Moc 2011A - Troubleshooting Ms Exchange Server 2003

Workshop: 2011A

Released: 12/2003

Workbook

Troubleshooting Microsoft® Exchange Server 2003

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Workshop: 2011A Part Number: X10-27595 Released: 12/2003

END-USER LICENSE AGREEMENT FOR MICROSOFT OFFICIAL CURRICULUM (“MOC”) COURSEWARE –TRAINER EDITION

PLEASE READ THIS END-USER LICENSE AGREEMENT (“EULA”) CAREFULLY. BY USING THE CONTENT AND/OR USING OR INSTALLING THE SOFTWARE THAT ACCOMPANIES THIS EULA (COLLECTIVELY, THE “LICENSED CONTENT”), YOU AGREE TO THE TERMS OF THIS EULA. IF YOU DO NOT AGREE, DO NOT USE THE LICENSED CONTENT.

1. GENERAL. This EULA is a legal agreement between you (either an individual or a single entity) and Microsoft Corporation (“Microsoft”). This EULA governs the Licensed Content, which include computer software (including online and electronic documentation), training materials, and any other associated media and printed materials. This EULA applies to updates, supplements, add-on components, and Internet-based services components of the Licensed Content that Microsoft may provide or make available to you unless Microsoft provides other terms with the update, supplement, add-on component, or Internet-based services component. Microsoft reserves the right to discontinue any Internet-based services provided to you or made available to you through the use of the Licensed Content. This EULA also governs any product support services relating to the Licensed Content except as may be included in another agreement between you and Microsoft. An amendment or addendum to this EULA may accompany the Licensed Content. The Licensed Content is comprised of, but not limited to, the following: software components, which may be specific to the trainer (the “Trainer Software”), the student software component (“Student Software”), and a manual, which includes documents (such as student workbooks, white papers, press releases, datasheets and FAQs) (the “Documents”).

2. GENERAL GRANT OF LICENSE. Microsoft grants you the following rights, conditioned on your compliance with all the terms and conditions of this EULA. Microsoft grants you a limited, non-exclusive, royalty-free license to install and use the Licensed Content solely for the purpose of providing an Authorized Training Session (as defined below). For the term of any Authorized Training Session, you may: (a) install individual copies of the Student Software on classroom devices provided that the number of copies in use does not exceed the number of duly enrolled students for any given Authorized Training Session; OR (b) you may install one copy of the Student Software and, if applicable, the virtual hard drives on a network server, provided that the number of devices accessing the Student Software and the virtual hard drives on the server does not exceed the number of students for any given Authorized Training Session. In addition, solely for the purposes of providing the Authorized Training Session, the trainer of the Authorized Training Session may install and use one copy of the Trainer Software, and, if applicable, one copy of the Virtual PC Software (as defined below) on a portable device for the exclusive use of such trainer. An “Authorized Training Session” means a training session authorized by Microsoft and conducted at a Microsoft Certified Technical Education Center, an IT Academy, via a Microsoft Certified Partner, or such other entity or venue as Microsoft may designate from time to time in writing, by a Microsoft Certified Trainer providing training solely on Microsoft official courses (for more information on these entities, please visit www.microsoft.com). WITHOUT LIMITING THE FOREGOING, COPYING OR REPRODUCTION OF THE LICENSED CONTENT TO ANY SERVER OR LOCATION FOR FURTHER REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY PROHIBITED.

3. DESCRIPTION OF OTHER RIGHTS AND LICENSE LIMITATIONS

3.1 Time-sensitive Software. The Licensed Content may contain Virtual PC Software, which is provided as time-sensitive software. The terms of this EULA supercede any other terms you may find in the Licensed Content. With respect to the Virtual PC Software, you may install and use the Virtual PC Software solely for the purpose of providing an Authorized Training Session. For the term of any Authorized Training Session, you may: (a) install individual copies of the Virtual PC Software on classroom devices provided that the number of copies in use does not exceed the number of duly enrolled students for any given Authorized Training Session; OR (b) you may install one copy of the Virtual PC Software on a network server, provided that the number of devices accessing the Virtual PC Software on the server does not exceed the number of students for any given Authorized Training Session. WITHOUT LIMITING THE FOREGOING, COPYING OR REPRODUCTION OF THE VIRTUAL PC SOFTWARE TO ANY SERVER OR LOCATION FOR FURTHER REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY PROHIBITED.

YOUR RIGHT TO USE THE VIRTUAL PC SOFTWARE SHALL BE EFFECTIVE UNTIL August 14, 2004. THE VIRTUAL PC SOFTWARE IS TIME SENSITIVE AND WILL NOT FUNCTION UPON EXPIRATION OF THIS DATE. NOTICE OF EXPIRATION WILL NOT ACTIVELY BE GIVEN, SO YOU NEED TO PLAN FOR THE EXPIRATION DATE AND MAKE A COPY OF AND REMOVE YOUR IMPORTANT DATA BEFORE EXPIRATION. If you desire to use the Virtual PC Software after this Agreement has expired, you will need to acquire a validly licensed copy of the commercial release version of the Virtual PC Software.

3.2 Use of Documentation and Printed Training Content.

3.2.1 The documents and related graphics included in the Licensed Content may include technical inaccuracies or typographical errors. Changes are periodically made to the content. Microsoft may make improvements and/or changes in any of the components of the Licensed Content at any time without notice. The names of companies, products, people, characters and/or data mentioned in the Licensed Content may be fictitious and are in no way intended to represent any real individual, company, product or event, unless otherwise noted.

3.2.2 Microsoft grants you the right to reproduce portions of the Documents provided with the Licensed Content. You may not print any book (either electronic or print version) in its entirety. If you choose to reproduce Documents, you agree that: (a) use of such printed Documents will be solely in conjunction with providing an Authorized Training Session; (b) the Documents will not republished or posted on any network computer or broadcast in any media; (c) any reproduction will include either the Document’s original copyright notice or a copyright notice to Microsoft’s benefit substantially in the format provided below; and (d) to comply with all terms and conditions of this EULA. In addition, no modifications may be made to any Document, except that trainers of an Authorized Training Session may modify the Instructor Notes and Blended Delivery Guide included in the Trainer’s Edition.

Form of Notice:

© 2003. Reprinted with permission by Microsoft Corporation. All rights reserved.

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the US and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners.

3.3 Use of Media Elements. The Licensed Content may include certain photographs, clip art, animations, sounds, music, and video clips (together "Media Elements"). You may not modify these Media Elements.

3.4 Use of PowerPoint Slide Deck Templates. The License Content may include Microsoft PowerPoint slide decks. You may use, copy and modify the PowerPoint slide decks solely in conjunction with providing an Authorized Training Session; if you elect to exercise the foregoing rights, you agree: (a) that modification of the slide decks will not constitute creation of obscene or scandalous works, as defined by federal law at the time the work is created; and (b) to comply with all other terms and conditions of this EULA, including without limitation Sections 3.7, 3.8 and 6.

3.5 Use of Trainer’s Edition Components. Solely in conjunction with providing an Authorized Training Session, you may customize portions of the Licensed Content such as labs, simulations, animations, modules, and assessment items and other components logically associated with the instruction of an Authorized Training Session.

3.6 Use of Sample Code. In the event that the Licensed Content includes sample code in source or object code format (“Sample Code”), Microsoft grants you a limited, non-exclusive, royalty-free license to use, copy and modify the Sample Code; if you elect to exercise the foregoing rights, you agree to comply with all other terms and conditions of this EULA, including without limitation Sections 3.7, 3.8, and 6.

3.7 Permitted Modifications. In the event that you exercise any rights provided under this EULA to create modifications of the Licensed Content, you agree that any such modifications: (a) will not be used for providing training where a fee is charged in public or private classes other than an Authorized Training Session; (b) indemnify, hold harmless, and defend Microsoft from and against any claims or lawsuits, including attorneys’ fees, which arise from or result from your use of any modified version of the Licensed Content; and (c) not to transfer or assign any rights to any modified version of the License Content to any third party without the express written permission of Microsoft.

3.8 Reproduction/Redistribution Licensed Content. Except as expressly provided in this EULA, you may not reproduce or distribute the Licensed Content or any portion thereof (including any permitted modifications) to any third parties without the express written permission of Microsoft.

4. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to you in this EULA. The Licensed Content is protected by copyright and other intellectual property laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the Licensed Content. You may not remove or obscure any copyright, trademark or patent notices that appear on the Licensed Content, or any components thereof, as delivered to you. The Licensed Content is licensed, not sold.

5. LIMITATIONS ON REVERSE ENGINEERING, DECOMPILATION, AND DISASSEMBLY. You may not reverse engineer, decompile, or disassemble the Software or Media Elements, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.

6. LIMITATIONS ON SALE, RENTAL, ETC. AND CERTAIN ASSIGNMENTS. You may not provide commercial hosting services with, sell, rent, lease, lend, sublicense, or assign copies of the Licensed Content, or any portion thereof (including any permitted modifications thereof) on a stand-alone basis or as part of any collection, product or service.

7. CONSENT TO USE OF DATA. You agree that Microsoft and its affiliates may collect and use technical information gathered as part of the product support services provided to you, if any, related to the Licensed Content. Microsoft may use this information solely to improve our products or to provide customized services or technologies to you and will not disclose this information in a form that personally identifies you.

8. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for the contents of any third party sites, any links contained in third party sites, or any changes or updates to third party sites. Microsoft is not responsible for webcasting or any other form of transmission received from any third party sites. Microsoft is providing these links to third party sites to you only as a convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party site.

9. ADDITIONAL LICENSED CONTENT/SERVICES. This EULA applies to updates, supplements, add-on components, or Internet-based services components, of the Licensed Content that Microsoft may provide to you or make available to you after the date you obtain your initial copy of the Licensed Content, unless we provide other terms along with the update, supplement, add-on component, or Internet-based services component. Microsoft reserves the right to discontinue any Internet-based services provided to you or made available to you through the use of the Licensed Content.

10. U.S. GOVERNMENT LICENSE RIGHTS. All Software provided to the U.S. Government pursuant to solicitations issued on or after December 1, 1995 is provided with the commercial license rights and restrictions described elsewhere herein. All software provided to the U.S. Government pursuant to solicitations issued prior to December 1, 1995 is provided with “Restricted Rights” as provided for in FAR, 48 CFR 52.227-14 (JUNE 1987) or DFAR, 48 CFR 252.227-7013 (OCT 1988), as applicable.

11. EXPORT RESTRICTIONS. You acknowledge that the Licensed Content is subject to U.S. export jurisdiction. You agree to comply with all applicable international and national laws that apply to the Licensed Content, including the U.S. Export Administration Regulations, as well as end-user, end-use, and destination restrictions issued by U.S. and other governments. For additional information see <http://www.microsoft.com/exporting/>.

12. TRANSFER. The initial user of the Licensed Content may make a one-time permanent transfer of this EULA and Licensed Content to another end user, provided the initial user retains no copies of the Licensed Content. The transfer may not be an indirect transfer, such as a consignment. Prior to the transfer, the end user receiving the Licensed Content must agree to all the EULA terms.

13. “NOT FOR RESALE” LICENSED CONTENT. Licensed Content identified as “Not For Resale” or “NFR,” may not be sold or otherwise transferred for value, or used for any purpose other than demonstration, test or evaluation.

14. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this EULA if you fail to comply with the terms and conditions of this EULA. In such event, you must destroy all copies of the Licensed Content and all of its component parts.

15. DISCLAIMER OF WARRANTIES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND ITS SUPPLIERS PROVIDE THE LICENSED MATERIAL AND SUPPORT SERVICES (IF ANY) AS IS AND WITH ALL FAULTS, AND MICROSOFT AND ITS SUPPLIERS HEREBY DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY (IF ANY) IMPLIED WARRANTIES, DUTIES OR CONDITIONS OF MERCHANTABILITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF RELIABILITY OR AVAILABILITY, OF ACCURACY OR COMPLETENESS OF RESPONSES, OF RESULTS, OF WORKMANLIKE EFFORT, OF LACK OF VIRUSES, AND OF LACK OF NEGLIGENCE, ALL WITH REGARD TO THE LICENSED CONTENT, AND THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES, INFORMATION, SOFTWARE, AND RELATED CONTENT THROUGH THE LICENSED CONTENT, OR OTHERWISE ARISING OUT OF THE USE OF THE LICENSED CONTENT. ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THE LICENSED CONTENT. THE ENTIRE RISK AS TO THE QUALITY, OR ARISING OUT OF THE USE OR PERFORMANCE OF THE LICENSED CONTENT, AND ANY SUPPORT SERVICES, REMAINS WITH YOU.

16. EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS INTERRUPTION, FOR PERSONAL INJURY, FOR LOSS OF PRIVACY, FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE LICENSED CONTENT, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES, INFORMATION, SOFTWARE, AND RELATED CONTENT THROUGH THE LICENSED CONTENT, OR OTHERWISE ARISING OUT OF THE USE OF THE LICENSED CONTENT, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS EULA, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), MISREPRESENTATION, STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY OF MICROSOFT OR ANY SUPPLIER, AND EVEN IF MICROSOFT OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

17. LIMITATION OF LIABILITY AND REMEDIES. NOTWITHSTANDING ANY DAMAGES THAT YOU MIGHT INCUR FOR ANY REASON WHATSOEVER (INCLUDING, WITHOUT LIMITATION, ALL DAMAGES REFERENCED HEREIN AND ALL DIRECT OR GENERAL DAMAGES IN CONTRACT OR ANYTHING ELSE), THE ENTIRE LIABILITY OF MICROSOFT AND ANY OF ITS SUPPLIERS UNDER ANY PROVISION OF THIS EULA AND YOUR EXCLUSIVE REMEDY HEREUNDER SHALL BE LIMITED TO THE GREATER OF THE ACTUAL DAMAGES YOU INCUR IN REASONABLE RELIANCE ON THE LICENSED CONTENT UP TO THE AMOUNT ACTUALLY PAID BY YOU FOR THE LICENSED CONTENT OR US$5.00. THE FOREGOING LIMITATIONS,

EXCLUSIONS AND DISCLAIMERS SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EVEN IF ANY REMEDY FAILS ITS ESSENTIAL PURPOSE.

18. APPLICABLE LAW. If you acquired this Licensed Content in the United States, this EULA is governed by the laws of the State of Washington. If you acquired this Licensed Content in Canada, unless expressly prohibited by local law, this EULA is governed by the laws in force in the Province of Ontario, Canada; and, in respect of any dispute which may arise hereunder, you consent to the jurisdiction of the federal and provincial courts sitting in Toronto, Ontario. If you acquired this Licensed Content in the European Union, Iceland, Norway, or Switzerland, then local law applies. If you acquired this Licensed Content in any other country, then local law may apply.

19. ENTIRE AGREEMENT; SEVERABILITY. This EULA (including any addendum or amendment to this EULA which is included with the Licensed Content) are the entire agreement between you and Microsoft relating to the Licensed Content and the support services (if any) and they supersede all prior or contemporaneous oral or written communications, proposals and representations with respect to the Licensed Content or any other subject matter covered by this EULA. To the extent the terms of any Microsoft policies or programs for support services conflict with the terms of this EULA, the terms of this EULA shall control. If any provision of this EULA is held to be void, invalid, unenforceable or illegal, the other provisions shall continue in full force and effect.

Should you have any questions concerning this EULA, or if you desire to contact Microsoft for any reason, please use the address information enclosed in this Licensed Content to contact the Microsoft subsidiary serving your country or visit Microsoft on the World Wide Web at http://www.microsoft.com.

Si vous avez acquis votre Contenu Sous Licence Microsoft au CANADA :

DÉNI DE GARANTIES. Dans la mesure maximale permise par les lois applicables, le Contenu Sous Licence et les services de soutien technique (le cas échéant) sont fournis TELS QUELS ET AVEC TOUS LES DÉFAUTS par Microsoft et ses fournisseurs, lesquels par les présentes dénient toutes autres garanties et conditions expresses, implicites ou en vertu de la loi, notamment, mais sans limitation, (le cas échéant) les garanties, devoirs ou conditions implicites de qualité marchande, d’adaptation à une fin usage particulière, de fiabilité ou de disponibilité, d’exactitude ou d’exhaustivité des réponses, des résultats, des efforts déployés selon les règles de l’art, d’absence de virus et d’absence de négligence, le tout à l’égard du Contenu Sous Licence et de la prestation des services de soutien technique ou de l’omission de la ’une telle prestation des services de soutien technique ou à l’égard de la fourniture ou de l’omission de la fourniture de tous autres services, renseignements, Contenus Sous Licence, et contenu qui s’y rapporte grâce au Contenu Sous Licence ou provenant autrement de l’utilisation du Contenu Sous Licence. PAR AILLEURS, IL N’Y A AUCUNE GARANTIE OU CONDITION QUANT AU TITRE DE PROPRIÉTÉ, À LA JOUISSANCE OU LA POSSESSION PAISIBLE, À LA CONCORDANCE À UNE DESCRIPTION NI QUANT À UNE ABSENCE DE CONTREFAÇON CONCERNANT LE CONTENU SOUS LICENCE.

EXCLUSION DES DOMMAGES ACCESSOIRES, INDIRECTS ET DE CERTAINS AUTRES DOMMAGES. DANS LA MESURE MAXIMALE PERMISE PAR LES LOIS APPLICABLES, EN AUCUN CAS MICROSOFT OU SES FOURNISSEURS NE SERONT RESPONSABLES DES DOMMAGES SPÉCIAUX, CONSÉCUTIFS, ACCESSOIRES OU INDIRECTS DE QUELQUE NATURE QUE CE SOIT (NOTAMMENT, LES DOMMAGES À L’ÉGARD DU MANQUE À GAGNER OU DE LA DIVULGATION DE RENSEIGNEMENTS CONFIDENTIELS OU AUTRES, DE LA PERTE D’EXPLOITATION, DE BLESSURES CORPORELLES, DE LA VIOLATION DE LA VIE PRIVÉE, DE L’OMISSION DE REMPLIR TOUT DEVOIR, Y COMPRIS D’AGIR DE BONNE FOI OU D’EXERCER UN SOIN RAISONNABLE, DE LA NÉGLIGENCE ET DE TOUTE AUTRE PERTE PÉCUNIAIRE OU AUTRE PERTE DE QUELQUE NATURE QUE CE SOIT) SE RAPPORTANT DE QUELQUE MANIÈRE QUE CE SOIT À L’UTILISATION DU CONTENU SOUS LICENCE OU À L’INCAPACITÉ DE S’EN SERVIR, À LA PRESTATION OU À L’OMISSION DE LA ’UNE TELLE PRESTATION DE SERVICES DE SOUTIEN TECHNIQUE OU À LA FOURNITURE OU À L’OMISSION DE LA FOURNITURE DE TOUS AUTRES SERVICES, RENSEIGNEMENTS, CONTENUS SOUS LICENCE, ET CONTENU QUI S’Y RAPPORTE GRÂCE AU CONTENU SOUS LICENCE OU PROVENANT AUTREMENT DE L’UTILISATION DU CONTENU SOUS LICENCE OU AUTREMENT AUX TERMES DE TOUTE

DISPOSITION DE LA U PRÉSENTE CONVENTION EULA OU RELATIVEMENT À UNE TELLE DISPOSITION, MÊME EN CAS DE FAUTE, DE DÉLIT CIVIL (Y COMPRIS LA NÉGLIGENCE), DE RESPONSABILITÉ STRICTE, DE VIOLATION DE CONTRAT OU DE VIOLATION DE GARANTIE DE MICROSOFT OU DE TOUT FOURNISSEUR ET MÊME SI MICROSOFT OU TOUT FOURNISSEUR A ÉTÉ AVISÉ DE LA POSSIBILITÉ DE TELS DOMMAGES.

LIMITATION DE RESPONSABILITÉ ET RECOURS. MALGRÉ LES DOMMAGES QUE VOUS PUISSIEZ SUBIR POUR QUELQUE MOTIF QUE CE SOIT (NOTAMMENT, MAIS SANS LIMITATION, TOUS LES DOMMAGES SUSMENTIONNÉS ET TOUS LES DOMMAGES DIRECTS OU GÉNÉRAUX OU AUTRES), LA SEULE RESPONSABILITÉ ’OBLIGATION INTÉGRALE DE MICROSOFT ET DE L’UN OU L’AUTRE DE SES FOURNISSEURS AUX TERMES DE TOUTE DISPOSITION DEU LA PRÉSENTE CONVENTION EULA ET VOTRE RECOURS EXCLUSIF À L’ÉGARD DE TOUT CE QUI PRÉCÈDE SE LIMITE AU PLUS ÉLEVÉ ENTRE LES MONTANTS SUIVANTS : LE MONTANT QUE VOUS AVEZ RÉELLEMENT PAYÉ POUR LE CONTENU SOUS LICENCE OU 5,00 $US. LES LIMITES, EXCLUSIONS ET DÉNIS QUI PRÉCÈDENT (Y COMPRIS LES CLAUSES CI-DESSUS), S’APPLIQUENT DANS LA MESURE MAXIMALE PERMISE PAR LES LOIS APPLICABLES, MÊME SI TOUT RECOURS N’ATTEINT PAS SON BUT ESSENTIEL.

À moins que cela ne soit prohibé par le droit local applicable, la présente Convention est régie par les lois de la province d’Ontario, Canada. Vous consentez Chacune des parties à la présente reconnaît irrévocablement à la compétence des tribunaux fédéraux et provinciaux siégeant à Toronto, dans de la province d’Ontario et consent à instituer tout litige qui pourrait découler de la présente auprès des tribunaux situés dans le district judiciaire de York, province d’Ontario.

Au cas où vous auriez des questions concernant cette licence ou que vous désiriez vous mettre en rapport avec Microsoft pour quelque raison que ce soit, veuillez utiliser l’information contenue dans le Contenu Sous Licence pour contacter la filiale de succursale Microsoft desservant votre pays, dont l’adresse est fournie dans ce produit, ou visitez écrivez à : Microsoft sur le World Wide Web à http://www.microsoft.com

Troubleshooting Microsoft® Exchange Server 2003 ix

Contents

Introduction What Is a Workshop? ..............................................................................................2 Workshop Materials ................................................................................................3 Prerequisites ............................................................................................................4 Workshop Outline ...................................................................................................5 Demonstration: Using Virtual PC............................................................................7 Setup........................................................................................................................8 Microsoft Certified Professional Program.............................................................10 Facilities ................................................................................................................13 Unit 1: Introduction to Troubleshooting Exchange Server 2003 Overview .................................................................................................................1 Understanding Exchange Server 2003.....................................................................2 Troubleshooting Methodology ................................................................................4 Preparing to Troubleshoot Exchange Server 2003 ..................................................6 Pre-Lab Discussion..................................................................................................8 Lab: Exploring the Troubleshooting Environment..................................................9 Lab Discussion ......................................................................................................18 Unit 2: Troubleshooting Network Connectivity Overview .................................................................................................................1 Tools for Troubleshooting Network Connectivity...................................................2 Common Network Connectivity Problems..............................................................3 Pre-Lab Discussion..................................................................................................4 Lab: Troubleshooting Connectivity Problems.........................................................5 Lab Discussion ......................................................................................................15 Unit 3: Troubleshooting Public Folders and Mailboxes Overview .................................................................................................................1 Troubleshooting Client Connectivity to Mailboxes and Public Folders..................2 Troubleshooting Mailbox and Public Folder Properties..........................................5 Troubleshooting Single Server Message Flow ........................................................8 Troubleshooting the Recipient Update Service .....................................................10 Pre-Lab Discussion................................................................................................12 Lab: Troubleshooting Public Folder and Mailbox Problems.................................13 Lab Discussion ......................................................................................................26 Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access Overview .................................................................................................................1 Troubleshooting Outlook Web Access....................................................................2 Troubleshooting Outlook Web Access in a Front-End and Back-End Server Topology..................................................................................................................5 Troubleshooting Outlook Mobile Access................................................................7 Pre-Lab Discussion..................................................................................................9 Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems ................................................................................................................10 Lab Discussion ......................................................................................................22

x Troubleshooting Microsoft® Exchange Server 2003

Unit 5: Troubleshooting Client Connectivity Overview .................................................................................................................1 Messaging Clients Used to Access Exchange Server 2003 .....................................2 How Messaging Clients Connect to Exchange Server 2003....................................5 Additional Services Required for Connecting to Exchange Server 2003 ...............7 Pre-Lab Discussion..................................................................................................9 Lab: Troubleshooting Client Connectivity Problems ............................................10 Lab Discussion ......................................................................................................20 Unit 6: Troubleshooting Server Connectivity Overview .................................................................................................................1 Troubleshooting Intra-Routing Group Connectivity ...............................................2 Troubleshooting Routing Group Connectivity ........................................................5 Troubleshooting Connectivity to Other E-Mail Systems.........................................8 Troubleshooting Connectivity to the Internet ........................................................11 Pre-Lab Discussion................................................................................................14 Lab: Troubleshooting Server Connectivity Problems............................................15 Lab Discussion ......................................................................................................26 Unit 7: Troubleshooting Server Performance Overview .................................................................................................................1 System Components That Cause Server-Related Problems ....................................2 Common Server-Related Problems .........................................................................5 Pre-Lab Discussion..................................................................................................7 Lab: Troubleshooting Server Performance..............................................................8 Lab Discussion ......................................................................................................18 Unit 8: Troubleshooting Security Issues Overview .................................................................................................................1 PKI Requirements for Secure E-Mail......................................................................2 Troubleshooting S/MIME E-Mail Issues.................................................................5 Troubleshooting SSL Issues ....................................................................................8 Pre-Lab Discussion................................................................................................11 Lab: Troubleshooting Exchange Security..............................................................12 Lab Discussion ......................................................................................................23 Workshop Evaluation ............................................................................................24 Unit 9: Troubleshooting the Migration to Exchange 2003 Overview .................................................................................................................1 Standard Migration Overview .................................................................................2 External Migration Overview .................................................................................5 Troubleshooting Migration Issues ...........................................................................7 Pre-Lab Discussion................................................................................................11 Lab: Troubleshooting the Migration to Exchange 2003 ........................................12 Lab Discussion ......................................................................................................24

Troubleshooting Microsoft® Exchange Server 2003 xi

Unit 10: Troubleshooting an Exchange Server 2003 Organization Overview .................................................................................................................1 Approach to Exchange Server 2003 Troubleshooting.............................................2 Challenge Information � Company Background .....................................................5 Challenge Information � Service Request Log........................................................6 Challenge Information � Change Management Log................................................9 Challenge...............................................................................................................11 Workshop Evaluation ............................................................................................13 Appendix A: Lab Guidance Unit 1: Introduction to Troubleshooting Exchange Server 2003............................1 Unit 2: Troubleshooting Network Connectivity ......................................................2 Unit 3: Troubleshooting Public Folders and Mailboxes..........................................4 Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access ..........6 Unit 5: Troubleshooting Client Connectivity ..........................................................8 Unit 6: Troubleshooting Server Connectivity........................................................10 Unit 7: Troubleshooting Server Performance........................................................12 Unit 8: Troubleshooting Security Issues................................................................14 Unit 9: Troubleshooting the Migration to Exchange 2003 ....................................16 Unit 10: Troubleshooting an Exchange Server 2003 Organization .......................18

Troubleshooting Microsoft® Exchange Server 2003 xiii

About This Workshop This section provides a brief description of this course and its audience, suggested prerequisites, and objectives.

This product is designed as a three-day instructor-led workshop. The workshop will focus exclusively on the troubleshooting skills/objectives that align with Exam 70-284: Implementing and Managing Microsoft Exchange Server 2003. As per the product specification developed by the Business and Product Strategy team, at least 75% of the workshop will consist of lab-based, hands-on experience. The labs will be a series of problem-centered scenarios that require students to use troubleshooting flow charts to identify and resolve problems.

This workshop is targeted at Systems Engineers already skilled in Exchange Server 2003 support tasks. Students should have a 300 skill level as an Exchange administrator and one or more years of messaging and network experience supporting Exchange Server 2003. The workshop format is also intended for students who learn best by doing.

This workshop is not appropriate for Messaging Administrators with fewer than six months of experience, or for people who do not learn well through self-discovery. Given the problem-solving and troubleshooting-based approach of this workshop, students must have solid knowledge of how Exchange functions.

This workshop requires that students meet the following prerequisites:

! Complete Course 2400, Implementing and Managing Exchange Server 2003 or

! Complete Workshop 2009, Upgrading Your Skills from Exchange Server 5.5 to Exchange Server 2003

! One or more years of messaging and network experience supporting Exchange Server 2003

Description

Audience

Student prerequisites

xiv Troubleshooting Microsoft® Exchange Server 2003

After completing this workshop, students will be able to:

! Apply knowledge of a troubleshooting methodology to identify and resolve a problem.

! Identify and resolve network connectivity problems and problems arising from host resolution protocols.

! Identify and resolve problems with public folders and mailboxes. ! Identify and resolve front-end server and back-end server issues that cause

problems with Microsoft Outlook® Web Access (OWA). ! Identify and resolve problems with Internet protocol virtual servers such as

Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP), and Post Office Protocol (POP).

! Identify and resolve connectivity problems between servers running Exchange Server 2003, connectivity problems between Exchange Server 2003 and other messaging systems, and problems with relay configurations.

! Identify and resolve problems with bandwidth, services, database corruption, service failures, disk space, and other server performance issues.

! Identify and resolve encryption and digital signature issues and problems caused by viruses.

! Identify and resolve problems related to migrating from Exchange 5.5 to Exchange 2003.

! Apply knowledge of troubleshooting methodology to create a troubleshooting strategy and identify the appropriate tools, processes, and procedures for each step of the strategy.

Workshop objectives

Troubleshooting Microsoft® Exchange Server 2003 xv

Workshop Timing The following schedule is an estimate of the workshop timing. Timing may vary.

Day 1 Start End Unit

9:00 9:30 Introduction

9:30 9:45 Unit 1: Introduction to Troubleshooting Exchange Server 2003

9:45 10:45 Lab: Exploring the Troubleshooting Environment

10:45 11:00 Break

11:00 11:15 Unit 2: Troubleshooting Network Connectivity

11:15 12:00 Lab: Troubleshooting Connectivity Problems

12:00 1:00 Lunch

1:00 2:30 Lab: Troubleshooting Connectivity Problems (continued)

2:30 2:45 Break

2:45 3:00 Unit 3: Troubleshooting Public Folders and Mailboxes

3:00 4:15 Lab: Troubleshooting Public Folder and Mailbox Problems

4:15 4:30 Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Day 2

Start End Unit

8:30 9:00 Day 1 review

9:00 10:00 Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems

10:00 10:15 Break

10:15 11:45 Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems (continued)

11:45 12:45 Lunch

12:45 1:00 Unit 5: Troubleshooting Client Connectivity

1:00 2:00 Lab: Troubleshooting Client Connectivity Problems

2:00 2:15 Break

2:15 3:15 Lab: Troubleshooting Client Connectivity Problems (continued)

3:15 3:30 Unit 6: Troubleshooting Server Connectivity

3:30 5:00 Lab: Troubleshooting Server Connectivity Problems

xvi Troubleshooting Microsoft® Exchange Server 2003



9:00 9:15 Unit 7: Troubleshooting Server Performance

9:15 10:15 Lab: Troubleshooting Server Performance

10:15 10:30 Break

10:30 10:45 Unit 8: Troubleshooting Security Issues

10:45 12:00 Lab: Troubleshooting Exchange Security

12:00 1:00 Lunch

1:00 1:45 Lab: Troubleshooting Security Issue Problems (continued)

1:45 2:00 Unit 9 : Troubleshooting the Migration to Exchange 2003

2:00 2:15 Break

2:15 3:45 Lab: Troubleshooting the Migration to Exchange 2003

3:45 4:30 Unit 10: Troubleshooting an Exchange Server 2003 Organization

Troubleshooting Microsoft® Exchange Server 2003 xvii

Trainer Materials Compact Disc Contents The Trainer Materials compact disc contains the following files and folders:

! Autorun.exe. When the compact disc is inserted into the CD-ROM drive, or when the user double-clicks the Autorun.exe file, this file starts the disc and allows the user to browse the contents.

! Autorun.inf. When the compact disc is inserted into the CD-ROM drive, this file opens Autorun.exe.

! Default.htm. This file opens the Trainer Materials Web page. ! Readme.txt. This file explains how to install the software for viewing the

compact disc and its contents and how to open the Trainer Materials Web page.

! 2011A_In.doc. This file contains the Instructor Notes for this workshop, which are provided to assist the instructor in delivering this workshop.

! 2011A_ms.doc. This file is the Manual Classroom Setup Guide. It contains the steps for manually setting up the classroom computers.

! Powerpnt. This folder contains the Microsoft PowerPoint® slides that are used in this course.

It is recommended that you use PowerPoint 2002 or later to display the slides for this workshop. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

! Pptview. This folder contains the Microsoft PowerPoint Viewer 97, which can be used to display the PowerPoint slides if Microsoft PowerPoint 2002 is not available. Do not use this version in the classroom.

! Setup. This folder contains the files that install the course and related software on classroom computers.

! Student. This folder contains the Web page that provides students with links to resources pertaining to this course, including additional reading, review and lab answers, lab files, multimedia presentations, and course-related Web sites.

! Tprep. This file contains the Trainer Preparation Presentation for this course. Review these materials before teaching this course.

! Webfiles. This folder contains the files that are required to view the course Web page. To open the Web page, open Windows Explorer, and in the root directory of the compact disc, double-click Default.htm or Autorun.exe.

Important

xviii Troubleshooting Microsoft® Exchange Server 2003

Student Materials Compact Disc Contents The Student Materials compact disc contains the following files and folders:

! Autorun.exe. When the compact disc is inserted into the CD-ROM drive, or when the user double-clicks the Autorun.exe file, this file starts the disc and allows the user to browse the contents.

! Autorun.inf. When the compact disc is inserted into the CD-ROM drive, this file opens Autorun.exe.

! Default.htm. This file opens the Student Materials Web page, which provides students with resources pertaining to this course, including additional reading, review and lab answers, lab files, multimedia presentations, and course-related Web sites.

! Readme.txt. This file explains how to install the software for viewing the compact disc and its contents and how to open the Student Materials Web page.

! Addread. This folder contains additional reading pertaining to this course. ! Appendix. This folder contains appendix files for this course. ! Flash. This folder contains the installer for the Macromedia Flash 5.0

browser plug-in. ! Fonts. This folder contains fonts that may be required to view the Microsoft

Word documents that are included with this course. ! Labfiles. This folder contains files that are used in the hands-on labs. These

files may be used to prepare the student computers for the labs. ! Media. This folder contains files that are used in multimedia presentations

for this course. ! Mplayer. This folder contains the setup file to install Microsoft Windows

Media® Player. ! Toolkit. This folder contains the files that are required to view the Resource

Toolkit. ! Visioview. This folder contains the Microsoft Visio Viewer that is used to

view any Visio document (.vsd) files that are included on the compact disc. ! Webfiles. This folder contains the files that are required to view the course

Web page. To open the Web page, open Windows Explorer, and in the root directory of the compact disc, double-click Default.htm or Autorun.exe.

! Wordview. This folder contains the Word Viewer that is used to view any Word document (.doc) files that are included on the compact disc.

Troubleshooting Microsoft® Exchange Server 2003 xix

Document Conventions The following conventions are used in course materials to distinguish elements of the text.

Convention Use Bold Represents commands, command options, and syntax that must

be typed exactly as shown. It also indicates commands on menus and buttons, dialog box titles and options, and icon and menu names.

Italic In syntax statements or descriptive text, indicates argument names or placeholders for variable information. Italic is also used for introducing new terms, for book titles, and for emphasis in the text.

Title Capitals Indicate domain names, user names, computer names, directory names, and folder and file names, except when specifically referring to case-sensitive names. Unless otherwise indicated, you can use lowercase letters when you type a directory name or file name in a dialog box or at a command prompt.

ALL CAPITALS Indicate the names of keys, key sequences, and key combinations � for example, ALT+SPACEBAR.

monospace Represents code samples or examples of screen text.

[ ] In syntax statements, enclose optional items. For example, [filename] in command syntax indicates that you can choose to type a file name with the command. Type only the information within the brackets, not the brackets themselves.

{ } In syntax statements, enclose required items. Type only the information within the braces, not the braces themselves.

| In syntax statements, separates an either/or choice.

! Indicates a procedure with sequential steps.

... In syntax statements, specifies that the preceding item may be repeated.

.

.

.

Represents an omitted portion of a code sample.

THIS PAGE INTENTIONALLY LEFT BLANK

Contents

Introduction 1

What Is a Workshop? 2

Workshop Materials 3

Prerequisites 4

Workshop Outline 5

Demonstration: Using Virtual PC 7

Setup 8

Microsoft Certified Professional Program 10

Facilities 13

Introduction


Introduction 1

Introduction

*****************************ILLEGAL FOR NON-TRAINER USE******************************

2 Introduction

What Is a Workshop?


The workshop is a fast-paced learning format that favors labs over lecture. In a workshop, lecture time is kept to a minimum to give students the opportunity to focus on hands-on, scenario-based labs. The workshop format enables students to reinforce learning by doing and by problem solving.

Because lecture will focus only on the important or most difficult elements of a given topic, labs include Toolkit resources that contain information like procedures, demonstrations, job aids, and other materials designed to give you the information you need to complete a lab. Your instructor is also a valuable resource, and can answer questions you may have as you complete the lab. Your instructor will also lead discussions after the lab and review best practices.

Introduction 3

Workshop Materials


The following materials are included with your kit:

! Name card. Write your name on both sides of the name card. ! Student workbook. The student workbook contains the material covered in

class, in addition to the hands-on lab exercises. ! Resource Toolkit. The Resource Toolkit is an online interface that contains

resources you will use in the scenario-based labs in this workshop. It includes video presentations, lab scenario information, and Toolkit resources�such as procedures and annotated screenshots�that will help you complete the labs.

! Student Materials compact disc. The Student Materials compact disc contains a Student Materials Web page that provides you with links to resources pertaining to this workshop, including additional readings, lab files, multimedia presentations, and workshop-related Web sites.

Note To open the Student Materials Web page, insert the Student Materials compact disc into the CD-ROM drive, and then in the root directory of the compact disc, double-click Autorun.exe or Default.htm.

! Workshop evaluation. The evaluation gives you the opportunity to complete

an online evaluation near the end of the workshop to provide feedback on the workshop, training facility, and instructor. To provide additional comments or feedback on the workshop, send e-mail to [email protected]. To inquire about the Microsoft® Certified Professional (MPC) program, send e-mail to [email protected].

! Evaluation software. An evaluation copy of Microsoft Exchange Server 2003 is provided for your personal use only.

4 Introduction

Prerequisites



! Complete Course 2400, Implementing and Managing Exchange Server 2003 or

! Complete Course 2009, Upgrading Your Skills from Exchange Server 5.5 to Exchange Server 2003

! One or more years of messaging and network experience supporting Microsoft Exchange Server 2003

Introduction 5

Workshop Outline


Unit 1, �Introduction to Troubleshooting Exchange Server 2003,� provides an overview of Exchange Server 2003, and introduces the troubleshooting methodology and tools that will be used in the labs for this workshop.

Unit 2, �Troubleshooting Network Connectivity,� identifies underlying network connectivity issues when messaging clients cannot access Exchange Server 2003.

Unit 3, �Troubleshooting Public Folders and Mailboxes,� uses the architecture of public folders and mailboxes to identify underlying issues when a client does not receive e-mail messages in an Exchange Server 2003 environment.

Unit 4, �Troubleshooting Outlook Web Access and Outlook Mobile Access,� describes Outlook Web Access (OWA), and Outlook Mobile Access (OMA), and identifies the issues with front-end and back-end servers that can prevent users from accessing OWA.

Unit 5, �Troubleshooting Client Connectivity,� describes the client applications that can connect to an Exchange server and the protocols that these client applications use. In this context, this unit identifies the underlying issues that can prevent client connectivity.

Unit 6, �Troubleshooting Server Connectivity,� discusses common connectivity issues between different Exchange servers. Students will learn about common issues related to connectivity between Exchange sites, connectivity between an Exchange site and a third-party messaging system, and connectivity between an Exchange site and the Internet.

Unit 7, �Troubleshooting Server Performance,� describes common system problems that affect the performance of computers running Exchange Server 2003.

6 Introduction

Unit 8, �Troubleshooting Security Issues,� discusses security issues and potential vulnerabilities caused by improperly configured Exchange organizations. The unit also introduces students to Secure/Multipurpose Internet Mail Extensions (S/MIME) and describes how it signs and seals messages.

Unit 9, �Troubleshooting the Migration to Exchange 2003,� discusses problems that can result during the migration from Exchange 5.5 to Exchange 2003. The unit describes the different types of migration and provides an overview of the migration process. The unit also describes common migration issues, such as the inability to successfully run ForestPrep and DomainPrep, and issues related to using the Microsoft Active Directory® Migration Tool.

Unit 10, �Troubleshooting an Exchange Server 2003 Organization,� provides a review of methodology used to troubleshoot Exchange Server 2003. The unit also discusses high-level troubleshooting guidelines. The unit concludes with an instructor-facilitated, paper-based �challenge lab,� in which students will work together to resolve Exchange-related issues in a case study-type format.

Introduction 7

Demonstration: Using Virtual PC


In this demonstration, your instructor will help you familiarize yourself with the Virtual PC environment that you will work in to complete the practices in this workshop. You will learn:

! How to open Connectix Virtual PC. ! How to start Virtual PC. ! How to log on to Virtual PC. ! How to switch between full screen and window mode. ! How to tell the difference between the virtual computers that are used in the

practices for this course. ! How the virtual computers can communicate with each other and with the

host, but that they cannot communicate with other computers that are outside of the virtual environment (for example, no Internet access is available from the virtual environment).

! How to close Virtual PC.

Note While working in the Virtual PC environment, you may find it useful to use keyboard shortcuts. All Virtual PC shortcuts include a key that is referred to as the HOST key. By default, the HOST key is the ALT key on the right side of your keyboard. Some useful shortcuts include HOST+DELETE to log on to Virtual PC, HOST+ENTER to switch between full screen mode and window mode, and HOST+RIGHT ARROW to display the next virtual computer. For more information about Virtual PC, see Virtual PC Help.

8 Introduction

Setup


The practices for this workshop are performed on virtual computers. You have access to four virtual computers that will be used in various combinations throughout this workshop:

! London is the domain controller for your Microsoft Windows Server� 2003 domain in the Northwind Traders forest. It is running Exchange Server 2003 and is the primary virtual computer that you will use in this workshop. All practices in this workshop require that London be available.

! Miami is a Windows Server 2003 member server in the same domain as London. It is running Exchange 2003 and is used to provide server-to-server troubleshooting opportunities in this workshop.

! Acapulco is a Microsoft Windows® XP computer in the same domain as London. It is running Microsoft Office 2003 and is used for the client activities in several units throughout this workshop.

! Vancouver is a Microsoft Windows NT® 4.0 primary domain controller that is not part of the Northwind Traders forest. It is running Windows NT 4.0 Service Pack 6, Exchange 5.5 with Service Pack 6, and Microsoft Office 2000. This virtual computer is used for migration troubleshooting and to simulate an Internet connection in this workshop.

Practice files associated with the labs in this workshop are located in the folder C:\Moc\2011\Labfiles\LabXX on the London virtual computer.

Virtual computers

Course files

Introduction 9

The virtual environment on each computer in the classroom is configured in the single-domain model, as shown in the following graphic. Vancouver is in a separate domain with no trust relationships established to NWTraders.

The virtual computers on your host computer can communicate with each other and with your host computer. They are unable to communicate with any other computer in the classroom, although your host computer may have network connectivity to other classroom computers and the Internet.

Classroom setup

10 Introduction

Microsoft Certified Professional Program


Microsoft Training and Certification offers a variety of certification credentials for developers and IT professionals. The Microsoft Certified Professional (MCP) program is the leading certification program for validating your experience and skills, keeping you competitive in the changing business environment of today.

This workshop helps students to prepare for Exam 70-284: Implementing and Managing Microsoft Exchange Server 2003. Exam 70-284 is an elective exam for the MCSE certification.

The Microsoft Certified Professional program includes the following certifications:

! MCSA on Microsoft Windows Server 2003 The Microsoft Certified Systems Administrator (MCSA) certification is designed for professionals who implement, manage, and troubleshoot existing network and system environments based on Microsoft Windows 2000 platforms, including the Windows Server 2003 family. Implementation responsibilities include installing and configuring parts of the systems. Management responsibilities include administering and supporting the systems.

! MCSE on Microsoft Windows Server 2003 The Microsoft Certified Systems Engineer (MCSE) credential is the premier certification for professionals who analyze the business requirements and design and implement the infrastructure for business solutions based on the Microsoft Windows 2000 platform and Microsoft server software, including the Windows Server 2003 family. Implementation responsibilities include installing, configuring, and troubleshooting network systems.

Introduction

Related certification exams

MCP certifications

Introduction 11

! MCAD The Microsoft Certified Application Developer (MCAD) for Microsoft .NET credential is appropriate for professionals who use Microsoft technologies to develop and maintain department-level applications, components, Web or desktop clients, or back-end data services, or who work in teams developing enterprise applications. The credential covers job tasks ranging from developing to deploying and maintaining these solutions.

! MCSD The Microsoft Certified Solution Developer (MCSD) credential is the premier certification for professionals who design and develop leading-edge business solutions with Microsoft development tools, technologies, platforms, and the Microsoft Windows DNA architecture. The types of applications MCSDs can develop include desktop applications and multi-user, Web-based, N-tier, and transaction-based applications. The credential covers job tasks ranging from analyzing business requirements to maintaining solutions.

! MCDBA on Microsoft SQL Server 2000 The Microsoft Certified Database Administrator (MCDBA) credential is the premier certification for professionals who implement and administer Microsoft SQL Server databases. The certification is appropriate for individuals who derive physical database designs, develop logical data models, create physical databases, create data services by using Transact-SQL, manage and maintain databases, configure and manage security, monitor and optimize databases, and install and configure SQL Server.

! MCP The Microsoft Certified Professional (MCP) credential is for individuals who have the skills to successfully implement a Microsoft product or technology as part of a business solution in an organization. Hands-on experience with the product is necessary to successfully achieve certification.

! MCT Microsoft Certified Trainers (MCTs) demonstrate the instructional and technical skills that qualify them to deliver Microsoft Official Curriculum through Microsoft Certified Technical Education Centers (Microsoft CTECs).

12 Introduction

The certification requirements differ for each certification category and are specific to the products and job functions addressed by the certification. To become a Microsoft Certified Professional, you must pass rigorous certification exams that provide a valid and reliable measure of technical proficiency and expertise.

See the Microsoft Training and Certification Web site at http://www.microsoft.com/traincert/. You can also e-mail [email protected] if you have specific certification questions.

Microsoft Official Curriculum (MOC) and MSDN Training can help you develop the skills that you need to do your job. This training also complements the experience that you gain while working with Microsoft products and technologies. However, no one-to-one correlation exists between MOC and MSDN Training courses and MCP exams. Microsoft does not expect or intend for the courses to be the sole preparation method for passing MCP exams. Practical product knowledge and experience are also necessary to pass the MCP exams.

To help prepare for the MCP exams, use the preparation guides that are available for each exam. Each Exam Preparation Guide contains exam-specific information, such as a list of the topics on which you will be tested. These guides are available on the Microsoft Training and Certification Web site at http://www.microsoft.com/traincert/.

Certification requirements

For More Information

Acquiring the skills tested by an MCP exam

Introduction 13

Facilities



Contents

Overview 1

Understanding Exchange Server 2003 2

Troubleshooting Methodology 4

Preparing to Troubleshoot Exchange Server 2003 6

Pre-Lab Discussion 8

Lab: Exploring the Troubleshooting Environment 9

Lab Discussion 18

Unit 1: Introduction to Troubleshooting Exchange Server 2003


Unit 1: Introduction to Troubleshooting Exchange Server 2003 1

Overview


Before you begin to troubleshoot Microsoft® Exchange Server 2003, you need to understand the components of Exchange Server 2003 in order to target areas that are malfunctioning. You also need to understand basic troubleshooting methodology, including how to use the Open Systems Interconnection (OSI) model to identify the point at which message flow is failing. Finally, you must understand the tools and resources that can be used to specifically identify a problem.

After completing this unit, you will be able to:

! Configure and prepare servers for basic troubleshooting. ! Analyze process and data flow in a flow chart. ! Access and apply information from a scenario and other workshop

components. ! Identify a problem and recommend a solution.

Objectives

2 Unit 1: Introduction to Troubleshooting Exchange Server 2003

Understanding Exchange Server 2003


Before you begin troubleshooting, you will need to understand the various components of an Exchange messaging system, which allows Exchange Server 2003 to meet the messaging needs of your organization. When troubleshooting your Exchange messaging systems, you must focus on the databases, client connectivity, and server connectivity.

Because Exchange Server 2003 supports multiple databases per server, you must address each database separately in troubleshooting. For example, three mailbox stores may function normally, allowing users on those stores to access their e-mail; however, a fourth mailbox store may be corrupted and need to be repaired or restored. If the databases of Exchange Server 2003 become corrupted, messaging can fail. Additionally, corruption of the Microsoft Active Directory® database can cause problems with Exchange.

Client connectivity is another component that should be addressed separately in most cases. When your users complain that their messaging client is not functioning, you should determine whether the problem is with the server, the client, or the network. Also, be aware that a MAPI client such as Microsoft Outlook® will have different features and requirements than a Post Office Protocol version 3 (POP3) or Internet Message Access Protocol version 4rev1(IMAP4) client. There are situations where an IMAP4 client, such as Microsoft Outlook Express, will work while the Outlook MAPI client will not work.

Microsoft Outlook Web Access (OWA) is extremely helpful in troubleshooting because it can be used to verify that the network and the messaging servers are functioning properly. Other clients that you may need to troubleshoot include Outlook Mobile Access (OMA), Network News Transfer Protocol (NNTP), and Exchange Server ActiveSync®.

Databases

Client connectivity


When working with Exchange Server 2003 in a large organization, you will also need to know how to troubleshoot connectors. In an environment spanning a WAN, connectors are used to enable Exchange Server 2003 routing groups to transfer messages to each other, and to allow Exchange Server 2003 routing groups to transfer messages to other messaging systems.

Server connectivity


Troubleshooting Methodology


Because messaging is a network application, you can use the OSI networking model to help troubleshoot messaging problems. OSI model layers are extremely useful during troubleshooting because each layer contains different components that interact with one another.

The following are the messaging components that function at each OSI model layer:

! Application and Presentation layers. Exchange server and messaging client applications function at these layers. The System Manager is an example of an application layer component.

! Session and Transport layers. TCP/IP connectivity occurs at these layers. Server session connectivity issues, such as Simple Mail Transfer Protocol (SMTP) connection over TCP port 25, occur at this layer.

! Network layer. Routing occurs at this layer. Network addressing issues occur at this layer.

! Data Link layer. Network interface driver issues occur at this layer. ! Physical layer. Physical network issues, such as disconnected cables, occur

at this layer.

You can use the OSI model by starting at the bottom and working your way up to the top until the problem is resolved. Start at the Physical layer by checking the network cabling and other physical components, such as routers, bridges, switches, and other servers that might be the source of the problem. After you have eliminated the Physical layer problems, troubleshoot the network interface card driver and then name resolution and routing.

Often, the problem is higher in the OSI model. When you have gained more experience, you will be able to start troubleshooting at a higher level or at the top level of the OSI model.

OSI model


In any successful troubleshooting scenario, the administrator needs in-depth knowledge of how the system is supposed to work or must have another working system available for reference in troubleshooting.

The working system model provides a reference when troubleshooting. In many cases, you can break down the system into several components and isolate each component individually to test them. You can refer to your working system model to see how each setting is configured and then test it to see if it helps resolve your problem. Of course, each time you make a change, you must document the original system setting as well as your attempted change.

The working system model is very helpful if you have multiple systems that are supposed to be configured the same way, or if you have multiple system components that are supposed to be configured the same way.

Make sure that you document all changes that you make to the environment while you are troubleshooting. You may have to undo the changes you make if they cause other problems. Many organizations use a change management log or similar record to document changes to their environment.

Working system model


Preparing to Troubleshoot Exchange Server 2003


There are several resources that you can use to identify problems that impact messaging in an Exchange Server 2003 organization. If Exchange Server 2003 is already deployed in your environment, you probably are following a preventative maintenance document, which outlines the frequency that you review and act on information provided by these resources.

The table below lists resources you can use to perform preventative maintenance and specific troubleshooting.

Resource Usage Diagnostics Logging

You can configure each Exchange Server 2003 object�s Diagnostics Logging property page to log very specific events to Event Viewer, which can then be viewed for troubleshooting purposes. For example, if you are troubleshooting public folder replication, you may wish to log MSExchangeIS\Public Folder categories that are related to replication. Because diagnostics logging can cause performance degradation, you should only enable it when troubleshooting a specific issue.

Event Viewer Reviewing all logs in Event Viewer on a daily basis will enable you to identify and respond to server problems proactively. When troubleshooting, Event Viewer is the first place you should look for unusual or unexpected activity on your server. For example, if your online backup is failing due to a corrupt information store, you will see information logged in the Application log of Event Viewer that can help you identify and repair the corruption.

Services logs By default, services that log related activity store their logs in the systemroot\system32\logfiles folder. The Web, SMTP, and NNTP logs are especially relevant to Exchange troubleshooting. For example, if your server is unable to transmit messages to a remote server across the Internet, you may wish to enable SMTP logging so that you can review the exact SMTP communications between the two servers noted in the SMTP log file.


(continued) Resource Usage Dump files Dump files are required when working with Microsoft Product

Support Services (PSS) to troubleshoot an operating system stop error (also known as blue screen). The PSS team can evaluate the dump file to help identify the cause of the stop error. For example, hard disk controller driver problems can result in corrupt Exchange information stores, and may cause operating system stop errors. If you experience a stop error, PSS can use the dump file to identify the controller driver as the source of the problem, allowing you to prevent damage to your information stores.

Performance Monitor

You should be logging Exchange and Microsoft Windows® performance counters regularly so that you can anticipate problems resulting from service growth on your Exchange server. When troubleshooting, these log files can help you understand the exact point at which an issue was introduced. For example, if you migrate several hundred mailboxes to your Exchange server, you may not incur problems immediately. However, the migration will impact performance and accelerate your server hardware upgrade schedule. If you neglect to review the log files regularly, you will eventually reach thresholds that cause performance alerts to be sent, and find yourself troubleshooting an issue that you could have anticipated.

For more information on specific performance counters and thresholds, see Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

Network Monitor

To troubleshoot network communication problems among Exchange servers, Active Directory servers, and clients attempting to connect to their Exchange server, you should use the full version of Network Monitor to capture packets between the impacted computers. These packets enable you to determine which servers each computer is attempting to reach, allowing you to troubleshoot global catalog server communication problems.

Messaging logs You should enable message tracking on the Exchange server object�s General property page when troubleshooting message flow problems. Troubleshooting message delivery involves determining at which point a message failed to be routed within your messaging system. To track a message, use the Message Tracking Center in Exchange System Manager.

Note For more information about any of these resources, please refer to Microsoft Windows Server� 2003 Help and Exchange Server 2003 Help.


Pre-Lab Discussion


Each lab in this workshop includes job aids and Lab Toolkit resources to help you complete the exercises. The labs will progressively become more difficult.

Each lab has one or more flowcharts associated with the troubleshooting tasks. The flowcharts are visual displays that contain decision points and processes to guide you through the lab and help you organize your troubleshooting efforts.

Each unit in this workshop has Toolkit resources associated with the lab exercises to assist you in completing the exercises. The Lab Toolkit resources are in a separate booklet, entitled Toolkit Resources. The Lab Toolkit resources are also available in an online format and are located on the student CD in the toolkit\content\labXX folder, where XX is the number of the relevant unit. You can use the Toolkit resource document, �Using the Workshop Resources,� to determine which process and methods you want to use to troubleshoot the problem presented.

Every organization has issues with their service requests. Many requests are very confusing in how they are written. Other requests can be hard to understand when the initial Help Desk person tries to decipher the issue as presented by the user.

Often, it can save a great deal of trouble if you contact the user directly and confirm anything that might be confusing or might be misstated in the service request. At this time, you might consider:

! Problems that your organization has had with service requests. ! Ways to address service request issues to make it easier to resolve the

problems.

Exercise 1 in this lab provides an example of how flowcharts and scenarios will be used throughout this workshop. This exercise covers troubleshooting of a mapped network drive, which is intentionally not an Exchange issue. The purpose of this exercise is to introduce you to the flowcharts and scenarios in this course before delving into actual Exchange troubleshooting issues.

Job aids

Service requests

Example


Lab: Exploring the Troubleshooting Environment


In this lab, you will configure a computer running Exchange Server 2003 in preparation for troubleshooting. You will configure Diagnostics Logging and Service logs. You will then work on a basic troubleshooting problem as an example of how the rest of the workshop will work.

For more information on completing this lab, see Appendix A, �Lab Guidance,� located at the back of the student workbook.

After completing this lab, you will be able to:

! Configure and prepare servers for basic troubleshooting. ! Analyze process and data flow in a flow chart. ! Assess and apply information from a scenario and other workshop

components. ! Identify problems and recommend solutions.

Important This lab focuses on the concepts in this unit and as a result may not comply with Microsoft security recommendations. For instance, this lab does not comply with the recommendation that you should not log on using an administrative account.


For this lab, you will use the Acapulco and London Virtual PCs. The Acapulco Virtual PC is used to provide a messaging client for internal users as well as external users. The London Virtual PC is a domain controller, global catalog server, DNS server, and is running Exchange Server 2003.

To prepare for this lab:

1. Start the 2011_London Virtual PC, if it is not already started. 2. Log on to 2011_London as NWTraders\Administrator with a password of

P@ssw0rd. 3. Start the 2011_Acapulco Virtual PC, if it is not already started. 4. Log on to 2011_Acapulco as NWTraders\Administrator with a password

of P@ssw0rd.

In this lab, in Exercise 1, you will use the flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenario. You will need to read the scenario and the Level 1 support comments and then use the flow chart to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flowchart to determine which path to follow. Use the letters on the flow chart to identify the Lab Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario, you have successfully completed the lab.

Lab Virtual PC configuration

Navigating the flow chart


If necessary, use one or more of the Lab Toolkit resources listed in the following table to help you complete the exercises in this lab.

Flow chart reference Resources used for this lab

Ex 2 only Help: Exchange: Enabling Diagnostic Logging. To locate this information, open the Exchange System Manager help. In this help file, search for Configure Diagnostic Logging and Set Diagnostic Logging Properties.

Ex 2 only Help: Windows: Using Netmon to Monitor Network Traffic. To locate this information, open Windows help. In this help file, search for Monitor Network Traffic and Network Monitor.

A Help: Windows: How to check DNS. To locate this information, open Windows help and then search for Managing Resource Records: DNS.

A Help: Windows: How to use TCP/IP command-line utilities. To locate this information, open Windows help and then search for Command-line utilities: TCP/IP.

B Help: Windows: How to share files. To locate this information, open Windows help and then search for Share permissions: Shared Folders.

A Using the Workshop Resources

Ex 2 only Using Service Logs

Note Access product help files by launching the corresponding product, right-clicking an object within the product management console, and then clicking Help. Access the Windows Server 2003, Enterprise EditionHelp and Support Center by using the Start menu on the desktop of a computer running Windows Server 2003 Enterprise Edition.

Estimated time to complete this lab: 60 minutes

Lab Toolkit resources


Tr

oubl

esho

otin

g M

appe

dN

etw

ork

Drive

Yes

No

Yes

No

No

No

Yes

No

AB

No

No

Yes

Yes

Yes

Sta

rt

End

Yes

Is t

he c

lient

netw

ork

cabl

e a

ttac

hed?

Is t

he s

erve

rpo

wer

ed o

n?

YesIs

the

clie

ntco

mpu

ter

link

light

on?

Is t

hese

rver

com

pute

rne

twor

k ca

ble

atta

ched

?

Is t

he s

erve

rco

mpu

ter

link

light

on?

Doe

s th

ese

rver

adv

ertis

eth

e pr

oper

sha

rena

me?

Doe

s th

ese

rver

res

pond

to

net

vie w

com

man

d?

Doe

s th

ese

rver

res

pond

to

ping

by

host

nam

e?

1. C

heck

all

pow

er ca

bles

2. C

heck

pow

er s

trip

s3. C

heck

pow

er d

evic

es4. C

heck

pow

er s

uppl

y in

se

rver

1. C

heck

to

mak

e su

re th

e cl

ient

com

pute

r is

at

tach

ed t

o th

e ne

twor

k2. C

heck

cab

le e

nds

for

da

mag

e

1. C

heck

cab

le le

ngth

for

br

eaks

2. C

heck

net

wor

k ad

apte

r an

d sw

itch

(or

hu

b) for

bad

co

nnec

tion

3. C

heck

cab

le e

nds

for

da

mag

e

1. C

heck

to

mak

e su

re th

e se

rver

com

pute

r is

at

tach

ed t

o th

e ne

twor

k2. C

heck

cab

le e

nds

for

da

mag

e

1. C

heck

cab

le le

ngth

for

br

eaks

2. C

heck

net

wor

k ad

apte

r an

d sw

itch

(or

hu

b) for

bad

co

nnec

tion

3. C

heck

cab

le e

nds

for

da

mag

e

1. Tr

y pi

ng u

sing

IP a

ddre

ss2. C

heck

DN

S if

pin

g by

IP ad

dres

s w

orks

3. C

heck

dat

a ro

ute

thro

ugh

ne

twor

k4. C

heck

the

IP c

onfig

urat

ion

of

clie

nt c

ompu

ter

5. C

heck

the

IP c

onfig

urat

ion

of

ser

ver

com

pute

r

1. C

heck

ser

ver

serv

ice

fo

r fa

ilure

2. R

esta

rt s

erve

r se

rvic

e an

d its

dep

ende

nt se

rvic

es

1. Ve

rify

shar

e is

in p

lace

2. R

emov

e sh

are

and

re

crea

te s

hare

1. Tr

y to

con

nect

to

shar

e fr

om o

ther

sys

tem

s2. U

se n

etm

on t

o ve

rify

ne

twor

k tr

affic

No


Is t

he s

erve

r po

wer

ed o

n?

Is t

he c

lient

ne

twor

k ca

ble

stac

ked?

Is t

he c

lient

co

mpu

ter

link

light

on?

Is t

he

serv

er c

ompu

ter

netw

ork

cabl

e at

tach

ed?

Sta

rt

Trou

bles

hoot

ing

Map

ped

Net

wor

k D

rive

1. C

heck

all

pow

er

ca

bles

2. C

heck

pow

er s

trip

s3. C

heck

pow

er

devi

ces

4. C

heck

pow

er

Is t

he S

erve

r c

ompu

ter

link

ligh

t on

?

1. C

heck

to

mak

e su

re

the

clie

nt c

ompu

ter

is

att

ache

d to

the

ne

twor

k2. C

heck

cab

le e

nds

fo

r da

mag

e

1. C

heck

cab

le le

ngth

for

brea

ks2. C

heck

net

wor

k

adap

ter

and

switc

h

(or

hub)

for

bad

conn

ectio

n3. C

heck

cab

le e

nds

fo

r da

mag

e

1. C

heck

to

mak

e su

re

th

e se

rver

com

pute

r

is a

ttac

hed

to t

he

ne

twor

k2. C

heck

cab

le e

nds

fo

r da

mag

e

1. C

heck

cab

le le

ngth

for

brea

ks2. C

heck

net

wor

k ad

apte

r

and

switc

h (o

r hu

b)

fo

r ba

d co

nnec

tion

3. C

heck

cab

le e

nds

fo

r da

mag

e

Yes

Yes

Yes

Yes

No

No

No

No

No


B

Trou

bles

hoot

ing

Map

ped

Net

wor

k D

rive

A1

. Tr

y pi

ng u

sing

IP a

ddre

ss2

. C

heck

DN

S if

pin

g by

IP

add

ress

wor

ks3

. C

heck

dat

a ro

ute

thro

ugh

netw

ork

4.

Che

ck t

he IP

con

figur

atio

n

of

clie

nt c

ompu

ter

5.

Che

ck t

he IP

con

figur

atio

n

of

ser

ver

com

pute

r

1.

Che

ck s

erve

r se

rvic

e

fo

r fa

ilure

2.

Res

tart

ser

ver

serv

ice

an

d its

dep

ende

nt

se

rvic

es

1.

Verif

y sh

are

is in

pla

ce2

. R

emov

e sh

are

and

recr

eate

sha

re

End

1.

Try

to c

onne

ct t

o sh

are

from

oth

er s

yste

ms

2.

Use

net

mon

to

verif

y

ne

twor

k tr

affic

Doe

s th

ese

rver

adv

ertis

e th

e pr

oper

sha

rena

me?

Doe

s th

ese

rver

res

pond

to

net

view

co

mm

and?

Doe

s th

e se

rver

res

pond

to

ping

by

host

nam

e?

Yes

Yes

Yes

No

No

No

Yes


Exercise 1 Troubleshooting a Mapped Network Drive

In this exercise, you will identify the problem with a mapped network drive that is reported as nonfunctional.

To create the troubleshooting scenario for this exercise, run the breaklab1a.bat script located in the C:\Moc\2011\Labfiles\Lab01 folder on 2011_London Virtual PC. There is a shortcut to C:\Moc\2011\Labfiles on your desktop.

You are a network administrator. Jeff Pike can no longer access his K drive. The K drive, by company standards, maps to \\London\KDrive, which is a shared directory on London.

In this exercise, you will need to log on to Acapulco using NWTraders\JeffPike to troubleshoot and test your solution. All user accounts can be accessed by using a password of P@ssw0rd.

�Called Operations; they say the London server is up and running. Jeff claims that it was working earlier in the day, then he went to lunch. When he returned from lunch it no longer worked. Jeff installed new software before lunch�an upgrade to Microsoft Office System 2003. Jeff states he is unable to access any share points on the London server.�

Use the flow chart and the Lab Toolkit resources to identify and resolve the problem with the client connection. Fix all related problems.

What did you determine to be the problem in this scenario?

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

What steps did you take to identify and resolve the problem in this scenario?

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

Exercise preparation

Scenario

Level 1 support comments


Exercise 2 Configuring Common Troubleshooting Components

In this exercise, you will configure Windows Server 2003 and Exchange Server 2003 for basic troubleshooting. Configure London by performing the tasks below.

You are a network administrator. You want to prepare your Exchange Server 2003 environment for troubleshooting. At this time, your environment is functioning as expected. Perform the tasks in the following table on London.

Tasks Resources Enable and configure SMTP and NNTP logging. Verify configuration of HTTP logging.

Search Exchange Server 2003 Help for topics entitled �Enable Logging for SMTP, NNTP, and HTTP Protocols� and �Enable Logging for the HTTP Exchange Virtual Server.�

You need to start the NNTP service.

Configure the Performance snap-in to log the LogicalDisk, Memory, Network Interface, PhysicalDisk, and Processor objects.

Search Performance logs and Alerts Help for the topic entitled �Create a counter log� and �Troubleshooting.�

Review the options available for Exchange Diagnostics Logging.

Search Exchange Server 2003 Help for the topic entitled �Configure Diagnostics Logging.� See note below table.

In Add/Remove Windows Components in Add or Remove Programs, install and then use Network Monitor to capture and view network traffic on your local area connection. The location of installation files is c:\moc\2011\labfiles\Lab01\Netmon.

Search Windows Server 2003 Enterprise Edition Help and Support Center for the topic entitled �Monitoring Network Traffic: Common Administrative Tasks.� See note below table.

Verify that Exchange Service Monitoring is configured to monitor the Microsoft Exchange System Attendant service and its dependent services.

Search Exchange Server 2003 Help for the topic entitled �Monitor Services Used by Exchange.�

Enable message tracking and subject logging.

Search Exchange Server 2003 Help for the topic entitled �Enable Message Tracking.�

Note Diagnostics Logging and Network Monitor are two tools that you will not configure and use until you are actually facing a problem and need them to help resolve the problem. In this exercise, review the many options available under Diagnostics Logging and familiarize yourself with Network Monitor.

Scenario


For this lab, you used the Acapulco and London Virtual PCs. Please save changes that were made during your troubleshooting by closing each image.

Important When you shut down the Virtual PCs using these instructions, all changes made to the London Virtual PC will be saved.

To clean up after this lab:

1. On Acapulco, on the menu, click PC, click Shutdown, click Turn off PC and undo changes, and then click OK.

2. On London, on the menu, click PC, click Shutdown, click Save PC state and keep changes, and then click OK.

Note Start the 2011_London Virtual PC to prepare for the next unit�s lab. Do not shut it down again until instructed.

Lab Virtual PC clean-up


Lab Discussion


What steps did you follow in the troubleshooting flow charts?

! What were the root causes of the problems described in the scenario? ! What steps did you use and how did the steps help identify the problem? ! What other steps could you have used to identify the problem faster? ! How did you test your solution?

How will you address this type of problem in the future? ! How is your work environment different than the test environment? ! How would your work environment change the troubleshooting process? ! What steps will you take in the future when troubleshooting similar

problems?

Contents

Overview 1

Tools for Troubleshooting Network Connectivity 2

Common Network Connectivity Problems 3


Lab: Troubleshooting Connectivity Problems 5

Lab Discussion 15

Unit 2: Troubleshooting Network Connectivity


Unit 2: Troubleshooting Network Connectivity 1

Overview


If messaging fails, it is usually because of connectivity issues. Microsoft® Exchange Server 2003 provides you with various tools to assist you in troubleshooting network connectivity. In this unit, you will focus on some of these tools and will then have the opportunity to practice using them.


! Identify the underlying causes when mail from one server is not received by recipients on another server and resolve the problem.

! Identify the underlying causes when a user cannot connect to an Exchange Server 2003 server as a remote user and resolve the problem.

! Identify the underlying causes when no one in a company can receive Internet e-mail and resolve the problem.

Objectives

2 Unit 2: Troubleshooting Network Connectivity

Tools for Troubleshooting Network Connectivity


Network connectivity problems and issues involving DNS are common reasons for message failure. Several tools are available to verify that your network is functioning correctly, that domain name resolution is occurring correctly, and to identify specific problems in your environment. Using these tools to identify the source of a problem will greatly improve your troubleshooting efforts. The following table lists the tools and gives a brief description of when you would use each one.

Tool Purpose Telnet Use Telnet to verify that you can connect to a particular TCP/IP port on an Exchange server.

For example, if you cannot send Simple Mail Transfer Protocol (SMTP) messages to a remote server; use Telnet to verify that SMTP is responding as expected on port 25.

Ping Use Ping to verify that the network between a sending computer and a receiving computer is transferring data correctly and in a timely manner. For example, if you cannot ping your Exchange server from your client computer, you will not be able to send or receive e-mail using that server.

Tracert Use Tracert to trace each hop that a network packet takes when sent from one computer to another. If you cannot ping a destination computer, you can use Tracert to identify the point at which the packet is failing to transfer.

Pathping Use Pathping instead of Ping and Tracert when you want to locate information about network latency and network loss at intermediate hops between a source and destination. Pathping allows you to determine which routers or subnets are having network problems.

DNS Administrator Use the DNS Administrator program to configure DNS settings, test connectivity between DNS servers, and verify that host names are registered correctly. Problems with DNS functionality are frequently a result of network connectivity problems between the DNS server and the server or client with which you are experiencing a problem. For example, if a message is not being transmitted to a remote SMTP host, this could be a problem with the DNS registration for that host.


Common Network Connectivity Problems


As we have discussed, connectivity problems are some of the major issues when troubleshooting an Exchange Server 2003 messaging environment. Some of the more common issues and the steps that you can take to resolve them are listed in the following table.

Problem Troubleshooting tips DNS resolution of A and MX records is not correct

• Verify that the DNS service is running

• Verify that the Exchange A records are present

• Verify that the Exchange mail exchanger (MX) resource records are present

POP3/IMAP4 protocol permissions are not configured correctly

• Verify that users have permission to Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4rev1 (IMAP4)

• Verify that the appropriate protocol service startup type is set to Automatic, and that the service is started on the Exchange server

• Verify that the server�s IP address and host name are resolved successfully from the client

Firewall blocks transmissions • Verify that the firewall is configured correctly

• Verify that the services on the firewall are running as expected

• Use Telnet to verify that the ports are open and accepting connections

• Use firewall configuration tools to verify port redirection

Virus has infected your network • Verify that the antivirus scanning engines and signature files are current

• Use your disaster recovery documentation to prevent further spreading of the virus and to clean the virus from the server

Inbound SMTP traffic is not being accepted

• Use Telnet to verify that relevant firewalls, routers, and servers are processing SMTP traffic

• Verify that the Exchange server is not filtering SMTP connections based on e-mail address, domain name, or IP address

• Verify the MX records in DNS


Pre-Lab Discussion


Network connectivity problems will impact all network-based applications. Messaging applications can have client-to-server connectivity issues, server-to-server connectivity issues, and issues with transmitting data through firewalls.

Focusing on connectivity, discuss what problems might cause the following situations:

! A user cannot receive e-mail from another internal user. ! Users cannot connect to their mailboxes from outside the corporate network. ! A company is unable to receive e-mail from Internet senders.


Lab: Troubleshooting Connectivity Problems




! Identify the underlying causes when e-mail from one server is not received by recipients on another server and resolve the problem.

! Identify the underlying causes when a user cannot connect to an Exchange server as a remote user and resolve the problem.

! Identify the underlying causes when no one in a company can receive Internet e-mail and resolve the problem.



For this lab, you will use the Acapulco, Miami, Vancouver, and London Virtual PCs. The Acapulco Virtual PC is used to provide a messaging client for internal users as well as external users. London is a domain controller, global catalog server, DNS server, and Exchange Server 2003 server. Miami is an Exchange Server 2003 server. Vancouver is an Exchange 5.5 server that is used to simulate a connection to an Internet host in the last exercise of this lab, and will be started at that time.


1. Start 2011_London Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with a password of P@ssw0rd. For

performance reasons, you should allow London to start completely prior to starting Acapulco.

3. Start 2011_Acapulco Virtual PC, if it is not already started, but do not log on. For performance reasons, you should allow Acapulco to start completely prior to starting Miami.

4. Start 2011_Miami Virtual PC. 5. Log on as NWTraders\Administrator. If any services configured with a

startup type of Automatic fail to start, start them now.

Note All accounts used in this course can be accessed by using the password P@ssw0rd.

In this lab, you will use the flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario, the support comments, and then use the flow charts to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flow chart to determine which path to follow. Use the letters on the flow chart to identify the Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario you have successfully completed the lab.




If necessary, use one or more of the Lab Toolkit resources listed in the following table to help you complete the exercises in this lab.

Flow chart reference

Resources used for this Flow Chart

B C D Help: Exchange: Managing Virtual Servers. To locate this

information, open Exchange System Manager Help, search for Configure Virtual Servers, and then select the appropriate topic for the type of virtual server.

A B C Help: Exchange: Tracking Messages. To locate this information, open Exchange System Manager Help, search for message tracking, and then select Use the Message Tracking Center.

C Help: Exchange: Verifying the RGC Configuration. To locate this information, open Exchange System Manager Help and then search for Install a Routing Group Connector.

B Help: Microsoft Outlook® Express: Verifying Account Configuration. To locate this information, open Outlook Express Help and then search for Add a mail or news account.

A Help: Microsoft Outlook: Verifying Account Configuration. To locate this information, open Outlook Help and then search for View or change e-mail account settings.

A B C D Help: Microsoft Windows®: Testing DNS. To locate this information, open Windows Help and then search for Manage resource records.

A B C D Help: Windows: Using NSLookup. To locate information on using NSLookup to test DNS, open a command prompt, type NSLookup to start the NSLookup tool, and then type Help.

C Help: Windows: How to Use TCP/IP Command-Line Utilities. To locate this information, open Windows Help and then search for Command-line utilities: TCP/IP.

A B C Impact of Virus and Content Scanners on Messaging Functionality

D Internet E-Mail Testing Methods

A Updating the Global Address List (GAL)

A Using Dcdiag and Netdiag to Verify the Network Infrastructure

B D Using the Telnet Command to Test the TCP Port Restrictions on a Firewall

A B Verifying that a Server is Online




Sta

rt

No

Yes

Yes

Yes

No

B

AC

D

No

Trou

bles

hoot

ing

Net

wor

kCon

nect

ivity

Pro

blem

s

MAP

I

Out

look

Expr

ess

Can

the

clie

nt s

end

and

rece

ive

e-m

ail

betw

een

othe

rs o

n th

esa

me

Exch

ange

ser

ver?

Can

the

clie

nt s

end

and

reci

eve

e-m

ail

betw

een

othe

rs o

n ot

her

Exch

ange

ser

vers

in t

heor

gani

zatio

n?

Can

the

clie

nt s

end

and

rece

ive

Inte

rnet

e-m

ail?

Whi

ch m

essa

ging

clie

nt a

pplic

atio

n is

bein

g us

ed?

1.

Che

ck u

ser

for

SM

TP D

eny

2.

Verif

y S

MTP

vir

tual

ser

ver

is

fu

nctio

ning

3.

Che

ck f

irew

all c

onfig

urat

ion

4.

Verif

y ex

tern

al D

NS

MX

reco

rds

5.

Verif

y th

at t

he f

irew

all i

s no

t

bl

ocki

ng

1.

Verif

y co

rrec

t ad

dres

s an

d te

st if

oth

er u

sers

can

send

and

rec

eive

ext

ra-s

erve

r e-

mai

l2

. C

heck

net

wor

k ro

ute

3.

Verif

y IP

con

figur

atio

n on

all

e-m

ail s

erve

rs4

. C

heck

DN

S5

. Ve

rify

SM

TP v

irtu

al s

erve

r is

run

ning

on

rem

ote

serv

er6

. C

heck

mes

sage

siz

e lim

its o

n co

nnec

tors

7.

Che

ck v

irus

and

con

tent

sca

nner

qua

rant

ine

8.

Trac

k m

essa

ge

1.

Verif

y se

rver

is o

nlin

e2

. Ve

rify

mai

lbox

and

ser

ver

nam

es in

Out

look

clie

nt3

. Ve

rify

DC

and

GC

onl

ine

4.

Verif

y us

er n

ame

is in

the

GAL

, upd

ate

if ne

cess

ary

5.

Che

ck D

NS

res

olut

ion

6.

Che

ck v

irus

and

con

tent

sc

anne

r qu

aran

tine

7.

Trac

k m

essa

ge

1.

Verif

y se

rver

is o

nlin

e2

. Ve

rify

acco

unt

nam

e, p

assw

ord,

and

serv

er n

ames

in O

utlo

ok

Ex

pres

s cl

ient

3.

Che

ck D

NS

res

olut

ion

4.

Verif

y S

MTP

, IM

AP4

/PO

P3

vi

rtua

l ser

vers

are

run

ning

5.

Che

ck v

irus

and

con

tent

sca

nner

quar

antin

e6

. Tr

ack

mes

sage

If e

xter

nal c

lient

7.

Che

ck f

irew

all c

onfig

urat

ion

End


Trou

bles

hoot

ing

Net

wor

k Con

nect

ivity

Pro

blem

s

B

A

Sta

rt

Can

the

clie

nt s

end

and

rece

ive

e-m

ail b

etw

een

othe

rs o

n ot

her

Exch

ange

se

rver

s in

the

or

gani

zatio

n?

1.

Verif

y se

rver

is o

nlin

e2.

Verif

y m

ailb

ox a

nd s

erve

r

na

mes

in O

utlo

ok c

lient

3.

Verif

y D

C a

nd G

C o

nlin

e4.

Verif

y us

er n

ame

is in

the

GAL

, upd

ate

if ne

cess

ary

5.

Che

ck D

NS

res

olut

ion

6.

Che

ck v

irus

and

cont

ent

scan

ner

quar

antin

e7.

Trac

k m

essa

ge

Whi

ch m

essa

ging

clie

nt a

pplic

atio

n is

bein

g us

ed?

1. Ve

rify

serv

er is

onl

ine

2. Ve

rify

acco

unt

nam

e, p

assw

ord,

an

d se

rver

nam

es in

O

utlo

ok E

xpre

ss c

lient

3. C

heck

DN

S r

esol

utio

n4. Ve

rify

SM

TP, I

MAP

4/P

OP3

vir

tual

se

rver

s ar

e ru

nnin

g5. C

heck

viru

s an

d co

nten

t sc

anne

r qu

aran

tine

6. Tr

ack

mes

sage

If

exte

rnal

clie

nt7. C

heck

fire

wal

l con

figur

atio

n

MAP

I

Out

look

Exp

ress

No

Yes


Trou

bles

hoot

ing

Net

wor

k Con

nect

ivity

Pro

blem

s

CD

Can

the

clie

nt

send

and

rec

eive

e-m

ail

betw

een

othe

rs o

n ot

her

Exch

ange

ser

vers

in t

he

orga

niza

tion?

End

Can

the

clie

nt s

end

and

rece

ive

Inte

rnet

e-m

ail?

1. Ve

rify

corr

ect

addr

ess

and

test

if o

ther

use

rs c

an s

end

and

rece

ive

extr

a-se

rver

e-m

ail

2. C

heck

net

wor

k ro

ute

3. Ve

rify

IP c

onfig

urat

ion

on a

ll e-

mai

l ser

vers

5. C

heck

DN

S6. Ve

rify

SM

TP v

irtu

al s

erve

r is

run

ning

on

re

mot

e se

rver

7. C

heck

mes

sage

siz

e lim

its o

n co

nnec

tors

8. C

heck

viru

s an

d co

nten

t sc

anne

r qu

aran

tine

9. Tr

ack

mes

sage

1. C

heck

use

r fo

r S

MTP

Den

y2. Ve

rify

SM

TP v

irtu

al s

erve

r is

fu

nctio

ning

3. C

heck

fire

wal

l con

figur

atio

n4. Ve

rify

exte

rnal

DN

S M

X re

cord

s5. Ve

rify

that

the

fire

wal

l is

not

bl

ocki

ng

No

Yes

Yes

No


Exercise 1 Troubleshooting Internal User E-Mail Failure

In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario.

To create the troubleshooting scenario for this exercise, run the breaklab2a.bat script located in the c:\MOC\2011\Labfiles\Lab02 folder on 2011_London Virtual PC. It is important that all Virtual PCs be completely started prior to running the script. Jeff Pike has entered a service request. He states that he is unable to send e-mail to one of his team members, Mindy Martin. He is able to send and receive e-mail to and from others in his team, but not Mindy.

In this exercise, you will need to log on to Acapulco using NWTraders\JeffPike and log on to Microsoft Outlook Web Access (OWA) as NWTraders\MindyMarti to troubleshoot and test your solution. All user accounts can be accessed by using a password of P@ssw0rd.

�Sent e-mail to Jeff and he received it fine. Called Mindy; she is able to send and receive e-mail among her co-workers. Jeff and Mindy both use Outlook 2003.�

You must establish e-mail communication between Jeff Pike and Mindy Martin.


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


Scenario



Exercise 2 Troubleshooting When a Remote User Is Unable to Receive E-Mail


To create the troubleshooting scenario for this exercise, perform the following steps: 1. On Miami, on the menu, click PC, click Shut Down, click Turn off PC

and undo changes, and then click OK. 2. Run the breaklab2b.bat script located in the c:\MOC\2011\Labfiles\Lab02

folder on 2011_London Virtual PC.

Brian Clark has entered a service request. He states that he is unable to access his e-mail from home using Outlook Express. He is trying to configure Outlook Express as an IMAP4 client. Brian�s mailbox was recently moved from a server running Exchange 2000 to a different server running Exchange 2003.

Log on to Acapulco as NWTraders\BrianClark using the password P@ssw0rd. Use Outlook Express to connect to the Exchange Server 2003 server and troubleshoot the connection.

�Sent e-mail to Brian and it didn�t bounce back. Checked System Manager and saw that the messages in Brian�s mailbox increase when I send him e-mail. I think the problem might be related to Brian�s mailbox being moved, that it was corrupted.�

�Called Brian at home and walked through the settings for Outlook Express. Everything seems fine. Maybe it is a corruption problem.�

Read the Level 1 and Level 2 support comments and find a solution to the problem. You must resolve the problems Brian experiences when accessing his e-mail using Outlook Express as an IMAP4 client.


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


Scenario




Exercise 3 Troubleshooting When a Company is Not Receiving Internet E-Mail


To create the troubleshooting scenario for this exercise, perform the following steps: 1. Verify that 2011_London Virtual PC is running. 2. Start 2011_Vancouver Virtual PC. Because Vancouver is in the Microsoft

Windows NT® domain Contoso, which is not part of the same forest as London, you can use Vancouver to simulate an Internet host. When you start Vancouver, Vancouver will run Autochk. You should allow Autochk to complete, at which time Vancouver will start successfully.

3. Log on to Vancouver as Contoso\Administrator. 4. Run the breaklab2c.bat script located in the c:\MOC\2011\Labfiles\Lab02

folder on 2011_London Virtual PC.

Brenda Diaz has entered a service request. She states that she is not receiving e-mail from the Internet, and she is unable to send e-mail to the Internet. Log on to Acapulco as NWTraders\BrendaDiaz using the password P@ssw0rd. Use Outlook 2003 to connect to the Exchange Server 2003 environment and troubleshoot the connection. You can use the [email protected] account as the test recipient on Vancouver. Outlook 2000 on Vancouver has already been configured with a profile for the Contoso Administrator mailbox.

�Brenda is using Outlook 2003. Brenda is able to send and receive internal e-mail. She claims she is able to send e-mail to the Internet but is not able to receive it. Explained to Brenda that it must be a problem at the other end because nobody else has reported any similar problems. Brenda is confident that it must be something wrong with our e-mail server.�

�Brenda called the Help Desk manager and was very upset. I called her directly; she is certain that it is a problem with our e-mail server. She says that a friend of hers at Contoso, Ltd has been trying to send her e-mail all day. I explained to Brenda that it might be a virus issue and that the other e-mail server is stopping mail from being sent to our server.�

Read the Level 1 and Level 2 support comments and find a solution to the problem that is keeping users from receiving e-mail from the Internet.

Warning Virtual PC will capture your mouse while using Vancouver. To use your mouse to access other windows outside of Vancouver, you must press the right Alt key while moving your mouse out of the Vancouver window.


Scenario





________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


________________________________________________________________

________________________________________________________________

________________________________________________________________

_______________________________________________________________

For this lab, you used the Acapulco, Miami, Vancouver, and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image. The Miami virtual PC should have been closed at the beginning of Exercise 2.

Important When you shut down the Virtual PCs using these instructions, all changes made to the Virtual PCs during this lab will be lost.


1. On Acapulco, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK.

2. On London, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK.

3. On Vancouver, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK.




Lab Discussion



! What were the root causes of the problems described in the scenario? ! What steps did you use and how did the steps help identify the problems? ! What other steps could you have used to identify the problems faster? ! How did you test your solution?

How will you address this type of problem in the future?

! How is your work environment different than the test environment? ! How would your work environment change the troubleshooting process? ! What steps will you take in the future when troubleshooting similar

problems?


Contents

Overview 1

Troubleshooting Client Connectivity to Mailboxes and Public Folders 2

Troubleshooting Mailbox and Public Folder Properties 5

Troubleshooting Single Server Message Flow 8

Troubleshooting the Recipient Update Service 10


Lab: Troubleshooting Public Folder and Mailbox Problems 13

Lab Discussion 26

Unit 3: Troubleshooting Public Folders and Mailboxes


Unit 3: Troubleshooting Public Folders and Mailboxes 1

Overview


Network connectivity issues prevent users from sending and receiving e-mail in a Microsoft® Exchange Server 2003 environment. In this unit, you will learn how to identify the mailbox and public folder problems that prevent users from sending and receiving e-mail. These issues are indicated when a client is unable to connect to a server running Exchange Server 2003 to access a mailbox or a public folder.


! Identify the underlying causes when a user cannot receive Internet e-mail and resolve the problem.

! Identify the underlying causes when a user cannot send Internet e-mail and resolve the problem.

! Identify the underlying causes when a user is unable to post a message to a public folder and resolve the problem.

Objectives

2 Unit 3: Troubleshooting Public Folders and Mailboxes

Troubleshooting Client Connectivity to Mailboxes and Public Folders


If a user cannot send and receive e-mail, one reason for this may be that the user�s e-mail client cannot connect to the user�s Exchange server. There are many possible reasons why a client cannot connect to an Exchange server. To troubleshoot client connectivity, you need to understand how a client connects to an Exchange server and then troubleshoot each step in the process.

To troubleshoot client connectivity to a mailbox on an Exchange server, you need to examine the following components:

! Name resolution. The e-mail client must be able to resolve the name of the Exchange server before it can open the mailbox. Microsoft Windows® 2000 Professional and later clients rely on DNS to resolve the host name of the Exchange server. Earlier clients rely on Windows Internet Name Service (WINS) to resolve the network basic input/output system (NetBIOS) name of the Exchange server. To troubleshoot name resolution issues, use tools such as Ping and NSLookup.

! Protocol connection. If the e-mail client can resolve the name of the Exchange server, the next step is to attempt an application level protocol connection to the server.

• For Microsoft Outlook® MAPI clients, the client must be able to create a remote procedure call (RPC) connection to the Exchange server by using TCP/IP port 135. The RPC port mapper will dynamically assign a port after the initial connection unless you have configured your Exchange server to use static ports. For Outlook 2003 using RPC over HTTP, the RPC traffic is sent using HTTPS (port 443). On the internal network, you may need to check options such as packet filtering on network devices or the Exchange servers, or possibly an Internet Protocol security (IPSec) policy that is blocking RPC connections.

Troubleshooting mailbox connectivity


• Internet Message Access Protocol version 4rev1 (IMAP4), Post Office Protocol version 3 (POP3), or HTTP clients must be able to connect to the Exchange server using the appropriate protocols. If the client can establish a TCP/IP connection to the Exchange server, but it cannot create a protocol connection, you must identify what is blocking the connection. The most common problem is firewall settings. In most cases, protocol resolution issues will impact more than just one client. For example, if POP3 traffic is being blocked on the network, all POP3 clients will be affected. If only one client is affected, you can limit your troubleshooting to that particular client.

• Microsoft Active Directory® directory service access. To send and receive e-mail in an Exchange Server 2003 environment, both the e-mail client and the Exchange server must be able to connect to Active Directory global catalog servers. All of the Exchange servers in the organization must be able to connect to a domain controller in order to access configuration information. In order to resolve e-mail addresses to send a message, the Exchange server must be able to locate the recipient object in the global catalog. To open the global address list, the e-mail client must be able to connect to a global catalog server. If the e-mail client is having problems resolving recipient names, test the Active Directory connections using tools like Netdiag, Netsh, Dcdiag, and Dsadiag. Also, verify that objects exist in the global catalog, and that, if needed, an expansion server for each mail-enabled group is identified and functioning.

When an e-mail client attempts to connect to a public folder server, the client must first establish a connection to the Exchange server that houses the client�s default public store server using the same process as connecting to a mailbox. Accessing public folder content adds some extra components that you need to consider in your troubleshooting:

! Connecting to the default public folder hierarchy. When the e-mail client tries to access a public folder, it must first access the public folder hierarchy. The default public folder hierarchy is stored on every server that includes a public folder store. The e-mail client will try to access the hierarchy from the default public store defined on the client�s mailbox store properties, which by default is on the same server as the user�s mailbox. If the e-mail client cannot see any public folders in the hierarchy, the server that hosts the user�s default public store is not returning public folder information properly. In this case, confirm connectivity to the server hosting the default public store and verify that the public store is mounted. If the client can view parts of the hierarchy but is unable to view recently created folders, verify that the hierarchy is replicating correctly. If replication is working, the user may not have permissions to access portions of the hierarchy; you should verify that permissions are granted accordingly. You can force an immediate update of the public folder hierarchy information by right-clicking a public folder store and clicking Send hierarchy.

Troubleshooting public folder connectivity


! Connecting to public folder contents. After the client has connected to the public folder hierarchy, it must then retrieve the actual messages from the public folder. The messages are stored only on those servers that contain a replica of the public folder. When the client tries to open a message in a public folder, the server that houses the user�s default public store returns a list of all servers that contain a replica of the public folder. The client will then connect to the requested public folder in the following order of preference:

• Connect to the server housing the default public folder store.

• Connect to an Exchange server in the same routing group as the Exchange server that houses the user�s mailbox.

• Connect to an Exchange server in a different routing group. If there are multiple routing groups, the client will connect to an Exchange server based on the public folder referral configuration on the routing group connectors and the routing group connector costs.

If the client cannot connect to a public folder replica in its own routing group, follow the same troubleshooting process that you would use to troubleshoot connecting to a mailbox. If the public folder replica is located in another routing group, check whether public folder referrals are enabled across the routing group connection. In most cases the second routing group is across a WAN connection, so you may need to troubleshoot the network connectivity. If the WAN connection has limited available bandwidth, you may need to configure a replica of the public folder in the local routing group to ensure client connectivity.


Troubleshooting Mailbox and Public Folder Properties


If an e-mail client can access the appropriate mailbox or public folder but cannot send and receive e-mail messages, the problem may be a configuration setting on the mailbox or public folder.

There are many possible configuration settings on a mailbox that can affect e-mail delivery, including the following:

! Mailbox permissions. To send e-mail from a mailbox, the user must have Send As permission, or be delegated the Send on behalf of permission. To read the mail in the mailbox, the user must be granted Receive As permission or be granted the permission to read the mailbox contents. The primary account associated with a mailbox is granted Full Mailbox Access in Active Directory. If a client cannot use a mailbox as expected, verify that permissions are granted correctly.

! E-mail address. Every mailbox on an Exchange Server 2003 server must be configured with at least a Simple Mail Transfer Protocol (SMTP) address and a X.400 address. Initially, these addresses are configured by the default recipient policy. Additional addresses may be configured manually or by creating additional recipient policies that apply to the user. If a user is unable to receive e-mail originating from messaging systems across connectors, verify that the user�s e-mail address is defined correctly for the affected connector. For example, a user unable to receive Internet e-mail may have an incorrect SMTP address.

Troubleshooting mailbox configuration issues


! Default e-mail address. If a mailbox is configured with more than one address of the same type, one of the addresses is configured as the primary e-mail address. This is most common for SMTP addresses, when one user may have more than one SMTP e-mail address. By default, Exchange Server 2003 adds the primary e-mail address to the FROM field of outbound messages sent from the user�s mailbox. If the primary e-mail address is not correct, replies to messages sent from the user may not be delivered. If a user is not receiving replies to messages they send across connectors to other messaging systems, verify that the user�s primary e-mail address for the affected connector is configured correctly. For example, a user that receives Internet e-mail but does not receive replies to messages that are sent to Internet users may have an incorrectly defined primary SMTP e-mail address.

! Message size limits. You can configure both sending and receiving message size limits at the organization level, connector level, or mailbox level. If a message exceeds the message size restriction, it will not be delivered. If a user is unable to send messages with large attachments, check the message size limits. If the messages are too large, you may need to increase the size limits or ask the user to decrease the size of the attachments.

! Mailbox size limits. Mailbox size limits can be configured on the mailbox store or on individual mailboxes. There are three configuration options available when setting the mailbox size limit: issue warning, prohibit send, and prohibit send and receive. If the prohibit send is configured, the user will receive an error message when they send a message and the message will not be delivered. If the mailbox has reached the prohibit receive level, any e-mail sent to the mailbox will not be delivered to the mailbox and a non-delivery report (NDR) will be created. If a user is unable to send or receive e-mail because they have reached the mailbox size limit, you may need to show the user how to decrease their mailbox size. In many cases, deleting the messages in the Deleted Items and Sent Items folders can significantly reduce the size of the mailbox. If required, you can configure a larger mailbox size limit for individual mailboxes.

! Delivery restrictions. You can configure delivery restrictions that specify who can send to a mailbox or distribution list. If a user is prohibited from sending to a mailbox, their messages will not be delivered. If a user is not able to send to a mailbox or distribution list, confirm why the delivery restriction is in place. If the user should not be restricted, change the delivery restrictions. If the user should be restricted, communicate that to the user.

! Hide from Exchange Address Lists. You can configure individual mailboxes so that they are hidden from the Address Book. If this is configured, the mailbox will not appear in the global address list (GAL), but other users that know the name or the e-mail address of the mailbox will still be able to send to the mailbox. If the mailbox is configured incorrectly, correct the configuration error. If a mailbox is intentionally hidden from the GAL, you may need to show the user how to send e-mail to a hidden mailbox.


There are many possible configuration settings on a public folder that can affect e-mail delivery, including the following:

! Public folder permissions. As with mailboxes, you must have appropriate permissions granted in order to access public folders. By default, all users are assigned the Author role on newly created public folders. However, you can modify user permissions by assigning different roles to a user account or to mail-enabled groups. The client permissions on a public folder can be modified using Outlook or using the Exchange System Manager. If users cannot perform the actions they expect in a public folder, confirm that they have the business requirement to do so. Once this is confirmed, you can assign the appropriate permissions to the public folder either by using the individual mailbox or by adding the mailbox to a mail-enabled group that has the required permissions.

! Public folder size limits. Like mailboxes, public folders can also be configured with size limits that restrict the maximum size of the public folder. When these size limits are reached, users will not be able to post any messages to the public folder. Public folders can also be configured with maximum message size limits. If users cannot post to a public folder because the public folder has reached its maximum size, you can increase the public folder size or you can remove some messages from the folder. If this is a regular occurrence, you can configure the public folder so that messages older than a specified time or date are automatically deleted from the folder.

! Mail-enabled public folders. Public folders can be configured as mail enabled. If a public folder is mail enabled, e-mail addresses are created for the public folder so that users can locate the folder in the GAL and send mail to the folder. Users outside the organization can send e-mail to the folder by using the SMTP address for the public folder. If you want users outside the organization to be able to send mail to a public folder, you must mail-enable the public folder and then make the SMTP address available to the outside users. If you do not want to mail-enable the public folder, instruct internal users to post to the public folder.

! Hide from Exchange Address Lists. By default, public folders that are mail enabled are displayed in the GAL. If a public folder should not be visible in the GAL, the option must be modified. If the public folder is configured incorrectly, correct the configuration error. If a public folder is intentionally hidden from the GAL, you may need to show users how to send e-mail to a hidden public folder, or instruct them to post to the public folder.

Troubleshooting public folder configuration issues


Troubleshooting Single Server Message Flow


In order to troubleshoot message delivery errors, it is useful to understand how messages flow through an Exchange server. Exchange Server 2003 provides the queue viewer and the Message Tracking Center for troubleshooting message delivery. The queue viewer displays all of the queues on the Exchange server so that you can clearly see where messages that are not being delivered are accumulating. By using the Message Tracking Center, you can identify the server or point within a server at which message delivery is stopped.

An Exchange server can receive messages from a client or from another server via SMTP or an X.400 connector. Regardless of the source, the flow of a message through the server is essentially the same. The following steps describe the message flow when a MAPI client sends a message to a recipient on the same server:

1. The message is submitted to the store from the e-mail client. The actual content of the message is stored in the Exchange store.

2. The MailMsg object, which is the header information about the message, is passed to the advanced queuing engine. The advanced queuing engine, which is part of the SMTP service, places the MailMsg object in the pre-categorizer queue. The pre-categorizer queue is one of several queues that are managed by the advanced queuing engine.

3. The message categorizer, which is also part of the SMTP service, retrieves the MailMsg object from the pre-categorizer queue and processes the message. The message categorizer determines the recipients of the e-mail message and determines the best way to route the message to the recipients. If the recipient is a mail-enabled group, the message categorizer must expand the group membership to identify all message recipients. If the mail-enabled group is configured with a different expansion server, the message is sent to the expansion server. During the categorizing process, the message categorizer must connect to a global catalog server that contains information about all member objects of the group.

Single server message flow


4. Because the recipient mailbox is located on the same server as the sender, the message categorizer sends the message to the routing engine which places the message in the local delivery queue.

5. The Exchange store extracts the MailMsg information from the local delivery queue and sends a pointer to the stored message to the appropriate mailbox.

As messages are routed through an Exchange server, they are moved from one queue to another. You can monitor the status of these queues by using the queue viewer. The queue viewer is accessed by expanding the server object in Exchange System Manager and clicking Queues. The queue viewer shows both system queues and link queues. System queues are permanent queues on the Exchange server, such as the local delivery queue or queues for messages awaiting directory lookup or messages waiting to be routed. Link queues are temporary queues created only when needed. For example, when a message is sent to an Internet recipient, a link queue is created for the recipient�s fully qualified domain name.

When messages are not being delivered on the Exchange server, you can use the queue viewer to identify which queue is growing in size. If the Messages awaiting directory lookup queue is growing, you should check global catalog availability. If the Local delivery queue is growing, you should verify that the local mailbox and public folder stores are mounted. If you notice a queue is growing, you can select the queue and then view the additional queue information to help troubleshoot the cause of the queue growth.

In addition to the queue viewer, you can also use the Message Tracking Center to troubleshoot message flow through an Exchange server. When message tracking is enabled on a server, each step of the message flow is logged in the message tracking logs. For example, the following information is logged when a message is sent from one mailbox on an Exchange server to more than one mailbox on the same server:

SMTP Store Driver: Message Submitted from Store SMTP: Message Submitted to Advanced Queue SMTP: Started Message Submission to Advanced Queue SMTP: Message Submitted to Categorizer SMTP: Message Categorized and Queued for Routing SMTP: Message Queued for Local Delivery SMTP: Message Delivered Locally to multiple recipients SMTP Store Driver: Message Delivered Locally to Store to recipient SMTP e-mail address

By viewing the message tracking log, you can identify where an undelivered message failed and begin troubleshooting the correct component.

Using the queue viewer to troubleshoot message flow

Using message tracking to troubleshoot message flow


Troubleshooting the Recipient Update Service


Recipient policies are used to configure e-mail addresses for recipients in an Exchange organization. The Recipient Update Service updates recipient e-mail addresses based on the recipient policies. If recipient policies are not configured correctly, the e-mail addresses assigned to recipients will be incorrect. If the Recipient Update Service is not functioning, any new recipient policies (policies that need to be applied to new recipients) will not be processed. These problems may prevent users from sending and receiving e-mail.

If recipients cannot send and receive e-mail because of incorrectly configured e-mail addresses, the following components may assist you in troubleshooting recipient policies:

! Check for incorrectly configured Lightweight Directory Access Protocol (LDAP) queries on the policy. Recipient policies are only applied to recipients that match the LDAP query. If the e-mail address on a mailbox is not modified as expected, confirm that the LDAP query includes the recipient. When you create the LDAP query, you can select Find Now to view the list of recipients included in the LDAP query.

! Check the policy priority settings. A higher priority policy may overwrite the e-mail addresses configured by a lower priority policy. If you determine that a required e-mail address is being overwritten by another recipient policy, you can change the order in which the policies are applied or you can modify the higher priority policy to include the required e-mail address.

! Apply the policy. When you modify a policy, the policy is applied the next time the Recipient Update Service is run, which is every 60 seconds by default. To apply a policy immediately, right-click the policy and click Apply this policy now. To change the schedule on which the Recipient Update Service is run, right-click the appropriate recipient update service in Exchange System Manager and configure the update interval on the Recipient Update Service Properties General tab. If you apply the policy and the updates still do not appear, check the LDAP query and verify that the Recipient Update Service is functioning correctly.

Troubleshooting recipient policies


! Check for manually configured e-mail addresses. Recipient policies cannot remove or modify any e-mail addresses configured directly on the recipient object in Active Directory. If a user cannot send or receive e-mail because of an address configuration problem, the problem may be manually configured addresses. For example, if a user�s SMTP return address is incorrect, check to see if another address is manually configured as the primary address on the recipient object.

The Recipient Update Service updates recipient e-mail addresses based on the recipient policies. By default, two Recipient Update Service objects are created:

! Recipient Update Service (Enterprise Configuration). This object updates the e-mail addresses of the objects that are in the configuration partition of Active Directory, such as the Exchange store object, the message transfer agent (MTA) object, and the System Attendant object.

! Recipient Update Service (Active Directory domain). This object is created for each Active Directory domain that has an installation of Exchange 2000 or later. It updates e-mail addresses for recipient objects in Active Directory, and it updates address lists based on changes in recipient objects in that domain.

If the e-mail addresses configured by recipient policies are not being applied to recipients, use the following troubleshooting options:

! Force an immediate update. You can force the Recipient Update Service to run immediately by right-clicking the Recipient Update Service object and clicking Update Now.

! Check for Exchange server and Active Directory server availability. The Recipient Update Service object is configured with a domain controller and an Exchange server. The Recipient Update Service must be able to connect to both servers in order to run. If one of the servers is not available, you need to manually reconfigure the Recipient Update Service to use a different server.

! Confirm that the System Attendant service is running. The Recipient Update Service runs within the System Attendant service, so the System Attendant must be running.

! Enable Diagnostics Logging on the Exchange server that manages the Recipient Update Service for the MSExchangeSA Proxy Generation category. After logging is enabled, force the Recipient Update Service to run and then check the application log for details about what is occurring when the Recipient Update Service attempts to run.

Recipient Update Service

Troubleshooting the Recipient Update Service


Pre-Lab Discussion


One of the troubleshooting skills that an Exchange administrator must have is being able to identify the mailbox and public folder problems that prevent users from sending and receiving e-mail messages. These issues are indicated when a client is unable to connect to a server running Exchange Server 2003 to access a mailbox or a public folder. When users connect to Exchange using Outlook Web Access (OWA) or Outlook Mobile Access (OMA), a number of issues may arise that you need to troubleshoot.

In this context, discuss what problems might cause the following symptoms:

! A user cannot receive Internet e-mail sent to his or her e-mail address. ! A user cannot send Internet e-mail. ! A user is unable to post a message to a public folder.


Lab: Troubleshooting Public Folder and Mailbox Problems





! Identify the underlying causes when a user cannot receive Internet e-mail and resolve the problem.




For this lab, you will use the London Virtual PC and the Vancouver Virtual PC. The Vancouver Virtual PC is used to simulate an external organization on the Internet for the purpose of testing e-mail flow to and from the Internet.


1. Start 2011_London Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with the password P@ssw0rd. You

will use OWA on London to check e-mail for the affected users in the lab scenarios. Use the URL http://london/exchange to connect to OWA on London.

3. Start 2011_Vancouver Virtual PC. Because Vancouver is in the Microsoft Windows NT® domain Contoso, which is not part of the same forest as London, you can use Vancouver to simulate an Internet host. When you start Vancouver, Vancouver will run Autochk. You should allow Autochk to complete, at which time Vancouver will start successfully.

4. Log on to Vancouver as Contoso\Administrator. You will use Outlook 2000 on the Vancouver server to send and receive e-mail to the user accounts at NWTraders.

To create the troubleshooting scenarios, run the Breaklab3.vbs script from the c:\moc\2011\Labfiles\Lab03 directory located on 2011_London Virtual PC.

In this lab, you will use the flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario, the Level 1 support comments, and then use the flow charts to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flow chart to determine which path to follow. Use the letters on the flow chart to identify the Lab Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario you have successfully completed the lab.

Note that the flow chart for Exercise 3 is located at the end of the lab.


Lab preparation



If necessary, use one or more of the Lab Toolkit resources listed in the following table to help you complete this lab.

Flow chart resources Resources used for this flow chart B Configuring the Recipient Update Service

C D F H Help: Exchange: Checking Mailbox Size Limits. To locate this information, open Exchange System Manager Help and then search for Define mailbox storage limits.

C Help: Exchange: Checking Message Queues. To locate this information, open Exchange System Manager Help and then search for queue viewer.

H Help: Exchange: Checking Recipient Filter Settings. To locate this information, open Exchange System Manager Help and then search for Create a recipient filter.

F Help: Exchange: Checking Sender Filter Settings. To locate this information, open Exchange System Manager Help and then search for Create a sender filter.

A C D F H Help: Exchange: Tracking Messages. To locate this information, open Exchange System Manager Help, select Help, select Help Topics, and then click Search. Search for message tracking and then click Use the Message Tracking Center.

E Help: Exchange: Verifying the RGC Configuration. To locate this information, open Exchange System Manager Help and then search for Install a routing group connector.

B Help: Exchange: Viewing the Global Address List. To locate this information, open Exchange System Manager Help and then search for Preview search filter results.

C Help: Windows: Check Global Catalog Availability. To locate this information, open Windows Help and search for Dcdiag.exe: Domain controller diagnostic tool.

E G Help: Windows: Testing DNS. To locate information on locating resource records using DNS administrator snap-in, open Windows Help and then search for Manage Resource Records.

E G Help: Windows: Using NSLookup. To locate information on using NSLookup to test DNS, open a command prompt, type NSLookup to start the NSLookup tool, and then type Help.

B Help: Windows: Verifying Active Directory Replication. To locate this information, open Windows Help and then search for Troubleshooting replication: Active Directory.

C D F H Impact of Virus and Content Scanners on Messaging Functionality

A Internet E-Mail Testing Methods

B Using Dcdiag and Netdiag to Verify the Network Infrastructure

C E G Using the Telnet Command to Test Connectivity Between Exchange Servers

G Using the Telnet Command to Test the TCP Port Restrictions on a Firewall

F G H Viewing Delivery Restrictions on SMTP Connectors

B H Viewing Recipient Policies

Lab Toolkit resources: Exercises 1 and 2


If necessary, use one or more of the Toolkit resources listed in the following table to help you complete this lab.

Flow chart reference

Resources used for this flow chart

A Help: Exchange: Forcing Public Folder Replication. To locate this

information, open Exchange System Manager Help and then search for Manually Start Replication.

B Help: Exchange: Mail-Enable a Public Folder. To locate this information, open Exchange System Manager Help and then search for Create a Mail-Enabled Public Folder.

A Help: Exchange: Verify Exchange Services are Running. To locate this information, open Exchange System Manager Help and then search for Monitor Services Used by Exchange. You can use this information to determine the services that should be running, and then view the Services console to verify that all required services are running.

B Help: Exchange: Verify a Public Folder Alias. To locate this information, open Exchange System Manager Help and then search for Set the Alias Name.

A Help: Exchange: Viewing the Global Address List. To locate this information, open Exchange System Manager Help and then search for Preview Search Filter Results.

A Help: Exchange: Viewing Public Folder Permissions in Exchange System Manager. To locate this information, open the Exchange System Manager and locate a public folder. Right-click the public folder and click Properties. Then click the Permissions tab and click Help.


Lab Toolkit resources: Exercise 3


Yes

No

Yes

Yes

B

A

C D

E

Yes

No

Yes

No

No

F

H

G

Trou

bles

hoot

ing

Mai

lbox

Pro

blem

s

No

Yes

Sta

rt

Is t

he e

-mai

lm

essa

ge s

ent

to o

rre

ceiv

ed fro

m t

heIn

tern

et?

No.

inte

rnal

e-m

ail

Is t

he G

ALin

form

atio

n fo

r th

eus

er a

ccur

ate?

Are

the

send

eran

d re

cipi

ent

on t

hesa

me

Exch

ange

serv

er?

Can

the

us

er s

end

and

rece

ive

from

reci

pien

ts o

n ot

her

serv

ers?

Can

the

use

rse

nd o

r re

ceiv

ee-

mai

l fro

m o

ther

Inte

rnet

reci

pien

ts?

Can

oth

er u

sers

send

or

rece

ive

e-m

ail f

rom

the

Inte

rnet

?

1. Ve

rify

send

er u

sed

corr

ect

addr

ess

and

can

se

nd t

o ot

hers

2. C

heck

use

r's

SM

TP a

ddre

ss a

nd u

pdat

e if

ne

cess

ary

3.

Che

ck r

ecip

ient

filt

erin

g se

ttin

g4. C

heck

mes

sage

siz

e lim

its a

nd a

ddre

ss re

stric

tions

on

SM

TP c

onne

ctor

5. C

heck

mes

sage

siz

e an

d m

ailb

ox s

ize

limits

6. C

heck

viru

s sc

anne

r an

d co

nten

t sc

anne

r7. Tr

ack

mes

sage

to

see

if th

e m

essa

ge en

tere

d th

e or

gani

zatio

n

1. C

heck

if u

ser

appe

ars

in t

he G

AL2. C

heck

use

r's

e-m

ail a

ddre

sses

3.

Che

ck R

ecip

ient

Upd

ate

Ser

vice

av

aila

bilit

y4. C

heck

Act

ive

Dire

ctor

y re

plic

atio

n5.

Use

dcd

iag

and

netd

iag

to c

heck

ne

twor

k co

nnec

tivity

1. Ve

rify

that

the

sen

der

used

the

cor

rect

ad

dres

s an

d ca

n se

nd t

o ot

hers

in y

our

or

gani

zatio

n2. C

heck

sen

der

filte

ring

sett

ings

3. C

heck

mes

sage

siz

e lim

its a

nd a

ddre

ss re

stric

tions

on

SM

TP C

onne

ctor

4. C

heck

mes

sage

siz

e an

d m

ailb

ox s

ize

limits

5. C

heck

viru

s sc

anne

r an

d co

nten

t sc

anne

r6.

Trac

k m

essa

ge t

o se

e if

the

mes

sage

en

tere

d th

e or

gani

zatio

n

1. Ve

rify

avai

labl

ity o

f In

tern

et co

nnec

tion

2. Ve

rify

exte

rnal

DN

S M

X re

cord

s an

d D

NS

ser

ver

av

aila

bilit

y3. C

heck

fire

wal

l con

figur

atio

n4. C

heck

SM

TP v

irtu

al s

erve

r av

aila

bilit

y5. C

heck

mes

sage

siz

e lim

its a

nd ad

dres

s re

stric

tions

on

SM

TP co

nnec

tor

1. C

heck

mes

sage

que

ues

2. Tr

ack

mes

sage

3. C

heck

SM

TP s

erve

r fu

nctio

nalit

y4. C

heck

glo

bal c

atal

og a

vaila

bilit

y5. C

heck

if u

sers

are

mai

lbox

ena

bled

6. C

heck

mai

lbox

siz

e lim

its7. C

heck

viru

s sc

anne

r8. C

heck

con

tent

sca

nner

1. C

heck

mai

lbox

siz

e lim

its2. C

heck

viru

s sc

anne

r3. C

heck

con

tent

sca

nner

4. Tr

ack

mes

sage

1. C

heck

net

wor

k co

nnec

tivity

bet

wee

n se

rver

s2. C

heck

DN

S r

esol

utio

n be

twee

n se

rver

s3. C

heck

glo

bal c

atal

og a

vaila

bilit

y4. C

heck

SM

TP s

erve

r fu

nctio

nalit

y5. C

heck

rou

ting

grou

p co

nnec

tor

co

nfig

urat

ion


Trou

bles

hoot

ing

Mai

lbox

Pro

blem

s

B

AIs

the

e-m

ail

mes

sage

sen

t to

or

rece

ived

fro

m

the

Inte

rnet

?

Sta

rt

Is t

he G

AL

info

rmat

ion

for

the

user

acc

urat

e?

1.

Che

ck if

use

r ap

pear

s in

the

GAL

2

. C

heck

use

r’s e

mai

l add

ress

es3

. C

heck

Rec

ipie

nt U

pdat

e S

ervi

ce

avai

labi

lity

3.

Che

ck A

ctiv

e D

irect

ory

repl

icat

ion

4.

Use

dcd

iag

and

netd

iag

to c

heck

ne

twor

k co

nnec

tivity

No

No,

inte

rnal

e-m

ail

Yes

Yes


Trou

bles

hoot

ing

Mai

lbox

Pro

blem

s

C D

E

Are

the

send

eran

d re

cipi

ent

on t

he

sam

e Ex

chan

ge

serv

er?

Can

the

use

r se

nd a

nd r

ecei

ve

from

rec

ipie

nts

on

othe

r se

rver

s?

1. C

heck

net

wor

k co

nnec

tivity

bet

wee

n se

rver

s2. C

heck

DN

S r

esol

utio

n be

twee

n se

rver

s3. C

heck

glo

bal c

atal

og a

vaila

bilit

y4. C

heck

SM

TP s

erve

r fu

nctio

nalit

y5. C

heck

rou

ting

grou

p co

nnec

tor

c

onfig

urat

ion

1. C

heck

mes

sage

que

ues

2. Tr

ack

mes

sage

3. C

heck

SM

TP s

erve

r fu

nctio

nalit

y4. C

heck

glo

bal c

atal

og a

vaila

bilit

y5. C

heck

if u

sers

are

mai

lbox

ena

bled

6. C

heck

mai

lbox

siz

e lim

its7. C

heck

viru

s sc

anne

r8. C

heck

con

tent

sca

nner

1. C

heck

mai

lbox

siz

e lim

its2. C

heck

viru

s sc

anne

r3. C

heck

con

tent

sca

nner

4. Tr

ack

mes

sage

No

No

Yes

Yes


Trou

bles

hoot

ing

Mai

lbox

Pro

blem

s

H

GF

1.

Verif

y th

at t

he s

ende

r us

ed t

he c

orre

ct

addr

ess

and

can

send

to

othe

rs in

you

r

or

gani

zatio

n2

. C

heck

sen

der

filte

ring

sett

ings

3.

Che

ck m

essa

ge s

ize

limits

and

add

ress

re

stric

tions

on

SM

TP C

onne

ctor

4.

Che

ck m

essa

ge s

ize

and

mai

lbox

siz

e lim

its5

. C

heck

viru

s sc

anne

r an

d co

nten

t sc

anne

r6

. Tr

ack

mes

sage

to

see

if th

e m

essa

ge

ente

red

the

orga

niza

tion

1.

Verif

y av

aila

bilit

y of

Inte

rnet

co

nnec

tion

2.

Verif

y ex

tern

al D

NS

MX

reco

rds

and

DN

S s

erve

r av

aila

bilit

y3

. C

heck

fire

wal

l con

figur

atio

n4

. C

heck

SM

TP v

irtu

al s

erve

r

av

aila

bilit

y5

. C

heck

mes

sage

siz

e lim

its a

nd

ad

dres

s re

stric

tions

on

SM

TP

conn

ecto

r

1.

Verif

y se

nder

use

d co

rrec

t ad

dres

s an

d ca

n

se

nd t

o ot

hers

2.

Che

ck u

ser’s

SM

TP a

ddre

ss a

nd u

pdat

e if

nece

ssar

y3

. C

heck

rec

ipie

nt f

ilter

ing

sett

ings

4.

Che

ck m

essa

ge s

ize

limits

and

add

ress

re

stric

tions

on

SM

TP c

onne

ctor

5.

Che

ck m

essa

ge s

ize

and

mai

lbox

siz

e lim

its6

. C

heck

viru

s sc

anne

r an

d co

nten

t sc

anne

r7

. Tr

ack

mes

sage

to

see

if th

e m

essa

ge

ente

red

the

orga

niza

tion.

Can

the

us

er s

end

or

rece

ivee

-mai

l fro

m

othe

r In

tern

etre

cipi

ents

?

Can

oth

er

user

s se

nd o

r re

ceiv

ee-

mai

l fro

m t

he

Inte

rnet

?

No

Yes

No

Yes

Yes


Exercise 1 Troubleshooting Solutions When a User Cannot Send Internal E-Mail


Bryan Walton has entered a service request. Bryan is a new employee. He states that he is unable to send e-mail to anyone. Other users on the network can also not send e-mail messages to him.

In this exercise, you will need to log on to OWA on London using NWTraders\BryanWalto.

Note If Internet Explorer fails to load all data when connecting to OWA, close and restart Microsoft Internet Explorer.

�Bryan is a new user who just started working here yesterday. I checked his computer�it is running a standard build with Microsoft Office 2003. He can�t open Outlook�gets an error message. Checked user account�he is in Active Directory and it looks like he is configured correctly. I can�t send e-mail to his account�it says the name doesn�t exist.�

You must resolve the problems so that Bryan can send and receive e-mail from internal users.


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

Scenario



Exercise 2 Troubleshooting Solutions When a User Cannot Receive Internet E-Mail


Andy Teal has entered a service request. He states that he is unable to receive e-mail from the Internet. He can send and receive e-mail internally, but when Internet e-mail users try to send e-mail to him, they receive NDRs.

In this exercise, you will need to log on to Outlook 2000 on Vancouver using Contoso\Administrator to send messages to Andy Teal. To confirm the messages are delivered, you will also need to open Andy Teal�s mailbox by using his Nwtraders\andyteal Active Directory account.

�Checked Andy�s computer; everything looks like it is properly configured. Outlook client works fine. Can send e-mail to internal users, and receive e-mail from internal users. Can send e-mail to the Internet � can�t receive. Even when Internet users reply to his e-mails, they get an NDR.�

You must resolve the problem so that Andy can receive e-mail messages from the Internet. To simulate the Internet for purposes of this lab, use the Vancouver server.


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

Scenario



Exercise 3 Troubleshooting Solutions When a User Cannot Post to a Public Folder

In this exercise, you will use the flow chart located at the end of this lab and the Lab Toolkit resources to identify and resolve the problem in the scenario.

Ben Smith has entered a service request. He states that he is unable to post messages to a public folder named SalesReports. He can read the contents of the messages in the public folder but cannot post messages.

In this exercise, you will need to log on to OWA on London using NWTraders\BenSmith.

�Ben can send and receive e-mail without problems. Ben can see the public folder in the public folder list. Checked the public folder�everyone in the Sales department is supposed to be able to read and write to the public folder. Permissions on the public folder seem to be set up right.�

You must resolve the problems Ben experiences when trying to post messages to the public folder.


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

Scenario



1. C

heck

fol

der

perm

issi

ons

(r

esta

rt M

icro

soft

Exc

hang

e

Sys

tem

Att

enda

nt t

o cl

ear

serv

er c

ache

imm

edia

tely

)2. C

heck

pub

lic fol

der

repl

icat

ion

3. C

heck

tha

t th

e re

quire

d se

rvic

es a

re r

unni

ng

No

1. Ve

rify

that

the

fol

der

is m

ail

en

able

d2. Ve

rify

that

the

fol

der

is in

GAL

3. Ve

rify

that

the

pub

lic fol

der

e-

mai

l add

ress

is c

orre

ct

No

Yes

A B

Yes

1. C

heck

pub

lic fol

der

repl

icat

ion

co

nfig

urat

ion

2. C

heck

pub

lic fol

der

refe

rral

co

nfig

urat

ion

Trou

bles

hoot

ing

Pub

lic F

olde

r P

robl

ems

Is t

he u

ser

able

to

conn

ect

toth

e pu

blic

fol

der

serv

er?

Yes

1. C

heck

net

wor

k co

nnec

tivity

2. C

heck

DN

S3. C

heck

def

ault

publ

ic fol

der

st

ore

sett

ing

Sta

rt

End

Is t

he u

ser

able

to p

ost

mes

sage

s?

Is t

he u

ser

able

to

open

the

publ

ic fol

der?

Is t

he u

ser

able

to p

ost

via

e-m

ail?

Yes

No

No


For this lab, you used the London and Vancouver Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each virtual PC.








Lab Discussion



! What were the root causes of the problems described in the scenarios? ! What steps did you use and how did the steps help identify the problem? ! What other steps could you have used to identify the problem faster? ! How did you test your solution?

How will you approach these types of troubleshooting issues in your work environment? ! How is your work environment different than the test environment? ! How would your work environment change the troubleshooting process? ! What steps will you take in the future when troubleshooting similar

problems?

Contents

Overview 1

Troubleshooting Outlook Web Access 2

Troubleshooting Outlook Web Access in a Front-End and Back-End Server Topology 5

Troubleshooting Outlook Mobile Access 7


Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems 10

Lab Discussion 22

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access 1

Overview


Microsoft® Outlook® Web Access (OWA) and Microsoft Outlook Mobile Access (OMA) are two of the key Microsoft Exchange Server 2003 components that make e-mail accessible from anywhere and on any device that can connect to the Internet.

In order to troubleshoot OWA and OMA problems, you need to understand the architecture used to deploy these services. Both OWA and OMA use Internet Information Server (IIS) 5.0 or 6.0 to provide access to the Exchange information to Internet clients, so you may need to troubleshoot IIS issues as well as Exchange issues. Most companies deploy OWA and OMA in a front-end and back-end topology, which introduces another layer of complexity to troubleshooting.


! Identify the underlying causes when a user cannot access OWA because of a security error.

! Identify the underlying causes when a user cannot access OWA because of an authentication error and resolve the problem.

! Identify the underlying causes when a user cannot access OMA and resolve the problem.

Objectives

2 Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Troubleshooting Outlook Web Access


OWA in Exchange Server 2003 provides access to messaging information on the Exchange server to users with an Internet browser client. To provide this functionality, OWA is tightly integrated with IIS 5.0 or 6.0.

OWA requires the following components in order to function:

1. Internet Information Services 5.0 or 6.0. The HTTP virtual server on the Exchange server accepts HTTP requests. If the URL for the requested information includes the Exchange virtual directory, the HTTP request is passed to the Exchange Internet Server Application Programming Interface (ISAPI) application.

2. Exchange Server 2003. The HTTP request is parsed by the ISAPI application and passed to the Exchange store. The Exchange server verifies the user has permission to view or modify the requested item. If the user has the required permissions the item is passed back to the Exchange ISAPI application, which renders the content into Hypertext Markup Language (HTML) or Extensible Markup Language (XML) and then passes the data through IIS to the client.

3. Microsoft Active Directory® domain controllers. The OWA server must be able to communicate with the domain controller and global catalog server to determine user permissions and perform address book lookups. The IIS and Exchange configuration information is also stored in Active Directory.

OWA components


Troubleshooting OWA is complicated by the fact that there are several components involved when the OWA client accesses the Exchange server. However, the error messages that you receive in your browser when you try to connect to Exchange by using OWA often provide useful information. The following table lists some of the common error messages that you may receive and some options for troubleshooting the errors.

Error Message Troubleshooting the Error Message 401 Access Denied

401 Logon Failed

• Confirm that the username and password are correct.

• Enter the user name using the domain\username format rather than a UPN.

• Confirm that the user has permission to use OWA.

403 Access Denied • Confirm that the user has access to the resource they are trying to access.

• Check the SSL configuration�the user will get this message if they are using HTTP rather that HTTPS and the site requires SSL.

404 Not Found • Confirm that the object the user is trying to access exists on the Exchange server.

• Check the configuration of URLscan in IIS to confirm that URLscan is not blocking access to the required URL.

• In a front-end and back-end topology, confirm that the front-end server can communicate with the back-end server.

• Confirm the user is using a server name that is identical to the host header on the Exchange virtual server.

500 Internal Server Error

• Confirm that the Exchange server can communicate with an Active Directory server.

• If the client is using Kerberos for authentication, confirm that the time difference between the client computer and the OWA server are within acceptable limits.

503 Service Unavailable

• Confirm that the Information Store service is running and that the required mailbox store is mounted.

• If you have configured additional virtual servers to support multiple domain names, confirm that the virtual directories are configured correctly.

E-mail messages do not display in the Contents pane

• Check the firewall or proxy server settings to ensure they are not blocking the content.

Troubleshooting OWA


When troubleshooting OWA, first ask some basic questions:

! Are all users affected or just one individual? If all users are affected, then the problem is probably a server configuration error. You can begin troubleshooting by identifying the type of error that is sent to the client, and then troubleshoot the IIS and Exchange server configuration. If only one user is affected, the problem is likely a mailbox configuration error or a user error, so you would start the troubleshooting at the individual user or mailbox level.

! Are all Web browsers affected or only specific browsers? When a user connects to the OWA server, the Exchange ISAPI application detects what Web browser version the client is using, since different Web browsers have different functionality. For example, Microsoft Internet Explorer 4.0 and later support Windows® Integrated Authentication, while earlier versions and non-Microsoft clients do not. Internet Explorer 5.0 and later clients support the use of XML and WebDAV. If all browsers are affected, then the problem is likely to be a server configuration problem that is not specific to the new features supported by newer browsers. However, if the problem is client specific, you can start your troubleshooting with the client-specific features. If Internet Explorer 6.0 clients can connect, but Netscape Navigator clients cannot, check the authentication settings. If the opposite is true, check the firewall configuration to see if it is blocking the XML or WebDAV content.

! Is all OWA functionality affected or only some parts? By default, the OWA server includes several virtual directories under the default Web site to enable OWA and OMA mailbox and public folder access. In addition, you may need to configure additional virtual servers and directories on the server to support additional SMTP domains. When troubleshooting, you should check if all OWA functionality is affected or only some parts. For example, if users can access their mailboxes but not the public folders, you can just troubleshoot the connection to the public folder store. You can check whether the public folder store is mounted, or check to see if the public folder server is available. If users can access mailboxes on the default Web site but cannot access their mailboxes using other virtual Web sites on the same server, you can focus your troubleshooting only on the Web sites with problems.


Troubleshooting Outlook Web Access in a Front-End and Back-End Server Topology


Most companies that deploy OWA use a front-end and back-end server topology. There are many advantages to using this topology, but it can also complicate OWA troubleshooting. Troubleshooting is more complicated in a front-end and back-end server topology because you need to test connections between multiple servers, as well as possibly troubleshoot network traffic crossing two firewalls.

There are several benefits to deploying OWA in a front-end and back-end topology. These advantages include:

! Clients use a single namespace. All users can use the front-end server URL to access their mailbox on any back-end server.

! Offload SSL processing. You can offload the processing required for SSL to the front-end servers, which can perform all encryption and decryption of the SSL traffic.

! Enhance security. In most cases, companies deploy the front-end server in a perimeter network, with the back-end servers located on the corporate intranet. The screened subnet is protected from the Internet by an external firewall and a second firewall is placed between the screened subnet and intranet. You can then limit what traffic can pass through each firewall.

! Scalability. The front-end and back-end topology can be scaled to almost any size by deploying several front-end servers in a Network Load Balancing (NLB) cluster.

Front-end and back-end server topology benefits


When you are troubleshooting a front-end and back-end configuration, you will use many of the same steps that you use when you are troubleshooting a single OWA server. The one significant additional step that you may need to include when troubleshooting OWA in a front-end and back-end configuration is troubleshooting multiple servers. In most cases, users will be accessing OWA from the Internet. This means that the clients must connect to the front-end server through the Internet firewall. The front-end server must then connect to a domain controller and the back-end server. You may need to troubleshoot the OWA on each server:

! Test functionality on the back-end server. The initial step in troubleshooting a front-end and back-end topology is to verify that OWA clients can connect to the back-end server. In order for OWA to work through the front-end server, it must first work on the back-end server. If you cannot connect to the back-end server by using OWA, you can use the single server troubleshooting steps discussed in the previous topic to determine the cause of the failure. If the OWA works on the back-end server, then move on to troubleshooting the front-end server.

! Test functionality on the front-end server from the internal network. The second component to test in this topology is the front-end server. You will need to connect to the front-end server from the internal network and check the functionality. If you cannot connect to the front-end server by using OWA, a problem exists between the front-end server and the back-end server. You may need to test the internal firewall configuration, or check the DNS configuration to ensure that the front-end server can locate a domain controller and the back-end server. If you can connect to the front-end server from the internal network, then the problem is located between the front-end server and the Internet, most likely on the external firewall.

! Test all virtual servers on the front-end and back-end servers. Front-end virtual servers and virtual directories that point to mailbox stores must use the same domain names as the corresponding back-end virtual servers or directories. If you can connect to a virtual server on a back-end server, but cannot connect to the same virtual server from the front-end, then ensure that the virtual servers on both servers are configured the same way.

Troubleshooting OWA in a front-end and back-end topology


Troubleshooting Outlook Mobile Access


Outlook Mobile Access (OMA) enables users to access their Exchange Server 2003 mailbox by using a browser-enabled mobile device. Users can use devices such as mobile phones and PDAs that use Extensible Hypertext Markup Language (XHTML), compact HTML (cHTML), or standard HTML browsers to connect to their inbox, calendar, contacts, tasks, and perform global address list (GAL) searches. In addition to mobile phones, Windows Mobile� devices using Microsoft Pocket Internet Explorer and desktop personal computers using Internet Explorer 6.0 or later also support OMA.

The Exchange Server 2003 architecture to support OMA is essentially the same as is used for OWA. When OMA is enabled on an Exchange server, two additional virtual directories are created under the default Web site. The OMA virtual directory is used by OMA clients to connect to the mailboxes on the server. The Microsoft-Server-ActiveSync® virtual directory is used by ActiveSync clients to download messages from the Exchange server. When an OMA client connects to the Exchange server, the client must also be able to access the Exchange virtual directory.

OMA is also supported in a front-end and back-end topology. To enable OMA in this topology, both the front-end and back-end servers must be configured for OMA.

OMA architecture


Because OMA uses the same infrastructure as OWA, much of the troubleshooting for OMA will be the same as it is for OWA. However, there are some configurations which are unique to OMA that you may need to troubleshoot:

! Check the global settings. In order for clients to use OMA, you must enable OMA on the global settings for the Exchange organization. You do this by accessing the properties for Mobile Services under the Global Settings and selecting Enable Outlook Mobile Access. If you want users to be able to access OMA using unsupported devices such as Internet Explorer 6.0, you must also select Enable unsupported devices. If these options are not selected, then the user will receive an error message saying that the account is not enabled for OMA when they try to connect.

! Check individual mailbox configurations. You must also enable OMA on each mailbox before a user will be able to access their mailbox using OMA. You can do this by accessing the user properties in Active Directory Users and Computers; select the Exchange Features tab and enable OMA. If this option is not selected, the user will receive an error message saying that the account is not enabled for OMA when they try to connect.

Note If you are using a front-end and back-end server topology, both servers must be running Exchange Server 2003 in order to enable OWA.

Troubleshooting OMA


Pre-Lab Discussion


OWA and OMA are two of the key Exchange Server 2003 components that make e-mail accessible from anywhere and on any device that can connect to the Internet. Because users are accessing OWA and OMA from anywhere using a variety of Web and mobile access devices, troubleshooting these services can be complicated.

A number of issues that you may need to troubleshoot can arise when users connect to Exchange using OWA or OMA. In this context, discuss what problems might cause the following symptoms:

! A user cannot access OWA because of a service not found error. ! A user cannot access OWA on a front-end server and the user receives an

authentication error. ! A user cannot access OMA on a front end server.


Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems





! Identify the underlying causes when a user cannot access OMA and resolve the problem.

! Identify the underlying causes when a user cannot access OWA because of an authentication error and resolve the problem.



For this lab, you will use the London Virtual PC and the Miami Virtual PC. The Miami Virtual PC will be configured as a front-end server.


1. Start 2011_London-Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with a password of P@ssw0rd. You

may use OWA on London to check e-mail for the affected users in the lab scenarios.

3. Start 2011_Miami Virtual PC. Log on as NWTraders\Administrator. 4. Use Exchange System Manager to browse to the Miami server object, right-

click the server object, and then click Properties. 5. Select This is a front-end server, and then click OK. 6. Restart Miami by clicking Start, Shut Down, and then Restart. Do not

restart Miami by using Virtual PC, as this will save changes made in the lab. 7. You need to use Internet Explorer on Miami to access OWA and OMA. To

connect to the front-end server for OWA, open Internet Explorer and connect to http://miami/exchange. To connect to the front-end server for OMA, open Internet Explorer and connect to http://miami/oma.

In this lab, you will use the flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario and the Level 1 support comments and then use the flow charts to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flow chart to determine which path to follow. Use the letters on the flow chart to identify the Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario you have successfully completed the lab.




If necessary, use one or more of the following Lab Toolkit resources to help you complete this lab:

Flow Chart Resources Resources Used for this Flow Chart A B C D F J Firewall Configuration Required to Support Front-End and Back-

End Servers

E I Help: Exchange: Checking global settings. To locate this information, open Exchange System Manager help and search for Enable Outlook Mobile Access for All Users.

D E I J Help: Internet Information Services: Configuring SSL on Servers. To locate information regarding SSL on virtual directories, search Internet Information Services help for Configuring SSL on Servers and then select Configuring SSL on Servers.

B G Help: Windows: How to use TCP/IP command-line utilities. To locate this information, open Windows help and then search for Command-line utilities: TCP/IP.

C D E F H I J Help: Windows: Testing DNS. To locate information on locating resource records using DNS administrator snap-in, search for Manage Resource Records.

D E I J Help: Windows: Troubleshoot IPSec. To locate information regarding troubleshooting IPSec, search Windows Server 2003 Online Help for IPSec and then select Troubleshooting: Internet Protocol Security (IPSec).

C H Help: Windows: Using IPConfig. To locate this information, open Windows help and search for Ipconfig: Command-line reference.

C D E F H I J Help: Windows: Using NSLookup. To locate information on using NSLookup to test DNS open a command prompt, type NSLookup to start the NSLookup tool, and then type Help.

D J Outlook Mobile Access Requirements

D E I J Securing a Front-End and Back-End Server Infrastructure

A D F J Using the Telnet Command to Test the TCP Port Restrictions on a Firewall

B G Verifying that a Server is Online

E I Verifying the Configuration of the Default Web Site


Lab Toolkit Resources


Sta

rt

Inte

rnet

No

Yes

No

Yes

Yes

No

Yes

No

Inte

rnal

Yes

No

Yes

Yes

No

No

Yes

No

A

BC

E

D

F

GH

I

J

Trou

bles

hoot

ing

OW

A a

nd O

MA

Pro

blem

s

Is t

he u

ser

onth

e in

tern

al n

etw

ork

or o

n th

e In

tern

et?

Can

the

clie

ntpi

ng t

he s

erve

rIP

add

ress

?

Can

the

clie

ntpi

ng t

he s

erve

rho

st n

ame?

Can

you

run

OW

A/O

MA

on t

hefr

ont-e

nd s

erve

r?

Can

you

run

OW

A/O

MA

on t

heba

ck-e

nd s

erve

r?

Can

you

run

OW

A/O

MA

on t

hefr

ont-e

nd s

erve

r?

Can

you

run

OW

A/O

MA

on t

heba

ck-e

nd s

erve

r?

Can

the

clie

ntpi

ng t

he s

erve

rIP

add

ress

?

Can

the

clie

ntpi

ng t

he s

erve

rho

st n

ame?

1. C

heck

ext

erna

l fire

wal

l co

nfig

urat

ion

2. C

heck

ope

n po

rts

and

port

re

dire

ctio

n co

nfig

urat

ion

3. C

heck

pac

ket

filte

ring

co

nfig

urat

ion

1. C

heck

inte

rnal

fire

wal

l2. C

heck

ope

n po

rts

and

port

red

irect

ion

co

nfig

urat

ion

3. C

heck

pac

ket

filte

ring

conf

igur

atio

n4. C

heck

DN

S5. C

heck

fro

nt-e

nd b

ack-

end

secu

rity

co

nfig

urat

ion

6. C

heck

Out

look

Mob

ile A

cces

s co

nfig

urat

ion

1. C

heck

glo

bal s

ettin

gs2. C

heck

def

ault

Web

site

co

nfig

urat

ion

3. C

heck

sec

urity

con

figur

atio

n (S

SL,

IPS

ec)

4. C

heck

Web

site

ava

ilabi

lity

5. C

heck

DN

S

1. C

heck

inte

rnal

fire

wal

l for

in

tern

al n

etw

ork

to p

erim

eter

ne

twor

k co

nfig

urat

ion

2. C

heck

ope

n po

rts

and

port

re

dire

ctio

n co

nfig

urat

ion

3. C

heck

pac

ket

filte

ring

co

nfig

urat

ion

4. C

heck

DN

S

1. C

heck

inte

rnal

fire

wal

l2. C

heck

ope

n po

rts

and

port

re

dire

ctio

n co

nfig

urat

ion

3. C

heck

pac

ket

filte

ring

co

nfig

urat

ion

4. C

heck

DN

S5. C

heck

fro

nt-e

nd b

ack-

end

se

curit

y co

nfig

urat

ion

6. C

heck

Out

look

Mob

ile A

cces

s co

nfig

urat

ion

1. C

heck

if c

lient

can

con

nect

to

ot

her

inte

rnal

Web

site

s2. C

heck

if t

he s

erve

r is

onl

ine

3. C

heck

IP r

outin

g

1. C

heck

DN

S2. C

heck

clie

nt D

NS

ser

ver

se

ttin

gs

1. C

heck

glo

bal s

ettin

gs2. C

heck

def

ault

Web

site

co

nfig

urat

ion

3. C

heck

sec

urity

con

figur

atio

n (S

SL,

IPS

ec)

4. C

heck

Web

site

ava

ilabi

lity

5. C

heck

DN

S

1. C

heck

DN

S2. C

heck

clie

nt's

DN

S s

erve

r se

ttin

gs3. C

heck

fire

wal

l con

figur

atio

n

1. C

heck

if t

he c

lient

can

con

nect

to

oth

er In

tern

et s

ites

2. C

heck

if t

he s

erve

r is

onl

ine

3. C

heck

fire

wal

l con

figur

atio

n4. C

heck

IP r

outin

g


Trou

bles

hoot

ing

OW

A a

nd O

MA

Pro

blem

s

A

Sta

rt

Is t

he u

ser

onth

e in

tern

al n

etw

ork

or o

n th

e In

tern

et?

Can

the

clie

ntpi

ng t

he s

erve

rIP

add

ress

?

Can

the

clie

ntpi

ng t

he s

erve

rho

st n

ame?

Can

you

run

OW

A/O

MA

on t

hefr

ont-e

nd s

erve

r?

1.

Che

ck e

xter

nal f

irew

all

conf

igur

atio

n2

. C

heck

ope

n po

rts

and

port

re

dire

ctio

n co

nfig

urat

ion

3.

Che

ck p

acke

t fil

terin

g

co

nfig

urat

ion

Inte

rnet

Yes

Yes

Yes

Inte

rnal

No

No

No


Trou

bles

hoot

ing

OW

A a

nd O

MA

Pro

blem

s

BC

E

D

1.

Che

ck if

the

clie

nt c

an c

onne

ct

to o

ther

Inte

rnet

site

s2

. C

heck

if t

he s

erve

r is

onl

ine

3.

Che

ck f

irew

all c

onfig

urat

ion

4.

Che

ck IP

rou

ting

1.

Che

ck D

NS

2

. C

heck

clie

nt’s

DN

S s

erve

r

se

ttin

gs3

. C

heck

fire

wal

l con

figur

atio

n

1.

Che

ck in

tern

al f

irew

all

2.

Che

ck o

pen

port

s an

d po

rt r

edire

ctio

n

co

nfig

urat

ion

3.

Che

ck p

acke

t fil

terin

g co

nfig

urat

ion

4.

Che

ck D

NS

5.

Che

ck f

ront

-end

bac

k-en

d se

curit

y

co

nfig

urat

ion

6.

Che

ck O

utlo

ok M

obile

Acc

ess

conf

igur

atio

n

1.

Che

ck g

loba

l set

tings

2.

Che

ck d

efau

lt W

eb s

ite

conf

igur

atio

n3

. C

heck

sec

urity

con

figur

atio

n

(S

SL,

IPS

ec)

4.

Che

ck W

eb s

ite a

vaila

bilit

y5

. C

heck

DN

S

Can

you

run

OW

A/O

MA

on t

he

back

-end

ser

ver?

Yes

No

No

No

No

G 1.

Che

ck f

or o

pen

rela

y2

. U

pdat

e an

tiviru

s si

gnat

ures

3.

Che

ck a

ntiv

irus

and

cont

ent

scan

ning

qua

rant

ine

4.

Che

ck m

essa

ge q

ueue

s

Can

the

clie

ntpi

ng t

he s

erve

rIP

add

ress

?Ye

s

No

Inte

rnal


Trou

bles

hoot

ing

OW

A a

nd O

MA

Pro

blem

s

HJ

I

F

1. C

heck

DN

S

2. C

heck

clie

nt D

NS

ser

ver

se

ttin

gs

1. C

heck

glo

bal s

ettin

gs2. C

heck

def

ault

Web

site

co

nfig

urat

ion

3. C

heck

sec

urity

con

figur

atio

n (S

SL,

IPS

ec)

4. C

heck

Web

site

ava

ilabi

lity

5. C

heck

DN

S

1. C

heck

inte

rnal

fire

wal

l2. C

heck

ope

n po

rts

and

port

re

dire

ctio

n co

nfig

urat

ion

3. C

heck

pac

ket

filte

ring

co

nfig

urat

ion

4. C

heck

DN

S5. C

heck

fro

nt-e

nd b

ack-

end

se

curit

y co

nfig

urat

ion

6. C

heck

Out

look

Mob

ile A

cces

s co

nfig

urat

ion

1. C

heck

inte

rnal

fire

wal

l for

in

tern

al n

etw

ork

to p

erim

eter

ne

twor

k co

nfig

urat

ion

2. C

heck

ope

n po

rts

and

port

re

dire

ctio

n co

nfig

urat

ion

3. C

heck

pac

ket

filte

ring

co

nfig

urat

ion

4. C

heck

DN

S

Can

the

clie

ntpi

ng t

he s

erve

rho

st n

ame?

Can

you

run

OW

A/O

MA

on t

he

fron

t-end

ser

ver?

Can

you

run

OW

A/O

MA

on t

he

back

-end

ser

ver?

Yes

Yes

Yes

Yes

No

No

No


Exercise 1 Troubleshooting Solutions When a User Cannot Access Outlook Web Access


To create the troubleshooting scenario for this exercise, run the breaklab4a.bat script located in the c:\MOC\2011\Labfiles\Lab04 folder on 2011_London Virtual PC. Amy Rusko has entered a service request. She is trying to access her e-mail from home using OWA. When she tries to connect to OWA, Amy receives an error indicating that the service is not available.

In this exercise, you will need to log on to Outlook Web Access on Miami using NWTraders\amyrusko.

�Talked to Amy at home�she is using Internet Explorer 6.0. She had no problem accessing her e-mail when she was in the office during the day. The problem showed up when she tried to use OWA from home. She gets the logon screen but when she enters her user name and password, she receives an error message saying that she needs to use https:// to connect to the server. When she tries to connect using https://miami.nwtraders.msft, she receives an error indicating that the page cannot be displayed.�

You must resolve the problems so that Amy can connect to the front-end Exchange server using OWA.


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


Scenario



Exercise 2 Troubleshooting Solutions When a User Cannot Access Outlook Mobile Access


To create the troubleshooting scenario for this exercise, run the breaklab4b.bat script located in the c:\MOC\2011\Labfiles\Lab04 folder on 2011_London Virtual PC.

In this exercise, you will be using Internet Explorer to simulate a wireless device. To use Internet Explorer as an OMA device, use the following procedure:

1. On Miami, click Start, click Run, type http://Miami/oma and then click OK.

2. If prompted with a Security Alert dialog box, click Add twice and then click Close. If prompted with a second Security Alert dialog box, click Yes to proceed.

3. When prompted for your logon credentials, log on with a user account that has access to OMA. Use the domainname\username format.

4. When prompted that your device type is not supported, click OK.

Raman Iyer has entered a service request. Raman is trying to access his e-mail from his Web phone using OMA. When he tries to connect to OMA he receives an error message.

In this exercise, you will need to log on to OMA on Miami using NWTraders\ramaniyer.


Scenario


�Talked to Raman at the airport where he just landed. He is using a supported cell phone � he can browse other sites using his cell phone. His e-mail worked on his desktop computer in the office when he left this afternoon. He gets the logon screen, and uses the domain name and his user name to connect, but then receives an HTTP 404 error indicating that the file or directory is not found. All servers are working.�

You must resolve the problems so that Raman can connect to the Exchange server using OMA.


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________



Exercise 3 Troubleshooting Solutions When a User Cannot Log In to Outlook Web Access


To create the troubleshooting scenario for this exercise, run the breaklab4c.bat script located in the c:\MOC\2011\Labfiles\Lab04 folder on 2011_London Virtual PC.

In this exercise, you will need to log in to OWA on Miami using NWTraders\hanyingfeng.

Hanying Feng has entered a service request. He is trying to access his e-mail from a hotel room using OWA. When Hanying tries to connect, he gets an authentication error.

�Talked to Hanying at the hotel room where he is staying�he is using Internet Explorer 6.0. He has been gone from the office for about a week; this is the first time he has tried to access his e-mail in the last week. He gets the logon screen, but when he enters his user name and password he is not authenticated. Instead he just gets the logon screen again. All servers are working.�

You must resolve the problems so that Hanying can connect to the Exchange server using OWA.


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


Scenario



For this lab, you used the Miami and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image.



1. On Miami, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK.





Lab Discussion


What steps did you follow in the troubleshooting flowcharts?

! What were the root causes of the problem described in the scenario? ! What steps did you use and how did the steps help identify the problem? ! What other steps could you have used to identify the problem faster? ! How did you test your solution?

How will you approach these types of troubleshooting issues in your work place?

! How is your work environment different than the test environment? ! How would your work environment change the troubleshooting process? ! What steps would you take in the future when troubleshooting similar

problems?

Contents

Overview 1

Messaging Clients Used to Access Exchange Server 2003 2

How Messaging Clients Connect to Exchange Server 2003 5

Additional Services Required for Connecting to Exchange Server 2003 7


Lab: Troubleshooting Client Connectivity Problems 10

Lab Discussion 20

Unit 5: Troubleshooting Client Connectivity


Unit 5: Troubleshooting Client Connectivity 1

Overview


In this unit, you will learn how to troubleshoot the connection between a client and a Microsoft® Exchange Server server, particularly the messaging client and its connection to the server. The focus of this unit is on client configuration issues and those services needed by the client in order to connect to the computer running Microsoft Exchange Server 2003. Most problems reported by users who cannot access their e-mail are related to the ability of the messaging client to access and connect to the e-mail server. These connection problems can arise whether the user is an internal user on the local area network or a remote user connecting from the Internet.


! Identify the underlying causes when a user is unable to send e-mail to the Internet from home using Outlook Express and resolve the problem.

! Identify the underlying causes when a user receives a �The connection to the server has failed� message from home and resolve the problem.

! Identify the underlying causes when a new user receives an error message when trying to connect to his or her mailbox and resolve the problem.

Objectives

2 Unit 5: Troubleshooting Client Connectivity

Messaging Clients Used to Access Exchange Server 2003


How you troubleshoot the connection between a messaging client and an Exchange server will depend on the messaging client used. Not all messaging clients use the same protocols and ports. For example, knowing that a Microsoft Outlook® Web Access (OWA) client uses a different port than the ports used by an Outlook client will help when it comes to troubleshooting each of these messaging clients. If one messaging client works while another messaging client does not work, you can focus your troubleshooting on the differences between the messaging clients.

The table below identifies various messaging clients, their usage and troubleshooting solutions.

Messaging clients Messaging client usage and troubleshooting Microsoft Outlook • The Outlook client is Microsoft�s full-featured, rich mail

client.

• Outlook uses MAPI to make and maintain connections to the Exchange server environment.

• Outlook 2003 can make remote procedure call (RPC) connections over HTTP connections.

• You can configure an Exchange Server 2003 front-end server to accept RPC over HTTP connections and act as a proxy to connect to the back-end server, where the user�s mailbox exists.

• By using RPC instead of HTTP, Outlook users can connect to their mailbox across the Internet, without using a virtual private network (VPN) connection into the corporate network.

• Using RPC over HTTP will ease troubleshooting connections through a firewall.

Messaging clients


(continued) Messaging clients Messaging client usage and troubleshooting Microsoft Outlook (continued)

• Troubleshooting the connection between an Outlook client and an Exchange server requires:

• Troubleshooting RPC connections.

• Troubleshooting MAPI profiles.

• Troubleshooting router and firewall port mappings.

Microsoft Outlook Express

• Outlook Express is often used by remote users who only need access to e-mail and who do not need all of the functionality of the Outlook client application.

• Troubleshooting Outlook Express is simply a matter of verifying that the proper virtual servers are running, and that the firewall has properly published the ports:

• 25 for outbound and inbound Simple Mail Transfer Protocol (SMTP) messages to and from Internet SMTP servers

• 465 for SMTP that is secured using Secure Sockets Layer (SSL)

• 110 for Post Office Protocol version 3 (POP3) for Outlook Express clients to pick up e-mail from the Exchange server environment

• 995 for POP3 that is secured using SSL

• 143 for Internet Message Access Protocol version 4rev1 (IMAP4) for Outlook Express clients to pick up e-mail from the Exchange server environment

• 993 for IMAP4 that is secured using SSL

• 80 for HTTP for Outlook Express clients to download e-mail from their Exchange server

• 443 for HTTP that is secured using SSL

OWA • One of the most flexible e-mail clients is OWA. Almost any Web browser can be used to access e-mail from an Exchange server using OWA.

• Troubleshooting OWA is much easier than troubleshooting any other client since OWA is comprised of Web pages being served from the Exchange server.

• OWA is often used by e-mail administrators to help troubleshoot other e-mail clients. If OWA is able to send and receive e-mail internally as well as to and from the Internet, you can be sure that the Exchange server is up and running properly.

• Troubleshooting OWA requires:

• Verifying that the proper fully qualified domain name is being used.

• Verifying that the OWA server can be reached from the Internet.

• Verifying that the user prefaced the URL with https:// in the event it is secured with SSL.


(continued) Messaging clients Messaging client usage and troubleshooting Microsoft Outlook Mobile Access (OMA)

• Outlook Mobile Access is used by mobile devices such as cell phones and wireless PDAs to access Exchange mailbox and public folder data.

• Increased use of mobile devices requires more troubleshooting.

• Many mobile devices connect to the Exchange server using HTTP.

• Troubleshooting mobile devices requires:

• Verifying that port 80 and 443 are available.

• Verifying that the mobile user content is available on the server.

Other applications • E-mail access is not limited to Microsoft e-mail client applications only.

• Many e-mail clients function as POP3 or IMAP4 clients.

• Troubleshooting other applications requires the same process as Outlook Express, which is described earlier in this table.


How Messaging Clients Connect to Exchange Server 2003


When troubleshooting messaging clients, you need to understand where each messaging client is used and what ports the messaging client needs. This is very important in troubleshooting messaging clients, especially those clients that are outside the company network.

The messaging client does not connect to Exchange Server 2003 unless the proper services are running on the server. Messaging clients outside the company will also have to contend with the firewall. Troubleshooting external messaging clients will often require verification that the firewall has properly published the port and mapped it to the Exchange server.


When troubleshooting, remember to check the connections used by different messaging clients, some of which are listed in the following table.

Messaging clients Protocol and port connections to Exchange Outlook • Outlook 2003 normally connects using RPC across

a local area network (LAN), a WAN, or a VPN connection.

• Using RPC over HTTP, however, Outlook 2003 uses:

• 80 for HTTP


Outlook Express • Outlook Express can combine IMAP4 and SMTP or combine POP3 and SMTP to provide messaging connectivity to the Exchange server.

• Outlook Express can also use SSL.

• The ports used for messaging in Outlook Express include:

• 25 for SMTP connections

• 465 for SMTP that is secured using SSL

• 110 for POP3 connections

• 995 for POP3 that is secured using SSL

• 143 for IMAP4 connections

• 993 for IMAP4 that is secured using SSL

• 80 for HTTP


OWA • OWA connections use:

• 80 for HTTP


OMA • OMA connections use:

• 80 for HTTP



Additional Services Required for Connecting to Exchange Server 2003


Several different protocols and services are required in order for a client application to connect to an Exchange server. You must include these protocols and services in your troubleshooting processes when troubleshooting client connectivity. For example, without DNS, the messaging client would not be able to find the Exchange server and connect to the proper port using its fully qualified domain name.

The following table lists several protocols and services that will help you in troubleshooting client connectivity.

Service How it is used by Exchange and messaging client DNS • DNS is required in three situations:

• DNS is used by the client application to resolve the fully qualified name of the Exchange server for remote users and to resolve the simple host name for internal users. Once the name of the server has been resolved to an IP address, the connection can take place.

• DNS is used by the Exchange server to send SMTP e-mail to an internal smart host or to send e-mail directly to the receiving domain by resolving the mail exchanger (MX) record to the proper IP address and then making the connection over port 25.

• DNS is used by mail servers on the Internet to find the Exchange server for the company to which they want to send e-mail. If the sending server cannot find the MX record or cannot properly resolve the MX record, the connection will not take place and e-mail will not be received.


(continued) Service How it is used by Exchange and messaging client IIS • Internet Information Services (IIS) is required for hosting Web

server content used to generate pages for browser clients.

• OWA requires IIS to host content for users who access their e-mail using a compliant browser.

• OMA requires IIS to host content for the many different types of mobile clients who access e-mail via the Web.

NNTP • Network News Transfer Protocol (NNTP) is required to access the public folders in a company using a news reader like Outlook Express.

• If individuals are having trouble accessing public folders or posting to public folders, check permissions after verifying that the NNTP and Microsoft Exchange Information Store services are running and that NNTP is available for the client connection.

IMAP4 • IMAP4 is used by Outlook Express and other remote e-mail client applications to connect to the Exchange server and retrieve e-mail.

• When troubleshooting failing IMAP4 clients, check to make sure DNS is resolving properly, the firewall is allowing traffic flow using the IMAP4 port, and the IMAP4 service is running properly.

POP3 • POP3 is often used by Outlook Express and other remote e-mail client applications to connect to the Exchange server from the Internet.

• POP3 and IMAP4 are used mostly by remote e-mail users.

• When troubleshooting failing POP3 clients, check to make sure DNS is resolving properly, the firewall is allowing POP3 traffic flow, and the POP3 service is running properly.

SMTP • SMTP is used by Outlook Express and other remote e-mail client applications to send e-mail to the Internet.

• SMTP is used by Exchange Server 2003 to transfer messages between Exchange servers, depending on the location of the recipient�s mailbox.

• SMTP troubleshooting is similar to troubleshooting IMAP4 and POP3 virtual servers.

• When troubleshooting SMTP, check DNS first, verify that the firewall is not blocking port 25, and verify that the SMTP service is available and running.


Pre-Lab Discussion


Client connectivity problems will impact all network-based applications. Since Exchange Server 2003 supports different types of messaging clients, it is important to know the differences between the client types and how to troubleshoot each type. It is especially important to note the differences between the messaging clients when troubleshooting their connectivity to the Exchange server.

Discuss what problems might cause the following symptoms:

! An Outlook Express user cannot send e-mail to the Internet from home. ! An Outlook Express user cannot access their e-mail from home. The user

receives a �The connection to the server has failed� message. ! A new user running Outlook cannot open their mailbox.


Lab: Troubleshooting Client Connectivity Problems


In this lab, you will troubleshoot problems with messaging client connectivity. Each exercise can be solved using the Lab Toolkit resources and the processes provided in the accompanying flow chart.




! Identify the underlying causes when a user receives a �The connection to the server has failed� message from home and resolve the problem.

! Identify the underlying causes when a new user receives an error message when trying to connect to his or her mailbox and resolve the problem.



For this lab, you will use the Acapulco, London, and Vancouver Virtual PCs. The Acapulco Virtual PC is used to provide a messaging client for internal users as well as external users. London is a domain controller, global catalog server, DNS server, and Exchange Server 2003 server. Vancouver is a Microsoft Windows NT® 4.0 domain controller that is also running Exchange 5.5 and Outlook 2000.

To prepare for this practice:

1. Start 2011_London Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with the password P@ssw0rd. 3. Start the 2011_Acapulco Virtual PC and log on as nwtraders\chrisgray. 4. Start the 2011_Vancouver Virtual PC. 5. Log on as Contoso\Administrator with the password P@ssw0rd.

In this lab, you will use the flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario, the Level 1 support comments, and then use the flow charts to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flow chart to determine which path to follow. Use the letters on the flow chart to identify the Lab Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario you have successfully completed the lab.




If necessary, use one or more of the Lab Toolkit resources listed in the following table to help you complete this lab.

Flow chart reference Resources used for this flow chart F E-Mail Blocked from Subscribers of an Exclusion List (Block List)

A C D F G Help: Exchange: Authentication Methods Used in Exchange Server 2003. To locate this information, open Exchange System Manager Help and then search for Edit authentication methods.

E Help: Exchange: Check Mobile Services Permissions. To locate this information, open Exchange System Manager Help and then search for Set mobile service settings.

A E Help: Exchange: Check Protocol Permissions. To locate this information, open Exchange System Manager help and then search for Set protocol settings.

G Help: Exchange: Managing Message Queues. To locate this information, open Exchange System Manager Help and then search for Manage message queues.

A C D Help: Exchange: Managing Virtual Servers. To locate this information, open Exchange System Manager Help, search for Configure virtual servers, and click the appropriate topic for the type of virtual server. Topics of particular interest include Configure an SMTP Virtual Server and Create Additional SMTP Virtual Servers.

E Help: Exchange: Verify Mobile Services are Configured on the Server. To locate this information, open Exchange System Manager Help and then search for Enable Outlook Mobile Access for all users.

A B Help: Windows: How to Use TCP/IP Command-Line Utilities. To locate this information, open Windows Help and then search for Command-line utilities: TCP/IP.

A B C D E F G Help: Windows: Testing DNS. To locate information on locating resource records using the DNS administrator snap-in, open Windows Help and then search for Manage resource records.

B Help: Windows: Troubleshooting TCP/IP. To locate this information, open Windows Help and then search for Troubleshooting: TCP/IP.

B Help: Windows: Using IPConfig. To locate this information, open Windows Help and then search for Ipconfig: Command-line reference.

B E Help: Windows: Using NSLookup. To locate information on using NSLookup to test DNS, open a command prompt, type NSLookup to start the NSLookup tool, and then type Help.

A Help: Windows: Verifying SMTP. To locate this information, open Windows Help and then search for Managing services: Common administrative tasks.

F G Impact of Virus and Content Scanners on Messaging Functionality

C D E F G Using the Telnet Command to Test the TCP Port Restrictions on a Firewall

B E Verifying that a Server is Online

A Verifying that the Smart Host is Running




IMAP

/PO

PIM

AP

POP

No

Yes

F

B

G

D

Mes

sagi

ng C

lient

Una

ble

to C

onne

ct t

oEx

chan

ge S

erve

r 2

00

3 S

erve

r

Yes

No

MAP

I

OW

A/O

MA

A

C

E

Sta

rt

Wha

t m

essa

ging

clie

nt is

bei

ngus

ed?

Whi

chm

essa

ging

clie

nt is

bein

g us

ed, P

OP

or IM

AP?

Can

the

use

rre

ceiv

e In

tern

ete-

mai

l?

Can

the

use

rse

nd In

tern

ete-

mai

l?

1. Ve

rify

SM

TP is

run

ning

2. Ve

rify

smar

t ho

st is

run

ning

, if

us

ed3. Ve

rify

that

vir

tual

ser

vers

are

co

nfig

ured

app

ropr

iate

ly in

clud

ing

fo

r au

then

ticat

ion

and

for

SS

L4. C

heck

pro

toco

l per

mis

sion

s5. Ve

rify

rout

e to

ser

ver

6. Te

st D

NS

1. Ve

rify

IP c

onfig

urat

ion

on c

lient

is co

rrec

t2. Te

st D

NS

fro

m c

lient

3. Ve

rify

serv

er is

onl

ine

4. Te

st n

etw

ork

rout

e5. C

heck

hos

ts a

nd Im

host

s fil

es

1. Te

st P

OP3

vir

tual

ser

ver

2. Ve

rify

that

vir

tual

ser

vers

are

conf

igur

ed a

ppro

pria

tely

incl

udin

g fo

r au

then

ticat

ion

and

for

SS

L3. Ve

rify

firew

all a

llow

s po

rt 1

10

an

d 995

4. Te

st D

NS

1. Te

st IM

AP4 v

irtu

al s

erve

r2. Ve

rify

that

vir

tual

ser

vers

are

conf

igur

ed a

ppro

pria

tely

incl

udin

g fo

r au

then

ticat

ion

and

for

SS

L3. Ve

rify

firew

all a

llow

s po

rt 1

43

an

d 993

4. Te

st D

NS

1. Te

st S

MTP

usi

ng T

elne

t on

por

t 25 fro

m E

xcha

nge

serv

er2. Ve

rify

that

app

ropr

iate

au

then

ticat

ion

is e

nabl

ed3. Te

st D

NS

4. C

heck

mes

sage

que

ues

5. C

heck

ant

iviru

s an

d co

nten

t qu

aran

tines

1. C

heck

ext

erna

l DN

S (M

X R

ecor

ds)

2. Te

st S

MTP

vir

tual

ser

vers

usi

ng Te

lnet

on

port

25 fro

m In

tern

et3. C

heck

e-m

ail b

lock

list

s4. C

heck

ant

i-viru

s/co

nten

t sc

anne

rs5. C

heck

SM

TP a

uthe

ntic

atio

n

1. C

heck

pro

toco

l per

mis

sion

s2. C

heck

mob

ile s

ervi

ces

pr

emis

sion

s on

acc

ount

3. Ve

rify

mob

ile s

ervi

ces

conf

igur

ed on

ser

ver

4. Te

st D

NS

fro

m c

lient

5. Ve

rify

serv

er is

onl

ine

6. C

heck

fire

wal

l pub

licat

ion

and

re

dire

ctio

n of

OW

A an

d O

MA

site

s

End


BD

A

C

Mes

sagi

ng C

lient

Una

ble

to C

onne

ct t

oEx

chan

ge S

erve

r 2

00

3 S

erve

r

Wha

t m

essa

ging

clie

nt is

bei

ngus

ed?

Whi

chm

essa

ging

clie

nt is

be

ing

used

, PO

P or

IMAP

?

1.

Verif

y S

MTP

is r

unni

ng2

. Ve

rify

smar

t ho

st is

run

ning

, if

used

3.

Verif

y th

at v

irtu

al s

erve

rs a

re

conf

igur

ed a

ppro

pria

tely

incl

udin

g

fo

r au

then

ticat

ion

and

for

SS

L4

. C

heck

pro

toco

l per

mis

sion

s5

. Ve

rify

rout

e to

ser

ver

6.

Test

DN

S

Sta

rt

1.

Verif

y IP

con

figur

atio

n on

clie

nt

is c

orre

ct2

. Te

st D

NS

fro

m c

lient

3.

Verif

y se

rver

is o

nlin

e4

. Te

st n

etw

ork

rout

e5

. C

heck

hos

ts a

nd lm

host

s fil

es

1.

Test

PO

P3 v

irtu

al s

erve

r2

. Ve

rify

that

vir

tual

ser

vers

are

co

nfig

ured

app

ropr

iate

ly in

clud

ing

for

auth

entic

atio

n an

d fo

r S

SL

3.

Verif

y fir

ewal

l allo

ws

port

11

0

and

99

54

. Te

st D

NS

1.

Test

IMAP

4 v

irtu

al s

erve

r2

. Ve

rify

that

vir

tual

ser

vers

are

conf

igur

ed a

ppro

pria

tely

incl

udin

g

fo

r au

then

ticat

ion

and

for

SS

L3

. Ve

rify

firew

all a

llow

s po

rt 1

43

an

d 9

93

4.

Test

DN

S

MAP

I

IMAP

/PO

P

POP

IMAP


Mes

sagi

ng C

lient

Una

ble

to C

onne

ct t

oEx

chan

ge S

erve

r 2

00

3 S

erve

r

FG

E1. C

heck

pro

toco

l per

mis

sion

s2. C

heck

mob

ile s

ervi

ces

pe

rmis

sion

s on

acc

ount

3. Ve

rify

mob

ile s

ervi

ces

conf

igur

ed

on

ser

ver

4. Te

st D

NS

fro

m c

lient

5. Ve

rify

serv

er is

onl

ine

6. C

heck

fire

wal

l pub

licat

ion

and

re

dire

ctio

n of

OW

A an

d O

MA

site

s

1. C

heck

ext

erna

l DN

S (M

X R

ecor

ds)

2. Te

st S

MTP

vir

tual

ser

vers

usi

ng

te

lnet

on

port

25 fro

m In

tern

et3. C

heck

e-m

ail b

lock

list

s4. C

heck

ant

i-viru

s/co

nten

t sc

anne

rs5. C

heck

SM

TP a

uthe

ntic

atio

n

1. Te

st S

MTP

usi

ng T

elne

t on

por

t

25 fro

m t

he E

xcha

nge

serv

er2. Ve

rify

that

app

ropr

iate

au

then

ticat

ion

is e

nabl

ed3. Te

st D

NS

4. C

heck

mes

sage

que

ues

5. C

heck

ant

iviru

s an

d co

nten

t qu

aran

tines

Can

the

use

rre

ceiv

e In

tern

ete-

mai

l?

Can

the

use

rse

nd In

tern

ete-

mai

l?

End

Yes

Yes

No

No


Exercise 1 Outlook Express User Unable to Send E-Mail to the Internet


To create the troubleshooting scenario for this exercise, run the breaklab5a.bat script located in the c:\MOC\2011\Labfiles\Lab05 folder on 2011_London Virtual PC.

Chris Gray has entered a service request. He states that he is unable to send or receive e-mail to and from an Internet recipient from his home computer. He says that he is able to receive e-mail from internal users.

On Acapulco, create an Outlook Express IMAP mail account for NWTraders\ChrisGray. His account must be configured to use SSL for SMTP communications and to require authentication for outgoing mail. Use this Outlook Express account to connect to the London server and troubleshoot the connection.

�Chris has been able to send and receive e-mail to and from the Internet before today. He says that he has never had this problem before. I verified that the configuration of Outlook Express on Chris�s computer is set to use the SSL port for SMTP per company directives. He does not have his Outlook Express client configured to use SSL with IMAP4, and this needs to be changed. All remote users are supposed to use SSL when connecting with Outlook Express. I verified that Chris� mailbox exists and has messages in it.�

You must establish full e-mail communication for Chris Gray.


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


Scenario



Exercise 2 Outlook Express User Unable to Connect to Exchange Server 2003 Server


To create the troubleshooting scenario for this exercise, perform the following steps: 1. On the 2011_Acapulco Virtual PC, on the menu, click PC, click Shut

Down, click Turn off PC and undo changes, and then click OK. 2. On the 2011_Vancouver Virtual PC, on the menu, click PC, click Shut

Down, click Turn off PC and undo changes, and then click OK. 3. Run the breaklab5b.bat script located in the c:\MOC\2011\Labfiles\Lab05

folder on 2011_London Virtual PC. 4. Start the 2011_Acapulco Virtual PC and then log on as

NWTraders\alexhanki with the password P@ssw0rd.

Alex Hankin has entered a service request. He states that he is unable to access his e-mail from home using Outlook Express. He is repeatedly receiving a message that states �The connection to the server has failed.�

On Acapulco, create an Outlook Express IMAP mail account for NWTraders\AlexHanki that uses SSL to secure both IMAP and SMTP. Use this Outlook Express account to connect to the London server and troubleshoot the connection.

�Talked to Alex on the phone and walked him through configuration of Outlook Express. He has the correct server configured and the rest of his settings appear to be fine in Outlook Express.�

You must resolve the problems Alex experiences when accessing his e-mail from home using Outlook Express.


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


Scenario



Exercise 3 New Outlook User Unable to Open His Mailbox



Gary Schare was just hired and provided with his computer. Gary reports to the service department that his computer takes a very long time to start up, and that after it finally starts, he is unable to access his mailbox using Outlook.

In this exercise, you will need to create a profile for NWTraders\GarySchar on Acapulco.

�Talked to Gary on the phone and had him reboot his computer � it took 20 minutes to log on! After it was up, I walked him through deleting and recreating his Outlook profile. Gary is a new hire so I checked and verified that his account was created.

�Ran the Outlook 2003 Wizard to connect to the Exchange Server 2003 mailbox and clicked Next after entering the server name and user name. Outlook 2003 hung for several minutes and eventually provided an error. The error states that the connection to the Exchange server is unavailable. Clicked OK after the error and was asked for the server and user names again. Verified with Operations�all Exchange servers are running without any reported problems.�

You must resolve the problems Gary experiences when attempting to access his mailbox.

Log onto Acapulco as GarySchar using the password P@ssw0rd. Use Outlook 2003 to connect to the London server and troubleshoot the connection.


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


Scenario



For this lab, you used the Acapulco, Vancouver, and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image.

Important When you shut down the Virtual PCs using these instructions, all changes made to the Virtual PCs will be lost.



2. If you have not yet shut down Vancouver, on Vancouver, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK.





Lab Discussion



! What were the root causes of the problems described in the scenarios? ! What steps did you use and how did the steps help identify the problem? ! What other steps could you have used to identify the problem faster? ! How did you test your solution?



problems?

Contents

Overview 1

Troubleshooting Intra-Routing Group Connectivity 2

Troubleshooting Routing Group Connectivity 5

Troubleshooting Connectivity to Other E-Mail Systems 8

Troubleshooting Connectivity to the Internet 11


Lab: Troubleshooting Server Connectivity Problems 15

Lab Discussion 26

Unit 6: Troubleshooting Server Connectivity

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Unit 6: Troubleshooting Server Connectivity 1

Overview


Large companies generally have complicated e-mail infrastructures, a fact which makes troubleshooting e-mail delivery in those companies complicated as well. In order to troubleshoot e-mail delivery in this kind of environment, you may need to troubleshoot message delivery between servers in the same routing group or in different routing groups. You also may need to troubleshoot message delivery to other messaging systems, either to other systems in your own company or to SMTP (Simple Mail Transfer Protocol) servers on the Internet.


! Troubleshoot message delivery between servers in the same routing group. ! Troubleshoot message delivery between servers in different routing groups. ! Troubleshoot message delivery between a Microsoft® Exchange

Server 2003 organization and another e-mail system. ! Troubleshoot message delivery between an Exchange Server 2003

organization and the Internet.

Objective

2 Unit 6: Troubleshooting Server Connectivity

Troubleshooting Intra-Routing Group Connectivity


Most companies will deploy more than one server running Exchange Server 2003 in a central office where each server may contain thousands of mailboxes. In this environment, you will need to troubleshoot message flow between two or more Exchange servers in the same routing group.

Message delivery within a single routing group is an extension of message routing within a single server. When a message is submitted to the server by a client, the SMTP (Simple Mail Transfer Protocol) routing engine on the server queries the global catalog to determine the recipient�s mailbox server. If the mailbox is on another server in the same routing group, the message is routed by the SMTP server to the destination Exchange server. Message delivery within a single site has the following characteristics:

! All message delivery is point to point. Within a single routing group, messages are always delivered from the sender�s Exchange server directly to the recipient�s Exchange server. Messages are never routed between multiple servers.

! All message delivery between Exchange servers uses the SMTP protocol. Exchange Server 2003 and Microsoft Exchange Server 2000 use SMTP protocol to deliver messages within a routing group. If the routing group also contains a Microsoft Exchange 5.5 server, messages sent to and from the Exchange 5.5 servers will use the RPC (Remote Procedure Call) protocol. When messages are sent using the RPC protocol, the message routing is calculated by the SMTP routing engine; then the message is forwarded to the Microsoft Exchange MTA (Message Transfer Agent) Stacks service and sent to the destination server.

Intra-routing group message delivery


! Messages are delivered as soon as the messages are received. Message delivery within a single routing group cannot be scheduled by the server. However, the sender can specify a message delivery time by using Microsoft Outlook®.

! Message delivery is automatically configured between Exchange servers in the same routing group. You cannot modify the settings for message delivery within a single routing group.

When all Exchange servers are in the same routing group, message delivery is less complicated. However, message delivery does fail occasionally and you will need to troubleshoot the failed deliveries. Listed below are some components to check when performing this troubleshooting:

! DNS server availability and zone information. A sending Exchange server must query DNS to locate the other Exchange servers in the routing group. If the DNS lookup fails, the message will not be delivered. The Exchange server also uses DNS to locate domain controllers and global catalog servers. Use Ping and NSLookup to diagnose DNS lookup issues.

! Microsoft Active Directory® and global catalog availability. In order for the sending Exchange server to send e-mail to a recipient, the Exchange server must query the global catalog to determine the destination Exchange server. If a global catalog server is not available, the messages will remain on the sending Exchange server in the Messages awaiting directory lookup queue. If the global catalog server is not available in the Exchange server�s site, either configure another domain controller as a global catalog server or configure the Exchange server to use a global catalog server in another site. If the global catalog server is overloaded, you must configure another domain controller to operate as global catalog server.

! Message queues. One of the key pieces of information that you can determine from the message queues is where the message delivery is failing. For example, if the messages are stuck in a local queue on the sending server, use the guidelines for troubleshooting message delivery on a single server. If the messages are stuck in the remote delivery queue on the local server, troubleshoot the connection between the sending and receiving servers. If the messages are stuck in a queue on the destination server, troubleshoot message delivery on the destination server.

! Expansion servers. If a message sent to a mail-enabled group is not delivered, you should check the expansion server setting on the group properties. By default, any Exchange server can expand the membership list of a mail-enabled group, but you can modify this so only a specific server can act as the expansion server. If no specific expansion server is configured on the group properties, you should check the group type. If the group is a global group that is in a different domain than the sending Exchange server, the Exchange server will not be able to expand the membership list for the group. In this case, either configure an expansion server for the group that is in the same domain as the group�s members or change the group to a universal group. If an expansion server is configured for the mail-enabled group, confirm that the expansion server is available in the same domain as the group members and that it can connect to a global catalog server.

Troubleshooting intra-routing group message routing


! Global settings, virtual server settings, and mailbox settings. If only a few messages are not being delivered within the routing group, you should attempt to determine if the messages have any common characteristics. For example, if messages with large attachments are not being delivered, determine why this type of message is not being delivered. The maximum message size can be configured on the global settings, on the virtual server settings, or on the individual mailbox. If there are any message size limits set on the mailbox, these settings will override all other settings. If the message limit is set on the SMTP virtual server and on the global settings, the virtual server settings will override the global settings.


Troubleshooting Routing Group Connectivity


Many large companies have numerous office locations that contain Exchange servers. To control the flow of e-mail messages between office locations, you can create a routing group for each office and then configure routing group connectors between the routing groups. When you configure the routing group connectors, you can manage when messages will be delivered, manage the message sizes that can be delivered between the offices, and configure delivery restrictions controlling who can send messages between the routing groups.

When you configure a routing group connector, you also configure a bridgehead server in each routing group. All messages sent between the routing groups are sent from the sending server to the bridgehead server in its routing group, transferred to the bridgehead server in the destination routing group, and then sent to the destination server.

Exchange Server 2003 supports three connectors between routing groups:

! The Routing Group connector. This connector uses SMTP to transfer messages to the destination routing group and can be configured to use zero, one, or multiple local bridgehead servers. When delivering a message to another routing group, the sending server must resolve the Internet Protocol (IP) address of the target bridgehead server by using DNS. In most cases, the Routing Group connector is the preferred connector because it is the easiest to configure.

! The SMTP connector. This connector also uses SMTP to route messages between two routing groups. Although the Routing Group connector and the SMTP connector both use SMTP as the transport protocol, the SMTP connector provides additional functionality in that it can be used to send e-mail to any SMTP host, including hosts in other Exchange organizations or on the Internet. When configuring an SMTP connector to connect routing groups, you must configure a smart host that will be the target bridgehead server as well as an address space that defines which SMTP messages will be routed across the connector.

Routing group connector options


! The X.400 connector. This connector is used to establish an X.400 messaging route between two routing groups or between a routing group and another X.400 system. In order to configure an X.400 connector you must first create an X.25 X.400 or Transmission Control Protocol/Internet Protocol (TCP/IP) X.400 Service Transport Stack for X.400. The X.400 connector only supports a single bridgehead server in both routing groups. When using an X.400 connector, you must configure an address space for the destination routing group.

Multiple routing groups introduce an additional layer of complexity to your Exchange organization and to your troubleshooting. Use the following guidelines when troubleshooting message delivery between routing groups:

! Determine where message delivery fails. The first step in troubleshooting message delivery between routing groups is to determine where the message delivery fails. To identify where a message is stopped, use the Message Tracking Center to track the message. If the message is not being delivered to the local bridgehead server, use the single routing group troubleshooting procedures. If the message is being delivered to the bridgehead server, confirm that the message is being sent to the destination bridgehead server. If the message is being delivered to the destination bridgehead server, determine if the message is being delivered to the destination Exchange server. Messages sent between routing groups may be sent through multiple routing groups before reaching the destination routing group, so you may need to track the message through all the intermediate routing groups. After determining where the message delivery fails, use the following troubleshooting suggestions at the point of failure.

! Monitor the SMTP and X.400 link queues. When a computer running Exchange Server 2003 receives an e-mail that will be sent through a routing group connector, it creates a SMTP or X.400 queue for that connector. You can monitor the growth of the queue using the queue viewer. You can also view the additional queue information, which may explain the reason for failed delivery.

! Troubleshoot connector availability. If the messages are being delivered to one bridgehead server, but are not being delivered to the next bridgehead server, you must troubleshoot the connector status. You can view the connector status by using the Exchange System Manager Tools container. If the connector status is unavailable, confirm that the Exchange server can resolve the name of the destination Exchange server in DNS and that the other server is available. Also use a tool like Telnet to determine if the destination server is responding to SMTP commands.

! View link state table using WinRoute. If your company contains multiple routing groups with several routing group connectors, you can use a tool like WinRoute to view the link state routing information. WinRoute provides you with detailed information about all of the connectors in the Exchange organization, as well as connector status information. By reviewing the information provided by WinRoute, you may identify connector configuration errors that provide you with the information that you need to troubleshoot message delivery.

Troubleshooting routing group connectors


! Confirm availability of the routing group master. If you have changed the routing group configuration in your Exchange organization, and the changes are not being reflected within other Exchange servers in the routing group, confirm the availability of the routing group master. If the routing group master is not available, changes to the routing group configuration will not be sent to the other Exchange servers in the routing group. You should also check the availability of the routing group master if one routing group connector fails and messages are not being routed to alternate connectors.

! Check connector configuration settings. Each of the connectors includes several configuration options, such as message size, time, and delivery restrictions. If some messages are being sent across the connector while other messages are not, the most likely cause is a configuration setting on the connector. In addition, if messages are not being delivered across an SMTP or X.400 connector, check the address space configuration for the connector.


Troubleshooting Connectivity to Other E-Mail Systems


Some companies may have e-mail systems in addition to running Exchange. This is a common scenario when one company merges with or takes over another company. In many cases, one of the first priorities when companies merge is to enable messaging between them.

You have a limited number of options when configuring message connectivity to an e-mail system other than Exchange. Some options are as follows:

! Configure SMTP connectivity. One of the easiest ways to enable messaging between the two e-mail systems is to configure SMTP connectivity. If both companies have Internet e-mail connectivity, you can just use the existing infrastructure to route messages. You can also configure an SMTP connector that is dedicated to delivering e-mail between the two companies. The biggest disadvantage of using SMTP to route messages between companies is that you can only send and receive messages. When companies merge, there is usually a requirement for users to also be able to share calendar information, or to easily maintain a global address list that includes the recipients in both companies. This is not possible with only SMTP connectivity.

! Configure X.400 connectivity. You can configure an X.400 connector between the two messaging systems if the non-Exchange system supports X.400. X.400 connectors to external organizations only support message delivery, not directory synchronization or calendar information.

! Install and configure Microsoft Exchange Connector for Lotus Notes. If one of the companies is running Lotus Notes, you can use Microsoft Exchange Connector for Lotus Notes to route e-mail messages between the companies. This connector also supports directory synchronization between Active Directory and the Lotus Notes Address Book.

External connector options


! Install and configure Microsoft Exchange Connector for Novell Groupwise. If one of the companies is running Novell Groupwise, you can use Microsoft Exchange Connector for Novell Groupwise to route e-mail messages between the companies. This connector also supports directory synchronization between Active Directory and the Groupwise Address Book.

! Install and configure Microsoft Exchange Calendar Connector. If you install Microsoft Exchange Connector for Lotus Notes or Microsoft Exchange Connector for Novell Groupwise, the Microsoft Exchange Calendar Connector can be used to exchange free and busy information between the messaging organizations.

Exchange 5.5 and Exchange 2000 also support the Microsoft Exchange Connector for Lotus cc: Mail and the Microsoft Exchange MS Mail Connector. These connectors are not supported in Exchange Server 2003. If you want to retain these services in your organization, you should retain an Exchange 2000 server to run such components.

Many of the same troubleshooting principles apply when troubleshooting the external connectors as apply when troubleshooting routing group connectors. However, because the external messaging systems have different configuration options, there are also specific troubleshooting guidelines that you can use:

! Monitor queues. When you install the external connectors on an Exchange server, a queue is created on that Exchange server for all messages sent to the external organization. If messages are not being delivered between the companies, use the queue viewer to determine whether the messages are stuck in the queue. If the messages are stuck in the external connector queue, troubleshoot the connection between the Exchange server and the other messaging server. If messages are stuck in one of the other system queues on the Exchange server before they even get sent to the connector queue, troubleshoot message delivery on the Exchange server using the procedures covered in the earlier sections of this unit.

! Track messages. If you have message tracking enabled, you can track messages in the Exchange organization as they are sent between the two messaging systems. By tracking the messages, you can determine whether message delivery is failing within your organization or during delivery to the other messaging system. Message tracking will track the messages through the external connector but cannot track messages once they leave the connector.

! Enable and check proxy addresses. When you install the external connectors, the default recipient policy is modified to include proxy addresses compatible with the external e-mail system. By default, these proxy addresses are not enabled in the recipient policy, so you must enable the addresses before they will be applied to recipients in your organization. If messages are not being delivered from the external messaging system, check to ensure that the proxy addresses in your organization match the address space on the connector.

Troubleshooting external connectivity


! Check client configuration and connectivity. When you are configuring the Lotus Notes connector, you must install a Lotus Notes client on the Exchange server that is running the connector. You must also configure a Notes user ID for the connector on the Lotus Notes/Domino server and configure a client .ini file on the Exchange server. The Notes client must be able to connect to the Lotus Notes/Domino server in order to route messages between the systems. If messages are not being delivered between the two messaging systems, check if you can connect to the Lotus Notes/Domino server using the Notes client. If you can�t connect, troubleshoot the client connectivity. If you can connect using the client, check the connector configuration.

! Check address book replication configuration. For both of the external connectors, you can configure a specific container as the import and export containers for address book replication. If you do not want all of the Exchange recipients to be synchronized with the external mail system, you can move all of the recipients that you want to synchronize into one container, and then specify that container as the export container. If some user accounts are not being synchronized, check the export container configuration and ensure that the user accounts are in the right container.


Troubleshooting Connectivity to the Internet


In addition to routing messages within the company, every company also needs to be able to send e-mail to the Internet and receive messages from the Internet. When you configure Internet e-mail, you must configure two separate components: one for Internet e-mail coming into your company and another for Internet e-mail going out of your company.

In order for you to be able to receive e-mail from the Internet, you must configure at least one of your SMTP servers so that it is accessible from the Internet. This requires the configuration of two components:

! Configuring firewall rules to allow SMTP. To receive Internet e-mail, at least one of your Exchange SMTP virtual servers must be accessible from the Internet. In most cases, this is enabled by configuring firewall rules that forward all SMTP traffic to a specific server.

! Configuring mail exchanger (MX) records for your DNS domain. You must configure MX records pointing to the SMTP server(s) in your company in order for SMTP servers on the Internet to know which SMTP server to contact when they have SMTP mail for your company. These MX records must be available on the DNS servers that contain the zone information for your company on the Internet. If you have multiple SMTP servers that are accessible from the Internet, you can use MX records with different preferences to load balance the SMTP connections from the Internet.

Troubleshooting incoming connectivity


To troubleshoot incoming SMTP e-mail, use the following guidelines:

! Test SMTP server availability. The first step in troubleshooting incoming SMTP e-mail is to test whether your SMTP server is accessible from the Internet. You can do this by running Telnet from a computer that is directly attached to the Internet. Try to connect to the SMTP server�s Internet accessible IP address using port 25. If you cannot connect to the server using Telnet, check the firewall configuration to ensure that SMTP traffic is allowed and is being forwarded to the correct SMTP server. If you can connect to the server using the IP address, try connecting using the server FQDN. If this fails, there is a problem with the DNS information on the Internet DNS servers or the DNS servers are not available. Use Nslookup to examine the DNS host records.

! Examine the MX records. If you can connect to the SMTP server using Telnet but messages are still not being delivered, examine the MX records on the Internet DNS servers using Nslookup. The MX records should refer the Internet SMTP servers to the host record for your SMTP server. If you have multiple MX records configured for your domain, ensure that the preference settings for each record are correct.

! Check SMTP virtual server configuration. If you cannot connect to the SMTP server from the Internet but all of the firewall settings appear to be correct, check the SMTP virtual server availability and configuration. The SMTP virtual server has several configuration options that may affect the receipt of Internet e-mail. In some cases, all messages may be affected. For example, if the SMTP virtual server is configured to require authentication for all inbound connections, SMTP servers on the Internet will not be able to connect to the server. Other SMTP virtual server connections may affect only some traffic. For example, message size limits will block only those messages that exceed the message size limit.

By default, any computer running Exchange Server 2003 that can access DNS information on the Internet can send messages to SMTP servers on the Internet. Most companies do not want all of their Exchange servers to send e-mail to the Internet. To avoid this, you should configure an SMTP connector with one or more bridgehead servers to send all e-mail to the Internet. This SMTP connector should be configured with an address space of �*� so that it can send e-mail to any domain. Also, you must ensure that the server that hosts the SMTP bridgehead server can resolve host and MX records on the Internet.

To troubleshoot outgoing Internet e-mail, use the following guidelines:

! Confirm SMTP connectivity to the Internet. In order for your Exchange server to send e-mail to the Internet, the server must be able to establish SMTP connections to the Internet. To test this, run Telnet on the Exchange server and try to connect to an SMTP server on the Internet that you know is online. If the connection fails, check the firewall configuration to ensure that your server is allowed to make SMTP connections to the Internet.

! Confirm the MX records for the destination domain in DNS. If Internet e-mail is being delivered to some domains, but not to others, check the MX records for the domains where delivery is failing. In order for your Exchange server to send e-mail to an SMTP domain, the server must be able to locate the MX records for the domain, and the MX records must be accurate.

Troubleshooting outgoing connectivity


! Monitor the SMTP link queues. When a computer running Exchange 2003 receives an e-mail intended for a SMTP domain outside the organization, it creates a temporary SMTP queue for that domain. If messages are not being delivered to a specific SMTP domain, use the queue viewer on the SMTP bridgehead server to check if the messages are stuck in the queue. If there are several messages in the queue, view the queue information to determine why messages are not being delivered to the domain. If outgoing messages are stuck in only one domain queue, you can troubleshoot message delivery to just that one domain. If messages are stuck in all of the queues for domains outside the organization, you will need to extend your troubleshooting to the entire SMTP server.

! Check the global Internet message formats and message delivery restrictions. You can use Internet message formats to configure the encoding, format, and type of messages (such as out-of-office or NDRs) that you send to all SMTP domains or to specific domains. You can also configure global message delivery settings, such as maximum message size, for the entire organization. If messages are not being delivered to specific domains on the Internet, check the message format settings. If needed, create domain-specific message format settings. For example, if the SMTP server for a domain can only accept UUENCODE messages, configure a domain-specific policy.

! Check the SMTP connector information. The SMTP connector contains many configuration options that may affect message delivery. These configuration options include message size, delivery restrictions, message delivery direction, and time restrictions. If messages from users in one routing group are being delivered using the SMTP connector but messages from users in other routing groups are not being delivered, check the scope of the SMTP connector.

! Check the SMTP virtual server configuration. The SMTP virtual server that is the bridgehead server for the SMTP connector can also be configured in ways that may affect message delivery. For example, you can configure authentication and encryption settings for outgoing messages. If the destination SMTP server settings are not compatible, outbound messages will not be delivered. You can also configure the SMTP virtual server to use a specific DNS server for e-mail delivery. If that DNS server is not available, or if the DNS server does not contain the required information, the SMTP virtual server will not be able to send any Internet messages.

! Check for SMTP open relaying. In some cases, your servers may still be able to send Internet e-mail but the message delivery may be very slow. If you notice that your Exchange server is operating much more slowly than usual, check the SMTP queues on the server. If the SMTP queues contain many more messages than you would expect, check whether your server is configured for open relaying. If your server is being used for open relaying, it may be delivering thousands of unsolicited commercial e-mails or spam to recipients around the world. This will significantly decrease your server performance. (By default, open relaying is blocked on Exchange 2003 servers. For information on how to detect and prevent open relaying, see the Toolkit resource �Identifying and Closing Open Relays.�)


Pre-Lab Discussion


To troubleshoot e-mail delivery in most large companies, you may need to troubleshoot message delivery between servers in the same routing group or in different routing groups. You also may need to troubleshoot message delivery to other messaging systems, such as other systems in your own company or SMTP servers on the Internet.

A number of issues can arise when troubleshooting message delivery in a complex messaging environment. In this context, discuss what problems might cause the following symptoms:

! A user cannot send e-mail to a recipient in another routing group. ! A user cannot send e-mail to an Internet recipient. ! A user cannot receive e-mail from an Internet recipient.


Lab: Troubleshooting Server Connectivity Problems




! Troubleshoot problems with message delivery between routing groups. ! Troubleshoot problems with message delivery between an Exchange

organization and the Internet.


For the first exercise in this lab, you will use the London Virtual PC and the Miami Virtual PC. In preparation for the lab, you will configure an additional routing group and move the Miami Exchange server into the new routing group.

To prepare for this exercise, you need to perform the following configuration steps:

1. Start 2011_London-Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with a password of P@ssw0rd.



3. Start 2011_Miami Virtual PC. Log on as NWTraders\Administrator and then start Exchange System Manager. Configure Exchange System Manager to display routing groups, and then create a new routing group named Miami Routing Group. Move the Miami server into the new routing group, and verify that London continues to be a member of First Routing Group. Once you have configured the routing groups, restart the default SMTP virtual server on London. Detailed steps to accomplish this task are as follows: a. In the console tree, right-click Northwind Traders (Exchange) and

then click Properties. On the General tab, select the Display routing groups check box, and then click OK.

b. In the console tree, expand Routing Groups, expand First Routing Group, and then click Members. Verify that both London and Miami are members of the First Routing Group.

c. In the console tree, right-click Routing Groups, point to New, and then click Routing Group.

d. In the Properties dialog box, type Miami Routing Group and then click OK.

e. In Exchange System Manager, in the console tree, expand Miami Routing Group.

f. In the console tree, in the First Routing Group container, click Members, and then in the Details pane click and drag Miami from the Members container of the First Routing Group to the Members container of the Miami Routing Group.

g. Click each Members container to verify that the London server remains a member of First Routing Group and that the Miami server is a member of the Miami Routing Group.

h. In the console tree, expand Servers\London\Protocols\SMTP. i. In the console tree, right-click Default SMTP Virtual Server and then

click Stop. After the virtual server is stopped, right-click Default SMTP Virtual Server and then click Start.

4. You will use Microsoft Internet Explorer on Miami to access OWA to test e-mail delivery.

In this lab, you will use flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario and the Level 1 support comments and then use the flow charts to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flow chart to determine which path to follow. Use the letters on the flow chart to identify the Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario you have successfully completed the lab.



If necessary, use one or more of the following lab toolkit resources to help you complete this lab:

Flow Chart Resources Resources Used for this Flow Chart B E F Checking Global Settings

B C E Help: Exchange: Configuring Connectors. To locate this information, open Exchange System Manager, select Help, select Help Topics and select Search. Search for Set up Connectors and select the topic Set up Connectors.

B Help: Exchange: Configuring messaging recipients. To locate this information, open Exchange System Manager help and then search for Configure Message Settings for Mailbox-Enabled Users.

E Help: Exchange: Enabling Diagnostic Logging. To locate this information, open the Exchange System Manager help. In this help file, search for Configure Diagnostic Logging and Set Diagnostic Logging Properties.

A C E F Help: Exchange: Managing Message Queues. To locate this information, open Exchange System Manager, select Help, select Help Topics and then select Search. Search for Queue Viewer and select the topic Queue Viewer.

A B D E Help: Exchange: Managing Virtual Servers. To locate this information, open Exchange System Manager, select Help, select Help Topics and then select Search. Search for Configure Virtual Servers and select the appropriate topic for the type of virtual server.

C Help: Exchange: Monitoring Connector Status. To locate this information, open Exchange System Manager, select Help, select Help Topics and then select Search. Search for Connector Status and select the topic Verify Server and Connector Status.

A F Help: Exchange: Tracking Messages. To locate this information, open the Exchange System Manager, click Help, then click Help Topics, and then click Search. Search for message tracking and then select Use the Message Tracking Center.

E Help: Exchange: Verifying the RGC Configuration. To locate this information, open Exchange System Manager help and then search for Install a Routing Group Connector.

A B D Help: Windows: How to use TCP/IP command-line utilities. To locate this information, open Windows help and then search for Command-line utilities: TCP/IP.

B F Help: Windows: Testing DNS. To locate information on locating resource records using DNS administrator snap-in, search for Manage Resource Records.

E Identifying and Closing Open Relays

A D Using Dcdiag and Netdiag to Verify the Network Infrastructure

B C E Using WinRoute to Troubleshoot Routing

C D Verifying that a Server is Online

B Viewing Delivery Restrictions on SMTP Connectors




Yes

No,

it is

bei

ng s

ent

toan

ext

erna

l rec

ipie

nt

1.

Che

ck m

essa

ge d

eliv

ery

in

de

stin

atio

n ro

utin

g gr

oup

2.

Che

ck D

NS

and

MX

reco

rd

in

form

atio

n3

. C

heck

glo

bal s

ettin

gs

1.

Che

ck b

ridge

head

ser

vers

avai

labi

lity

2.

Che

ck c

onne

ctor

con

figur

atio

n3

. C

heck

con

nect

or a

ddre

ss

spac

e4

. C

heck

mes

sage

que

ues

No,

it is

bei

ng s

ent

via

a su

ppor

ted

conn

ecto

r

No

1.

Che

ck t

hat

brid

gehe

ad o

r

re

mot

e se

rver

s ar

e ru

nnin

g2

. C

heck

net

wor

k co

nnec

tivity

3.

Che

ck in

fras

truc

ture

(gl

obal

cata

log,

dom

ain

cont

rolle

r,

D

NS

)4

. C

heck

SM

TP v

irtu

al s

erve

r

av

aila

bilit

y

Yes

1.

Che

ck f

or o

pen

rela

y2

. C

heck

SM

TP v

irtu

al s

erve

r

co

nfig

urat

ion

3.

Che

ck g

loba

l set

tings

4.

Che

ck q

ueue

info

rmat

ion

5.

Che

ck r

outin

g gr

oup

mas

ter

avai

labi

lity

6.

Che

ck c

onne

ctor

add

ress

spac

e7

. C

heck

rou

ting

grou

p

co

nnne

ctor

ava

ilabi

lity

and

conf

igur

atio

n8

. C

onfig

ure

diag

nost

ic lo

ggin

g

on t

rans

port

pro

toco

l

Yes

No

A

B

C

D

F

Yes

No

Yes

Yes

1.

Che

ck n

etw

ork

conn

ectiv

ity2

. C

heck

infr

astr

uctu

re

(D

NS

, glo

bal c

atal

og,

dom

ain

cont

rolle

r)3

. C

heck

SM

TP v

irtu

al

se

rver

fun

ctio

nalit

y4

. C

heck

que

ues

5.

Trac

k M

essa

ges

No

Sta

rt

Trou

bles

hoot

ing

Ser

ver

Con

nect

ivity

No,

it is

bei

ng r

ecei

ved

from

an

exte

rnal

sen

der

1.

Che

ck r

ecip

ient

pro

pert

ies

2.

Che

ck n

etw

ork

conn

ectiv

ity3

. C

heck

DN

S a

nd M

X re

cord

info

rmat

ion

4.

Che

ck S

MTP

vir

tual

ser

ver

avai

labi

lity

and

conf

igur

atio

n5

. C

heck

SM

TP c

onne

ctor

conf

igur

atio

n6

. C

heck

glo

bal s

ettin

gs

E

Are

the

queu

esba

cked

up?

Is t

he m

essa

gebe

ing

sent

and

rece

ived

insi

de t

heEx

chan

geor

gani

zatio

n?

Are

the

serv

ers

in t

he s

ame

rout

ing

grou

p?

Trac

k m

essa

ges

- are

the

mes

sage

sbe

ing

deliv

ered

to

brid

gehe

ad s

erve

r?

Is t

he m

essa

gebe

ing

sent

via

SM

TP?

Can

you

con

nect

to t

he s

erve

rsus

ing

SM

TP?


A

B

C

Trou

bles

hoot

ing

Ser

ver

Con

nect

ivity

Sta

rt

1. C

heck

rec

ipie

nt p

rope

rtie

s2. C

heck

net

wor

k co

nnec

tivity

3. C

heck

DN

S a

nd M

X re

cord

info

rmat

ion

4. C

heck

SM

TP v

irtu

al

se

rver

ava

ilabi

lity

and

co

nfig

urat

ion

5. C

heck

SM

TP c

onne

ctor

co

nfig

urat

ion

6. C

heck

glo

bal s

ettin

gs

1. C

heck

net

wor

k co

nnec

tivity

2. C

heck

infr

astr

uctu

re

(D

NS

, glo

bal c

atal

og,

do

mai

n co

ntro

ller)

3. C

heck

SM

TP v

irtu

al

se

rver

fun

ctio

nalit

y4. C

heck

que

ues

5. Tr

ack

Mes

sage

s

1. C

heck

brid

gehe

ad s

erve

rs

av

aila

bilit

y2. C

heck

con

nect

or c

onfig

urat

ion

3. C

heck

con

nect

or a

ddre

ss

sp

ace

4. C

heck

mes

sage

que

ues

Is t

he m

essa

gebe

ing

sent

and

rece

ived

insi

de t

he

Exch

ange

orga

niza

tion?

Are

the

serv

ers

in t

he s

ame

rout

ing

grou

p?

Is t

he m

essa

gebe

ing

sent

via

SM

TP?

Trac

k m

essa

ges

are

the

mes

sage

sbe

ing

deliv

ered

to

brid

gehe

ad s

erve

r?

Yes

Yes

Yes

No

No

No,

it is

bei

ng r

ecei

ved

from

an

exte

rnal

sen

der

No,

it is

bei

ng s

ent

to

an e

xter

nal r

ecip

ient

No,

it is

bei

ng s

ent

via

a s

uppo

rted

con

nect

or

Yes


Trou

bles

hoot

ing

Ser

ver

Con

nect

ivity

D

F

E1

. C

heck

tha

t br

idge

head

or

rem

ote

serv

ers

are

runn

ing

2.

Che

ck n

etw

ork

conn

ectiv

ity3

. C

heck

infr

astr

uctu

re (

glob

al

cata

log,

dom

ain

cont

rolle

r,

D

NS

)4

. C

heck

SM

TP v

irtu

al

serv

er a

vaila

bilit

y

1.

Che

ck f

or o

pen

rela

y2

. C

heck

SM

TP v

irtu

al

serv

er c

onfig

urat

ion

3.

Che

ck g

loba

l set

tings

4.

Che

ck q

ueue

info

rmat

ion

5.

Che

ck r

outin

g gr

oup

mas

ter

avai

labi

lity

6.

Che

ck c

onne

ctor

add

ress

sp

ace

7.

Che

ck r

outin

g gr

oup

conn

nect

or a

vaila

bilit

y an

d

co

nfig

urat

ion

7.

Con

figur

e di

agno

stic

logg

ing

on t

rans

port

pro

toco

l

1.

Che

ck m

essa

ge d

eliv

ery

in

dest

inat

ion

rout

ing

grou

p2

. C

heck

DN

S a

nd M

X re

cord

in

form

atio

n3

. C

heck

glo

bal s

ettin

gs

Can

you

con

nect

to t

he s

erve

rsus

ing

SM

TP?

Are

the

queu

esba

cked

up

Yes

Yes

No

No


Exercise 1 Troubleshooting Solutions When Users Cannot Send Messages Between Routing Groups


Annette Hill has entered a service request. Annette is unable to send e-mail messages to Michael Allen in Miami.

In this exercise, you will need to log on to Microsoft Outlook Web Access (OWA) on London using NWTraders\AnnetteHill. You will need to log on to OWA on Miami using NWTraders\MichaelAllen.

�Urgent! Talked to Annette and she says she sent some e-mail to Michael Allen in Miami a couple of hours ago, but the messages haven�t been delivered yet. The messages had Microsoft PowerPoint® attachments; she is not sure how big the attachments were. Checked if I could send e-mail to the Miami�it is not being delivered either. I am not getting any NDRs. Immediately escalated this to second level support.�

You must resolve the problems that Annette has when sending e-mail messages to the users in Miami.


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

Scenario



Exercise 2 Troubleshooting Solutions When Users Cannot Send Messages to the Internet


For this exercise and the next exercise, you will use the London Virtual PC and the Vancouver Virtual PC. The Vancouver Virtual PC will be used to simulate an Internet connection.

To prepare for this exercise, you need to perform the following configuration steps:

1. Shut down the 2011_Miami Virtual PC. To shut down, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK.

2. Ensure that you are logged on to the London Virtual PC as NWTraders\Administrator.

3. Start the 2011_Vancouver Virtual PC. Because Vancouver is in the Windows NT domain Contoso, which is not part of the same forest as London, you can use Vancouver to simulate an Internet host. When you start Vancouver, Vancouver will run Autochk. You should allow Autochk to complete, at which time Vancouver will start successfully.

4. Log on to Vancouver as Contoso\Administrator with a password of P@ssw0rd.

To create the troubleshooting scenario for this exercise, run the breaklab6b.bat script located in the c:\MOC\2011\Labfiles\Lab06 folder on 2011_London Virtual PC. Gustavo Camargo has entered a service request. Gustavo is trying to send e-mail to Internet e-mail recipients and the messages are not being delivered.

In this exercise, you will need to log on to OWA on London using NWTraders\GustavoCamar, and open the Administrator mailbox on Vancouver by using Outlook 2000.


Scenario


�Urgent! Talked to Gustavo and he says he sent an urgent e-mail to a customer first thing this morning and it hasn�t been delivered. Checked if I could send e-mail to the Internet�it is not being delivered either. I am not getting any NDRs. Immediately escalated this to second level support.�

You must resolve the problem so that Gustavo can send e-mail to Internet e-mail recipients.


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________



Exercise 3 Troubleshooting Solutions When Users Cannot Receive Messages from the Internet


To create the troubleshooting scenario for this exercise, run the breaklab6c.bat script located in the c:\MOC\2011\Labfiles\Lab06 folder on 2011_London Virtual PC. Angela Barbariol has entered a service request. Angela is a sales manager who is also the manager of a distribution group named [email protected]. Messages from the Internet are not being delivered to the distribution group.

In this exercise, you will need to log on to OWA on London using NWTraders\AngelaBarba.

�Talked to Angela, her e-mail is working fine. She can send and receive e-mail, including Internet e-mail. The distribution group is used for clients on the Internet to send e-mail to a generic sales alias so that all the sales people get the message. Tried sending e-mail to the alias internally and it worked fine.�

You must resolve the problems so that messages from the Internet are delivered to the distribution group.


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


Scenario



For these exercise, you used the Vancouver and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image.

When you shut down the Virtual PCs using these instructions, all changes made to the Virtual PCs will be lost.






Important


Lab Discussion





! How is your work environment different than the test environment? ! How would your work environment change the troubleshooting process? ! What steps would you take in the future when troubleshooting similar

problems?

Contents

Overview 1

System Components That Cause Server-Related Problems 2

Common Server-Related Problems 5


Lab: Troubleshooting Server Performance 8

Lab Discussion 18

Unit 7: Troubleshooting Server Performance


Unit 7: Troubleshooting Server Performance 1

Overview


In this unit, you will learn how to troubleshoot server performance problems as they relate to Microsoft ®Exchange Server 2003 and Microsoft Active Directory® domain controllers. You will be able to identify and resolve problems with bandwidth, services, database corruption, service failures, disk space, and other server performance issues.

There are different types of behaviors associated with an overloaded Exchange server as compared to an overloaded domain controller. You need to remember that without Active Directory, Exchange Server 2003 will not run properly and messaging clients such as Microsoft Outlook® 2003 will not be able to perform simple tasks, such as resolving e-mail addresses.


! Identify and resolve messaging problems related to performance problems in domain controllers and global catalog servers.

! Identify and resolve messaging problems caused by the running of scheduled applications.

! Troubleshoot messaging problems caused by hardware components in server systems.

Objectives

2 Unit 7: Troubleshooting Server Performance

System Components That Cause Server-Related Problems


Once you have purchased hardware and implemented Exchange Server 2003, you may find unexpected growth or a change in the expected behaviors of your messaging users. For example, you may find that they use e-mail much more than you ever thought they would, and that they do not use public folders nearly as much as you expected. You may also find that your design did not account for special messaging users with higher service level agreements that require different configurations.

Often, troubleshooting poor performance will require determining which hardware components are creating problems. You can use the System Monitor to identify problems with the performance objects listed in the following table.

Hardware component

Performance object

Performance counter

Troubleshooting tip

CPU Processor %Process Time

The time the CPU spends executing threads.

If the processor is consistently running well above baseline, check the process object and monitor the individual processes to see which are providing too much stress. The problem could be a scheduled process that needs to be moved to off-peak hours. Another reason behind the problem could be that the virus scanner is utilizing too much processing power and the system requires an upgraded or additional CPU to balance the load.


(continued) Hardware component

Performance object

Performance counter

Troubleshooting tip

Hard disk Physical disk Disk Transfer/sec

The rate of read and write operations on the disk.

%Disk Time

The amount of time the disk spends servicing requests.

If the hard drives of the server are being heavily loaded, consider adding faster hard drives with higher throughput rates. Another concern with high hard drive activity is that combined with high memory usage, it may be causing excessive disk swapping. Adding more system memory will improve disk performance by reducing disk swapping.

To improve hard disk speed, you can purchase controllers with larger amounts of caching. You will need to turn off write caching, as it can cause problems with log drives. However, the read caching can be extremely beneficial for performance since retrieving data from cache is quicker than retrieving data from disk.

System memory

Memory Available bytes

The amount of physical memory available for process or system use without having to swap data to disk for temporary storage.

Pages/sec

The rate at which memory pages are swapped to and from disk and memory. When there is excessive paging, it is often referred to as disk thrashing because the hard drives work so hard.

If memory usage is continually high and there are high levels of paging to and from disk, additional memory should be added to the system.

When adding memory over one gigabyte, remember to add the /3gb switch to the menu items in the boot.ini file so that your server will use more than one gigabyte of system memory.

Network adapter

Network interface

Bytes Total/sec

The rate at which bytes of data are sent or received through the network adapter.

It is rare that the network interface will be fully utilized and cause network problems. However, you may want to move the network interface of an Exchange Server 2003 server to a higher performance network backbone, or add multiple network adapters and configure load balancing between the adapters to achieve improved performance.

In many cases, backups from Exchange to another server on the network can cause slow network performance for a large number of applications. Schedule backups for off-peak hours, or create a private backup network used just to offload all backup network traffic from the public network.


You should use the System Monitor tool to log performance over several months so that you can develop a performance baseline. This baseline will help you identify growth issues or any abnormalities with the performance of your Exchange environment. Once you know how your Exchange servers run under average user stress, you will be able to identify any major peaks in usage and start looking for causes that might explain the change. Use the counters presented in the above table as well as several other counters that can be used to measure the Exchange server services. For example, if you use performance logging and capture information for the SMTP Server Messages Received/Sec counter, you will know that 14,000 is a number that is much too high for your normal processing speed, and you will be able to respond to the problem much faster.

Some basic questions you should be able to answer based upon performance baselines include:

! What is the average number of e-mail received per day? ! How often do users open e-mail each day? How often do users open public

folders? ! What are the daily, weekly, and monthly peak delivery rates for e-mail? ! How many more users can your environment support without upgrading?

Note Please refer to Microsoft Official Courseware Course 2400, Implementing and Managing Exchange Server 2003, Module 13, for more information on performance monitor objects and processes for developing performance baselines.

Developing performance baselines


Common Server-Related Problems


Not all performance problems can be fixed by upgrading hardware components. Many server-related problems are caused by services and applications running on the Exchange servers or on the domain controllers that impact performance. If you can identify these different applications and services and change their schedules so that they only run during off-peak hours, you can minimize the impact to the Exchange environment.

Anything that can be done to reduce the server and network load during production hours will help improve performance of the messaging environment and will improve the productivity of the company.

The table below lists some common server�related problems and recommended solutions.

Warning When entering times for scheduled applications and processes, be careful to enter the appropriate A.M. or P.M.

Problem Recommended solution Scanning software slows performance

• Perform minimal scanning during the day.

• Only scan inbound messages during the day and then scan the entire mailbox store each night after peak hours.

• Offload all scanning to a dedicated server that scans all inbound and outbound messages.

Backups slow performance

• Perform backups only during off-peak hours.

• Back up individual storage groups at different times to minimize the impact during off-peak hours.

• Spread mailbox stores over additional servers so that the load on each server is not as high as if all mailboxes were on a single server.


(continued) Problem Recommended solution Restores slow performance

• Perform restores on offline servers and export lost messages to .pst files. Send the .pst files to the proper owner so that they can import them.

• Keep stores small so that they can be restored quicker.

Broken RAID sets slow performance

• A broken disk should be replaced immediately. It is a very good idea to keep spare disks for important servers, such as Exchange servers.

• Try not to use RAID 5 implementations since broken disks require significant CPU cycles to generate the lost data using existing data and parity information.

• Break any mirrors with defective drives and take the broken disk sets offline. Replace the defective drives and re-establish the mirrors after normal business hours to minimize performance impact.

Network interface and switch problems slow performance

• Often, the network switch and the network card will have trouble negotiating speed settings if they are both set to auto-negotiate their speed settings. You should force network adapters to their highest speed settings.

• Clearly mark and deactivate broken switch ports.

Activity spikes slow performance

• Use System Monitor to watch for predictable spikes, such as early morning logon activity that slows domain controller performance, and Exchange server performance as everyone reads e-mail to get ready for the day. Also, you may see spikes right after lunch and right before the close of business each day.

• Verify that all applications and services that can be turned off are off or are scheduled for off-peak times, to minimize the impact of the activity spikes.

• Consider recommending flex hours for employees to ease the load on the network and improve performance for everyone.

Maintenance slows performance

• Do not take down any servers during business hours. In the event that maintenance is required because of failing hardware, plan well so that the length of time a server is not functional will be minimized.

• Schedule and maintenance applications, such as disk defrag, during off-peak hours.

Note Hard disk arrays that are used to support large Exchange Server 2003 databases may have their own tools for monitoring disk performance. Make sure you use these tools and pay special attention to failed disks, as a broken disk in an array can cause extremely poor server performance.


Pre-Lab Discussion


Messaging applications can be affected by many different components and processes that exist in a server. Each component and process needs to be reviewed and considered when troubleshooting server performance issues.

Focusing on server performance issues, discuss what problems might cause the following situations:

! Address resolution and address lookup are very slow. ! Outlook is very slow when retrieving a message from the Exchange server. ! Multiple users are unable to open their mailboxes using Outlook.


Lab: Troubleshooting Server Performance


In this lab, you will perform troubleshooting tasks related to server performance problems. You will use the flow charts, Lab Toolkit resources, and your personal experiences to find the existing problems and correct them.



! Identify and resolve messaging problems related to server performance problems in domain controllers and global catalog servers.

! Identify and resolve messaging problems caused by the running of scheduled applications.




For this lab, you will use the Acapulco and London Virtual PCs. The Acapulco Virtual PC is used to simulate a messaging client for internal users as well as external users. London is a domain controller, global catalog server, DNS server, and Exchange Server 2003 server.


1. Start 2011_London Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with the password P@ssw0rd. 3. Start the 2011_Acapulco Virtual PC.

In this lab, you will use the flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario, the Level 1 and 2 support comments, and then use the flow chart to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flow chart to determine which path to follow. Use the letters on the flow chart to identify the Lab Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario you have successfully completed the lab.




If necessary, use one or more of the following Lab Toolkit resources to help you complete this lab:

Flow Chart Reference Resources used for this flow chart A B Help: Exchange: Enabling Diagnostic Logging. To locate this information,

search for Configure Diagnostic Logging and Set Diagnostic Logging Properties.

C G Help: Exchange: Identifying and Closing Open Relays. To locate this information, open Exchange System Manager help and then search for Set Relay Restrictions on a Virtual Server.

C G Help: Exchange: Managing Message Queues. To locate this information, search for Manage Message Queues.

A B Help: Exchange: Monitoring Connector Status. To locate this information, search for Connector Status and select the topic Verify Server and Connector Status.

A B Help: Exchange: Using the Monitoring and Status Tool in Exchange Server Manager. To locate this information, search for Exchange 2003 Monitors and Monitor Services Used by Exchange.

F Help: Windows: Checking for Memory Leaks. To locate this information, search Windows Server 2003 Online Help for Memory Leaks and System Monitor.

A B E F H Help: Windows: Performance Logs and Alerts � Search for Monitoring Server Performance and System Monitor.

A B Help: Windows: Using Netmon to Monitor Network Traffic. To locate this information, search for Monitor Network Traffic and Network Monitor.

E F H Help: Windows: Review Scheduled Tasks. To locate this information, search for Scheduled Tasks and Task Scheduler Overview.

C G Impact of Virus and Content Scanners on Messaging Functionality

C G Updating Antivirus Signatures

D Using Dcdiag and Netdiag to Verify the Infrastructure

A B Using Service Logs

B H Using the Telnet Command to Test the TCP Port Restrictions on a Firewall




1.

Mon

itor

affe

cted

serv

ers

to id

entif

y

pr

oble

m2

. C

onfig

ure

logg

ing

CPU

1.

Che

ck f

or v

irus

- loo

k fo

r

ou

t of

nor

mal

per

form

ance

coun

ters

and

unk

now

n

ap

plic

atio

ns2

. C

heck

for

sch

edul

ed

ap

plic

atio

ns a

nd s

ervi

ces

runn

ing

at in

appr

opria

te

tim

es3

. C

heck

ben

chm

arks

for

the

serv

er, m

ay h

ave

too

man

y us

ers

1.

Verif

y en

ough

spa

ce f

or

lo

g fil

es a

nd d

atab

ase

2.

Che

ck s

tore

siz

e,

co

nsid

er w

heth

er it

mig

ht b

e to

o la

rge

3.

Che

ck f

or s

ched

uled

appl

icat

ions

and

serv

ices

run

ning

at

inap

prop

riate

tim

es

Dis

k

1.

Che

ck f

or v

irus

- loo

k fo

r

ou

t of

nor

mal

per

form

ance

coun

ters

and

unk

now

n

appl

icat

ions

2.

Che

ck f

or s

ched

uled

appl

icat

ions

and

ser

vice

s

ru

nnin

g at

inap

prop

riate

times

3.

Che

ck f

or m

emor

y le

aks

Sys

tem

Mem

ory

1.

Mon

itor

affe

cted

serv

ers

to id

entif

y

pr

oble

m2

. C

onfig

ure

logg

ing

3.

Set

up A

lert

s

1.

Che

ck f

or v

irus

- loo

k fo

r

ou

t of

nor

mal

per

form

ance

coun

ters

and

unk

now

n

ap

plic

atio

ns2

. C

heck

for

bac

kups

run

ning

at in

appr

opria

te t

imes

acro

ss t

he n

etw

ork

Net

wor

k

1.

Che

ck f

or b

ad p

ort,

bad

cabl

e, o

r ba

d ne

twor

k

ad

apte

r2

. C

heck

Inte

rnet

co

nnec

tion

Net

wor

k

Che

ck d

omai

n co

ntro

llers

and

glob

al c

atal

og s

erve

rsAu

then

ticat

ion

1.

Che

ck f

or O

pen

Rel

ay2

. U

pdat

e An

ti-vi

rus

sign

atur

es3

. C

heck

ant

iviru

s an

d co

nten

t

sc

anni

ng q

uara

ntin

e4

. C

heck

mes

sage

que

ues

1.

Che

ck f

or o

pen

rela

y2

. U

pdat

e an

tiviru

s

si

gnat

ures

3.

Che

ck a

ntiv

irus

and

cont

ent

scan

ning

quar

antin

e4

. C

heck

mes

sage

que

ues

Spa

m

Trou

bles

hoot

ing

Ser

ver

Per

form

ance

C D

E FG

H

Pred

icta

ble

Inte

rmitt

ent

A

B

Sta

rt

Are

the

prob

lem

sin

term

itten

t or

pred

icta

ble?

Sel

ect

issu

esid

entif

ied

bym

onito

ring

and

logg

ing

Sel

ect

issu

esid

entif

ied

bym

onito

ring

and

logg

ing

Spa

m/V

irus


Trou

bles

hoot

ing

Ser

ver

Per

form

ance

A

B

C D

Sta

rt

Are

the

prob

lem

s in

term

itten

t or

pr

edic

tabl

e?

Sel

ect

issu

es

iden

tifie

d by

m

onito

ring

and

logg

ing

1.

Mon

itor

affe

cted

se

rver

s to

iden

tify

prob

lem

2.

Con

figur

e lo

ggin

g3

. S

etup

Ale

rts

1.

Mon

itor

affe

cted

se

rver

s to

iden

tify

prob

lem

2.

Con

figur

e lo

ggin

g

1.

Che

ck f

or o

pen

rela

y2

. U

pdat

e an

tiviru

s

si

gnat

ures

3.

Che

ck a

ntiv

irus

and

cont

ent

scan

ning

qu

aran

tine

4.

Che

ck m

essa

ge q

ueue

s

1.

Che

ck f

or b

ad p

ort,

bad

ca

ble,

or

bad

netw

ork

ad

apte

r2

. C

heck

Inte

rnet

co

nnec

tion

Che

ck d

omai

n co

ntro

llers

an

d gl

obal

cat

alog

ser

vers

Inte

rmitt

ent

Pred

icta

ble

Spa

m

Net

wor

k

Auth

entic

atio

n


Trou

bles

hoot

ing

Ser

ver

Per

form

ance

E FG

H

1. C

heck

for

viru

s - l

ook

for

ou

t of

nor

mal

per

form

ance

co

unte

rs a

nd u

nkno

wn

ap

plic

atio

ns2. C

heck

for

sch

edul

ed

ap

plic

atio

ns a

nd s

ervi

ces

ru

nnin

g at

inap

prop

riate

tim

es3. C

heck

ben

chm

arks

for

the

se

rver

, may

hav

e to

o m

any

us

ers

1. Ve

rify

enou

gh s

pace

for

lo

g fil

es a

nd d

atab

ase

2. C

heck

sto

re s

ize,

co

nsid

er w

heth

er it

m

ight

be

too

larg

e3. C

heck

for

sch

edul

ed

ap

plic

atio

ns a

nd

se

rvic

es r

unni

ng a

t in

appr

opria

te t

imes

1. C

heck

for

viru

s - l

ook

for

ou

t of

nor

mal

per

form

ance

co

unte

rs a

nd u

nkno

wn

ap

plic

atio

ns2. C

heck

for

sch

edul

ed

ap

plic

atio

ns a

nd s

ervi

ces

ru

nnin

g at

inap

prop

riate

tim

es3. C

heck

for

mem

ory

leak

s

1. C

heck

for

Ope

n R

elay

2. U

pdat

e An

ti-vi

rus

sign

atur

es3. C

heck

ant

iviru

s an

d co

nten

t sc

anni

ng q

uara

ntin

e4. C

heck

mes

sage

que

ues

1. C

heck

for

viru

s - l

ook

for

ou

t of

nor

mal

per

form

ance

co

unte

rs a

nd u

nkno

wn

ap

plic

atio

ns2. C

heck

for

bac

kups

run

ning

at

inap

prop

riate

tim

es

ac

ross

the

net

wor

k

Sel

ect

issu

es

iden

tifie

d by

m

onito

ring

and

logg

ing

Net

wor

k

Spa

m/V

irus

Sys

tem

Mem

ory

CPU

Dis

k


Exercise 1 Address Resolution and Address Lookups Are Very Slow


To create the troubleshooting scenario for this exercise, run the breaklab7a.bat script located in the c:\MOC\2011\Labfiles\Lab07 folder on 2011_London Virtual PC. Paul West has entered a service request. He states that it is taking a long time for his Outlook client to resolve names that he enters manually, and it also takes a long time when he wants to search for a name. Paul states that before this, Outlook 2003 was able to resolve names in less than one second. Today, he is experiencing wait times of approximately five seconds. Other users are also complaining about poor Exchange server performance.

Log on to London as Nwtraders\Administrator using the password P@ssw0rd. You should not need to open any user mailboxes when troubleshooting this problem.

�Paul has been with the company for a month and his computer has the standard build, including Outlook 2003. Checked user account � it is mailbox enabled. His mailbox is on London. He is able to ping London.�

You must resolve the performance problem with Exchange Server 2003.


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


Scenario



Exercise 2 Outlook Is Very Slow When Retrieving a Message from Exchange


To create the troubleshooting scenario for this exercise, run the breaklab7b.bat script located in the c:\MOC\2011\Labfiles\Lab07 folder on 2011_London Virtual PC. Pete Male has entered a service request. He states that it takes several seconds to send a message using his Outlook messaging client. Other service request calls have come in complaining of the same problem.


�Pete is a new Exchange 2003 user and was recently migrated over from Exchange 5.5. His computer has the standard build, including Outlook 2003. Pete is able to ping London without any problems.�

�We have heard similar reports from other users in London. It is a suspected network link issue and is being reviewed by the Network team as well as the Server team.�

You must identify and resolve the performance problem with Exchange Server 2003.


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


Scenario




Exercise 3 Multiple Users Are Unable to Open Their Mailboxes Using Outlook



Important This script will take approximately ten minutes to complete. You can start troubleshooting after the script has run for approximately five minutes.

Max Benson has entered a service request. He states that he is experiencing delays when opening his mailbox and also when trying to send messages to others on the network. You have received a call from the Help Desk indicating that many users are calling about this problem.


�Max has a standard desktop system. He has a history of complaining about many issues. We think he is trying to get a new computer. His computer has the standard build, including Outlook 2003. It has been tested several times in the past. Max is able to ping London.�

�We have heard similar reports from other users in London. It is a suspected network link issue and is being reviewed by the Network team as well as the Server team. Escalating to the Exchange team to help, just in case it is related to the Exchange server.�

You must resolve the performance problem with Exchange Server 2003.


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


Scenario




For this lab, you used the Acapulco and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image.








Lab Discussion



! What were the root causes of the problems described in the scenarios? ! What steps did you use and how did the steps help identify the problems? ! What other steps could you have used to identify the problems faster? ! How did you test your solutions?



problems?

Contents

Overview 1

PKI Requirements for Secure E-Mail 2

Troubleshooting S/MIME E-Mail Issues 5

Troubleshooting SSL Issues 8


Lab: Troubleshooting Exchange Security 12

Lab Discussion 23

Workshop Evaluation 24

Unit 8: Troubleshooting Security Issues


Unit 8: Troubleshooting Security Issues 1

Overview


Because a great deal of business-related information is sent using e-mail, e-mail security is a significant issue for most companies. The need for secure e-mail adds a layer of complexity to your e-mail infrastructure that can result in additional troubleshooting issues.

This unit addresses issues relating to securing e-mail while it is in transit from one location to another. To secure the information, digital certificates that include encryption keys are used to protect the data on the network. To protect e-mail messages while they are in transit, you will need to:

! Implement a Public Key Infrastructure (PKI) to manage the creation and distribution of digital certificates.

! Implement Secure Multipurpose Internet Mail Extensions (S/MIME) to encrypt or digitally sign e-mail messages sent from client to client. The encryption and digital signatures ensure that a message is secure and cannot be modified while it is transmitted on the network.

! Implement Secure Sockets Layer (SSL) to encrypt network traffic. With SSL, the actual network traffic that transmits e-mail messages is encrypted, so that even if the network packets were captured, they could not be read.


! Identify and resolve problems related to encrypting e-mail using S/MIME. ! Identify and resolve problems related to using remote procedure call (RPC)

over Hypertext Transfer Protocol (HTTP). ! Identify and resolve problems related to Exchange Server 2003 security

configurations.

Objectives

2 Unit 8: Troubleshooting Security Issues

PKI Requirements for Secure E-Mail


A public key infrastructure includes servers, management tools, and policies that are used to create, distribute and manage the deployment of digital certificates To use digital certificates for securing e-mail using SSL or S/MIME, you must deploy a PKI or use an existing PKI.

A PKI includes the following components:

! Certificate and Certificate Authority (CA) management tools. Provide both graphical user interface (GUI) and command-line tools to manage issued certificates, publish CA certificates and Certificate Revocation Lists (CRLs), configure CAs, import and export certificates and keys, and recover archived private keys.

! Certification authorities. Issue certificates to users, computers, and services and manage the certificates. Each certificate that a CA issues is signed with the digital certificate of that CA.

! Certificate and CRL distribution points. Provide publication locations at which certificates and CRLs are publicly available, either within or outside of an organization. Publishers can use any kind of directory service, including X.500, Lightweight Directory Access Protocol (LDAP), or directories in a specific operating system. Publishers can also publish certificates and CRLs on Web servers.

! Certificate templates. Define the content and purpose of a digital certificate. A certificate template defines issuance requirements, certificate purpose, implemented extensions, such as application policy or extended key usage, and enrollment permissions for certificates that a CA issues.

! Digital certificates. Provide the foundation of a PKI. Digital certificates are electronic credentials that are associated with a public key and a private key that an organization uses to authenticate users.

PKI components


! Certificate revocation lists (CRL). List the certificates that a CA has revoked before the certificate reaches its scheduled expiration date.

! Public key-enabled applications and services. Support public key encryption so you can implement public key security. You can only implement these components after you configure your PKI to issue, publish, and control certificates.

The decision on which PKI option to use will likely be based on which clients need to use certificates to secure e-mail. If you deploy certificates only to users within your organization, and the servers that require server certificates will be accessed only by internal clients, deploying a private CA is a good option. If users outside the organization will require certificates, or if you deploy servers that will be accessed by users outside the organization, you should deploy commercial certificates. You have two options when implementing a PKI:

! Deploy a private PKI using Windows Server 2003 Certificate Authorities. Windows Server 2003 includes a Certificate Server service that you can use to deploy a PKI for your company. With this option, you can integrate the management of certificates with Microsoft® Active Directory®.

! Integrate with a public or commercial PKI. You can also obtain digital certificates from commercial PKIs such as VeriSign, GTE, Thawte, and RSA. With this option, you can reduce the amount of effort required to manage the certificates because the certificate management is done by the commercial CA.

This choice is critical because PKI is based on trust model. When a client connects to a server that is using a digital certificate to secure data, the client checks its list of trusted root certification authorities to see whether it is configured to trust the digital certificate. If the client is not configured to trust the certificate, it will warn the user or fail to connect to the server. If you deploy a private CA, you can configure all your internal clients to trust the CA, but external clients are not going to be configured to trust your CA. However, Internet clients such as Web browsers are already configured to trust the well-known commercial CAs so they will not receive a warning when they connect to a server using a commercial certificate.

In most cases, you are likely to be most concerned with securing e-mail within your organization, which means a private CA is a good option. If you need to secure e-mail to only a few external users, you can exchange certificates with the external users and ask the external users to configure their clients to trust your CA. If you need to secure e-mail to more external users, you can configure each of your clients to use a commercial CA.

Implementing a PKI


After deploying the CAs, you need to acquire and install certificates on all the servers and clients that require them. The enrollment process is a matter of requesting and issuing a certificate. Although the enrollment process varies with the CA that is used, and its policies, the following steps outline the general process:

1. Applicant generates a key pair. The applicant generates a public and private key pair, or he or she is assigned a key pair by some authority in the company. The applicant stores the key pair locally, either on the disk subsystem or on a hardware device, such as a smart card.

2. Applicant sends the certificate request to the CA. The applicant provides the information that is required by the certificate template and sends the certificate request to the CA. The certificate request includes the public key that is generated at the requesting computer. This certificate request can be sent directly to an online CA, or it can be saved as a text file and sent to an offline CA.

3. Certificate administrator reviews the request. A certificate administrator reviews the certificate request to verify the applicant�s information. Based on the information presented, the certificate administrator either issues or denies the certificate request. In some cases, the CA may be configured to issue certificates automatically to users who present appropriate credentials.

4. Upon approval, the CA issues the certificate. The CA creates the certificate and issues the certificate to the requesting applicant. The certificate is signed by the CA to prevent modification and it includes the applicant�s identifying information and the submitted public key as an attribute of the issued certificate.

After you have acquired and installed the certificates, you can start using the certificates to secure e-mail messages either with SSL or S/MIME.

Acquiring digital certificates


Troubleshooting S/MIME E-Mail Issues


When using S/MIME you can configure an e-mail client to encrypt an e-mail message as well as attach a digital signature to an e-mail message. You can use the digital signatures to ensure the identity of the e-mail sender and to ensure that the e-mail has not been modified. Encryption ensures that the message cannot be read or modified while it is transmitted on the network.

You can protect e-mail messages in transit on the network by using encryption. Exchange uses public key encryption, which uses two keys: a public key, which is a key that is known to everyone, and a private key, which is a key that is known only to the recipient of the message.

The public key and private key are used in combination to encrypt and decrypt data. The following steps explain the process for how public key encryption is applied to the original plaintext data:

1. The message sender retrieves the recipient�s public key. The public key may be stored in Active Directory in a Microsoft Windows Server� 2003 environment, or on an accessible certificate store managed by a CA. The message sender may also have received the public key from the recipient as part of a digitally signed message.

2. The sender generates a symmetric key and uses the symmetric key to encrypt the message data. A symmetric key is a key that can be used to encrypt and decrypt messages. The symmetric key is encrypted with the recipient�s public key to prevent the symmetric key from being intercepted during transmission.

3. The encrypted symmetric key and encrypted data are sent to the recipient. 4. The recipient�s private key is used to decrypt the encrypted symmetric key.

The encrypted data is decrypted with the symmetric key, which yields the original data to the recipient.

Message encryption by using S/MIME


In this process, the public key can be made available to anyone who requests the key, so that anyone can encrypt a message to send to a user. However, only the recipient�s private key can decrypt the messages encrypted by the public key, so only the person holding the private key can decrypt the messages. The private key is protected in a user or computer profile or on a physical device, such as a smart card.

You can protect e-mail messages against modification by using a digital signature. A digital signature is a digital code that can be attached to an e-mail message that uniquely identifies the sender. A digital signature is a key component of most authentication methods because the digital signature verifies the identity of the individual who is sending the message.

The following steps explain the process for how a digital signature is applied to the original data:

1. When the sender prepares to send the signed message, a hash algorithm is applied to the message data. A hash algorithm takes any form of data and produces a mathematical result for the inputted data. This result is the hash value. If a single character is changed in the message data while it is transmitted on the network, the hash value will no longer be valid.

2. The resulting hash value is encrypted by using the sender�s private key. The encryption protects the hash value from modification during the transmission of the hash value to the recipient.

3. The sender sends the certificate, the encrypted hash value, and the original data to the recipient. The certificate includes the sender�s public key as one of the attributes of the certificate.

4. The recipient retrieves the sender�s public key from the received certificate. The recipient uses the public key to decrypt the encrypted hash value. The successful decryption and validation of the sender�s certificate proves that the data originated from the sender.

5. The recipient passes the original data through the same hash algorithm. The resulting hash value is compared to the hash value received from the sender. If the two hash values are identical, the original data was not modified during the transmission.

Signing messages by using S/MIME


S/MIME requires that both the sender and recipient have a digital certificate, and that sender and recipient obtain a copy of each other�s digital certificate with the attached public key. Therefore, much of the troubleshooting for S/MIME will be client-based certificate troubleshooting. Use the following guidelines when troubleshooting S/MIME issues.

! Ensure that both sender and recipient have digital certificates. To send encrypted e-mail, the sender and receiver must have digital certificates. The easiest way to test whether a user has a certificate is to attempt to send a signed message. Sending digitally signed messages does not require a user to have anyone else�s certificate, but the user must have a certificate. If the user cannot send digitally signed e-mail to anyone, then the user does not have a certificate, or the private key may not be accessible. For example, the user may have a private key on one computer, but this would not mean that the user can send signed e-mail from another computer. If a user must be able to send encrypted messages from multiple computers, then you can export the private key from one computer and install it on other computers. You can also store the private key as part of a roaming user profile.

! Ensure that the sender and recipient have each other�s public keys. To send encrypted messages to another recipient, the sender must have the recipient�s public key. If a user can digitally sign messages but cannot encrypt messages, the problem is likely that the sender does not have the required public key. The easiest way for the sender to get the public key is for the recipient to send a digitally signed e-mail. The signed e-mail includes the certificate and public key. When the signed e-mail arrives, save the sender information in your address book. The certificate and public key will be saved with the contact information.

! Ensure that the clients are configured to trust the other certificate. You may encounter problems if the clients do not trust the CA used by the sender or recipient. If you receive an encrypted or signed e-mail and your client is not configured to trust the sender�s CA, you will receive a warning message. If you are confident of the sender�s identity, you can configure your client to trust the certificate explicitly. If you must exchange secure e-mail with several users in the other organization, you may want to configure a trust chain between a CA that you trust and the sender�s CA.

! Ensure that you can recover lost private keys. In many cases, a user�s private key is stored on the local computer in a secure part of the user�s profile. If that private key is lost due to a hard disk failure, you must be able to recover the private key; if you cannot, the user will not be able to decrypt messages using the associated public key. As a best practice, you should export a copy of the private key to a secure location to ensure that you can restore the key if needed. In most cases, you should also implement procedures on the CA to provide for private key archival and retrieval.

Troubleshooting S/MIME issues


Troubleshooting SSL Issues


Secure Sockets Layer (SSL) is a flexible security option that can be used to secure e-mail related traffic from most messaging clients using any of the Exchange Server 2003 supported protocols. With SSL, you can secure e-mail whether you are using HTTP (Outlook Web Access or Outlook Mobile Access), SMTP, IMAP4, POP3, or NNTP. SSL support is also enabled on Microsoft Outlook Express®, Microsoft Outlook®, Internet Explorer, as well as on most other Internet browsers and Internet protocol e-mail clients.

SSL is different than S/MIME in that SSL can only be used to authenticate computers on a network and then to encrypt data in transit on a network. With S/MIME, you can encrypt and sign e-mail messages and the messages remain signed or encrypted while in the user�s mailbox. With SSL, you can encrypt all network traffic as it transverses your network, but data is not encrypted while it is in storage.

One of the benefits of using SSL is that you can use SSL to encrypt all messaging-related protocols supported by Exchange Server 2003. Implementing SSL offers the following advantages:

! You can use Internet protocol applications to transmit confidential data on the unsecured Internet. All data is encrypted from the client to the server, including user authentication and messaging data.

! You can validate the identity of the Internet protocol server. The server provides its certificate as a form of authentication. If the client is configured to trust the certificate, and if the certificate passes all validity tests, the client will authenticate and trust the server.

Secure Sockets Layer can also be used to secure RPC over HTTP traffic. To use RPC over HTTP, you must deploy Exchange Server 2003 on Windows Server 2003 in a Windows Server 2003 Active Directory environment. Moreover, only Outlook 2003 clients support RPC over HTTP. If you do deploy RPC over HTTP, you can configure both the Exchange server and the client to require SSL, so that all RPC traffic is sent using HTTPS rather than HTTP.

Benefits of using SSL


Implementing SSL is significantly easier than implementing S/MIME because you do not need to deploy certificates to the e-mail clients. Instead most configurations for SSL occur on the Exchange server. Use the following steps to implement SSL.

1. Configure a server-based certificate. This server-based certificate is used to authenticate the server�s identity. The public key associated with the certificate is used to create the encryption keys for encrypting traffic on the network. In a Windows Server 2003 environment, you can use a commercial CA certificate or an internal CA to issue the certificate.

2. Configure the protocol virtual servers to require SSL. After installing the server certificate, configure the protocol virtual servers to require SSL. You can use the same server certificate for all messaging protocols but you must enable each protocol virtual server to use the certificate. To enable SSL support on protocol virtual servers, first add the server certificate to the server and then configure the protocol virtual server to require SSL.

Note When you configure a protocol virtual server to require SSL, itwill no longer accept any unsecured connections. If you need both secure and unsecure protocol virtual servers, you must configure two different virtual servers. If you want to make SSL optional on a protocol virtual server, you can install the server certificate on the server, but not require SSL on the virtual server.

3. Configure the network infrastructure to allow SSL ports. SSL uses ports different from those used by unsecured protocol traffic, so you must open the SSL ports. The following table shows the ports you must open when using SSL: Protocol SSL port POP3 110 and 995 if using SSL

IMAP4 143 and 993 if using SSL

SMTP 25 with or without SSL

NNTP 119 and 563 if using SSL

HTTP (Outlook Web Access and Outlook Mobile Access)

80 and 443 if using SSL

4. Configure the e-mail clients to use SSL. Once the server is configured to support SSL, configure each client to use SSL when connecting to the server.

5. If required, acquire a client certificate for Outlook Web Access (OWA) or Outlook Mobile Access (OMA) e-mail clients. In environments that require very high security, you may configure the HTTP virtual server to require client certificates. Client certificates enable mutual authentication, ensuring the identity of both the client and the server. If you require client certificates, you must acquire and install a client certificate on each client computer or device.

Implementing SSL


In most cases, troubleshooting SSL requires you to troubleshoot the server and network configuration rather than the client configuration. Use the following guidelines when troubleshooting SSL issues:

! Check the network configuration. To use SSL, clients must be able to connect to the Exchange server using the correct port numbers. If clients within your corporate intranet can use SSL, but cannot connect using SSL from the Internet, ensure the SSL ports are accessible from the Internet.

! Check the certificate trust path. The server certificate must be trusted by the e-mail client. If the certificate is not trusted, you may get an error message on the client computer indicating that the certificate is not trusted. You can then configure the client computer to trust the server certificate explicitly. If users frequently access your Exchange server using public computers, you should use a certificate from a trusted commercial CA.

! SSL is not supported between the front-end and back-end server. If you have deployed a front-end and back-end server topology, you cannot use SSL to secure traffic between the two servers. This means that the back-end protocol virtual servers used by the front-end servers cannot be configured to require SSL. To secure communication between front-end and back-end servers, you should configure IPSec.

! Check client configuration. Each e-mail client must be configured to support SSL. If one client cannot connect to your Exchange servers using SSL while other users can connect, the problem is almost certainly a client configuration error. If you have both SSL- and non-SSL-enabled protocol virtual servers accessible to the client, you can first ensure that the client can connect to the protocol virtual servers that do not require SSL. If they can connect to these servers, but not to the servers that require SSL, then check the client SSL configuration.

Troubleshooting SSL


Pre-Lab Discussion


E-mail security is a significant issue for most companies and a great deal of business-related information is sent using e-mail. The need for secure e-mail adds a layer of complexity to your e-mail infrastructure that can result in additional troubleshooting issues.

In this context, discuss what problems might cause the following symptoms:

! Users cannot send secure e-mail to each other using S/MIME. ! Users cannot access their mailboxes using RPC over HTTP. ! Users cannot receive Internet e-mail in a secure environment.


Lab: Troubleshooting Exchange Security




! Identify and resolve problems related to encrypting e-mail using S/MIME. ! Identify and resolve problems related to using SSL to secure e-mail. ! Identify and resolve problems related to Exchange Server 2003 security

configurations.

Important This lab addresses the concepts in this unit and therefore may not comply with Microsoft security recommendations. For example, this lab does not comply with the recommendation that you should not log on using an administrative account.

For the first two scenarios in the lab, you will use the London Virtual PC and the Acapulco Virtual PC.

To prepare for this practice:

1. Start 2011_London Virtual PC if it is not already started. 2. Log on as NWTraders\Administrator with a password of P@ssw0rd. 3. Start the 2011_Acapulco Virtual PC. You will use Outlook 2003 and

Outlook Express on Acapulco to send and receive e-mail.

London.nwtraders.msft is configured as a CA. To request a user certificate from this CA, connect to https://london.nwtraders.msft/certsrv and log on with the user name and password required for the lab. The CA is configured to issue certificates automatically from authenticated users.

Lab Virtual PC Configuration

Certificate Authority


In this lab, you will use the flowcharts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario, the Level 1 support comments, and then use the flowcharts to identify the cause of the problem. You will then need to perform the test case presented at each decision point in the flowchart to determine which path to follow. Use the letters on the flowchart to identify the Toolkit Resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and test your solution. When your solution resolves the problem presented in the scenario, you have successfully completed the lab.


Flow Chart Resources Resources Used for this Flow Chart A E F Help: Exchange: Managing Virtual Servers. To locate this information, open

Exchange System Manager, select Help, select Help Topics and then select Search. Search for Configure Virtual Servers and select the appropriate topic for the type of virtual server.

C Help: Outlook: Obtaining a Digital ID. To locate this information, open Outlook help and then search for Get a digital ID.

C Help: Outlook: Sending Secure Mail. To locate this information, open Outlook help and then search for Encrypt or digitally sign messages.

B Help: Outlook: Verifying account configuration. To locate this information, open Outlook help and then search for View or change e-mail account settings.

F Help: Outlook Express: Adding a Contact�s Digital ID to your Address Book. To locate this information, open Outlook Express help and then search for Add a contact�s digital ID to your Address Book.

F Help: Outlook Express: Obtaining a Digital ID. To locate this information, open Outlook Express help and then search for Obtain a digital ID and add it to your e-mail account.

B Help: Outlook Express: Verifying account configuration. To locate this information, open Outlook Express help and then search for Add a mail or news account.

A Help: Windows: Testing DNS. To locate information on locating resource records using DNS administrator snap-in, search for Manage Resource Records.

F Help: Windows: Troubleshoot IPSec. To locate information regarding troubleshooting IPSec, search Windows Server 2003 Online Help for IPSec and then select Troubleshooting: Internet Protocol Security (IPSec).

A Impact of Virus and Content Scanners on Messaging Functionality

D Implementing and Testing RPC over HTTP

E F Implementing SSL for Exchange Server 2003

B Verifying that a Server is Online

A Using Dcdiag and Netdiag to Verify the Network Infrastructure

E F Using S/MIME to Sign and Seal E-mail Messages

A F Using the Telnet Command to Test the TCP Port Restrictions on a Firewall


Navigating the flowchart



1. C

heck

tha

t H

TTP

virt

ual s

erve

r su

ppor

ts S

SL

2. C

heck

HTT

P se

rver

sec

urity

co

nfig

urat

ion

3. C

heck

clie

nt b

row

ser

type

and

ve

rsio

n4. C

heck

clie

nt s

ecur

ity c

onfig

urat

ion

Yes,

but

not

secu

ree-

mai

l

No

No

1. C

heck

fire

wal

l to

see

if it

allo

ws

S

MTP

tra

ffic

into

net

wor

k2. C

heck

DN

S H

ost

and

MX

reco

rds

3. C

heck

SM

TP v

irtu

al s

erve

r t

o ve

rify

it

resp

onds

on

port

25

4. C

heck

sec

urity

con

figur

atio

n on

the

S

MTP

vir

tual

ser

ver

5. C

heck

SM

TP g

atew

ay o

r sm

art

host

co

nfig

urat

ion

6. C

heck

ant

i-viru

s an

d co

nten

t sc

anni

ng s

olut

ions

Yes

1. C

heck

tha

t re

quire

d vi

rtua

l ser

vers

su

ppor

t se

cure

pro

toco

ls2. C

heck

tha

t re

quire

d vi

rtua

l ser

vers

are

ac

cess

ible

fro

m t

he In

tern

et u

sing

sec

ure

po

rts

3. C

heck

vir

tual

ser

ver

secu

rity

conf

igur

atio

n4. C

heck

sec

urity

con

figur

atio

n on

the

clie

nt5. C

heck

inst

alla

tion

of s

ecur

e e-

mai

l ce

rtifi

cate

for

sig

ning

mes

sage

s6. C

heck

rec

eipt

of se

cure

mai

l cer

tific

ate

fr

om r

ecip

ient

for

sea

ling

mes

sage

s

POP/

IMAP

OW

AB

A

C

E

D

Sta

rt

1. Ve

rify

that

the

ser

ver

is o

nlin

e2. Ve

rify

that

the

clie

nt c

an co

nnec

t to

the

Exc

hang

e se

rver

3. C

heck

em

ail c

lient

con

figur

atio

n

MAP

I

1. C

heck

sec

urity

con

figur

atio

n on

the

clie

nt2. Ve

rify

inst

alla

tion

of s

ecur

e m

ail

ce

rtifi

cate

on

clie

nt for

sig

ning

m

essa

ges

3. Ve

rify

rece

ipt

of s

ecur

e m

ail

ce

rtifi

cate

fro

m r

ecip

ient

for

en

cryp

ting

mes

sage

s

Trou

bles

hoot

ing

Secu

rity

Issu

es

Out

look

RPC

ove

r H

TTP

1. C

heck

tha

t R

PC o

ver

HTT

P co

mpo

nent

is in

stal

led

on

fr

ont-e

nd s

erve

r2. C

heck

tha

t th

e R

PC v

irtu

al di

rect

ory

in II

S is

con

figur

ed3. C

heck

tha

t po

rt n

umbe

rs a

re co

nfig

ured

in t

he r

egis

try

of Ex

chan

ge s

erve

rs a

nd g

loba

l ca

talo

g se

rver

s4. C

heck

tha

t N

SPI

inte

rfac

e pr

otoc

ol se

quen

ces

are

conf

igur

ed o

n th

e gl

obal

cat

alog

ser

ver

5. C

heck

tha

t O

utlo

ok p

rofil

e co

nfig

ured

cor

rect

ly

F

Is O

utlo

okus

ing

MAP

I or

RPC

over

HTT

P?

Wha

t is

the

clie

nt t

ype?

Can

the

use

rse

nd u

nsec

ure

emai

l?

Are

all

user

s af

fect

ed?


A

B

Trou

bles

hoot

ing

Sec

urity

Issu

es

1. C

heck

fire

wal

l to

see

if it

allo

ws

S

MTP

tra

ffic

into

net

wor

k.2. C

heck

DN

S H

ost

and

MX

reco

rds

2. C

heck

SM

TP v

irtu

al s

erve

r t

o ve

rify

it

resp

onds

on

port

25

3. C

heck

sec

urity

con

figur

atio

n on

the

S

MTP

vir

tual

ser

ver

4. C

heck

SM

TP g

atew

ay o

r sm

art

host

co

nfig

urat

ion

5. C

heck

ant

i-viru

s an

d co

nten

t sc

anni

ng s

olut

ions

1. Ve

rify

that

the

ser

ver

is o

nlin

e2. Ve

rify

that

the

clie

nt c

an

co

nnec

t to

the

Exc

hang

e se

rver

3. C

heck

em

ail c

lient

con

figur

atio

n

Can

the

use

rse

nd u

nsec

ure

em

ail?

Are

all

user

s af

fect

ed?

Sta

rt

No

No

Yes

Yes,

but

not

secu

ree-

mai

l


C D

Trou

bles

hoot

ing

Sec

urity

Issu

es

EF

1. C

heck

sec

urity

con

figur

atio

n on

the

clie

nt2. Ve

rify

inst

alla

tion

of s

ecur

e m

ail

ce

rtifi

cate

on

clie

nt for

sig

ning

m

essa

ges

3. Ve

rify

rece

ipt

of s

ecur

e m

ail

ce

rtifi

cate

fro

m r

ecip

ient

for

en

cryp

ting

mes

sage

s

1. C

heck

tha

t R

PC o

ver

HTT

P co

mpo

nent

is in

stal

led

on

fr

ont-e

nd s

erve

r2. C

heck

tha

t th

e R

PC v

irtu

al

di

rect

ory

in II

S is

con

figur

ed3. C

heck

tha

t po

rt n

umbe

rs a

re

co

nfig

ured

in t

he r

egis

try

of

Ex

chan

ge s

erve

rs a

nd g

loba

l ca

talo

g se

rver

s4. C

heck

tha

t N

SPI

inte

rfac

e pr

otoc

ol

se

quen

ces

are

conf

igur

ed o

n th

e gl

obal

cat

alog

ser

ver.

5. C

heck

tha

t O

utlo

ok p

rofil

e co

nfig

ured

cor

rect

ly

1. C

heck

tha

t H

TTP

virt

ual s

erve

r su

ppor

ts S

SL.

2. C

heck

HTT

P se

rver

sec

urity

co

nfig

urat

ion

3. C

heck

clie

nt b

row

ser

type

and

ve

rsio

n4. C

heck

clie

nt s

ecur

ity c

onfig

urat

ion

1. C

heck

tha

t re

quire

d vi

rtua

l ser

vers

su

ppor

t se

cure

pro

toco

ls.

2. C

heck

tha

t re

quire

d vi

rtua

l ser

vers

are

ac

cess

ible

fro

m t

he In

tern

et u

sing

se

cure

por

ts3. C

heck

vir

tual

ser

ver

secu

rity

conf

igur

atio

n 4. C

heck

sec

urity

con

figur

atio

n on

the

clie

nt

5. C

heck

inst

alla

tion

of s

ecur

e e-

mai

l ce

rtifi

cate

for

sig

ning

mes

sage

s6. C

heck

rec

eipt

of se

cure

mai

l cer

tific

ate

fr

om r

ecip

ient

for

sea

ling

mes

sage

s

Is O

utlo

okus

ing

MAP

I or

RPC

ove

r H

TTP?

Wha

t is

the

clie

nt t

ype?

Out

look

MAP

I

RPC

ove

r H

TTP

OW

A

POP/

IMAP


Exercise 1 Troubleshooting Solutions When Users Cannot Send and Receive Encrypted E-mail

In this exercise, you will use the flowchart and the Lab Toolkit resources to identify and resolve the problem in the scenario.

Fernando Caro has entered a service request. The service request states that Fernando cannot send and receive encrypted e-mail from Eric Parkinson. Both users work in the accounting department and frequently send highly confidential documents to each other. Both users� mailboxes are on London.

You must resolve the problem so that both users can send and receive encrypted and signed e-mail from each other. Read the Level 1 support comments, and resolve the problems.

In this exercise, you will need to log on to Outlook 2003 on Acapulco using NWTraders\EricParki. You will need to use Outlook Express on London using NWTraders\FernandoCaro for an identity.

�I talked to both Eric and Fernando. Eric Parkinson works in the office and is using Outlook 2003 as his e-mail client. Fernando Caro works from a remote office that does not have a dedicated connection to the head office, and so he uses Outlook Express which has an IMAP connection to the Exchange server.

�Eric and Fernando are involved in highly confidential negotiations to buy another company so they have to be able to send encrypted and signed e-mail to each other.

�I confirmed that both of them can get access to e-mail on the Exchange server using their normal clients.

�They both say that they have not sent encrypted e-mail to anyone else in the company, and do not need to do so.

�I told both of them that I didn�t know if we could set them up to send encrypted e-mail to each other. They were not impressed by this.�

Scenario




________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


Exercise 2 Troubleshooting Solutions When Users Cannot Connect to Exchange Using RPC over HTTP


In this scenario, you will test to ensure that RPC over HTTP is working. To ensure that Outlook is connecting to the Exchange server using RPC over HTTP rather than RPC over TCP/IP, use the following procedure:

1. Open Outlook using a profile that is configured to use RPC over HTTP. 2. From your desktop, in the Application tray, hold down the CTRL key, right-

click the Outlook icon, and then click Connection Status. 3. In Connection Status, verify that the connection type is HTTPS.

Judy Lew has entered a service request. Her service request states that she cannot connect to her mailbox from home. Judy Lew is one of the first users to be configured to use RPC over HTTP, and her connection is not working.

You must resolve the problem so that Judy Lew can connect to the Exchange server using RPC over HTTP. Read the Level 1 support comments, and resolve the problems.

In this exercise, you will need to log on to Outlook 2003 on Acapulco using NWTraders\JudyLew.

�She picked up the laptop at the office, and her e-mail worked fine in the office. She was told that the laptop was completely configured and ready to go. But when she connects to the Internet from home, she can�t get access to her e-mail. She can open Outlook and she gets a logon screen. When she enters her username and password, the logon screen keeps coming back. I got her to try to use nwtraders\judylew and [email protected] and neither name works.

�She says that she can browse the Internet from home.�

Scenario




________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


Exercise 3 Troubleshooting Solutions When Users Cannot Receive Internet E-mail


For this exercise, you will use the London Virtual PC and the Vancouver Virtual PC.


2. Start the 2011_Vancouver Virtual PC. 3. Log on to Vancouver as Contoso\administrator with a password of

P@ssw0rd. You will use Vancouver to simulate an Internet SMTP server to troubleshoot Internet e-mail delivery.

4. You will use Outlook Web Access on London to test e-mail functionality on the London Virtual PC.

5. To create the troubleshooting scenarios, run the Breaklab8c.bat from the c:\moc\2011\Labfiles\Lab08 directory located on 2011_London Virtual PC.

Deb Waldal has entered a service request. Her service request states that she cannot receive Internet e-mail. She is not receiving any messages from the Internet.

You must resolve the problem so that Deb can receive e-mail from the Internet. Read the Level 1 support comments, and resolve the problems.

In this exercise, you will need to log on to OWA on London using NWTraders\DebWalda.

�Urgent!! Talked to Deb and she says a customer sent her some urgent e-mail first thing this morning and it hasn�t been delivered. Checked if I could receive e-mail from the Internet, and I cannot receive Internet e-mail either.

�Immediately escalated this to second-level support.�

Scenario




________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

For this lab, you used the Vancouver and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image.






Lab Virtual PC Clean-Up


Lab Discussion





! What is different in your work environment than the test environment? ! How would your work environment change the troubleshooting process? ! What steps would you take in the future when troubleshooting similar

problems?


Workshop Evaluation


Your evaluation of this workshop will help Microsoft understand the quality of your learning experience.

At a convenient time before the end of the workshop, please complete a workshop evaluation, which is available at http://www.CourseSurvey.com.

Microsoft will keep your evaluation strictly confidential and will use your responses to improve your future learning experience.


Contents

Overview 1

Standard Migration Overview 2

External Migration Overview 5

Troubleshooting Migration Issues 7


Lab: Troubleshooting the Migration to Exchange 2003 12

Lab Discussion 24

Unit 9: Troubleshooting the Migration to Exchange 2003


Unit 9: Troubleshooting the Migration to Exchange 2003 1

Overview


Because you cannot migrate from Microsoft® Exchange 5.5 to Microsoft Exchange Server 2003 without also migrating from a Microsoft Windows NT� domain infrastructure to Microsoft Active Directory® directory service, the migration from Exchange 5.5 to Exchange Server 2003 can be complicated.

This unit provides an overview of the two primary strategies for migrating from Exchange 5.5 to Exchange Server 2003. The standard migration is to upgrade or migrate the Windows NT domains to Active Directory and then to upgrade the Exchange 5.5 organization to an Exchange Server 2003 organization. The external migration strategy is to create a new Microsoft Windows Server� 2003 Active Directory forest and a new Exchange Server 2003 organization. Once these have components have been created, you would then migrate the Windows NT user and computer objects into the forest, establish any connectivity to other messaging systems, and then migrate the mailboxes and public folders into the Exchange organization. In most cases, implementing the standard migration is easier, but the external migration has the advantage that you can change the domain and Exchange organization structure.

After completing this unit, students will be able to:

! Identify the underlying causes when a user cannot access their mailbox after a migration and resolve the problem.

! Identify the underlying causes when a user cannot send e-mail to the Exchange 5.5 organization during a migration and resolve the problem.

! Identify the underlying causes when a user cannot send e-mail to some users during a migration and resolve the problem.

Objectives

2 Unit 9: Troubleshooting the Migration to Exchange 2003

Standard Migration Overview


A standard migration involves upgrading the existing Exchange 5.5 organization to an Exchange Server 2003 organization. This migration path is the easiest to take, because you can just prepare Active Directory for Exchange Server 2003, install Exchange Server 2003 servers, and then move mailboxes, public folders, and connectors from the Exchange 5.5 servers to the Exchange Server 2003 servers. There are no coexistence issues in a standard migration.

Before you can install Exchange Server 2003, you need to create an Active Directory Forest and then prepare the forest for a computer running Exchange Server 2003. A computer running Exchange Server 2003 stores all its configuration and recipient information in Active Directory, so it cannot install Exchange 2003 in a Windows NT domain.

The first step in migrating from Exchange 5.5 to Exchange Server 2003 is to perform a domain migration from Windows NT to Windows Server 2003 Active Directory. There are two primary ways to perform this migration:

! Upgrade existing Windows NT 4.0 domain to Active Directory domains. With this option, you upgrade the domain by upgrading the primary domain controller from Windows NT 4.0 to Windows Server 2003. After the operating system upgrade is completed, the domain is also upgraded to Windows Server 2003 Active Directory. Upgrading the domain in this way retains the security identifier (SID) for each user and group account, which means that user access to domain resources is not affected.

! Use Active Directory Migration Tool (ADMT) to migrate users and computers from a Windows NT 4.0 domain to an Active Directory domain. With this option, you create a new Active Directory domain and then use the ADMT to create cloned user accounts from the Windows NT domain in the Active Directory domain. When you clone the user accounts, you can retain the SID that the users had in the Windows NT domain by using the SIDHistory attribute, so that users can log into the Windows Server 2003 domain and retain access to resources in the Windows NT domain.

Preparing Active Directory

Creating and populating the Active Directory forest


In some cases, you may use a combination of the two migration options. For example, you may upgrade one of your Windows NT domains, and then use ADMT to migrate users and computers from other domains into the upgraded domain.

After you populate Active Directory with Windows NT 4.0 user and group accounts, the next step is to connect your Exchange 5.5 directory to Active Directory. To do this, you must implement the Active Directory Connector (ADC). The ADC synchronizes mailbox and distribution list information from the Exchange 5.5 directory to Active Directory user accounts and groups, thereby eliminating the need for re-entering this data in Active Directory.

One issue that you need to confront before you implement the ADC is that, in Windows NT 4.0 and Exchange 5.5, you could have a user account that was the primary NT account for more than one mailbox. Active Directory and Exchange 2003 no longer allow a user account with more than one mailbox. You can use the Resource Mailbox Wizard from the ADC Tools to match the appropriate primary mailbox to the Active Directory account and stamp other mailboxes with the NTDSNoMatch value, which designates the mailboxes as resource mailboxes. If you do this, the ADC will create new user accounts for the resource mailboxes in Active Directory.

After you configure the Active Directory Connector, run Exchange 2003 Setup using the ForestPrep command-line switch. Exchange 2003 ForestPrep extends the Active Directory schema to include Exchange-specific classes and attributes. ForestPrep also creates the container object for the Exchange organization in Active Directory. You need only run ForestPrep once in a forest.

The account you use to run ForestPrep must be a member of the Enterprise Admins and the Schema Admins groups. You must also designate an account that has Exchange Full Administrator permissions to the organization object. This account will be granted the authority to install and manage Exchange 2003 throughout the forest. This account also will be granted the authority to delegate additional Exchange Full Administrator permissions after the first server is installed.

After you run ForestPrep and allow time for replication, you must run Exchange 2003 DomainPrep. DomainPrep creates the groups and permissions necessary for Exchange servers to read and modify user attributes. The account you use to run DomainPrep must be a member of the Domain Admins group in the local domain and must also be a local computer administrator. You must run DomainPrep in the forest root domain, in all domains that will contain Exchange 2003 servers, and in all domains that will contain Exchange Server 2003 recipients.

After you finish preparing the Active Directory forest, you can begin installing Exchange 2003 servers. When you install the initial Exchange 2003 server into an Exchange 5.5 site, Exchange 2003 Setup creates an administrative group that maps to the Exchange 5.5 site, and also creates a configuration connection agreement between Active Directory and your Exchange 5.5 site. Configuration connection agreements replicate Exchange-specific configuration information between the Exchange 5.5 directory and Active Directory. These agreements help Exchange 2003 to coexist with previous versions of Exchange. Exchange Server 2003 automatically manages the configuration connection agreements.

Implementing Active Directory Connector

Run ForestPrep

Run DomainPrep

Installing Exchange Server 2003


The final migration task is to move your Exchange 5.5 mailbox, public folder contents and the messaging connectors to Exchange 2003 servers. To move mailboxes from an Exchange 5.5 server to an Exchange 2003 server in the same administrative group, use the Exchange Task Wizard in Active Directory Users and Computers. With the Exchange Task Wizard, you can select user accounts with mailboxes on the Exchange 5.5 server and move multiple mailboxes at one time to the Exchange 2003 servers. When moving mailboxes from an Exchange 5.5 server in one administrative group to an Exchange 2003 server in another administrative group, you will need to use a tool like Exmerge.

Exchange Server 2003 includes the Microsoft Exchange Public Folder Migration Tool (pfMigrate) which is used to migrate both system folders and public folders from Exchange 5.5 servers to Exchange 2003 servers. You can use pfMigrate to create system folders and public folder replicas on the new server and, after the folders have been replicated, you can remove the replicas from the source server. The pfMigrate tool is run from the Exchange Server Deployment Tools, which are launched automatically when you access the Exchange Server 2003 installation media.

In order to migrate messaging connectors from Exchange 5.5 servers to Exchange 2003 servers, you will need to configure new connectors on the Exchange 2003 servers that provide the same functionality as the connectors on Exchange 5.5. If you configure the Exchange 2003 connectors with a lower cost, all messaging traffic will start flowing through the Exchange 2003 connectors. After confirming that all messages are using the Exchange 2003 connectors, you can delete the connectors from the Exchange 5.5 servers.

Note The Exchange Server 2003 compact disk includes the Exchange Server Deployment Tools which consists of tools and documentation that help with your migration. You should use the Exchange Server Deployment Tools to guide you through the migration process.

Moving mailboxes, public folders and connectors


External Migration Overview


Another option for performing an Exchange migration is to create an Exchange 2003 organization, and then migrate all Exchange objects such as mailboxes, public folders and custom recipients from the original Exchange 5.5 organization to the new Exchange 2003 organization. Performing an external migration can be significantly more complicated than a standard migration, especially if the migration will take an extended period and you require coexistence between the two organizations during the migration. The first steps in an external migration are similar to the standard migration.

To prepare the Active Directory forest for an external migration, you must install a new Active Directory forest and then use ADMT to migrate user accounts into the new forest. In most cases, you will migrate the user accounts from the Windows NT domain before you migrate the mailboxes. This means that the users may be logging into the Active Directory domain, but still attempting to access their mailboxes on the Exchange servers in the Windows NT domain. To allow migrated users to continue to access their Exchange 5.5 mailboxes, you must choose to migrate the user SIDHistory from the Windows NT domain.

You also need to run ForestPrep and DomainPrep in the new Active Directory forest.

You must migrate the Exchange 5.5 mailbox ACLs if you need your migrated users to continue to have access to their Exchange 5.5 mailbox for any period after the user account migration is completed. To do this, use ADMT to modify the primary NT account attribute on the mailboxes on the Exchange 5.5 servers to use the cloned Active Directory accounts.

Preparing Active Directory


You must also install and run the Active Directory Connector as part of an external migration. Similar to a standard migration, you should use the Resource Mailbox Wizard to populate the resource mailbox attribute with the NTDSNoMatch value to ensure that the ADC will create the appropriate user accounts in Active Directory. If you are performing an external migration, however, you must configure an interorganization connection agreement when you configure the connection agreements in the ADC. This connection agreement synchronizes information between the Exchange 5.5 organization and the Active Directory forest. You cannot use the Exchange Deployment tools to create an interorganization connection agreement.

In an external migration, you can start installing Exchange 2003 servers after you have run ForestPrep and DomainPrep. Because the servers are in an organization different from the original Exchange 5.5 organization, you can deploy the servers early in the migration project and test mail connectivity without affecting the production environment. You can also configure all the messaging connectors in the new organization, confirm that messages flow throughout the organization, and confirm that messages are flowing to and from the Internet.

The Exchange Server Migration Wizard can be used to migrate mailboxes from an Exchange 5.5 server in one organization to an Exchange 2003 server in another organization. The wizard extracts data from other messaging systems and imports that data into Active Directory and the Exchange store. The wizard can add new users to Active Directory if you migrate mailboxes that do not already have a corresponding user account in Active Directory, and it adds new e-mail and calendar data to the Exchange store for any new user accounts that are created during migration. You can use the wizard to migrate all the information in the Exchange 5.5 mailboxes including: inbox, drafts, sent items, calendar, tasks, custom folders created by the mailbox owner, and contacts.

After you move the mailboxes, you can replicate the public folders. To replicate public folders between the different Exchange organizations, use the InterOrg Replication Utility. This utility allows the coordination of meetings, appointments, contacts, and public folder information between Exchange organizations.

An external migration is usually much more complicated than a standard migration. The primary reason for this complication is that the migration can take an extended period in a large corporation. During this migration project, you not only have to support two Exchange organizations, but you also have to manage the coexistence between the two organizations. In most cases, companies cannot afford any extended disruption in messaging services. There are many issues that you may need to deal with during the period of coexistence, including:

! Message routing between the two organizations. ! SMTP address sharing between the two organizations. ! Maintaining current global address list information in both organizations. ! Dealing with client configuration issues in both organizations.

Note The lab in this unit deals with several of the coexistence issues that can arise during an external migration. The toolkit resources in the lab provide alternatives for dealing with and troubleshooting these issues.

Installing Exchange Server 2003

Moving mailboxes and public folders

Coexistence during migration


Troubleshooting Migration Issues


The migration from Exchange 5.5 to Exchange Server 2003 is a complicated procedure. There are many opportunities for the migration to go wrong and, as a result, many troubleshooting opportunities.

Preparing the Active Directory forest is the first step in an Exchange migration. There are several points at which this preparation could fail. One simple way to minimize problems during migration is to use the Exchange Deployment Tools whenever possible.

Using the following guidelines when troubleshooting Active Directory Migration Tool issues:

! Check Domain Controller availability. In order to migrate user accounts from one domain to another, the workstation or server where you run the ADMT must be able to connect to domain controllers in both domains. Use the DCDiag command-line tool to test connectivity. If the domain controllers are not accessible, check DNS or WINS to determine connectivity issues.

! Verify source domain controllers are NT 4.0 SP4 or higher. The Windows Server 2003 version of ADMT requires that the NT 4.0 domain controllers have at least SP4 or higher installed.

! Verify two way trusts between the domains. In order to migrate user accounts, each of the two domains must be configured with a two-way trust with the other domain. Use Windows Server 2003 Active Directory Domains and Trusts to verify the trusts. If the trusts are listed, but cannot be verified, delete the trusts from both domains and recreate them.

! Verify that you have administrative permissions in both domains. To migrate the user accounts, you must be a member of the Administrators group on the Windows NT domain controllers, and a member of the Domain Admins group in the Windows Server 2003 domain. In most cases, the easiest way to configure this is to add your user account to both groups. The trusts between the domains must be in place before you can add your user account to the Windows NT group.

Troubleshooting Active Directory preparation

Troubleshooting the Active Directory Migration Tool


! Verify that the Windows Server 2003 domain is at Windows 2000 Native functional level or higher. To populate the SIDHistory attribute, the destination domain must be at this functional level. If the domain is not at the required functional level, determine if there is any reason why the domain functional level has not been raised. If possible, raise the functional level to at least Windows 2000 Native before running the ADMT.

Using the following guidelines when troubleshooting ForestPrep and DomainPrep issues:

! Verify that you have the required administrative rights. To run setup with the ForestPrep command-line option, you must use a user account that is a member of the Schema Admins and Enterprise Admins group. To run setup with the DomainPrep command line option, you must be a member of the Domain Admins group in the domain that you are preparing.

! Verify that the schema master domain controller is available. To run ForestPrep, the schema master must be accessible on the network. As a best practice, you should run ForestPrep on the domain controller that holds the schema master role.

! Verify that the domain naming master is available. In order to run DomainPrep, the domain naming master must be accessible on the network.

Using the following guidelines when troubleshooting Active Directory Connector issues:

! Verify correct Active Directory Connector version is installed. To synchronize Exchange 5.5 information to Windows Server 2003 Active Directory, you must use the Exchange Server 2003 or the Windows Server 2003 version of the Active Directory connector. To replicate configuration information from the Exchange 5.5 organization to Active Directory, you must use the Exchange Server 2003 version of the ADC. If you have already implemented Active Directory Connector using the Exchange 2000 version, you must upgrade the ADC to the Exchange Server 2003 version throughout your organization.

! Check the Connection Agreement configuration. If the ADC is not replicating directory information as you expected, there are several configuration settings on the ADC that you can review:

• Check the replication direction. The connection agreement can be configured to replicate from Exchange to Active Directory, from Active Directory to Exchange or both ways. If directory information is only being replicated in one direction, then check the replication direction.

• Check the user account permissions. To configure a two-way connection agreement, you must provide a user name and password for user accounts that have read and write permissions in both Active Directory and Exchange 5.5. If information is not being replicated in one direction, check the permissions assigned to the user account.

Troubleshooting ForestPrep and DomainPrep

Troubleshooting Active Directory Connector


• Check the source and destination directory containers. If the replicated objects are not appearing where you expected in either directory, then check the destination container. If some objects are not being replicated at all, then check the source directory container.

• Check the primary connection agreement configuration. If you have more than one Exchange 5.5 site or more than one Active Directory domain and duplicate objects are being created in either directory, then check the primary connection agreement configuration. The primary connection agreement setting specifies where new objects will be created the other directory, and if you have two connection agreements that are configured as primary, duplicate objects may be created.

Using the following guidelines when troubleshooting mailbox migration issues:

! Verify availability of both servers. If you cannot migrate mailboxes from one server to another, then verify that both the Exchange servers are available. If you are using one of the migration tools in Exchange Server 2003 to move the mailboxes, the tool will tell you which server is not available. If one server is not available, try opening a mailbox on the server using an e-mail client from a workstation. If you can connect using the e-mail client, then check the network configuration of the server where you are running the migration tool. If you cannot open the mailbox using an e-mail client, then check the network connectivity to the server, and ensure that all required Exchange services are running on the server.

! Must have Send As and Receive As permissions when using Exmerge. To migrate mailboxes to an Exchange 2003 server, you must use a user account that has Send As and Receive As permissions for every mailbox that you migrate. In an Exchange 5.5 organization, the Exchange service account has these permissions.

Using the following guidelines when troubleshooting client issues:

! Check the profile configuration. Whenever a user mailbox is moved from one site to another or from one organization to another, the user profile must be modified on the user workstation. In some cases, you can just reconfigure the user profile to use the new Exchange server in the new organization. However, there are several issues that can complicate the client reconfiguration. For example, if the client is using an offline folder store (.ost file), the .ost file must be deleted and recreated after the mailbox is moved. If the user has problems with their e-mail profile after the migration, often the easiest solution is to delete the profile and recreate it.

! Troubleshooting mailbox connectivity issues before moving the mailbox. In some cases, users cannot connect to their mailbox after you run the ADMT. If the mailboxes are still on the Exchange 5.5 servers, and the users are logging into the Active Directory domain, verify that the SIDHistory attribute is populated on the user accounts. If you have run the Exchange Directory Migration Wizard in ADMT, then verify that the primacy NT accounts on the Exchange mailboxes have been changed to the Active Directory accounts.

Troubleshooting mailbox migration

Troubleshooting client issues


! Troubleshooting mailbox connectivity issues after moving the mailbox. In some cases, users cannot connect to their mailboxes after the migration. The first step in troubleshooting is to verify that the client workstation has network connectivity to the server, and that the client can resolve the server name. If the client workstation can connect to the server, then check the mailbox permissions. If the user account was the primary NT account for multiple mailboxes on the Exchange 5.5 server and the NTDSNoMatch attribute was not configured correctly, the user�s account may be linked to a resource mailbox and a new account created for the user�s personal mailbox.

Note The lab in this module includes a client connectivity issue that youneed to troubleshoot. For additional information on client configuration issues that you may need to troubleshoot, review the toolkit resources included in the lab.


Pre-Lab Discussion


The migration from Exchange 5.5 to Exchange Server 2003 is a complicated process. This unit discussed two options for migrating from Exchange 5.5 to Exchange Server 2003; either by performing a standard migration or by performing an external migration.

The lab in this unit assumes that you have started an external migration. The lab is configured to simulate an environment where you have migrated all the user accounts to Active Directory and you have moved some mailboxes to Active Directory. This means that you have two Exchange organizations that must coexist.

In this scenario, a number of issues could arise that you need to troubleshoot. In this context, discuss what problems might cause the following symptoms:

! Users cannot access their mailboxes using their Microsoft Outlook® client. ! Internet e-mail is not being delivered to some users while it is being

delivered to other users. ! A user cannot send e-mail to some users, but can send e-mail to other users.


Lab: Troubleshooting the Migration to Exchange 2003




! Identify the underlying causes when users cannot access their mailboxes after a migration and resolve the problem.




In this lab, you will troubleshoot errors that may appear during a migration from Exchange 5.5 to Exchange Server 2003. The lab environment simulates an external migration in which the Contoso Exchange 5.5 organization is being migrated to the Northwind Traders Exchange Server 2003 organization. The lab scenario assumes that the migration is partially completed and the two Exchange organizations coexist while the migration is completed.

Lab scenario


The following diagram illustrates how the relevant domains are configured in the scenario.

Important In this scenario, all the user accounts in the Contoso domain have been migrated to the Nwtraders domain. All users should be logging into the Nwtraders domain. The only exception is if you need to log in as Contoso\Administrator.

The following diagram illustrates the message-routing design that is being implemented at Northwind Traders. All inbound and outbound Internet e-mail must be routed through London.nwtraders.msft.

Lab Domain Configuration

Internet Message Routing Design


For this lab, you will use the London Virtual PC and the Vancouver Virtual PC.


1. Start 2011_London-Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with a password of P@ssw0rd. You

will use Outlook Web Access (OWA) on London to check e-mail for the affected users in the lab scenarios.

3. Start the 2011_Vancouver Virtual PC.

In this lab, you will use the flowcharts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario, the Level 1 support comments, and then use the flowcharts to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flowchart to determine which path to follow. Use the letters on the flowchart to identify the Toolkit Resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario, you have successfully completed the lab.

Lab Virtual PC Configuration

Navigating the flowchart



Flow Chart Resources

Resources Used for this Flow Chart

E Help: Exchange 2003. Configuring an SMTP Connector. To locate this information, open

the Exchange System Manager, click Help, then click Help Topics, and then click Search. Search for SMTP Connector and then select Install an SMTP Connector.

C D E Help: Exchange 2003. Configuring Diagnostic Logging. To locate this information, open the Exchange System Manager, click Help, then click Help Topics, and then click Search. Search for Diagnostic Logging and then select Configure Diagnostic Logging.

C D E Help: Exchange 2003: Tracking Messages. To locate this information, open the Exchange System Manager, click Help, then click Help Topics, and then click Search. Search for message tracking and then select Use the Message Tracking Center.

A B Help: Exchange 2003. Viewing and Modifying Mailbox Permissions. To locate this information, search for Mailbox permissions and click the article named Manage Mailbox Permissions.

A B Help: Exchange 5.5. Viewing and Modifying Mailbox Permissions. To view this information, open the Exchange Administrator and click a mailbox in the recipients� container. Click the Permissions tab and then click Help.

D Help: Windows: Testing DNS. To locate information on locating resource records, open DNS administrator snap-in and search for Manage Resource Records.

D Help: Windows: Using NSLookup. To locate information on using NSLookup to test DNS, open a command prompt and type NSLookup to start the NSLookup tool, and then type Help.

A Help: Windows: Verifying Trusts between NT 4 and Windows Server 2003 domains. To locate information on verifying trusts search for Verify Trusts click the article entitled Verify a trust.

C D Configuring a Shared SMTP Address Space

C D E Routing Messages During Migration

B C Troubleshooting Addressing Errors

A C D E Verifying That a Server is Online

A B Verifying That the SIDHistory Attribute Is Populated on Migrated Objects




Trou

bles

hoot

ing

the

Mig

ratio

n to

Exc

hang

e 2

00

3

A B

C

E

D

Can

the

use

r ac

cess

the

ir m

ailb

ox?

Sta

rt

How

man

y us

ers

are

expe

rienc

ing

mes

sage

del

iver

y er

rors

?

1.

Verif

y se

rver

is o

nlin

e2

. C

heck

clie

nt c

onfig

urat

ion

and

SID

3.

Che

ck m

ailb

ox p

erm

issi

ons

4.

Che

ck d

omai

n tr

usts

1.

Che

ck r

ecip

ient

add

ress

2.

Che

ck c

lient

con

figur

atio

n an

d S

ID3

. C

heck

clie

nt a

ddre

ss b

ook

co

nfig

urat

ion

for

addr

essi

ng e

rror

s4

. C

heck

mai

lbox

per

mis

sion

s

Did

you

m

odify

Exc

hang

e 5

.5

mai

lbox

con

figur

atio

n or

per

mis

sion

s?

End

Res

tart

Exc

hang

e 5

.5

dire

ctor

y se

rvic

e

Is m

essa

ge

deliv

ery

faili

ng f

or

Inte

rnet

e-m

ail?

Is t

he m

essa

ge

bein

g se

nt t

o th

e In

tern

et?

1.

Verif

y se

rver

is o

nlin

e2

. C

heck

mes

sage

rou

ting

conf

igur

atio

n

to t

he In

tern

et3

. C

heck

SM

TP c

onne

ctor

con

figur

atio

n4

. Tr

ack

mes

sage

s5

. En

able

dia

gnos

tic lo

ggin

g on

tra

nspo

rt

1.

Verif

y se

rver

is o

nlin

e2

. C

heck

add

ress

ing

conf

igur

atio

n in

bot

h

orga

niza

tions

3.

Che

ck if

org

aniz

atio

ns a

re s

harin

g an

SM

TP

ad

dres

s sp

ace

4.

Che

ck m

essa

ge r

outin

g co

nfig

urat

ion

betw

een

th

e or

gani

zatio

ns5

. Tr

ack

mes

sage

s6

. En

able

dia

gnos

tic lo

ggin

g on

tra

nspo

rt

1.

Verif

y se

rver

is o

nlin

e2

. C

heck

mes

sage

rou

ting

conf

igur

atio

n fr

om t

he

In

tern

et3

. C

heck

DN

S M

X re

cord

con

figur

atio

n4

. C

heck

if o

rgan

izat

ions

are

sha

ring

an S

MTP

addr

ess

spac

e5

. Tr

ack

mes

sage

s6

. En

able

dia

gnos

tic lo

ggin

g on

tra

nspo

rt

No,

bei

ng r

ecei

ved

from

the

Inte

rnet

Yes

Yes

No

No

Yes

Yes

One

Mul

tiple

No,

bet

wee

n th

eEx

chan

ge o

rgan

izat

ions


Trou

bles

hoot

ing

the

Mig

ratio

n to

Exc

hang

e 2

00

3

A B

Can

the

use

r ac

cess

the

ir m

ailb

ox?

Sta

rt

How

man

y us

ers

are

expe

rienc

ing

mes

sage

del

iver

y er

rors

?

1.

Verif

y se

rver

is o

nlin

e2

. C

heck

clie

nt c

onfig

urat

ion

and

SID

3.

Che

ck m

ailb

ox p

erm

issi

ons

4.

Che

ck d

omai

n tr

usts

1.

Che

ck r

ecip

ient

add

ress

2.

Che

ck c

lient

con

figur

atio

n an

d S

ID3

. C

heck

clie

nt a

ddre

ss b

ook

co

nfig

urat

ion

for

addr

essi

ng e

rror

s4

. C

heck

mai

lbox

per

mis

sion

s

Did

you

m

odify

Exc

hang

e 5

.5

mai

lbox

con

figur

atio

n or

per

mis

sion

s?

End

Res

tart

Exc

hang

e 5

.5

dire

ctor

y se

rvic

e

Yes

Yes

No

No

One

Mul

tiple


Trou

bles

hoot

ing

the

Mig

ratio

n to

Exc

hang

e 2

00

3

C

E

D

Is m

essa

ge

deliv

ery

faili

ng f

or

Inte

rnet

e-m

ail?

Is t

he m

essa

ge

bein

g se

nt t

o th

e In

tern

et?

1.

Verif

y se

rver

is o

nlin

e2

. C

heck

mes

sage

rou

ting

conf

igur

atio

n

to t

he In

tern

et3

. C

heck

SM

TP c

onne

ctor

con

figur

atio

n4

. Tr

ack

mes

sage

s5

. En

able

dia

gnos

tic lo

ggin

g on

tra

nspo

rt

1.

Verif

y se

rver

is o

nlin

e2

. C

heck

add

ress

ing

conf

igur

atio

n in

bot

h

orga

niza

tions

3.

Che

ck if

org

aniz

atio

ns a

re s

harin

g an

SM

TP

ad

dres

s sp

ace

4.

Che

ck m

essa

ge r

outin

g co

nfig

urat

ion

betw

een

th

e or

gani

zatio

ns5

. Tr

ack

mes

sage

s6

. En

able

dia

gnos

tic lo

ggin

g on

tra

nspo

rt

1.

Verif

y se

rver

is o

nlin

e2

. C

heck

mes

sage

rou

ting

conf

igur

atio

n fr

om t

he

In

tern

et3

. C

heck

DN

S M

X re

cord

con

figur

atio

n4

. C

heck

if o

rgan

izat

ions

are

sha

ring

an S

MTP

addr

ess

spac

e5

. Tr

ack

mes

sage

s6

. En

able

dia

gnos

tic lo

ggin

g on

tra

nspo

rt

No,

bei

ng r

ecei

ved

from

the

Inte

rnet

Yes

Yes

Mul

tiple

No,

bet

wee

n th

eEx

chan

ge o

rgan

izat

ions


Exercise 1 Troubleshooting Solutions When Users Cannot Access Their Mailboxes

In this exercise, you will use the flowchart and the Lab Toolkit resources identified at the beginning of this lab to identify and resolve the problem in the scenario.

Salman Mughal has entered a service request. The service request states that Salman is unable to access his mailbox. When he tries to open his mailbox, he gets an error message saying that he does not have permission to log on.

Note Although Salman Mughal�s user account has been migrated to Nwtraders, his computer account is still located in the Contoso domain. To simulate this, log on to Vancouver as nwtraders\salmanmugha and then use Outlook 2000 on Vancouver to access Salman�s mailbox.

�Talked to Salman, when he opens Outlook on his computer he gets an error message saying that he does not have permission to log on to the Exchange server.

�Checked with the migration project. Salman�s user account was migrated on the weekend to the Nwtraders domain, and his mailbox is still on the Vancouver Exchange 5.5 server. Salman must log into the Nwtraders domain and access his mailbox on the Vancouver server.

�His e-mail was working fine on Friday before they migrated his account.�

You must resolve the problems so that Salman Mughal can access his mailbox on the Exchange servers.


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

Scenario



Exercise 2 Troubleshooting Solutions When Users Cannot Receive Internet E-Mail


This scenario requires that you send Internet e-mail to the London server to test whether you can send e-mail to all Northwind Traders and Contoso servers from the Internet as indicated in the diagram at the beginning of this lab. In earlier labs, you used the Vancouver to simulate the Internet e-mail server. This lab however, simulates a migration scenario where the Exchange 5.5 organization is being migrated to the Exchange Server 2003 organization. To simulate the Internet connection to London in this lab, use the following procedure:

1. From Vancouver, open a command prompt and type Telnet london 25. 2. Type ehlo. The server will respond with a listing of the functionality

supported by the server. 3. Type mail from: [email protected] 4. Type rcpt to: recipientname where recipientname is the full SMTP address

for the recipient to whom you are sending e-mail. 5. If the Exchange server returns an error message indicating that relaying is

not allowed for that domain, then you cannot send e-mail to the recipient. If the Exchange server returns a message such as 250 2.1.5 recipientname then the server will accept the message.

6. Type data 7. Type a short message and press ENTER. Type . (a period) and press Enter

again. 8. Type quit to exit the telnet session.

This procedure tests whether you can send an e-mail message from a recipient that is outside either Exchange organization to a user in the Exchange organization.

Important When typing these commands in telnet, you must type each line without an error. If you make an error, press Enter and retype the line. You may wish to turn on echo to better identify typing errors in the Telnet window.

Tawana Nusbaum has entered a service request. Tawana is the purchasing manager and her service ticket says that she is not receiving e-mail from Internet users. The Internet users are sending e-mail to Tawana�s [email protected] address and the e-mail is not being delivered to her mailbox on the London Exchange server. Other members of her team, whose mailboxes are still on the Vancouver Exchange 5.5 server, are also not receiving Internet e-mail.

Lab note:

Scenario


�Talked to Tawana. She is not receiving any e-mails from her suppliers on the Internet. She talked to other members of her team, and they are experiencing the same problem.

�I checked with the migration team, Tawana�s mailbox just got migrated to the server running Exchange Server 2003 over the weekend. Some members of her team also had their mailboxes migrated.

�I checked with Rebecca Laszlo, who is a member of Tawana�s team and whose mailbox is on the Exchange 5.5 server. Rebecca is also not receiving the e-mail messages from the Internet.

�The suppliers on the Internet are using the address [email protected] to send e-mail to Tawana and [email protected] to send e-mail to Rebecca.

�Tawana is really irritated by this, she says that she and all her team members rely a great deal on e-mail, and they have to be able to send e-mail to each other and to and from Internet clients.�

You must resolve the problem so that Tawana Nusbaum and Rebecca Laszlo can send and receive e-mail from both Exchange organizations as well as Internet users.


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________


_______________________________________________________________

_______________________________________________________________

_______________________________________________________________

_______________________________________________________________



Exercise 3 Troubleshooting Solutions When Users Cannot Send E-Mail to Some Recipients


For this lab, you are resolving a problem for a user with a mailbox on the Vancouver Exchange 5.5 server. To troubleshoot the problem, log on to Vancouver using Nwtraders\RichardCarey and use Outlook 2000 to troubleshoot the e-mail delivery.

�Richard Carey has entered a service request. His service request states that he is unable to send e-mail to Jim Kim at [email protected]. He can receive e-mail from everyone and can send e-mail to some people, like his coworker, Lynn Tsoflias at [email protected], but not to another coworker, Jim Kim.

�I spoke to Richard. Most of the time when he sends e-mail to other users, the e-mail goes through. However, once in a while he can�t send e-mail.

�He says the delivery problems always seem to happen when he tries to send e-mail to the same people. He said that he can�t send e-mail to Jim Kim, his assistant. He said that he tried to reply to a message he received from Jim Kim, and he tried to send a message to Jim by typing Jim�s name in the To: box. In both cases, the messages are not being delivered.

�I checked with the migration team. Richard�s user account has been migrated to the Nwtraders domain. Richard�s mailbox is still on the Exchange 5.5 server. Jim Kim�s mailbox has been migrated to the Exchange Server 2003 server.

�I confirmed that Richard can send to some other user accounts, like Lynn Tsoflias, that have been moved to the new server.�

You must resolve the problem so that Richard can send e-mail to Jim Kim.


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________


________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

Scenario



For this lab, you used the Vancouver and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image.




2. On London, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and thne click OK.

Lab Virtual PC Cleanup


Lab Discussion




How will you approach these types of troubleshooting issues in your work environment?

! What is different in your work environment than the test environment? ! How would your work environment change the troubleshooting process? ! What steps would you take in the future when troubleshooting similar

problems?


Contents

Overview 1

Approach to Exchange Server 2003 Troubleshooting 2

Challenge Information � Company Background 5

Challenge Information � Service Request Log 6

Challenge Information � Change Management Log 9

Challenge 11

Workshop Evaluation 13

Unit 10: Troubleshooting an Exchange Server 2003 Organization


Unit 10: Troubleshooting an Exchange Server 2003 Organization 1

Overview


In the previous units of this course, you have had the opportunity to learn a great deal about troubleshooting a Microsoft® Exchange Server 2003 environment and about specific tools and processes for troubleshooting.

In this unit, you will learn about using organizational procedures to assist with troubleshooting. You will also have the opportunity to test your skills with a Challenge Lab.


! Identify multiple issues affecting the messaging functionality within an organization.

! Troubleshoot the following:

• Network connectivity

• Public folders and mailboxes

• Microsoft Outlook® Web Access (OWA) and Outlook Mobile Access (OMA)

• Client connectivity

• Server connectivity

• Server performance

• Security issues

• Migration from Exchange 5.5 to Exchange 2003

Objectives

2 Unit 10: Troubleshooting an Exchange Server 2003 Organization

Approach to Exchange Server 2003 Troubleshooting


The troubleshooting process requires an organized approach. If you do not use some type of organized approach, you may find yourself moving from one component or configuration setting to another, searching for the problem.

In many cases, the approach you take to troubleshoot a problem with the Exchange Server 2003 environment will be based on several questions that you ask yourself. These questions include:

Questions What you can learn What changes have been made recently, according to the configuration management log?

Review the configuration management log, which all companies maintain manually, on a system-by-system basis, or electronically. The log should track all changes that have been made to the environment.

For example: You receive a service request stating that the user is unable to access e-mail using Internet Message Access Protocol version 4rev1 (IMAP4) through Microsoft Outlook Express. You review the configuration management log and see an entry from earlier that day stating that the IMAP4 virtual server was secured using a new certificate and is now able to support Secure Sockets Layer (SSL) connections. Based on these two circumstances, you might begin troubleshooting by checking the user�s Outlook Express configuration and helping him or her change it to support IMAP4 with SSL.

Keeping the log updated will have significant value in your approach to troubleshooting.

Sample troubleshooting questions


(continued) Questions What you can learn Is the problem predictable or random?

If the problem is predictable, there are tools to monitor computers running Exchange Server 2003in your environment and other tools to monitor the services required by Exchange.

For example, if you know that there are performance problems, and that they usually happen at 7:00 A.M. each day, use your troubleshooting tools to identify the component or components that are causing the poor performance.

Intermittent, or random, performance problems are much more difficult to identify because you will have to log all of these processes continuously while waiting for the problem to resurface and expose itself.

Intermittent problems are often related to defective hardware. For example, the hardware may run properly until it overheats or until a drive hits a certain spot on the disk. Sometimes you can force these problems to surface by using programs that stress your server components.

On what day and at which time did the problem occur?

It is very important to note the day and the time at which problems occur. If you are monitoring your servers, you should be able to review the entries in the logs (including the event logs) around those times to see if anything unusual is reported.

If you know the business that you support, you may be able to do some detective work to figure out the problem. For example, if you know that Accounting has weekly closings every Wednesday at about 6:00 P.M., this will help you identify that the work they are performing might be the cause for the performance lapses at that time on the network.

Could the problem be related to Microsoft Active Directory®?

Since Exchange Server 2003 is closely tied to Active Directory, it is important to consider if the problem might be related to Active Directory issues.

For example, are users complaining that e-mail address lookups took too long during the two hours that you had taken down one of the global catalog servers to repair a hard drive?

It is important to note that Active Directory will have capacity issues that can be mitigated by adding new servers to balance the load. Also, there may be other applications that use Active Directory information that are causing performance problems in your Exchange Server 2003 environment.


(continued) Questions What you can learn What should be the priority of pending service requests?

Many administrators believe that first in first out (FIFO) is the proper way to address all service requests. However, this might not be reasonable if one problem is impacting a large number of people. It might make sense to escalate that problem and complete it first so that more people can be productive quicker. For example, fixing a problem with an external DNS Mail Exchanger (MX) record and restoring incoming Internet traffic for the entire company might be placed higher on the priority list of logged support calls than an individual user�s connectivity issue.


Challenge Information � Company Background


Contoso, Ltd., is an international organization of approximately 20,000 users. All users and all computers are members of the same domain: contoso.com. The data for the company is shown below:

City

Number of users

Exchange mailbox servers

Exchange public folder servers

Number of Active Directory domain controllers

Denver 5,000 4 1 5 (3 Global Catalog Servers)

Vancouver 8,000 6 2 7 (3 Global Catalog Servers)

Miami 3,000 4 1 4 (2 Global Catalog Servers)

London 3,800 3 1 4 (3 Global Catalog Servers)

Paris 200 1 1 2 (1 Global Catalog Server)

The Exchange Server 2003 environment has been running without any major problems for the last two months.

Contoso�s business requirements are dependent on its network and its messaging environment. The company network design reflects this business need by:

! Connecting all offices to each other using leased T-3 lines. ! Connecting each office to two other offices so that all offices are connected

redundantly. ! Connecting each physical location using routing group connectors. ! Providing each office with a T-1 connection to the Internet. ! Configuring each office to send outbound Internet e-mail. ! Receiving inbound Internet e-mail in Vancouver and then routing it to the

proper Exchange.

Company background

Network configuration


Challenge Information � Service Request Log


Contoso, Ltd. uses three levels of technical support. When a call is made to the Support Center, all information gathered from the user is entered into the Service Request Log, as well as all progress and changes to the environment. As each service request is completed, it is logged and maintained. In the event that a similar problem presents itself in the future, first-level technical support personnel can read the log entries and try to fix the problem using the documented process. The service requests for the last week are listed below:

User

Location

Problem description

Notes and solution with support personnel initials

Ann Beebe London Unable to connect to

mailbox using Outlook Express

ST � Ann is able to connect to Web sites from home, including the company Web server in Vancouver. Ann is not able to ping any Web sites on the Internet. We tried several that I know will respond to ping commands.

BD � Talked to Exchange team; there are no problems with London. They have verified that its Exchange servers are all working correctly. Ann appears to have full Internet connectivity but she can�t connect to our Exchange server.

SR � Ann states that when she tries to ping any Internet address, it does not even resolve the IP address. This sounds like a DNS issue. Helped Ann create a host file to resolve the front-end server for IMAP connections and now she can connect. It appears that Anne has a proxy server configured for her Web browsing through her ISP; that is why she can get to Web sites but is not able to ping.

Service Request Log


(continued) User

Location

Problem description


Bryan Baker

London Unable to receive Internet e-mail

BK � Checked to make sure that Bryan�s mailbox is not full. He has been able to receive Internet e-mail in the past. Checked the Change Configuration log; there have not been any changes in the last two days that would impact Internet e-mail. Escalating to the network support group.

JJ � The router for the T-1 and T-3 lines was down. The power circuit overloaded. It should now be fixed. Returning to Help Desk.

BK � Checked with Bryan�all is OK. Closing request.

Michael Allen

Miami Unable to connect to Exchange from home office

RF � Checked the Outlook Express configuration; everything seems to be configured correctly. Michael is able to ping the firewall and the Exchange server by name and IP.

SR � Walked Michael through using Telnet on port 143 to test IMAP4 connectivity. Michael is unable to connect to port 143. Escalating to the network support group.

JJ � After talking to Michael, found that he has a personal firewall that was configured to block 143. Problem is resolved. Closing request.

Mike Tiano Miami Unable to connect internally using Outlook Web Access (OWA)

RF � Mike was using the wrong OWA address for internal use. Gave him the correct URL and he is able to connect and run OWA. Request closed.

Guy Gilbert Denver Reports poor performance with Outlook while in Paris office

KR � Verified that the Exchange server in Denver is up and running. Guy is able to connect to it, but it is slow when he tries to open e-mail, especially attachments. Referring to the network support group.

JJ � The network is not a factor in this issue. None of the links between Denver and Paris are saturated; all have plenty of bandwidth available.

KR � Tried to open Guy�s mailbox from here in Paris; can see that the performance is poor. It does not appear to be his computer. Forwarding to Exchange team.

SR � Ran system monitor on the Denver server; its hard drives are running almost constantly. Checked with Denver operations. They know it is slow; it is currently running its backup. This is an off-peak time in Denver, even though it is early morning in Paris. Referred back to Help Desk to contact Guy.

KR � Explained issue to Guy. He is not happy as he will be in Paris for next three to four months working on a project. He has asked that this be escalated to IT management for resolution since his work is severely slowed. Called SR in Exchange team and explained that Guy needs some resolution to the problem, as he will be in Paris for a long-term project. SR will move his mailbox to Paris.


(continued) User

Location

Problem description


Mike Tiano Miami Unable to connect

externally using OWA

RF � Again, Mike was using the wrong OWA address. He bookmarked the address for internal use and tried to use it for external use. Helped him configure a new shortcut for external use and he is able to connect now. Request closed.

Frank Lee Vancouver Unable to open mailbox using Outlook 2003

FP � The Exchange server is up. Frank is able to ping his Exchange server. Checked Frank�s Outlook configuration and it is correct. Escalating to the network support group.

JJ � There are no problems with the network connection between Frank and his Exchange server. Referring to Exchange team.

SR � Frank�s storage group was offline for some unknown reason. Brought his storage group back online. Called Frank and made sure he was able to access his mailbox. He is up and running again. Closing service request.


Challenge Information � Change Management Log


As each Exchange administrator makes changes to the environment, the information is logged in a local Change Management Log. All of the Contoso, Ltd., Exchange administrators work in Vancouver. In the event of a messaging problem, the Exchange team consults the log and verifies that the changes made are not the cause of the current problem. Only second-level support and third-level support members on the Exchange team are authorized to make changes to the Exchange Server 2003 environment. The change management log for last week is listed below:

Date Administrator Change(s) made Last week SR Changed the global settings to enable Outlook

Mobile Access on ExchParis1, ExchDenver1, ExchLondon1, ExchVancouver1, and ExchMiami1. Enabled all check boxes for Exchange ActiveSync®.

Last week SR Updated the DNS settings on Miami Exchange servers to use the same DNS server, DC2, for their DNS.

Last week SR Shut down and removed ExchParis3. Redeployed the server for Remote Installation Services (RIS) for the Paris location; new name is RISParis1.

Two days ago

SV Finished moving the mailboxes on the old Exch55Denver Exchange 5.5 server to their new locations on the other Exchange servers in the environment. Removed the Active Directory Connector (ADC) and removed all Site Replication Service (SRS) instances.

Two days ago

SV Renewed the certificate used for OWA access in London.

Change Management Log


(continued) Date Administrator Change(s) made Yesterday SR Added another storage group to ExchLondon3 for

VIPs. Configured the backup software to do brick-level backups of the new storage group mailbox stores.

Today SR Moved mailboxes from ExchLondon3 to ExchLondon1 and ExchLondon2. ExchLondon3 appears to have a corrupt mailbox store. Once all mailboxes were moved, deleted the store and created a new mailbox store. Have not moved mailboxes back yet; will wait a week to make sure that ExchLondon3 is stable.

Today SV Upgraded the antivirus software on all Denver Exchange servers. It is now currently running and appears to be working.


Challenge


Review the information included in the above Challenge Information pages to become familiar with the company and its current history associated with the Exchange Server 2003 environment. As a class, prepare any questions that you may have for your instructor. Be prepared to ask your instructor about any particular settings and what they would look like, and also be prepared to explain what you hope to find and how you think it will help your class troubleshoot the scenario. Your instructor will be able to tell you the results of your query or test if you can properly explain how you would search for the setting and how you would test functionality of a service or process.


Your job is to resolve the problems presented in the following scenarios.

After completing this challenge, you will be able to identify multiple issues affecting the messaging functionality within an organization.

Estimated time to complete this challenge: 60 minutes

David Campbell has placed a service request. He states that he is unable to access his e-mail. The Help Desk documentation states that David is based in Denver and has just received a new laptop. He logged into the laptop and tried to start Outlook 2003. During the setup wizard, he entered ExchDenver1 for his Exchange server and DCampbell for his user name. It resolved properly for him. However, when he tried to take the next step by clicking Next, Outlook 2003 froze for several minutes. David was then able to click Finish and complete his Outlook profile. His computer again froze for several minutes.

Overview

Scenario 1


Ben Smith has called in a service request. Ben states that he is unable to access his Exchange mailbox this morning. He states that he has never had any problems before; however, when he brought in his laptop this morning and plugged it in, he was unable to open his e-mail. Ben is a vice president, so this has been escalated directly to the Exchange team.

Janet Sheperdigian has called in a service request. She just had a security team member audit her work environment at home and he said that he was able to capture all her e-mail to and from members in the company as well as all her e-mail to and from the Internet. Janet is based in Vancouver and company policy says that all international offices must have remote e-mail secured so that all messaging traffic between remote e-mail users and the company network is encrypted. Because this is such a high-level security issue, it has been escalated directly to the Exchange team.

H. Brian Valentine has called in a service request. He states that he is unable to access his e-mail using OWA. He is based in London. He says that he was able to access OWA last week, but today he is no longer able to access it.

Jeff Hay has called in a service request. He states that he is unable to send encrypted e-mail to one of the company business partners, Tai Yee. He says that when he tries to send encrypted e-mail, his Outlook 2003 client indicates that Outlook has problems encrypting the message because of missing or invalid certificates. Jeff states that he has a valid certificate and uses it all the time.

Scott Bishop has entered a service request. He states that his Outlook 2003 client is extremely slow. Every time he clicks on a message, it takes about 15�20 seconds before it will open up. Scott is based in London.

Scenario 2

Scenario 3

Scenario 4

Scenario 5

Scenario 6


Workshop Evaluation


Your evaluation of this workshop will help Microsoft understand the quality of your learning experience.

To complete a workshop evaluation, go to http://www.CourseSurvey.com.

Microsoft will keep your evaluation strictly confidential and will use your responses to improve your future learning experience.


Contents











Appendix A: Lab Guidance


Appendix A: Lab Guidance 1

Introduction This document is intended to assist you with the troubleshooting labs in Workshop 2011A, Troubleshooting Microsoft® Exchange Server 2003. You should use this document to obtain additional guidance and direction during the troubleshooting process. Although there are potentially several approaches to the resolution of the problems presented in the labs, this document describes only one possible method to identify and resolve each problem. This method is provided in the section corresponding to each workshop unit and lesson.

Unit 1: Introduction to Troubleshooting Exchange Server 2003

Lab: Exploring the Troubleshooting Environment There are five goals in this exercise:

1. Become familiar with the purpose of flow charts in this workshop. 2. Prepare yourself mentally for troubleshooting in general. 3. Resolve the problem identified in the scenario by using the flow chart. 4. Become comfortable documenting problems and solutions. 5. Become comfortable with post-lab discussions.

The problem that you are troubleshooting in this lab is intentionally simple in order to help you learn how to use the flow chart, and was chosen because most Microsoft Windows® administrators have a great deal of experience with mapping network drives and troubleshooting problems with mapped network drives. You should follow the steps in the flow chart in order to identify the problem described in the scenario. It is important that you become comfortable using the flow chart in this exercise, because all subsequent exercises in this workshop will incorporate flow charts.

Once you identify the problem, you must document your solution. At the end of each lab in this workshop, you will discuss with the class your approach to troubleshooting the problem and your findings during troubleshooting.

To resolve the problem in this scenario:

1. Log on to the London Virtual PC and restart the server service on London. Restart all other failed services that are dependent on the server service.

2. Share the kdrive folder on London. 3. Log on to the Acapulco Virtual PC and map the K drive to \\london\kdrive. 4. Test the connection by opening the test files.

In this exercise, you will walk through the process of configuring both logging and monitoring of the various Exchange Server 2003 components. There is no goal for this exercise other than to explore these settings. The settings configured in this exercise will be saved for your future use throughout this workshop.

Exercise 1: Troubleshooting a Mapped Network Drive

Exercise 2: Configuring Common Troubleshooting Components

2 Appendix A: Lab Guidance

Unit 2: Troubleshooting Network Connectivity Lab: Troubleshooting Connectivity Problems In this exercise, Jeff Pike cannot send e-mail to Mindy Martin. Mindy is located on the Miami Virtual PC and Jeff is located on London.


1. Configure Microsoft Outlook® 2003 on Acapulco for Jeff Pike and try sending e-mail to users with mailboxes on London. Jeff can send and receive e-mail to and from others on London.

2. Try sending e-mail to Mindy Martin (mindymarti). Mindy has a mailbox on Miami (as does every user whose name begins with �Mi�). Jeff is unable to successfully send e-mail to any users on Miami. This can be tested by accessing Mindy�s mailbox using Outlook Web Access (OWA) on Miami.

3. Check DNS and network routes and the problem should be discovered. Miami has an incorrect DNS address registered on London�s DNS server.

4. Correct Miami�s DNS A record on London; London users should now be able to send e-mail to and receive e-mail from Miami users. Miami�s IP address is 192.168.1.2. You may need to flush the DNS cache on London in order to force London to recognize the updated IP address in DNS. To flush the DNS cache, open a command prompt on London and type ipconfig /flushdns

In this exercise, Brian Clark is unable to access his e-mail from home using Outlook Express.


1. Configure an Internet Message Access Protocol version 4rev1 (IMAP4) mail account in Outlook Express on Acapulco. When prompted to download folders, you should receive an error that the connection to the server has failed.

2. Configure Outlook Express or use OWA on Acapulco for another messaging user on London and try sending e-mail to Brian Clark. Brian�s mailbox information in Exchange System Manager should increment, but Brian cannot connect to the server to access the message.

3. Since Brian is using Outlook Express, the next step in the flow chart includes testing the protocol virtual servers. At this point it should be discovered that IMAP4 is not running.

4. Start the IMAP4 service and protocol virtual server on London and test e-mail to and from Brian and another user on London. Brian should now be able to connect to the server using IMAP4 and send and receive e-mail.

Exercise 1: Troubleshooting Internal User E-Mail Failure

Exercise 2: Troubleshooting when a Remote User Is Unable to Receive E-Mail


In this exercise, Brenda Diaz cannot receive or send Internet e-mail. You must configure a messaging client on the Vancouver Virtual PC to send and receive e-mail from London. Because Vancouver is in Contoso.msft and London is in NWTraders.msft, you can use Vancouver to simulate an Internet host.


1. Configure Outlook 2003 on Acapulco for Brenda Diaz and try sending e-mail to users with mailboxes on London. This should be successful.

2. Use Outlook 2003 on Acapulco and try sending e-mail to users with mailboxes on Vancouver using their @contoso.msft addresses. The e-mail should not be delivered.

3. Use Outlook 2000 on Vancouver and try sending e-mail to users with mailboxes on London using their @nwtraders.msft e-mail addresses. The e-mail should not be delivered.

4. Testing for Simple Mail Transfer Protocol (SMTP) Deny should not uncover a problem.

5. Testing for mail exchanger (MX) records should reveal that there are no MX records for the nwtraders.msft domain or the contoso.msft domain.

6. Edit the existing (same as parent folder) A record for NWTraders.msft to 192.168.1.1. If there is no �same as parent folder� entry, create one using 192.168.1.1. Add an MX record for NWTraders pointing to london.nwtraders.msft. E-mail should now send properly from Contoso to NWTraders (Contoso uses London for DNS).

7. Add an A record for Contoso.msft for 192.168.1.3. and then add an MX record for Vancouver.contoso.msft. E-mail should now send properly from NWTraders to Contoso. It may take a few minutes for messages to flow correctly in both directions after DNS is repaired.

Exercise 3: Troubleshooting when a Company is Not Receiving Internet E-Mail


Unit 3: Troubleshooting Public Folders and Mailboxes Lab: Troubleshooting Public Folder and Mailbox Problems In this exercise, Bryan Walton cannot send or receive any e-mail to or from internal or external users.


1. Attempt to open the mailbox by using OWA from London. You should receive �The page cannot be found� error message.

2. In Exchange System Manager, verify that Bryan Walton is in the global address list (GAL). He is in the GAL.

3. Check Bryan�s e-mail addresses on his Microsoft Active Directory® object. His e-mail addresses are missing and the Recipient Update Service update box is unchecked. Check the box.

4. Browse to the Default Recipient Policy in Exchange System Manager and apply the policy.

5. Force an immediate update of the Recipient Update Service. 6. In Active Directory Users and Computers, verify that the correct e-mail

addresses are now listed. 7. To verify that the problem is solved, open Bryan�s mailbox using OWA and

verify that he can send and receive e-mail to and from nwtraders\administrator and contoso\administrator.

In this exercise, Andy Teal cannot receive e-mail from the Internet. You must use Vancouver to simulate an Internet host.


1. From Vancouver, open the Administrator mailbox using Outlook and send an e-mail to [email protected]. You should receive a non-delivery report (NDR).

2. On London, look at Andy Teal�s properties in Active Directory Users and Computers. He has a false e-mail address.

3. Change Andy�s SMTP e-mail address in Active Directory Users and Computers to [email protected] and then check the Policy Update box.

4. Open the Exchange System Manager on London, browse to the Default Recipient Policy, and apply the policy.

5. Force an immediate update of the Recipient Update Service. 6. Send another e-mail to [email protected] from Contoso\Admin. It

should be delivered correctly.

Exercise 1: Troubleshooting Solutions When a User Cannot Send Internal E-Mail

Exercise 2: Troubleshooting Solutions When a User Cannot Receive Internet E-Mail


In this exercise, Ben Smith cannot post to a public folder.


1. Open Ben Smith�s mailbox using OWA. 2. Open Public Folders and open SalesReports. Ben is able to open the folder

but receives an error when attempting to post. 3. Check permissions on SalesReports. Only the SalesGroup and London

Admin have permissions. 4. In Active Directory Users and Computers, check membership of

SalesGroup. Notice that Ben is not a member of the group. 5. Add Ben to the membership of SalesGroup and attempt to post to

SalesReports from Ben�s account by using OWA. Ben should be able to post to the public folder. (You may need to close OWA and log on again as Ben. If you add Ben Smith to the SalesGroup, you still may not be able to post to the public folder because the Exchange server has cached the directory service lookup. If you restart the Exchange System Attendant, the server cache will clear and you will be able to post to the folder using Ben�s account.)

Exercise 3: Troubleshooting Solutions When a User Cannot Post to a Public Folder


Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems In this exercise, Amy Rusko is unable to access her mailbox by using Outlook Web Access.


1. Log on to OWA as Amy Rusko from Miami or from your host computer. You should get an error.

2. Try to connect using https://miami/exchange. You should get a �Page cannot be displayed� error.

3. Try to connect to the back-end server (http://london/exchange). You should get an error indicating that you need to use https://.

4. If you try to connect to https://london/exchange, you will be able to connect as Amy. This means that the virtual server on London is configured to require Secure Sockets Layer (SSL).

5. On London, open Internet Information Services (IIS) Manager, browse to the Exchange virtual directory, and access the properties.

6. On the Directory Security tab, under Secure Communications, click Edit and clear the check box to require SSL.

7. Attempt to connect to Amy�s mailbox by using OWA against the Miami front-end server. You should be successful.

In this exercise, Raman Iyer (nwtraders\ramaniyer) cannot access his mailbox using Outlook Mobile Access (OMA).


1. Try to connect to Raman Iyer�s OMA mailbox using http://miami/oma. You should receive an HTTP 404 error.

2. Attempt to ping Miami by IP address and host name. Both should work. 3. Try connecting to OMA on the back-end server, London. OMA should not

work on the back-end server. You should receive an error that your user account has not been enabled for wireless access.

4. In Exchange System Manager, select Mobile Services global settings and then enable OMA and unsupported devices.

5. On Miami, try connecting to OMA on the back-end server, London, by using the URL http://london/oma and Raman�s credentials. OMA should now work on the back-end server.

6. Try connecting to OMA on Miami, the front-end server, by using the URL http://miami/oma. This still won�t work � you should receive another HTTP 404 error.

7. Check OMA configuration on the front-end server by viewing the Web Service Extensions in IIS Manager. You will notice that Asp.net is prohibited on the front-end server.

Exercise 1: Troubleshooting Solutions When a User Cannot Access Outlook Web Access

Exercise 2: Troubleshooting Solutions When a User Cannot Access Outlook Mobile Access


8. Allow asp.net. 9. Verify that you can now connect to http://miami/oma as

nwtraders\ramaniyer.

In this exercise, Hanying Feng cannot access his mailbox using OWA.


1. On Miami, attempt to connect to Hanying Feng�s mailbox by using OWA against the front-end server (http://miami/exchange). You should get an error.

2. On Miami, attempt to ping London by IP address and host name. Neither works.

3. From Miami, try connecting to OWA on the back-end server, London. In this case, OWA should not work on the back-end server.

4. Check the security configuration � Internet Protocol Security (IPSec) policy is configured on London but not on Miami. To access IPSec policy information on London, open the Default Domain Controller Security Settings console. To access this information on Miami, open the Local Security Policy console.

5. Export the policy configuration on London to a location that you can access from Miami, such as a shared folder on the host computer.

6. On Miami, import the security policy to ensure that Miami has the same settings as the London policy. This policy includes the need to require security for all IP traffic, the need to use a pre-shared key P@ssw0rd, and the need to configure a filter action set to Require Security. Modify the imported Exchange policy to use a destination address of 192.168.1.1 instead of 192.168.1.2. Apply and then assign the policy.

7. Open Microsoft Internet Explorer on Miami and connect to http://miami/exchange. Log on as nwtraders\hanyingfeng. If you cannot log on to OWA on Miami, connect to http://london/exchange and log on as nwtraders\hanyingfeng. This should be successful. Restart Internet Explorer and connect to http://miami/exchange again; this should be successful.

Exercise 3: Troubleshooting Solutions When a User Cannot Log On to Outlook Web Access


Unit 5: Troubleshooting Client Connectivity Lab: Troubleshooting Client Connectivity Problems In Exercise 1: Chris Gray is unable to use Outlook Express to send or receive e-mail from an Internet recipient.


1. Log on to Acapulco as nwtraders\chrisgray and configure Outlook Express for secure SMTP and secure IMAP4. This includes configuring the account to require authentication for the outgoing mail server.

2. On London, verify that SMTP is running. If it is not running, start SMTP service.

3. On London, verify that SMTP virtual server is configured to use SSL. It should not.

4. Create a new IP address for London�s local area network (LAN) connection, and then create another SMTP virtual server for SSL that uses the new IP address. You can create additional IP addresses depending upon the student configuration used; use any 192.169.1.x address not already in use in the class. One SMTP virtual server with SSL is needed for client-to-server communication and another SMTP virtual server (without SSL) is needed for server-to-Internet communication. Install a new certificate on London to be used by the new virtual server for SSL communications. Start the new SMTP virtual server if it does not start automatically.

5. From Acapulco, attempt to ping London to verify DNS resolution and that the route exists between the client and the server. This should be successful.

6. Verify that Chris Gray has the proper protocol permissions for the user account.

7. Verify that the IMAP4 virtual server is running. It should not be running, so start the IMAP4 virtual server.

8. Verify that the IMAP4 virtual server is configured to require SSL. It should not be configured to require SSL. Configure the IMAP4 virtual server to use SSL.

9. Verify that Chris can now send and receive messages to and from Internet recipients by sending e-mail to a mail user on Vancouver using an @contoso.msft e-mail address. The message should be delivered, as should a reply to Chris.

Exercise 1: Outlook Express User Unable to Send E-Mail to the Internet


In this exercise, Alex Hankin is receiving a �The connection to the server has failed� error message.


1. Log on to Acapulco as nwtraders\alexhanki and configure Outlook Express for secure SMTP and secure IMAP4. This includes configuring the account to require authentication for the outgoing mail server.

2. Verify that SMTP is running. 3. Attempt to ping London by using the host name. Note that the address

resolved is incorrect and London should not respond. 4. Using the DNS administrator, correct the IP address of London. London�s

correct IP address is 192.168.1.1. 5. Verify that Alex Hankin has the proper protocol permissions for the user

account. 6. Verify that the IMAP4 virtual server is running. It should not be running.

Start the IMAP4 virtual server. 7. Verify that Alex can access his mailbox by using Outlook Express. Send a

test message to another user and then use OWA or Outlook Express to verify receipt of the e-mail. You may need to use ipconfig/flushdns on Acapulco to flush the previously cached, incorrect London IP address.

In this exercise, Gary Schare is unable to open his mailbox using Outlook 2003.


1. Log on to Acapulco as nwtraders\garyschar and configure Outlook 2003. It can take as long as 20 minutes to log on, and then Outlook 2003 may appear to hang during configuration.

2. Verify that IP configuration on the client is correct. 3. Attempt to ping London by using the host name. Note that the address

resolved is incorrect and London should not respond. 4. Using the DNS administrator, verify that the IP address for London is

correct. The correct address is 192.168.1.1. 5. Attempt to ping London by using the host name. Note that the address

resolved is still incorrect and London should not respond. 6. Check the hosts and lmhosts files located in the

C:\Windows\system32\drivers\etc folder on Acapulco. Note that the hosts file reflects an incorrect address for London. Correct the address in the hosts file. You should either log on to Acapulco as nwtraders\administrator or use London to access the C$ share in order to modify the file.

7. Verify that Gary Schare can now open his Outlook 2003 mailbox and that he can send mail to another user on London. Use OWA or Outlook Express to verify receipt of the e-mail.

Exercise 2: Outlook Express User Unable to Connect to Exchange Server 2003 Server

Exercise 3: New Outlook User Unable to Open His Mailbox


Unit 6: Troubleshooting Server Connectivity Lab: Troubleshooting Server Connectivity Problems Before starting this lab, you must create a new routing group and move Miami into the routing group using the procedure described at the beginning of the lab.

In this exercise, Annette Hill (annettehill) is unable to send messages from her mailbox on London to Michael Allen on the Miami server.


1. From the London server, connect to Annette Hill�s mailbox on London by using OWA.

2. From the Miami server, connect to Michael Allen�s mailbox on Miami by using OWA.

3. Attempt to send a message from Annette to Michael. Verify that no message is received by Michael.

4. Message tracking was enabled in Unit 1. If you have not already enabled message tracking, enable it now and then resend a message from Annette to Michael.

5. In Exchange System Manager, track the message in the Message Tracking Center. Notice that the message is �routed and queued for remote delivery.� The server location should indicate that the message is still on London, which is the bridgehead server.

6. Attempt to Telnet to Miami on port 25. Telnet should be successful. 7. Check the queues on London�one of the SMTP queues should have the

message stuck in it. This means that the queue is backed up. 8. Check routing group connector configuration. Notice that no routing group

connector exists, so you need to create one in each direction. 9. Confirm that you can now send messages from Annette�s account to

Michael.

In this exercise, Gustavo Camargo (gustavocamar) is unable to send messages to an Internet recipient. You must use Vancouver to simulate an Internet host.


1. Connect to Gustavo Camargo�s mailbox on London by using OWA and his nwtraders\gustavocamar Active Directory account.

2. Try sending e-mail from Gustavo to [email protected] Use Outlook 2000 on Vancouver to verify that the message is not delivered.

3. London is both the sender�s mailbox server and the bridgehead server, so you know that messages are being delivered to the bridgehead server.

4. Attempt to Telnet to Vancouver using port 25. Telnet should be successful. 5. Check SMTP virtual server configuration. Notice that in the Advanced

Delivery settings of the Delivery tab an invalid external DNS address is configured for the SMTP virtual server.

6. Delete the invalid DNS address and then restart the SMTP virtual server. 7. Confirm that you can now send messages from Gustavo to the Contoso

Administrator.

Exercise 1: Troubleshooting Solutions When Users Cannot Send Messages between Routing Groups

Exercise 2: Troubleshooting Solutions When Users Cannot Send Messages to the Internet


In this exercise, Angela Barbariol (angelabarba) is unable to receive messages sent from Internet users to the SalesRequests distribution group. You must use Vancouver to simulate an Internet host.


1. Connect to Angela Barbariol�s mailbox on London by using OWA. 2. On Vancouver, open the Administrator�s mailbox by using Outlook 2000

and send a message to the distribution group [email protected]. Notice that the message is not delivered to Angela�s mailbox; you should receive an NDR in the Administrator�s mailbox.

3. View SalesRequests� Active Directory properties and confirm the e-mail addresses and group membership. The e-mail addresses and membership should look correct.

4. From Vancouver, attempt to ping London�s IP address and host name. London should respond to ping.

5. From Vancouver, verify that nslookup indicates an MX record for London when querying for nwtraders.msft. The MX record should appear to be configured correctly.

6. From Vancouver, attempt to open a Telnet session to London on port 25. Telnet should be successful.

7. From London, check the SMTP virtual server properties and the SMTP Connector properties. The properties should appear to be configured correctly.

8. On London, check Global Settings. Note that the Recipient filtering tab in the Message Delivery properties indicates that [email protected] is a blocked recipient.

9. Remove the distribution group from the recipient list and then restart the SMTP virtual server on London.

10. Confirm that you can send e-mail to [email protected] from Vancouver and that Angela receives the message.

Exercise 3: Troubleshooting Solutions When Users Cannot Receive Messages from the Internet


Unit 7: Troubleshooting Server Performance Lab: Troubleshooting Server Performance In this exercise, Paul West reports that address resolution and address lookups are very slow using Outlook 2003.


1. Configure the Performance console to monitor London using counters described in this unit�s text for the processor, memory, physical disk, and network interface. Start the monitor. Notice the high CPU utilization. London should be consistently 100% utilized.

2. Check for scheduled applications or services running at inappropriate times. The strCPU service is running, but it is not set to automatic. You should note that strCPU is not a service used by the operating system or Exchange.

3. Check the Task Manager. The executable manythreads.exe is consuming most of the CPU resources. You should note that manythreads.exe is not part of the operating system or used by Exchange.

4. Stop the strcCPU service or end the manythreads.exe process. 5. Verify that London has returned to normal performance levels by the

Performance console.

In this exercise, Pete Male is complaining that Outlook is very slow when he tries to send messages.


1. Configure the Performance console to monitor London using counters described in this unit�s text for the processor, memory, physical disk, and network interface. Start the monitor. Notice the high RAM utilization.

2. Check for scheduled applications or services running at inappropriate times. The strRAM service is running, but it is not set to automatic. You should note that strRAM is not a service used by the operating system or Exchange.

3. Stop the strRAM service. 4. Verify that London has returned to normal performance levels by using the

Performance console.

Exercise 1: Address Resolution and Address Lookups Are Very Slow

Exercise 2: Outlook Is Very Slow When Retrieving a Message from Exchange


In this exercise, several users, including Max Benson, are experiencing delays when trying to open their mailboxes and also when trying to send messages to others on the network.

It is very important that you do not stop the script for this exercise. The command prompt window will remain open, and it may be 10 minutes or longer before the script completes. You can minimize the window so that it will not be in your way while you troubleshoot.


1. Configure the Performance console to monitor London using counters described in this unit�s text for the processor, memory, physical disk, and network interface. Start the monitor. Notice the high disk utilization.

2. Check for scheduled applications or services running at inappropriate times. There are none.

3. Check for available disk space. The server is running out of disk space. 4. Stop the script. Note that if the script is allowed to run continuously,

London will run out of disk space, causing Exchange services to fail.

Exercise 3: Multiple Users are Unable to Open Their Mailboxes Using Outlook


Unit 8: Troubleshooting Security Issues Lab: Troubleshooting Exchange Security When using OWA on London to test messaging functionality, you may occasionally get a 503 error. In most cases, just refreshing the screen will load OWA. If this doesn�t work, log on to OWA as Administrator and then log on as the user.

In this exercise, Eric Parkinson (ericparki) and Fernando Caro (fernandocaro) are unable to send and receive encrypted e-mail.


1. On Acapulco, log on as Eric Parkinson and create an Outlook profile for Eric. Start Outlook.

2. On London, start Outlook Express and create an IMAP4 account for Fernando Caro.

3. Send an unsecured message from Fernando to Eric and vice versa. This should work correctly.

4. Attempt to send an encrypted message from Eric to Fernando. You should receive an error stating that you cannot send a secure message because you do not have a certificate.

5. Use the Certificate Authority procedure at the beginning of the lab to request and install a certificate for Eric.

6. Attempt to send a signed message from Eric to Fernando. The message should be delivered correctly. In Outlook Express, add Eric to Fernando�s Contacts list.

7. Attempt to send a signed message from Fernando to Eric. You should receive an error stating that you cannot send a secure message because you do not have a certificate.

8. Use the Certificate Authority procedure at the beginning of the lab to request and install a certificate for Fernando.

9. Attempt to send a signed message from Fernando to Eric. The message should be delivered correctly. In Outlook, add Fernando to Eric�s Contacts list.

10. Verify that Eric and Fernando can now exchange secure e-mail by sending an encrypted and signed message from Eric to Fernando and vice versa. The messages should be delivered.

Exercise 1: Troubleshooting Solutions When Users Cannot Send and Receive Encrypted E-Mail


In this exercise, Judy Lew (judylew) is unable to connect to her Exchange server using RPC over HTTP.


1. On Acapulco, log on as judylew and open Outlook. An Outlook profile for Judy Lew has already been created. Use the Outlook Connection Status feature to see that Outlook is connecting to Exchange using TCP/IP.

2. Close Outlook. 3. Use the Lab Toolkit resources for RPC/HTTP to verify that the server is

configured correctly. The server should be configured correctly. 4. Check Judy�s Outlook profile. Notice that the profile is configured to use

NTLM authentication, and to use HTTPS only on slow networks. Modify the profile to use Basic authentication, and to use HTTPS on fast networks.

5. Open Outlook and use the Outlook Connection Status feature to see that Outlook is connecting to Exchange by using HTTPS, which verifies RPC/HTTP.

In this exercise, Deb Waldal (debwalda) is unable to receive e-mail from the Internet.


1. On Vancouver, open the Administrator�s mailbox by using Outlook. 2. On London, open Deb Waldal�s mailbox by using OWA. 3. Send a message from Deb to [email protected] and vice versa.

The message to [email protected] should be delivered, but the message to Deb should not be delivered.

4. On Vancouver, the Administrator mailbox should receive an NDR that says �Unable to deliver message due to a communications failure.� Notice that in the NDR is an indication that the connection needs Starttls.

5. On London, check the default SMTP virtual server properties. The Access tab�s Communication properties are set to require SSL. Clear the check box so that London no longer requires SSL and then restart the SMTP server.

6. Verify that the problem is solved by attempting to send a message from [email protected] to [email protected]. The messages should be delivered.

Exercise 2: Troubleshooting Solutions When Users Cannot Connect to Exchange Using RPC over HTTP

Exercise 3: Troubleshooting Solutions When Users Cannot Send or Receive Internet E-Mail


Unit 9: Troubleshooting the Migration to Exchange 2003 Lab: Troubleshooting the Migration to Exchange 2003 In this exercise, Salman Mughal (salmanmugha) is unable to access his mailbox.


1. On Vancouver, log on as nwtraders\salmanmugha and create an Outlook profile for Salman Mughal�s mailbox on Vancouver. You should receive an error saying that the user does not have permission to log on. Log off of Vancouver.

2. On Vancouver, log on as Contoso\administrator and confirm that the Exchange services are running.

3. In Exchange Administrator, check the permissions on Salman�s Exchange 5.5 mailbox. The primary Microsoft Windows NT® account is contoso\salmanmugha. If the SIDHistory attribute was migrated during the account migration, Salman should be able to access the mailbox.

4. On London, check Salman�s Active Directory account in NWTraders.msft to see if the SIDHistory attribute is populated. The attribute is not populated.

5. On Vancouver, modify Salman�s mailbox properties to use nwtraders\salmanmugha as the primary NT account. Log off of Vancouver.

6. On Vancouver, log on as nwtraders\salmanmugha and open Outlook. This should confirm that Salman can access his Exchange 5.5 mailbox using his Active Directory account.

Note In some cases, you will not be able to access the mailbox until the Exchange Directory Service updates the permissions on the mailbox. You can force an immediate update by stopping and restarting the Directory Service on Vancouver.

In this exercise, Tawana Nusbaum (tawananusba) and Rebecca Laszlo (rebeccalaszl) are not receiving e-mail from the Internet.


1. Use the Telnet commands listed at the beginning of this exercise to confirm that you cannot send e-mail to [email protected]. Note that because Vancouver is no longer considered external to Northwind Traders, you cannot use Vancouver to verify Internet connectivity.

2. Use the Telnet commands to confirm that you cannot send e-mail to [email protected] through London to her mailbox on Vancouver.

3. Check Tawana Nusba�s e-mail addresses in Active Directory Users and Computers. She should not have a contoso.msft address. Manually add the contoso.msft address.

4. Attempt to send e-mail to [email protected] using Telnet commands. The message should not be delivered.

Exercise 1: Troubleshooting Solutions When Users Cannot Access Their Mailboxes

Exercise 2: Troubleshooting Solutions When Users Cannot Receive Internet E-Mail


5. To fix the problem, you must configure Northwind Traders and Contoso to share the contoso.msft SMTP domain name. These steps are described in the Lab Toolkit resource �Configuring a Shared SMTP Address Space� and include creating a recipient policy and configuring an SMTP connector as described in the following two steps.

6. On London, create a Recipient policy for the contoso.msft domain name. Ensure that the organization is not authoritative for the domain.

7. On London, configure an SMTP connector with an address space of Contoso.msft to route messages between the two organizations. Ensure that the SMTP connector is configured to relay messages for the domain.

8. Attempt to send e-mail to [email protected] using Telnet commands against the London server. The message should be delivered correctly.

9. Attempt to send e-mail to [email protected] using Telnet commands against the London server. The message should be delivered correctly.

10. On London, open Tawana�s mailbox using OWA and confirm that the e-mail was delivered. Try sending a message to [email protected].

11. On Vancouver, log on as nwtraders\rebeccalaszl and then open Outlook. Confirm that Rebecca Laszlo received the e-mail from Tawana and that she can send to Tawana.

In this exercise, Richard Carey is unable to send e-mail to his co-worker Jim Kim. He can send and receive e-mail to and from other co-workers, including his co-worker Lynn Tsoflias.


1. On Vancouver, log on as nwtraders\richardcarey and then open Outlook. 2. Attempt to send e-mail to Lynn Tsoflias. Reply to the e-mail in the Inbox

from Jim Kim. Try to send an e-mail to Jim by typing Jim Kim in the To box.

3. On London, open Lynn�s mailbox using OWA. Verify that the message is delivered.

4. On London, open Jim�s mailbox using OWA. Jim should not have received either message.

5. On Vancouver, log on as contoso\administrator and open Exchange Administrator. Confirm that both Jim and Lynn are custom recipients and that they are configured in the same way. Log off of Vancouver.

6. On Vancouver, log on as nwtraders\richardcarey and open Outlook. Check Richard Carey�s Contacts folder. There should be a contact for Jim that contains an incorrect e-mail address. Delete the contact for Jim, or modify the e-mail address.

7. To reply to the message in the Inbox, click Reply, and then search the GAL for Jim�s account.

8. Attempt to send e-mail to Jim from Richard�s Outlook client. The message should be delivered correctly.

Exercise 3: Troubleshooting Solutions When Users Cannot Send E-Mail to Some Recipients


Unit 10: Troubleshooting an Exchange Server 2003 Organization

There are no hands-on labs for this unit. You will participate as a class in a final challenge consisting of six scenarios. In each scenario, you will troubleshoot the virtual environment by asking the trainer questions and explaining what tasks you would like to perform to try and resolve the scenarios. It is up to you to request more information and up to your trainer to decide what the response should be to each of your questions.

Read through all six scenarios before beginning.

Scenario 1: David Campbell is unable to access his e-mail from his new laptop. The laptop has the lab DNS settings, which have the wrong IP addresses for production servers. If you try to ping any servers, the trainer will respond that you received responses, but the IP addresses do not look correct in the return responses. This happens because the lab has different settings for its environment that do not map to the production environment. Once you identify that the DNS settings for TCP/IP are incorrect, David�s Outlook 2003 should start working, assuming you try it after making the changes.

Scenario 2: Ben Smith is unable to access his mailbox after starting up his laptop. The problem is that Ben�s laptop cable is loose. He should experience intermittent connectivity during ping testing and all other student testing. The trainer should play the part of Ben and often say �No, no response,� and then say, �Hey, it just worked,� and then, �Nope, it isn�t working again.� This will be very confusing and frustrating, and it should encourage you to drop back to the basics and verify that the network cable is plugged in properly. Remember that Ben is a vice president. He probably should have been bumped ahead of David Campbell.

Scenario 3: Janet Sheperdigian�s Outlook Express client is not properly configured to use SSL to protect traffic transmitted between her messaging client and the Exchange server. Janet is unable to connect to Exchange using SSL with SMTP because there is only a single SMTP virtual server on the Exchange server. If you try to reconfigure it, the trainer should respond, �Well, now the Exchange team is getting flooded with calls about people unable to send e-mail to the Internet from the Vancouver office.� You must create a new SMTP virtual server and implement SSL on it. SSL also needs to be implemented on IMAP4 or POP3, depending on whichever you determine Janet is using. If you do not ask about IMAP4 or POP3, the trainer should tell you that the auditor has re-tested and is still able to capture e-mail to Janet.

Scenario 4: H. Brian Valentine is unable to access his e-mail using OWA. Brian�s statement about being able to use it last week is misleading. The problem is that Brian is not entering �https� when trying to connect to the OWA server. If you ask to ping the OWA server, the trainer should respond that the server gave �Request timed out� messages. Pinging by name should resolve to the correct IP address. However, there should be no responses from the server. Pinging by IP should also give a request timed out message. If you ask during the scenario about firewalls or Internet Security and Administration (ISA) servers, the trainer should respond that all OWA servers are protected by ISA servers. By default, ISA does not allow Internet Control Message Protocol (ICMP) from the Internet to internally published sources.


Scenario 5: Jeff Hay is unable to send encrypted e-mail to Tai Yee. Tai is not a member of Jeff�s company; Tai is an employee of another company. The problem is that Tai never sent a digital certificate to Jeff, so Jeff is unable to send an encrypted message to Tai.

Scenario 6: Scott Bishop is experiencing poor performance when using Outlook to connect to his mailbox. The problem is that the Exchange server that holds Scott�s mailbox is overloaded. You may not have noticed that the Change Management Log states that one of the Exchange servers in London was shutdown and all mailboxes were moved to other servers. With the additional load, the Exchange server that Scott is on has become overloaded and is extremely slow in its responses.

If you have difficulty with these scenarios, feel free to review the flow charts from the previous units and to ask for help from your classmates. Do not feel the need to rush. Take time to think for a few minutes.


Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

What Is a Workshop? The workshop is designed as a hands-on learning activity. It addresses a particular business or technical problem and its solution. As such, a workshop can be designed to familiarize a beginning audience with the basic implementation of a new product or an expert audience to optimize their enterprise network for a robust security infrastructure.

In a workshop, lecture time is kept to a minimum to give students the maximum opportunity for hands-on, scenario-based labs. The workshop format enables students to reinforce learning by doing and by problem-solving. Workshop components include hands-on labs, resources in the Lab Toolkit, slides, and reference material.

Each unit in a workshop is weighted as follows:

Presentation

(introduce)

10%

Lab

(apply)

75%

Review

(synthesize)

15%

These percentages are a guideline. Some variation is expected based on the content, but students should spend at least 60 percent of each unit concentrating on the hands-on lab.

2 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Workshop Delivery The lab is the main focus of the workshop. Each lab presents a problem or series of problems that students must solve. Use the slides that precede the lab to orient the student but keep the presentation to a minimum. After you have taught the workshop a few times, you may identify topics that typically give students some trouble. If appropriate, present a resource from the Lab Toolkit before the lab to prepare them for those possible problem areas.

The labs in a workshop are designed to allow students to explore several options for completing complex tasks. As a result, students may require more assistance than they do with a prescriptive lab activity. If most of the students get stuck on a step or procedure, be prepared to pause the lab and demonstrate the procedure or concept to the entire class. If most of the students are struggling with the lab, you might find it valuable to perform the steps as a class, but allow students to continue working on their own if they choose.

Check the students� progress periodically during the lab. You might find it useful to establish protocols for students to alert you when they have questions and when they are finished with the lab. For example, you might create additional tent cards or adapt existing ones so student can turn to the �need help� side or the �lab complete� side. You can also give each student different colored notes to signal that they need help or that they have completed the lab.

Some students may leave the room after they finish the lab while other students are still working. Therefore, identify a time to reconvene in the room so you can decide if you need to extend the lab period or move on to the next unit.

After the lab, there is usually a designated time to discuss the results of the lab. Answer the questions that were posed during the lab. When there are several ways to complete the lab, ask the students which method they used and why. Be prepared to discuss the advantages and disadvantages of each decision, both from a technical and business perspective. If the students do not demonstrate mastery of the important concepts, review the relevant resources in the Lab Toolkit until you are satisfied that they understand.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003 3

Delivery Strategies One of the biggest challenges with a workshop is that attending students may have a wide range of skills and learning styles. It is very likely that some students will complete the labs in minimal time while other students may struggle with basic concepts and may never actually finish a lab. Some students will be uncomfortable with labs that do not tell them how to do every step.

This section gives you some suggestions for dealing with various classroom situations. If you have other techniques and successes, please share them with other trainers on the Microsoft® Certified Trainer (MCT) forums at Microsoft.private.mct.trainer.preparation. You can find instructions on how to access the forums on the MCT private Web site.

The introductory lab in Unit 1 has several purposes. The obvious objective is to familiarize the students with the Lab Toolkit and the resources in the Lab Toolkit. Other objectives helping students get into the troubleshooting frame of mind and to establish a workshop atmosphere where students feel free to communicate openly with their peers and the instructor. This unit also gives you a chance to screen the students. If students cannot complete the minimal lab instruction they are given in Unit 1 on their own, they may have a difficult time succeeding in the workshop format.

In an average class, some students will probably finish the lab long before others. Some students will need to use every resource in the Lab Toolkit while others may only need one or two. You might suggest that the most advanced students try to complete the lab by just looking at the service request and only referring to the lab instructions if they get stuck.

In some workshops, there will be additional challenge material and �if time permits� activities to accommodate students who finish faster. Most workshops will include additional reading on the Student Materials compact disc that contains information that is beneficial but too detailed to be placed in the Lab Toolkit. For students who finish early, suggest that they explore the additional reading because they will probably be too busy after they return to the office.

If most of the students do not meet the prerequisites, they may have a difficult time with labs that assume a lot of prior knowledge and do not provide detailed steps. In this situation, guide them through the entire lab rather than presenting the introductory slides and having them complete the labs at their own pace. Read the service request as a group and note the technical issues that may come up during troubleshooting. Then, discuss strategies to resolve the problem. Instead of waiting to answer the lab questions at the end of the lab, answer each question as you complete the steps.

When there are multiple ways of completing a task, you may need to guide the students to pick the optimal solution. In cases where there is no single best way, you might decide to split the class into two groups and have half do it one way and half the other way. If conducting the workshop this way takes too much time, you may need to incorporate the introductory slides into the lab. For example, rather than lecture about DNS stub zones before students start the lab, wait until the group reaches that step and then discuss it just before they work on that task.

Screening student ability

Dealing with advanced students

Guiding students through the lab


If only some of the students meet the prerequisites, you may have a difficult time balancing the needs of all students. You can have more experienced students sit next to less experienced students and give the more experienced students a brief tutorial on how to be a good mentor. For example, you can advise them to:

! Guide their partners, but not do the work for them. ! Let their partners make mistakes because they will learn more. ! Try to summarize the material from the resources in the Lab Toolkit for

their partners without divulging the answers to the questions.

If pairing students with mentors is impractical because of ratios or personalities, you can group the remedial students together and guide them through the labs as a group, as described previously. Allow the advanced students to perform the labs at their own pace and to participate in the remedial discussions as they like.

Some learners enjoy the challenge of starting an activity and learning about it as they go. Other learners may be reluctant to begin without knowing all the necessary information. These learners may be uncomfortable with the basic workshop format. You can adapt the format to their learning style by suggesting that they read and perform all the resources in the Lab Toolkit before they begin the lab. These students may not be able to finish every lab step, but they may feel that they have acquired the knowledge they need to do the steps in the future.

Adapting to different skill levels

Adapting to different learning styles


About This Workshop This section provides you with a brief description of the workshop, audience, suggested prerequisites, objectives, and strategies for delivering this workshop.

This workshop is designed as a 300 level, three-day, instructor-led workshop. This workshop is targeted at current Exchange administrators with one or more years of messaging and network experience. The workshop will focus exclusively on the troubleshooting skills and objectives that align with Exam 70-284: Implementing and Managing Microsoft Exchange Server 2003. The labs are a series of problem-centered scenarios that required students to use troubleshooting flow charts to identify and resolve problems.

This workshop is targeted to the Systems Engineer already skilled in Microsoft Exchange Server 2003 support tasks. Students should have a 300 skill level as an Exchange administrator and have one or more years of messaging and network experience supporting Exchange Server. The workshop format is also intended for students who learn best by doing.


! Complete Course 2400, Implementing and Managing Exchange Server 2003. or

! Complete Course 2009, Upgrading Your Skills from Exchange Server 5.5 to Exchange Server 2003.

! One or more years of messaging and network experience supporting Exchange Server.

After completing this workshop, the student will be able to:

! Apply knowledge of a troubleshooting methodology to identify and resolve a problem.

! Identify and resolve network connectivity problems and problems arising from host resolution protocols.

! Identify and resolve problems with public folders and mailboxes.

Identify and resolve front-end server and back-end server issues that cause problems with Microsoft Outlook® Web Access (OWA).

! Identify and resolve problems with Internet protocol virtual servers such as SMTP, IMAP, and POP.

! Identify and resolve connectivity problems between servers running Exchange Server 2003, between Exchange Server 2003 and other messaging systems, and problems with relay configurations.

! Identify and resolve problems with bandwidth, services, database corruption, service failures, disk space, and other server performance problems.

! Identify and resolve encryption and digital signature issues and problems caused by viruses.

Description

Audience

Student prerequisites

Workshop objectives


! Identify and resolve problems related to migrating from Exchange Server

5.5 to Exchange Server 2003. ! Apply knowledge of troubleshooting methodology to create a

troubleshooting strategy and identify the appropriate tools, processes, and procedures for each step of the strategy.

To teach this workshop, you need the following materials:

! Student Workbook ! Trainer Materials compact disc

To prepare for this workshop, you must:

! Complete the Workshop Preparation Checklist that is included with the trainer materials.

The overall strategy for this workshop combines the lab-centric requirement of workshops with a problem-based learning methodology. Labs will provide hands-on learning activities guided by scenarios that are relevant to the Exchange administrator job role. During these labs, students can access a variety of support resources (such as procedures, annotated screen shots, and links to Exchange Server 2003 Help documentation) to help them complete the lab exercises.

The topics that precede the lab will provide information designed to help prepare students succeed in the lab. A common approach for the design and selection of these topics is that the key to troubleshooting is understanding how things should work. As a result, the preparation topics will focus on the process of how a particular Exchange component or messaging functionality works.

Lab scenarios The workshop-wide scenario will imitate a fictitious help-desk organization that has just hired the student (who is currently an experienced Exchange administrator) to perform Tier-3 help-desk support tasks in a Windows Server 2003- and Exchange Server 2003-based environment. This approach will provide the context for the workshop to present troubleshooting scenarios. The online toolkit resources will be used to implement the workshop-wide scenario in each learning unit.

To implement a problem-based learning methodology for this workshop, a service request will provide the information (such as symptoms, configuration information, and so on) necessary for the student to troubleshoot the problem. In each lab, students will use the information in the service request and a troubleshooting flow chart printed in the workshop manual to diagnose and, whenever possible, fix the problem. Toolkit resources will be mapped and associated to the relevant step in the troubleshooting flow chart and will provide students with �just-in-time� help during that specific point in the troubleshooting process.

Because service request information is often misleading or incorrect in real-world scenarios, there are some places where misleading or incorrect information is provided to the student.

Required materials

Preparation tasks

Workshop design

Important


Pre-lab activity In the first part of each lab, the instructor reviews the first service request with students and asks students their approach to identifying the problem. The instructor should note students� recommendations on the whiteboard. Then the students perform the lab. After the lab is complete, the instructor can use the information generated from the pre-lab activity and the lab results to facilitate the discussion during the lab review.

Lab reviews Each lab will be followed by review of the lab exercises, which is facilitated by the instructor. The instructor can use Appendix A, �Lab Guidance,� to guide students through the �correct� path through the troubleshooting flow chart.

The lab review should:

! Identify what each step in the flow chart accomplishes during the process ! Generate an understanding for the flow of troubleshooting steps ! Discuss the tools used during the lab ! Compare the pre-lab recommendations with the actual lab to generate

recommendations and student-generated best practices

During this review, the instructor should elicit feedback from students and generate discussion about the students� experience during the lab (such as what they did right and what they did wrong).

The lab review can also contain links or references to additional information (such as Knowledge Base articles, white papers, Exchange help docs, and so on) that pertain to the unit objective.


Workshop Timing The following schedule is an estimate of the workshop timing. Your timing may vary. Every student may not finish every lab. Use your judgment to set a reasonable time to move on to the next unit.


9:00 9:30 Introduction

9:30 9:45 Unit 1: Introduction to Troubleshooting Exchange Server 2003

9:45 10:45 Lab: Exploring the Troubleshooting Environment

10:45 11:00 Break

11:00 11:15 Unit 2: Troubleshooting Network Connectivity

11:15 12:00 Lab: Troubleshooting Connectivity Problems

12:00 1:00 Lunch

1:00 2:30 Lab: Troubleshooting Connectivity Problems (continued)

2:30 2:45 Break

2:45 3:00 Unit 3: Troubleshooting Public Folders and Mailboxes

3:00 4:15 Lab: Troubleshooting Public Folder and Mailbox Problems

4:15 4:30 Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Day 2

Start End Unit


9:00 10:00 Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems

10;00 10:15 Break

10:15 11:45 Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems (continued)

11:45 12:45 Lunch

12:45 1:00 Unit 5: Troubleshooting Client Connectivity

1:00 2:00 Lab: Troubleshooting Client Connectivity Problems

2:00 2:15 Break

2:15 3:15 Lab: Troubleshooting Client Connectivity Problems (continued)

3:15 3:30 Unit 6: Troubleshooting Server Connectivity

3:30 5:00 Lab: Troubleshooting Server Connectivity Problems


Day 3

Start End Unit


9:00 9:15 Unit 7: Troubleshooting Server Performance

9:15 10:15 Lab: Troubleshooting Server Performance

10:15 10:30 Break

10:30 10:45 Unit 8: Troubleshooting Security Issues

10:45 12:00 Lab: Troubleshooting Exchange Security

12:00 1:00 Lunch

1:00 1:45 Lab: Troubleshooting Security Issue Problems (continued)

1:45 2:00 Unit 9: Troubleshooting the Migration to Exchange 2003

2:00 2:15 Break

2:15 3:45 Lab: Troubleshooting the Migration to Exchange 2003

3:45 4:30 Unit 10: Troubleshooting an Exchange Server 2003 Organization


Trainer Materials Compact Disc Contents The Trainer Materials compact disc contains the following files and folders:

! Autorun.exe. When the compact disc is inserted into the compact disc drive, or when you double-click the Autorun.exe file, this file opens the compact disc and allows you to browse the Student Materials or Trainer Materials compact disc.

! Autorun.inf. When the compact disc is inserted into the compact disc drive, this file opens Autorun.exe.

! Default.htm. This file opens the Trainer Materials Web page. ! Readme.txt. This file explains how to install the software for viewing the

Trainer Materials compact disc and its contents and how to open the Trainer Materials Web page.

! 2011a_In.doc. This file contains the Instructor Notes for this workshop, which are provided to assist the instructor in delivering this workshop.

! 2011a_MS.doc. This file is the Manual Classroom Setup Guide. It contains the steps for manually setting up the classroom computers.

! Powerpnt. This folder contains the PowerPoint slides that are used in this workshop.

It is recommended that you use PowerPoint 2002 or later to display the slides for this workshop. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

! Pptview. This folder contains the PowerPoint Viewer 97, which can be used to display the PowerPoint slides if PowerPoint 2002 is not available. Do not use this version in the classroom.

! Setup. This folder contains the files that install the workshop and related software to computers in a classroom setting. Setup includes the Virtual PC differencing drives, which build on base drives provided on the 2400B Trainer Materials DVD.

! Student. This folder contains the Web page that provides students with links to resources pertaining to this workshop, including additional reading, review and lab answers, lab files, multimedia presentations, the Lab Toolkit, and workshop-related Web sites.

! Tprep. This file contains the Trainer Preparation Presentation for this course. Review these materials before teaching this course.

! Webfiles. This folder contains the files that are required to view the workshop Web page. To open the Web page, open Windows Explorer, and in the root directory of the compact disc, double-click Default.htm or Autorun.exe.

Important


Instructor Notes for Unit 0: Introduction The Introduction unit provides students with an overview of the workshop content, materials, and logistics for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003.

How to Teach This Unit This section describes the instructional methods for teaching this unit.

Welcome students to the workshop and introduce yourself. Provide a brief overview of your background to establish credibility.

Ask students to introduce themselves and provide their background, product experience, and expectations of the workshop.

Record student expectations on a whiteboard or flip chart for reference later in class.

Use the students� expectations, discussed in the previous slide, as a lead-in to describe what a workshop is. Emphasize that 75 percent to 80 percent of the time will focus on hands-on activities during the lab. The rest of the time will focus on preparing students for the lab and reviewing how students performed the lab.

Briefly demonstrate the Lab Toolkit, highlighting its components and how they will be used during the lab. Tell students that the Lab Toolkit is installed on their student computers in the classroom and is also available on the Student Materials compact disc for use after the workshop.

Tell students that everything they will need for this workshop is provided at their desk.

Have students write their names on both sides of the name cards.

Describe the contents of the student workbook and the Student Materials compact disc.

Tell students where they can send comments and feedback on this workshop.

Demonstrate how to open the Web page that is provided on the Student Materials compact disc by double-clicking Autorun.exe or Default.htm in the Student folder on the Trainer Materials compact disc.

Describe the prerequisites for this course. This is an opportunity for you to identify students who may not have the appropriate background or experience to attend this course.

Briefly describe each unit and what students will learn. Be careful not to go into too much detail because the workshop is introduced in detail in Unit 1.

Explain how this workshop will meet students� expectations by relating the information that is covered in individual units to their expectations.

Presentation: 30 minutes

Introduction

What is a workshop?

Workshop materials

Prerequisites

Workshop outline


Prior to performing this demonstration, start 2400_London�Virtual PC. Because London takes several minutes to start, it should be completely started before you begin this presentation.

Microsoft now owns Connectix Virtual PC. In this course, students will use Connectix Virtual PC to perform all the hands-on practices. Demonstrate how to use Virtual PC by performing the following procedure:

1. On your desktop, tell students that they can use either the Start menu or their desktop shortcuts to open Connectix Virtual PC.

2. In Connectix Virtual PC, click Miami, and then click Start Up. Mention that, with 1 GB of memory, the students will be able to run two virtual computers at a time, and that starting the third virtual computer will cause performance problems. There are labs in this workshop that require the simultaneous use of three virtual computers.

3. Show the students that the system tray of the host computer contains an icon for Virtual PC. If Virtual PC is running but the window becomes hidden, you can reactivate the window by double-clicking the icon in the system tray.

4. Show the students that the title bar of each virtual PC indicates which server is accessed.

5. Switch to 2011_London�Virtual PC and then log on to London by pressing the ALT key on the right side of the keyboard at the same time you press the DELETE key. Log on as NWTraders\Administrator with a password of P@ssw0rd. Point out that the ALT key on the right side of the keyboard is referred to as both the RIGHT-ALT key and the HOST key in Connectix Virtual PC Help and menus.

6. Demonstrate Full Screen mode by pressing the ALT key on the right side of the keyboard at the same time you press ENTER. Repeat this key sequence to return to a Window view. Tell students that if they have display problems during class, they can use Full Screen mode to improve performance.

7. Point out that the London desktop indicates the word LONDON, and mention that each virtual PC indicates the computer name on the desktop.

8. Switch to Miami and then log on to Miami as administrator by pressing ALT+DELETE. Point out that all accounts in the Microsoft Active Directory® directory service have been preconfigured with a password of P@ssw0rd.

9. Point out that the Miami desktop indicates the word MIAMI. 10. Use ipconfig /all at a command prompt at London, Miami, and the host

computer to show the IP addresses configured for each. Use ping to show that London and Miami can ping each other and the host, but not any other computer on the host�s network. For your information, the IP address for London is 192.168.1.1 and the IP address for Miami is 192.168.1.2. The host computers should be configured with an IP address on the same subnet as the virtual PCs.

Demonstration: Using Virtual PC


11. From London, show how to map drive Z to drive C of the host computer.

Point out that when the drive is mapped, students can access information stored on the host computer by using this mapped drive, and that they can create additional mapped drives by using the Settings option on the Edit menu of Connectix Virtual PC.

12. Close London and save changes. Close Miami and save changes. Point out that students can choose to either discard or commit their changes when closing Virtual PC, and that in general in this course, they should discard their changes each time they close Virtual PC.

Describe any necessary setup information for the course, including course files and classroom configuration.

Explain the Microsoft Official Curriculum (MOC) program and present the list of additional recommended learning products.

Refer students to the Microsoft Official Curriculum Web page at http://www.microsoft.com/traincert/training/ for information about curriculum paths.

Inform students about the Microsoft Certified Professional (MCP) program, any certification exams that are related to this workshop, and the various certification options.

Explain the class hours, extended building hours for labs, parking, rest room location, meals, phones, message posting, and where smoking is and is not allowed.

Let students know if your facility has Internet access that is available for them to use during class breaks.

Also, make sure that the students are aware of the recycling program if one is available.

Setup

Microsoft Official Curriculum

Microsoft Certified Professional program

Facilities


Instructor Notes for Unit 1: Introduction to Troubleshooting Exchange Server 2003


! Configure and prepare servers for basic troubleshooting. ! Analyze process and data flow in a flow chart. ! Access and apply information from a service request and other workshop

components. ! Identify a problem and recommend a solution.

To teach this unit, you need the unit slides, the student workbook, and the Lab Toolkit.

It is recommended that you use Microsoft PowerPoint® 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

To prepare for this unit, read all the written materials and review the resources in the Lab Toolkit, practice the labs and guided activities, and prepare to facilitate the discussion questions.

In addition, you should:

! Review Module 4, �Managing Recipients,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

! Review Module 7, �Implementing and Managing Client Access with Internet Protocols,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

! Review Module 11, �Managing Data Storage and Hardware Resources,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

! Review the Open Systems Interconnection (OSI) model and be prepared to discuss how it can be used for troubleshooting client/server applications.

! Prepare to explain to students how to use the toolkit resources.

The information in this section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab.

! Prepare for the lab

• Remind students to run the breaklab1a.bat script in the beginning of the Lab for Unit 1 in the Lab Virtual PC Configuration section.

Presentation: 15 minutes Lab: 60 minutes Review: 5 minutes

Required materials

Important

Preparation tasks

Classroom setup



The presentation includes a lot of information. To cover the four presentation slides, you will need to move quickly. The students should already have some background information about the topics in the presentation, so focus on how each of the topics is relevant to troubleshooting. Keep in mind that the slides in this unit are intended to introduce students to troubleshooting and some of the processes used in troubleshooting.

Because most Exchange Administrators are not responsible for the network infrastructure, they may feel some frustration in the first two units. Stress to them the importance of understanding the basic networking concepts when troubleshooting an Exchange environment. Point out to the students that even if they are not directly responsible for the network and its components, knowledge of these components can help them rule out network problems without the network team�s assistance in many cases.

�Topic 1: Understanding Exchange Server 2003� discusses the various components of an Exchange system and that problems can exist at any level in an Exchange environment. Focus on the troubleshooting aspects for each component. For example, discuss how one mailbox store can be corrupted and others in the same storage group not impacted. Make sure to engage students in the discussion by asking them how they would troubleshoot a problem in each area if they knew the problem existed in that component. For example, ask them how they would troubleshoot a MAPI client problem if they knew it was a client issue and not a server component problem.

�Topic 2: Troubleshooting Methodology� discusses two common troubleshooting processes that are used in the industry. Explain to students how vital the process is, and how it can be organized using the OSI model. Walk them through the OSI model on the whiteboard and stress how the model starts at the top of the client using Microsoft Outlook at the application, moves down through the model to the wire (physical layer), across the wire to the server side and up through the model to the Exchange Server 2003 server as the server application. Ask students what they think might be some issues that they could run into at each layer of the OSI model. Also discuss how to use the working system model when it comes to troubleshooting. Use the example of how Outlook Web Access (OWA) works. Explain how you might troubleshoot OWA both at the browser level and at the server level.

�Topic 3: Preparing to Troubleshoot Exchange Server 2003� discusses the places where logging and monitoring can be used for troubleshooting. The lab will walk them through most of the processes. However, you might want to demonstrate how to use Netmon to do a capture to see how an OWA client connects to the server and then explain what you captured and how students can replicate it.

�Topic 4: Pre-Lab Discussion� is your opportunity to prepare students for the lab. Because the purpose of the troubleshooting exercise in this lab is to introduce students to the service requests, flow charts, and toolkit resources, you should demonstrate for the students how to use the flow chart and the toolkit resources to solve the problem describe in the scenario and service request for the first step or two. Use this page to provide context for the lab and help students better understand the importance of the concepts in this unit when it comes to troubleshooting the lab scenarios.

Presentation


The first exercise is the first of what will be many scenarios that are used in all the other units in this workshop. Explain to students that the first exercise is not Exchange related because they are supposed to learn how to use the flow charts and the toolkit resources in this exercise.

The problem that you are troubleshooting in Exercise 1 is intentionally simple in order to help students learn how to use the flow chart, and was chosen because most Windows administrators have a great deal of experience with mapping network drives and troubleshooting problems with mapped network drives. Students should follow the steps in the flow chart in order to identify the problem provided in the scenario. It is important that students become comfortable using the flow chart in this exercise because all subsequent exercises in this workshop will incorporate flow charts. Once students identify a problem, they must document their solution. At the end of each lab in this workshop, you will discuss with the class their approach to troubleshooting problems, and their findings during troubleshooting.

In the second exercise, students configure logging and monitoring on the computer running Exchange Server 2003 to familiarize themselves with all the logging capabilities they have. Configuration settings will be saved at the end of the lab so that students can continue to use the items that they configure during this exercise. You should also mention that although most labs in this workshop have the students discard changes made to their virtual PC environment, changes in this lab will be saved so that they can continue to use the troubleshooting tools that they configured during Exercise 2.

For more information on completing this lab, direct students to Appendix A, �Lab Guidance,� located at the back of the student workbook. If necessary, be prepared to provide desk side assistance to each student during the lab phase of class. You can help students along in their troubleshooting by asking how they would normally test a process or lookup information. You will want to maintain a �study hall� atmosphere within the classroom while students complete the lab.

The toolkit resources for this unit include items that are not related specifically to the flow chart for this unit. These items are referenced in the Lab Toolkit resources section of the unit by exercise number. For example, if an item is needed only for Exercise 2, but does not support the flow chart, the Flow Chart Reference column of the table will indicate �Ex 2 only�.

Lab


You should review some of the settings and configurations of the different logs and monitoring tools that the students used during the lab. For example, you might ask students how they would configure logging and monitoring in their networks as a standard configuration, and then ask them the same question but with users reporting that Outlook 2003 access to their mailboxes is slower than normal. Use the whiteboard to record the information provided by the students and encourage them to expand on the information that you write.

Discuss how the students used the troubleshooting flow chart to determine the root cause of the problem. Walk all students through the flow chart for Exercise 2 in the lab. Ask them to provide feedback on what they found. While going through the flow chart, have students pull out the Toolkit Resources booklet and point out the detailed information. Point out how the Toolkit items are correlated to the flow chart through the reference letters.

Discuss how the students tested their solution to the problem and how they knew they were successful in resolving the problem.

Make sure students followed the instructions to shut down the Virtual PCs after the lab.

Review


Instructor Notes for Unit 2: Troubleshooting Network Connectivity


! Identify the underlying causes when mail from one server is not received by recipients on another and resolve the problem.

! Identify the underlying causes when a user cannot connect to a Microsoft Exchange Server 2003 server as a remote user and resolve the problem.

! Identify the underlying causes when no one in the organization can receive Internet e-mail and resolve the problem.


It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.




! Review Module 8, �Managing Client Configuration and Connectivity,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.



• Make sure to remind all students to run the scripts in the beginning of each exercise in the Lab for Unit 2. Follow the directions in the Lab Virtual PC configuration section.


Required materials

Important

Preparation tasks

Classroom setup



This is the first unit where you really start to get into troubleshooting Exchange Server 2003. You need to be very careful and keep the focus on network configuration and network services in this unit as there is another unit later that covers client connectivity.

Because most Exchange Administrators are not responsible for the network infrastructure, they may feel some frustration in the first two units. Stress to them the importance of understanding the basic networking concepts when troubleshooting an Exchange environment. Point out to the students that, even if they are not directly responsible for the network and its components, knowledge of these components can help them rule out network problems in many cases and not require the network team�s assistance.

�Topic 1: Tools for Troubleshooting Network Connectivity� discusses the various tools available to the students when troubleshooting network connectivity and network services issues. You should explain how these tools are most often used for troubleshooting and what each tool can tell you about whether something works properly. For example, you might talk about how using ping with the host name will tell you that name resolution works if it responds properly. However, you should also tell students that because there is no response that does not mean that the target computer is not working. There might be an intervening firewall or a router that filters out ICMP traffic and thereby preventing student from seeing the response. Explain how to use telnet at the command prompt and how to use Hyper Terminal to connect to non-telnet ports.

�Topic 2: Common Network Connectivity Problems� discusses some of the common connectivity issues. Explain that these problems are easy to resolve and provide examples of how you can test for each one. For example, explain how you can use telnet from a computer outside the firewall to test connections through the firewall to an internal system. A good example would be to test port 25 connections and see if they are properly redirected to the computer running Exchange Server 2003 and if a response is provided by the Exchange server.

�Topic 3: Pre-Lab Discussion� is your opportunity to prepare students for the lab. You should help students begin to think about the underlying problems that might result in the indicated situations, and document their suggestions on the whiteboard. Use this page to provide context for the lab and help students better understand the importance of the concepts in this unit when it comes to troubleshooting the lab scenarios.

When using OWA on London to test messaging functionality, you may occasionally get a 503 error. In most cases, just refreshing the screen will load OWA. If this doesn�t work, log on to OWA as Administrator and then log on as the user. You may wish to remind students of this periodically throughout this workshop.

In the flow chart, in solution box C, the students are directed to check the network route. You may wish to remind them that this means to check both the physical and logical network connectivity between clients and servers, as well as between servers in the Exchange organization. There is a toolkit resource for verifying routing group connectivity that can be used for this task.

Presentation

Note


If students have difficulty with the lab, use the flow charts to focus their troubleshooting efforts. If needed, ask them which steps they have completed. If they have gone past the step where they fix the problem, ask them to explain what they found in that step and the step before. This workshop assumes prerequisite knowledge in managing an Exchange Server 2003 environment. If students do not meet the prerequisites, you may need to review some procedures with the students.

For more information on completing this lab, direct students to Appendix A, �Lab Guidance,� located at the back of the student workbook. If necessary, be prepared to provide desk side assistance to each student during the lab phase of class. You will want to maintain a �study hall� atmosphere within the classroom while students complete the lab.

You should spend some time during the pre-lab discussion, with all student workbooks closed, going over some ways that students would troubleshoot the scenarios covered in the lab. Write their ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab.

Discuss how the students used the troubleshooting flow charts to determine the root causes of the problems. Compare the processes of the flow charts to what the students said they would do before the lab. Record on the whiteboard the information provided by the students. Discuss how they would troubleshoot the problem now based on what they learned in the lab.

Discuss how the students tested their solutions to the problems and how they knew they were successful in resolving the problems.

Make sure students followed the instructions to shut down the Virtual PCs after the lab.

Sometimes Internet Explorer fails to load all data when connecting to Outlook Web Access. If this happens, remind the students to close and restart Internet Explorer.

Lab Review

Note


Instructor Notes for Unit 3: Troubleshooting Public Folders and Mailboxes



! Identify the underlying causes when a user cannot receive Internet e-mail to his e-mail address and resolve the problem.


To teach this unit, you need the unit slides, the student workbook, which includes the lab flow charts and service request scenarios, and the Lab Toolkit.


To prepare for this unit, read all the written materials and review the resources in the Lab Toolkit, practice the labs and guided activities, and prepare to answer the discussion questions.


! Review Module 4, �Managing Recipients,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

! Review Module 6, �Managing Address Lists,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

! Review Module 14, �Performing Preventative Maintenance,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.



1. To perform this lab, the students must start the London and Vancouver Virtual PCs using the procedures described in the lab.

2. To create the troubleshooting scenarios, the students must run the Breaklab3.vbs script from the c:\moc\2011\Labfiles\Lab03 directory. This script creates all the error conditions required for the lab.


Required materials

Important

Preparation tasks

Classroom setup



To cover the four presentation slides in 15 minutes, you will need to move quickly. The students should already have some background information on the topics in the presentations, so focus on how each topic is relevant to troubleshooting.

�Topic 1: Troubleshooting Client Connectivity to Mailboxes and Public Folders� discusses the issues that can arise when a user tries to connect to an Exchange server. Focus on the troubleshooting aspects for each topic. For example, discuss if the problem is DNS resolution, what symptoms the user would see, and what you would do to troubleshoot the problem.

�Topic 2: Troubleshooting Mailbox and Public Folder Properties� discusses the mailbox and public folder configuration issues that can cause e-mail delivery problems. The students should be familiar with the user interface (UI) where these settings are configured, so avoid demonstrating the UI. The lab scenarios focus on mailbox and public-folder configuration issues, so minimize the time you spend on this topic. Most of your time should be spent addressing the troubleshooting portions of each bullet on the page, which are typically located in the last sentence of each bullet.

�Topic 3: Troubleshooting Single Server Message Flow� discusses how e-mail messages flow through a single server. Review the single server message flow but then focus on how the Queue Viewer and message tracking can be used to troubleshoot the message flow.

�Topic 4: Troubleshooting the Recipient Update Service� discusses recipient policies and the Recipient Update Service. These concepts should be familiar to the students, so focus on how configuration errors in the recipient policies, and configuration errors or service failures in the Recipient Update Service may cause e-mail delivery failures.




Presentation

Lab


Sometimes Internet Explorer fails to load all data when connecting to Outlook Web Access. If this happens, remind the students to close and restart Internet Explorer.

There are two flow charts for this lab. The first flow chart which is located in the beginning of the lab is used for exercises 1 and 2. The second flow chart is for use while completing exercise 3, which is located at the end of the lab. You may wish to point out the location of the flow chart for your students.

In the flow chart entitled �Troubleshooting Mailbox Problems,� solution boxes C and D direct the student to �Check content scanner.� Content scanning is a feature provided by third-party manufacturers. Because no content scanners are installed as part of this workshop�s setup, the students will be unable to perform this task. You should mention that students would follow manufacturer�s instructions for verifying their content scanner configuration in their own production environments.

You should have spent some time during the pre-lab discussion, with all student books closed, reviewing ways that the students would troubleshoot the scenarios covered in the lab. Record the students� ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab.

Discuss how the students used the troubleshooting flow chart to determine the root cause of the problem. Compare the process of the flow chart to what the students said they would do before the lab. Make sure you record the information provided by the students. Discuss how they would troubleshoot the problem now based on what they learned in the lab.


Make sure students shut down the Virtual PCs following the instructions after the lab.

Note

Review


Instructor Notes for Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access



! Identify the underlying causes when a user cannot access Outlook Web Access because of an authentication error and resolve the problem.

! Identify the underlying causes when a user cannot access Outlook Mobile Access and resolve the problem.

To teach this unit, you need the unit slides, the student workbook, which includes the lab flow charts and the service request forms, and the Lab Toolkit.





! Review Module 10, �Managing Mobile Devices with Exchange Server 2003,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

! Review Module 3, �Securing Exchange Server 2003,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

The information in this section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab. This lab includes three scenarios. Prior to starting each scenario, a script must be run that will create the problem that the students will be troubleshooting.


1. The students will use the London Virtual PC and the Miami Virtual PC for this lab. The Miami Virtual PC must be configured as a front-end server using the procedure in the lab.

2. To create the troubleshooting scenario for Exercise 1, the students must run the breaklab4a.bat script.

3. To create the troubleshooting scenario for Exercise 2, the students must run the breaklab4b.bat script.

4. To create the troubleshooting scenario for Exercise 3, the students must run the breaklab4c.bat script.


Required materials

Important

Preparation tasks

Classroom setup



To cover the three presentation slides in 15 minutes, you will need to move quickly. The students should already have some background information on the topics in the presentations, so focus on how each of the components is relevant for troubleshooting.

�Topic 1: Troubleshooting Outlook Web Access� discusses the issues that can arise when a user tries to connect to an Exchange server using Outlook Web Access. Focus on the troubleshooting aspects of the topic. The table that lists the error messages a user may receive are intended for reference, so don�t go into too much detail. Perhaps review just one row so the students can see the format. Spend more time on the troubleshooting topics after the table because these cover how to approach troubleshooting in an OWA environment.

�Topic 2: Troubleshooting a Front-End and Back-End Server Topology with Outlook Web Access� discusses how adding a front-end and back-end server configuration can complicate troubleshooting. The section briefly discusses the front-end, back-end topology, and students should be familiar with the topic. Spend most of your time on the troubleshooting section, highlighting how you can test each component within front-end, back-end server topology to isolate the problem. The lab scenarios focus on front-end, back-end configuration issues.

�Topic 3: Troubleshooting Outlook Mobile Access� discusses how Outlook Mobile Access is different than Outlook Web Access. Spend some time discussing that both services rely on Internet Information Server (IIS) so troubleshooting may include troubleshooting IIS as well as Exchange.


If students have difficulty with the lab, use the flow charts to focus their troubleshooting efforts. If needed, ask them which steps they have completed. If they have gone past the step where they fix the problem, ask them to explain what they found in that step and the step before. This workshop assumes prior knowledge in managing an Exchange Server 2003 environment. If students do not meet this prerequisite, you may need to review some procedures with the students.


Presentation

Lab


You should have spent some time during the pre-lab discussion, with all student books closed, reviewing ways that the students would troubleshoot the scenarios covered in the lab. Record the students� ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab.

If students have questions about Exercise 2, you should refer them to the toolkit resource, �Verifying the Configuration of the Default Web Site.� This resource describes how to determine whether ASP.NET is allowed or prohibited. This can happen if a company has deployed OMA much after the initial installation of Exchange. The company may have decided to disable ASP.NET, and then not realized that they need to enable it for OMA to function. Another scenario is that an IIS administrator may notice the setting, believe that it poses a security risk, and may turn it off.



Make sure students shut down the VPCs following the instructions after the lab.

Review


Instructor Notes for Unit 5: Troubleshooting Client Connectivity



! Identify the underlying causes when a user receives a �The connection to the server has failed� message and resolve the problem.

! Identify the underlying causes when a new user receives an error message when trying to connect to their mailbox and resolve the problem.






! Review Module 8, �Managing Client Configuration and Connectivity,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.



• Remind Students to follow the directions for the Lab Virtual PC configuration, and remind all students to run the scripts in the beginning of each exercise in the Lab for Unit 5.


Required materials

Important

Preparation tasks

Classroom setup



This unit covers client connectivity. It is important to keep the focus on messaging client configuration and client connection issues. The students should already have some background information on these topics in the presentation; you will want to focus on how the information presented is critical to troubleshooting.

�Topic 1: Messaging Clients Used to Access Exchange Server 2003� discusses the various messaging clients available to messaging users. It is important to note that different clients have different requirements for connection to an Exchange Server 2003 server. You should explain, for example, that Outlook Web Access requires only a compliant browser and connectivity using Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) if Secure Sockets Layer (SSL) is being used. However, Outlook 2003 is a full-featured messaging client that needs additional available ports to connect to the Exchange Server 2003 server, Active Directory domain controllers, and Active Directory global catalog servers. Discuss with the students how they can use different messaging clients to troubleshoot other messaging clients. For example, using OWA successfully will inform the student that the Exchange server is running properly and help eliminate the server as the problem for a MAPI client.

�Topic 2: How Messaging Clients Connect to Exchange Server 2003� focuses on the network requirements that Exchange services require by each messaging client to connect to the Exchange Server 2003 environment. Stay focused on the different communication methods used by each client and the ports that are needed to be open for each client. It is important to discuss the network services that are required on the Exchange Server 2003 server so that the messaging client can properly connect.

�Topic 3: Additional Services Required for Connecting to Exchange Server 2003� discusses the supporting network services that are required for the messaging client to connect to the Exchange server. For example, without DNS, Outlook 2003 would not be able to find the Exchange server on the network. Without IIS installed and running, Outlook Web Access and Outlook Mobile Access would not be able to connect to the Exchange Server 2003 environment. SMTP, POP3, and IMAP4 allow Outlook Express to connect to the Exchange server internally on the network as well as externally from the Internet if the ports have been published on the firewall and redirected to the Exchange server. Focus the discussion on how troubleshooting requires verifying these services as part of the messaging client connectivity requirements.


Presentation



One issue may arise in Exercise 1 where students are required to create a second SMTP virtual server and then configure one of the two SMTP virtual servers using SSL and the IMAP4 virtual server using SSL. Some students have never done this work, even though it is covered in the prerequisite courses. Make sure you can do these tasks and explain them to the students.

In Exercise 2, students need to take several steps to prepare the environment for troubleshooting. The configuration for this exercise is a little more complex than others because we need to configure a cached credential for AlexHanki and then reset the computer so that it does not retained cached DNS information.


In the third exercise of the lab, on Acapulco, students will need to log off as Alex Hankin and log back on as Gary Schare. Because of the modifications made by the script, it can take as long as 20 minutes to log back on to Acapulco. You should consider directing students to begin the log on process, and then take a break.

You should have spent some time during the pre-lab discussion with all student books closed; going over some ways that the students would troubleshoot the scenarios covered in the lab and then record the students� ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab.




Lab

Review


Instructor Notes for Unit 6: Troubleshooting Server Connectivity


! Troubleshoot message delivery between servers in the same routing group. ! Troubleshoot message delivery between servers in different routing groups. ! Troubleshoot message delivery between an Exchange organization and

another e-mail system. ! Troubleshoot message delivery between an Exchange organization and the

Internet.

To teach this unit, you need the unit slides, the student workbook, which includes the lab flow charts and the lab scenarios, and the Lab Toolkit.




! Review Module 9, �Managing Routing,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

The information in this section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab. This lab requires that the students create a new routing group and move Miami into the routing group using the procedure described at the beginning of the lab.


1. For the first exercise in the lab, the students will use the London Virtual PC and the Miami Virtual PC. In preparation for the lab, they must configure an additional routing group and move the Miami Exchange server into the routing group using the procedures at the beginning of the lab.

2. For the second and third exercises in the lab, the students will use the London Virtual PC and the Vancouver Virtual PC. The Vancouver Virtual PC will be used to simulate an Internet connection.

3. To create the troubleshooting problems for Exercise 2 in this lab, the students must run the breaklab6b.bat script.

4. To create the troubleshooting problems for Exercise 3 in this lab, the students must run the breaklab6c.bat


Required materials

Important

Preparation tasks

Classroom setup



To cover the four presentation slides in 15 minutes, you will need to move quickly. The students should already have some background information on the topics in the presentations, so focus on how each of the components that are relevant for troubleshooting.

The four topics in the unit build on the single server message flow information discussed in Unit 3. Remind the students of that information and discuss the fact that in some cases the reason why messages are not delivered to other servers may be a failure on one server.

The four topics in this unit also build from simple to more complex environments starting with a single site, multiple sites, and external e-mail systems and finishing with connecting to the Internet. Discuss this progression with the students as you introduce the topics in this unit.

�Topic 1: Troubleshooting Intra-Routing Group Connectivity� discusses how messages are routed between severs in a single routing group. Discuss the characteristics of message routing in a single routing group and ask the students what could fail in this environment, and what the symptoms would be. You may wish to use the whiteboard to indicate a geographically disperse routing group and discuss the fact that there are no logical bridgehead servers even when there are physical servers providing the connection between locations. This diagram can then carry forward into the next topic. Then discuss the troubleshooting steps. This is a good place to review the strong dependency of Exchange Server 2003 on DNS and Active Directory, in that most message delivery problems come from DNS or Active Directory resolution problems. As you discuss ways to resolve DC/GC or DNS issues, ensure that the students understand how to implement the solutions. If the students do not have the Active Directory background, refer them to Active Directory courses available from Microsoft.

�Topic 2: Troubleshooting Routing Group Connectivity� discusses message routing between routing groups and how to troubleshoot the errors. Students should be familiar with the routing group connector options in Exchange Server 2003 so focus on the troubleshooting sections. Point out that the message flow through bridgehead servers mean that the first step to troubleshooting message routing in multiple routing groups is to ensure that messages are flowing in the single routing group to the bridgehead server.

�Topic 3: Troubleshooting Connectivity to Other E-Mail Systems� discusses connecting the Exchange organization to other e-mail systems such as Lotus Notes or Novell Groupwise. Many students will not be familiar with this topic so review the concepts and the connector options briefly, mentioning the differences between Exchange Server 2003 and Exchange 2000. The lab does not include any scenarios where students will connect to another e-mail system.

�Topic 4: Troubleshooting Connectivity to the Internet� discusses how to troubleshoot both incoming and outgoing e-mail. The most significant component to troubleshooting incoming e-mail is configuring the Mail Exchanger (MX) records, so make sure that the students understand MX records and their role. If students are not familiar with MX records then show the students the MX records on the London virtual hard disk on the instructor computer. Review the SMTP connector configurations with the students when discussing outbound e-mail.

Presentation





You should have spent some time during the pre-lab discussion, with all student books closed, reviewing ways that the students would troubleshoot the scenarios covered in the lab and recording the students� ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab.




Lab

Review


Instructor Notes for Unit 7: Troubleshooting Server Performance


! Identify and resolve message problems related to performance problems in domain controllers and global catalog servers.

! Identify and resolve messaging performance problems caused by the running of scheduled applications.






! Review Module 13, �Performing Preventative Maintenance,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.



• Make sure to remind all students to run the scripts before all exercises.


This unit covers server performance problems. As servers become overwhelmed with normal and abnormal network use, the students will need to troubleshoot the cause of the poor performance and then make recommendations on how to fix the problems. The students should already have some background information on the topics in the presentations, so focus on how the information presented is important for troubleshooting.

�Topic 1: System Components That Cause Server-Related Performance Problems� discusses the various components of the server that can cause performance problems for Exchange Server 2003 and messaging clients that connect to the server. You should discuss the counters used to monitor server performance whether the server is an Exchange server or any other application server. Discuss how using System Monitor can help identify the performance constraint causing the problem and what actions can be taken to alleviate the performance problem.


Required materials

Important

Preparation tasks

Classroom setup

Presentation


�Topic 2: Common Server-Related Problems� focuses on performance problems that can be mitigated by offloading some services, rescheduling some activities, and changing maintenance schedules. A chart is provided to demonstrate examples of how to mitigate performance problems.


It is very important that the students do not stop the script for Exercise 3. The command prompt window will remain open, so it will probably be a clue for the students that whatever is running is the problem. It would be a very good time to give students a break. Let them know that once they start the script, it may take 10 minutes or more. Let them know that they can minimize the window, so that it will not be in their way while they start troubleshooting. The script will cause the students to eventually run out of disk space. Because running the script can take over thirty minutes (depending on system performance) you may allow students to start troubleshooting after ten minutes. They will find the excessive disk activity. As you review the lab with the students, point out all the extra files created by the script and that if it kept running, it would eventually fill up the disk. Point out to the students that when the disk fills, the MTA will stop and eventually all Exchange services will stop once the last of the log files are filled. The solution is that the drive needs to have the extra files deleted and Exchange services restarted if necessary.



You should have spent some time during the pre-lab discussion, with all student books closed, reviewing ways that the students would troubleshoot the scenarios covered in the lab, recording their ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab.

Discuss how the students used the troubleshooting flow chart to determine the root cause of the problem. Compare the process of the flow chart to what the students said they would do before the lab. Record on the whiteboard the information provided by the students. Discuss how they would troubleshoot the problem now based on what they learned in the lab.



Lab

Review


Instructor Notes for Unit 8: Troubleshooting Security Issues


! Identify and resolve problems related to encrypting e-mail using S/MIME. ! Identify and resolve problems related to using SSL to secure e-mail. ! Identify and resolve problems related to Exchange Server 2003 security

configurations.





! Review Module 3, �Securing Exchange Server 2003,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.


The information in this section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab. This lab requires that the students create a new routing group and move Miami into the routing group using the procedure described at the beginning of the lab.


1. For the first two scenarios in the lab, the students will use the London Virtual PC and the Acapulco Virtual PC.

2. In the troubleshooting Exercise 1, the problem is created by an incomplete classroom configuration.

3. In the troubleshooting Exercise 2, the problem is created by an incorrectly configured user profile. The profile has been created as part of the classroom setup.

4. For the last exercise in the lab, the students will use the London Virtual PC and the Vancouver Virtual PC.

5. To create the troubleshooting problems for Exercise 3 in this lab, the students must run the Breaklab8c.bat script.


Required materials

Important

Preparation tasks

Classroom setup



Not all companies have implemented SSL and S/MIME to secure e-mail. This means that some students are likely to have limited background understanding of PKI, SSL and S/MIME. If students do not have the expected background, then be prepared to spend more time explaining the concepts. An understanding of the concepts is required to troubleshoot issues with e-mail security.

Before starting the topics, spend some time determining how familiar the students are with this content. Ask how many have deployed an internal CA, how many use S/MIME in their company, how many use SSL to secure OWA, how many use SSL to secure other e-mail protocols.

�Topic 1: PKI Requirements for Secure E-Mail� discuss the concepts of PKI and the implementation options available when deploying a PKI. Use this slide to briefly discuss the components that enable digital signature and encryption capabilities. Use the information listed in the table to explain the role each PKI component plays in creating an infrastructure that can be used to secure e-mail. The amount of time you spend on this topic will depend on student familiarity with the concepts. If students are interested in learning more about using PKI to improve network security refer them to Course 2821: Designing and Managing a Microsoft Windows Public Key Infrastructure.

�Topic 2: Troubleshooting S/MIME E-Mail Issues� discuss the concepts, implementation and troubleshooting of S/MIME. Stress that S/MIME requires digital certificates for all e-mail clients that want to send secure e-mail, so most of the S/MIME troubleshooting issues will be client based. Tell the students that they can implement S/MIME security without modifying any settings on the Exchange server because the Exchange server will just accept the encrypted e-mail messages and forward them to other servers.

�Topic 3: Troubleshooting SSL Issues� discusses the concepts, implementation and troubleshooting of SSL. Tell students that, in contrast to S/MIME, almost all SSL troubleshooting will be server-based or network based, because all Internet protocol clients are enabled for SSL. Stress that although SSL is easier to implement than S/MIME, it is not as easy to use when sending secure e-mail to external clients. With S/MIME you can send secure e-mail to anyone as long as you have the required digital certificates. SSL is used only to secure client connections to Exchange servers and possibly, to secure SMTP e-mail sent between two Exchange servers.


Presentation




In the flow chart, solution box A directs the student to �Check SMTP gateway or smart host configuration�. Because SMTP gateway or smart host is not installed as part of this workshop�s setup, the students will be unable to perform this task. You should mention that students would follow manufacturer�s instructions for verifying their SMTP gateway or smart host configuration in their own production environments.

You should have spent some time during the pre-lab discussion, with all student books closed, going over some ways that the students would troubleshoot the scenarios covered in the lab and recording the students� ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab.




Lab

Review


Instructor Notes for Unit 9: Troubleshooting the Migration to Exchange 2003


! Identify the underlying causes when a user cannot access their mailbox after a migration and resolve the problem.







! Review Module 14, �Migrating User from Exchange 5.5 to Exchange Server 2003,� from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.



1. The students need to start the London and Vancouver Virtual PCs for this lab.

2. The students do not need to run any scripts to prepare the lab environment. The environment is preconfigured for the lab.


Required materials

Important

Preparation tasks

Classroom setup



This unit discusses a scenario that most companies will go through only once. If the students have worked with a company that has gone through a migration to either Exchange 2000 or Exchange Server 2003, they are likely to be quite familiar with the content. If they have not gone through a migration, they may have no experience with the content of this unit.

Before starting the topics, spend a short time determining how familiar the students are with this content. Ask how many have been involved in a migration project.

The third topic covers the troubleshooting issues that can occur during the migration. Spend most of your instruction time discussing these issues and their resolutions.

�Topic 1: Standard Migration Overview� provides a very brief overview of how to upgrade an existing Exchange 5.5 organization to Exchange Server 2003. If the students do not have experience with concepts such as SIDHistory and NTDSNoMatch, you may need to spend some time discussing what these terms refer to and why they are so important in a migration scenario. If the students are not familiar with the migration steps, expect to spend some additional time on this topic.

�Topic 2: External Migration Overview� provides a very brief overview of how to migrate mailboxes and public folders from an existing Exchange 5.5 organization to a new Exchange Server 2003 organization. Many of the steps in the migration appear similar to the standard migration, but the procedures may be quite different. For example, moving a mailbox within the same site or administrative/routing group is very different from moving the mailbox between organizations.

�Topic 3: Troubleshooting Migration Issues� discusses the troubleshooting issues that may arise during a migration and suggests resolutions for the issues. If you have students that have been part of a migration project, ask them to highlight the issues they faced during the migration as well as any additional issues they faced.


Presentation


The lab includes three exercises. Before starting the lab, the students must start up the London and Vancouver Virtual PCs.

Before starting the lab, highlight the Lab Scenario information at the beginning of the lab. Due to time constraints, students will not be able to perform an actual migration in the lab, but will start the lab with an organization that is partially migrated and where the two Exchange organizations coexist.

Highlight the Important note at the beginning of the lab. In this simulation of the migration environment, all the user accounts in the Contoso domain have been migrated to the Nwtraders.msft domain. The students should always be logging onto the NWTraders.msft domain when they are working on the lab. The only exception is if they need to log in as Contoso\Administrator.



You should have spent some time during the pre-lab discussion, with all student books closed, going over some ways that the students would troubleshoot the scenarios covered in the lab and recording the students� ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab.



Lab

Review


Instructor Notes for Unit 10: Troubleshooting an Exchange Server 2003 Organization


! Identify multiple issues affecting the messaging functionality within an organization.

! Troubleshoot the following:

• Network Connectivity

• Public Folders and Mailboxes

• Outlook Web Access and Outlook Mobile Access

• Client Connectivity

• Server Connectivity

• Server Performance

• Security Issues

• Migration from Exchange 5.5 to Exchange Server 2003




There are no tasks required to prepare for the lab, the entire unit is the lab.

Presentation: 45 minutes Lab: NA Review: NA

Required materials

Important

Preparation tasks

Prepare for the lab



This unit contains all the information that is normally provided to an administrator when troubleshooting problems with an Exchange Server 2003 server environment. This lab is for the students to show what they have learned and to put it all together.

�Topic 1: Approach to Exchange Server 2003 Troubleshooting� discusses how troubleshooting tasks should be addressed and resolved. This topic provides several questions that an administrator should ask as part of their troubleshooting process. For example, when discussing the Time/Date subject, it is important to note that the time of the day and the day of the week can have considerable impact on the troubleshooting process. If the problem occurs every day from 7 A.M. to 8 A.M. that should point to it being a peak time frame and that the only way to fix the problem would be to encourage users to vary the time of the day when they log onto their computers and open their messaging clients. Because this probably isn�t a solution, the student/administrator should consider ways to improve performance during these specific times or inexpensive ways to add capacity to the environment. One of the favorites of the students should be the Prioritization subject. Encourage them to explain how they prioritize service requests when they have more than one or two waiting for their attention.

�Topic 2-4: Challenge Information� provides the detail for the students in their troubleshooting scenario. There is no hands-on lab for this unit. In this unit, students will use the information provided in the Challenge Information pages to assist them with troubleshooting the scenarios presented in the Challenge. The challenge information provides the students with very high level Company Background, excerpts from the Change Management Log, and excerpts from the Service Request Log. This information provides the students with some recent history regarding user problems as well as recent history regarding changes made to the Exchange Server 2003 environment. Some of the information is helpful, and some of it is misleading. It is important that students learn that Service Requests and Help Desk information is not necessarily trustworthy.



The challenge consists of six scenarios where students troubleshoot the virtual environment by asking the trainer questions and explaining what tasks that they would like to perform. The scenarios are very briefly described in the challenge. It is up to the students to request more information and up to the trainer to decide what the response should be to each of the student questions.

Presentation

Lab


Have the students read through all six scenarios before beginning and ask them where they want to start working.

You may want to approach this lab by letting students volunteer their questions and troubleshooting steps that they would take. You may also want to just start in one corner and ask each person what they would do next. If a student is lost for words or just out of ideas, encourage the class to give that student some ideas. For example:

Trainer: �Student 1, what would you do first in troubleshooting this problem?�

Student 1:�I would like to verify that network connectivity exists between the messaging client and the Exchange server.�

Trainer: �Student 1, how would you do that?�

Student 1: �I would use the ping command from the client and see if I can ping the server using the host name and then try the IP address if the host name doesn�t work.� Trainer: �Excellent idea, you are able to properly ping the Exchange server by its host name. Student 2, what would you like to do next?�

Student 2: �I would like to verify that the domain controllers and global catalog servers are up and running for this network segment. I would do this by running netdiag from my client machine and also by running dcdiag from one of the domain controllers.�

Trainer: �Excellent idea, your results show that one domain controller is down.�

Of course, the trainer is also allowed to provide unimportant information like in the above example, where a domain controller being down doesn�t necessarily affect the outcome.

Scenario 1: David Campbell is unable to access his e-mail. His laptop is a new computer that he was just provided. The laptop has the lab DNS settings which have the wrong IP addresses for production servers. If students try to ping any servers you will tell them that you received responses, but it does not look like the right IP address in the return responses. The reason that this happens is that the lab has different settings for its environment that do not map to the production environment. Once students identify that the DNS settings for TCP/IP are incorrect, then David�s Outlook 2003 will start working, assuming they try it after making the changes.

Scenario 2: Ben Smith is unable to access his mailbox after starting up his laptop. The problem is that Ben�s laptop cable is loose and he gets intermittent connectivity during ping testing and all other testing done by the students. As the trainer, you should play the part of Ben and often say, �No, no response,� and then say, �Hey, it just worked,� and then, �No, it isn�t working again.� This will drive the students crazy, but it should encourage them to drop back to the basics and verify that the network cable is plugged in properly. Remind them that Ben is a vice president. He probably should have been bumped ahead of David Campbell.


Scenario 3: Janet Sheperdigian�s Outlook Express client is not properly configured to use SSL to protect traffic transmitted between her messaging client and the Exchange server. Janet is unable to connect to Exchange using SSL with SMTP because there is only a single SMTP VS on the Exchange server. If students try to reconfigure it, the trainer will state, �Well, now the Exchange team is getting flooded with calls about people unable to send e-mail to the Internet from the Vancouver office.� Students must create a new SMTP VS and implement SSL on it. SSL also needs to be implemented on IMAP4 or POP3 depending on whichever they find that Janet is using. If the students do not ask about IMAP4 or POP3, then tell them that the auditor has re-tested and is still able to capture e-mail to Janet.

Scenario 4: H. Brian Valentine is unable to access his e-mail using OWA. Brian�s statement about being able to do it last week is misleading, so students may jump off track. Be patient. They will return to the basics soon enough. The problem is that Brian is not entering https when trying to connect to the OWA server. If anyone asks to ping the OWA server, it will result in �Request timed out� messages. Pinging by name will resolve to the correct IP address. However, there will be no responses from the server. Pinging by IP will also give a request timed out message. This can be explained very easily. If the students ask during the scenario about firewalls or ISA servers, you should tell them that all OWA servers are protected by ISA servers. By default, ISA does not allow Internet Control Message Protocol (ICMP) from the Internet to internally published sources.

Scenario 5: Jeff Hay is unable to send encrypted e-mail to Tai Yee. Tai Yee is not a member of Jeff�s company; Tai is an employee of another company. The problem is that Tai never sent a digital certificate to Jeff, so Jeff is unable to send an encrypted message to Tai.

Scenario 6: Scott Bishop is experiencing poor performance when using Outlook to connect to his mailbox. The problem is that the Exchange server that holds Scott�s mailbox is overloaded. Students may not have noticed that the Change Management Log states that one of the Exchange servers in London was shutdown and all mailboxes were moved to other servers. With the additional load, the Exchange server that Scott is on has become overloaded and is extremely slow in its response.

If students have difficulty with the scenarios, encourage them to feel free to review the flow charts from the previous units and to ask for help from their classmates. Do not feel the need to rush the students; let them think for a few minutes and make sure to provide positive feedback. This workshop assumes prior knowledge in managing an Exchange Server 2003 environment; if the students do not meet the prerequisites, you may need to review some procedures with the students.

There is no review for this unit because the challenge is the review for the workshop.

Review