailbox quotas, because most users will never empty their deleted items. Also, setting the empty deleted items GPO will upset your users.
This step-by-step will show you how to only retain the last X number of days in the deleted items folder.
1.Open Exchange Management Console and Navigate to Organization Configuration -> Mailbox.
2.Select Managed Default Folders Tab and you should see the Deleted Items folder
3.Right Click on Deleted Items folder and Select New Managed Content Settings
4.Name your new policy "X number of days retention policy"
5.Define the retention period in the wizard
6.Click Next and skip the journaling screen
7.Review Summary Screen and click New
8.Click Finish
Once you policy is made you will need to set it for specific users, you can do this manually but I'd recommend just do it in bulk to your OU that the users are under in Active Directory. (Note: If your users are all under the Users folder and not in a OU you made, I'd recommend making one as it will not only help you here, but in many places in the future as well.)
Simply run the following command and you will set the mailbox policy on all the users in your Organizational Unit (OU)
Get-Mailbox -OrganizationalUnit SBSUsers | Set-Mailbox -ManagedFolderMailboxPolicy "Deleted Items"
Now, your policy is in effect and it should be enforced overnight and when you walk in tomorrow, you'll notice all deleted items only go back 90 days.
Finding Exchange Server Version (Service Pack)
There is a couple different methods to finding the version of your exchange server.
File System %Program Files%\Microsoft\Exchange Server\bin folder (different for 2003) and right click store.exe -> Detail Tab -> Version
-------OR--------
Exchange Management Console Go to Server Configuration -> Hub Transport -> Look at Version column (Exchange 2007)
-------OR--------
Exchange Management Shell type get-exchangeserver
Write down the Version number and find it on this list. It will provide you with the proper service pack and date of exchange server.
Microsoft Exchange 2000 Server.................6.0.4417
October 2000
Microsoft Exchange 2000 Server (a)............6.0.4417
January 2001
Microsoft Exchange 2000 Server SP1...........6.0.4712
July 2001
Microsoft Exchange 2000 Server SP2...........6.0.5762
December 2001
Microsoft Exchange 2000 Server SP3...........6.0.6249
August 2002
Microsoft Exchange 2000 Server post-SP3....6.0.6487
September 2003
Microsoft Exchange 2000 Server post-SP3....6.0.6556
April 2004
Microsoft Exchange 2000 Server post-SP3....6.0.6603
August 2004
Microsoft Exchange 2000 Server post-SP3....6.0.6620.5
March 2008
Microsoft Exchange 2000 Server post-SP3....6.0.6620.7
August 2008
Microsoft Exchange Server 2003................6.5.6944
October 2003
Microsoft Exchange Server 2003 SP1..........6.5.7226
May 2004
Microsoft Exchange Server 2003 SP2..........6.5.7638
October 2005
Microsoft Exchange Server 2003 post-SP2...6.5.7653.33
March 2008
Microsoft Exchange Server 2003 post-SP2...6.5.7654.4
August 2008
Microsoft Exchange Server 2007 ...............8.0.685.24 or 8.0.685.25
December 2006
Microsoft Exchange Server 2007 SP1..........8.1.0240.006
November 2007
Microsoft Exchange Server 2007 SP2..........8.2.0176.002
August 2009
Microsoft Exchange Server 2007 SP3..........8.3.0083.006
June 2010
Microsoft Exchange Server 2010................14.00.0639.021
October 2009
Microsoft Exchange Server 2010 SP1..........14.01.0218.015
August 2010
Tarpitting in Exchange 2007 (Tarpit SMTP Receive Connectors)
In Exchange 2003 you needed to set the tarpit for exchange manually, but in Exchange 2007 you don't have to. It defaults to a 5 second tarpit on all receive connectors. Since tarpits reduce spam, it may be a good idea to increase it in Exchange 2007. My personal preference is 10 seconds.
Syntax:
Get-ReceiveConnector | Select Name,TarpitInterval
You can also pipe it to all your connectors at the same time using this command:
Get-ReceiveConnector | Set-ReceiveConnector -tarpitinterval 00:00:10
Allowing Application Server, Copier, or Standard Server to Relay off Exchange 2007
So you want to send anonymous emails using that backup software, do scan to email on your copier, or have that miscellaneous application send emails without authentication on your file server... Its quite easy and secure if setup properly. Many small businesses enable anonymous access on the default SMTP receive connector... DO NOT DO THIS! Its extremely dangerous and you open yourself up to a lot of spam.
To enable the anonymous emails from specific devices, they must be assigned a static IP. Write down all the IPs of the devices, servers, etc... that you want to enable this functionality.
Creating a specific SMTP Receive Connector
- Open Exchange Management Console on Hub Transport Server
- Tree: Server Configuration -> Hub Transport | Select New Receive Connector (on Right Pane)
- Name the Connector (CRM Application, Copy Machines, Internal Anon Email Relay, etc...)
- Leave Local Network Settings at default (all)
- For Remote Network Settings, you will put in your static IP ranges or singles here.
- Finish making connector: Next -> Finish
Now, Edit the new connector to make it a relay
- Right click Connector, Select Properties
- Go to Permission Groups Tab, Select Exchange Servers
- Go to Authentication Tab, Select TLS and External Secured
- Hit Apply, OK and your finished!
Please Note: This assigns the connector with the following privileges
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authoritative-Domain}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Anti-Spam}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Message-Size-Limit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Exch50}
MS Exchange\Externally Secured Servers {ms-Exch-Accept-Headers-Routing}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Submit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Recipient}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authentication-Flag}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Sender}
Windows Server Backup (BackupExec, NTbackup, Acronis True Image, etc…)
I will walk through the various backup solutions out there for businesses. Most of the big names in the backup world are very good at backups, however they must be used properly. If using Windows Server 2003, I'd recommend Acronis True Image for any file systems and NTbackup for the exchange backup or other servers. If using Windows Server 2008, I'd recommend Acronis True Image for any servers, and Acronis® Recovery™ for Microsoft Exchange.
In the times I've had to reference backups, tape drives are generally neglected and fail when the tapes aren't properly cycled out. Many business keep using tapes past a year old and end up not having an up-to-date backup or any old backups. Also, I've seen tapes wear out over long periods of time in storage. I'd highly recommend a SAN or NAS Solution for Local backups. If its in your budget and you have the bandwidth, cloud is obviously the best solution.
You MUST purchase a Exchange Ready backup solution for Microsoft Exchange 2007 SP1 or earlier
Failure to do so will result in an excess of log files that will fill all free space on your server and crash it.
-
Acronis True Image
- Block by block image backup
- Easily browse old backups to grab a couple files, or restore then entire server to that state
- Do not use for Exchange Backup! (It will backup the database, but it will not clear and condense the log files generated by exchange. If left for a long period of time your logs will fill up all free space on your server and crash it.)
- Personal Favorite for any File Server
- Wonderful Tape backup solution (Supports various backup rotations)
- Does a proper Exchange backup with add-in purchase
- Personally, I've always thought the interface is bulky and difficult to use. Also, with all the add-ins you need to purchase this is one of the most expensive solutions on the market.
- Not Recommended unless you are using tapes.
- Built into Windows Server 2003
- Great for Exchange 2003 or earlier
- Restoration process is time consuming and not recommended for File Servers
- Built into Windows Server 2008
- Backup system automatically adjusts and is space efficient when saving to external drives, SAN, and NAS solutions
- Does NOT support tape devices
- Restoration process is time consuming and not recommend for File Servers
- Has NO Exchange Support unless you upgrade past SP2 on the OS and SP2 on Exchange Server 2007.
Symantec BackupExec
NTBackup
Windows Server Backup