Beruflich Dokumente
Kultur Dokumente
•Ensures that the performance requirements of your service level agreements (SLAs) are being met.
•Ensures that specific administrative tasks, such as daily backup operations and checking server health, are
being successfully completed.
•Enables you to detect and address issues, such as bottlenecks in the server performance or need for
additional resources, in your Exchange organization before they affect productivity.
The following daily maintenance tasks let you establish criteria for what is normal for your organization and to
detect any abnormal activity. It is important to implement these daily maintenance tasks so that you can
capture and maintain data about your Exchange organization, such as usage levels, possible performance
bottlenecks, and administrative changes. The following tasks are discussed in detail this topic:
•Physical security measures Physical security protection such as locks, doors, and restricted-access rooms
must be secured. Check for any unauthorized and forced entries and signs of equipment damage.
•Temperature and humidity High temperature and humidity can cause hardware components to overheat.
Check temperature and humidity to ensure the environmental systems such as heating and air conditioning
can maintain acceptable conditions and function within the hardware manufacturer's specifications.
•Devices and components Your Exchange organization relies on a functioning physical network and related
hardware. Check to ensure that routers, switches, hubs, physical cables, and connectors are operational.
Top of page
Event Viewer maintains logs about application, security, and system events on your computer. Both Exchange
Server and Windows report warnings and error conditions to the event logs. Therefore, make sure that you
review event logs daily. For more information about Event Viewer, see the Windows Server 2003 Help
documentation. You can also use Event Viewer as a troubleshooting tool. For more information about using
Event Viewer as a troubleshooting tool, see Microsoft Knowledge Base article 302542, "How to Diagnose
System Problems with Event Viewer in Windows Server 2000" (http://go.microsoft.com/fwlink/?
linkid=3052&kbid=302542).
A computer that is running a Windows Server 2003 operating system records events in three types of logs:
•Application logs The Application log contains events logged by applications or programs. Developers
determine which events to log. For example, a database program might record a file error in the Application
log. Most Exchange Server-related events are in the Application log.
•Security logs The Security log records events such as valid and invalid logon attempts, as well as events
related to resource use such as creating, opening, or deleting files or other objects. For example, if logon
auditing is enabled, attempts to log on to the system are recorded in the Security log.
•System logs The System log contains events logged by Windows system components. For example, the
failure of a driver or other system component to load during startup is recorded in the System log. The event
types logged by system components are predetermined by the server.
Exchange Server 2003 diagnostic logging records significant events related to authentication, connections, and
user actions. After you enable diagnostic logging, you can view the log entries in Event Viewer.
Note :
Using the maximum logging settings is not recommended unless you are instructed to do this by Microsoft
Product Support Services. Maximum logging drains significant resources and can give many "false positives,"
that is, errors that get logged only at maximum logging but are really expected and are not a cause for
concern. It is also recommended that you do not keep diagnostic logging on permanently. It should be used
only when troubleshooting.
Within each Event Viewer log, Exchange Server records informational, warning, and error events. Monitor these
logs closely to track the types of transactions being conducted on your Exchange servers. You should
periodically archive the logs or use automatic rollover to avoid running out of space. Because log files can
occupy a finite amount of space, increase the log size (for example, to 50 MB) and set it to overwrite, so that
Exchange Server can continue to write new events.
You can also automate event log administration by using tools and technologies such as the Event Comb,
Eventtriggers, and Microsoft Operations Manager (MOM).
•The Event Comb tool lets you gathers specific events from the event logs of several computers to one central
location. It also lets you report on only the event IDs or event sources you specify. For more information
about Event Comb, see the Account Lockout and Management Tools Web site (http://go.microsoft.com/
fwlink/?linkid=35607).
•You can also use command-line tools to create and query event logs and associate programs with particular
logged events. Eventtriggers.exe lets you create event triggers that will run programs when specific events
occur. For more information about Eventtriggers, see the Windows Server 2003 documentation.
•You can use Microsoft Operations Manager to monitor the health and use of Exchange servers. Exchange
Server 2003 Management Pack extends Microsoft Operations Manager by providing specialized monitoring for
servers that are running Exchange Server 2003. This management pack includes a definition of health for an
Exchange 2003 server and will raise an alert message to the administrator if it detects a state that requires
intervention. For more information about Exchange 2003 Management Pack, see the Microsoft Operations
Manager Web site (http://go,microsoft.com/fwlink/?linkid=16198).
The following section gives you information about the types of events to monitor.
Normal Events
Reviewing event logs daily will help you establish a baseline for typical events for your system. Examine your
event logs for the following application log events (Table 1) on your Exchange servers.
•839862, "How to troubleshoot the RPC Cancel Request dialog box in Outlook 2003 or in
Outlook 2002," (http://go.microsoft.com/fwlink/?linkid=3052&kbid=839862).
9551 This Warning event indicates the presence of “zombie users” in Access Control Lists (ACLs) of
mailboxes or public folders. "Zombie" users are unused access control entries (ACEs).
Multiple occurrences of this event will cause performance issues on the Exchange Server
computer. This can be logged on both mailbox and public folder servers. For more
information, see Microsoft Knowledge Base article 839862, "How to troubleshoot the RPC
Cancel Request dialog box in Outlook 2003 or in Outlook 2002," (http://go.microsoft.com/
fwlink/?linkid=3052&kbid=839862).
9552 This Error event indicates problems with conversion of distribution groups that are listed in
ACLs of public folders or mailboxes to security groups. Multiple occurrences of this event will
cause performance issues on the Exchange Server computer. This can be logged on both
mailbox and public folder servers. For more information, see Microsoft Knowledge Base article
274046, "You Cannot Add a Distribution Group to Permissions of a Public Folder in
Exchange 2000," (http://go.microsoft.com/fwlink/?linkid=3052&kbid=274046).
MSExchangeIS The Microsoft Exchange Information Store service handles Exchange databases and is
part of the mail delivery process.
MSExchangeSA This component records an entry when Exchange Server uses Active Directory to store
and share directory information.
MSExchangeTransport Event ID 4000 indicates that a connection has failed because of a non-protocol error.
Connection failures can include DNS and server issues.
ESE This is the database engine that the Microsoft Exchange Information Store service
uses. Errors or warnings that are logged by this component must be investigated
immediately.
MSADC MSADC runs only on Exchange servers that are also running Active Directory
Connector (ADC). Warnings or errors logged with this source could indicate problems
with ADC replication. These events typically include the name of the connection
agreement that is having problems replicating.
MSExchangeDSAccess DSAccess is a component that Exchange uses when talking to Active Directory. Errors
or warnings logged by this component typically indicate issues connecting to the
domain controller or global catalog server and should be investigated because
message flow or even startup of Exchange services could be affected.
MSExchangeMU The metabase update service is a component that updates the IIS metabase with
information in Active Directory. Errors or warnings in this component could mean that
there is a problem either with the IIS metabase or with accessing objects in Active
Directory.
USERENV While this is not an Exchange-logged event, you should watch for it. If there are
problems applying the computer policy to the Exchange Server computer, this event is
logged. Typically, this is logged as an Error event and it should be investigated
because not having a domain policy will be a problem for the Exchange Server
computer.
Table 4 shows the Windows-related issues that you must monitor in the event source.
Top of page
Performing Backups
Performing backups of your servers is your first line of defense in planning for a disaster. You must have a well
planned and well rehearsed disaster recovery plan for your Exchange organization. Your disaster recovery plan
should include backing up your Exchange data and Active Directory data daily. You must back up all critical
data from many sources, including server configuration, the Active Directory database, and the Microsoft
Exchange Information Store service. You should also back up all logged event and performance data. Make
sure that you back up records such as Active Directory data, application software, Exchange Server 2003
message tracking log files, and databases and log files. For more information about disaster recovery planning,
see the Exchange Server 2003 Disaster Recovery Operations Guide (http://go.microsoft.com/fwlink/?
LinkId=30250).
You can use the NTBackup tool (included with Windows Server 2003) to back up Windows Server 2003 and
Exchange Server 2003 data. You can also use a third-party backup tool that supports Exchange Server 2003.
The NTBackup tool helps you back up Exchange Server 2003 databases, directories, selected files, and System
State data, which includes Windows Server 2003 operating system registry information.
The recommended minimum backup strategy is a daily "online" backup. For your daily backup strategy,
depending on the size, speed of backup software, hardware capacity, and time requirements, you can choose
between full backup, incremental backup, or differential backup of your Exchange data. These options are
discussed in more detail in this section. For more information about these backup strategies as well as disaster
recovery operations, see the Exchange Server 2003 Disaster Recovery Operations Guide (http://go.microsoft.
com/fwlink/?LinkId=30250).
NTBackup
NTBackup is the native Windows backup tool that enables you to back up files to tape and restore files from
tape. If Exchange Server or System Manager is installed on the server, the registry is modified on each
Exchange server to extend the capabilities of the tool. As soon as it is extended, the tool can be used to back
up Exchange data either locally or across the wire.
For more information about NTBackup, see the Windows Server 2003 documentation. For more information
about how to perform an online backup using NTBackup, see Microsoft Knowledge base article 258243, "How to
Back Up and Restore an Exchange Computer by Using the Windows Backup Program," (http://go.microsoft.
com/fwlink/?linkid=3052&kbid=258243).
Full Backup
A full backup is also known as a normal backup. You should perform a full backup of your database files and
transaction logs every day. After completion of a full backup of a storage group, the committed transaction log
files on the Exchange databases are purged (deleted) from the server. Doing a full backup gives you the
advantage of speed in a recovery scenario, because you need only one tape set to restore all data.
Incremental Backup
Depending on your organization's requirements, you may choose to do a full backup periodically and perform
incremental backups more frequently, possibly daily. An incremental backup captures only that data that has
changed since the last full or incremental backup by backing up the transaction log files (not database files).
After the incremental backup is completed, the committed logs files are purged. This kind of backup is not
enabled if you have configured a storage group to use circular logging.
You can choose this backup strategy if you have large databases that have a lot of daily activity. Know that
when recovering from an incremental backup, you will need the tape sets from your last full backup and all the
subsequent incremental backups. The extra time needed to manage the additional tape sets should be factored
in to your SLA.
Differential Backup
Depending on the needs of your organization, you may choose to do a full backup periodically and perform a
differential backup more frequently, possibly daily. Differential backups capture data that has changed since
the last full backup. A differential backup copies all log files (not database files) when it is run. After the
differential backup is complete, no log files are purged. This means that the number of files backed up each
day will continue to increase until a full backup is performed (which purges the log files). This kind of backup is
not enabled if you have configured a storage group to use circular logging.
The advantage of a differential backup is that you need only one tape set for recovery of all log files after the
last full backup is restored from the tape.
Top of page
•Windows Explorer Use Windows Explorer to check for disk space on volumes that store Exchange logs and
databases. You should monitor the disk space regularly to ensure that the Microsoft Exchange Information
Store service will not be negatively affected because of insufficient storage resources. Comparing and
maintaining statistical information about available disk space on each Exchange volume and expected growth
of the databases and transaction log files, will help you with capacity planning and adding storage when the
storage resources are required. To accommodate troubleshooting and disaster recovery situations, it is
recommended that available free volume space be equal or greater than 110% of the size of database.
•Running a script Monitor disk space by running a script that will send you an alert message if the hard disk
space falls below 100 MB. You can find a sample script on the TechNet Script Center Web site (http://go.
microsoft.com/fwlink/?linkid=33284).
•Implementing alerts Implement alert messages in Exchange Server and in the Performance Monitor to
"alert the administrator" when volume space is constrained. For more information, see "Monitoring Server
Performance" in this topic.
•Alert users to close their mailboxes before a planned maintenance of your Exchange system.
•Monitor the size of users' mailboxes to identify which users are using the most storage resources.
•Gather information about the current state of the full-text indexing for mailbox and public folder stores (if
indexing is used).
In standard Exchange transaction logging, each store transaction (such as creating or modifying a message) is
written to a log file and then to the Exchange store. The logging process ensures that records of transactions
exist if a store is damaged between backups. In many cases, recovering a damaged store means restoring the
store from a backup, replaying any backed up log files, and then replaying the most recent log files to recover
transactions that were made after the last backup.
If a disaster occurs, and you must rebuild a server, use the latest transaction log files to recover your
databases. If you have access to the latest backup and the transaction log files since the backup, you can
recover all your data. For more information about how transaction logs function, see "Understanding
Exchange 2003 Database Technology" in the Exchange Server 2003 Disaster Recovery Operations Guide
(http://go.microsoft.com/fwlink/?LinkId=30250). By default, Exchange stores transaction log files in the
following folder: %windir%:\Program Files\Exchsrvr\MDBDATA. This folder is in the same partition where you
installed Exchange Server 2003.
Top of page
You can set notifications in Monitoring and Status to alert administrators when connectors or services fail or
when defined resource thresholds are reached (for example, when the free disk space on a particular disk
reaches a specific capacity). To access the Monitoring and Status feature in Exchange System Manager, expand
Tools in the console tree. For procedural information about how to use Monitoring and Status, see
Exchange Server 2003 Help.
Setting Notifications
You can set notifications to alert an administrator of many potential problems. You can set e-mail notifications
or you can use a script to respond to server or connector problems. You can send notifications only in the
following circumstances:
thresholds are met or exceeded, a warning is displayed on both the Monitoring tab of a server's Properties
and on the Status node under Monitoring and Status.
You can use Exchange System Manager to direct Exchange to send an e-mail message or start a script when
the server resources that you are monitoring perform outside defined thresholds. These messages or scripts
that notify you when something is wrong are referred to as notifications.
Table 6 shows these additional resources and provides guidelines for setting their respective thresholds. These
resources are discussed in detail in this section.
You can also use the Windows Server 2003 System Monitor for establishing a baseline of performance and for
troubleshooting performance issues. You can also review event logs to monitor server resources.
Virtual Memory
Virtual memory stores data. Problems can occur if there is insufficient virtual memory. You can set the virtual
memory threshold in minutes that the virtual memory can stay under the specified limit before an alert status
is displayed. You can specify the Warning state to indicate the smallest percentage of virtual memory on which
your server can operate before a warning is displayed. If you have both warning and critical state limits
specified, the critical limit must be a smaller percentage (less virtual memory available) than the amount
specified for the warning state.
For more information about fragmented virtual memory issues, see Microsoft Knowledge Base article 325044,"
HOW TO: Troubleshoot Virtual Memory Fragmentation in Exchange 2003 and Exchange 2000," http://go.
microsoft.com/fwlink/?linkid=3052&kbid=325044.
CPU Utilization
CPU utilization provides information about how busy your CPUs processors are. You can monitor the percent of
your server's CPU utilization. When your server's CPU utilization is too high, Exchange Server 2003 may stop
responding.
Note :
During some server events, CPU utilization may increase to high levels for a period of time. When the server
event is complete, CPU utilization returns to normal levels. Ensure that the duration that you specify is more
than the number of minutes that such system events normally run.
You can specify the number of minutes that the CPU utilization threshold must exceed before an alert status of
warning or critical is displayed. You can set the warning state limit to specify the maximum percent of CPU
utilization that can occur before a warning is displayed. You can also set a critical state limit to indicate the
maximum percent of CPU utilization that can occur before a critical state alert is displayed. A critical limit value
must be a larger percentage than a warning limit value.
Top of page
servers and components in Exchange Server, such as Microsoft Exchange Information Store service, you can
use System Monitor, a Windows Server 2003 component. The Performance console, which is made up of the
System Monitor and Performance Logs and Alerts snap-ins, is the primary toolset used to analyze and maintain
Exchange and operating system performance levels. The Performance console is quite flexible and can be used
to gather data interactively from a single server or automated to gather data from many servers.
Exchange server performance is affected by many factors such as user profiles, system architecture, software,
and hardware components. Make sure that Windows is functioning correctly because if it is not, your Exchange
performance will be affected.
Monitoring server performance ensures that your servers are functioning correctly and helps you identify
bottlenecks in the system. You can use the performance monitoring data to identify problems and apply
corrective action. You can also use the monitoring data to enhance the performance of your servers by
identifying areas that need additional resources. For example, you may need to increase your storage capacity
to handle the growing number of users in your organization. For more information about enhancing the
performance and scalability of your organization, see the Exchange Server 2003 Performance and Scalability
Guide (http://go.microsoft.com/fwlink/?LinkId=28660).
The Windows Performance console is composed of System Monitor and Performance Logs and Alerts. You can
also use Task Manager to obtain information about the processes and programs that are running on your local
computer.
There are important differences between Task Manager and the Performance console, such as the Performance
console captures data to a file whereas the Task Manager can end a process. Task Manager is primarily a
troubleshooting aid, and the Performance console is used for more detailed troubleshooting and analysis.
System Monitor
Using the System Monitor tool, you can define, collect, and view extensive data about the usage of hardware
resources and the activity of system services on computers that you administer. System Monitor lets you
monitor a single computer or several computers simultaneously. This flexibility can be helpful when you want
to locate a problem in your system. You can specify the type of data you want to monitor, the source of the
data, and establish sampling parameters, such as manual or automatic, within a time interval on real-time
data. You can even change the appearance of your System Monitor to use graph, histogram, or report views.
An alert is a system-generated event that is triggered when counters that you are tracking perform outside
predefined thresholds. You use Performance Logs and Alerts to configure alerts. For example, you can
configure an alert to notify you when the MSExchangeIS Mailbox object’s Send Queue Size counter exceeds 25
messages.
Note :
The alert functionality depends on the Windows 2003 Messenger Service, the Windows 2003 Alerter Service,
and the existence of the recipient account registration in the Windows Internet Name Service (WINS). The
Messenger and Alerter services are disabled by default and must be enabled and started to allow network
messages to be transmitted.
For more information about creating and configuring alerts in Windows Server 2003, see Microsoft Knowledge
Base article 324752, "How to Create and Configure Performance Monitor Alerts in Windows
Server 2003," (http://go.microsoft.com/fwlink/?linkid=3052&kbid=324752).
Task Manager
Task Manager (Taskmgr.exe) is a Windows Server 2003 tool that provides information about the processes and
programs that are running on your local computer. You can use Task Manager to monitor key indicators of your
computer's performance. You can see the status of the programs that are running and end programs that have
stopped responding. You can also assess the activity of running processes using up to 15 parameters, and see
graphs and data on CPU and memory usage. Additionally, you can view the network status and see how your
network adapter is functioning. If you have more than one user logged on to your computer, you can see who
is connected, what they are working on, and you can send them a message.
Top of page
By default, message tracking is turned off. Besides verifying that the Exchange Management Service is started,
you can enable message tracking by:
•Creating a system policy to enable message tracking and applying the policy to the servers for which you
want to track messages.
•Editing the properties of each server for which you want to track messages.
Message Tracking Center lets you reference the message tracking logs stored on each server and view the
history of sent messages. If the message does not appear in a tracking log, check the Queue Viewer to see if
the message is waiting in a queue for an available connection or for routing information before it can be
delivered. For more information about the Message Tracking Center and Queue Viewer, see the Exchange
Server 2003 Administration Guide (http://go.microsoft.com/fwlink/?LinkId=21769).
Exchange environment. You can also send test messages between recipients in the organization and to
outgoing recipients. Sending test messages is a practical way to check for correct SMTP transport functionality.
To search for a specific system message in Message Tracking Center, search for the Message ID. If you do not
know the Message ID, you can find system messages manually by reviewing the message tracking logs.
Exchange automatically creates these logs if you have message tracking enabled on a server. To search for
other types of messages, you can search by sender, recipient, or server.
Before you enable messages to appear in Message Tracking Center, you must enable subject logging on the
Exchange server. However, enabling subjectlogging causes the subject lines of messages in SMTP and MAPI
queues to be displayed in the Subject column of Queue Viewer. By default, the Subject column is left empty to
preserve confidentiality. For example, some Exchange organizations prefer to keep low-level administrators
from viewing message subjects. Therefore, verify your organization's policy about revealing subject line
information before you enable subject logging.
When you enable message tracking on an individual server, messages routed through the server are added to
the message tracking logs. These logs are text files that you can review to monitor and troubleshoot message
flow. The Exchange System Attendant service on each server maintains these log files.
To access Queue Viewer, in Exchange System Manager, expand the server you want, and then click Queues.
Expanding Queues reveals one or more system queues, which are default queues specific to the protocol
transporting the messages (SMTP, X.400, or MAPI). The system queues are always visible. The link queues are
also visible in the Queues container. These queues are visible only if the SMTP virtual server, X.400 object, or
connector is currently holding or sending messages to another server. Link queues contain all outgoing
messages queued on each connector.
Settings
The Settings option lets you determine the frequency at which all the queues are refreshed, with the default
rate being every two minutes. You can set the refresh rate to one minute, five minutes, 10 minutes, or Never
refresh. If you are investigating an issue with message delivery, you may consider reducing the frequency to
one minute to see the changes in the queues sooner.
Finding messages
You can use the Finding messages option to search for messages by specifying search criteria (such as the
sender or recipient) or the message state (such as frozen). You can also specify the number of messages that
you want your search to return.
Queue States
You can check the state of all queues by looking at the State column. Queues in the Ready state and queues
that are delivering messages correctly usually have few messages queued for transfer. If a queue is continually
retrying to send a message, it may indicate that the destination is not available. It is important to monitor
queue growth. If you find messages queued for extended periods and the queue is in Retry state, it may mean
that one or more basic routing functions is failing in your Exchange organization.
If you want to prevent outgoing mail from a particular remote queue, instead of disabling all SMTP queues, you
can freeze the messages in that particular queue. For example, if it appears that a 5-MB message is holding up
the transfer of many messages, temporarily freeze the 5-MB message to allow other messages to transfer out.
When the queue is emptier, unfreeze the 5-MB message.
Note :
To find the messages that may be causing problems in message delivery, you must enumerate messages in the
queue by using the Find Messages feature. Table 7 lists the types of queue states.
Top of page
These online maintenance tasks include, but are not limited to:
•Checking Active Directory to determine whether there are any deleted mailboxes.
•Permanently removing any messages or mailboxes that are older than the configured retention policy.
•Performing online defragmentation of the data in the database.
Online maintenance performs an Active Directory lookup for each user who has a mailbox on the store that
runs maintenance, in the database. These searches are used to keep the mailbox store synchronized with
Active Directory changes (specifically, look for deleted mailboxes). The effect that online maintenance has on
Active Directory is proportional to the number of users in each server database. If you have many users or
have global data centers that serve customers in different times zones, you may want to consider staggering
the online maintenance.
Online maintenance also permanently removes any messages or mailboxes that are older than the retention
policy (Mailbox Manager), and performs online defragmentation of data in the database. These tasks are disk-
intensive and affect the server where the online maintenance is being run. Your server may seem to be slow if
many databases are set to perform online maintenance at the same time. In corporate scenarios, you may
want to do online maintenance during non-business hours when the server can better handle the additional
load. In a global data center, consider staggering the database schedule (with regard to each other on a single
server to spread disk-intensive tasks over a greater period of time.
Exchange database online defragmentation refers to rearranging mailbox store and public folder store data to
fill database pages more efficiently and optimize how objects are stored to try to reduce disk I/O. The
defragmentation process provides more database space without actually changing the file size of the database.
You must ensure that neither your index maintenance, nor your online backups conflict with your scheduled
"maintenance interval" for any databases in the same storage group. If there is a conflict, backup will stop the
online defragmenting part of the scheduled maintenance and the database may not be able to finish
defragmenting.
You can plan the correct online maintenance strategy for your organization by examining the user profile (such
as times of low and high activity); knowing how many users, databases, and servers are in the site; and
coordinating this information with the online backup strategy.
Top of page
•Network Monitor
•Windows Management Instrumentation (WMI)
•Simple Network Management Protocol (SNMP)
You can also use third-party monitoring tools or Microsoft Operations Manager (MOM) to monitor your
Exchange system. For more information about MOM 2005, see the MOM 2005 Product Documentation Web site
(http://go.microsoft.com/fwlink/?linkid=35627).
Network Monitor
Network Monitor, a Window Server 2003 tool, is used to collect, display, and analyze resource usage on a
server and measure network traffic. Network Monitor exclusively monitors network activity. By capturing and
analyzing network data and using this data with performance logs, you can determine your network usage,
identify network problems, and forecast your network needs for the future.
Exchange Server 2003 provides many WMI classes that you can use to monitor and analyze Exchange servers,
track messages, and check mail flow status. The Exchange Server 2003 SDK contains complete information
about the Exchange WMI providers, including many sample scripts to help you get started. You can download
or view the Exchange 2003 SDK from the Microsoft Exchange Server Downloads page on MSDN® (http://go.
microsoft.com/fwlink/?LinkId=29301).
Top of page
Table 8 lists the Exchange services dependencies that are required in any environment.
•NNTP
•SMTP
•World Wide Web Publishing Service
•IIS Admin Service
Exchange Server 2003 Setup disables the following services by default; however,
the current state is preserved during reinstalls or upgrades:
•NNTP
•Microsoft Exchange IMAP4
•Microsoft Exchange POP3
Administration To administer Exchange Server 2003, the following services are required:
Earlier version compatibility To provide compatibility with earlier versions of Exchange Server, the following
services are required:
•Microsoft Search
•World Wide Web Publishing Service
Windows Services
You should verify that Windows services such as World Wide Web and SMTP are started. Because Exchange
Server also relies on Windows services, if the services are not configured correctly, Exchange Server will not
work efficiently. You should also monitor the following services:
management console to verify the address records for your domain controllers and global catalog servers, and
the mail exchanger (MX) resource record for your Exchange server.
Active Directory
Exchange Server relies on Active Directory for correct functionality. Among other things, Active Directory
contains information about objects (such as users, contacts, groups, and configuration) on the network and
makes this information available for authorized administrators and users. Exchange Server uses Directory
Access (DSAccess) to discover the Active Directory topology, detect domain controllers and global catalog
servers, and maintain a list of valid directory servers that are usable by the Exchange Server components. You
should monitor Active Directory servers to identify trends before actual issues, such as the delay in
authentication of client computers, occur.
You can use Active Directory Sites and Services to verify replication by helping you identify any Active
Directory replication issues that may cause performance issues for Exchange Server. For more information
about monitoring Active Directory performance, see the Windows Server 2003 documentation.
Top of page
Before you perform any cluster administration tasks, familiarize yourself with the clustering concepts described
in "Checklist: Preparation for installing a cluster" (http://go.microsoft.com/fwlink/?LinkId=16302) in the
Microsoft Windows Server™ 2003 Enterprise Edition Online Help and in the Windows Server 2003 Technical
Reference (http://go.microsoft.com/fwlink/?LinkID=27137).
Also, make sure that you are familiar with "Using Server Clustering" in Chapter 5, "Planning for High
Availability" in Planning an Exchange Server 2003 Messaging System (http://go.microsoft.com/fwlink/?
LinkId=21766) and with Chapter 7, "Deploying Exchange 2003 in a Cluster," in the Exchange Server 2003
Deployment Guide (http://go.microsoft.com/fwlink/?LinkId=21768)
You can monitor your Exchange clusters daily by using Cluster Administrator. Cluster Administrator is used for
configuration tasks, management tasks, and to monitor failovers on your Exchange clusters.
You can also use Cluster Administrator to remotely administer a server cluster. Computers that are used to
administer a server cluster remotely must be secure and restricted to trusted personnel. For more information
about Cluster Administrator, see "Best practices for securing server clusters" in the Windows Server 2003
Enterprise Edition Online Help (http://go.microsoft.com/fwlink/?LinkId=18173).
Active/passive clusters are the recommended configuration for Exchange 2003 clusters. You can monitor active/
passive clusters just as you would stand-alone server deployments. Exchange 2003 also supports active/active
clusters with at most two nodes. However, active/active clusters are not a recommended configuration for
Exchange 2003 clusters. If you have an active/active cluster, use a monitoring application such as System
Monitor to monitor the cluster. For more information about deploying Exchange Sever 2003 in a cluster, see
Chapter 7, "Deploying Exchange 2003 in a Cluster," in the Exchange Server 2003 Deployment Guide (http://go.
microsoft.com/fwlink/?LinkId=21768)
Severity: Warning
Category: Performance
The virtual memory that is required to run your Exchange server is fragmented in such a way
that performance may be affected. It is highly recommended that you restart all Exchange
services to correct this issue.
Severity: Error
Category: Performance
The virtual memory that is required to run your Exchange server is fragmented in such a way
that normal operation may begin to fail. It is highly recommended that you restart all
Exchange services to correct this issue.
Top of page
Microsoft supplies two tools to help you stay current with Microsoft Windows® service packs, hotfixes, and
updates: Microsoft Network Security Hotfix Checker (Hfnetchk) and Microsoft Baseline Security Analyzer
(MBSA). Hfnetchk is a tool that lists which updates have been applied to a computer; MBSA identifies common
security misconfigurations. Hfnetchk is available through the command line interface of the MBSA. You can
download these tools from the Microsoft Baseline Security Analyzer Web site (http://go.microsoft.com/fwlink/?
linkid=17809). You can also use third-party tools for updates management.
You can keep current with updates available for your organization by subscribing to Microsoft Security
Bulletins. To be notified of any new updates, you can subscribe for automatic notifications to the Microsoft
Security Bulletins (http://go.microsoft.com/fwlink/?LinkId=12322). Make sure that you test the updates in a
lab environment before you deploy them.
For more information about Windows Server 2003 updates management processes, see the Windows
Server 2003 Security Guide (http://go.microsoft.com/fwlink/?linkid=16717).
Antivirus Measures
E-mail viruses can slow server performance by introducing excess network traffic and they can attack individual
computer systems or your entire e-mail environment. You must ensure that you have sufficient protection
against viruses in your Exchange Server 2003 environment. At a minimum, you must deploy antivirus software
designed for messaging systems at either the Simple Mail Transfer Protocol (SMTP) gateway or on the
Exchange servers that host mailboxes. You should also run antivirus software on the client computers. If you
are running antivirus software designed for messaging systems (meaning that it can parse and scan MIME) at
the gateway or on the Exchange server, running a file-level scanner on client computers is usually sufficient.
However, you must assess if running a file-level scanner is sufficient for your organization.
Regardless of your virus scanning solution, you must ensure that the following is done:
•Implement a daily method to update antivirus signature files on all computers in the organization manually or
set up automatic updates. You should monitor the automation to ensure that automatic updates are
successful.
•Create an action plan that explains what to do when a virus is detected. For example, you can isolate the
infected computer and disinfect it, educate users about steps to take when their computers become infected,
and update software with any required updates to prevent additional vulnerability.
•Ensure that your solution can scan message attachments for viruses. New viruses and worms that can do
extensive damage by causing heavy network traffic can spread through e-mail messages. Additionally, when
new viruses that propagate through e-mail attachments appear, educate users about the correct steps to take
when this occurs.
•Quarantine files that you suspect are infected. Then, check files to see if they are critical and necessary
components. If they are necessary and if the files cannot be disinfected, you must replace the files from a
backup or other source.
•Check the quarantine and empty unnecessary content. Files put in quarantine that can be safely deleted
should be deleted. The quarantine is a depository for administrative inspection and should not be overloaded
with files. Also, clean files should not be in quarantine.
•For added security and protection, you can set up filtering rules to filter messages.
Anti-Spam Measures
Unsolicited commercial e-mail (spam) is a major problem for many organizations. Spam is costly in a number
of ways, from lost user time in sorting and deleting it to wasted bandwidth and storage space. There are
several ways to combat spam, as follows:
Using Spam-Protection Features in Outlook 2003 and Outlook Web Access 2003
Both Outlook 2003 and Outlook Web Access 2003 include features, such as user-maintained block lists and
safe lists, junk e-mail filter, and external content blocking,which can help protect your users against spam.
users only check box in Message restrictions settings for an individual user or a distribution group.
When Exchange Server 2003 expands a distribution group that can only receive mail from authenticated users
or can only receive mail from distribution groups that have the msExchRequireAuthToSendTo attribute set to
true, the Exchange message categorizer does not permit unauthenticated mail that is sent by using SMTP to be
sent to the distribution group. Mail to restricted distribution groups is accepted only if the messages are
submitted by using the store driver, the messages are authenticated by using SMTP, or if the Resolve
anonymous e-mail option is turned on in the SMTP virtual server.
For more information about restricted distribution groups in Exchange Server 2003, see Microsoft Knowledge
Base article 827616, "How to restrict the users who can send inbound Internet e-mail to another user or to a
distribution group in Exchange 2003," (http://go.microsoft.com/fwlink/?linkid=3052&kbid=827616). To learn
more about the groups that are used by Exchange Server 2003 for mail distribution and access control lists
(ACLs), see Microsoft Knowledge Base article 839949, "Troubleshooting mail transport and distribution groups
in Exchange 2000 Server and in Exchange Server 2003," (http://go.microsoft.com/fwlink/?
linkid=3052&kbid=839949).
•Sender filtering By default, SMTP connections that are created by senders on this list are dropped. Use this
feature to block e-mail messages from a list of senders
•Recipient filtering Lets you set global restrictions on mail to specific recipients. Use this feature to block e-
mail messages to a list of internal recipients.
•Connection filtering Filters incoming messages by comparing their IP address against a block list provided
by externally-based services that list known sources of unsolicited e-mail sources, dial-up user account lists,
and servers. You can also enter your own set of accepted or restricted IP addresses at a global level.
For more information about how filters are applied, see the guide What's New in Exchange Server 2003 (http://
go.microsoft.com/fwlink/?LinkId=21765).
Note :
Exchange Intelligent Message Filter can be installed only on a server that is running Exchange Server 2003
Standard Edition or Exchange Server 2003 Enterprise Edition. When an external user sends e-mail messages
through a server that is running Exchange Server 2003 and that has Exchange Intelligent Message Filter
installed, the filter evaluates the content of the messages for recognizable patterns and assigns the message a
rating based on the probability that the message is unsolicited commercial e-mail or spam. This rating is stored
with the message as a message property referred to as a spam confidence level (SCL). This rating persists with
the message when the message is sent to other servers that are running Exchange Server and even other user
inboxes.
Note :
The spam confidence level rating is used only by Outlook 2003 or later versions and Exchange Server 2003.
For more information about Intelligent Message Filter, see the Exchange Intelligent Message Filter Overview
(http://go.microsoft.com/fwlink/?linkid=35656).
Before you install Intelligent Message Filter, read the Microsoft Exchange Intelligent Message Filter Deployment
Guide (http://go.microsoft.com/fwlink/?LinkId=27922). If you do not configure Intelligent Message Filter
correctly, your messaging environment can be negatively affected.
You can also obtain more information about uninstalling Intelligent Message Filter, known issues, and answers
to frequently asked questions in Microsoft Knowledge Base article 867633, "Intelligent Message Filter Release
Notes," (http://go.microsoft.com/fwlink/?linkid=3052&kbid=867633).
Top of page