Tuesday, August 19, 2008

How to Configure the SCL in Exchange

Recently I was asked what the proper Spam Confidence Level (SCL) should be for an Exchange 2007 installation. The answer is the ever-popular, "it depends."

The SCL is a value that Exchange assigns to each incoming SMTP email and is based on Microsoft's SmartScreen technology. This score determines how likely Exchange thinks an email message is spam. A rating of 0 means the message is not likely spam and a rating of 9 means the message is most likely spam.

SmartScreen is a "black hole" technology -- meaning that the algorithms and heuristics it uses for scoring is not published by Microsoft, thereby making it more difficult for spammers to create messages that can score lower and pass the filter. The Exchange server downloads new heuristics from Microsoft periodically.

Exchange 2003 SP2 introduced the Internet Message Filter (IMF) to score emails with an SCL rating. Exchange 2007 uses Content Filtering on the Anti-spam tab of the Edge Transport server to score emails (as shown below). It can also be enabled on a Hub Transport server if Edge Transport servers are not used. See How to Enable Anti-Spam Functionality on a Hub Transport Server.

Selecting the right SCL filter level is not an exact science. You're trying to filter obvious spam without accidentally filtering legitimate messages. You can use the following method to determine the starting point for your filter.

Using Perfmon to Select the SCL Filter Level
The best way to determine the appropriate SCL filter level is to use perfmon and examine the MSExchange Content Filter Agent object. Over time, the "Messages with SCL x" counters will increment and begin to show a trend.

In the example below, the Messages with SCL 0 through 7 counters are in the lower half of the scale. Messages with SCL 8 is off the charts at 270 -- more than all the lower SCL levels combined. From this data we can infer that it is safe to filter messages with an SCL higher than 7.


Note that these counters reset to zero upon restart of the server. It may take a little while before the trend appears.

Keep in mind that this is only the filter to begin with. You may have to adjust your filter up or down for your specific environment, but this will give you an excellent starting point.

SmartScreen filtering is just one of the anti-spam solutions available for Microsoft Exchange Server. Other solutions include Sender ID Framework, Outlook Junk E-Mail Filter, and Microsoft Exchange Hosted Filtering. See the Microsoft AntiSpam Technologies website for more details.

Labels: , , , , , ,

Subscribe to my feed   StumbleUpon Toolbar

Subscribe to The EXPTA {blog} by Email

posted by Jeff @ 12:18 PM   0 Comments Links to this post

Thursday, July 24, 2008

Free/Busy Information in Exchange 2000/2003/2007


What is Free/Busy?
Users' availability information is stored in Exchange in a hidden system public folder. This information is used by Outlook and OWA to tell other users if they are free or busy (hence, the term Free/Busy information). Normally this information is displayed as color-coded blocked out areas in a user's calendar, as show above. If users have extended rights, they can right-click another user's blocked out time to view the subject of the busy time.

The Free/Busy information is posted as a single message that contains data for the entire Free/Busy duration. The default to publish is 2 month's worth of information, configurable in Outlook Options or via Group Policy. Every time the Free Busy information is updated, the message is overwritten.

Publishing Free/Busy Information
The way Free/Busy information is published to Exchange depends on the method used to update the user's calendar. The Outlook client is usually responsible for generating Free/Busy information. Outlook will read the calendar and generate Free/Busy every 15 minutes by default if the information has been changed. This schedule can be changed in Outlook options or via Group Policy. Outlook also republishes the Free/Busy information whenever Outlook is shut down.

So what happens when the user updates their calendar using Outlook Web Access (OWA) or some other non-MAPI client? In this case, Free/Busy information is updated by a background process called MSExchangeFBPublish (MadFB). This process runs under the System Attendant mailbox and updates Free/Busy every 5 minutes for OWA, OMA, and Entourage clients. When a change is made to the calendar, a Free/Busy message is submitted to the System Attendant mailbox on the mailbox server for the user. The MadFB process polls this mailbox and picks up that there has been a change. MadFB then publishes the user's full Free/Busy message to the Free/Busy folder overwriting the existing message.

Replicating Free/Busy Information
The short answer is don't do it. The only reason to replicate Free/Busy information is when you frequently have users accessing Free Busy information of users in another site, and those sites are separated by a slow or lossy network link. Replicating Free/Busy information introduces inherent latency and causes inaccuracy in the Free/Busy information. Users in one site may see information from a site that has not replicated yet.

Where is Free/Busy Information Stored?
As mentioned earlier, Free/Busy information is stored in a system public folder. You can view all the Free/Busy information in the org by opening the following URL in a web browser: "http(s)://ServerName/Public/Non_IPM_Subtree/SCHEDULE%2B%20FREE%20BUSY/".

Here, you will see a folder under SCHEDULE+ FREE BUSY for each Administrative Group in the format, "EX:/o=/OU=". Each folder contains messages for each user. These messages are the Free Busy information for the user. The messages are formatted as, "USER-/CN=RECIPIENTS/CN=".

Free/Busy message placement is based on the user's legacyExchangeDN attribute in AD. For example, if my legacyExchangeDN is /o=CompanyABC/ou=Paris/cn=Recipients/cn=jsguillet", my Free Busy information will be stored in the "USER-/CN=RECIPIENTS/CN=jsguillet" message in the "/EX:/o=CompanyABC/ou=Paris" folder.

You are unable to view the contents of the message, but you can delete it. Doing so will remove all Free Busy information from Exchange until it is republished using one of the methods explained above. If Free/Busy information is not available to other users, they will see black and white hash marks across your calendar and Outlook will say that Free/Busy information is not available for this user.

How to Republish Free/Busy Information
On occasion Free/Busy information may not be published correctly in Exchange. There are many reasons that this can occur. Examples include errors in Public Folder replication (if Free Busy is being replicated, another reason to not do this), network errors, and incorrect shutdown of Outlook or Windows.

So how do you republish Free/Busy information? The easiest way to do this for individual users is to have them run Outlook with the /CleanFreeBusy switch:

  • Close Outlook

  • Click Start, Run, enter "start outlook /cleanfreebusy" and click OK

  • Outlook will start, generate the Free/Busy information from the Outlook calendar and republish it to Exchange within 5 minutes. It will overwrite any existing Free/Busy message or publish a new one if it doesn't exist.

While this is easy to do for one or two users, it isn't a good solution for all users in the enterprise since it requires user intervention.

Microsoft KB article 294282 details how to use Updatefb.exe to regenerate Free/Busy information from the calendar information contained in each user's mailbox. You run this utility under the context of a user or service account that has full mailbox access to the affected users. It reads a comma delimited file containing the alias and home mailbox server of each user (i.e., alias, mailbox1) and logs in as that user using Collaboration Data Objects (CDO). It then creates a single appointment for the user for today at 11:00pm. This marks the Free/Busy information as "dirty". It then logs off the MAPI connection, causing the Free/Busy information to republish to Exchange. Note that Updatefb will be unable to open disabled user's or hidden mailboxes, so be sure to exclude them from the CSV input file.

Updatefb.exe is an unsupported utility written by Microsoft and is only available through Microsoft Product Support Services. There are two versions of the utility, Updatefb.exe is the GUI version and CPPCDO.exe is a command line version. I have used it in several environments with no issues.

What About Exchange 2007?
Exchange 2007 uses an entirely new and different way to manage Free/Busy information, so the above does not apply in a pure Exchange 2007/Outlook 2007 environment. When using Exchange 2007 with Outlook 2007 Free/Busy information will no longer come from a Public Folder, but will instead use the Microsoft Exchange 2007 Availability Service. This web service will provide a direct look at the user's Free/Busy information without the need of a client publishing any data. Outlook 2007 and Exchange 2007 can still use (and will still have) the Free/Busy public folder for backwards compatibility with older Outlook clients.

Labels: , , ,

Subscribe to my feed   StumbleUpon Toolbar

Subscribe to The EXPTA {blog} by Email

posted by Jeff @ 2:25 PM   3 Comments Links to this post

Wednesday, June 25, 2008

Outlook Calendar Delays Explained


Some customers experience performance issues when opening other user’s calendars. A delay occurs the first time they open the calendar, but subsequent access is fine. At random times the performance issue occurs again. Here’s why this happens.

When Outlook accesses another user’s calendar, Exchange applies a view which restricts the user from viewing private items. This happens regardless of whether there are any private items or not. This process is run on, and controlled by, the Exchange server. The act of applying a view to a folder creates search folders in the Exchange store. Once the search folder has been created, it is cached for later use, which makes subsequent viewings faster.

Exchange doesn’t cache all search folders forever. Doing so would cause server-side delays since the cache folders are continuously updated by Exchange.

The number of search folders (also known as views) is defined at the store level in Exchange. The default is 11 and the best practice is to set it between 5 to 20 views, per mailstore. It’s important to note that this number is global for the mailstore and views are not shared between users.

To demonstrate, suppose John is an administrative assistant and manages 10 separate calendars. The first time he accesses each calendar, there is a delay as Exchange creates the view. After the views have been built, subsequent access is fast. Now another user, Linda, opens 6 other calendars, including the first 3 calendars that John accessed. John and Linda are in the same mailstore. In this example, calendars 1-3 are cached for Linda, 4-7 are cached for John and 8-11 are cached for Linda. John will have to wait to access to access the first calendar while the view is rebuilt for him. By increasing the number of views stored on the Exchange server to 20, this will not occur (10+6=16, which is less than 20).

The number of views stored on the Exchange server is held in the msExchMaxCachedViews attribute in AD. To adjust the value, use ADSIEdit to navigate to dn: CN=Mailbox Store,CN=Storage Group,CN=InformationStore,CN=Server NAME,CN=Servers,CN=AG Name,CN=Administrative Groups,CN=Orgname,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Company,DC=com. Right-click the mailbox store to adjust on the right pane and edit the msExchMaxCachedViews attribute.

Setting the value too low will cause more frequent delays for users as the views are built more often. Setting the value too high will cause slow overall Exchange performance as more views are continously updated. It should never be set higher than 50.

Labels: , ,

Subscribe to my feed   StumbleUpon Toolbar

Subscribe to The EXPTA {blog} by Email

posted by Jeff @ 4:02 AM   0 Comments Links to this post

Thursday, May 29, 2008

Outlook Calendar Synchronization Cookbook




I carry an AT&T 8525 Windows Mobile device as my phone and PDA. It’s connected to my company’s Exchange 2007 server back in the office, but as a consultant I’m nearly always at a client site.

When I’m onsite for any length of time the client usually provides me with an email account on their network so that I can more easily communicate with teams and accept meeting invitations. The trouble for me has always been how to synchronize calendar data between the two calendars. There are lots of hard and messy ways to do this – I can forward the appointments to my WM device or type them in manually, or I can use Google calendar to do a “middle man” synchronization.

What I’ve discovered that does a really good job is a software and service called Funambol. This free service is made up of three components:

  • The Funambol client for Windows Mobile
  • The Funambol client for Windows Outlook
  • The myFunambol Portal, the hosted server that holds the synchronized data

Funambol can perform synchronization of email, contacts, calendar items, tasks, notes and briefcases. Synchronization can be one-way (from Funambol server to phone only or from phone to server only) or two-way. Since I only perform calendar synchronization this article only covers this, but the other types of synchronization can be setup the same way.

To begin, sign up for a free myFunambol account at http://my.funambol.com. This creates a personal database account for you that will hold the synchronized data. The myFunambol portal also offers a web interface where you can view and manage your synchronized data stored on the server.

Next, download the Funambol Outlook Plugin from https://www.forge.funambol.org/download and install it on the computer with Outlook that you want to sync with your mobile device. Follow the Wizard to install the plugin. I won’t list them here because Funambol updates their software regularly and the steps may change, but here are the settings I use in the version I’m currently using:

  • Account and password are the same as the myFunambol account
  • Sync Calendar; One-way: Outlook -> Server; Synchronize every 2 hours

Test the synchronization from Outlook. The plugin may warn you that it needs to perform a full sync the first time. Once the sync completes, log into the myFunambol portal to ensure that your data is there.

Now download and install the correct Funambol client for your mobile device from https://www.forge.funambol.org/download. Funambol makes one for Windows Mobile PocketPC, Windows Mobile Smartphone, Blackberry, Java based phones and even the Apple iPod.

Install the client on your device and configure it thusly:

  • Account and password are the same as the myFunambol account
  • Synchronize all items in: Calendar
  • PIM options – Sync Direction: Server to Phone only
  • Sync Method: Scheduled Sync, Sync every 2 hours

Now sync your mobile device. The device will tell you that it needs to perform a full sync the first time and begin syncing the data from the myFunambol portal.

Viola!!! Calendar synchronization made easy!

For this solution to work, your Outlook client must be running and have Internet access.



Labels: , , ,

Subscribe to my feed   StumbleUpon Toolbar

Subscribe to The EXPTA {blog} by Email

posted by Jeff @ 3:01 PM   0 Comments Links to this post

Tuesday, February 26, 2008

Top Ten Reasons to Move to Exchange 2007

Here are some key features and technologies Exchange Server 2007 provides that make a good business case for its use:
  • Fault Tolerance -- Exchange 2007 offers several forms of fault tolerance, right out of the box:

    • Local Continuous Cluster (LCR) maintains a continuously updated copy of the active mailbox database on a different LUN to provide immediate failover capability if the active database becomes corrupt. The second copy is activated manually by the administrator.

    • Cluster Continuous Replication (CCR) is a local cluster model where each node maintains its own database and replication is performed using log shipping. In the event of failure of a service, the cluster services immediately failover to the passive node and continue servicing client requests, minimizing client downtime. CCR clusters can be stretched over distance, providing a geographically dispersed clusters.

    • Standby Continuous Replication (SCR) is similar to CCR, but the failover node resides in a different geographic location. It utilizes log shipping for replication and the Hub Transport servers "fill in the blanks" for messages that may not have replicated since the time the active node went offline.


  • Disaster Recovery -- Outlook 2003 and Outlook 2007, along with the fault tolerance technologies listed above, provide a quick and easy disaster recovery strategy for nearly any outage. Outlook Exchange cached mode is another key technology to making disaster recovery as seemless as possible.


  • Mailbox Server Consolidation -- As a 64-bit messaging platform, Exchange 2007 is able to accommodate much larger mailboxes and mailstore databases than ever before. This allows you to greatly consolidate the number of mailbox servers needed to support the same number of users.


  • Exchange Edge Server -- Edge Server for Exchange is a non-domain server that acts as the SMTP gateway between the Internet and SCIF's internal network. It replaces both the current SMTP gateway and Interscan servers, saving both hardware and software costs. It provides anti-spam and anti-virus services for the organization. EdgeSync is a process that synchronizes the email addresses in AD and the user Junk Mail safe lists/block lists with the Edge server to reduce spam at the network edge.


  • Better Integration with Outlook -- Suspected spam that is not blocked by the Edge server is delivered to Outlook's built-in Junk E-mail folder. Users can choose to block or allow emails from users or domains directly from Outlook without the need for third-party software.


  • Forefront Security for Exchange -- Forefront antivirus is included with the Exchange 2007 Enterprise CAL. Forefront allows you to choose up to five different antivirus engines (from a collection of nine) that all emails are scanned against. This provides more defense in depth than previously possible.


  • Corporate Manage Folders -- Managed folders allow administrators to configure common corporate folders that will display in users' Outlook and OWA that have specific retention periods. For example, a folder named Legal may have a seven year retention policy. Any items in this folder older that 7 years will automatically be purged to maintain the company's corporate retention policy.


  • Improved Outlook Web Access -- Outlook Web Access (OWA) has been improved to provide much better performance and usability. The Private computer security setting now allows you to stay logged in for up to 24 hours. Calendaring and scheduling has been greatly improved. OWA now provides the ability to open another user's mailbox (assuming you have the appropriate rights to do so). Public Folders now open in the same OWA window. Searching for an email items takes only seconds, no matter how large the mailbox is.


  • Remote Access to Network Shares -- OWA provides the ability to "translate" UNCs to internal network shares. For example, if you click a link for //hofs01/share/CIOMeeting.ppt, OWA will fetch the document from the internal network (assuming you have rights to the document) and deliver it to you in OWA. You can also open a Windows SharePoint Services or file share by typing the address of the share to open directly in OWA.


  • WebReady Document Viewing -- WebReady Document Viewing renders common document types for you to view within OWA, even if the application is not installed on that computer. For example, if you want to view an Excel attachment from a machine that does not have Excel installed, click the "View as web page" link next to the attachment. Exchange 2007 will convert the spreadsheet to a web page for you to review.




Labels: , , , , , ,

Subscribe to my feed   StumbleUpon Toolbar

Subscribe to The EXPTA {blog} by Email

posted by Jeff @ 7:53 AM   0 Comments Links to this post

Friday, February 22, 2008

Troubleshooting Exchange 2007 9646 Errors

I client has users who have been migrated from Exchange 2003 to Exchange 2007 SP1, running on Windows Server 2003 SP2.

After a while, users are no longer able to connect via Outlook to Exchange - OWA continues to function, but Outlook (2K3 and 2K7) stops working.

This is because of a new feature in Windows 2003 SP2 that enables "Scalable Networking" - In short, it shuts down closed connections to the server, but it doesn't play well with Exchange. When Outlook connects over several MAPI sessions, the unused ones are shut down by Windows, but they aren't closed cleanly and Exchange still sees them as open sessions.

Once the user has 32 open sessions (a combination of valid and invalid ones) - Exchange cuts them off and event ID 9646 errors are seen on the mailbox server event log:
Mapi session "/O=BLATHER/OU=PACIFICA/cn=Recipients/cn=CooperH" exceeded the maximum of 32 objects of type "session".

A hotfix will be released in late March that addresses the issue, but the short term fix is to run the following command from the command line on all Exchange 2007 mailbox servers:

Netsh int ip set chimney DISABLED

The following articles discuss the technology and the issue:

Labels: , , , ,

Subscribe to my feed   StumbleUpon Toolbar

Subscribe to The EXPTA {blog} by Email

posted by Jeff @ 1:31 PM   0 Comments Links to this post

Tuesday, February 12, 2008

New File Extensions Blocked in Outlook 2003 SP3

After several months of testing, a client recently deployed Service Pack 3 for Microsoft Office 2003 to nearly 10,000 clients via WSUS. They have a scripted routine that they follow during testing of patches and updates to ensure that there are no interoperability issues, but of course, you can't test everything. I mean, how are you going to know that a certain update will prevent an HP 4200 printer from feeding from the secondary paper tray? And yes, I've actually seen that happen.


Well, shortly after deployment they start getting complaints that emails with links to Public Folders (XNK files) can't be opened on Outlook 2003. Could it be that Microsoft actually did this on purpose? After an hour or so of re-reading all the scattered documentation for Office SP3, including Information about certain file types that are blocked after you install Office 2003 Service Pack 3 and the Downloadable list of issues that the service pack fixes, I couldn't find anything that documented this change.


I opened a case with Microsoft and found that not only are XNK extenstions blocked, but several others are as well. Here's an unofficial list of the extensions blocked by Outlook 2003 SP3 (I apologize for all the blank space that Blogger inserts before this table, please scroll down):















































































































































































































































































































File ExtensionFile Type
.ade

Access Project Extension (Microsoft)

.adpAccess Project (Microsoft)
.appExecutable Application
.aspActive Server Page
.basBASIC Source Code
.batBatch Processing
.cerInternet Security Certificate File
.chmCompiled HTML Help
.cmdDOS CP/M Command File, Command File for Windows NT
.comCommand
.cplWindows Control Panel Extension (Microsoft)
.crtCertificate File
.cshcsh Script
.derDER Encoded X509 Certificate File
.exeExecutable File
.fxpFoxPro Compiled Source (Microsoft)
.gadgetWindows Vista gadget
.hlpWindows Help File
.htaHypertext Application
.infInformation or Setup File
.insIIS Internet Communications Settings (Microsoft)
.ispIIS Internet Service Provider Settings (Microsoft)
.itsInternet Document Set, Internet Translation
.jsJavaScript Source Code
.jseJScript Encoded Script File
.kshUNIX Shell Script
.lnkWindows Shortcut File
.madAccess Module Shortcut (Microsoft)
.mafAccess (Microsoft)
.magAccess Diagram Shortcut (Microsoft)
.mamAccess Macro Shortcut (Microsoft)
.maqAccess Query Shortcut (Microsoft)
.marAccess Report Shortcut (Microsoft)
.masAccess Stored Procedures (Microsoft)
.matAccess Table Shortcut (Microsoft)
.mauMedia Attachment Unit
.mavAccess View Shortcut (Microsoft)
.mawAccess Data Access Page (Microsoft)
.mdaAccess Add-in (Microsoft), MDA Access 2 Workgroup (Microsoft)
.mdbAccess Application (Microsoft), MDB Access Database (Microsoft)
.mdeAccess MDE Database File (Microsoft)
.mdtAccess Add-in Data (Microsoft)
.mdwAccess Workgroup Information (Microsoft)
.mdzAccess Wizard Template (Microsoft)
.mscMicrosoft Management Console Snap-in Control File (Microsoft)
.mshMicrosoft Shell
.msh1Microsoft Shell
.msh2Microsoft Shell
.mshxmlMicrosoft Shell
.msh1xmlMicrosoft Shell
.msh2xmlMicrosoft Shell
.msiWindows Installer File (Microsoft)
.mspWindows Installer Update
.mstWindows SDK Setup Transform Script
.opsOffice Profile Settings File
.pcdVisual Test (Microsoft)
.pifWindows Program Information File (Microsoft)
.plgDeveloper Studio Build Log
.prfWindows System File
.prgProgram File
.pstMS Exchange Address Book File, Outlook Personal Folder File (Microsoft)
.regRegistration Information/Key for W95/98, Registry Data File
.scfWindows Explorer Command
.scrWindows Screen Saver
.sctWindows Script Component, Foxpro Screen (Microsoft)
.shbWindows Shortcut into a Document
.shsShell Scrap Object File
.ps1Windows PowerShell
.ps1xmlWindows PowerShell
.ps2Windows PowerShell
.ps2xmlWindows PowerShell
.psc1Windows PowerShell