Docstoc

Troubleshooting MS Exchange 2003

Document Sample
Troubleshooting MS Exchange 2003 Powered By Docstoc
					Troubleshooting Microsoft Exchange Server 2003
®

Workbook
Workshop: 2011A

Released: 12/2003

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Workshop: 2011A Part Number: X10-27595 Released: 12/2003

END-USER LICENSE AGREEMENT FOR MICROSOFT OFFICIAL CURRICULUM (“MOC”) COURSEWARE –TRAINER EDITION PLEASE READ THIS END-USER LICENSE AGREEMENT (“EULA”) CAREFULLY. BY USING THE CONTENT AND/OR USING OR INSTALLING THE SOFTWARE THAT ACCOMPANIES THIS EULA (COLLECTIVELY, THE “LICENSED CONTENT”), YOU AGREE TO THE TERMS OF THIS EULA. IF YOU DO NOT AGREE, DO NOT USE THE LICENSED CONTENT. 1. GENERAL. This EULA is a legal agreement between you (either an individual or a single entity) and Microsoft Corporation (“Microsoft”). This EULA governs the Licensed Content, which include computer software (including online and electronic documentation), training materials, and any other associated media and printed materials. This EULA applies to updates, supplements, add-on components, and Internet-based services components of the Licensed Content that Microsoft may provide or make available to you unless Microsoft provides other terms with the update, supplement, add-on component, or Internet-based services component. Microsoft reserves the right to discontinue any Internet-based services provided to you or made available to you through the use of the Licensed Content. This EULA also governs any product support services relating to the Licensed Content except as may be included in another agreement between you and Microsoft. An amendment or addendum to this EULA may accompany the Licensed Content. The Licensed Content is comprised of, but not limited to, the following: software components, which may be specific to the trainer (the “Trainer Software”), the student software component (“Student Software”), and a manual, which includes documents (such as student workbooks, white papers, press releases, datasheets and FAQs) (the “Documents”). 2. GENERAL GRANT OF LICENSE. Microsoft grants you the following rights, conditioned on your compliance with all the terms and conditions of this EULA. Microsoft grants you a limited, non-exclusive, royalty-free license to install and use the Licensed Content solely for the purpose of providing an Authorized Training Session (as defined below). For the term of any Authorized Training Session, you may: (a) install individual copies of the Student Software on classroom devices provided that the number of copies in use does not exceed the number of duly enrolled students for any given Authorized Training Session; OR (b) you may install one copy of the Student Software and, if applicable, the virtual hard drives on a network server, provided that the number of devices accessing the Student Software and the virtual hard drives on the server does not exceed the number of students for any given Authorized Training Session. In addition, solely for the purposes of providing the Authorized Training Session, the trainer of the Authorized Training Session may install and use one copy of the Trainer Software, and, if applicable, one copy of the Virtual PC Software (as defined below) on a portable device for the exclusive use of such trainer. An “Authorized Training Session” means a training session authorized by Microsoft and conducted at a Microsoft Certified Technical Education Center, an IT Academy, via a Microsoft Certified Partner, or such other entity or venue as Microsoft may designate from time to time in writing, by a Microsoft Certified Trainer providing training solely on Microsoft official courses (for more information on these entities, please visit www.microsoft.com). WITHOUT LIMITING THE FOREGOING, COPYING OR REPRODUCTION OF THE LICENSED CONTENT TO ANY SERVER OR LOCATION FOR FURTHER REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY PROHIBITED. 3. DESCRIPTION OF OTHER RIGHTS AND LICENSE LIMITATIONS

3.1 Time-sensitive Software. The Licensed Content may contain Virtual PC Software, which is provided as time-sensitive software. The terms of this EULA supercede any other terms you may find in the Licensed Content. With respect to the Virtual PC Software, you may install and use the Virtual PC Software solely for the purpose of providing an Authorized Training Session. For the term of any Authorized Training Session, you may: (a) install individual copies of the Virtual PC Software on classroom devices provided that the number of copies in use does not exceed the number of duly enrolled students for any given Authorized Training Session; OR (b) you may install one copy of the Virtual PC Software on a network server, provided that the number of devices accessing the Virtual PC Software on the server does not exceed the number of students for any given Authorized Training Session. WITHOUT LIMITING THE FOREGOING, COPYING OR REPRODUCTION OF THE VIRTUAL PC SOFTWARE TO ANY SERVER OR LOCATION FOR FURTHER REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY PROHIBITED.

YOUR RIGHT TO USE THE VIRTUAL PC SOFTWARE SHALL BE EFFECTIVE UNTIL August 14, 2004. THE VIRTUAL PC SOFTWARE IS TIME SENSITIVE AND WILL NOT FUNCTION UPON EXPIRATION OF THIS DATE. NOTICE OF EXPIRATION WILL NOT ACTIVELY BE GIVEN, SO YOU NEED TO PLAN FOR THE EXPIRATION DATE AND MAKE A COPY OF AND REMOVE YOUR IMPORTANT DATA BEFORE EXPIRATION. If you desire to use the Virtual PC Software after this Agreement has expired, you will need to acquire a validly licensed copy of the commercial release version of the Virtual PC Software. 3.2 Use of Documentation and Printed Training Content. 3.2.1 The documents and related graphics included in the Licensed Content may include technical inaccuracies or typographical errors. Changes are periodically made to the content. Microsoft may make improvements and/or changes in any of the components of the Licensed Content at any time without notice. The names of companies, products, people, characters and/or data mentioned in the Licensed Content may be fictitious and are in no way intended to represent any real individual, company, product or event, unless otherwise noted. 3.2.2 Microsoft grants you the right to reproduce portions of the Documents provided with the Licensed Content. You may not print any book (either electronic or print version) in its entirety. If you choose to reproduce Documents, you agree that: (a) use of such printed Documents will be solely in conjunction with providing an Authorized Training Session; (b) the Documents will not republished or posted on any network computer or broadcast in any media; (c) any reproduction will include either the Document’s original copyright notice or a copyright notice to Microsoft’s benefit substantially in the format provided below; and (d) to comply with all terms and conditions of this EULA. In addition, no modifications may be made to any Document, except that trainers of an Authorized Training Session may modify the Instructor Notes and Blended Delivery Guide included in the Trainer’s Edition. Form of Notice: © 2003. Reprinted with permission by Microsoft Corporation. All rights reserved. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the US and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. 3.3 Use of Media Elements. The Licensed Content may include certain photographs, clip art, animations, sounds, music, and video clips (together "Media Elements"). You may not modify these Media Elements. 3.4 Use of PowerPoint Slide Deck Templates. The License Content may include Microsoft PowerPoint slide decks. You may use, copy and modify the PowerPoint slide decks solely in conjunction with providing an Authorized Training Session; if you elect to exercise the foregoing rights, you agree: (a) that modification of the slide decks will not constitute creation of obscene or scandalous works, as defined by federal law at the time the work is created; and (b) to comply with all other terms and conditions of this EULA, including without limitation Sections 3.7, 3.8 and 6. 3.5 Use of Trainer’s Edition Components. Solely in conjunction with providing an Authorized Training Session, you may customize portions of the Licensed Content such as labs, simulations, animations, modules, and assessment items and other components logically associated with the instruction of an Authorized Training Session. 3.6 Use of Sample Code. In the event that the Licensed Content includes sample code in source or object code format (“Sample Code”), Microsoft grants you a limited, non-exclusive, royalty-free license to use, copy and modify the Sample Code; if you elect to exercise the foregoing rights, you agree to comply with all other terms and conditions of this EULA, including without limitation Sections 3.7, 3.8, and 6.

3.7 Permitted Modifications. In the event that you exercise any rights provided under this EULA to create modifications of the Licensed Content, you agree that any such modifications: (a) will not be used for providing training where a fee is charged in public or private classes other than an Authorized Training Session; (b) indemnify, hold harmless, and defend Microsoft from and against any claims or lawsuits, including attorneys’ fees, which arise from or result from your use of any modified version of the Licensed Content; and (c) not to transfer or assign any rights to any modified version of the License Content to any third party without the express written permission of Microsoft. 3.8 Reproduction/Redistribution Licensed Content. Except as expressly provided in this EULA, you may not reproduce or distribute the Licensed Content or any portion thereof (including any permitted modifications) to any third parties without the express written permission of Microsoft. 4. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to you in this EULA. The Licensed Content is protected by copyright and other intellectual property laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the Licensed Content. You may not remove or obscure any copyright, trademark or patent notices that appear on the Licensed Content, or any components thereof, as delivered to you. The Licensed Content is licensed, not sold. 5. LIMITATIONS ON REVERSE ENGINEERING, DECOMPILATION, AND DISASSEMBLY. You may not reverse engineer, decompile, or disassemble the Software or Media Elements, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation. 6. LIMITATIONS ON SALE, RENTAL, ETC. AND CERTAIN ASSIGNMENTS. You may not provide commercial hosting services with, sell, rent, lease, lend, sublicense, or assign copies of the Licensed Content, or any portion thereof (including any permitted modifications thereof) on a stand-alone basis or as part of any collection, product or service. 7. CONSENT TO USE OF DATA. You agree that Microsoft and its affiliates may collect and use technical information gathered as part of the product support services provided to you, if any, related to the Licensed Content. Microsoft may use this information solely to improve our products or to provide customized services or technologies to you and will not disclose this information in a form that personally identifies you. 8. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for the contents of any third party sites, any links contained in third party sites, or any changes or updates to third party sites. Microsoft is not responsible for webcasting or any other form of transmission received from any third party sites. Microsoft is providing these links to third party sites to you only as a convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party site. 9. ADDITIONAL LICENSED CONTENT/SERVICES. This EULA applies to updates, supplements, add-on components, or Internet-based services components, of the Licensed Content that Microsoft may provide to you or make available to you after the date you obtain your initial copy of the Licensed Content, unless we provide other terms along with the update, supplement, add-on component, or Internet-based services component. Microsoft reserves the right to discontinue any Internet-based services provided to you or made available to you through the use of the Licensed Content. 10. U.S. GOVERNMENT LICENSE RIGHTS. All Software provided to the U.S. Government pursuant to solicitations issued on or after December 1, 1995 is provided with the commercial license rights and restrictions described elsewhere herein. All software provided to the U.S. Government pursuant to solicitations issued prior to December 1, 1995 is provided with “Restricted Rights” as provided for in FAR, 48 CFR 52.227-14 (JUNE 1987) or DFAR, 48 CFR 252.227-7013 (OCT 1988), as applicable. 11. EXPORT RESTRICTIONS. You acknowledge that the Licensed Content is subject to U.S. export jurisdiction. You agree to comply with all applicable international and national laws that apply to the Licensed Content, including the U.S. Export Administration Regulations, as well as end-user, end-use, and destination restrictions issued by U.S. and other governments. For additional information see <http://www.microsoft.com/exporting/>.

12. TRANSFER. The initial user of the Licensed Content may make a one-time permanent transfer of this EULA and Licensed Content to another end user, provided the initial user retains no copies of the Licensed Content. The transfer may not be an indirect transfer, such as a consignment. Prior to the transfer, the end user receiving the Licensed Content must agree to all the EULA terms. 13. “NOT FOR RESALE” LICENSED CONTENT. Licensed Content identified as “Not For Resale” or “NFR,” may not be sold or otherwise transferred for value, or used for any purpose other than demonstration, test or evaluation. 14. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this EULA if you fail to comply with the terms and conditions of this EULA. In such event, you must destroy all copies of the Licensed Content and all of its component parts. 15. DISCLAIMER OF WARRANTIES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND ITS SUPPLIERS PROVIDE THE LICENSED MATERIAL AND SUPPORT SERVICES (IF ANY) AS IS AND WITH ALL FAULTS, AND MICROSOFT AND ITS SUPPLIERS HEREBY DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY (IF ANY) IMPLIED WARRANTIES, DUTIES OR CONDITIONS OF MERCHANTABILITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF RELIABILITY OR AVAILABILITY, OF ACCURACY OR COMPLETENESS OF RESPONSES, OF RESULTS, OF WORKMANLIKE EFFORT, OF LACK OF VIRUSES, AND OF LACK OF NEGLIGENCE, ALL WITH REGARD TO THE LICENSED CONTENT, AND THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES, INFORMATION, SOFTWARE, AND RELATED CONTENT THROUGH THE LICENSED CONTENT, OR OTHERWISE ARISING OUT OF THE USE OF THE LICENSED CONTENT. ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THE LICENSED CONTENT. THE ENTIRE RISK AS TO THE QUALITY, OR ARISING OUT OF THE USE OR PERFORMANCE OF THE LICENSED CONTENT, AND ANY SUPPORT SERVICES, REMAINS WITH YOU. 16. EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS INTERRUPTION, FOR PERSONAL INJURY, FOR LOSS OF PRIVACY, FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE LICENSED CONTENT, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES, INFORMATION, SOFTWARE, AND RELATED CONTENT THROUGH THE LICENSED CONTENT, OR OTHERWISE ARISING OUT OF THE USE OF THE LICENSED CONTENT, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS EULA, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), MISREPRESENTATION, STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY OF MICROSOFT OR ANY SUPPLIER, AND EVEN IF MICROSOFT OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. 17. LIMITATION OF LIABILITY AND REMEDIES. NOTWITHSTANDING ANY DAMAGES THAT YOU MIGHT INCUR FOR ANY REASON WHATSOEVER (INCLUDING, WITHOUT LIMITATION, ALL DAMAGES REFERENCED HEREIN AND ALL DIRECT OR GENERAL DAMAGES IN CONTRACT OR ANYTHING ELSE), THE ENTIRE LIABILITY OF MICROSOFT AND ANY OF ITS SUPPLIERS UNDER ANY PROVISION OF THIS EULA AND YOUR EXCLUSIVE REMEDY HEREUNDER SHALL BE LIMITED TO THE GREATER OF THE ACTUAL DAMAGES YOU INCUR IN REASONABLE RELIANCE ON THE LICENSED CONTENT UP TO THE AMOUNT ACTUALLY PAID BY YOU FOR THE LICENSED CONTENT OR US$5.00. THE FOREGOING LIMITATIONS,

EXCLUSIONS AND DISCLAIMERS SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EVEN IF ANY REMEDY FAILS ITS ESSENTIAL PURPOSE. 18. APPLICABLE LAW. If you acquired this Licensed Content in the United States, this EULA is governed by the laws of the State of Washington. If you acquired this Licensed Content in Canada, unless expressly prohibited by local law, this EULA is governed by the laws in force in the Province of Ontario, Canada; and, in respect of any dispute which may arise hereunder, you consent to the jurisdiction of the federal and provincial courts sitting in Toronto, Ontario. If you acquired this Licensed Content in the European Union, Iceland, Norway, or Switzerland, then local law applies. If you acquired this Licensed Content in any other country, then local law may apply. 19. ENTIRE AGREEMENT; SEVERABILITY. This EULA (including any addendum or amendment to this EULA which is included with the Licensed Content) are the entire agreement between you and Microsoft relating to the Licensed Content and the support services (if any) and they supersede all prior or contemporaneous oral or written communications, proposals and representations with respect to the Licensed Content or any other subject matter covered by this EULA. To the extent the terms of any Microsoft policies or programs for support services conflict with the terms of this EULA, the terms of this EULA shall control. If any provision of this EULA is held to be void, invalid, unenforceable or illegal, the other provisions shall continue in full force and effect. Should you have any questions concerning this EULA, or if you desire to contact Microsoft for any reason, please use the address information enclosed in this Licensed Content to contact the Microsoft subsidiary serving your country or visit Microsoft on the World Wide Web at http://www.microsoft.com. Si vous avez acquis votre Contenu Sous Licence Microsoft au CANADA : DÉNI DE GARANTIES. Dans la mesure maximale permise par les lois applicables, le Contenu Sous Licence et les services de soutien technique (le cas échéant) sont fournis TELS QUELS ET AVEC TOUS LES DÉFAUTS par Microsoft et ses fournisseurs, lesquels par les présentes dénient toutes autres garanties et conditions expresses, implicites ou en vertu de la loi, notamment, mais sans limitation, (le cas échéant) les garanties, devoirs ou conditions implicites de qualité marchande, d’adaptation à une fin usage particulière, de fiabilité ou de disponibilité, d’exactitude ou d’exhaustivité des réponses, des résultats, des efforts déployés selon les règles de l’art, d’absence de virus et d’absence de négligence, le tout à l’égard du Contenu Sous Licence et de la prestation des services de soutien technique ou de l’omission de la ’une telle prestation des services de soutien technique ou à l’égard de la fourniture ou de l’omission de la fourniture de tous autres services, renseignements, Contenus Sous Licence, et contenu qui s’y rapporte grâce au Contenu Sous Licence ou provenant autrement de l’utilisation du Contenu Sous Licence. PAR AILLEURS, IL N’Y A AUCUNE GARANTIE OU CONDITION QUANT AU TITRE DE PROPRIÉTÉ, À LA JOUISSANCE OU LA POSSESSION PAISIBLE, À LA CONCORDANCE À UNE DESCRIPTION NI QUANT À UNE ABSENCE DE CONTREFAÇON CONCERNANT LE CONTENU SOUS LICENCE. EXCLUSION DES DOMMAGES ACCESSOIRES, INDIRECTS ET DE CERTAINS AUTRES DOMMAGES. DANS LA MESURE MAXIMALE PERMISE PAR LES LOIS APPLICABLES, EN AUCUN CAS MICROSOFT OU SES FOURNISSEURS NE SERONT RESPONSABLES DES DOMMAGES SPÉCIAUX, CONSÉCUTIFS, ACCESSOIRES OU INDIRECTS DE QUELQUE NATURE QUE CE SOIT (NOTAMMENT, LES DOMMAGES À L’ÉGARD DU MANQUE À GAGNER OU DE LA DIVULGATION DE RENSEIGNEMENTS CONFIDENTIELS OU AUTRES, DE LA PERTE D’EXPLOITATION, DE BLESSURES CORPORELLES, DE LA VIOLATION DE LA VIE PRIVÉE, DE L’OMISSION DE REMPLIR TOUT DEVOIR, Y COMPRIS D’AGIR DE BONNE FOI OU D’EXERCER UN SOIN RAISONNABLE, DE LA NÉGLIGENCE ET DE TOUTE AUTRE PERTE PÉCUNIAIRE OU AUTRE PERTE DE QUELQUE NATURE QUE CE SOIT) SE RAPPORTANT DE QUELQUE MANIÈRE QUE CE SOIT À L’UTILISATION DU CONTENU SOUS LICENCE OU À L’INCAPACITÉ DE S’EN SERVIR, À LA PRESTATION OU À L’OMISSION DE LA ’UNE TELLE PRESTATION DE SERVICES DE SOUTIEN TECHNIQUE OU À LA FOURNITURE OU À L’OMISSION DE LA FOURNITURE DE TOUS AUTRES SERVICES, RENSEIGNEMENTS, CONTENUS SOUS LICENCE, ET CONTENU QUI S’Y RAPPORTE GRÂCE AU CONTENU SOUS LICENCE OU PROVENANT AUTREMENT DE L’UTILISATION DU CONTENU SOUS LICENCE OU AUTREMENT AUX TERMES DE TOUTE

DISPOSITION DE LA U PRÉSENTE CONVENTION EULA OU RELATIVEMENT À UNE TELLE DISPOSITION, MÊME EN CAS DE FAUTE, DE DÉLIT CIVIL (Y COMPRIS LA NÉGLIGENCE), DE RESPONSABILITÉ STRICTE, DE VIOLATION DE CONTRAT OU DE VIOLATION DE GARANTIE DE MICROSOFT OU DE TOUT FOURNISSEUR ET MÊME SI MICROSOFT OU TOUT FOURNISSEUR A ÉTÉ AVISÉ DE LA POSSIBILITÉ DE TELS DOMMAGES. LIMITATION DE RESPONSABILITÉ ET RECOURS. MALGRÉ LES DOMMAGES QUE VOUS PUISSIEZ SUBIR POUR QUELQUE MOTIF QUE CE SOIT (NOTAMMENT, MAIS SANS LIMITATION, TOUS LES DOMMAGES SUSMENTIONNÉS ET TOUS LES DOMMAGES DIRECTS OU GÉNÉRAUX OU AUTRES), LA SEULE RESPONSABILITÉ ’OBLIGATION INTÉGRALE DE MICROSOFT ET DE L’UN OU L’AUTRE DE SES FOURNISSEURS AUX TERMES DE TOUTE DISPOSITION DEU LA PRÉSENTE CONVENTION EULA ET VOTRE RECOURS EXCLUSIF À L’ÉGARD DE TOUT CE QUI PRÉCÈDE SE LIMITE AU PLUS ÉLEVÉ ENTRE LES MONTANTS SUIVANTS : LE MONTANT QUE VOUS AVEZ RÉELLEMENT PAYÉ POUR LE CONTENU SOUS LICENCE OU 5,00 $US. LES LIMITES, EXCLUSIONS ET DÉNIS QUI PRÉCÈDENT (Y COMPRIS LES CLAUSES CI-DESSUS), S’APPLIQUENT DANS LA MESURE MAXIMALE PERMISE PAR LES LOIS APPLICABLES, MÊME SI TOUT RECOURS N’ATTEINT PAS SON BUT ESSENTIEL. À moins que cela ne soit prohibé par le droit local applicable, la présente Convention est régie par les lois de la province d’Ontario, Canada. Vous consentez Chacune des parties à la présente reconnaît irrévocablement à la compétence des tribunaux fédéraux et provinciaux siégeant à Toronto, dans de la province d’Ontario et consent à instituer tout litige qui pourrait découler de la présente auprès des tribunaux situés dans le district judiciaire de York, province d’Ontario. Au cas où vous auriez des questions concernant cette licence ou que vous désiriez vous mettre en rapport avec Microsoft pour quelque raison que ce soit, veuillez utiliser l’information contenue dans le Contenu Sous Licence pour contacter la filiale de succursale Microsoft desservant votre pays, dont l’adresse est fournie dans ce produit, ou visitez écrivez à : Microsoft sur le World Wide Web à http://www.microsoft.com

Troubleshooting Microsoft® Exchange Server 2003

ix

Contents
Introduction
What Is a Workshop? ..............................................................................................2 Workshop Materials ................................................................................................3 Prerequisites ............................................................................................................4 Workshop Outline ...................................................................................................5 Demonstration: Using Virtual PC............................................................................7 Setup........................................................................................................................8 Microsoft Certified Professional Program.............................................................10 Facilities ................................................................................................................13

Unit 1: Introduction to Troubleshooting Exchange Server 2003
Overview .................................................................................................................1 Understanding Exchange Server 2003.....................................................................2 Troubleshooting Methodology ................................................................................4 Preparing to Troubleshoot Exchange Server 2003 ..................................................6 Pre-Lab Discussion..................................................................................................8 Lab: Exploring the Troubleshooting Environment..................................................9 Lab Discussion ......................................................................................................18

Unit 2: Troubleshooting Network Connectivity
Overview .................................................................................................................1 Tools for Troubleshooting Network Connectivity...................................................2 Common Network Connectivity Problems..............................................................3 Pre-Lab Discussion..................................................................................................4 Lab: Troubleshooting Connectivity Problems.........................................................5 Lab Discussion ......................................................................................................15

Unit 3: Troubleshooting Public Folders and Mailboxes
Overview .................................................................................................................1 Troubleshooting Client Connectivity to Mailboxes and Public Folders..................2 Troubleshooting Mailbox and Public Folder Properties..........................................5 Troubleshooting Single Server Message Flow ........................................................8 Troubleshooting the Recipient Update Service .....................................................10 Pre-Lab Discussion................................................................................................12 Lab: Troubleshooting Public Folder and Mailbox Problems.................................13 Lab Discussion ......................................................................................................26

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
Overview .................................................................................................................1 Troubleshooting Outlook Web Access....................................................................2 Troubleshooting Outlook Web Access in a Front-End and Back-End Server Topology..................................................................................................................5 Troubleshooting Outlook Mobile Access................................................................7 Pre-Lab Discussion..................................................................................................9 Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems ................................................................................................................10 Lab Discussion ......................................................................................................22

x

Troubleshooting Microsoft® Exchange Server 2003

Unit 5: Troubleshooting Client Connectivity
Overview .................................................................................................................1 Messaging Clients Used to Access Exchange Server 2003 .....................................2 How Messaging Clients Connect to Exchange Server 2003....................................5 Additional Services Required for Connecting to Exchange Server 2003 ...............7 Pre-Lab Discussion..................................................................................................9 Lab: Troubleshooting Client Connectivity Problems ............................................10 Lab Discussion ......................................................................................................20

Unit 6: Troubleshooting Server Connectivity
Overview .................................................................................................................1 Troubleshooting Intra-Routing Group Connectivity ...............................................2 Troubleshooting Routing Group Connectivity ........................................................5 Troubleshooting Connectivity to Other E-Mail Systems.........................................8 Troubleshooting Connectivity to the Internet........................................................11 Pre-Lab Discussion................................................................................................14 Lab: Troubleshooting Server Connectivity Problems............................................15 Lab Discussion ......................................................................................................26

Unit 7: Troubleshooting Server Performance
Overview .................................................................................................................1 System Components That Cause Server-Related Problems ....................................2 Common Server-Related Problems .........................................................................5 Pre-Lab Discussion..................................................................................................7 Lab: Troubleshooting Server Performance..............................................................8 Lab Discussion ......................................................................................................18

Unit 8: Troubleshooting Security Issues
Overview .................................................................................................................1 PKI Requirements for Secure E-Mail......................................................................2 Troubleshooting S/MIME E-Mail Issues.................................................................5 Troubleshooting SSL Issues ....................................................................................8 Pre-Lab Discussion................................................................................................11 Lab: Troubleshooting Exchange Security..............................................................12 Lab Discussion ......................................................................................................23 Workshop Evaluation ............................................................................................24

Unit 9: Troubleshooting the Migration to Exchange 2003
Overview .................................................................................................................1 Standard Migration Overview .................................................................................2 External Migration Overview .................................................................................5 Troubleshooting Migration Issues ...........................................................................7 Pre-Lab Discussion................................................................................................11 Lab: Troubleshooting the Migration to Exchange 2003 ........................................12 Lab Discussion ......................................................................................................24

Troubleshooting Microsoft® Exchange Server 2003

xi

Unit 10: Troubleshooting an Exchange Server 2003 Organization
Overview .................................................................................................................1 Approach to Exchange Server 2003 Troubleshooting.............................................2 Challenge Information – Company Background .....................................................5 Challenge Information – Service Request Log........................................................6 Challenge Information – Change Management Log................................................9 Challenge...............................................................................................................11 Workshop Evaluation ............................................................................................13

Appendix A: Lab Guidance
Unit 1: Introduction to Troubleshooting Exchange Server 2003............................1 Unit 2: Troubleshooting Network Connectivity ......................................................2 Unit 3: Troubleshooting Public Folders and Mailboxes..........................................4 Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access ..........6 Unit 5: Troubleshooting Client Connectivity ..........................................................8 Unit 6: Troubleshooting Server Connectivity........................................................10 Unit 7: Troubleshooting Server Performance........................................................12 Unit 8: Troubleshooting Security Issues................................................................14 Unit 9: Troubleshooting the Migration to Exchange 2003 ....................................16 Unit 10: Troubleshooting an Exchange Server 2003 Organization .......................18

Troubleshooting Microsoft® Exchange Server 2003

xiii

About This Workshop
This section provides a brief description of this course and its audience, suggested prerequisites, and objectives. Description This product is designed as a three-day instructor-led workshop. The workshop will focus exclusively on the troubleshooting skills/objectives that align with Exam 70-284: Implementing and Managing Microsoft Exchange Server 2003. As per the product specification developed by the Business and Product Strategy team, at least 75% of the workshop will consist of lab-based, hands-on experience. The labs will be a series of problem-centered scenarios that require students to use troubleshooting flow charts to identify and resolve problems. This workshop is targeted at Systems Engineers already skilled in Exchange Server 2003 support tasks. Students should have a 300 skill level as an Exchange administrator and one or more years of messaging and network experience supporting Exchange Server 2003. The workshop format is also intended for students who learn best by doing. This workshop is not appropriate for Messaging Administrators with fewer than six months of experience, or for people who do not learn well through selfdiscovery. Given the problem-solving and troubleshooting-based approach of this workshop, students must have solid knowledge of how Exchange functions. Student prerequisites This workshop requires that students meet the following prerequisites:
!

Audience

Complete Course 2400, Implementing and Managing Exchange Server 2003  or  Complete Workshop 2009, Upgrading Your Skills from Exchange Server 5.5 to Exchange Server 2003 One or more years of messaging and network experience supporting Exchange Server 2003

!

!

xiv

Troubleshooting Microsoft® Exchange Server 2003

Workshop objectives

After completing this workshop, students will be able to:
!

Apply knowledge of a troubleshooting methodology to identify and resolve a problem. Identify and resolve network connectivity problems and problems arising from host resolution protocols. Identify and resolve problems with public folders and mailboxes. Identify and resolve front-end server and back-end server issues that cause problems with Microsoft Outlook® Web Access (OWA). Identify and resolve problems with Internet protocol virtual servers such as Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP), and Post Office Protocol (POP). Identify and resolve connectivity problems between servers running Exchange Server 2003, connectivity problems between Exchange Server 2003 and other messaging systems, and problems with relay configurations. Identify and resolve problems with bandwidth, services, database corruption, service failures, disk space, and other server performance issues. Identify and resolve encryption and digital signature issues and problems caused by viruses. Identify and resolve problems related to migrating from Exchange 5.5 to Exchange 2003. Apply knowledge of troubleshooting methodology to create a troubleshooting strategy and identify the appropriate tools, processes, and procedures for each step of the strategy.

!

! !

!

!

!

!

!

!

Troubleshooting Microsoft® Exchange Server 2003

xv

Workshop Timing
The following schedule is an estimate of the workshop timing. Timing may vary.

Day 1
Start 9:00 9:30 9:45 10:45 11:00 11:15 12:00 1:00 2:30 2:45 3:00 4:15 End 9:30 9:45 10:45 11:00 11:15 12:00 1:00 2:30 2:45 3:00 4:15 4:30 Unit Introduction Unit 1: Introduction to Troubleshooting Exchange Server 2003 Lab: Exploring the Troubleshooting Environment Break Unit 2: Troubleshooting Network Connectivity Lab: Troubleshooting Connectivity Problems Lunch Lab: Troubleshooting Connectivity Problems (continued) Break Unit 3: Troubleshooting Public Folders and Mailboxes Lab: Troubleshooting Public Folder and Mailbox Problems Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Day 2
Start 8:30 9:00 10:00 10:15 11:45 12:45 1:00 2:00 2:15 3:15 3:30 End 9:00 10:00 10:15 11:45 12:45 1:00 2:00 2:15 3:15 3:30 5:00 Unit Day 1 review Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems Break Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems (continued) Lunch Unit 5: Troubleshooting Client Connectivity Lab: Troubleshooting Client Connectivity Problems Break Lab: Troubleshooting Client Connectivity Problems (continued) Unit 6: Troubleshooting Server Connectivity Lab: Troubleshooting Server Connectivity Problems

xvi

Troubleshooting Microsoft® Exchange Server 2003

Day 3
Start 8:30 9:00 9:15 10:15 10:30 10:45 12:00 1:00 1:45 2:00 2:15 3:45 End 9:00 9:15 10:15 10:30 10:45 12:00 1:00 1:45 2:00 2:15 3:45 4:30 Unit Day 2 review Unit 7: Troubleshooting Server Performance Lab: Troubleshooting Server Performance Break Unit 8: Troubleshooting Security Issues Lab: Troubleshooting Exchange Security Lunch Lab: Troubleshooting Security Issue Problems (continued) Unit 9 : Troubleshooting the Migration to Exchange 2003 Break Lab: Troubleshooting the Migration to Exchange 2003 Unit 10: Troubleshooting an Exchange Server 2003 Organization

Troubleshooting Microsoft® Exchange Server 2003

xvii

Trainer Materials Compact Disc Contents
The Trainer Materials compact disc contains the following files and folders:
!

Autorun.exe. When the compact disc is inserted into the CD-ROM drive, or when the user double-clicks the Autorun.exe file, this file starts the disc and allows the user to browse the contents. Autorun.inf. When the compact disc is inserted into the CD-ROM drive, this file opens Autorun.exe. Default.htm. This file opens the Trainer Materials Web page. Readme.txt. This file explains how to install the software for viewing the compact disc and its contents and how to open the Trainer Materials Web page. 2011A_In.doc. This file contains the Instructor Notes for this workshop, which are provided to assist the instructor in delivering this workshop. 2011A_ms.doc. This file is the Manual Classroom Setup Guide. It contains the steps for manually setting up the classroom computers. Powerpnt. This folder contains the Microsoft PowerPoint® slides that are used in this course. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this workshop. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

!

! !

!

!

!

!

Pptview. This folder contains the Microsoft PowerPoint Viewer 97, which can be used to display the PowerPoint slides if Microsoft PowerPoint 2002 is not available. Do not use this version in the classroom. Setup. This folder contains the files that install the course and related software on classroom computers. Student. This folder contains the Web page that provides students with links to resources pertaining to this course, including additional reading, review and lab answers, lab files, multimedia presentations, and course-related Web sites. Tprep. This file contains the Trainer Preparation Presentation for this course. Review these materials before teaching this course. Webfiles. This folder contains the files that are required to view the course Web page. To open the Web page, open Windows Explorer, and in the root directory of the compact disc, double-click Default.htm or Autorun.exe.

!

!

!

!

xviii

Troubleshooting Microsoft® Exchange Server 2003

Student Materials Compact Disc Contents
The Student Materials compact disc contains the following files and folders:
!

Autorun.exe. When the compact disc is inserted into the CD-ROM drive, or when the user double-clicks the Autorun.exe file, this file starts the disc and allows the user to browse the contents. Autorun.inf. When the compact disc is inserted into the CD-ROM drive, this file opens Autorun.exe. Default.htm. This file opens the Student Materials Web page, which provides students with resources pertaining to this course, including additional reading, review and lab answers, lab files, multimedia presentations, and course-related Web sites. Readme.txt. This file explains how to install the software for viewing the compact disc and its contents and how to open the Student Materials Web page. Addread. This folder contains additional reading pertaining to this course. Appendix. This folder contains appendix files for this course. Flash. This folder contains the installer for the Macromedia Flash 5.0 browser plug-in. Fonts. This folder contains fonts that may be required to view the Microsoft Word documents that are included with this course. Labfiles. This folder contains files that are used in the hands-on labs. These files may be used to prepare the student computers for the labs. Media. This folder contains files that are used in multimedia presentations for this course. Mplayer. This folder contains the setup file to install Microsoft Windows Media® Player. Toolkit. This folder contains the files that are required to view the Resource Toolkit. Visioview. This folder contains the Microsoft Visio Viewer that is used to view any Visio document (.vsd) files that are included on the compact disc. Webfiles. This folder contains the files that are required to view the course Web page. To open the Web page, open Windows Explorer, and in the root directory of the compact disc, double-click Default.htm or Autorun.exe. Wordview. This folder contains the Word Viewer that is used to view any Word document (.doc) files that are included on the compact disc.

!

!

!

! ! !

!

!

!

!

!

!

!

!

Troubleshooting Microsoft® Exchange Server 2003

xix

Document Conventions
The following conventions are used in course materials to distinguish elements of the text.
Convention Bold Use Represents commands, command options, and syntax that must be typed exactly as shown. It also indicates commands on menus and buttons, dialog box titles and options, and icon and menu names. In syntax statements or descriptive text, indicates argument names or placeholders for variable information. Italic is also used for introducing new terms, for book titles, and for emphasis in the text. Indicate domain names, user names, computer names, directory names, and folder and file names, except when specifically referring to case-sensitive names. Unless otherwise indicated, you can use lowercase letters when you type a directory name or file name in a dialog box or at a command prompt. Indicate the names of keys, key sequences, and key combinations — for example, ALT+SPACEBAR. Represents code samples or examples of screen text. In syntax statements, enclose optional items. For example, [filename] in command syntax indicates that you can choose to type a file name with the command. Type only the information within the brackets, not the brackets themselves. In syntax statements, enclose required items. Type only the information within the braces, not the braces themselves. In syntax statements, separates an either/or choice. Indicates a procedure with sequential steps. In syntax statements, specifies that the preceding item may be repeated. Represents an omitted portion of a code sample.

Italic

Title Capitals

ALL CAPITALS monospace

[]

{} |

!

... . . .

THIS PAGE INTENTIONALLY LEFT BLANK

Introduction

Contents
Introduction What Is a Workshop? Workshop Materials Prerequisites Workshop Outline Demonstration: Using Virtual PC Setup Microsoft Certified Professional Program Facilities 1 2 3 4 5 7 8 10 13

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Introduction

1

Introduction

*****************************ILLEGAL FOR NON-TRAINER USE******************************

2

Introduction

What Is a Workshop?

*****************************ILLEGAL FOR NON-TRAINER USE****************************** The workshop is a fast-paced learning format that favors labs over lecture. In a workshop, lecture time is kept to a minimum to give students the opportunity to focus on hands-on, scenario-based labs. The workshop format enables students to reinforce learning by doing and by problem solving. Because lecture will focus only on the important or most difficult elements of a given topic, labs include Toolkit resources that contain information like procedures, demonstrations, job aids, and other materials designed to give you the information you need to complete a lab. Your instructor is also a valuable resource, and can answer questions you may have as you complete the lab. Your instructor will also lead discussions after the lab and review best practices.

Introduction

3

Workshop Materials

*****************************ILLEGAL FOR NON-TRAINER USE****************************** The following materials are included with your kit:
! !

Name card. Write your name on both sides of the name card. Student workbook. The student workbook contains the material covered in class, in addition to the hands-on lab exercises. Resource Toolkit. The Resource Toolkit is an online interface that contains resources you will use in the scenario-based labs in this workshop. It includes video presentations, lab scenario information, and Toolkit resources—such as procedures and annotated screenshots—that will help you complete the labs. Student Materials compact disc. The Student Materials compact disc contains a Student Materials Web page that provides you with links to resources pertaining to this workshop, including additional readings, lab files, multimedia presentations, and workshop-related Web sites. Note To open the Student Materials Web page, insert the Student Materials compact disc into the CD-ROM drive, and then in the root directory of the compact disc, double-click Autorun.exe or Default.htm.

!

!

!

Workshop evaluation. The evaluation gives you the opportunity to complete an online evaluation near the end of the workshop to provide feedback on the workshop, training facility, and instructor. To provide additional comments or feedback on the workshop, send e-mail to support@mscourseware.com. To inquire about the Microsoft® Certified Professional (MPC) program, send e-mail to mcphelp@microsoft.com.

!

Evaluation software. An evaluation copy of Microsoft Exchange Server 2003 is provided for your personal use only.

4

Introduction

Prerequisites

*****************************ILLEGAL FOR NON-TRAINER USE****************************** This workshop requires that students meet the following prerequisites:
!

Complete Course 2400, Implementing and Managing Exchange Server 2003  or  Complete Course 2009, Upgrading Your Skills from Exchange Server 5.5 to Exchange Server 2003 One or more years of messaging and network experience supporting Microsoft Exchange Server 2003

!

!

Introduction

5

Workshop Outline

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Unit 1, “Introduction to Troubleshooting Exchange Server 2003,” provides an overview of Exchange Server 2003, and introduces the troubleshooting methodology and tools that will be used in the labs for this workshop. Unit 2, “Troubleshooting Network Connectivity,” identifies underlying network connectivity issues when messaging clients cannot access Exchange Server 2003. Unit 3, “Troubleshooting Public Folders and Mailboxes,” uses the architecture of public folders and mailboxes to identify underlying issues when a client does not receive e-mail messages in an Exchange Server 2003 environment. Unit 4, “Troubleshooting Outlook Web Access and Outlook Mobile Access,” describes Outlook Web Access (OWA), and Outlook Mobile Access (OMA), and identifies the issues with front-end and back-end servers that can prevent users from accessing OWA. Unit 5, “Troubleshooting Client Connectivity,” describes the client applications that can connect to an Exchange server and the protocols that these client applications use. In this context, this unit identifies the underlying issues that can prevent client connectivity. Unit 6, “Troubleshooting Server Connectivity,” discusses common connectivity issues between different Exchange servers. Students will learn about common issues related to connectivity between Exchange sites, connectivity between an Exchange site and a third-party messaging system, and connectivity between an Exchange site and the Internet. Unit 7, “Troubleshooting Server Performance,” describes common system problems that affect the performance of computers running Exchange Server 2003.

6

Introduction

Unit 8, “Troubleshooting Security Issues,” discusses security issues and potential vulnerabilities caused by improperly configured Exchange organizations. The unit also introduces students to Secure/Multipurpose Internet Mail Extensions (S/MIME) and describes how it signs and seals messages. Unit 9, “Troubleshooting the Migration to Exchange 2003,” discusses problems that can result during the migration from Exchange 5.5 to Exchange 2003. The unit describes the different types of migration and provides an overview of the migration process. The unit also describes common migration issues, such as the inability to successfully run ForestPrep and DomainPrep, and issues related to using the Microsoft Active Directory® Migration Tool. Unit 10, “Troubleshooting an Exchange Server 2003 Organization,” provides a review of methodology used to troubleshoot Exchange Server 2003. The unit also discusses high-level troubleshooting guidelines. The unit concludes with an instructor-facilitated, paper-based “challenge lab,” in which students will work together to resolve Exchange-related issues in a case study-type format.

Introduction

7

Demonstration: Using Virtual PC

*****************************ILLEGAL FOR NON-TRAINER USE****************************** In this demonstration, your instructor will help you familiarize yourself with the Virtual PC environment that you will work in to complete the practices in this workshop. You will learn:
! ! ! ! !

How to open Connectix Virtual PC. How to start Virtual PC. How to log on to Virtual PC. How to switch between full screen and window mode. How to tell the difference between the virtual computers that are used in the practices for this course. How the virtual computers can communicate with each other and with the host, but that they cannot communicate with other computers that are outside of the virtual environment (for example, no Internet access is available from the virtual environment). How to close Virtual PC. Note While working in the Virtual PC environment, you may find it useful to use keyboard shortcuts. All Virtual PC shortcuts include a key that is referred to as the HOST key. By default, the HOST key is the ALT key on the right side of your keyboard. Some useful shortcuts include HOST+DELETE to log on to Virtual PC, HOST+ENTER to switch between full screen mode and window mode, and HOST+RIGHT ARROW to display the next virtual computer. For more information about Virtual PC, see Virtual PC Help.

!

!

8

Introduction

Setup

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Virtual computers The practices for this workshop are performed on virtual computers. You have access to four virtual computers that will be used in various combinations throughout this workshop:
!

London is the domain controller for your Microsoft Windows Server™ 2003 domain in the Northwind Traders forest. It is running Exchange Server 2003 and is the primary virtual computer that you will use in this workshop. All practices in this workshop require that London be available. Miami is a Windows Server 2003 member server in the same domain as London. It is running Exchange 2003 and is used to provide server-to-server troubleshooting opportunities in this workshop. Acapulco is a Microsoft Windows® XP computer in the same domain as London. It is running Microsoft Office 2003 and is used for the client activities in several units throughout this workshop. Vancouver is a Microsoft Windows NT® 4.0 primary domain controller that is not part of the Northwind Traders forest. It is running Windows NT 4.0 Service Pack 6, Exchange 5.5 with Service Pack 6, and Microsoft Office 2000. This virtual computer is used for migration troubleshooting and to simulate an Internet connection in this workshop.

!

!

!

Course files

Practice files associated with the labs in this workshop are located in the folder C:\Moc\2011\Labfiles\LabXX on the London virtual computer.

Introduction

9

Classroom setup

The virtual environment on each computer in the classroom is configured in the single-domain model, as shown in the following graphic. Vancouver is in a separate domain with no trust relationships established to NWTraders.

The virtual computers on your host computer can communicate with each other and with your host computer. They are unable to communicate with any other computer in the classroom, although your host computer may have network connectivity to other classroom computers and the Internet.

10

Introduction

Microsoft Certified Professional Program

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Microsoft Training and Certification offers a variety of certification credentials for developers and IT professionals. The Microsoft Certified Professional (MCP) program is the leading certification program for validating your experience and skills, keeping you competitive in the changing business environment of today. This workshop helps students to prepare for Exam 70-284: Implementing and Managing Microsoft Exchange Server 2003. Exam 70-284 is an elective exam for the MCSE certification. The Microsoft Certified Professional program includes the following certifications:
!

Related certification exams MCP certifications

MCSA on Microsoft Windows Server 2003 The Microsoft Certified Systems Administrator (MCSA) certification is designed for professionals who implement, manage, and troubleshoot existing network and system environments based on Microsoft Windows 2000 platforms, including the Windows Server 2003 family. Implementation responsibilities include installing and configuring parts of the systems. Management responsibilities include administering and supporting the systems.

!

MCSE on Microsoft Windows Server 2003 The Microsoft Certified Systems Engineer (MCSE) credential is the premier certification for professionals who analyze the business requirements and design and implement the infrastructure for business solutions based on the Microsoft Windows 2000 platform and Microsoft server software, including the Windows Server 2003 family. Implementation responsibilities include installing, configuring, and troubleshooting network systems.

Introduction
!

11

MCAD The Microsoft Certified Application Developer (MCAD) for Microsoft .NET credential is appropriate for professionals who use Microsoft technologies to develop and maintain department-level applications, components, Web or desktop clients, or back-end data services, or who work in teams developing enterprise applications. The credential covers job tasks ranging from developing to deploying and maintaining these solutions.

!

MCSD The Microsoft Certified Solution Developer (MCSD) credential is the premier certification for professionals who design and develop leading-edge business solutions with Microsoft development tools, technologies, platforms, and the Microsoft Windows DNA architecture. The types of applications MCSDs can develop include desktop applications and multiuser, Web-based, N-tier, and transaction-based applications. The credential covers job tasks ranging from analyzing business requirements to maintaining solutions.

!

MCDBA on Microsoft SQL Server 2000 The Microsoft Certified Database Administrator (MCDBA) credential is the premier certification for professionals who implement and administer Microsoft SQL Server databases. The certification is appropriate for individuals who derive physical database designs, develop logical data models, create physical databases, create data services by using TransactSQL, manage and maintain databases, configure and manage security, monitor and optimize databases, and install and configure SQL Server.

!

MCP The Microsoft Certified Professional (MCP) credential is for individuals who have the skills to successfully implement a Microsoft product or technology as part of a business solution in an organization. Hands-on experience with the product is necessary to successfully achieve certification.

!

MCT Microsoft Certified Trainers (MCTs) demonstrate the instructional and technical skills that qualify them to deliver Microsoft Official Curriculum through Microsoft Certified Technical Education Centers (Microsoft CTECs).

12

Introduction

Certification requirements

The certification requirements differ for each certification category and are specific to the products and job functions addressed by the certification. To become a Microsoft Certified Professional, you must pass rigorous certification exams that provide a valid and reliable measure of technical proficiency and expertise. For More Information See the Microsoft Training and Certification Web site at http://www.microsoft.com/traincert/. You can also e-mail mcphelp@microsoft.com if you have specific certification questions.

Acquiring the skills tested by an MCP exam

Microsoft Official Curriculum (MOC) and MSDN Training can help you develop the skills that you need to do your job. This training also complements the experience that you gain while working with Microsoft products and technologies. However, no one-to-one correlation exists between MOC and MSDN Training courses and MCP exams. Microsoft does not expect or intend for the courses to be the sole preparation method for passing MCP exams. Practical product knowledge and experience are also necessary to pass the MCP exams. To help prepare for the MCP exams, use the preparation guides that are available for each exam. Each Exam Preparation Guide contains exam-specific information, such as a list of the topics on which you will be tested. These guides are available on the Microsoft Training and Certification Web site at http://www.microsoft.com/traincert/.

Introduction

13

Facilities

*****************************ILLEGAL FOR NON-TRAINER USE******************************

THIS PAGE INTENTIONALLY LEFT BLANK

Unit 1: Introduction to Troubleshooting Exchange Server 2003
Contents
Overview Understanding Exchange Server 2003 Troubleshooting Methodology Preparing to Troubleshoot Exchange Server 2003 Pre-Lab Discussion Lab: Exploring the Troubleshooting Environment Lab Discussion 1 2 4 6 8 9 18

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Unit 1: Introduction to Troubleshooting Exchange Server 2003

1

Overview

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Before you begin to troubleshoot Microsoft® Exchange Server 2003, you need to understand the components of Exchange Server 2003 in order to target areas that are malfunctioning. You also need to understand basic troubleshooting methodology, including how to use the Open Systems Interconnection (OSI) model to identify the point at which message flow is failing. Finally, you must understand the tools and resources that can be used to specifically identify a problem. Objectives After completing this unit, you will be able to:
! ! !

Configure and prepare servers for basic troubleshooting. Analyze process and data flow in a flow chart. Access and apply information from a scenario and other workshop components. Identify a problem and recommend a solution.

!

2

Unit 1: Introduction to Troubleshooting Exchange Server 2003

Understanding Exchange Server 2003

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Before you begin troubleshooting, you will need to understand the various components of an Exchange messaging system, which allows Exchange Server 2003 to meet the messaging needs of your organization. When troubleshooting your Exchange messaging systems, you must focus on the databases, client connectivity, and server connectivity. Databases Because Exchange Server 2003 supports multiple databases per server, you must address each database separately in troubleshooting. For example, three mailbox stores may function normally, allowing users on those stores to access their e-mail; however, a fourth mailbox store may be corrupted and need to be repaired or restored. If the databases of Exchange Server 2003 become corrupted, messaging can fail. Additionally, corruption of the Microsoft Active Directory® database can cause problems with Exchange. Client connectivity is another component that should be addressed separately in most cases. When your users complain that their messaging client is not functioning, you should determine whether the problem is with the server, the client, or the network. Also, be aware that a MAPI client such as Microsoft Outlook® will have different features and requirements than a Post Office Protocol version 3 (POP3) or Internet Message Access Protocol version 4rev1(IMAP4) client. There are situations where an IMAP4 client, such as Microsoft Outlook Express, will work while the Outlook MAPI client will not work. Microsoft Outlook Web Access (OWA) is extremely helpful in troubleshooting because it can be used to verify that the network and the messaging servers are functioning properly. Other clients that you may need to troubleshoot include Outlook Mobile Access (OMA), Network News Transfer Protocol (NNTP), and Exchange Server ActiveSync®.

Client connectivity

Unit 1: Introduction to Troubleshooting Exchange Server 2003

3

Server connectivity

When working with Exchange Server 2003 in a large organization, you will also need to know how to troubleshoot connectors. In an environment spanning a WAN, connectors are used to enable Exchange Server 2003 routing groups to transfer messages to each other, and to allow Exchange Server 2003 routing groups to transfer messages to other messaging systems.

4

Unit 1: Introduction to Troubleshooting Exchange Server 2003

Troubleshooting Methodology

*****************************ILLEGAL FOR NON-TRAINER USE****************************** OSI model Because messaging is a network application, you can use the OSI networking model to help troubleshoot messaging problems. OSI model layers are extremely useful during troubleshooting because each layer contains different components that interact with one another. The following are the messaging components that function at each OSI model layer:
!

Application and Presentation layers. Exchange server and messaging client applications function at these layers. The System Manager is an example of an application layer component. Session and Transport layers. TCP/IP connectivity occurs at these layers. Server session connectivity issues, such as Simple Mail Transfer Protocol (SMTP) connection over TCP port 25, occur at this layer. Network layer. Routing occurs at this layer. Network addressing issues occur at this layer. Data Link layer. Network interface driver issues occur at this layer. Physical layer. Physical network issues, such as disconnected cables, occur at this layer.

!

!

! !

You can use the OSI model by starting at the bottom and working your way up to the top until the problem is resolved. Start at the Physical layer by checking the network cabling and other physical components, such as routers, bridges, switches, and other servers that might be the source of the problem. After you have eliminated the Physical layer problems, troubleshoot the network interface card driver and then name resolution and routing. Often, the problem is higher in the OSI model. When you have gained more experience, you will be able to start troubleshooting at a higher level or at the top level of the OSI model.

Unit 1: Introduction to Troubleshooting Exchange Server 2003

5

Working system model

In any successful troubleshooting scenario, the administrator needs in-depth knowledge of how the system is supposed to work or must have another working system available for reference in troubleshooting. The working system model provides a reference when troubleshooting. In many cases, you can break down the system into several components and isolate each component individually to test them. You can refer to your working system model to see how each setting is configured and then test it to see if it helps resolve your problem. Of course, each time you make a change, you must document the original system setting as well as your attempted change. The working system model is very helpful if you have multiple systems that are supposed to be configured the same way, or if you have multiple system components that are supposed to be configured the same way. Make sure that you document all changes that you make to the environment while you are troubleshooting. You may have to undo the changes you make if they cause other problems. Many organizations use a change management log or similar record to document changes to their environment.

6

Unit 1: Introduction to Troubleshooting Exchange Server 2003

Preparing to Troubleshoot Exchange Server 2003

*****************************ILLEGAL FOR NON-TRAINER USE****************************** There are several resources that you can use to identify problems that impact messaging in an Exchange Server 2003 organization. If Exchange Server 2003 is already deployed in your environment, you probably are following a preventative maintenance document, which outlines the frequency that you review and act on information provided by these resources. The table below lists resources you can use to perform preventative maintenance and specific troubleshooting.
Resource Diagnostics Logging Usage You can configure each Exchange Server 2003 object’s Diagnostics Logging property page to log very specific events to Event Viewer, which can then be viewed for troubleshooting purposes. For example, if you are troubleshooting public folder replication, you may wish to log MSExchangeIS\Public Folder categories that are related to replication. Because diagnostics logging can cause performance degradation, you should only enable it when troubleshooting a specific issue. Reviewing all logs in Event Viewer on a daily basis will enable you to identify and respond to server problems proactively. When troubleshooting, Event Viewer is the first place you should look for unusual or unexpected activity on your server. For example, if your online backup is failing due to a corrupt information store, you will see information logged in the Application log of Event Viewer that can help you identify and repair the corruption. By default, services that log related activity store their logs in the systemroot\system32\logfiles folder. The Web, SMTP, and NNTP logs are especially relevant to Exchange troubleshooting. For example, if your server is unable to transmit messages to a remote server across the Internet, you may wish to enable SMTP logging so that you can review the exact SMTP communications between the two servers noted in the SMTP log file.

Event Viewer

Services logs

Unit 1: Introduction to Troubleshooting Exchange Server 2003 (continued) Resource Dump files Usage Dump files are required when working with Microsoft Product Support Services (PSS) to troubleshoot an operating system stop error (also known as blue screen). The PSS team can evaluate the dump file to help identify the cause of the stop error. For example, hard disk controller driver problems can result in corrupt Exchange information stores, and may cause operating system stop errors. If you experience a stop error, PSS can use the dump file to identify the controller driver as the source of the problem, allowing you to prevent damage to your information stores. You should be logging Exchange and Microsoft Windows® performance counters regularly so that you can anticipate problems resulting from service growth on your Exchange server. When troubleshooting, these log files can help you understand the exact point at which an issue was introduced. For example, if you migrate several hundred mailboxes to your Exchange server, you may not incur problems immediately. However, the migration will impact performance and accelerate your server hardware upgrade schedule. If you neglect to review the log files regularly, you will eventually reach thresholds that cause performance alerts to be sent, and find yourself troubleshooting an issue that you could have anticipated.

7

Performance Monitor

For more information on specific performance counters and thresholds, see Course 2400, Implementing and Managing Microsoft Exchange Server 2003. Network Monitor To troubleshoot network communication problems among Exchange servers, Active Directory servers, and clients attempting to connect to their Exchange server, you should use the full version of Network Monitor to capture packets between the impacted computers. These packets enable you to determine which servers each computer is attempting to reach, allowing you to troubleshoot global catalog server communication problems. You should enable message tracking on the Exchange server object’s General property page when troubleshooting message flow problems. Troubleshooting message delivery involves determining at which point a message failed to be routed within your messaging system. To track a message, use the Message Tracking Center in Exchange System Manager.

Messaging logs

Note For more information about any of these resources, please refer to Microsoft Windows Server™ 2003 Help and Exchange Server 2003 Help.

8

Unit 1: Introduction to Troubleshooting Exchange Server 2003

Pre-Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Job aids Each lab in this workshop includes job aids and Lab Toolkit resources to help you complete the exercises. The labs will progressively become more difficult. Each lab has one or more flowcharts associated with the troubleshooting tasks. The flowcharts are visual displays that contain decision points and processes to guide you through the lab and help you organize your troubleshooting efforts. Each unit in this workshop has Toolkit resources associated with the lab exercises to assist you in completing the exercises. The Lab Toolkit resources are in a separate booklet, entitled Toolkit Resources. The Lab Toolkit resources are also available in an online format and are located on the student CD in the toolkit\content\labXX folder, where XX is the number of the relevant unit. You can use the Toolkit resource document, “Using the Workshop Resources,” to determine which process and methods you want to use to troubleshoot the problem presented. Service requests Every organization has issues with their service requests. Many requests are very confusing in how they are written. Other requests can be hard to understand when the initial Help Desk person tries to decipher the issue as presented by the user. Often, it can save a great deal of trouble if you contact the user directly and confirm anything that might be confusing or might be misstated in the service request. At this time, you might consider:
! !

Problems that your organization has had with service requests. Ways to address service request issues to make it easier to resolve the problems.

Example

Exercise 1 in this lab provides an example of how flowcharts and scenarios will be used throughout this workshop. This exercise covers troubleshooting of a mapped network drive, which is intentionally not an Exchange issue. The purpose of this exercise is to introduce you to the flowcharts and scenarios in this course before delving into actual Exchange troubleshooting issues.

Unit 1: Introduction to Troubleshooting Exchange Server 2003

9

Lab: Exploring the Troubleshooting Environment

*****************************ILLEGAL FOR NON-TRAINER USE****************************** In this lab, you will configure a computer running Exchange Server 2003 in preparation for troubleshooting. You will configure Diagnostics Logging and Service logs. You will then work on a basic troubleshooting problem as an example of how the rest of the workshop will work. For more information on completing this lab, see Appendix A, “Lab Guidance,” located at the back of the student workbook. After completing this lab, you will be able to:
! ! !

Configure and prepare servers for basic troubleshooting. Analyze process and data flow in a flow chart. Assess and apply information from a scenario and other workshop components. Identify problems and recommend solutions. Important This lab focuses on the concepts in this unit and as a result may not comply with Microsoft security recommendations. For instance, this lab does not comply with the recommendation that you should not log on using an administrative account.

!

10

Unit 1: Introduction to Troubleshooting Exchange Server 2003

Lab Virtual PC configuration

For this lab, you will use the Acapulco and London Virtual PCs. The Acapulco Virtual PC is used to provide a messaging client for internal users as well as external users. The London Virtual PC is a domain controller, global catalog server, DNS server, and is running Exchange Server 2003. To prepare for this lab: 1. Start the 2011_London Virtual PC, if it is not already started. 2. Log on to 2011_London as NWTraders\Administrator with a password of P@ssw0rd. 3. Start the 2011_Acapulco Virtual PC, if it is not already started. 4. Log on to 2011_Acapulco as NWTraders\Administrator with a password of P@ssw0rd.

Navigating the flow chart

In this lab, in Exercise 1, you will use the flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenario. You will need to read the scenario and the Level 1 support comments and then use the flow chart to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flowchart to determine which path to follow. Use the letters on the flow chart to identify the Lab Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario, you have successfully completed the lab.

Unit 1: Introduction to Troubleshooting Exchange Server 2003

11

Lab Toolkit resources

If necessary, use one or more of the Lab Toolkit resources listed in the following table to help you complete the exercises in this lab.
Flow chart reference Ex 2 only Resources used for this lab Help: Exchange: Enabling Diagnostic Logging. To locate this information, open the Exchange System Manager help. In this help file, search for Configure Diagnostic Logging and Set Diagnostic Logging Properties. Help: Windows: Using Netmon to Monitor Network Traffic. To locate this information, open Windows help. In this help file, search for Monitor Network Traffic and Network Monitor. Help: Windows: How to check DNS. To locate this information, open Windows help and then search for Managing Resource Records: DNS. Help: Windows: How to use TCP/IP command-line utilities. To locate this information, open Windows help and then search for Command-line utilities: TCP/IP. B Help: Windows: How to share files. To locate this information, open Windows help and then search for Share permissions: Shared Folders. Using the Workshop Resources Ex 2 only Using Service Logs

Ex 2 only

A

A

A

Note Access product help files by launching the corresponding product, right-clicking an object within the product management console, and then clicking Help. Access the Windows Server 2003, Enterprise Edition Help and Support Center by using the Start menu on the desktop of a computer running Windows Server 2003 Enterprise Edition. Estimated time to complete this lab: 60 minutes

12

Start

Troubleshooting Mapped Network Drive

Is the server powered on? Yes Yes Yes Yes

Is the client network cable attached?

Is the client computer link light on?

Is the server computer network cable attached?

Is the server computer link light on?

No No No

No

No

1. Check all power cables 2. Check power strips 3. Check power devices 4. Check power supply in server

1. Check to make sure the client computer is attached to the network 2. Check cable ends for damage

1. Check cable length for breaks 2. Check network adapter and switch (or hub) for bad connection 3. Check cable ends for damage

1. Check to make sure the server computer is attached to the network 2. Check cable ends for damage

1. Check cable length for breaks 2. Check network adapter and switch (or hub) for bad connection 3. Check cable ends for damage

Unit 1: Introduction to Troubleshooting Exchange Server 2003

Yes

Does the server respond to ping by hostname?
Yes

Does the server respond to net view command?

Yes

Does the server advertise the proper share name?

Yes

1. Try to connect to share from other systems 2. Use netmon to verify network traffic

No

No

No

A
1. Try ping using IP address 2. Check DNS if ping by IP address works 3. Check data route through network 4. Check the IP configuration of client computer 5. Check the IP configuration of server computer 1. Check server service for failure 2. Restart server service and its dependent services

B
1. Verify share is in place 2. Remove share and recreate share

End

Troubleshooting Mapped Network Drive

Start

Is the server powered on? Yes Yes Yes

Is the client network cable stacked? Is the client computer link light on?

Is the server computer network cable attached?

Yes

Is the Server computer link light on?

No

No No

No

No

Unit 1: Introduction to Troubleshooting Exchange Server 2003

1. Check all power cables 2. Check power strips 3. Check power devices 4. Check power

1. Check to make sure the client computer is attached to the network 2. Check cable ends for damage

1. Check cable length for breaks 2. Check network adapter and switch (or hub) for bad connection 3. Check cable ends for damage

1. Check to make sure the server computer is attached to the network 2. Check cable ends for damage

1. Check cable length for breaks 2. Check network adapter and switch (or hub) for bad connection 3. Check cable ends for damage

13

14

Troubleshooting Mapped Network Drive

Yes

Does the server respond to ping by hostname? Yes Yes Does the server advertise the proper share name?

Does the server respond to net view command?

Yes

1. Try to connect to share from other systems 2. Use netmon to verify network traffic

Unit 1: Introduction to Troubleshooting Exchange Server 2003

No No

No

A
1. Check server service for failure 2. Restart server service and its dependent services

B
1. Verify share is in place 2. Remove share and recreate share End

1. Try ping using IP address 2. Check DNS if ping by IP address works 3. Check data route through network 4. Check the IP configuration of client computer 5. Check the IP configuration of server computer

Unit 1: Introduction to Troubleshooting Exchange Server 2003

15

Exercise 1 Troubleshooting a Mapped Network Drive
In this exercise, you will identify the problem with a mapped network drive that is reported as nonfunctional. Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab1a.bat script located in the C:\Moc\2011\Labfiles\Lab01 folder on 2011_London Virtual PC. There is a shortcut to C:\Moc\2011\Labfiles on your desktop. You are a network administrator. Jeff Pike can no longer access his K drive. The K drive, by company standards, maps to \\London\KDrive, which is a shared directory on London. In this exercise, you will need to log on to Acapulco using NWTraders\JeffPike to troubleshoot and test your solution. All user accounts can be accessed by using a password of P@ssw0rd. Level 1 support comments “Called Operations; they say the London server is up and running. Jeff claims that it was working earlier in the day, then he went to lunch. When he returned from lunch it no longer worked. Jeff installed new software before lunch—an upgrade to Microsoft Office System 2003. Jeff states he is unable to access any share points on the London server.” Use the flow chart and the Lab Toolkit resources to identify and resolve the problem with the client connection. Fix all related problems. What did you determine to be the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

Scenario

What steps did you take to identify and resolve the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

16

Unit 1: Introduction to Troubleshooting Exchange Server 2003

Exercise 2 Configuring Common Troubleshooting Components
In this exercise, you will configure Windows Server 2003 and Exchange Server 2003 for basic troubleshooting. Configure London by performing the tasks below. Scenario You are a network administrator. You want to prepare your Exchange Server 2003 environment for troubleshooting. At this time, your environment is functioning as expected. Perform the tasks in the following table on London.
Tasks Enable and configure SMTP and NNTP logging. Verify configuration of HTTP logging. Resources Search Exchange Server 2003 Help for topics entitled “Enable Logging for SMTP, NNTP, and HTTP Protocols” and “Enable Logging for the HTTP Exchange Virtual Server.” You need to start the NNTP service. Configure the Performance snap-in to log the LogicalDisk, Memory, Network Interface, PhysicalDisk, and Processor objects. Review the options available for Exchange Diagnostics Logging. In Add/Remove Windows Components in Add or Remove Programs, install and then use Network Monitor to capture and view network traffic on your local area connection. The location of installation files is c:\moc\2011\labfiles\ Lab01\Netmon. Verify that Exchange Service Monitoring is configured to monitor the Microsoft Exchange System Attendant service and its dependent services. Enable message tracking and subject logging. Search Performance logs and Alerts Help for the topic entitled “Create a counter log” and “Troubleshooting.” Search Exchange Server 2003 Help for the topic entitled “Configure Diagnostics Logging.” See note below table. Search Windows Server 2003 Enterprise Edition Help and Support Center for the topic entitled “Monitoring Network Traffic: Common Administrative Tasks.” See note below table.

Search Exchange Server 2003 Help for the topic entitled “Monitor Services Used by Exchange.” Search Exchange Server 2003 Help for the topic entitled “Enable Message Tracking.”

Note Diagnostics Logging and Network Monitor are two tools that you will not configure and use until you are actually facing a problem and need them to help resolve the problem. In this exercise, review the many options available under Diagnostics Logging and familiarize yourself with Network Monitor.

Unit 1: Introduction to Troubleshooting Exchange Server 2003

17

Lab Virtual PC clean-up

For this lab, you used the Acapulco and London Virtual PCs. Please save changes that were made during your troubleshooting by closing each image. Important When you shut down the Virtual PCs using these instructions, all changes made to the London Virtual PC will be saved. To clean up after this lab: 1. On Acapulco, on the menu, click PC, click Shutdown, click Turn off PC and undo changes, and then click OK. 2. On London, on the menu, click PC, click Shutdown, click Save PC state and keep changes, and then click OK. Note Start the 2011_London Virtual PC to prepare for the next unit’s lab. Do not shut it down again until instructed.

18

Unit 1: Introduction to Troubleshooting Exchange Server 2003

Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** What steps did you follow in the troubleshooting flow charts?
! ! ! !

What were the root causes of the problems described in the scenario? What steps did you use and how did the steps help identify the problem? What other steps could you have used to identify the problem faster? How did you test your solution?

How will you address this type of problem in the future?
! ! !

How is your work environment different than the test environment? How would your work environment change the troubleshooting process? What steps will you take in the future when troubleshooting similar problems?

Unit 2: Troubleshooting Network Connectivity
Contents
Overview Tools for Troubleshooting Network Connectivity Common Network Connectivity Problems Pre-Lab Discussion Lab: Troubleshooting Connectivity Problems Lab Discussion 1 2 3 4 5 15

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Unit 2: Troubleshooting Network Connectivity

1

Overview

*****************************ILLEGAL FOR NON-TRAINER USE****************************** If messaging fails, it is usually because of connectivity issues. Microsoft® Exchange Server 2003 provides you with various tools to assist you in troubleshooting network connectivity. In this unit, you will focus on some of these tools and will then have the opportunity to practice using them. Objectives After completing this unit, you will be able to:
!

Identify the underlying causes when mail from one server is not received by recipients on another server and resolve the problem. Identify the underlying causes when a user cannot connect to an Exchange Server 2003 server as a remote user and resolve the problem. Identify the underlying causes when no one in a company can receive Internet e-mail and resolve the problem.

!

!

2

Unit 2: Troubleshooting Network Connectivity

Tools for Troubleshooting Network Connectivity

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Network connectivity problems and issues involving DNS are common reasons for message failure. Several tools are available to verify that your network is functioning correctly, that domain name resolution is occurring correctly, and to identify specific problems in your environment. Using these tools to identify the source of a problem will greatly improve your troubleshooting efforts. The following table lists the tools and gives a brief description of when you would use each one.
Tool Telnet Purpose Use Telnet to verify that you can connect to a particular TCP/IP port on an Exchange server. For example, if you cannot send Simple Mail Transfer Protocol (SMTP) messages to a remote server; use Telnet to verify that SMTP is responding as expected on port 25. Use Ping to verify that the network between a sending computer and a receiving computer is transferring data correctly and in a timely manner. For example, if you cannot ping your Exchange server from your client computer, you will not be able to send or receive e-mail using that server. Use Tracert to trace each hop that a network packet takes when sent from one computer to another. If you cannot ping a destination computer, you can use Tracert to identify the point at which the packet is failing to transfer. Use Pathping instead of Ping and Tracert when you want to locate information about network latency and network loss at intermediate hops between a source and destination. Pathping allows you to determine which routers or subnets are having network problems. Use the DNS Administrator program to configure DNS settings, test connectivity between DNS servers, and verify that host names are registered correctly. Problems with DNS functionality are frequently a result of network connectivity problems between the DNS server and the server or client with which you are experiencing a problem. For example, if a message is not being transmitted to a remote SMTP host, this could be a problem with the DNS registration for that host.

Ping

Tracert

Pathping

DNS Administrator

Unit 2: Troubleshooting Network Connectivity

3

Common Network Connectivity Problems

*****************************ILLEGAL FOR NON-TRAINER USE****************************** As we have discussed, connectivity problems are some of the major issues when troubleshooting an Exchange Server 2003 messaging environment. Some of the more common issues and the steps that you can take to resolve them are listed in the following table.
Problem DNS resolution of A and MX records is not correct Troubleshooting tips • Verify that the DNS service is running • Verify that the Exchange A records are present • Verify that the Exchange mail exchanger (MX) resource records are present POP3/IMAP4 protocol permissions are not configured correctly • Verify that users have permission to Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4rev1 (IMAP4) • Verify that the appropriate protocol service startup type is set to Automatic, and that the service is started on the Exchange server • Verify that the server’s IP address and host name are resolved successfully from the client Firewall blocks transmissions • Verify that the firewall is configured correctly • Verify that the services on the firewall are running as expected • Use Telnet to verify that the ports are open and accepting connections • Use firewall configuration tools to verify port redirection Virus has infected your network • Verify that the antivirus scanning engines and signature files are current • Use your disaster recovery documentation to prevent further spreading of the virus and to clean the virus from the server Inbound SMTP traffic is not being accepted • Use Telnet to verify that relevant firewalls, routers, and servers are processing SMTP traffic • Verify that the Exchange server is not filtering SMTP connections based on e-mail address, domain name, or IP address • Verify the MX records in DNS

4

Unit 2: Troubleshooting Network Connectivity

Pre-Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Network connectivity problems will impact all network-based applications. Messaging applications can have client-to-server connectivity issues, server-toserver connectivity issues, and issues with transmitting data through firewalls. Focusing on connectivity, discuss what problems might cause the following situations:
! ! !

A user cannot receive e-mail from another internal user. Users cannot connect to their mailboxes from outside the corporate network. A company is unable to receive e-mail from Internet senders.

Unit 2: Troubleshooting Network Connectivity

5

Lab: Troubleshooting Connectivity Problems

*****************************ILLEGAL FOR NON-TRAINER USE****************************** For more information on completing this lab, see Appendix A, “Lab Guidance,” located at the back of the student workbook. After completing this lab, you will be able to:
!

Identify the underlying causes when e-mail from one server is not received by recipients on another server and resolve the problem. Identify the underlying causes when a user cannot connect to an Exchange server as a remote user and resolve the problem. Identify the underlying causes when no one in a company can receive Internet e-mail and resolve the problem. Important This lab focuses on the concepts in this unit and as a result may not comply with Microsoft security recommendations. For instance, this lab does not comply with the recommendation that you should not log on using an administrative account.

!

!

6

Unit 2: Troubleshooting Network Connectivity

Lab Virtual PC configuration

For this lab, you will use the Acapulco, Miami, Vancouver, and London Virtual PCs. The Acapulco Virtual PC is used to provide a messaging client for internal users as well as external users. London is a domain controller, global catalog server, DNS server, and Exchange Server 2003 server. Miami is an Exchange Server 2003 server. Vancouver is an Exchange 5.5 server that is used to simulate a connection to an Internet host in the last exercise of this lab, and will be started at that time. To prepare for this lab: 1. Start 2011_London Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with a password of P@ssw0rd. For performance reasons, you should allow London to start completely prior to starting Acapulco. 3. Start 2011_Acapulco Virtual PC, if it is not already started, but do not log on. For performance reasons, you should allow Acapulco to start completely prior to starting Miami. 4. Start 2011_Miami Virtual PC. 5. Log on as NWTraders\Administrator. If any services configured with a startup type of Automatic fail to start, start them now. Note All accounts used in this course can be accessed by using the password P@ssw0rd.

Navigating the flow chart

In this lab, you will use the flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario, the support comments, and then use the flow charts to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flow chart to determine which path to follow. Use the letters on the flow chart to identify the Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario you have successfully completed the lab.

Unit 2: Troubleshooting Network Connectivity

7

Lab Toolkit resources

If necessary, use one or more of the Lab Toolkit resources listed in the following table to help you complete the exercises in this lab.
Flow chart reference B C D Resources used for this Flow Chart Help: Exchange: Managing Virtual Servers. To locate this information, open Exchange System Manager Help, search for Configure Virtual Servers, and then select the appropriate topic for the type of virtual server. Help: Exchange: Tracking Messages. To locate this information, open Exchange System Manager Help, search for message tracking, and then select Use the Message Tracking Center. Help: Exchange: Verifying the RGC Configuration. To locate this information, open Exchange System Manager Help and then search for Install a Routing Group Connector. Help: Microsoft Outlook® Express: Verifying Account Configuration. To locate this information, open Outlook Express Help and then search for Add a mail or news account. Help: Microsoft Outlook: Verifying Account Configuration. To locate this information, open Outlook Help and then search for View or change e-mail account settings. Help: Microsoft Windows®: Testing DNS. To locate this information, open Windows Help and then search for Manage resource records. Help: Windows: Using NSLookup. To locate information on using NSLookup to test DNS, open a command prompt, type NSLookup to start the NSLookup tool, and then type Help. Help: Windows: How to Use TCP/IP Command-Line Utilities. To locate this information, open Windows Help and then search for Command-line utilities: TCP/IP. Impact of Virus and Content Scanners on Messaging Functionality D A A B A B D Internet E-Mail Testing Methods Updating the Global Address List (GAL) Using Dcdiag and Netdiag to Verify the Network Infrastructure Using the Telnet Command to Test the TCP Port Restrictions on a Firewall Verifying that a Server is Online

A B C

C

B

A

A B C D

A B C D

C

A B C

Estimated time to complete this lab: 135 minutes

8

Troubleshooting Network Connectivity Problems

Start

Can the client send and receive e-mail between others on the same Exchange server? Yes Yes Can the client send and receive Internet e-mail?

Can the client send and recieve e-mail between others on other Exchange servers in the organization?

Yes

End

No No No

Unit 2: Troubleshooting Network Connectivity

A C

D

Which messaging client application is being used? MAPI

1. Verify server is online 2. Verify mailbox and server names in Outlook client 3. Verify DC and GC online 4. Verify user name is in the GAL, update if necessary 5. Check DNS resolution 6. Check virus and content scanner quarantine 7. Track message

1. Verify correct address and test if other users can send and receive extra-server e-mail 2. Check network route 3. Verify IP configuration on all e-mail servers 4. Check DNS 5. Verify SMTP virtual server is running on remote server 6. Check message size limits on connectors 7. Check virus and content scanner quarantine 8. Track message

1. Check user for SMTP Deny 2. Verify SMTP virtual server is functioning 3. Check firewall configuration 4. Verify external DNS MX records 5. Verify that the firewall is not blocking

Outlook Express

B

1. Verify server is online 2. Verify account name, password, and server names in Outlook Express client 3. Check DNS resolution 4. Verify SMTP IMAP4/POP3 , virtual servers are running 5. Check virus and content scanner quarantine 6. Track message If external client 7. Check firewall configuration

Troubleshooting Network Connectivity Problems
Start Can the client send and receive e-mail between others on other Exchange servers in the organization?

Yes

No

A

Which messaging client application is being used?

MAPI

1. Verify server is online 2. Verify mailbox and server names in Outlook client 3. Verify DC and GC online 4. Verify user name is in the GAL, update if necessary 5. Check DNS resolution 6. Check virus and content scanner quarantine 7. Track message Outlook Express

Unit 2: Troubleshooting Network Connectivity

B

9

1. Verify server is online 2. Verify account name, password, and server names in Outlook Express client 3. Check DNS resolution 4. Verify SMTP IMAP4/POP3 virtual , servers are running 5. Check virus and content scanner quarantine 6. Track message If external client 7. Check firewall configuration

10

Troubleshooting Network Connectivity Problems

Can the client send and receive e-mail between others on other Exchange servers in the organization? Yes Can the client send and receive Internet e-mail?

Yes

End

Unit 2: Troubleshooting Network Connectivity

No

No

C
1. Verify correct address and test if other users can send and receive extra-server e-mail 2. Check network route 3. Verify IP configuration on all e-mail servers 5. Check DNS 6. Verify SMTP virtual server is running on remote server 7. Check message size limits on connectors 8. Check virus and content scanner quarantine 9. Track message

D
1. Check user for SMTP Deny 2. Verify SMTP virtual server is functioning 3. Check firewall configuration 4. Verify external DNS MX records 5. Verify that the firewall is not blocking

Unit 2: Troubleshooting Network Connectivity

11

Exercise 1 Troubleshooting Internal User E-Mail Failure
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab2a.bat script located in the c:\MOC\2011\Labfiles\Lab02 folder on 2011_London Virtual PC. It is important that all Virtual PCs be completely started prior to running the script. Jeff Pike has entered a service request. He states that he is unable to send e-mail to one of his team members, Mindy Martin. He is able to send and receive e-mail to and from others in his team, but not Mindy. In this exercise, you will need to log on to Acapulco using NWTraders\JeffPike and log on to Microsoft Outlook Web Access (OWA) as NWTraders\MindyMarti to troubleshoot and test your solution. All user accounts can be accessed by using a password of P@ssw0rd. Level 1 support comments “Sent e-mail to Jeff and he received it fine. Called Mindy; she is able to send and receive e-mail among her co-workers. Jeff and Mindy both use Outlook 2003.” You must establish e-mail communication between Jeff Pike and Mindy Martin. What did you determine to be the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

Scenario

What steps did you take to identify and resolve the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

12

Unit 2: Troubleshooting Network Connectivity

Exercise 2 Troubleshooting When a Remote User Is Unable to Receive E-Mail
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Exercise preparation To create the troubleshooting scenario for this exercise, perform the following steps: 1. On Miami, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 2. Run the breaklab2b.bat script located in the c:\MOC\2011\Labfiles\Lab02 folder on 2011_London Virtual PC. Scenario Brian Clark has entered a service request. He states that he is unable to access his e-mail from home using Outlook Express. He is trying to configure Outlook Express as an IMAP4 client. Brian’s mailbox was recently moved from a server running Exchange 2000 to a different server running Exchange 2003. Log on to Acapulco as NWTraders\BrianClark using the password P@ssw0rd. Use Outlook Express to connect to the Exchange Server 2003 server and troubleshoot the connection. Level 1 support comments “Sent e-mail to Brian and it didn’t bounce back. Checked System Manager and saw that the messages in Brian’s mailbox increase when I send him e-mail. I think the problem might be related to Brian’s mailbox being moved, that it was corrupted.” “Called Brian at home and walked through the settings for Outlook Express. Everything seems fine. Maybe it is a corruption problem.” Read the Level 1 and Level 2 support comments and find a solution to the problem. You must resolve the problems Brian experiences when accessing his e-mail using Outlook Express as an IMAP4 client. What did you determine to be the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Level 2 support comments

What steps did you take to identify and resolve the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Unit 2: Troubleshooting Network Connectivity

13

Exercise 3 Troubleshooting When a Company is Not Receiving Internet E-Mail
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Exercise preparation To create the troubleshooting scenario for this exercise, perform the following steps: 1. Verify that 2011_London Virtual PC is running. 2. Start 2011_Vancouver Virtual PC. Because Vancouver is in the Microsoft Windows NT® domain Contoso, which is not part of the same forest as London, you can use Vancouver to simulate an Internet host. When you start Vancouver, Vancouver will run Autochk. You should allow Autochk to complete, at which time Vancouver will start successfully. 3. Log on to Vancouver as Contoso\Administrator. 4. Run the breaklab2c.bat script located in the c:\MOC\2011\Labfiles\Lab02 folder on 2011_London Virtual PC. Scenario Brenda Diaz has entered a service request. She states that she is not receiving e-mail from the Internet, and she is unable to send e-mail to the Internet. Log on to Acapulco as NWTraders\BrendaDiaz using the password P@ssw0rd. Use Outlook 2003 to connect to the Exchange Server 2003 environment and troubleshoot the connection. You can use the administrator@contoso.msft account as the test recipient on Vancouver. Outlook 2000 on Vancouver has already been configured with a profile for the Contoso Administrator mailbox. Level 1 support comments “Brenda is using Outlook 2003. Brenda is able to send and receive internal email. She claims she is able to send e-mail to the Internet but is not able to receive it. Explained to Brenda that it must be a problem at the other end because nobody else has reported any similar problems. Brenda is confident that it must be something wrong with our e-mail server.” “Brenda called the Help Desk manager and was very upset. I called her directly; she is certain that it is a problem with our e-mail server. She says that a friend of hers at Contoso, Ltd has been trying to send her e-mail all day. I explained to Brenda that it might be a virus issue and that the other e-mail server is stopping mail from being sent to our server.” Read the Level 1 and Level 2 support comments and find a solution to the problem that is keeping users from receiving e-mail from the Internet. Warning Virtual PC will capture your mouse while using Vancouver. To use your mouse to access other windows outside of Vancouver, you must press the right Alt key while moving your mouse out of the Vancouver window.

Level 2 support comments

14

Unit 2: Troubleshooting Network Connectivity

What did you determine to be the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

What steps did you take to identify and resolve the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ _______________________________________________________________ Lab Virtual PC clean-up For this lab, you used the Acapulco, Miami, Vancouver, and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image. The Miami virtual PC should have been closed at the beginning of Exercise 2. Important When you shut down the Virtual PCs using these instructions, all changes made to the Virtual PCs during this lab will be lost. To clean up after this lab: 1. On Acapulco, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 2. On London, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 3. On Vancouver, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. Note Start the 2011_London Virtual PC to prepare for the next unit’s lab. Do not shut it down again until instructed.

Unit 2: Troubleshooting Network Connectivity

15

Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** What steps did you follow in the troubleshooting flow charts?
! ! ! !

What were the root causes of the problems described in the scenario? What steps did you use and how did the steps help identify the problems? What other steps could you have used to identify the problems faster? How did you test your solution?

How will you address this type of problem in the future?
! ! !

How is your work environment different than the test environment? How would your work environment change the troubleshooting process? What steps will you take in the future when troubleshooting similar problems?

THIS PAGE INTENTIONALLY LEFT BLANK

Unit 3: Troubleshooting Public Folders and Mailboxes
Contents
Overview Troubleshooting Client Connectivity to Mailboxes and Public Folders Troubleshooting Mailbox and Public Folder Properties Troubleshooting Single Server Message Flow Troubleshooting the Recipient Update Service Pre-Lab Discussion Lab: Troubleshooting Public Folder and Mailbox Problems Lab Discussion 1 2 5 8 10 12 13 26

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Unit 3: Troubleshooting Public Folders and Mailboxes

1

Overview

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Network connectivity issues prevent users from sending and receiving e-mail in a Microsoft® Exchange Server 2003 environment. In this unit, you will learn how to identify the mailbox and public folder problems that prevent users from sending and receiving e-mail. These issues are indicated when a client is unable to connect to a server running Exchange Server 2003 to access a mailbox or a public folder. Objectives After completing this unit, you will be able to:
!

Identify the underlying causes when a user cannot receive Internet e-mail and resolve the problem. Identify the underlying causes when a user cannot send Internet e-mail and resolve the problem. Identify the underlying causes when a user is unable to post a message to a public folder and resolve the problem.

!

!

2

Unit 3: Troubleshooting Public Folders and Mailboxes

Troubleshooting Client Connectivity to Mailboxes and Public Folders

*****************************ILLEGAL FOR NON-TRAINER USE****************************** If a user cannot send and receive e-mail, one reason for this may be that the user’s e-mail client cannot connect to the user’s Exchange server. There are many possible reasons why a client cannot connect to an Exchange server. To troubleshoot client connectivity, you need to understand how a client connects to an Exchange server and then troubleshoot each step in the process. Troubleshooting mailbox connectivity To troubleshoot client connectivity to a mailbox on an Exchange server, you need to examine the following components:
!

Name resolution. The e-mail client must be able to resolve the name of the Exchange server before it can open the mailbox. Microsoft Windows® 2000 Professional and later clients rely on DNS to resolve the host name of the Exchange server. Earlier clients rely on Windows Internet Name Service (WINS) to resolve the network basic input/output system (NetBIOS) name of the Exchange server. To troubleshoot name resolution issues, use tools such as Ping and NSLookup. Protocol connection. If the e-mail client can resolve the name of the Exchange server, the next step is to attempt an application level protocol connection to the server. • For Microsoft Outlook® MAPI clients, the client must be able to create a remote procedure call (RPC) connection to the Exchange server by using TCP/IP port 135. The RPC port mapper will dynamically assign a port after the initial connection unless you have configured your Exchange server to use static ports. For Outlook 2003 using RPC over HTTP, the RPC traffic is sent using HTTPS (port 443). On the internal network, you may need to check options such as packet filtering on network devices or the Exchange servers, or possibly an Internet Protocol security (IPSec) policy that is blocking RPC connections.

!

Unit 3: Troubleshooting Public Folders and Mailboxes

3

• Internet Message Access Protocol version 4rev1 (IMAP4), Post Office Protocol version 3 (POP3), or HTTP clients must be able to connect to the Exchange server using the appropriate protocols. If the client can establish a TCP/IP connection to the Exchange server, but it cannot create a protocol connection, you must identify what is blocking the connection. The most common problem is firewall settings. In most cases, protocol resolution issues will impact more than just one client. For example, if POP3 traffic is being blocked on the network, all POP3 clients will be affected. If only one client is affected, you can limit your troubleshooting to that particular client. • Microsoft Active Directory® directory service access. To send and receive e-mail in an Exchange Server 2003 environment, both the e-mail client and the Exchange server must be able to connect to Active Directory global catalog servers. All of the Exchange servers in the organization must be able to connect to a domain controller in order to access configuration information. In order to resolve e-mail addresses to send a message, the Exchange server must be able to locate the recipient object in the global catalog. To open the global address list, the e-mail client must be able to connect to a global catalog server. If the e-mail client is having problems resolving recipient names, test the Active Directory connections using tools like Netdiag, Netsh, Dcdiag, and Dsadiag. Also, verify that objects exist in the global catalog, and that, if needed, an expansion server for each mail-enabled group is identified and functioning. Troubleshooting public folder connectivity When an e-mail client attempts to connect to a public folder server, the client must first establish a connection to the Exchange server that houses the client’s default public store server using the same process as connecting to a mailbox. Accessing public folder content adds some extra components that you need to consider in your troubleshooting:
!

Connecting to the default public folder hierarchy. When the e-mail client tries to access a public folder, it must first access the public folder hierarchy. The default public folder hierarchy is stored on every server that includes a public folder store. The e-mail client will try to access the hierarchy from the default public store defined on the client’s mailbox store properties, which by default is on the same server as the user’s mailbox. If the e-mail client cannot see any public folders in the hierarchy, the server that hosts the user’s default public store is not returning public folder information properly. In this case, confirm connectivity to the server hosting the default public store and verify that the public store is mounted. If the client can view parts of the hierarchy but is unable to view recently created folders, verify that the hierarchy is replicating correctly. If replication is working, the user may not have permissions to access portions of the hierarchy; you should verify that permissions are granted accordingly. You can force an immediate update of the public folder hierarchy information by rightclicking a public folder store and clicking Send hierarchy.

4

Unit 3: Troubleshooting Public Folders and Mailboxes
!

Connecting to public folder contents. After the client has connected to the public folder hierarchy, it must then retrieve the actual messages from the public folder. The messages are stored only on those servers that contain a replica of the public folder. When the client tries to open a message in a public folder, the server that houses the user’s default public store returns a list of all servers that contain a replica of the public folder. The client will then connect to the requested public folder in the following order of preference: • Connect to the server housing the default public folder store. • Connect to an Exchange server in the same routing group as the Exchange server that houses the user’s mailbox. • Connect to an Exchange server in a different routing group. If there are multiple routing groups, the client will connect to an Exchange server based on the public folder referral configuration on the routing group connectors and the routing group connector costs.

If the client cannot connect to a public folder replica in its own routing group, follow the same troubleshooting process that you would use to troubleshoot connecting to a mailbox. If the public folder replica is located in another routing group, check whether public folder referrals are enabled across the routing group connection. In most cases the second routing group is across a WAN connection, so you may need to troubleshoot the network connectivity. If the WAN connection has limited available bandwidth, you may need to configure a replica of the public folder in the local routing group to ensure client connectivity.

Unit 3: Troubleshooting Public Folders and Mailboxes

5

Troubleshooting Mailbox and Public Folder Properties

*****************************ILLEGAL FOR NON-TRAINER USE****************************** If an e-mail client can access the appropriate mailbox or public folder but cannot send and receive e-mail messages, the problem may be a configuration setting on the mailbox or public folder. Troubleshooting mailbox configuration issues There are many possible configuration settings on a mailbox that can affect e-mail delivery, including the following:
!

Mailbox permissions. To send e-mail from a mailbox, the user must have Send As permission, or be delegated the Send on behalf of permission. To read the mail in the mailbox, the user must be granted Receive As permission or be granted the permission to read the mailbox contents. The primary account associated with a mailbox is granted Full Mailbox Access in Active Directory. If a client cannot use a mailbox as expected, verify that permissions are granted correctly. E-mail address. Every mailbox on an Exchange Server 2003 server must be configured with at least a Simple Mail Transfer Protocol (SMTP) address and a X.400 address. Initially, these addresses are configured by the default recipient policy. Additional addresses may be configured manually or by creating additional recipient policies that apply to the user. If a user is unable to receive e-mail originating from messaging systems across connectors, verify that the user’s e-mail address is defined correctly for the affected connector. For example, a user unable to receive Internet e-mail may have an incorrect SMTP address.

!

6

Unit 3: Troubleshooting Public Folders and Mailboxes
!

Default e-mail address. If a mailbox is configured with more than one address of the same type, one of the addresses is configured as the primary e-mail address. This is most common for SMTP addresses, when one user may have more than one SMTP e-mail address. By default, Exchange Server 2003 adds the primary e-mail address to the FROM field of outbound messages sent from the user’s mailbox. If the primary e-mail address is not correct, replies to messages sent from the user may not be delivered. If a user is not receiving replies to messages they send across connectors to other messaging systems, verify that the user’s primary e-mail address for the affected connector is configured correctly. For example, a user that receives Internet e-mail but does not receive replies to messages that are sent to Internet users may have an incorrectly defined primary SMTP e-mail address. Message size limits. You can configure both sending and receiving message size limits at the organization level, connector level, or mailbox level. If a message exceeds the message size restriction, it will not be delivered. If a user is unable to send messages with large attachments, check the message size limits. If the messages are too large, you may need to increase the size limits or ask the user to decrease the size of the attachments. Mailbox size limits. Mailbox size limits can be configured on the mailbox store or on individual mailboxes. There are three configuration options available when setting the mailbox size limit: issue warning, prohibit send, and prohibit send and receive. If the prohibit send is configured, the user will receive an error message when they send a message and the message will not be delivered. If the mailbox has reached the prohibit receive level, any e-mail sent to the mailbox will not be delivered to the mailbox and a non-delivery report (NDR) will be created. If a user is unable to send or receive e-mail because they have reached the mailbox size limit, you may need to show the user how to decrease their mailbox size. In many cases, deleting the messages in the Deleted Items and Sent Items folders can significantly reduce the size of the mailbox. If required, you can configure a larger mailbox size limit for individual mailboxes. Delivery restrictions. You can configure delivery restrictions that specify who can send to a mailbox or distribution list. If a user is prohibited from sending to a mailbox, their messages will not be delivered. If a user is not able to send to a mailbox or distribution list, confirm why the delivery restriction is in place. If the user should not be restricted, change the delivery restrictions. If the user should be restricted, communicate that to the user. Hide from Exchange Address Lists. You can configure individual mailboxes so that they are hidden from the Address Book. If this is configured, the mailbox will not appear in the global address list (GAL), but other users that know the name or the e-mail address of the mailbox will still be able to send to the mailbox. If the mailbox is configured incorrectly, correct the configuration error. If a mailbox is intentionally hidden from the GAL, you may need to show the user how to send e-mail to a hidden mailbox.

!

!

!

!

Unit 3: Troubleshooting Public Folders and Mailboxes

7

Troubleshooting public folder configuration issues

There are many possible configuration settings on a public folder that can affect e-mail delivery, including the following:
!

Public folder permissions. As with mailboxes, you must have appropriate permissions granted in order to access public folders. By default, all users are assigned the Author role on newly created public folders. However, you can modify user permissions by assigning different roles to a user account or to mail-enabled groups. The client permissions on a public folder can be modified using Outlook or using the Exchange System Manager. If users cannot perform the actions they expect in a public folder, confirm that they have the business requirement to do so. Once this is confirmed, you can assign the appropriate permissions to the public folder either by using the individual mailbox or by adding the mailbox to a mail-enabled group that has the required permissions. Public folder size limits. Like mailboxes, public folders can also be configured with size limits that restrict the maximum size of the public folder. When these size limits are reached, users will not be able to post any messages to the public folder. Public folders can also be configured with maximum message size limits. If users cannot post to a public folder because the public folder has reached its maximum size, you can increase the public folder size or you can remove some messages from the folder. If this is a regular occurrence, you can configure the public folder so that messages older than a specified time or date are automatically deleted from the folder. Mail-enabled public folders. Public folders can be configured as mail enabled. If a public folder is mail enabled, e-mail addresses are created for the public folder so that users can locate the folder in the GAL and send mail to the folder. Users outside the organization can send e-mail to the folder by using the SMTP address for the public folder. If you want users outside the organization to be able to send mail to a public folder, you must mail-enable the public folder and then make the SMTP address available to the outside users. If you do not want to mail-enable the public folder, instruct internal users to post to the public folder. Hide from Exchange Address Lists. By default, public folders that are mail enabled are displayed in the GAL. If a public folder should not be visible in the GAL, the option must be modified. If the public folder is configured incorrectly, correct the configuration error. If a public folder is intentionally hidden from the GAL, you may need to show users how to send e-mail to a hidden public folder, or instruct them to post to the public folder.

!

!

!

8

Unit 3: Troubleshooting Public Folders and Mailboxes

Troubleshooting Single Server Message Flow

*****************************ILLEGAL FOR NON-TRAINER USE****************************** In order to troubleshoot message delivery errors, it is useful to understand how messages flow through an Exchange server. Exchange Server 2003 provides the queue viewer and the Message Tracking Center for troubleshooting message delivery. The queue viewer displays all of the queues on the Exchange server so that you can clearly see where messages that are not being delivered are accumulating. By using the Message Tracking Center, you can identify the server or point within a server at which message delivery is stopped. Single server message flow An Exchange server can receive messages from a client or from another server via SMTP or an X.400 connector. Regardless of the source, the flow of a message through the server is essentially the same. The following steps describe the message flow when a MAPI client sends a message to a recipient on the same server: 1. The message is submitted to the store from the e-mail client. The actual content of the message is stored in the Exchange store. 2. The MailMsg object, which is the header information about the message, is passed to the advanced queuing engine. The advanced queuing engine, which is part of the SMTP service, places the MailMsg object in the precategorizer queue. The pre-categorizer queue is one of several queues that are managed by the advanced queuing engine. 3. The message categorizer, which is also part of the SMTP service, retrieves the MailMsg object from the pre-categorizer queue and processes the message. The message categorizer determines the recipients of the e-mail message and determines the best way to route the message to the recipients. If the recipient is a mail-enabled group, the message categorizer must expand the group membership to identify all message recipients. If the mailenabled group is configured with a different expansion server, the message is sent to the expansion server. During the categorizing process, the message categorizer must connect to a global catalog server that contains information about all member objects of the group.

Unit 3: Troubleshooting Public Folders and Mailboxes

9

4. Because the recipient mailbox is located on the same server as the sender, the message categorizer sends the message to the routing engine which places the message in the local delivery queue. 5. The Exchange store extracts the MailMsg information from the local delivery queue and sends a pointer to the stored message to the appropriate mailbox. Using the queue viewer to troubleshoot message flow As messages are routed through an Exchange server, they are moved from one queue to another. You can monitor the status of these queues by using the queue viewer. The queue viewer is accessed by expanding the server object in Exchange System Manager and clicking Queues. The queue viewer shows both system queues and link queues. System queues are permanent queues on the Exchange server, such as the local delivery queue or queues for messages awaiting directory lookup or messages waiting to be routed. Link queues are temporary queues created only when needed. For example, when a message is sent to an Internet recipient, a link queue is created for the recipient’s fully qualified domain name. When messages are not being delivered on the Exchange server, you can use the queue viewer to identify which queue is growing in size. If the Messages awaiting directory lookup queue is growing, you should check global catalog availability. If the Local delivery queue is growing, you should verify that the local mailbox and public folder stores are mounted. If you notice a queue is growing, you can select the queue and then view the additional queue information to help troubleshoot the cause of the queue growth. Using message tracking to troubleshoot message flow In addition to the queue viewer, you can also use the Message Tracking Center to troubleshoot message flow through an Exchange server. When message tracking is enabled on a server, each step of the message flow is logged in the message tracking logs. For example, the following information is logged when a message is sent from one mailbox on an Exchange server to more than one mailbox on the same server:
SMTP Store Driver: Message Submitted from Store SMTP: Message Submitted to Advanced Queue SMTP: Started Message Submission to Advanced Queue SMTP: Message Submitted to Categorizer SMTP: Message Categorized and Queued for Routing SMTP: Message Queued for Local Delivery SMTP: Message Delivered Locally to multiple recipients SMTP Store Driver: Message Delivered Locally to Store to recipient SMTP e-mail address

By viewing the message tracking log, you can identify where an undelivered message failed and begin troubleshooting the correct component.

10

Unit 3: Troubleshooting Public Folders and Mailboxes

Troubleshooting the Recipient Update Service

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Recipient policies are used to configure e-mail addresses for recipients in an Exchange organization. The Recipient Update Service updates recipient e-mail addresses based on the recipient policies. If recipient policies are not configured correctly, the e-mail addresses assigned to recipients will be incorrect. If the Recipient Update Service is not functioning, any new recipient policies (policies that need to be applied to new recipients) will not be processed. These problems may prevent users from sending and receiving e-mail. Troubleshooting recipient policies If recipients cannot send and receive e-mail because of incorrectly configured email addresses, the following components may assist you in troubleshooting recipient policies:
!

Check for incorrectly configured Lightweight Directory Access Protocol (LDAP) queries on the policy. Recipient policies are only applied to recipients that match the LDAP query. If the e-mail address on a mailbox is not modified as expected, confirm that the LDAP query includes the recipient. When you create the LDAP query, you can select Find Now to view the list of recipients included in the LDAP query. Check the policy priority settings. A higher priority policy may overwrite the e-mail addresses configured by a lower priority policy. If you determine that a required e-mail address is being overwritten by another recipient policy, you can change the order in which the policies are applied or you can modify the higher priority policy to include the required e-mail address. Apply the policy. When you modify a policy, the policy is applied the next time the Recipient Update Service is run, which is every 60 seconds by default. To apply a policy immediately, right-click the policy and click Apply this policy now. To change the schedule on which the Recipient Update Service is run, right-click the appropriate recipient update service in Exchange System Manager and configure the update interval on the Recipient Update Service Properties General tab. If you apply the policy and the updates still do not appear, check the LDAP query and verify that the Recipient Update Service is functioning correctly.

!

!

Unit 3: Troubleshooting Public Folders and Mailboxes
!

11

Check for manually configured e-mail addresses. Recipient policies cannot remove or modify any e-mail addresses configured directly on the recipient object in Active Directory. If a user cannot send or receive e-mail because of an address configuration problem, the problem may be manually configured addresses. For example, if a user’s SMTP return address is incorrect, check to see if another address is manually configured as the primary address on the recipient object.

Recipient Update Service

The Recipient Update Service updates recipient e-mail addresses based on the recipient policies. By default, two Recipient Update Service objects are created:
!

Recipient Update Service (Enterprise Configuration). This object updates the e-mail addresses of the objects that are in the configuration partition of Active Directory, such as the Exchange store object, the message transfer agent (MTA) object, and the System Attendant object. Recipient Update Service (Active Directory domain). This object is created for each Active Directory domain that has an installation of Exchange 2000 or later. It updates e-mail addresses for recipient objects in Active Directory, and it updates address lists based on changes in recipient objects in that domain.

!

Troubleshooting the Recipient Update Service

If the e-mail addresses configured by recipient policies are not being applied to recipients, use the following troubleshooting options:
!

Force an immediate update. You can force the Recipient Update Service to run immediately by right-clicking the Recipient Update Service object and clicking Update Now. Check for Exchange server and Active Directory server availability. The Recipient Update Service object is configured with a domain controller and an Exchange server. The Recipient Update Service must be able to connect to both servers in order to run. If one of the servers is not available, you need to manually reconfigure the Recipient Update Service to use a different server. Confirm that the System Attendant service is running. The Recipient Update Service runs within the System Attendant service, so the System Attendant must be running. Enable Diagnostics Logging on the Exchange server that manages the Recipient Update Service for the MSExchangeSA Proxy Generation category. After logging is enabled, force the Recipient Update Service to run and then check the application log for details about what is occurring when the Recipient Update Service attempts to run.

!

!

!

12

Unit 3: Troubleshooting Public Folders and Mailboxes

Pre-Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** One of the troubleshooting skills that an Exchange administrator must have is being able to identify the mailbox and public folder problems that prevent users from sending and receiving e-mail messages. These issues are indicated when a client is unable to connect to a server running Exchange Server 2003 to access a mailbox or a public folder. When users connect to Exchange using Outlook Web Access (OWA) or Outlook Mobile Access (OMA), a number of issues may arise that you need to troubleshoot. In this context, discuss what problems might cause the following symptoms:
! ! !

A user cannot receive Internet e-mail sent to his or her e-mail address. A user cannot send Internet e-mail. A user is unable to post a message to a public folder.

Unit 3: Troubleshooting Public Folders and Mailboxes

13

Lab: Troubleshooting Public Folder and Mailbox Problems

*****************************ILLEGAL FOR NON-TRAINER USE****************************** For more information on completing this lab, see Appendix A, “Lab Guidance,” located at the back of the student workbook. After completing this lab, you will be able to:
!

Identify the underlying causes when a user cannot send Internet e-mail and resolve the problem. Identify the underlying causes when a user cannot receive Internet e-mail and resolve the problem. Identify the underlying causes when a user is unable to post a message to a public folder and resolve the problem. Important This lab focuses on the concepts in this unit and as a result may not comply with Microsoft security recommendations. For instance, this lab does not comply with the recommendation that you should not log on using an administrative account.

!

!

14

Unit 3: Troubleshooting Public Folders and Mailboxes

Lab Virtual PC configuration

For this lab, you will use the London Virtual PC and the Vancouver Virtual PC. The Vancouver Virtual PC is used to simulate an external organization on the Internet for the purpose of testing e-mail flow to and from the Internet. To prepare for this lab: 1. Start 2011_London Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with the password P@ssw0rd. You will use OWA on London to check e-mail for the affected users in the lab scenarios. Use the URL http://london/exchange to connect to OWA on London. 3. Start 2011_Vancouver Virtual PC. Because Vancouver is in the Microsoft Windows NT® domain Contoso, which is not part of the same forest as London, you can use Vancouver to simulate an Internet host. When you start Vancouver, Vancouver will run Autochk. You should allow Autochk to complete, at which time Vancouver will start successfully. 4. Log on to Vancouver as Contoso\Administrator. You will use Outlook 2000 on the Vancouver server to send and receive e-mail to the user accounts at NWTraders.

Lab preparation Navigating the flow chart

To create the troubleshooting scenarios, run the Breaklab3.vbs script from the c:\moc\2011\Labfiles\Lab03 directory located on 2011_London Virtual PC. In this lab, you will use the flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario, the Level 1 support comments, and then use the flow charts to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flow chart to determine which path to follow. Use the letters on the flow chart to identify the Lab Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario you have successfully completed the lab. Note that the flow chart for Exercise 3 is located at the end of the lab.

Unit 3: Troubleshooting Public Folders and Mailboxes

15

Lab Toolkit resources: Exercises 1 and 2
Flow chart resources B C D F

If necessary, use one or more of the Lab Toolkit resources listed in the following table to help you complete this lab.
Resources used for this flow chart Configuring the Recipient Update Service H Help: Exchange: Checking Mailbox Size Limits. To locate this information, open Exchange System Manager Help and then search for Define mailbox storage limits. Help: Exchange: Checking Message Queues. To locate this information, open Exchange System Manager Help and then search for queue viewer. H Help: Exchange: Checking Recipient Filter Settings. To locate this information, open Exchange System Manager Help and then search for Create a recipient filter. Help: Exchange: Checking Sender Filter Settings. To locate this information, open Exchange System Manager Help and then search for Create a sender filter. H Help: Exchange: Tracking Messages. To locate this information, open Exchange System Manager Help, select Help, select Help Topics, and then click Search. Search for message tracking and then click Use the Message Tracking Center. Help: Exchange: Verifying the RGC Configuration. To locate this information, open Exchange System Manager Help and then search for Install a routing group connector. Help: Exchange: Viewing the Global Address List. To locate this information, open Exchange System Manager Help and then search for Preview search filter results.

C

F A C D F

E

B

C

Help: Windows: Check Global Catalog Availability. To locate this information, open Windows Help and search for Dcdiag.exe: Domain controller diagnostic tool. E G Help: Windows: Testing DNS. To locate information on locating resource records using DNS administrator snap-in, open Windows Help and then search for Manage Resource Records. Help: Windows: Using NSLookup. To locate information on using NSLookup to test DNS, open a command prompt, type NSLookup to start the NSLookup tool, and then type Help. Help: Windows: Verifying Active Directory Replication. To locate this information, open Windows Help and then search for Troubleshooting replication: Active Directory.

E

G

B

C D A B C E

F

H

Impact of Virus and Content Scanners on Messaging Functionality Internet E-Mail Testing Methods Using Dcdiag and Netdiag to Verify the Network Infrastructure

G G F G H H

Using the Telnet Command to Test Connectivity Between Exchange Servers Using the Telnet Command to Test the TCP Port Restrictions on a Firewall Viewing Delivery Restrictions on SMTP Connectors Viewing Recipient Policies

B

16

Unit 3: Troubleshooting Public Folders and Mailboxes

Lab Toolkit resources: Exercise 3

If necessary, use one or more of the Toolkit resources listed in the following table to help you complete this lab.
Flow chart reference A

Resources used for this flow chart Help: Exchange: Forcing Public Folder Replication. To locate this information, open Exchange System Manager Help and then search for Manually Start Replication.

B

Help: Exchange: Mail-Enable a Public Folder. To locate this information, open Exchange System Manager Help and then search for Create a MailEnabled Public Folder. Help: Exchange: Verify Exchange Services are Running. To locate this information, open Exchange System Manager Help and then search for Monitor Services Used by Exchange. You can use this information to determine the services that should be running, and then view the Services console to verify that all required services are running.

A

B

Help: Exchange: Verify a Public Folder Alias. To locate this information, open Exchange System Manager Help and then search for Set the Alias Name. Help: Exchange: Viewing the Global Address List. To locate this information, open Exchange System Manager Help and then search for Preview Search Filter Results. Help: Exchange: Viewing Public Folder Permissions in Exchange System Manager. To locate this information, open the Exchange System Manager and locate a public folder. Right-click the public folder and click Properties. Then click the Permissions tab and click Help.

A

A

Estimated time to complete this lab: 75 minutes

Troubleshooting Mailbox Problems

H

A
Yes Can the user send or receive e-mail from other Internet recipients? No Can other users send or receive e-mail from the Internet? Yes

Start

Is the e-mail message sent to or received from the Internet?

1. Verify sender used correct address and can send to others 2. Check user's SMTP address and update if necessary 3. Check recipient filtering setting 4. Check message size limits and address restrictions on SMTP connector 5. Check message size and mailbox size limits 6. Check virus scanner and content scanner 7. Track message to see if the message entered the organization

No. internal e-mail Yes No

B G

F

Is the GAL information for the user accurate? No

1. Check if user appears in the GAL 2. Check user's e-mail addresses 3. Check Recipient Update Service availability 4. Check Active Directory replication 5. Use dcdiag and netdiag to check network connectivity

1. Verify that the sender used the correct address and can send to others in your organization 2. Check sender filtering settings 3. Check message size limits and address restrictions on SMTP Connector 4. Check message size and mailbox size limits 5. Check virus scanner and content scanner 6. Track message to see if the message entered the organization

Yes

C

1. Verify availablity of Internet connection 2. Verify external DNS MX records and DNS server availability 3. Check firewall configuration 4. Check SMTP virtual server availability 5. Check message size limits and address restrictions on SMTP connector

Are the sender and recipient on the same Exchange server? Yes

1. 2. 3. 4. 5. 6. 7. 8.

Check message queues Track message Check SMTP server functionality Check global catalog availability Check if users are mailbox enabled Check mailbox size limits Check virus scanner Check content scanner

No

D
Yes 1. 2. 3. 4. Check mailbox size limits Check virus scanner Check content scanner Track message

Can the user send and receive from recipients on other servers?

Unit 3: Troubleshooting Public Folders and Mailboxes

E

No

1. Check network connectivity between servers 2. Check DNS resolution between servers 3. Check global catalog availability 4. Check SMTP server functionality 5. Check routing group connector configuration

17

18

Troubleshooting Mailbox Problems

A
Start Yes Is the e-mail message sent to or received from the Internet?

Unit 3: Troubleshooting Public Folders and Mailboxes

No, internal e-mail

B
No 1. Check if user appears in the GAL 2. Check user’s email addresses 3. Check Recipient Update Service availability 3. Check Active Directory replication 4. Use dcdiag and netdiag to check network connectivity

Is the GAL information for the user accurate?

Yes

Troubleshooting Mailbox Problems

C

Are the sender and recipient on the same Exchange server? Yes

1. 2. 3. 4. 5. 6. 7. 8.

Check message queues Track message Check SMTP server functionality Check global catalog availability Check if users are mailbox enabled Check mailbox size limits Check virus scanner Check content scanner

No

D
Can the user send and receive from recipients on other servers? Yes 1. 2. 3. 4. Check mailbox size limits Check virus scanner Check content scanner Track message

No

E
1. Check network connectivity between servers 2. Check DNS resolution between servers 3. Check global catalog availability 4. Check SMTP server functionality 5. Check routing group connector configuration

Unit 3: Troubleshooting Public Folders and Mailboxes 19

20

Troubleshooting Mailbox Problems

H

Yes

Can the user send or receivee-mail from other Internet recipients? No Can other users send or receive e-mail from the Internet? Yes

1. Verify sender used correct address and can send to others 2. Check user’s SMTP address and update if necessary 3. Check recipient filtering settings 4. Check message size limits and address restrictions on SMTP connector 5. Check message size and mailbox size limits 6. Check virus scanner and content scanner 7. Track message to see if the message entered the organization.

Yes

No

Unit 3: Troubleshooting Public Folders and Mailboxes

F
1. Verify availability of Internet connection 2. Verify external DNS MX records and DNS server availability 3. Check firewall configuration 4. Check SMTP virtual server availability 5. Check message size limits and address restrictions on SMTP connector

G

1. Verify that the sender used the correct address and can send to others in your organization 2. Check sender filtering settings 3. Check message size limits and address restrictions on SMTP Connector 4. Check message size and mailbox size limits 5. Check virus scanner and content scanner 6. Track message to see if the message entered the organization

Unit 3: Troubleshooting Public Folders and Mailboxes

21

Exercise 1 Troubleshooting Solutions When a User Cannot Send Internal E-Mail
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Scenario Bryan Walton has entered a service request. Bryan is a new employee. He states that he is unable to send e-mail to anyone. Other users on the network can also not send e-mail messages to him. In this exercise, you will need to log on to OWA on London using NWTraders\BryanWalto. Note If Internet Explorer fails to load all data when connecting to OWA, close and restart Microsoft Internet Explorer. Level 1 support comments “Bryan is a new user who just started working here yesterday. I checked his computer—it is running a standard build with Microsoft Office 2003. He can’t open Outlook—gets an error message. Checked user account—he is in Active Directory and it looks like he is configured correctly. I can’t send e-mail to his account—it says the name doesn’t exist.” You must resolve the problems so that Bryan can send and receive e-mail from internal users. What did you determine to be the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

What steps did you take to identify and resolve the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

22

Unit 3: Troubleshooting Public Folders and Mailboxes

Exercise 2 Troubleshooting Solutions When a User Cannot Receive Internet E-Mail
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Scenario Andy Teal has entered a service request. He states that he is unable to receive e-mail from the Internet. He can send and receive e-mail internally, but when Internet e-mail users try to send e-mail to him, they receive NDRs. In this exercise, you will need to log on to Outlook 2000 on Vancouver using Contoso\Administrator to send messages to Andy Teal. To confirm the messages are delivered, you will also need to open Andy Teal’s mailbox by using his Nwtraders\andyteal Active Directory account. Level 1 support comments “Checked Andy’s computer; everything looks like it is properly configured. Outlook client works fine. Can send e-mail to internal users, and receive e-mail from internal users. Can send e-mail to the Internet – can’t receive. Even when Internet users reply to his e-mails, they get an NDR.” You must resolve the problem so that Andy can receive e-mail messages from the Internet. To simulate the Internet for purposes of this lab, use the Vancouver server. What did you determine to be the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

What steps did you take to identify and resolve the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Unit 3: Troubleshooting Public Folders and Mailboxes

23

Exercise 3 Troubleshooting Solutions When a User Cannot Post to a Public Folder
In this exercise, you will use the flow chart located at the end of this lab and the Lab Toolkit resources to identify and resolve the problem in the scenario. Scenario Ben Smith has entered a service request. He states that he is unable to post messages to a public folder named SalesReports. He can read the contents of the messages in the public folder but cannot post messages. In this exercise, you will need to log on to OWA on London using NWTraders\BenSmith. Level 1 support comments “Ben can send and receive e-mail without problems. Ben can see the public folder in the public folder list. Checked the public folder—everyone in the Sales department is supposed to be able to read and write to the public folder. Permissions on the public folder seem to be set up right.” You must resolve the problems Ben experiences when trying to post messages to the public folder. What did you determine to be the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

What steps did you take to identify and resolve the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

24

Troubleshooting Public Folder Problems

A
Is the user able to connect to the public folder server? Yes Is the user able to open the public folder? Yes Is the user able to post messages? No 1. Check folder permissions (restart Microsoft Exchange System Attendant to clear server cache immediately) 2. Check public folder replication 3. Check that the required services are running

Start

No

No

Yes

B
No 1. Verify that the folder is mail enabled 2. Verify that the folder is in GAL 3. Verify that the public folder e-mail address is correct

Unit 3: Troubleshooting Public Folders and Mailboxes

1. Check network connectivity 2. Check DNS 3. Check default public folder store setting Is the user able to post via e-mail?

1. Check public folder replication configuration 2. Check public folder referral configuration

Yes

End

Unit 3: Troubleshooting Public Folders and Mailboxes

25

Lab Virtual PC clean-up

For this lab, you used the London and Vancouver Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each virtual PC. Important When you shut down the Virtual PCs using these instructions, all changes made to the Virtual PCs during this lab will be lost. To clean up after this lab: 1. On Vancouver, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 2. On London, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. Note Start the 2011_London Virtual PC to prepare for the next unit’s lab. Do not shut it down again until instructed.

26

Unit 3: Troubleshooting Public Folders and Mailboxes

Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** What steps did you follow in the troubleshooting flow charts?
! ! ! !

What were the root causes of the problems described in the scenarios? What steps did you use and how did the steps help identify the problem? What other steps could you have used to identify the problem faster? How did you test your solution?

How will you approach these types of troubleshooting issues in your work environment?
! ! !

How is your work environment different than the test environment? How would your work environment change the troubleshooting process? What steps will you take in the future when troubleshooting similar problems?

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
Contents
Overview Troubleshooting Outlook Web Access Troubleshooting Outlook Web Access in a Front-End and Back-End Server Topology Troubleshooting Outlook Mobile Access Pre-Lab Discussion Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems Lab Discussion 1 2 5 7 9 10 22

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

1

Overview

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Microsoft® Outlook® Web Access (OWA) and Microsoft Outlook Mobile Access (OMA) are two of the key Microsoft Exchange Server 2003 components that make e-mail accessible from anywhere and on any device that can connect to the Internet. In order to troubleshoot OWA and OMA problems, you need to understand the architecture used to deploy these services. Both OWA and OMA use Internet Information Server (IIS) 5.0 or 6.0 to provide access to the Exchange information to Internet clients, so you may need to troubleshoot IIS issues as well as Exchange issues. Most companies deploy OWA and OMA in a frontend and back-end topology, which introduces another layer of complexity to troubleshooting. Objectives After completing this unit, you will be able to:
!

Identify the underlying causes when a user cannot access OWA because of a security error. Identify the underlying causes when a user cannot access OWA because of an authentication error and resolve the problem. Identify the underlying causes when a user cannot access OMA and resolve the problem.

!

!

2

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Troubleshooting Outlook Web Access

*****************************ILLEGAL FOR NON-TRAINER USE****************************** OWA in Exchange Server 2003 provides access to messaging information on the Exchange server to users with an Internet browser client. To provide this functionality, OWA is tightly integrated with IIS 5.0 or 6.0. OWA components OWA requires the following components in order to function: 1. Internet Information Services 5.0 or 6.0. The HTTP virtual server on the Exchange server accepts HTTP requests. If the URL for the requested information includes the Exchange virtual directory, the HTTP request is passed to the Exchange Internet Server Application Programming Interface (ISAPI) application. 2. Exchange Server 2003. The HTTP request is parsed by the ISAPI application and passed to the Exchange store. The Exchange server verifies the user has permission to view or modify the requested item. If the user has the required permissions the item is passed back to the Exchange ISAPI application, which renders the content into Hypertext Markup Language (HTML) or Extensible Markup Language (XML) and then passes the data through IIS to the client. 3. Microsoft Active Directory® domain controllers. The OWA server must be able to communicate with the domain controller and global catalog server to determine user permissions and perform address book lookups. The IIS and Exchange configuration information is also stored in Active Directory.

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

3

Troubleshooting OWA

Troubleshooting OWA is complicated by the fact that there are several components involved when the OWA client accesses the Exchange server. However, the error messages that you receive in your browser when you try to connect to Exchange by using OWA often provide useful information. The following table lists some of the common error messages that you may receive and some options for troubleshooting the errors.
Error Message 401 Access Denied 401 Logon Failed Troubleshooting the Error Message • Confirm that the username and password are correct. • Enter the user name using the domain\username format rather than a UPN. • Confirm that the user has permission to use OWA. 403 Access Denied • Confirm that the user has access to the resource they are trying to access. • Check the SSL configuration—the user will get this message if they are using HTTP rather that HTTPS and the site requires SSL. 404 Not Found • Confirm that the object the user is trying to access exists on the Exchange server. • Check the configuration of URLscan in IIS to confirm that URLscan is not blocking access to the required URL. • In a front-end and back-end topology, confirm that the front-end server can communicate with the back-end server. • Confirm the user is using a server name that is identical to the host header on the Exchange virtual server. 500 Internal Server Error • Confirm that the Exchange server can communicate with an Active Directory server. • If the client is using Kerberos for authentication, confirm that the time difference between the client computer and the OWA server are within acceptable limits. 503 Service Unavailable • Confirm that the Information Store service is running and that the required mailbox store is mounted. • If you have configured additional virtual servers to support multiple domain names, confirm that the virtual directories are configured correctly. E-mail messages do not display in the Contents pane • Check the firewall or proxy server settings to ensure they are not blocking the content.

4

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

When troubleshooting OWA, first ask some basic questions:
!

Are all users affected or just one individual? If all users are affected, then the problem is probably a server configuration error. You can begin troubleshooting by identifying the type of error that is sent to the client, and then troubleshoot the IIS and Exchange server configuration. If only one user is affected, the problem is likely a mailbox configuration error or a user error, so you would start the troubleshooting at the individual user or mailbox level. Are all Web browsers affected or only specific browsers? When a user connects to the OWA server, the Exchange ISAPI application detects what Web browser version the client is using, since different Web browsers have different functionality. For example, Microsoft Internet Explorer 4.0 and later support Windows® Integrated Authentication, while earlier versions and non-Microsoft clients do not. Internet Explorer 5.0 and later clients support the use of XML and WebDAV. If all browsers are affected, then the problem is likely to be a server configuration problem that is not specific to the new features supported by newer browsers. However, if the problem is client specific, you can start your troubleshooting with the client-specific features. If Internet Explorer 6.0 clients can connect, but Netscape Navigator clients cannot, check the authentication settings. If the opposite is true, check the firewall configuration to see if it is blocking the XML or WebDAV content. Is all OWA functionality affected or only some parts? By default, the OWA server includes several virtual directories under the default Web site to enable OWA and OMA mailbox and public folder access. In addition, you may need to configure additional virtual servers and directories on the server to support additional SMTP domains. When troubleshooting, you should check if all OWA functionality is affected or only some parts. For example, if users can access their mailboxes but not the public folders, you can just troubleshoot the connection to the public folder store. You can check whether the public folder store is mounted, or check to see if the public folder server is available. If users can access mailboxes on the default Web site but cannot access their mailboxes using other virtual Web sites on the same server, you can focus your troubleshooting only on the Web sites with problems.

!

!

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

5

Troubleshooting Outlook Web Access in a Front-End and Back-End Server Topology

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Most companies that deploy OWA use a front-end and back-end server topology. There are many advantages to using this topology, but it can also complicate OWA troubleshooting. Troubleshooting is more complicated in a front-end and back-end server topology because you need to test connections between multiple servers, as well as possibly troubleshoot network traffic crossing two firewalls. Front-end and back-end server topology benefits There are several benefits to deploying OWA in a front-end and back-end topology. These advantages include:
!

Clients use a single namespace. All users can use the front-end server URL to access their mailbox on any back-end server. Offload SSL processing. You can offload the processing required for SSL to the front-end servers, which can perform all encryption and decryption of the SSL traffic. Enhance security. In most cases, companies deploy the front-end server in a perimeter network, with the back-end servers located on the corporate intranet. The screened subnet is protected from the Internet by an external firewall and a second firewall is placed between the screened subnet and intranet. You can then limit what traffic can pass through each firewall. Scalability. The front-end and back-end topology can be scaled to almost any size by deploying several front-end servers in a Network Load Balancing (NLB) cluster.

!

!

!

6

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Troubleshooting OWA in a front-end and backend topology

When you are troubleshooting a front-end and back-end configuration, you will use many of the same steps that you use when you are troubleshooting a single OWA server. The one significant additional step that you may need to include when troubleshooting OWA in a front-end and back-end configuration is troubleshooting multiple servers. In most cases, users will be accessing OWA from the Internet. This means that the clients must connect to the front-end server through the Internet firewall. The front-end server must then connect to a domain controller and the back-end server. You may need to troubleshoot the OWA on each server:
!

Test functionality on the back-end server. The initial step in troubleshooting a front-end and back-end topology is to verify that OWA clients can connect to the back-end server. In order for OWA to work through the front-end server, it must first work on the back-end server. If you cannot connect to the back-end server by using OWA, you can use the single server troubleshooting steps discussed in the previous topic to determine the cause of the failure. If the OWA works on the back-end server, then move on to troubleshooting the front-end server. Test functionality on the front-end server from the internal network. The second component to test in this topology is the front-end server. You will need to connect to the front-end server from the internal network and check the functionality. If you cannot connect to the front-end server by using OWA, a problem exists between the front-end server and the back-end server. You may need to test the internal firewall configuration, or check the DNS configuration to ensure that the front-end server can locate a domain controller and the back-end server. If you can connect to the front-end server from the internal network, then the problem is located between the front-end server and the Internet, most likely on the external firewall. Test all virtual servers on the front-end and back-end servers. Front-end virtual servers and virtual directories that point to mailbox stores must use the same domain names as the corresponding back-end virtual servers or directories. If you can connect to a virtual server on a back-end server, but cannot connect to the same virtual server from the front-end, then ensure that the virtual servers on both servers are configured the same way.

!

!

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

7

Troubleshooting Outlook Mobile Access

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Outlook Mobile Access (OMA) enables users to access their Exchange Server 2003 mailbox by using a browser-enabled mobile device. Users can use devices such as mobile phones and PDAs that use Extensible Hypertext Markup Language (XHTML), compact HTML (cHTML), or standard HTML browsers to connect to their inbox, calendar, contacts, tasks, and perform global address list (GAL) searches. In addition to mobile phones, Windows Mobile™ devices using Microsoft Pocket Internet Explorer and desktop personal computers using Internet Explorer 6.0 or later also support OMA. OMA architecture The Exchange Server 2003 architecture to support OMA is essentially the same as is used for OWA. When OMA is enabled on an Exchange server, two additional virtual directories are created under the default Web site. The OMA virtual directory is used by OMA clients to connect to the mailboxes on the server. The Microsoft-Server-ActiveSync® virtual directory is used by ActiveSync clients to download messages from the Exchange server. When an OMA client connects to the Exchange server, the client must also be able to access the Exchange virtual directory. OMA is also supported in a front-end and back-end topology. To enable OMA in this topology, both the front-end and back-end servers must be configured for OMA.

8

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Troubleshooting OMA

Because OMA uses the same infrastructure as OWA, much of the troubleshooting for OMA will be the same as it is for OWA. However, there are some configurations which are unique to OMA that you may need to troubleshoot:
!

Check the global settings. In order for clients to use OMA, you must enable OMA on the global settings for the Exchange organization. You do this by accessing the properties for Mobile Services under the Global Settings and selecting Enable Outlook Mobile Access. If you want users to be able to access OMA using unsupported devices such as Internet Explorer 6.0, you must also select Enable unsupported devices. If these options are not selected, then the user will receive an error message saying that the account is not enabled for OMA when they try to connect. Check individual mailbox configurations. You must also enable OMA on each mailbox before a user will be able to access their mailbox using OMA. You can do this by accessing the user properties in Active Directory Users and Computers; select the Exchange Features tab and enable OMA. If this option is not selected, the user will receive an error message saying that the account is not enabled for OMA when they try to connect. Note If you are using a front-end and back-end server topology, both servers must be running Exchange Server 2003 in order to enable OWA.

!

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

9

Pre-Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** OWA and OMA are two of the key Exchange Server 2003 components that make e-mail accessible from anywhere and on any device that can connect to the Internet. Because users are accessing OWA and OMA from anywhere using a variety of Web and mobile access devices, troubleshooting these services can be complicated. A number of issues that you may need to troubleshoot can arise when users connect to Exchange using OWA or OMA. In this context, discuss what problems might cause the following symptoms:
! !

A user cannot access OWA because of a service not found error. A user cannot access OWA on a front-end server and the user receives an authentication error. A user cannot access OMA on a front end server.

!

10

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems

*****************************ILLEGAL FOR NON-TRAINER USE****************************** For more information on completing this lab, see Appendix A, “Lab Guidance,” located at the back of the student workbook. After completing this lab, you will be able to:
!

Identify the underlying causes when a user cannot access OWA because of a security error. Identify the underlying causes when a user cannot access OMA and resolve the problem. Identify the underlying causes when a user cannot access OWA because of an authentication error and resolve the problem. Important This lab focuses on the concepts in this unit and as a result may not comply with Microsoft security recommendations. For instance, this lab does not comply with the recommendation that you should not log on using an administrative account.

!

!

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

11

Lab Virtual PC configuration

For this lab, you will use the London Virtual PC and the Miami Virtual PC. The Miami Virtual PC will be configured as a front-end server. To prepare for this lab: 1. Start 2011_London-Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with a password of P@ssw0rd. You may use OWA on London to check e-mail for the affected users in the lab scenarios. 3. Start 2011_Miami Virtual PC. Log on as NWTraders\Administrator. 4. Use Exchange System Manager to browse to the Miami server object, rightclick the server object, and then click Properties. 5. Select This is a front-end server, and then click OK. 6. Restart Miami by clicking Start, Shut Down, and then Restart. Do not restart Miami by using Virtual PC, as this will save changes made in the lab. 7. You need to use Internet Explorer on Miami to access OWA and OMA. To connect to the front-end server for OWA, open Internet Explorer and connect to http://miami/exchange. To connect to the front-end server for OMA, open Internet Explorer and connect to http://miami/oma.

Navigating the flow chart

In this lab, you will use the flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario and the Level 1 support comments and then use the flow charts to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flow chart to determine which path to follow. Use the letters on the flow chart to identify the Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario you have successfully completed the lab.

12

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Lab Toolkit Resources
Flow Chart Resources A B C D E F

If necessary, use one or more of the following Lab Toolkit resources to help you complete this lab:
Resources Used for this Flow Chart J I Firewall Configuration Required to Support Front-End and BackEnd Servers Help: Exchange: Checking global settings. To locate this information, open Exchange System Manager help and search for Enable Outlook Mobile Access for All Users. J Help: Internet Information Services: Configuring SSL on Servers. To locate information regarding SSL on virtual directories, search Internet Information Services help for Configuring SSL on Servers and then select Configuring SSL on Servers. Help: Windows: How to use TCP/IP command-line utilities. To locate this information, open Windows help and then search for Command-line utilities: TCP/IP. H I J Help: Windows: Testing DNS. To locate information on locating resource records using DNS administrator snap-in, search for Manage Resource Records. Help: Windows: Troubleshoot IPSec. To locate information regarding troubleshooting IPSec, search Windows Server 2003 Online Help for IPSec and then select Troubleshooting: Internet Protocol Security (IPSec). Help: Windows: Using IPConfig. To locate this information, open Windows help and search for Ipconfig: Command-line reference. I J Help: Windows: Using NSLookup. To locate information on using NSLookup to test DNS open a command prompt, type NSLookup to start the NSLookup tool, and then type Help. Outlook Mobile Access Requirements Securing a Front-End and Back-End Server Infrastructure Using the Telnet Command to Test the TCP Port Restrictions on a Firewall Verifying that a Server is Online I Verifying the Configuration of the Default Web Site

D

E

I

B

G

C

D

E

F

D

E

I

J

C C D E F

H H

D D A B E D E F G I

J J J

Estimated time to complete this lab: 150 minutes

Troubleshooting OWA and OMA Problems

Start

A
Yes Yes Internet No Can the client ping the server IP address? Yes Can the client ping the server host name? Can you run OWA/OMA on the front-end server? 1. Check external firewall configuration 2. Check open ports and port redirection configuration 3. Check packet filtering configuration

Is the user on the internal network or on the Internet?

D
No No

B
1. Check if the client can connect to other Internet sites 2. Check if the server is online 3. Check firewall configuration 4. Check IP routing 1. Check DNS 2. Check client's DNS server settings 3. Check firewall configuration Can you run OWA/OMA on the back-end server?

C
Yes

Internal

1. Check internal firewall 2. Check open ports and port redirection configuration 3. Check packet filtering configuration 4. Check DNS 5. Check front-end back-end security configuration 6. Check Outlook Mobile Access configuration No

Can you run OWA/OMA on the front-end server? Yes Yes Yes No Can the client ping the server host name?

F
1. Check internal firewall for internal network to perimeter network configuration 2. Check open ports and port redirection configuration 3. Check packet filtering configuration 4. Check DNS

E
1. Check global settings 2. Check default Web site configuration 3. Check security configuration (SSL, IPSec) 4. Check Web site availability 5. Check DNS

Can the client ping the server IP address?

No

No

Can you run OWA/OMA on the back-end server?

G H
1. Check DNS 2. Check client DNS server settings No

J
Yes

1. Check if client can connect to other internal Web sites 2. Check if the server is online 3. Check IP routing

I
1. Check global settings 2. Check default Web site configuration 3. Check security configuration (SSL, IPSec) 4. Check Web site availability 5. Check DNS

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

1. Check internal firewall 2. Check open ports and port redirection configuration 3. Check packet filtering configuration 4. Check DNS 5. Check front-end back-end security configuration 6. Check Outlook Mobile Access configuration

13

14

Troubleshooting OWA and OMA Problems

Start

Can you run OWA/OMA on the front-end server? Yes Internet Can the client ping the server IP address? Yes Can the client ping the server host name?

Is the user on the internal network or on the Internet?

No Yes

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Internal

No

No

A
1. Check external firewall configuration 2. Check open ports and port redirection configuration 3. Check packet filtering configuration

Troubleshooting OWA and OMA Problems

No

D

Internal No Yes

No

Can you run OWA/OMA on the back-end server?

B C
1. Check DNS 2. Check client’s DNS server settings 3. Check firewall configuration 1. Check if the client can connect to other Internet sites 2. Check if the server is online 3. Check firewall configuration 4. Check IP routing

1. Check internal firewall 2. Check open ports and port redirection configuration 3. Check packet filtering configuration 4. Check DNS 5. Check front-end back-end security configuration 6. Check Outlook Mobile Access configuration

E
No

Can the client ping the server IP address? Yes

1. Check global settings 2. Check default Web site configuration 3. Check security configuration (SSL, IPSec) 4. Check Web site availability 5. Check DNS

G

No

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

1. Check for open relay 2. Update antivirus signatures 3. Check antivirus and content scanning quarantine 4. Check message queues

15

16

Troubleshooting OWA and OMA Problems

Can you run OWA/OMA on the front-end server? Yes Yes Yes No Can the client ping the server host name?

F
1. Check internal firewall for internal network to perimeter network configuration 2. Check open ports and port redirection configuration 3. Check packet filtering configuration 4. Check DNS

No Can you run OWA/OMA on the back-end server?

H
1. Check DNS 2. Check client DNS server settings

J
Yes No 1. Check internal firewall 2. Check open ports and port redirection configuration 3. Check packet filtering configuration 4. Check DNS 5. Check front-end back-end security configuration 6. Check Outlook Mobile Access configuration

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

I
1. Check global settings 2. Check default Web site configuration 3. Check security configuration (SSL, IPSec) 4. Check Web site availability 5. Check DNS

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

17

Exercise 1 Troubleshooting Solutions When a User Cannot Access Outlook Web Access
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab4a.bat script located in the c:\MOC\2011\Labfiles\Lab04 folder on 2011_London Virtual PC. Amy Rusko has entered a service request. She is trying to access her e-mail from home using OWA. When she tries to connect to OWA, Amy receives an error indicating that the service is not available. In this exercise, you will need to log on to Outlook Web Access on Miami using NWTraders\amyrusko. Level 1 support comments “Talked to Amy at home—she is using Internet Explorer 6.0. She had no problem accessing her e-mail when she was in the office during the day. The problem showed up when she tried to use OWA from home. She gets the logon screen but when she enters her user name and password, she receives an error message saying that she needs to use https:// to connect to the server. When she tries to connect using https://miami.nwtraders.msft, she receives an error indicating that the page cannot be displayed.” You must resolve the problems so that Amy can connect to the front-end Exchange server using OWA. What did you determine to be the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

Scenario

What steps did you take to identify and resolve the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

18

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Exercise 2 Troubleshooting Solutions When a User Cannot Access Outlook Mobile Access
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab4b.bat script located in the c:\MOC\2011\Labfiles\Lab04 folder on 2011_London Virtual PC. In this exercise, you will be using Internet Explorer to simulate a wireless device. To use Internet Explorer as an OMA device, use the following procedure: 1. On Miami, click Start, click Run, type http://Miami/oma and then click OK. 2. If prompted with a Security Alert dialog box, click Add twice and then click Close. If prompted with a second Security Alert dialog box, click Yes to proceed. 3. When prompted for your logon credentials, log on with a user account that has access to OMA. Use the domainname\username format. 4. When prompted that your device type is not supported, click OK. Scenario Raman Iyer has entered a service request. Raman is trying to access his e-mail from his Web phone using OMA. When he tries to connect to OMA he receives an error message. In this exercise, you will need to log on to OMA on Miami using NWTraders\ramaniyer.

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

19

Level 1 support comments

“Talked to Raman at the airport where he just landed. He is using a supported cell phone – he can browse other sites using his cell phone. His e-mail worked on his desktop computer in the office when he left this afternoon. He gets the logon screen, and uses the domain name and his user name to connect, but then receives an HTTP 404 error indicating that the file or directory is not found. All servers are working.” You must resolve the problems so that Raman can connect to the Exchange server using OMA. What did you determine to be the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

What steps did you take to identify and resolve the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

20

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Exercise 3 Troubleshooting Solutions When a User Cannot Log In to Outlook Web Access
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab4c.bat script located in the c:\MOC\2011\Labfiles\Lab04 folder on 2011_London Virtual PC. In this exercise, you will need to log in to OWA on Miami using NWTraders\hanyingfeng. Scenario Hanying Feng has entered a service request. He is trying to access his e-mail from a hotel room using OWA. When Hanying tries to connect, he gets an authentication error. “Talked to Hanying at the hotel room where he is staying—he is using Internet Explorer 6.0. He has been gone from the office for about a week; this is the first time he has tried to access his e-mail in the last week. He gets the logon screen, but when he enters his user name and password he is not authenticated. Instead he just gets the logon screen again. All servers are working.” You must resolve the problems so that Hanying can connect to the Exchange server using OWA. What did you determine to be the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Level 1 support comments

What steps did you take to identify and resolve the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

21

Lab Virtual PC clean-up

For this lab, you used the Miami and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image. Important When you shut down the Virtual PCs using these instructions, all changes made to the Virtual PCs during this lab will be lost. To clean up after this lab: 1. On Miami, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 2. On London, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. Note Start the 2011_London Virtual PC to prepare for the next unit’s lab. Do not shut it down again until instructed.

22

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** What steps did you follow in the troubleshooting flowcharts?
! ! ! !

What were the root causes of the problem described in the scenario? What steps did you use and how did the steps help identify the problem? What other steps could you have used to identify the problem faster? How did you test your solution?

How will you approach these types of troubleshooting issues in your work place?
! ! !

How is your work environment different than the test environment? How would your work environment change the troubleshooting process? What steps would you take in the future when troubleshooting similar problems?

Unit 5: Troubleshooting Client Connectivity
Contents
Overview Messaging Clients Used to Access Exchange Server 2003 How Messaging Clients Connect to Exchange Server 2003 Additional Services Required for Connecting to Exchange Server 2003 Pre-Lab Discussion Lab: Troubleshooting Client Connectivity Problems Lab Discussion 1 2 5 7 9 10 20

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Unit 5: Troubleshooting Client Connectivity

1

Overview

*****************************ILLEGAL FOR NON-TRAINER USE****************************** In this unit, you will learn how to troubleshoot the connection between a client and a Microsoft® Exchange Server server, particularly the messaging client and its connection to the server. The focus of this unit is on client configuration issues and those services needed by the client in order to connect to the computer running Microsoft Exchange Server 2003. Most problems reported by users who cannot access their e-mail are related to the ability of the messaging client to access and connect to the e-mail server. These connection problems can arise whether the user is an internal user on the local area network or a remote user connecting from the Internet. Objectives After completing this unit, you will be able to:
!

Identify the underlying causes when a user is unable to send e-mail to the Internet from home using Outlook Express and resolve the problem. Identify the underlying causes when a user receives a “The connection to the server has failed” message from home and resolve the problem. Identify the underlying causes when a new user receives an error message when trying to connect to his or her mailbox and resolve the problem.

!

!

2

Unit 5: Troubleshooting Client Connectivity

Messaging Clients Used to Access Exchange Server 2003

*****************************ILLEGAL FOR NON-TRAINER USE****************************** How you troubleshoot the connection between a messaging client and an Exchange server will depend on the messaging client used. Not all messaging clients use the same protocols and ports. For example, knowing that a Microsoft Outlook® Web Access (OWA) client uses a different port than the ports used by an Outlook client will help when it comes to troubleshooting each of these messaging clients. If one messaging client works while another messaging client does not work, you can focus your troubleshooting on the differences between the messaging clients. Messaging clients The table below identifies various messaging clients, their usage and troubleshooting solutions.
Messaging clients Microsoft Outlook Messaging client usage and troubleshooting • The Outlook client is Microsoft’s full-featured, rich mail client. • Outlook uses MAPI to make and maintain connections to the Exchange server environment. • Outlook 2003 can make remote procedure call (RPC) connections over HTTP connections. • You can configure an Exchange Server 2003 frontend server to accept RPC over HTTP connections and act as a proxy to connect to the back-end server, where the user’s mailbox exists. • By using RPC instead of HTTP, Outlook users can connect to their mailbox across the Internet, without using a virtual private network (VPN) connection into the corporate network. • Using RPC over HTTP will ease troubleshooting connections through a firewall.

Unit 5: Troubleshooting Client Connectivity (continued) Messaging clients Microsoft Outlook (continued) Messaging client usage and troubleshooting • Troubleshooting the connection between an Outlook client and an Exchange server requires: • Troubleshooting RPC connections. • Troubleshooting MAPI profiles. • Troubleshooting router and firewall port mappings. Microsoft Outlook Express • Outlook Express is often used by remote users who only need access to e-mail and who do not need all of the functionality of the Outlook client application. • Troubleshooting Outlook Express is simply a matter of verifying that the proper virtual servers are running, and that the firewall has properly published the ports: • 25 for outbound and inbound Simple Mail Transfer Protocol (SMTP) messages to and from Internet SMTP servers • 465 for SMTP that is secured using Secure Sockets Layer (SSL) • 110 for Post Office Protocol version 3 (POP3) for Outlook Express clients to pick up e-mail from the Exchange server environment • 995 for POP3 that is secured using SSL

3

• 143 for Internet Message Access Protocol version 4rev1 (IMAP4) for Outlook Express clients to pick up e-mail from the Exchange server environment • 993 for IMAP4 that is secured using SSL • 80 for HTTP for Outlook Express clients to download e-mail from their Exchange server • 443 for HTTP that is secured using SSL OWA • One of the most flexible e-mail clients is OWA. Almost any Web browser can be used to access e-mail from an Exchange server using OWA. • Troubleshooting OWA is much easier than troubleshooting any other client since OWA is comprised of Web pages being served from the Exchange server. • OWA is often used by e-mail administrators to help troubleshoot other e-mail clients. If OWA is able to send and receive e-mail internally as well as to and from the Internet, you can be sure that the Exchange server is up and running properly. • Troubleshooting OWA requires: • Verifying that the proper fully qualified domain name is being used. • Verifying that the OWA server can be reached from the Internet. • Verifying that the user prefaced the URL with https:// in the event it is secured with SSL.

4

Unit 5: Troubleshooting Client Connectivity (continued) Messaging clients Microsoft Outlook Mobile Access (OMA) Messaging client usage and troubleshooting • Outlook Mobile Access is used by mobile devices such as cell phones and wireless PDAs to access Exchange mailbox and public folder data. • Increased use of mobile devices requires more troubleshooting. • Many mobile devices connect to the Exchange server using HTTP. • Troubleshooting mobile devices requires: • Verifying that port 80 and 443 are available. • Verifying that the mobile user content is available on the server. Other applications • E-mail access is not limited to Microsoft e-mail client applications only. • Many e-mail clients function as POP3 or IMAP4 clients. • Troubleshooting other applications requires the same process as Outlook Express, which is described earlier in this table.

Unit 5: Troubleshooting Client Connectivity

5

How Messaging Clients Connect to Exchange Server 2003

*****************************ILLEGAL FOR NON-TRAINER USE****************************** When troubleshooting messaging clients, you need to understand where each messaging client is used and what ports the messaging client needs. This is very important in troubleshooting messaging clients, especially those clients that are outside the company network. The messaging client does not connect to Exchange Server 2003 unless the proper services are running on the server. Messaging clients outside the company will also have to contend with the firewall. Troubleshooting external messaging clients will often require verification that the firewall has properly published the port and mapped it to the Exchange server.

6

Unit 5: Troubleshooting Client Connectivity

When troubleshooting, remember to check the connections used by different messaging clients, some of which are listed in the following table.
Messaging clients Outlook Protocol and port connections to Exchange • Outlook 2003 normally connects using RPC across a local area network (LAN), a WAN, or a VPN connection. • Using RPC over HTTP, however, Outlook 2003 uses: • 80 for HTTP • 443 for HTTP that is secured using SSL Outlook Express • Outlook Express can combine IMAP4 and SMTP or combine POP3 and SMTP to provide messaging connectivity to the Exchange server. • Outlook Express can also use SSL. • The ports used for messaging in Outlook Express include: • 25 for SMTP connections • 465 for SMTP that is secured using SSL • 110 for POP3 connections • 995 for POP3 that is secured using SSL • 143 for IMAP4 connections • 993 for IMAP4 that is secured using SSL • 80 for HTTP • 443 for HTTP that is secured using SSL OWA • OWA connections use: • 80 for HTTP • 443 for HTTP that is secured using SSL OMA • OMA connections use: • 80 for HTTP • 443 for HTTP that is secured using SSL

Unit 5: Troubleshooting Client Connectivity

7

Additional Services Required for Connecting to Exchange Server 2003

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Several different protocols and services are required in order for a client application to connect to an Exchange server. You must include these protocols and services in your troubleshooting processes when troubleshooting client connectivity. For example, without DNS, the messaging client would not be able to find the Exchange server and connect to the proper port using its fully qualified domain name. The following table lists several protocols and services that will help you in troubleshooting client connectivity.
Service DNS How it is used by Exchange and messaging client • DNS is required in three situations: • DNS is used by the client application to resolve the fully qualified name of the Exchange server for remote users and to resolve the simple host name for internal users. Once the name of the server has been resolved to an IP address, the connection can take place. • DNS is used by the Exchange server to send SMTP e-mail to an internal smart host or to send e-mail directly to the receiving domain by resolving the mail exchanger (MX) record to the proper IP address and then making the connection over port 25. • DNS is used by mail servers on the Internet to find the Exchange server for the company to which they want to send e-mail. If the sending server cannot find the MX record or cannot properly resolve the MX record, the connection will not take place and e-mail will not be received.

8

Unit 5: Troubleshooting Client Connectivity (continued) Service IIS How it is used by Exchange and messaging client • Internet Information Services (IIS) is required for hosting Web server content used to generate pages for browser clients. • OWA requires IIS to host content for users who access their e-mail using a compliant browser. • OMA requires IIS to host content for the many different types of mobile clients who access e-mail via the Web. NNTP • Network News Transfer Protocol (NNTP) is required to access the public folders in a company using a news reader like Outlook Express. • If individuals are having trouble accessing public folders or posting to public folders, check permissions after verifying that the NNTP and Microsoft Exchange Information Store services are running and that NNTP is available for the client connection. IMAP4 • IMAP4 is used by Outlook Express and other remote e-mail client applications to connect to the Exchange server and retrieve e-mail. • When troubleshooting failing IMAP4 clients, check to make sure DNS is resolving properly, the firewall is allowing traffic flow using the IMAP4 port, and the IMAP4 service is running properly. POP3 • POP3 is often used by Outlook Express and other remote e-mail client applications to connect to the Exchange server from the Internet. • POP3 and IMAP4 are used mostly by remote e-mail users. • When troubleshooting failing POP3 clients, check to make sure DNS is resolving properly, the firewall is allowing POP3 traffic flow, and the POP3 service is running properly. SMTP • SMTP is used by Outlook Express and other remote e-mail client applications to send e-mail to the Internet. • SMTP is used by Exchange Server 2003 to transfer messages between Exchange servers, depending on the location of the recipient’s mailbox. • SMTP troubleshooting is similar to troubleshooting IMAP4 and POP3 virtual servers. • When troubleshooting SMTP, check DNS first, verify that the firewall is not blocking port 25, and verify that the SMTP service is available and running.

Unit 5: Troubleshooting Client Connectivity

9

Pre-Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Client connectivity problems will impact all network-based applications. Since Exchange Server 2003 supports different types of messaging clients, it is important to know the differences between the client types and how to troubleshoot each type. It is especially important to note the differences between the messaging clients when troubleshooting their connectivity to the Exchange server. Discuss what problems might cause the following symptoms:
! !

An Outlook Express user cannot send e-mail to the Internet from home. An Outlook Express user cannot access their e-mail from home. The user receives a “The connection to the server has failed” message. A new user running Outlook cannot open their mailbox.

!

10

Unit 5: Troubleshooting Client Connectivity

Lab: Troubleshooting Client Connectivity Problems

*****************************ILLEGAL FOR NON-TRAINER USE****************************** In this lab, you will troubleshoot problems with messaging client connectivity. Each exercise can be solved using the Lab Toolkit resources and the processes provided in the accompanying flow chart. For more information on completing this lab, see Appendix A, “Lab Guidance,” located at the back of the student workbook. After completing this lab, you will be able to:
!

Identify the underlying causes when a user is unable to send e-mail to the Internet from home using Outlook Express and resolve the problem. Identify the underlying causes when a user receives a “The connection to the server has failed” message from home and resolve the problem. Identify the underlying causes when a new user receives an error message when trying to connect to his or her mailbox and resolve the problem. Important This lab focuses on the concepts in this unit and as a result may not comply with Microsoft security recommendations. For instance, this lab does not comply with the recommendation that you should not log on using an administrative account.

!

!

Unit 5: Troubleshooting Client Connectivity

11

Lab Virtual PC configuration

For this lab, you will use the Acapulco, London, and Vancouver Virtual PCs. The Acapulco Virtual PC is used to provide a messaging client for internal users as well as external users. London is a domain controller, global catalog server, DNS server, and Exchange Server 2003 server. Vancouver is a Microsoft Windows NT® 4.0 domain controller that is also running Exchange 5.5 and Outlook 2000. To prepare for this practice: 1. Start 2011_London Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with the password P@ssw0rd. 3. Start the 2011_Acapulco Virtual PC and log on as nwtraders\chrisgray. 4. Start the 2011_Vancouver Virtual PC. 5. Log on as Contoso\Administrator with the password P@ssw0rd.

Navigating the flow chart

In this lab, you will use the flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario, the Level 1 support comments, and then use the flow charts to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flow chart to determine which path to follow. Use the letters on the flow chart to identify the Lab Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario you have successfully completed the lab.

12

Unit 5: Troubleshooting Client Connectivity

Lab Toolkit resources
Flow chart reference F A C D F

If necessary, use one or more of the Lab Toolkit resources listed in the following table to help you complete this lab.
Resources used for this flow chart E-Mail Blocked from Subscribers of an Exclusion List (Block List) G Help: Exchange: Authentication Methods Used in Exchange Server 2003. To locate this information, open Exchange System Manager Help and then search for Edit authentication methods. Help: Exchange: Check Mobile Services Permissions. To locate this information, open Exchange System Manager Help and then search for Set mobile service settings. Help: Exchange: Check Protocol Permissions. To locate this information, open Exchange System Manager help and then search for Set protocol settings. G Help: Exchange: Managing Message Queues. To locate this information, open Exchange System Manager Help and then search for Manage message queues. Help: Exchange: Managing Virtual Servers. To locate this information, open Exchange System Manager Help, search for Configure virtual servers, and click the appropriate topic for the type of virtual server. Topics of particular interest include Configure an SMTP Virtual Server and Create Additional SMTP Virtual Servers.

E

A

E

A

C

D

E

Help: Exchange: Verify Mobile Services are Configured on the Server. To locate this information, open Exchange System Manager Help and then search for Enable Outlook Mobile Access for all users. Help: Windows: How to Use TCP/IP Command-Line Utilities. To locate this information, open Windows Help and then search for Command-line utilities: TCP/IP.

A

B

A

B

C

D

E

F

G

Help: Windows: Testing DNS. To locate information on locating resource records using the DNS administrator snap-in, open Windows Help and then search for Manage resource records. Help: Windows: Troubleshooting TCP/IP. To locate this information, open Windows Help and then search for Troubleshooting: TCP/IP. Help: Windows: Using IPConfig. To locate this information, open Windows Help and then search for Ipconfig: Command-line reference.

B B B E

Help: Windows: Using NSLookup. To locate information on using NSLookup to test DNS, open a command prompt, type NSLookup to start the NSLookup tool, and then type Help. Help: Windows: Verifying SMTP. To locate this information, open Windows Help and then search for Managing services: Common administrative tasks. F G G Impact of Virus and Content Scanners on Messaging Functionality Using the Telnet Command to Test the TCP Port Restrictions on a Firewall Verifying that a Server is Online Verifying that the Smart Host is Running

A

C B A

D

E E

F

Estimated time to complete this lab: 120 minutes

Messaging Client Unable to Connect to Exchange Server 2003 Server

Start

A

IMAP/POP

What messaging client is being used? POP

1. Verify SMTP is running 2. Verify smart host is running, if used 3. Verify that virtual servers are configured appropriately including for authentication and for SSL 4. Check protocol permissions 5. Verify route to server 6. Test DNS Which messaging client is being used, POP or IMAP?

IMAP

B
MAPI 1. Verify IP configuration on client is correct 2. Test DNS from client 3. Verify server is online 4. Test network route 5. Check hosts and Imhosts files

C
1. Test POP3 virtual server 2. Verify that virtual servers are configured appropriately including for authentication and for SSL 3. Verify firewall allows port 110 and 995 4. Test DNS

D
1. Test IMAP4 virtual server 2. Verify that virtual servers are configured appropriately including for authentication and for SSL 3. Verify firewall allows port 143 and 993 4. Test DNS

OWA/OMA

E
End Yes Can the user receive Internet e-mail?

Yes

Can the user send Internet e-mail?

No

1. Check protocol permissions 2. Check mobile services premissions on account 3. Verify mobile services configured on server 4. Test DNS from client 5. Verify server is online 6. Check firewall publication and redirection of OWA and OMA sites

G
No

Unit 5: Troubleshooting Client Connectivity

F
1. Check external DNS (MX Records) 2. Test SMTP virtual servers using Telnet on port 25 from Internet 3. Check e-mail block lists 4. Check anti-virus/content scanners 5. Check SMTP authentication

1. Test SMTP using Telnet on port 25 from Exchange server 2. Verify that appropriate authentication is enabled 3. Test DNS 4. Check message queues 5. Check antivirus and content quarantines

13

14

Messaging Client Unable to Connect to Exchange Server 2003 Server

Start

A

Unit 5: Troubleshooting Client Connectivity

IMAP/POP

What messaging client is being used? POP

1. Verify SMTP is running 2. Verify smart host is running, if used 3. Verify that virtual servers are configured appropriately including for authentication and for SSL 4. Check protocol permissions 5. Verify route to server 6. Test DNS Which messaging client is being used, POP or IMAP?

IMAP

B
MAPI 1. Verify IP configuration on client is correct 2. Test DNS from client 3. Verify server is online 4. Test network route 5. Check hosts and lmhosts files

C
1. Test POP3 virtual server 2. Verify that virtual servers are configured appropriately including for authentication and for SSL 3. Verify firewall allows port 110 and 995 4. Test DNS

D
1. Test IMAP4 virtual server 2. Verify that virtual servers are configured appropriately including for authentication and for SSL 3. Verify firewall allows port 143 and 993 4. Test DNS

Messaging Client Unable to Connect to Exchange Server 2003 Server

E
Yes End Yes Can the user receive Internet e-mail?

Can the user send Internet e-mail?

1. Check protocol permissions 2. Check mobile services permissions on account 3. Verify mobile services configured on server 4. Test DNS from client 5. Verify server is online 6. Check firewall publication and redirection of OWA and OMA sites No

No

G
1. Test SMTP using Telnet on port 25 from the Exchange server 2. Verify that appropriate authentication is enabled 3. Test DNS 4. Check message queues 5. Check antivirus and content quarantines

F
1. Check external DNS (MX Records) 2. Test SMTP virtual servers using telnet on port 25 from Internet 3. Check e-mail block lists 4. Check anti-virus/content scanners 5. Check SMTP authentication

Unit 5: Troubleshooting Client Connectivity 15

16

Unit 5: Troubleshooting Client Connectivity

Exercise 1 Outlook Express User Unable to Send E-Mail to the Internet
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab5a.bat script located in the c:\MOC\2011\Labfiles\Lab05 folder on 2011_London Virtual PC. Chris Gray has entered a service request. He states that he is unable to send or receive e-mail to and from an Internet recipient from his home computer. He says that he is able to receive e-mail from internal users. On Acapulco, create an Outlook Express IMAP mail account for NWTraders\ChrisGray. His account must be configured to use SSL for SMTP communications and to require authentication for outgoing mail. Use this Outlook Express account to connect to the London server and troubleshoot the connection. Level 1 support comments “Chris has been able to send and receive e-mail to and from the Internet before today. He says that he has never had this problem before. I verified that the configuration of Outlook Express on Chris’s computer is set to use the SSL port for SMTP per company directives. He does not have his Outlook Express client configured to use SSL with IMAP4, and this needs to be changed. All remote users are supposed to use SSL when connecting with Outlook Express. I verified that Chris’ mailbox exists and has messages in it.” You must establish full e-mail communication for Chris Gray. What did you determine to be the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Scenario

What steps did you take to identify and resolve the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Unit 5: Troubleshooting Client Connectivity

17

Exercise 2 Outlook Express User Unable to Connect to Exchange Server 2003 Server
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Exercise preparation To create the troubleshooting scenario for this exercise, perform the following steps: 1. On the 2011_Acapulco Virtual PC, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 2. On the 2011_Vancouver Virtual PC, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 3. Run the breaklab5b.bat script located in the c:\MOC\2011\Labfiles\Lab05 folder on 2011_London Virtual PC. 4. Start the 2011_Acapulco Virtual PC and then log on as NWTraders\alexhanki with the password P@ssw0rd. Scenario Alex Hankin has entered a service request. He states that he is unable to access his e-mail from home using Outlook Express. He is repeatedly receiving a message that states “The connection to the server has failed.” On Acapulco, create an Outlook Express IMAP mail account for NWTraders\AlexHanki that uses SSL to secure both IMAP and SMTP. Use this Outlook Express account to connect to the London server and troubleshoot the connection. Level 1 support comments “Talked to Alex on the phone and walked him through configuration of Outlook Express. He has the correct server configured and the rest of his settings appear to be fine in Outlook Express.” You must resolve the problems Alex experiences when accessing his e-mail from home using Outlook Express. What did you determine to be the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

What steps did you take to identify and resolve the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

18

Unit 5: Troubleshooting Client Connectivity

Exercise 3 New Outlook User Unable to Open His Mailbox
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab5c.bat script located in the c:\MOC\2011\Labfiles\Lab05 folder on 2011_London Virtual PC. Gary Schare was just hired and provided with his computer. Gary reports to the service department that his computer takes a very long time to start up, and that after it finally starts, he is unable to access his mailbox using Outlook. In this exercise, you will need to create a profile for NWTraders\GarySchar on Acapulco. Level 1 support comments “Talked to Gary on the phone and had him reboot his computer – it took 20 minutes to log on! After it was up, I walked him through deleting and recreating his Outlook profile. Gary is a new hire so I checked and verified that his account was created. “Ran the Outlook 2003 Wizard to connect to the Exchange Server 2003 mailbox and clicked Next after entering the server name and user name. Outlook 2003 hung for several minutes and eventually provided an error. The error states that the connection to the Exchange server is unavailable. Clicked OK after the error and was asked for the server and user names again. Verified with Operations—all Exchange servers are running without any reported problems.” You must resolve the problems Gary experiences when attempting to access his mailbox. Log onto Acapulco as GarySchar using the password P@ssw0rd. Use Outlook 2003 to connect to the London server and troubleshoot the connection. What did you determine to be the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Scenario

What steps did you take to identify and resolve the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Unit 5: Troubleshooting Client Connectivity

19

Lab Virtual PC clean-up

For this lab, you used the Acapulco, Vancouver, and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image. Important When you shut down the Virtual PCs using these instructions, all changes made to the Virtual PCs will be lost. To clean up after this lab: 1. On Acapulco, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 2. If you have not yet shut down Vancouver, on Vancouver, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 3. On London, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. Note Start the 2011_London Virtual PC to prepare for the next unit’s lab. Do not shut it down again until instructed.

20

Unit 5: Troubleshooting Client Connectivity

Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** What steps did you follow in the troubleshooting flow charts?
! ! ! !

What were the root causes of the problems described in the scenarios? What steps did you use and how did the steps help identify the problem? What other steps could you have used to identify the problem faster? How did you test your solution?

How will you address this type of problem in the future?
! ! !

How is your work environment different than the test environment? How would your work environment change the troubleshooting process? What steps will you take in the future when troubleshooting similar problems?

Unit 6: Troubleshooting Server Connectivity
Contents
Overview Troubleshooting Intra-Routing Group Connectivity Troubleshooting Routing Group Connectivity Troubleshooting Connectivity to Other E-Mail Systems Troubleshooting Connectivity to the Internet Pre-Lab Discussion Lab: Troubleshooting Server Connectivity Problems Lab Discussion 1 2 5 8 11 14 15 26

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Unit 6: Troubleshooting Server Connectivity

1

Overview

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Large companies generally have complicated e-mail infrastructures, a fact which makes troubleshooting e-mail delivery in those companies complicated as well. In order to troubleshoot e-mail delivery in this kind of environment, you may need to troubleshoot message delivery between servers in the same routing group or in different routing groups. You also may need to troubleshoot message delivery to other messaging systems, either to other systems in your own company or to SMTP (Simple Mail Transfer Protocol) servers on the Internet. Objective After completing this unit, you will be able to:
! ! !

Troubleshoot message delivery between servers in the same routing group. Troubleshoot message delivery between servers in different routing groups. Troubleshoot message delivery between a Microsoft® Exchange Server 2003 organization and another e-mail system. Troubleshoot message delivery between an Exchange Server 2003 organization and the Internet.

!

2

Unit 6: Troubleshooting Server Connectivity

Troubleshooting Intra-Routing Group Connectivity

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Most companies will deploy more than one server running Exchange Server 2003 in a central office where each server may contain thousands of mailboxes. In this environment, you will need to troubleshoot message flow between two or more Exchange servers in the same routing group. Intra-routing group message delivery Message delivery within a single routing group is an extension of message routing within a single server. When a message is submitted to the server by a client, the SMTP (Simple Mail Transfer Protocol) routing engine on the server queries the global catalog to determine the recipient’s mailbox server. If the mailbox is on another server in the same routing group, the message is routed by the SMTP server to the destination Exchange server. Message delivery within a single site has the following characteristics:
!

All message delivery is point to point. Within a single routing group, messages are always delivered from the sender’s Exchange server directly to the recipient’s Exchange server. Messages are never routed between multiple servers. All message delivery between Exchange servers uses the SMTP protocol. Exchange Server 2003 and Microsoft Exchange Server 2000 use SMTP protocol to deliver messages within a routing group. If the routing group also contains a Microsoft Exchange 5.5 server, messages sent to and from the Exchange 5.5 servers will use the RPC (Remote Procedure Call) protocol. When messages are sent using the RPC protocol, the message routing is calculated by the SMTP routing engine; then the message is forwarded to the Microsoft Exchange MTA (Message Transfer Agent) Stacks service and sent to the destination server.

!

Unit 6: Troubleshooting Server Connectivity
!

3

Messages are delivered as soon as the messages are received. Message delivery within a single routing group cannot be scheduled by the server. However, the sender can specify a message delivery time by using Microsoft Outlook®. Message delivery is automatically configured between Exchange servers in the same routing group. You cannot modify the settings for message delivery within a single routing group.

!

Troubleshooting intrarouting group message routing

When all Exchange servers are in the same routing group, message delivery is less complicated. However, message delivery does fail occasionally and you will need to troubleshoot the failed deliveries. Listed below are some components to check when performing this troubleshooting:
!

DNS server availability and zone information. A sending Exchange server must query DNS to locate the other Exchange servers in the routing group. If the DNS lookup fails, the message will not be delivered. The Exchange server also uses DNS to locate domain controllers and global catalog servers. Use Ping and NSLookup to diagnose DNS lookup issues. Microsoft Active Directory® and global catalog availability. In order for the sending Exchange server to send e-mail to a recipient, the Exchange server must query the global catalog to determine the destination Exchange server. If a global catalog server is not available, the messages will remain on the sending Exchange server in the Messages awaiting directory lookup queue. If the global catalog server is not available in the Exchange server’s site, either configure another domain controller as a global catalog server or configure the Exchange server to use a global catalog server in another site. If the global catalog server is overloaded, you must configure another domain controller to operate as global catalog server. Message queues. One of the key pieces of information that you can determine from the message queues is where the message delivery is failing. For example, if the messages are stuck in a local queue on the sending server, use the guidelines for troubleshooting message delivery on a single server. If the messages are stuck in the remote delivery queue on the local server, troubleshoot the connection between the sending and receiving servers. If the messages are stuck in a queue on the destination server, troubleshoot message delivery on the destination server. Expansion servers. If a message sent to a mail-enabled group is not delivered, you should check the expansion server setting on the group properties. By default, any Exchange server can expand the membership list of a mail-enabled group, but you can modify this so only a specific server can act as the expansion server. If no specific expansion server is configured on the group properties, you should check the group type. If the group is a global group that is in a different domain than the sending Exchange server, the Exchange server will not be able to expand the membership list for the group. In this case, either configure an expansion server for the group that is in the same domain as the group’s members or change the group to a universal group. If an expansion server is configured for the mail-enabled group, confirm that the expansion server is available in the same domain as the group members and that it can connect to a global catalog server.

!

!

!

4

Unit 6: Troubleshooting Server Connectivity
!

Global settings, virtual server settings, and mailbox settings. If only a few messages are not being delivered within the routing group, you should attempt to determine if the messages have any common characteristics. For example, if messages with large attachments are not being delivered, determine why this type of message is not being delivered. The maximum message size can be configured on the global settings, on the virtual server settings, or on the individual mailbox. If there are any message size limits set on the mailbox, these settings will override all other settings. If the message limit is set on the SMTP virtual server and on the global settings, the virtual server settings will override the global settings.

Unit 6: Troubleshooting Server Connectivity

5

Troubleshooting Routing Group Connectivity

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Many large companies have numerous office locations that contain Exchange servers. To control the flow of e-mail messages between office locations, you can create a routing group for each office and then configure routing group connectors between the routing groups. When you configure the routing group connectors, you can manage when messages will be delivered, manage the message sizes that can be delivered between the offices, and configure delivery restrictions controlling who can send messages between the routing groups. When you configure a routing group connector, you also configure a bridgehead server in each routing group. All messages sent between the routing groups are sent from the sending server to the bridgehead server in its routing group, transferred to the bridgehead server in the destination routing group, and then sent to the destination server. Routing group connector options Exchange Server 2003 supports three connectors between routing groups:
!

The Routing Group connector. This connector uses SMTP to transfer messages to the destination routing group and can be configured to use zero, one, or multiple local bridgehead servers. When delivering a message to another routing group, the sending server must resolve the Internet Protocol (IP) address of the target bridgehead server by using DNS. In most cases, the Routing Group connector is the preferred connector because it is the easiest to configure. The SMTP connector. This connector also uses SMTP to route messages between two routing groups. Although the Routing Group connector and the SMTP connector both use SMTP as the transport protocol, the SMTP connector provides additional functionality in that it can be used to send e-mail to any SMTP host, including hosts in other Exchange organizations or on the Internet. When configuring an SMTP connector to connect routing groups, you must configure a smart host that will be the target bridgehead server as well as an address space that defines which SMTP messages will be routed across the connector.

!

6

Unit 6: Troubleshooting Server Connectivity
!

The X.400 connector. This connector is used to establish an X.400 messaging route between two routing groups or between a routing group and another X.400 system. In order to configure an X.400 connector you must first create an X.25 X.400 or Transmission Control Protocol/Internet Protocol (TCP/IP) X.400 Service Transport Stack for X.400. The X.400 connector only supports a single bridgehead server in both routing groups. When using an X.400 connector, you must configure an address space for the destination routing group.

Troubleshooting routing group connectors

Multiple routing groups introduce an additional layer of complexity to your Exchange organization and to your troubleshooting. Use the following guidelines when troubleshooting message delivery between routing groups:
!

Determine where message delivery fails. The first step in troubleshooting message delivery between routing groups is to determine where the message delivery fails. To identify where a message is stopped, use the Message Tracking Center to track the message. If the message is not being delivered to the local bridgehead server, use the single routing group troubleshooting procedures. If the message is being delivered to the bridgehead server, confirm that the message is being sent to the destination bridgehead server. If the message is being delivered to the destination bridgehead server, determine if the message is being delivered to the destination Exchange server. Messages sent between routing groups may be sent through multiple routing groups before reaching the destination routing group, so you may need to track the message through all the intermediate routing groups. After determining where the message delivery fails, use the following troubleshooting suggestions at the point of failure. Monitor the SMTP and X.400 link queues. When a computer running Exchange Server 2003 receives an e-mail that will be sent through a routing group connector, it creates a SMTP or X.400 queue for that connector. You can monitor the growth of the queue using the queue viewer. You can also view the additional queue information, which may explain the reason for failed delivery. Troubleshoot connector availability. If the messages are being delivered to one bridgehead server, but are not being delivered to the next bridgehead server, you must troubleshoot the connector status. You can view the connector status by using the Exchange System Manager Tools container. If the connector status is unavailable, confirm that the Exchange server can resolve the name of the destination Exchange server in DNS and that the other server is available. Also use a tool like Telnet to determine if the destination server is responding to SMTP commands. View link state table using WinRoute. If your company contains multiple routing groups with several routing group connectors, you can use a tool like WinRoute to view the link state routing information. WinRoute provides you with detailed information about all of the connectors in the Exchange organization, as well as connector status information. By reviewing the information provided by WinRoute, you may identify connector configuration errors that provide you with the information that you need to troubleshoot message delivery.

!

!

!

Unit 6: Troubleshooting Server Connectivity
!

7

Confirm availability of the routing group master. If you have changed the routing group configuration in your Exchange organization, and the changes are not being reflected within other Exchange servers in the routing group, confirm the availability of the routing group master. If the routing group master is not available, changes to the routing group configuration will not be sent to the other Exchange servers in the routing group. You should also check the availability of the routing group master if one routing group connector fails and messages are not being routed to alternate connectors. Check connector configuration settings. Each of the connectors includes several configuration options, such as message size, time, and delivery restrictions. If some messages are being sent across the connector while other messages are not, the most likely cause is a configuration setting on the connector. In addition, if messages are not being delivered across an SMTP or X.400 connector, check the address space configuration for the connector.

!

8

Unit 6: Troubleshooting Server Connectivity

Troubleshooting Connectivity to Other E-Mail Systems

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Some companies may have e-mail systems in addition to running Exchange. This is a common scenario when one company merges with or takes over another company. In many cases, one of the first priorities when companies merge is to enable messaging between them. External connector options You have a limited number of options when configuring message connectivity to an e-mail system other than Exchange. Some options are as follows:
!

Configure SMTP connectivity. One of the easiest ways to enable messaging between the two e-mail systems is to configure SMTP connectivity. If both companies have Internet e-mail connectivity, you can just use the existing infrastructure to route messages. You can also configure an SMTP connector that is dedicated to delivering e-mail between the two companies. The biggest disadvantage of using SMTP to route messages between companies is that you can only send and receive messages. When companies merge, there is usually a requirement for users to also be able to share calendar information, or to easily maintain a global address list that includes the recipients in both companies. This is not possible with only SMTP connectivity. Configure X.400 connectivity. You can configure an X.400 connector between the two messaging systems if the non-Exchange system supports X.400. X.400 connectors to external organizations only support message delivery, not directory synchronization or calendar information. Install and configure Microsoft Exchange Connector for Lotus Notes. If one of the companies is running Lotus Notes, you can use Microsoft Exchange Connector for Lotus Notes to route e-mail messages between the companies. This connector also supports directory synchronization between Active Directory and the Lotus Notes Address Book.

!

!

Unit 6: Troubleshooting Server Connectivity
!

9

Install and configure Microsoft Exchange Connector for Novell Groupwise. If one of the companies is running Novell Groupwise, you can use Microsoft Exchange Connector for Novell Groupwise to route e-mail messages between the companies. This connector also supports directory synchronization between Active Directory and the Groupwise Address Book. Install and configure Microsoft Exchange Calendar Connector. If you install Microsoft Exchange Connector for Lotus Notes or Microsoft Exchange Connector for Novell Groupwise, the Microsoft Exchange Calendar Connector can be used to exchange free and busy information between the messaging organizations.

!

Exchange 5.5 and Exchange 2000 also support the Microsoft Exchange Connector for Lotus cc: Mail and the Microsoft Exchange MS Mail Connector. These connectors are not supported in Exchange Server 2003. If you want to retain these services in your organization, you should retain an Exchange 2000 server to run such components. Troubleshooting external connectivity Many of the same troubleshooting principles apply when troubleshooting the external connectors as apply when troubleshooting routing group connectors. However, because the external messaging systems have different configuration options, there are also specific troubleshooting guidelines that you can use:
!

Monitor queues. When you install the external connectors on an Exchange server, a queue is created on that Exchange server for all messages sent to the external organization. If messages are not being delivered between the companies, use the queue viewer to determine whether the messages are stuck in the queue. If the messages are stuck in the external connector queue, troubleshoot the connection between the Exchange server and the other messaging server. If messages are stuck in one of the other system queues on the Exchange server before they even get sent to the connector queue, troubleshoot message delivery on the Exchange server using the procedures covered in the earlier sections of this unit. Track messages. If you have message tracking enabled, you can track messages in the Exchange organization as they are sent between the two messaging systems. By tracking the messages, you can determine whether message delivery is failing within your organization or during delivery to the other messaging system. Message tracking will track the messages through the external connector but cannot track messages once they leave the connector. Enable and check proxy addresses. When you install the external connectors, the default recipient policy is modified to include proxy addresses compatible with the external e-mail system. By default, these proxy addresses are not enabled in the recipient policy, so you must enable the addresses before they will be applied to recipients in your organization. If messages are not being delivered from the external messaging system, check to ensure that the proxy addresses in your organization match the address space on the connector.

!

!

10

Unit 6: Troubleshooting Server Connectivity
!

Check client configuration and connectivity. When you are configuring the Lotus Notes connector, you must install a Lotus Notes client on the Exchange server that is running the connector. You must also configure a Notes user ID for the connector on the Lotus Notes/Domino server and configure a client .ini file on the Exchange server. The Notes client must be able to connect to the Lotus Notes/Domino server in order to route messages between the systems. If messages are not being delivered between the two messaging systems, check if you can connect to the Lotus Notes/Domino server using the Notes client. If you can’t connect, troubleshoot the client connectivity. If you can connect using the client, check the connector configuration. Check address book replication configuration. For both of the external connectors, you can configure a specific container as the import and export containers for address book replication. If you do not want all of the Exchange recipients to be synchronized with the external mail system, you can move all of the recipients that you want to synchronize into one container, and then specify that container as the export container. If some user accounts are not being synchronized, check the export container configuration and ensure that the user accounts are in the right container.

!

Unit 6: Troubleshooting Server Connectivity

11

Troubleshooting Connectivity to the Internet

*****************************ILLEGAL FOR NON-TRAINER USE****************************** In addition to routing messages within the company, every company also needs to be able to send e-mail to the Internet and receive messages from the Internet. When you configure Internet e-mail, you must configure two separate components: one for Internet e-mail coming into your company and another for Internet e-mail going out of your company. Troubleshooting incoming connectivity In order for you to be able to receive e-mail from the Internet, you must configure at least one of your SMTP servers so that it is accessible from the Internet. This requires the configuration of two components:
!

Configuring firewall rules to allow SMTP. To receive Internet e-mail, at least one of your Exchange SMTP virtual servers must be accessible from the Internet. In most cases, this is enabled by configuring firewall rules that forward all SMTP traffic to a specific server. Configuring mail exchanger (MX) records for your DNS domain. You must configure MX records pointing to the SMTP server(s) in your company in order for SMTP servers on the Internet to know which SMTP server to contact when they have SMTP mail for your company. These MX records must be available on the DNS servers that contain the zone information for your company on the Internet. If you have multiple SMTP servers that are accessible from the Internet, you can use MX records with different preferences to load balance the SMTP connections from the Internet.

!

12

Unit 6: Troubleshooting Server Connectivity

To troubleshoot incoming SMTP e-mail, use the following guidelines:
!

Test SMTP server availability. The first step in troubleshooting incoming SMTP e-mail is to test whether your SMTP server is accessible from the Internet. You can do this by running Telnet from a computer that is directly attached to the Internet. Try to connect to the SMTP server’s Internet accessible IP address using port 25. If you cannot connect to the server using Telnet, check the firewall configuration to ensure that SMTP traffic is allowed and is being forwarded to the correct SMTP server. If you can connect to the server using the IP address, try connecting using the server FQDN. If this fails, there is a problem with the DNS information on the Internet DNS servers or the DNS servers are not available. Use Nslookup to examine the DNS host records. Examine the MX records. If you can connect to the SMTP server using Telnet but messages are still not being delivered, examine the MX records on the Internet DNS servers using Nslookup. The MX records should refer the Internet SMTP servers to the host record for your SMTP server. If you have multiple MX records configured for your domain, ensure that the preference settings for each record are correct. Check SMTP virtual server configuration. If you cannot connect to the SMTP server from the Internet but all of the firewall settings appear to be correct, check the SMTP virtual server availability and configuration. The SMTP virtual server has several configuration options that may affect the receipt of Internet e-mail. In some cases, all messages may be affected. For example, if the SMTP virtual server is configured to require authentication for all inbound connections, SMTP servers on the Internet will not be able to connect to the server. Other SMTP virtual server connections may affect only some traffic. For example, message size limits will block only those messages that exceed the message size limit.

!

!

Troubleshooting outgoing connectivity

By default, any computer running Exchange Server 2003 that can access DNS information on the Internet can send messages to SMTP servers on the Internet. Most companies do not want all of their Exchange servers to send e-mail to the Internet. To avoid this, you should configure an SMTP connector with one or more bridgehead servers to send all e-mail to the Internet. This SMTP connector should be configured with an address space of “*” so that it can send e-mail to any domain. Also, you must ensure that the server that hosts the SMTP bridgehead server can resolve host and MX records on the Internet. To troubleshoot outgoing Internet e-mail, use the following guidelines:
!

Confirm SMTP connectivity to the Internet. In order for your Exchange server to send e-mail to the Internet, the server must be able to establish SMTP connections to the Internet. To test this, run Telnet on the Exchange server and try to connect to an SMTP server on the Internet that you know is online. If the connection fails, check the firewall configuration to ensure that your server is allowed to make SMTP connections to the Internet. Confirm the MX records for the destination domain in DNS. If Internet e-mail is being delivered to some domains, but not to others, check the MX records for the domains where delivery is failing. In order for your Exchange server to send e-mail to an SMTP domain, the server must be able to locate the MX records for the domain, and the MX records must be accurate.

!

Unit 6: Troubleshooting Server Connectivity
!

13

Monitor the SMTP link queues. When a computer running Exchange 2003 receives an e-mail intended for a SMTP domain outside the organization, it creates a temporary SMTP queue for that domain. If messages are not being delivered to a specific SMTP domain, use the queue viewer on the SMTP bridgehead server to check if the messages are stuck in the queue. If there are several messages in the queue, view the queue information to determine why messages are not being delivered to the domain. If outgoing messages are stuck in only one domain queue, you can troubleshoot message delivery to just that one domain. If messages are stuck in all of the queues for domains outside the organization, you will need to extend your troubleshooting to the entire SMTP server. Check the global Internet message formats and message delivery restrictions. You can use Internet message formats to configure the encoding, format, and type of messages (such as out-of-office or NDRs) that you send to all SMTP domains or to specific domains. You can also configure global message delivery settings, such as maximum message size, for the entire organization. If messages are not being delivered to specific domains on the Internet, check the message format settings. If needed, create domain-specific message format settings. For example, if the SMTP server for a domain can only accept UUENCODE messages, configure a domain-specific policy. Check the SMTP connector information. The SMTP connector contains many configuration options that may affect message delivery. These configuration options include message size, delivery restrictions, message delivery direction, and time restrictions. If messages from users in one routing group are being delivered using the SMTP connector but messages from users in other routing groups are not being delivered, check the scope of the SMTP connector. Check the SMTP virtual server configuration. The SMTP virtual server that is the bridgehead server for the SMTP connector can also be configured in ways that may affect message delivery. For example, you can configure authentication and encryption settings for outgoing messages. If the destination SMTP server settings are not compatible, outbound messages will not be delivered. You can also configure the SMTP virtual server to use a specific DNS server for e-mail delivery. If that DNS server is not available, or if the DNS server does not contain the required information, the SMTP virtual server will not be able to send any Internet messages. Check for SMTP open relaying. In some cases, your servers may still be able to send Internet e-mail but the message delivery may be very slow. If you notice that your Exchange server is operating much more slowly than usual, check the SMTP queues on the server. If the SMTP queues contain many more messages than you would expect, check whether your server is configured for open relaying. If your server is being used for open relaying, it may be delivering thousands of unsolicited commercial e-mails or spam to recipients around the world. This will significantly decrease your server performance. (By default, open relaying is blocked on Exchange 2003 servers. For information on how to detect and prevent open relaying, see the Toolkit resource “Identifying and Closing Open Relays.”)

!

!

!

!

14

Unit 6: Troubleshooting Server Connectivity

Pre-Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** To troubleshoot e-mail delivery in most large companies, you may need to troubleshoot message delivery between servers in the same routing group or in different routing groups. You also may need to troubleshoot message delivery to other messaging systems, such as other systems in your own company or SMTP servers on the Internet. A number of issues can arise when troubleshooting message delivery in a complex messaging environment. In this context, discuss what problems might cause the following symptoms:
! ! !

A user cannot send e-mail to a recipient in another routing group. A user cannot send e-mail to an Internet recipient. A user cannot receive e-mail from an Internet recipient.

Unit 6: Troubleshooting Server Connectivity

15

Lab: Troubleshooting Server Connectivity Problems

*****************************ILLEGAL FOR NON-TRAINER USE****************************** For more information on completing this lab, see Appendix A, “Lab Guidance,” located at the back of the student workbook. After completing this lab, you will be able to:
! !

Troubleshoot problems with message delivery between routing groups. Troubleshoot problems with message delivery between an Exchange organization and the Internet. Important This lab focuses on the concepts in this unit and as a result may not comply with Microsoft security recommendations. For instance, this lab does not comply with the recommendation that you should not log on using an administrative account.

Lab Virtual PC configuration

For the first exercise in this lab, you will use the London Virtual PC and the Miami Virtual PC. In preparation for the lab, you will configure an additional routing group and move the Miami Exchange server into the new routing group. To prepare for this exercise, you need to perform the following configuration steps: 1. Start 2011_London-Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with a password of P@ssw0rd.

16

Unit 6: Troubleshooting Server Connectivity

3. Start 2011_Miami Virtual PC. Log on as NWTraders\Administrator and then start Exchange System Manager. Configure Exchange System Manager to display routing groups, and then create a new routing group named Miami Routing Group. Move the Miami server into the new routing group, and verify that London continues to be a member of First Routing Group. Once you have configured the routing groups, restart the default SMTP virtual server on London. Detailed steps to accomplish this task are as follows: a. In the console tree, right-click Northwind Traders (Exchange) and then click Properties. On the General tab, select the Display routing groups check box, and then click OK. b. In the console tree, expand Routing Groups, expand First Routing Group, and then click Members. Verify that both London and Miami are members of the First Routing Group. c. In the console tree, right-click Routing Groups, point to New, and then click Routing Group. d. In the Properties dialog box, type Miami Routing Group and then click OK. e. In Exchange System Manager, in the console tree, expand Miami Routing Group. f. In the console tree, in the First Routing Group container, click Members, and then in the Details pane click and drag Miami from the Members container of the First Routing Group to the Members container of the Miami Routing Group. g. Click each Members container to verify that the London server remains a member of First Routing Group and that the Miami server is a member of the Miami Routing Group. h. In the console tree, expand Servers\London\Protocols\SMTP. i. In the console tree, right-click Default SMTP Virtual Server and then click Stop. After the virtual server is stopped, right-click Default SMTP Virtual Server and then click Start. 4. You will use Microsoft Internet Explorer on Miami to access OWA to test e-mail delivery. Navigating the flow chart In this lab, you will use flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario and the Level 1 support comments and then use the flow charts to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flow chart to determine which path to follow. Use the letters on the flow chart to identify the Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario you have successfully completed the lab.

Unit 6: Troubleshooting Server Connectivity

17

Lab Toolkit Resources
Flow Chart Resources B B C E E F

If necessary, use one or more of the following lab toolkit resources to help you complete this lab:
Resources Used for this Flow Chart Checking Global Settings Help: Exchange: Configuring Connectors. To locate this information, open Exchange System Manager, select Help, select Help Topics and select Search. Search for Set up Connectors and select the topic Set up Connectors. Help: Exchange: Configuring messaging recipients. To locate this information, open Exchange System Manager help and then search for Configure Message Settings for Mailbox-Enabled Users.

B

E

Help: Exchange: Enabling Diagnostic Logging. To locate this information, open the Exchange System Manager help. In this help file, search for Configure Diagnostic Logging and Set Diagnostic Logging Properties. F Help: Exchange: Managing Message Queues. To locate this information, open Exchange System Manager, select Help, select Help Topics and then select Search. Search for Queue Viewer and select the topic Queue Viewer. Help: Exchange: Managing Virtual Servers. To locate this information, open Exchange System Manager, select Help, select Help Topics and then select Search. Search for Configure Virtual Servers and select the appropriate topic for the type of virtual server. Help: Exchange: Monitoring Connector Status. To locate this information, open Exchange System Manager, select Help, select Help Topics and then select Search. Search for Connector Status and select the topic Verify Server and Connector Status. F Help: Exchange: Tracking Messages. To locate this information, open the Exchange System Manager, click Help, then click Help Topics, and then click Search. Search for message tracking and then select Use the Message Tracking Center. Help: Exchange: Verifying the RGC Configuration. To locate this information, open Exchange System Manager help and then search for Install a Routing Group Connector. Help: Windows: How to use TCP/IP command-line utilities. To locate this information, open Windows help and then search for Command-line utilities: TCP/IP. F Help: Windows: Testing DNS. To locate information on locating resource records using DNS administrator snap-in, search for Manage Resource Records. Identifying and Closing Open Relays Using Dcdiag and Netdiag to Verify the Network Infrastructure Using WinRoute to Troubleshoot Routing Verifying that a Server is Online Viewing Delivery Restrictions on SMTP Connectors

A

C

E

A

B

D

E

C

A

E

A

B

D

B E A B B C C D D E

Estimated time to complete this lab: 80 minutes

18

Troubleshooting Server Connectivity
Start

No, it is being received from an external sender

Is the message being sent and received inside the Exchange organization? Yes

A

B
No, it is being sent to an external recipient No No

Unit 6: Troubleshooting Server Connectivity

Are the servers in the same routing group? Yes

1. Check recipient properties 2. Check network connectivity 3. Check DNS and MX record information 4. Check SMTP virtual server availability and configuration 5. Check SMTP connector configuration 6. Check global settings Track messages - are the messages being delivered to bridgehead server? Yes Yes Can you connect to the servers using SMTP? Yes

1. Check network connectivity 2. Check infrastructure (DNS, global catalog, domain controller) 3. Check SMTP virtual server functionality 4. Check queues 5. Track Messages

F
Are the queues backed up? No 1. Check message delivery in destination routing group 2. Check DNS and MX record information 3. Check global settings

Is the message being sent via SMTP? No Yes

D
No, it is being sent via a supported connector

E
1. Check that bridgehead or remote servers are running 2. Check network connectivity 3. Check infrastructure (global catalog, domain controller, DNS) 4. Check SMTP virtual server availability

C
1. Check bridgehead servers availability 2. Check connector configuration 3. Check connector address space 4. Check message queues

1. Check for open relay 2. Check SMTP virtual server configuration 3. Check global settings 4. Check queue information 5. Check routing group master availability 6. Check connector address space 7. Check routing group connnector availability and configuration 8. Configure diagnostic logging on transport protocol

Troubleshooting Server Connectivity

Start

No, it is being received from an external sender

Is the message being sent and received inside the Exchange organization? Yes

A

B
No, it is being sent to an external recipient Are the servers in the same routing group? Yes

1. Check network connectivity 2. Check infrastructure (DNS, global catalog, domain controller) 3. Check SMTP virtual server functionality 4. Check queues 5. Track Messages No

1. Check recipient properties 2. Check network connectivity 3. Check DNS and MX record information 4. Check SMTP virtual server availability and configuration 5. Check SMTP connector configuration 6. Check global settings Is the message being sent via SMTP? Yes

Unit 6: Troubleshooting Server Connectivity

C

No, it is being sent via a supported connector

Track messages are the messages being delivered to bridgehead server?

No

Yes

1. Check bridgehead servers availability 2. Check connector configuration 3. Check connector address space 4. Check message queues

19

20

Troubleshooting Server Connectivity

Unit 6: Troubleshooting Server Connectivity

F
Can you connect to the servers using SMTP? Yes Are the queues backed up No 1. Check message delivery in destination routing group 2. Check DNS and MX record information 3. Check global settings

No

Yes

D
1. Check that bridgehead or remote servers are running 2. Check network connectivity 3. Check infrastructure (global catalog, domain controller, DNS) 4. Check SMTP virtual server availability

E
1. Check for open relay 2. Check SMTP virtual server configuration 3. Check global settings 4. Check queue information 5. Check routing group master availability 6. Check connector address space 7. Check routing group connnector availability and configuration 7. Configure diagnostic logging on transport protocol

Unit 6: Troubleshooting Server Connectivity

21

Exercise 1 Troubleshooting Solutions When Users Cannot Send Messages Between Routing Groups
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Scenario Annette Hill has entered a service request. Annette is unable to send e-mail messages to Michael Allen in Miami. In this exercise, you will need to log on to Microsoft Outlook Web Access (OWA) on London using NWTraders\AnnetteHill. You will need to log on to OWA on Miami using NWTraders\MichaelAllen. Level 1 support comments “Urgent! Talked to Annette and she says she sent some e-mail to Michael Allen in Miami a couple of hours ago, but the messages haven’t been delivered yet. The messages had Microsoft PowerPoint® attachments; she is not sure how big the attachments were. Checked if I could send e-mail to the Miami—it is not being delivered either. I am not getting any NDRs. Immediately escalated this to second level support.” You must resolve the problems that Annette has when sending e-mail messages to the users in Miami. What did you determine to be the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

What steps did you take to identify and resolve the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

22

Unit 6: Troubleshooting Server Connectivity

Exercise 2 Troubleshooting Solutions When Users Cannot Send Messages to the Internet
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. For this exercise and the next exercise, you will use the London Virtual PC and the Vancouver Virtual PC. The Vancouver Virtual PC will be used to simulate an Internet connection. To prepare for this exercise, you need to perform the following configuration steps: 1. Shut down the 2011_Miami Virtual PC. To shut down, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 2. Ensure that you are logged on to the London Virtual PC as NWTraders\Administrator. 3. Start the 2011_Vancouver Virtual PC. Because Vancouver is in the Windows NT domain Contoso, which is not part of the same forest as London, you can use Vancouver to simulate an Internet host. When you start Vancouver, Vancouver will run Autochk. You should allow Autochk to complete, at which time Vancouver will start successfully. 4. Log on to Vancouver as Contoso\Administrator with a password of P@ssw0rd. Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab6b.bat script located in the c:\MOC\2011\Labfiles\Lab06 folder on 2011_London Virtual PC. Gustavo Camargo has entered a service request. Gustavo is trying to send e-mail to Internet e-mail recipients and the messages are not being delivered. In this exercise, you will need to log on to OWA on London using NWTraders\GustavoCamar, and open the Administrator mailbox on Vancouver by using Outlook 2000.

Scenario

Unit 6: Troubleshooting Server Connectivity

23

Level 1 support comments

“Urgent! Talked to Gustavo and he says he sent an urgent e-mail to a customer first thing this morning and it hasn’t been delivered. Checked if I could send e-mail to the Internet—it is not being delivered either. I am not getting any NDRs. Immediately escalated this to second level support.” You must resolve the problem so that Gustavo can send e-mail to Internet email recipients. What did you determine to be the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

What steps did you take to identify and resolve the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

24

Unit 6: Troubleshooting Server Connectivity

Exercise 3 Troubleshooting Solutions When Users Cannot Receive Messages from the Internet
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab6c.bat script located in the c:\MOC\2011\Labfiles\Lab06 folder on 2011_London Virtual PC. Angela Barbariol has entered a service request. Angela is a sales manager who is also the manager of a distribution group named SalesRequests@nwtraders.msft. Messages from the Internet are not being delivered to the distribution group. In this exercise, you will need to log on to OWA on London using NWTraders\AngelaBarba. Level 1 support comments “Talked to Angela, her e-mail is working fine. She can send and receive e-mail, including Internet e-mail. The distribution group is used for clients on the Internet to send e-mail to a generic sales alias so that all the sales people get the message. Tried sending e-mail to the alias internally and it worked fine.” You must resolve the problems so that messages from the Internet are delivered to the distribution group. What did you determine to be the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Scenario

What steps did you take to identify and resolve the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Unit 6: Troubleshooting Server Connectivity

25

Lab Virtual PC clean-up

For these exercise, you used the Vancouver and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image. Important When you shut down the Virtual PCs using these instructions, all changes made to the Virtual PCs will be lost. To clean up after this lab: 1. On Vancouver, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 2. On London, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. Note Start the 2011_London Virtual PC to prepare for the next unit’s lab. Do not shut it down again until instructed.

26

Unit 6: Troubleshooting Server Connectivity

Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** What steps did you follow in the troubleshooting flowcharts?
! ! ! !

What were the root causes of the problem described in the scenario? What steps did you use and how did the steps help identify the problem? What other steps could you have used to identify the problem faster? How did you test your solution?

How will you approach these types of troubleshooting issues in your work place?
! ! !

How is your work environment different than the test environment? How would your work environment change the troubleshooting process? What steps would you take in the future when troubleshooting similar problems?

Unit 7: Troubleshooting Server Performance
Contents
Overview System Components That Cause ServerRelated Problems Common Server-Related Problems Pre-Lab Discussion Lab: Troubleshooting Server Performance Lab Discussion 1 2 5 7 8 18

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Unit 7: Troubleshooting Server Performance

1

Overview

*****************************ILLEGAL FOR NON-TRAINER USE****************************** In this unit, you will learn how to troubleshoot server performance problems as they relate to Microsoft ®Exchange Server 2003 and Microsoft Active Directory® domain controllers. You will be able to identify and resolve problems with bandwidth, services, database corruption, service failures, disk space, and other server performance issues. There are different types of behaviors associated with an overloaded Exchange server as compared to an overloaded domain controller. You need to remember that without Active Directory, Exchange Server 2003 will not run properly and messaging clients such as Microsoft Outlook® 2003 will not be able to perform simple tasks, such as resolving e-mail addresses. Objectives After completing this unit, you will be able to:
!

Identify and resolve messaging problems related to performance problems in domain controllers and global catalog servers. Identify and resolve messaging problems caused by the running of scheduled applications. Troubleshoot messaging problems caused by hardware components in server systems.

!

!

2

Unit 7: Troubleshooting Server Performance

System Components That Cause Server-Related Problems

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Once you have purchased hardware and implemented Exchange Server 2003, you may find unexpected growth or a change in the expected behaviors of your messaging users. For example, you may find that they use e-mail much more than you ever thought they would, and that they do not use public folders nearly as much as you expected. You may also find that your design did not account for special messaging users with higher service level agreements that require different configurations. Often, troubleshooting poor performance will require determining which hardware components are creating problems. You can use the System Monitor to identify problems with the performance objects listed in the following table.
Hardware component CPU Performance object Processor Performance counter %Process Time The time the CPU spends executing threads. Troubleshooting tip If the processor is consistently running well above baseline, check the process object and monitor the individual processes to see which are providing too much stress. The problem could be a scheduled process that needs to be moved to off-peak hours. Another reason behind the problem could be that the virus scanner is utilizing too much processing power and the system requires an upgraded or additional CPU to balance the load.

Unit 7: Troubleshooting Server Performance (continued) Hardware component Hard disk Performance object Physical disk Performance counter Disk Transfer/sec The rate of read and write operations on the disk. %Disk Time The amount of time the disk spends servicing requests. Troubleshooting tip If the hard drives of the server are being heavily loaded, consider adding faster hard drives with higher throughput rates. Another concern with high hard drive activity is that combined with high memory usage, it may be causing excessive disk swapping. Adding more system memory will improve disk performance by reducing disk swapping. To improve hard disk speed, you can purchase controllers with larger amounts of caching. You will need to turn off write caching, as it can cause problems with log drives. However, the read caching can be extremely beneficial for performance since retrieving data from cache is quicker than retrieving data from disk. System memory Memory Available bytes The amount of physical memory available for process or system use without having to swap data to disk for temporary storage. Pages/sec The rate at which memory pages are swapped to and from disk and memory. When there is excessive paging, it is often referred to as disk thrashing because the hard drives work so hard. Network adapter Network interface Bytes Total/sec The rate at which bytes of data are sent or received through the network adapter. If memory usage is continually high and there are high levels of paging to and from disk, additional memory should be added to the system.

3

When adding memory over one gigabyte, remember to add the /3gb switch to the menu items in the boot.ini file so that your server will use more than one gigabyte of system memory.

It is rare that the network interface will be fully utilized and cause network problems. However, you may want to move the network interface of an Exchange Server 2003 server to a higher performance network backbone, or add multiple network adapters and configure load balancing between the adapters to achieve improved performance. In many cases, backups from Exchange to another server on the network can cause slow network performance for a large number of applications. Schedule backups for off-peak hours, or create a private backup network used just to offload all backup network traffic from the public network.

4

Unit 7: Troubleshooting Server Performance

Developing performance baselines

You should use the System Monitor tool to log performance over several months so that you can develop a performance baseline. This baseline will help you identify growth issues or any abnormalities with the performance of your Exchange environment. Once you know how your Exchange servers run under average user stress, you will be able to identify any major peaks in usage and start looking for causes that might explain the change. Use the counters presented in the above table as well as several other counters that can be used to measure the Exchange server services. For example, if you use performance logging and capture information for the SMTP Server Messages Received/Sec counter, you will know that 14,000 is a number that is much too high for your normal processing speed, and you will be able to respond to the problem much faster. Some basic questions you should be able to answer based upon performance baselines include:
! !

What is the average number of e-mail received per day? How often do users open e-mail each day? How often do users open public folders? What are the daily, weekly, and monthly peak delivery rates for e-mail? How many more users can your environment support without upgrading? Note Please refer to Microsoft Official Courseware Course 2400, Implementing and Managing Exchange Server 2003, Module 13, for more information on performance monitor objects and processes for developing performance baselines.

! !

Unit 7: Troubleshooting Server Performance

5

Common Server-Related Problems

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Not all performance problems can be fixed by upgrading hardware components. Many server-related problems are caused by services and applications running on the Exchange servers or on the domain controllers that impact performance. If you can identify these different applications and services and change their schedules so that they only run during off-peak hours, you can minimize the impact to the Exchange environment. Anything that can be done to reduce the server and network load during production hours will help improve performance of the messaging environment and will improve the productivity of the company. The table below lists some common server–related problems and recommended solutions. Warning When entering times for scheduled applications and processes, be careful to enter the appropriate A.M. or P.M.
Problem Scanning software slows performance Recommended solution • Perform minimal scanning during the day. • Only scan inbound messages during the day and then scan the entire mailbox store each night after peak hours. • Offload all scanning to a dedicated server that scans all inbound and outbound messages. Backups slow performance • Perform backups only during off-peak hours. • Back up individual storage groups at different times to minimize the impact during off-peak hours. • Spread mailbox stores over additional servers so that the load on each server is not as high as if all mailboxes were on a single server.

6

Unit 7: Troubleshooting Server Performance (continued) Problem Restores slow performance Recommended solution • Perform restores on offline servers and export lost messages to .pst files. Send the .pst files to the proper owner so that they can import them. • Keep stores small so that they can be restored quicker. Broken RAID sets slow performance • A broken disk should be replaced immediately. It is a very good idea to keep spare disks for important servers, such as Exchange servers. • Try not to use RAID 5 implementations since broken disks require significant CPU cycles to generate the lost data using existing data and parity information. • Break any mirrors with defective drives and take the broken disk sets offline. Replace the defective drives and re-establish the mirrors after normal business hours to minimize performance impact. Network interface and switch problems slow performance • Often, the network switch and the network card will have trouble negotiating speed settings if they are both set to autonegotiate their speed settings. You should force network adapters to their highest speed settings. • Clearly mark and deactivate broken switch ports. Activity spikes slow performance • Use System Monitor to watch for predictable spikes, such as early morning logon activity that slows domain controller performance, and Exchange server performance as everyone reads e-mail to get ready for the day. Also, you may see spikes right after lunch and right before the close of business each day. • Verify that all applications and services that can be turned off are off or are scheduled for off-peak times, to minimize the impact of the activity spikes. • Consider recommending flex hours for employees to ease the load on the network and improve performance for everyone. Maintenance slows performance • Do not take down any servers during business hours. In the event that maintenance is required because of failing hardware, plan well so that the length of time a server is not functional will be minimized. • Schedule and maintenance applications, such as disk defrag, during off-peak hours.

Note Hard disk arrays that are used to support large Exchange Server 2003 databases may have their own tools for monitoring disk performance. Make sure you use these tools and pay special attention to failed disks, as a broken disk in an array can cause extremely poor server performance.

Unit 7: Troubleshooting Server Performance

7

Pre-Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Messaging applications can be affected by many different components and processes that exist in a server. Each component and process needs to be reviewed and considered when troubleshooting server performance issues. Focusing on server performance issues, discuss what problems might cause the following situations:
! ! !

Address resolution and address lookup are very slow. Outlook is very slow when retrieving a message from the Exchange server. Multiple users are unable to open their mailboxes using Outlook.

8

Unit 7: Troubleshooting Server Performance

Lab: Troubleshooting Server Performance

*****************************ILLEGAL FOR NON-TRAINER USE****************************** In this lab, you will perform troubleshooting tasks related to server performance problems. You will use the flow charts, Lab Toolkit resources, and your personal experiences to find the existing problems and correct them. For more information on completing this lab, see Appendix A, “Lab Guidance,” located at the back of the student workbook. After completing this lab, you will be able to:
!

Identify and resolve messaging problems related to server performance problems in domain controllers and global catalog servers. Identify and resolve messaging problems caused by the running of scheduled applications. Troubleshoot messaging problems caused by hardware components in server systems. Important This lab focuses on the concepts in this unit and as a result may not comply with Microsoft security recommendations. For instance, this lab does not comply with the recommendation that you should not log on using an administrative account.

!

!

Unit 7: Troubleshooting Server Performance

9

Lab Virtual PC configuration

For this lab, you will use the Acapulco and London Virtual PCs. The Acapulco Virtual PC is used to simulate a messaging client for internal users as well as external users. London is a domain controller, global catalog server, DNS server, and Exchange Server 2003 server. To prepare for this lab: 1. Start 2011_London Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with the password P@ssw0rd. 3. Start the 2011_Acapulco Virtual PC.

Navigating the flow chart

In this lab, you will use the flow charts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario, the Level 1 and 2 support comments, and then use the flow chart to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flow chart to determine which path to follow. Use the letters on the flow chart to identify the Lab Toolkit resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario you have successfully completed the lab.

10

Unit 7: Troubleshooting Server Performance

Lab Toolkit Resources
Flow Chart Reference A B

If necessary, use one or more of the following Lab Toolkit resources to help you complete this lab:
Resources used for this flow chart Help: Exchange: Enabling Diagnostic Logging. To locate this information, search for Configure Diagnostic Logging and Set Diagnostic Logging Properties.

C

G

Help: Exchange: Identifying and Closing Open Relays. To locate this information, open Exchange System Manager help and then search for Set Relay Restrictions on a Virtual Server. Help: Exchange: Managing Message Queues. To locate this information, search for Manage Message Queues. Help: Exchange: Monitoring Connector Status. To locate this information, search for Connector Status and select the topic Verify Server and Connector Status. Help: Exchange: Using the Monitoring and Status Tool in Exchange Server Manager. To locate this information, search for Exchange 2003 Monitors and Monitor Services Used by Exchange.

C A B

G

A

B

F

Help: Windows: Checking for Memory Leaks. To locate this information, search Windows Server 2003 Online Help for Memory Leaks and System Monitor. H Help: Windows: Performance Logs and Alerts – Search for Monitoring Server Performance and System Monitor. Help: Windows: Using Netmon to Monitor Network Traffic. To locate this information, search for Monitor Network Traffic and Network Monitor.

A A

B B

E

F

E C C D A B B

F G G

H

Help: Windows: Review Scheduled Tasks. To locate this information, search for Scheduled Tasks and Task Scheduler Overview. Impact of Virus and Content Scanners on Messaging Functionality Updating Antivirus Signatures Using Dcdiag and Netdiag to Verify the Infrastructure Using Service Logs

H

Using the Telnet Command to Test the TCP Port Restrictions on a Firewall

Estimated time to complete this lab: 90 minutes

Troubleshooting Server Performance

Start

C
Spam 1. Check for open relay 2. Update antivirus signatures 3. Check antivirus and content scanning quarantine 4. Check message queues

Are the problems intermittent or predictable? Intermittent

A
1. Monitor affected servers to identify problem 2. Configure logging 3. Setup Alerts Select issues identified by monitoring and logging Network 1. Check for bad port, bad cable, or bad network adapter 2. Check Internet connection

Predictable

B
1. Monitor affected servers to identify problem 2. Configure logging

D
Authentication Check domain controllers and global catalog servers

E

Disk CPU Select issues identified by monitoring and logging

1. Check for virus - look for out of normal performance counters and unknown applications 2. Check for scheduled applications and services running at inappropriate times 3. Check benchmarks for the server, may have too many users

1. Verify enough space for log files and database 2. Check store size, consider whether it might be too large 3. Check for scheduled applications and services running at inappropriate times

System Memory Network Spam/Virus

H G
1. Check for virus - look for out of normal performance counters and unknown applications 2. Check for backups running at inappropriate times across the network

Unit 7: Troubleshooting Server Performance

F

1. Check for Open Relay 2. Update Anti-virus signatures 3. Check antivirus and content scanning quarantine 4. Check message queues

11

1. Check for virus - look for out of normal performance counters and unknown applications 2. Check for scheduled applications and services running at inappropriate times 3. Check for memory leaks

12

Troubleshooting Server Performance

Start

C
Spam 1. Check for open relay 2. Update antivirus signatures 3. Check antivirus and content scanning quarantine 4. Check message queues

Unit 7: Troubleshooting Server Performance

Are the problems intermittent or predictable? Intermittent

A
1. Monitor affected servers to identify problem 2. Configure logging 3. Setup Alerts Select issues identified by monitoring and logging Network 1. Check for bad port, bad cable, or bad network adapter 2. Check Internet connection

Predictable

B

1. Monitor affected servers to identify problem 2. Configure logging

Authentication

D
Check domain controllers and global catalog servers

Troubleshooting Server Performance

E

Disk CPU Select issues identified by monitoring and logging

1. Check for virus - look for out of normal performance counters and unknown applications 2. Check for scheduled applications and services running at inappropriate times 3. Check benchmarks for the server, may have too many users

1. Verify enough space for log files and database 2. Check store size, consider whether it might be too large 3. Check for scheduled applications and services running at inappropriate times

Network System Memory Spam/Virus

H G
1. Check for Open Relay 2. Update Anti-virus signatures 3. Check antivirus and content scanning quarantine 4. Check message queues 1. Check for virus - look for out of normal performance counters and unknown applications 2. Check for backups running at inappropriate times across the network

Unit 7: Troubleshooting Server Performance

F
1. Check for virus - look for out of normal performance counters and unknown applications 2. Check for scheduled applications and services running at inappropriate times 3. Check for memory leaks

13

14

Unit 7: Troubleshooting Server Performance

Exercise 1 Address Resolution and Address Lookups Are Very Slow
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab7a.bat script located in the c:\MOC\2011\Labfiles\Lab07 folder on 2011_London Virtual PC. Paul West has entered a service request. He states that it is taking a long time for his Outlook client to resolve names that he enters manually, and it also takes a long time when he wants to search for a name. Paul states that before this, Outlook 2003 was able to resolve names in less than one second. Today, he is experiencing wait times of approximately five seconds. Other users are also complaining about poor Exchange server performance. Log on to London as Nwtraders\Administrator using the password P@ssw0rd. You should not need to open any user mailboxes when troubleshooting this problem. Level 1 support comments “Paul has been with the company for a month and his computer has the standard build, including Outlook 2003. Checked user account – it is mailbox enabled. His mailbox is on London. He is able to ping London.” You must resolve the performance problem with Exchange Server 2003. What did you determine to be the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Scenario

What steps did you take to identify and resolve the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Unit 7: Troubleshooting Server Performance

15

Exercise 2 Outlook Is Very Slow When Retrieving a Message from Exchange
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab7b.bat script located in the c:\MOC\2011\Labfiles\Lab07 folder on 2011_London Virtual PC. Pete Male has entered a service request. He states that it takes several seconds to send a message using his Outlook messaging client. Other service request calls have come in complaining of the same problem. Log on to London as Nwtraders\Administrator using the password P@ssw0rd. You should not need to open any user mailboxes when troubleshooting this problem. Level 1 support comments Level 2 support comments “Pete is a new Exchange 2003 user and was recently migrated over from Exchange 5.5. His computer has the standard build, including Outlook 2003. Pete is able to ping London without any problems.” “We have heard similar reports from other users in London. It is a suspected network link issue and is being reviewed by the Network team as well as the Server team.” You must identify and resolve the performance problem with Exchange Server 2003. What did you determine to be the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

Scenario

What steps did you take to identify and resolve the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

16

Unit 7: Troubleshooting Server Performance

Exercise 3 Multiple Users Are Unable to Open Their Mailboxes Using Outlook
In this exercise, you will use the flow chart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab7c.bat script located in the c:\MOC\2011\Labfiles\Lab07 folder on 2011_London Virtual PC. Important This script will take approximately ten minutes to complete. You can start troubleshooting after the script has run for approximately five minutes. Scenario Max Benson has entered a service request. He states that he is experiencing delays when opening his mailbox and also when trying to send messages to others on the network. You have received a call from the Help Desk indicating that many users are calling about this problem. Log on to London as Nwtraders\Administrator using the password P@ssw0rd. You should not need to open any user mailboxes when troubleshooting this problem. Level 1 support comments “Max has a standard desktop system. He has a history of complaining about many issues. We think he is trying to get a new computer. His computer has the standard build, including Outlook 2003. It has been tested several times in the past. Max is able to ping London.” “We have heard similar reports from other users in London. It is a suspected network link issue and is being reviewed by the Network team as well as the Server team. Escalating to the Exchange team to help, just in case it is related to the Exchange server.” You must resolve the performance problem with Exchange Server 2003. What did you determine to be the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Level 2 support comments

What steps did you take to identify and resolve the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Unit 7: Troubleshooting Server Performance

17

Lab Virtual PC clean-up

For this lab, you used the Acapulco and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image. Important When you shut down the Virtual PCs using these instructions, all changes made to the Virtual PCs will be lost. To clean up after this lab: 1. On Acapulco, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 2. On London, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. Note Start the 2011_London Virtual PC to prepare for the next unit’s lab. Do not shut it down again until instructed.

18

Unit 7: Troubleshooting Server Performance

Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** What steps did you follow in the troubleshooting flow charts?
! ! ! !

What were the root causes of the problems described in the scenarios? What steps did you use and how did the steps help identify the problems? What other steps could you have used to identify the problems faster? How did you test your solutions?

How will you address this type of problem in the future?
! ! !

How is your work environment different than the test environment? How would your work environment change the troubleshooting process? What steps will you take in the future when troubleshooting similar problems?

Unit 8: Troubleshooting Security Issues

Contents
Overview PKI Requirements for Secure E-Mail Troubleshooting S/MIME E-Mail Issues Troubleshooting SSL Issues Pre-Lab Discussion Lab: Troubleshooting Exchange Security Lab Discussion Workshop Evaluation 1 2 5 8 11 12 23 24

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Unit 8: Troubleshooting Security Issues

1

Overview

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Because a great deal of business-related information is sent using e-mail, e-mail security is a significant issue for most companies. The need for secure e-mail adds a layer of complexity to your e-mail infrastructure that can result in additional troubleshooting issues. This unit addresses issues relating to securing e-mail while it is in transit from one location to another. To secure the information, digital certificates that include encryption keys are used to protect the data on the network. To protect e-mail messages while they are in transit, you will need to:
!

Implement a Public Key Infrastructure (PKI) to manage the creation and distribution of digital certificates. Implement Secure Multipurpose Internet Mail Extensions (S/MIME) to encrypt or digitally sign e-mail messages sent from client to client. The encryption and digital signatures ensure that a message is secure and cannot be modified while it is transmitted on the network. Implement Secure Sockets Layer (SSL) to encrypt network traffic. With SSL, the actual network traffic that transmits e-mail messages is encrypted, so that even if the network packets were captured, they could not be read.

!

!

Objectives

After completing this unit, you will be able to:
! !

Identify and resolve problems related to encrypting e-mail using S/MIME. Identify and resolve problems related to using remote procedure call (RPC) over Hypertext Transfer Protocol (HTTP). Identify and resolve problems related to Exchange Server 2003 security configurations.

!

2

Unit 8: Troubleshooting Security Issues

PKI Requirements for Secure E-Mail

*****************************ILLEGAL FOR NON-TRAINER USE****************************** A public key infrastructure includes servers, management tools, and policies that are used to create, distribute and manage the deployment of digital certificates To use digital certificates for securing e-mail using SSL or S/MIME, you must deploy a PKI or use an existing PKI. PKI components A PKI includes the following components:
!

Certificate and Certificate Authority (CA) management tools. Provide both graphical user interface (GUI) and command-line tools to manage issued certificates, publish CA certificates and Certificate Revocation Lists (CRLs), configure CAs, import and export certificates and keys, and recover archived private keys. Certification authorities. Issue certificates to users, computers, and services and manage the certificates. Each certificate that a CA issues is signed with the digital certificate of that CA. Certificate and CRL distribution points. Provide publication locations at which certificates and CRLs are publicly available, either within or outside of an organization. Publishers can use any kind of directory service, including X.500, Lightweight Directory Access Protocol (LDAP), or directories in a specific operating system. Publishers can also publish certificates and CRLs on Web servers. Certificate templates. Define the content and purpose of a digital certificate. A certificate template defines issuance requirements, certificate purpose, implemented extensions, such as application policy or extended key usage, and enrollment permissions for certificates that a CA issues. Digital certificates. Provide the foundation of a PKI. Digital certificates are electronic credentials that are associated with a public key and a private key that an organization uses to authenticate users.

!

!

!

!

Unit 8: Troubleshooting Security Issues
!

3

Certificate revocation lists (CRL). List the certificates that a CA has revoked before the certificate reaches its scheduled expiration date. Public key-enabled applications and services. Support public key encryption so you can implement public key security. You can only implement these components after you configure your PKI to issue, publish, and control certificates.

!

Implementing a PKI

The decision on which PKI option to use will likely be based on which clients need to use certificates to secure e-mail. If you deploy certificates only to users within your organization, and the servers that require server certificates will be accessed only by internal clients, deploying a private CA is a good option. If users outside the organization will require certificates, or if you deploy servers that will be accessed by users outside the organization, you should deploy commercial certificates. You have two options when implementing a PKI:
!

Deploy a private PKI using Windows Server 2003 Certificate Authorities. Windows Server 2003 includes a Certificate Server service that you can use to deploy a PKI for your company. With this option, you can integrate the management of certificates with Microsoft® Active Directory®. Integrate with a public or commercial PKI. You can also obtain digital certificates from commercial PKIs such as VeriSign, GTE, Thawte, and RSA. With this option, you can reduce the amount of effort required to manage the certificates because the certificate management is done by the commercial CA.

!

This choice is critical because PKI is based on trust model. When a client connects to a server that is using a digital certificate to secure data, the client checks its list of trusted root certification authorities to see whether it is configured to trust the digital certificate. If the client is not configured to trust the certificate, it will warn the user or fail to connect to the server. If you deploy a private CA, you can configure all your internal clients to trust the CA, but external clients are not going to be configured to trust your CA. However, Internet clients such as Web browsers are already configured to trust the wellknown commercial CAs so they will not receive a warning when they connect to a server using a commercial certificate. In most cases, you are likely to be most concerned with securing e-mail within your organization, which means a private CA is a good option. If you need to secure e-mail to only a few external users, you can exchange certificates with the external users and ask the external users to configure their clients to trust your CA. If you need to secure e-mail to more external users, you can configure each of your clients to use a commercial CA.

4

Unit 8: Troubleshooting Security Issues

Acquiring digital certificates

After deploying the CAs, you need to acquire and install certificates on all the servers and clients that require them. The enrollment process is a matter of requesting and issuing a certificate. Although the enrollment process varies with the CA that is used, and its policies, the following steps outline the general process: 1. Applicant generates a key pair. The applicant generates a public and private key pair, or he or she is assigned a key pair by some authority in the company. The applicant stores the key pair locally, either on the disk subsystem or on a hardware device, such as a smart card. 2. Applicant sends the certificate request to the CA. The applicant provides the information that is required by the certificate template and sends the certificate request to the CA. The certificate request includes the public key that is generated at the requesting computer. This certificate request can be sent directly to an online CA, or it can be saved as a text file and sent to an offline CA. 3. Certificate administrator reviews the request. A certificate administrator reviews the certificate request to verify the applicant’s information. Based on the information presented, the certificate administrator either issues or denies the certificate request. In some cases, the CA may be configured to issue certificates automatically to users who present appropriate credentials. 4. Upon approval, the CA issues the certificate. The CA creates the certificate and issues the certificate to the requesting applicant. The certificate is signed by the CA to prevent modification and it includes the applicant’s identifying information and the submitted public key as an attribute of the issued certificate. After you have acquired and installed the certificates, you can start using the certificates to secure e-mail messages either with SSL or S/MIME.

Unit 8: Troubleshooting Security Issues

5

Troubleshooting S/MIME E-Mail Issues

*****************************ILLEGAL FOR NON-TRAINER USE****************************** When using S/MIME you can configure an e-mail client to encrypt an e-mail message as well as attach a digital signature to an e-mail message. You can use the digital signatures to ensure the identity of the e-mail sender and to ensure that the e-mail has not been modified. Encryption ensures that the message cannot be read or modified while it is transmitted on the network. Message encryption by using S/MIME You can protect e-mail messages in transit on the network by using encryption. Exchange uses public key encryption, which uses two keys: a public key, which is a key that is known to everyone, and a private key, which is a key that is known only to the recipient of the message. The public key and private key are used in combination to encrypt and decrypt data. The following steps explain the process for how public key encryption is applied to the original plaintext data: 1. The message sender retrieves the recipient’s public key. The public key may be stored in Active Directory in a Microsoft Windows Server™ 2003 environment, or on an accessible certificate store managed by a CA. The message sender may also have received the public key from the recipient as part of a digitally signed message. 2. The sender generates a symmetric key and uses the symmetric key to encrypt the message data. A symmetric key is a key that can be used to encrypt and decrypt messages. The symmetric key is encrypted with the recipient’s public key to prevent the symmetric key from being intercepted during transmission. 3. The encrypted symmetric key and encrypted data are sent to the recipient. 4. The recipient’s private key is used to decrypt the encrypted symmetric key. The encrypted data is decrypted with the symmetric key, which yields the original data to the recipient.

6

Unit 8: Troubleshooting Security Issues

In this process, the public key can be made available to anyone who requests the key, so that anyone can encrypt a message to send to a user. However, only the recipient’s private key can decrypt the messages encrypted by the public key, so only the person holding the private key can decrypt the messages. The private key is protected in a user or computer profile or on a physical device, such as a smart card. Signing messages by using S/MIME You can protect e-mail messages against modification by using a digital signature. A digital signature is a digital code that can be attached to an e-mail message that uniquely identifies the sender. A digital signature is a key component of most authentication methods because the digital signature verifies the identity of the individual who is sending the message. The following steps explain the process for how a digital signature is applied to the original data: 1. When the sender prepares to send the signed message, a hash algorithm is applied to the message data. A hash algorithm takes any form of data and produces a mathematical result for the inputted data. This result is the hash value. If a single character is changed in the message data while it is transmitted on the network, the hash value will no longer be valid. 2. The resulting hash value is encrypted by using the sender’s private key. The encryption protects the hash value from modification during the transmission of the hash value to the recipient. 3. The sender sends the certificate, the encrypted hash value, and the original data to the recipient. The certificate includes the sender’s public key as one of the attributes of the certificate. 4. The recipient retrieves the sender’s public key from the received certificate. The recipient uses the public key to decrypt the encrypted hash value. The successful decryption and validation of the sender’s certificate proves that the data originated from the sender. 5. The recipient passes the original data through the same hash algorithm. The resulting hash value is compared to the hash value received from the sender. If the two hash values are identical, the original data was not modified during the transmission.

Unit 8: Troubleshooting Security Issues

7

Troubleshooting S/MIME issues

S/MIME requires that both the sender and recipient have a digital certificate, and that sender and recipient obtain a copy of each other’s digital certificate with the attached public key. Therefore, much of the troubleshooting for S/MIME will be client-based certificate troubleshooting. Use the following guidelines when troubleshooting S/MIME issues.
!

Ensure that both sender and recipient have digital certificates. To send encrypted e-mail, the sender and receiver must have digital certificates. The easiest way to test whether a user has a certificate is to attempt to send a signed message. Sending digitally signed messages does not require a user to have anyone else’s certificate, but the user must have a certificate. If the user cannot send digitally signed e-mail to anyone, then the user does not have a certificate, or the private key may not be accessible. For example, the user may have a private key on one computer, but this would not mean that the user can send signed e-mail from another computer. If a user must be able to send encrypted messages from multiple computers, then you can export the private key from one computer and install it on other computers. You can also store the private key as part of a roaming user profile. Ensure that the sender and recipient have each other’s public keys. To send encrypted messages to another recipient, the sender must have the recipient’s public key. If a user can digitally sign messages but cannot encrypt messages, the problem is likely that the sender does not have the required public key. The easiest way for the sender to get the public key is for the recipient to send a digitally signed e-mail. The signed e-mail includes the certificate and public key. When the signed e-mail arrives, save the sender information in your address book. The certificate and public key will be saved with the contact information. Ensure that the clients are configured to trust the other certificate. You may encounter problems if the clients do not trust the CA used by the sender or recipient. If you receive an encrypted or signed e-mail and your client is not configured to trust the sender’s CA, you will receive a warning message. If you are confident of the sender’s identity, you can configure your client to trust the certificate explicitly. If you must exchange secure e-mail with several users in the other organization, you may want to configure a trust chain between a CA that you trust and the sender’s CA. Ensure that you can recover lost private keys. In many cases, a user’s private key is stored on the local computer in a secure part of the user’s profile. If that private key is lost due to a hard disk failure, you must be able to recover the private key; if you cannot, the user will not be able to decrypt messages using the associated public key. As a best practice, you should export a copy of the private key to a secure location to ensure that you can restore the key if needed. In most cases, you should also implement procedures on the CA to provide for private key archival and retrieval.

!

!

!

8

Unit 8: Troubleshooting Security Issues

Troubleshooting SSL Issues

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Secure Sockets Layer (SSL) is a flexible security option that can be used to secure e-mail related traffic from most messaging clients using any of the Exchange Server 2003 supported protocols. With SSL, you can secure e-mail whether you are using HTTP (Outlook Web Access or Outlook Mobile Access), SMTP, IMAP4, POP3, or NNTP. SSL support is also enabled on Microsoft Outlook Express®, Microsoft Outlook®, Internet Explorer, as well as on most other Internet browsers and Internet protocol e-mail clients. SSL is different than S/MIME in that SSL can only be used to authenticate computers on a network and then to encrypt data in transit on a network. With S/MIME, you can encrypt and sign e-mail messages and the messages remain signed or encrypted while in the user’s mailbox. With SSL, you can encrypt all network traffic as it transverses your network, but data is not encrypted while it is in storage. Benefits of using SSL One of the benefits of using SSL is that you can use SSL to encrypt all messaging-related protocols supported by Exchange Server 2003. Implementing SSL offers the following advantages:
!

You can use Internet protocol applications to transmit confidential data on the unsecured Internet. All data is encrypted from the client to the server, including user authentication and messaging data. You can validate the identity of the Internet protocol server. The server provides its certificate as a form of authentication. If the client is configured to trust the certificate, and if the certificate passes all validity tests, the client will authenticate and trust the server.

!

Secure Sockets Layer can also be used to secure RPC over HTTP traffic. To use RPC over HTTP, you must deploy Exchange Server 2003 on Windows Server 2003 in a Windows Server 2003 Active Directory environment. Moreover, only Outlook 2003 clients support RPC over HTTP. If you do deploy RPC over HTTP, you can configure both the Exchange server and the client to require SSL, so that all RPC traffic is sent using HTTPS rather than HTTP.

Unit 8: Troubleshooting Security Issues

9

Implementing SSL

Implementing SSL is significantly easier than implementing S/MIME because you do not need to deploy certificates to the e-mail clients. Instead most configurations for SSL occur on the Exchange server. Use the following steps to implement SSL. 1. Configure a server-based certificate. This server-based certificate is used to authenticate the server’s identity. The public key associated with the certificate is used to create the encryption keys for encrypting traffic on the network. In a Windows Server 2003 environment, you can use a commercial CA certificate or an internal CA to issue the certificate. 2. Configure the protocol virtual servers to require SSL. After installing the server certificate, configure the protocol virtual servers to require SSL. You can use the same server certificate for all messaging protocols but you must enable each protocol virtual server to use the certificate. To enable SSL support on protocol virtual servers, first add the server certificate to the server and then configure the protocol virtual server to require SSL. Note When you configure a protocol virtual server to require SSL, it will no longer accept any unsecured connections. If you need both secure and unsecure protocol virtual servers, you must configure two different virtual servers. If you want to make SSL optional on a protocol virtual server, you can install the server certificate on the server, but not require SSL on the virtual server. 3. Configure the network infrastructure to allow SSL ports. SSL uses ports different from those used by unsecured protocol traffic, so you must open the SSL ports. The following table shows the ports you must open when using SSL:
Protocol POP3 IMAP4 SMTP NNTP HTTP (Outlook Web Access and Outlook Mobile Access) SSL port 110 and 995 if using SSL 143 and 993 if using SSL 25 with or without SSL 119 and 563 if using SSL 80 and 443 if using SSL

4. Configure the e-mail clients to use SSL. Once the server is configured to support SSL, configure each client to use SSL when connecting to the server. 5. If required, acquire a client certificate for Outlook Web Access (OWA) or Outlook Mobile Access (OMA) e-mail clients. In environments that require very high security, you may configure the HTTP virtual server to require client certificates. Client certificates enable mutual authentication, ensuring the identity of both the client and the server. If you require client certificates, you must acquire and install a client certificate on each client computer or device.

10

Unit 8: Troubleshooting Security Issues

Troubleshooting SSL

In most cases, troubleshooting SSL requires you to troubleshoot the server and network configuration rather than the client configuration. Use the following guidelines when troubleshooting SSL issues:
!

Check the network configuration. To use SSL, clients must be able to connect to the Exchange server using the correct port numbers. If clients within your corporate intranet can use SSL, but cannot connect using SSL from the Internet, ensure the SSL ports are accessible from the Internet. Check the certificate trust path. The server certificate must be trusted by the e-mail client. If the certificate is not trusted, you may get an error message on the client computer indicating that the certificate is not trusted. You can then configure the client computer to trust the server certificate explicitly. If users frequently access your Exchange server using public computers, you should use a certificate from a trusted commercial CA. SSL is not supported between the front-end and back-end server. If you have deployed a front-end and back-end server topology, you cannot use SSL to secure traffic between the two servers. This means that the back-end protocol virtual servers used by the front-end servers cannot be configured to require SSL. To secure communication between front-end and back-end servers, you should configure IPSec. Check client configuration. Each e-mail client must be configured to support SSL. If one client cannot connect to your Exchange servers using SSL while other users can connect, the problem is almost certainly a client configuration error. If you have both SSL- and non-SSL-enabled protocol virtual servers accessible to the client, you can first ensure that the client can connect to the protocol virtual servers that do not require SSL. If they can connect to these servers, but not to the servers that require SSL, then check the client SSL configuration.

!

!

!

Unit 8: Troubleshooting Security Issues

11

Pre-Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** E-mail security is a significant issue for most companies and a great deal of business-related information is sent using e-mail. The need for secure e-mail adds a layer of complexity to your e-mail infrastructure that can result in additional troubleshooting issues. In this context, discuss what problems might cause the following symptoms:
! ! !

Users cannot send secure e-mail to each other using S/MIME. Users cannot access their mailboxes using RPC over HTTP. Users cannot receive Internet e-mail in a secure environment.

12

Unit 8: Troubleshooting Security Issues

Lab: Troubleshooting Exchange Security

*****************************ILLEGAL FOR NON-TRAINER USE****************************** For more information on completing this lab, see Appendix A, “Lab Guidance,” located at the back of the student workbook. After completing this lab, you will be able to:
! ! !

Identify and resolve problems related to encrypting e-mail using S/MIME. Identify and resolve problems related to using SSL to secure e-mail. Identify and resolve problems related to Exchange Server 2003 security configurations. Important This lab addresses the concepts in this unit and therefore may not comply with Microsoft security recommendations. For example, this lab does not comply with the recommendation that you should not log on using an administrative account.

Lab Virtual PC Configuration

For the first two scenarios in the lab, you will use the London Virtual PC and the Acapulco Virtual PC. To prepare for this practice: 1. Start 2011_London Virtual PC if it is not already started. 2. Log on as NWTraders\Administrator with a password of P@ssw0rd. 3. Start the 2011_Acapulco Virtual PC. You will use Outlook 2003 and Outlook Express on Acapulco to send and receive e-mail.

Certificate Authority

London.nwtraders.msft is configured as a CA. To request a user certificate from this CA, connect to https://london.nwtraders.msft/certsrv and log on with the user name and password required for the lab. The CA is configured to issue certificates automatically from authenticated users.

Unit 8: Troubleshooting Security Issues

13

Navigating the flowchart

In this lab, you will use the flowcharts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario, the Level 1 support comments, and then use the flowcharts to identify the cause of the problem. You will then need to perform the test case presented at each decision point in the flowchart to determine which path to follow. Use the letters on the flowchart to identify the Toolkit Resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and test your solution. When your solution resolves the problem presented in the scenario, you have successfully completed the lab. If necessary, use one or more of the following lab toolkit resources to help you complete this lab:
Resources Used for this Flow Chart Help: Exchange: Managing Virtual Servers. To locate this information, open Exchange System Manager, select Help, select Help Topics and then select Search. Search for Configure Virtual Servers and select the appropriate topic for the type of virtual server. Help: Outlook: Obtaining a Digital ID. To locate this information, open Outlook help and then search for Get a digital ID. Help: Outlook: Sending Secure Mail. To locate this information, open Outlook help and then search for Encrypt or digitally sign messages. Help: Outlook: Verifying account configuration. To locate this information, open Outlook help and then search for View or change e-mail account settings.

Lab Toolkit Resources
Flow Chart Resources A E F

C C B F

Help: Outlook Express: Adding a Contact’s Digital ID to your Address Book. To locate this information, open Outlook Express help and then search for Add a contact’s digital ID to your Address Book. Help: Outlook Express: Obtaining a Digital ID. To locate this information, open Outlook Express help and then search for Obtain a digital ID and add it to your e-mail account. Help: Outlook Express: Verifying account configuration. To locate this information, open Outlook Express help and then search for Add a mail or news account. Help: Windows: Testing DNS. To locate information on locating resource records using DNS administrator snap-in, search for Manage Resource Records.

F

B A F

Help: Windows: Troubleshoot IPSec. To locate information regarding troubleshooting IPSec, search Windows Server 2003 Online Help for IPSec and then select Troubleshooting: Internet Protocol Security (IPSec). Impact of Virus and Content Scanners on Messaging Functionality Implementing and Testing RPC over HTTP

A D E B A E A F F F

Implementing SSL for Exchange Server 2003 Verifying that a Server is Online Using Dcdiag and Netdiag to Verify the Network Infrastructure Using S/MIME to Sign and Seal E-mail Messages Using the Telnet Command to Test the TCP Port Restrictions on a Firewall

Estimated time to complete this lab: 60 minutes

14

Troubleshooting Security Issues

C

MAPI

Outlook

Is Outlook using MAPI or RPC over HTTP?

1. Check security configuration on the client 2. Verify installation of secure mail certificate on client for signing messages 3. Verify receipt of secure mail certificate from recipient for encrypting messages

D
RPC over HTTP Can the user send unsecure email? What is the client type? Yes, but not secure e-mail

Unit 8: Troubleshooting Security Issues

Start

No

B
POP/IMAP Are all users affected? No 1. Verify that the server is online 2. Verify that the client can connect to the Exchange server 3. Check email client configuration

OWA

1. Check that RPC over HTTP component is installed on front-end server 2. Check that the RPC virtual directory in IIS is configured 3. Check that port numbers are configured in the registry of Exchange servers and global catalog servers 4. Check that NSPI interface protocol sequences are configured on the global catalog server 5. Check that Outlook profile configured correctly

E
1. Check that HTTP virtual server supports SSL 2. Check HTTP server security configuration 3. Check client browser type and version 4. Check client security configuration

Yes

A

F
1. Check that required virtual servers support secure protocols 2. Check that required virtual servers are accessible from the Internet using secure ports 3. Check virtual server security configuration 4. Check security configuration on the client 5. Check installation of secure e-mail certificate for signing messages 6. Check receipt of secure mail certificate from recipient for sealing messages

1. Check firewall to see if it allows SMTP traffic into network 2. Check DNS Host and MX records 3. Check SMTP virtual server to verify it responds on port 25 4. Check security configuration on the SMTP virtual server 5. Check SMTP gateway or smart host configuration 6. Check anti-virus and content scanning solutions

Troubleshooting Security Issues

Start

Can the user send unsecure email?

Yes, but not secure e-mail

No

B
Are all users affected? No 1. Verify that the server is online 2. Verify that the client can connect to the Exchange server 3. Check email client configuration

Yes

Unit 8: Troubleshooting Security Issues

A
1. Check firewall to see if it allows SMTP traffic into network. 2. Check DNS Host and MX records 2. Check SMTP virtual server to verify it responds on port 25 3. Check security configuration on the SMTP virtual server 4. Check SMTP gateway or smart host configuration 5. Check anti-virus and content scanning solutions

15

16

Troubleshooting Security Issues

C

MAPI Is Outlook using MAPI or RPC over HTTP? Outlook

1. Check security configuration on the client 2. Verify installation of secure mail certificate on client for signing messages 3. Verify receipt of secure mail certificate from recipient for encrypting messages

D
RPC over HTTP What is the client type?

Unit 8: Troubleshooting Security Issues

OWA POP/IMAP

1. Check that RPC over HTTP component is installed on front-end server 2. Check that the RPC virtual directory in IIS is configured 3. Check that port numbers are configured in the registry of Exchange servers and global catalog servers 4. Check that NSPI interface protocol sequences are configured on the global catalog server. 5. Check that Outlook profile configured correctly

F
1. Check that required virtual servers support secure protocols. 2. Check that required virtual servers are accessible from the Internet using secure ports 3. Check virtual server security configuration 4. Check security configuration on the client 5. Check installation of secure e-mail certificate for signing messages 6. Check receipt of secure mail certificate from recipient for sealing messages

E
1. Check that HTTP virtual server supports SSL. 2. Check HTTP server security configuration 3. Check client browser type and version 4. Check client security configuration

Unit 8: Troubleshooting Security Issues

17

Exercise 1 Troubleshooting Solutions When Users Cannot Send and Receive Encrypted E-mail
In this exercise, you will use the flowchart and the Lab Toolkit resources to identify and resolve the problem in the scenario. Scenario Fernando Caro has entered a service request. The service request states that Fernando cannot send and receive encrypted e-mail from Eric Parkinson. Both users work in the accounting department and frequently send highly confidential documents to each other. Both users’ mailboxes are on London. You must resolve the problem so that both users can send and receive encrypted and signed e-mail from each other. Read the Level 1 support comments, and resolve the problems. In this exercise, you will need to log on to Outlook 2003 on Acapulco using NWTraders\EricParki. You will need to use Outlook Express on London using NWTraders\FernandoCaro for an identity. Level 1 support comments “I talked to both Eric and Fernando. Eric Parkinson works in the office and is using Outlook 2003 as his e-mail client. Fernando Caro works from a remote office that does not have a dedicated connection to the head office, and so he uses Outlook Express which has an IMAP connection to the Exchange server. “Eric and Fernando are involved in highly confidential negotiations to buy another company so they have to be able to send encrypted and signed e-mail to each other. “I confirmed that both of them can get access to e-mail on the Exchange server using their normal clients. “They both say that they have not sent encrypted e-mail to anyone else in the company, and do not need to do so. “I told both of them that I didn’t know if we could set them up to send encrypted e-mail to each other. They were not impressed by this.”

18

Unit 8: Troubleshooting Security Issues

What did you determine to be the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

What steps did you take to identify and resolve the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Unit 8: Troubleshooting Security Issues

19

Exercise 2 Troubleshooting Solutions When Users Cannot Connect to Exchange Using RPC over HTTP
In this exercise, you will use the flowchart and the Lab Toolkit resources to identify and resolve the problem in the scenario. In this scenario, you will test to ensure that RPC over HTTP is working. To ensure that Outlook is connecting to the Exchange server using RPC over HTTP rather than RPC over TCP/IP, use the following procedure: 1. Open Outlook using a profile that is configured to use RPC over HTTP. 2. From your desktop, in the Application tray, hold down the CTRL key, rightclick the Outlook icon, and then click Connection Status. 3. In Connection Status, verify that the connection type is HTTPS. Scenario Judy Lew has entered a service request. Her service request states that she cannot connect to her mailbox from home. Judy Lew is one of the first users to be configured to use RPC over HTTP, and her connection is not working. You must resolve the problem so that Judy Lew can connect to the Exchange server using RPC over HTTP. Read the Level 1 support comments, and resolve the problems. In this exercise, you will need to log on to Outlook 2003 on Acapulco using NWTraders\JudyLew. Level 1 support comments “She picked up the laptop at the office, and her e-mail worked fine in the office. She was told that the laptop was completely configured and ready to go. But when she connects to the Internet from home, she can’t get access to her e-mail. She can open Outlook and she gets a logon screen. When she enters her username and password, the logon screen keeps coming back. I got her to try to use nwtraders\judylew and judylew@nwtraders.msft and neither name works. “She says that she can browse the Internet from home.”

20

Unit 8: Troubleshooting Security Issues

What did you determine to be the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

What steps did you take to identify and resolve the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Unit 8: Troubleshooting Security Issues

21

Exercise 3 Troubleshooting Solutions When Users Cannot Receive Internet E-mail
In this exercise, you will use the flowchart and the Lab Toolkit resources to identify and resolve the problem in the scenario. For this exercise, you will use the London Virtual PC and the Vancouver Virtual PC. 1. On Acapulco, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 2. Start the 2011_Vancouver Virtual PC. 3. Log on to Vancouver as Contoso\administrator with a password of P@ssw0rd. You will use Vancouver to simulate an Internet SMTP server to troubleshoot Internet e-mail delivery. 4. You will use Outlook Web Access on London to test e-mail functionality on the London Virtual PC. 5. To create the troubleshooting scenarios, run the Breaklab8c.bat from the c:\moc\2011\Labfiles\Lab08 directory located on 2011_London Virtual PC. Scenario Deb Waldal has entered a service request. Her service request states that she cannot receive Internet e-mail. She is not receiving any messages from the Internet. You must resolve the problem so that Deb can receive e-mail from the Internet. Read the Level 1 support comments, and resolve the problems. In this exercise, you will need to log on to OWA on London using NWTraders\DebWalda. Level 1 support comments “Urgent!! Talked to Deb and she says a customer sent her some urgent e-mail first thing this morning and it hasn’t been delivered. Checked if I could receive e-mail from the Internet, and I cannot receive Internet e-mail either. “Immediately escalated this to second-level support.”

22

Unit 8: Troubleshooting Security Issues

What did you determine to be the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

What steps did you take to identify and resolve the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Lab Virtual PC Clean-Up

For this lab, you used the Vancouver and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image. Important When you shut down the Virtual PCs using these instructions, all changes made to the Virtual PCs will be lost. To clean up after this lab: 1. On Vancouver, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 2. On London, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. Note Start the 2011_London Virtual PC to prepare for the next unit’s lab. Do not shut it down again until instructed.

Unit 8: Troubleshooting Security Issues

23

Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** What steps did you follow in the troubleshooting flowcharts?
! ! ! !

What were the root causes of the problem described in the scenario? What steps did you use and how did the steps help identify the problem? What other steps could you have used to identify the problem faster? How did you test your solution?

How will you approach these types of troubleshooting issues in your work place?
! ! !

What is different in your work environment than the test environment? How would your work environment change the troubleshooting process? What steps would you take in the future when troubleshooting similar problems?

24

Unit 8: Troubleshooting Security Issues

Workshop Evaluation

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Your evaluation of this workshop will help Microsoft understand the quality of your learning experience. At a convenient time before the end of the workshop, please complete a workshop evaluation, which is available at http://www.CourseSurvey.com. Microsoft will keep your evaluation strictly confidential and will use your responses to improve your future learning experience.

THIS PAGE INTENTIONALLY LEFT BLANK

Unit 9: Troubleshooting the Migration to Exchange 2003
Contents
Overview Standard Migration Overview External Migration Overview Troubleshooting Migration Issues Pre-Lab Discussion Lab: Troubleshooting the Migration to Exchange 2003 Lab Discussion 1 2 5 7 11 12 24

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Unit 9: Troubleshooting the Migration to Exchange 2003

1

Overview

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Because you cannot migrate from Microsoft® Exchange 5.5 to Microsoft Exchange Server 2003 without also migrating from a Microsoft Windows NT™ domain infrastructure to Microsoft Active Directory® directory service, the migration from Exchange 5.5 to Exchange Server 2003 can be complicated. This unit provides an overview of the two primary strategies for migrating from Exchange 5.5 to Exchange Server 2003. The standard migration is to upgrade or migrate the Windows NT domains to Active Directory and then to upgrade the Exchange 5.5 organization to an Exchange Server 2003 organization. The external migration strategy is to create a new Microsoft Windows Server™ 2003 Active Directory forest and a new Exchange Server 2003 organization. Once these have components have been created, you would then migrate the Windows NT user and computer objects into the forest, establish any connectivity to other messaging systems, and then migrate the mailboxes and public folders into the Exchange organization. In most cases, implementing the standard migration is easier, but the external migration has the advantage that you can change the domain and Exchange organization structure. Objectives After completing this unit, students will be able to:
!

Identify the underlying causes when a user cannot access their mailbox after a migration and resolve the problem. Identify the underlying causes when a user cannot send e-mail to the Exchange 5.5 organization during a migration and resolve the problem. Identify the underlying causes when a user cannot send e-mail to some users during a migration and resolve the problem.

!

!

2

Unit 9: Troubleshooting the Migration to Exchange 2003

Standard Migration Overview

*****************************ILLEGAL FOR NON-TRAINER USE****************************** A standard migration involves upgrading the existing Exchange 5.5 organization to an Exchange Server 2003 organization. This migration path is the easiest to take, because you can just prepare Active Directory for Exchange Server 2003, install Exchange Server 2003 servers, and then move mailboxes, public folders, and connectors from the Exchange 5.5 servers to the Exchange Server 2003 servers. There are no coexistence issues in a standard migration. Preparing Active Directory Before you can install Exchange Server 2003, you need to create an Active Directory Forest and then prepare the forest for a computer running Exchange Server 2003. A computer running Exchange Server 2003 stores all its configuration and recipient information in Active Directory, so it cannot install Exchange 2003 in a Windows NT domain. The first step in migrating from Exchange 5.5 to Exchange Server 2003 is to perform a domain migration from Windows NT to Windows Server 2003 Active Directory. There are two primary ways to perform this migration:
!

Creating and populating the Active Directory forest

Upgrade existing Windows NT 4.0 domain to Active Directory domains. With this option, you upgrade the domain by upgrading the primary domain controller from Windows NT 4.0 to Windows Server 2003. After the operating system upgrade is completed, the domain is also upgraded to Windows Server 2003 Active Directory. Upgrading the domain in this way retains the security identifier (SID) for each user and group account, which means that user access to domain resources is not affected. Use Active Directory Migration Tool (ADMT) to migrate users and computers from a Windows NT 4.0 domain to an Active Directory domain. With this option, you create a new Active Directory domain and then use the ADMT to create cloned user accounts from the Windows NT domain in the Active Directory domain. When you clone the user accounts, you can retain the SID that the users had in the Windows NT domain by using the SIDHistory attribute, so that users can log into the Windows Server 2003 domain and retain access to resources in the Windows NT domain.

!

Unit 9: Troubleshooting the Migration to Exchange 2003

3

In some cases, you may use a combination of the two migration options. For example, you may upgrade one of your Windows NT domains, and then use ADMT to migrate users and computers from other domains into the upgraded domain. Implementing Active Directory Connector After you populate Active Directory with Windows NT 4.0 user and group accounts, the next step is to connect your Exchange 5.5 directory to Active Directory. To do this, you must implement the Active Directory Connector (ADC). The ADC synchronizes mailbox and distribution list information from the Exchange 5.5 directory to Active Directory user accounts and groups, thereby eliminating the need for re-entering this data in Active Directory. One issue that you need to confront before you implement the ADC is that, in Windows NT 4.0 and Exchange 5.5, you could have a user account that was the primary NT account for more than one mailbox. Active Directory and Exchange 2003 no longer allow a user account with more than one mailbox. You can use the Resource Mailbox Wizard from the ADC Tools to match the appropriate primary mailbox to the Active Directory account and stamp other mailboxes with the NTDSNoMatch value, which designates the mailboxes as resource mailboxes. If you do this, the ADC will create new user accounts for the resource mailboxes in Active Directory. Run ForestPrep After you configure the Active Directory Connector, run Exchange 2003 Setup using the ForestPrep command-line switch. Exchange 2003 ForestPrep extends the Active Directory schema to include Exchange-specific classes and attributes. ForestPrep also creates the container object for the Exchange organization in Active Directory. You need only run ForestPrep once in a forest. The account you use to run ForestPrep must be a member of the Enterprise Admins and the Schema Admins groups. You must also designate an account that has Exchange Full Administrator permissions to the organization object. This account will be granted the authority to install and manage Exchange 2003 throughout the forest. This account also will be granted the authority to delegate additional Exchange Full Administrator permissions after the first server is installed. Run DomainPrep After you run ForestPrep and allow time for replication, you must run Exchange 2003 DomainPrep. DomainPrep creates the groups and permissions necessary for Exchange servers to read and modify user attributes. The account you use to run DomainPrep must be a member of the Domain Admins group in the local domain and must also be a local computer administrator. You must run DomainPrep in the forest root domain, in all domains that will contain Exchange 2003 servers, and in all domains that will contain Exchange Server 2003 recipients. After you finish preparing the Active Directory forest, you can begin installing Exchange 2003 servers. When you install the initial Exchange 2003 server into an Exchange 5.5 site, Exchange 2003 Setup creates an administrative group that maps to the Exchange 5.5 site, and also creates a configuration connection agreement between Active Directory and your Exchange 5.5 site. Configuration connection agreements replicate Exchange-specific configuration information between the Exchange 5.5 directory and Active Directory. These agreements help Exchange 2003 to coexist with previous versions of Exchange. Exchange Server 2003 automatically manages the configuration connection agreements.

Installing Exchange Server 2003

4

Unit 9: Troubleshooting the Migration to Exchange 2003

Moving mailboxes, public folders and connectors

The final migration task is to move your Exchange 5.5 mailbox, public folder contents and the messaging connectors to Exchange 2003 servers. To move mailboxes from an Exchange 5.5 server to an Exchange 2003 server in the same administrative group, use the Exchange Task Wizard in Active Directory Users and Computers. With the Exchange Task Wizard, you can select user accounts with mailboxes on the Exchange 5.5 server and move multiple mailboxes at one time to the Exchange 2003 servers. When moving mailboxes from an Exchange 5.5 server in one administrative group to an Exchange 2003 server in another administrative group, you will need to use a tool like Exmerge. Exchange Server 2003 includes the Microsoft Exchange Public Folder Migration Tool (pfMigrate) which is used to migrate both system folders and public folders from Exchange 5.5 servers to Exchange 2003 servers. You can use pfMigrate to create system folders and public folder replicas on the new server and, after the folders have been replicated, you can remove the replicas from the source server. The pfMigrate tool is run from the Exchange Server Deployment Tools, which are launched automatically when you access the Exchange Server 2003 installation media. In order to migrate messaging connectors from Exchange 5.5 servers to Exchange 2003 servers, you will need to configure new connectors on the Exchange 2003 servers that provide the same functionality as the connectors on Exchange 5.5. If you configure the Exchange 2003 connectors with a lower cost, all messaging traffic will start flowing through the Exchange 2003 connectors. After confirming that all messages are using the Exchange 2003 connectors, you can delete the connectors from the Exchange 5.5 servers. Note The Exchange Server 2003 compact disk includes the Exchange Server Deployment Tools which consists of tools and documentation that help with your migration. You should use the Exchange Server Deployment Tools to guide you through the migration process.

Unit 9: Troubleshooting the Migration to Exchange 2003

5

External Migration Overview

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Another option for performing an Exchange migration is to create an Exchange 2003 organization, and then migrate all Exchange objects such as mailboxes, public folders and custom recipients from the original Exchange 5.5 organization to the new Exchange 2003 organization. Performing an external migration can be significantly more complicated than a standard migration, especially if the migration will take an extended period and you require coexistence between the two organizations during the migration. The first steps in an external migration are similar to the standard migration. Preparing Active Directory To prepare the Active Directory forest for an external migration, you must install a new Active Directory forest and then use ADMT to migrate user accounts into the new forest. In most cases, you will migrate the user accounts from the Windows NT domain before you migrate the mailboxes. This means that the users may be logging into the Active Directory domain, but still attempting to access their mailboxes on the Exchange servers in the Windows NT domain. To allow migrated users to continue to access their Exchange 5.5 mailboxes, you must choose to migrate the user SIDHistory from the Windows NT domain. You also need to run ForestPrep and DomainPrep in the new Active Directory forest. You must migrate the Exchange 5.5 mailbox ACLs if you need your migrated users to continue to have access to their Exchange 5.5 mailbox for any period after the user account migration is completed. To do this, use ADMT to modify the primary NT account attribute on the mailboxes on the Exchange 5.5 servers to use the cloned Active Directory accounts.

6

Unit 9: Troubleshooting the Migration to Exchange 2003

You must also install and run the Active Directory Connector as part of an external migration. Similar to a standard migration, you should use the Resource Mailbox Wizard to populate the resource mailbox attribute with the NTDSNoMatch value to ensure that the ADC will create the appropriate user accounts in Active Directory. If you are performing an external migration, however, you must configure an interorganization connection agreement when you configure the connection agreements in the ADC. This connection agreement synchronizes information between the Exchange 5.5 organization and the Active Directory forest. You cannot use the Exchange Deployment tools to create an interorganization connection agreement. Installing Exchange Server 2003 In an external migration, you can start installing Exchange 2003 servers after you have run ForestPrep and DomainPrep. Because the servers are in an organization different from the original Exchange 5.5 organization, you can deploy the servers early in the migration project and test mail connectivity without affecting the production environment. You can also configure all the messaging connectors in the new organization, confirm that messages flow throughout the organization, and confirm that messages are flowing to and from the Internet. The Exchange Server Migration Wizard can be used to migrate mailboxes from an Exchange 5.5 server in one organization to an Exchange 2003 server in another organization. The wizard extracts data from other messaging systems and imports that data into Active Directory and the Exchange store. The wizard can add new users to Active Directory if you migrate mailboxes that do not already have a corresponding user account in Active Directory, and it adds new e-mail and calendar data to the Exchange store for any new user accounts that are created during migration. You can use the wizard to migrate all the information in the Exchange 5.5 mailboxes including: inbox, drafts, sent items, calendar, tasks, custom folders created by the mailbox owner, and contacts. After you move the mailboxes, you can replicate the public folders. To replicate public folders between the different Exchange organizations, use the InterOrg Replication Utility. This utility allows the coordination of meetings, appointments, contacts, and public folder information between Exchange organizations. Coexistence during migration An external migration is usually much more complicated than a standard migration. The primary reason for this complication is that the migration can take an extended period in a large corporation. During this migration project, you not only have to support two Exchange organizations, but you also have to manage the coexistence between the two organizations. In most cases, companies cannot afford any extended disruption in messaging services. There are many issues that you may need to deal with during the period of coexistence, including:
! ! ! !

Moving mailboxes and public folders

Message routing between the two organizations. SMTP address sharing between the two organizations. Maintaining current global address list information in both organizations. Dealing with client configuration issues in both organizations. Note The lab in this unit deals with several of the coexistence issues that can arise during an external migration. The toolkit resources in the lab provide alternatives for dealing with and troubleshooting these issues.

Unit 9: Troubleshooting the Migration to Exchange 2003

7

Troubleshooting Migration Issues

*****************************ILLEGAL FOR NON-TRAINER USE****************************** The migration from Exchange 5.5 to Exchange Server 2003 is a complicated procedure. There are many opportunities for the migration to go wrong and, as a result, many troubleshooting opportunities. Troubleshooting Active Directory preparation Preparing the Active Directory forest is the first step in an Exchange migration. There are several points at which this preparation could fail. One simple way to minimize problems during migration is to use the Exchange Deployment Tools whenever possible. Using the following guidelines when troubleshooting Active Directory Migration Tool issues:
!

Troubleshooting the Active Directory Migration Tool

Check Domain Controller availability. In order to migrate user accounts from one domain to another, the workstation or server where you run the ADMT must be able to connect to domain controllers in both domains. Use the DCDiag command-line tool to test connectivity. If the domain controllers are not accessible, check DNS or WINS to determine connectivity issues. Verify source domain controllers are NT 4.0 SP4 or higher. The Windows Server 2003 version of ADMT requires that the NT 4.0 domain controllers have at least SP4 or higher installed. Verify two way trusts between the domains. In order to migrate user accounts, each of the two domains must be configured with a two-way trust with the other domain. Use Windows Server 2003 Active Directory Domains and Trusts to verify the trusts. If the trusts are listed, but cannot be verified, delete the trusts from both domains and recreate them. Verify that you have administrative permissions in both domains. To migrate the user accounts, you must be a member of the Administrators group on the Windows NT domain controllers, and a member of the Domain Admins group in the Windows Server 2003 domain. In most cases, the easiest way to configure this is to add your user account to both groups. The trusts between the domains must be in place before you can add your user account to the Windows NT group.

!

!

!

8

Unit 9: Troubleshooting the Migration to Exchange 2003
!

Verify that the Windows Server 2003 domain is at Windows 2000 Native functional level or higher. To populate the SIDHistory attribute, the destination domain must be at this functional level. If the domain is not at the required functional level, determine if there is any reason why the domain functional level has not been raised. If possible, raise the functional level to at least Windows 2000 Native before running the ADMT.

Troubleshooting ForestPrep and DomainPrep

Using the following guidelines when troubleshooting ForestPrep and DomainPrep issues:
!

Verify that you have the required administrative rights. To run setup with the ForestPrep command-line option, you must use a user account that is a member of the Schema Admins and Enterprise Admins group. To run setup with the DomainPrep command line option, you must be a member of the Domain Admins group in the domain that you are preparing. Verify that the schema master domain controller is available. To run ForestPrep, the schema master must be accessible on the network. As a best practice, you should run ForestPrep on the domain controller that holds the schema master role. Verify that the domain naming master is available. In order to run DomainPrep, the domain naming master must be accessible on the network.

!

!

Troubleshooting Active Directory Connector

Using the following guidelines when troubleshooting Active Directory Connector issues:
!

Verify correct Active Directory Connector version is installed. To synchronize Exchange 5.5 information to Windows Server 2003 Active Directory, you must use the Exchange Server 2003 or the Windows Server 2003 version of the Active Directory connector. To replicate configuration information from the Exchange 5.5 organization to Active Directory, you must use the Exchange Server 2003 version of the ADC. If you have already implemented Active Directory Connector using the Exchange 2000 version, you must upgrade the ADC to the Exchange Server 2003 version throughout your organization. Check the Connection Agreement configuration. If the ADC is not replicating directory information as you expected, there are several configuration settings on the ADC that you can review: • Check the replication direction. The connection agreement can be configured to replicate from Exchange to Active Directory, from Active Directory to Exchange or both ways. If directory information is only being replicated in one direction, then check the replication direction. • Check the user account permissions. To configure a two-way connection agreement, you must provide a user name and password for user accounts that have read and write permissions in both Active Directory and Exchange 5.5. If information is not being replicated in one direction, check the permissions assigned to the user account.

!

Unit 9: Troubleshooting the Migration to Exchange 2003

9

• Check the source and destination directory containers. If the replicated objects are not appearing where you expected in either directory, then check the destination container. If some objects are not being replicated at all, then check the source directory container. • Check the primary connection agreement configuration. If you have more than one Exchange 5.5 site or more than one Active Directory domain and duplicate objects are being created in either directory, then check the primary connection agreement configuration. The primary connection agreement setting specifies where new objects will be created the other directory, and if you have two connection agreements that are configured as primary, duplicate objects may be created. Troubleshooting mailbox migration Using the following guidelines when troubleshooting mailbox migration issues:
!

Verify availability of both servers. If you cannot migrate mailboxes from one server to another, then verify that both the Exchange servers are available. If you are using one of the migration tools in Exchange Server 2003 to move the mailboxes, the tool will tell you which server is not available. If one server is not available, try opening a mailbox on the server using an e-mail client from a workstation. If you can connect using the e-mail client, then check the network configuration of the server where you are running the migration tool. If you cannot open the mailbox using an e-mail client, then check the network connectivity to the server, and ensure that all required Exchange services are running on the server. Must have Send As and Receive As permissions when using Exmerge. To migrate mailboxes to an Exchange 2003 server, you must use a user account that has Send As and Receive As permissions for every mailbox that you migrate. In an Exchange 5.5 organization, the Exchange service account has these permissions.

!

Troubleshooting client issues

Using the following guidelines when troubleshooting client issues:
!

Check the profile configuration. Whenever a user mailbox is moved from one site to another or from one organization to another, the user profile must be modified on the user workstation. In some cases, you can just reconfigure the user profile to use the new Exchange server in the new organization. However, there are several issues that can complicate the client reconfiguration. For example, if the client is using an offline folder store (.ost file), the .ost file must be deleted and recreated after the mailbox is moved. If the user has problems with their e-mail profile after the migration, often the easiest solution is to delete the profile and recreate it. Troubleshooting mailbox connectivity issues before moving the mailbox. In some cases, users cannot connect to their mailbox after you run the ADMT. If the mailboxes are still on the Exchange 5.5 servers, and the users are logging into the Active Directory domain, verify that the SIDHistory attribute is populated on the user accounts. If you have run the Exchange Directory Migration Wizard in ADMT, then verify that the primacy NT accounts on the Exchange mailboxes have been changed to the Active Directory accounts.

!

10

Unit 9: Troubleshooting the Migration to Exchange 2003
!

Troubleshooting mailbox connectivity issues after moving the mailbox. In some cases, users cannot connect to their mailboxes after the migration. The first step in troubleshooting is to verify that the client workstation has network connectivity to the server, and that the client can resolve the server name. If the client workstation can connect to the server, then check the mailbox permissions. If the user account was the primary NT account for multiple mailboxes on the Exchange 5.5 server and the NTDSNoMatch attribute was not configured correctly, the user’s account may be linked to a resource mailbox and a new account created for the user’s personal mailbox. Note The lab in this module includes a client connectivity issue that you need to troubleshoot. For additional information on client configuration issues that you may need to troubleshoot, review the toolkit resources included in the lab.

Unit 9: Troubleshooting the Migration to Exchange 2003

11

Pre-Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** The migration from Exchange 5.5 to Exchange Server 2003 is a complicated process. This unit discussed two options for migrating from Exchange 5.5 to Exchange Server 2003; either by performing a standard migration or by performing an external migration. The lab in this unit assumes that you have started an external migration. The lab is configured to simulate an environment where you have migrated all the user accounts to Active Directory and you have moved some mailboxes to Active Directory. This means that you have two Exchange organizations that must coexist. In this scenario, a number of issues could arise that you need to troubleshoot. In this context, discuss what problems might cause the following symptoms:
! !

Users cannot access their mailboxes using their Microsoft Outlook® client. Internet e-mail is not being delivered to some users while it is being delivered to other users. A user cannot send e-mail to some users, but can send e-mail to other users.

!

12

Unit 9: Troubleshooting the Migration to Exchange 2003

Lab: Troubleshooting the Migration to Exchange 2003

*****************************ILLEGAL FOR NON-TRAINER USE****************************** For more information on completing this lab, see Appendix A, “Lab Guidance,” located at the back of the student workbook. After completing this lab, you will be able to:
!

Identify the underlying causes when users cannot access their mailboxes after a migration and resolve the problem. Identify the underlying causes when a user cannot send e-mail to the Exchange 5.5 organization during a migration and resolve the problem. Identify the underlying causes when a user cannot send e-mail to some users during a migration and resolve the problem. Important This lab focuses on the concepts in this unit and as a result may not comply with Microsoft security recommendations. For instance, this lab does not comply with the recommendation that you should not log on using an administrative account.

!

!

Lab scenario

In this lab, you will troubleshoot errors that may appear during a migration from Exchange 5.5 to Exchange Server 2003. The lab environment simulates an external migration in which the Contoso Exchange 5.5 organization is being migrated to the Northwind Traders Exchange Server 2003 organization. The lab scenario assumes that the migration is partially completed and the two Exchange organizations coexist while the migration is completed.

Unit 9: Troubleshooting the Migration to Exchange 2003

13

Lab Domain Configuration

The following diagram illustrates how the relevant domains are configured in the scenario.

Important In this scenario, all the user accounts in the Contoso domain have been migrated to the Nwtraders domain. All users should be logging into the Nwtraders domain. The only exception is if you need to log in as Contoso\Administrator. Internet Message Routing Design The following diagram illustrates the message-routing design that is being implemented at Northwind Traders. All inbound and outbound Internet e-mail must be routed through London.nwtraders.msft.

14

Unit 9: Troubleshooting the Migration to Exchange 2003

Lab Virtual PC Configuration

For this lab, you will use the London Virtual PC and the Vancouver Virtual PC. To prepare for this lab: 1. Start 2011_London-Virtual PC, if it is not already started. 2. Log on as NWTraders\Administrator with a password of P@ssw0rd. You will use Outlook Web Access (OWA) on London to check e-mail for the affected users in the lab scenarios. 3. Start the 2011_Vancouver Virtual PC.

Navigating the flowchart

In this lab, you will use the flowcharts and the Lab Toolkit resources to identify and resolve the problems described in the scenarios. You will need to read the scenario, the Level 1 support comments, and then use the flowcharts to identify the root cause of the problem. You will then need to perform the test case presented at each decision point in the flowchart to determine which path to follow. Use the letters on the flowchart to identify the Toolkit Resources that you can use to help troubleshoot the problem. After you identify a potential solution, make the configuration change and then test your solution. When your solution resolves the problem presented in the scenario, you have successfully completed the lab.

Unit 9: Troubleshooting the Migration to Exchange 2003

15

Lab Toolkit Resources
Flow Chart Resources E

If necessary, use one or more of the following lab toolkit resources to help you complete this lab:
Resources Used for this Flow Chart Help: Exchange 2003. Configuring an SMTP Connector. To locate this information, open the Exchange System Manager, click Help, then click Help Topics, and then click Search. Search for SMTP Connector and then select Install an SMTP Connector. Help: Exchange 2003. Configuring Diagnostic Logging. To locate this information, open the Exchange System Manager, click Help, then click Help Topics, and then click Search. Search for Diagnostic Logging and then select Configure Diagnostic Logging. Help: Exchange 2003: Tracking Messages. To locate this information, open the Exchange System Manager, click Help, then click Help Topics, and then click Search. Search for message tracking and then select Use the Message Tracking Center. Help: Exchange 2003. Viewing and Modifying Mailbox Permissions. To locate this information, search for Mailbox permissions and click the article named Manage Mailbox Permissions. Help: Exchange 5.5. Viewing and Modifying Mailbox Permissions. To view this information, open the Exchange Administrator and click a mailbox in the recipients’ container. Click the Permissions tab and then click Help.

C

D

E

C

D

E

A

B

A

B

D D

Help: Windows: Testing DNS. To locate information on locating resource records, open DNS administrator snap-in and search for Manage Resource Records. Help: Windows: Using NSLookup. To locate information on using NSLookup to test DNS, open a command prompt and type NSLookup to start the NSLookup tool, and then type Help. Help: Windows: Verifying Trusts between NT 4 and Windows Server 2003 domains. To locate information on verifying trusts search for Verify Trusts click the article entitled Verify a trust.

A

C C B A A B C C

D D D E E

Configuring a Shared SMTP Address Space Routing Messages During Migration Troubleshooting Addressing Errors Verifying That a Server is Online Verifying That the SIDHistory Attribute Is Populated on Migrated Objects

Estimated time to complete this lab: 90 minutes

16

Troubleshooting the Migration to Exchange 2003

End Start No

A
Can the user access their mailbox? No Yes 1. 2. 3. 4. Verify server is online Check client configuration and SID Check mailbox permissions Check domain trusts Did you modify Exchange 5.5 mailbox configuration or permissions? Restart Exchange 5.5 directory service

Yes

B
How many users are experiencing message delivery errors? One 1. Check recipient address 2. Check client configuration and SID 3. Check client address book configuration for addressing errors 4. Check mailbox permissions

Unit 9: Troubleshooting the Migration to Exchange 2003

E
Multiple Is message delivery failing for Internet e-mail? Yes Is the message being sent to the Internet? Yes 1. Verify server is online 2. Check message routing configuration to the Internet 3. Check SMTP connector configuration 4. Track messages 5. Enable diagnostic logging on transport

No, between the Exchange organizations

No, being received from the Internet

C
1. Verify server is online 2. Check addressing configuration in both organizations 3. Check if organizations are sharing an SMTP address space 4. Check message routing configuration between the organizations 5. Track messages 6. Enable diagnostic logging on transport

D
1. Verify server is online 2. Check message routing configuration from the Internet 3. Check DNS MX record configuration 4. Check if organizations are sharing an SMTP address space 5. Track messages 6. Enable diagnostic logging on transport

Troubleshooting the Migration to Exchange 2003

End Start No

A
No 1. Verify server is online 2. Check client configuration and SID 3. Check mailbox permissions 4. Check domain trusts Did you modify Exchange 5.5 mailbox configuration or permissions? Yes Restart Exchange 5.5 directory service

Can the user access their mailbox?

Yes

B
One 1. Check recipient address 2. Check client configuration and SID 3. Check client address book configuration for addressing errors 4. Check mailbox permissions

How many users are experiencing message delivery errors?

Unit 9: Troubleshooting the Migration to Exchange 2003

Multiple

17

18

Troubleshooting the Migration to Exchange 2003

E
Is message delivery failing for Internet e-mail? Yes Is the message being sent to the Internet? Yes 1. Verify server is online 2. Check message routing configuration to the Internet 3. Check SMTP connector configuration 4. Track messages 5. Enable diagnostic logging on transport

Unit 9: Troubleshooting the Migration to Exchange 2003

Multiple

No, between the Exchange organizations

No, being received from the Internet

C D

1. Verify server is online 2. Check addressing configuration in both organizations 3. Check if organizations are sharing an SMTP address space 4. Check message routing configuration between the organizations 5. Track messages 6. Enable diagnostic logging on transport

1. Verify server is online 2. Check message routing configuration from the Internet 3. Check DNS MX record configuration 4. Check if organizations are sharing an SMTP address space 5. Track messages 6. Enable diagnostic logging on transport

Unit 9: Troubleshooting the Migration to Exchange 2003

19

Exercise 1 Troubleshooting Solutions When Users Cannot Access Their Mailboxes
In this exercise, you will use the flowchart and the Lab Toolkit resources identified at the beginning of this lab to identify and resolve the problem in the scenario. Scenario Salman Mughal has entered a service request. The service request states that Salman is unable to access his mailbox. When he tries to open his mailbox, he gets an error message saying that he does not have permission to log on. Note Although Salman Mughal’s user account has been migrated to Nwtraders, his computer account is still located in the Contoso domain. To simulate this, log on to Vancouver as nwtraders\salmanmugha and then use Outlook 2000 on Vancouver to access Salman’s mailbox. Level 1 support comments “Talked to Salman, when he opens Outlook on his computer he gets an error message saying that he does not have permission to log on to the Exchange server. “Checked with the migration project. Salman’s user account was migrated on the weekend to the Nwtraders domain, and his mailbox is still on the Vancouver Exchange 5.5 server. Salman must log into the Nwtraders domain and access his mailbox on the Vancouver server. “His e-mail was working fine on Friday before they migrated his account.” You must resolve the problems so that Salman Mughal can access his mailbox on the Exchange servers. What did you determine to be the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

What steps did you take to identify and resolve the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

20

Unit 9: Troubleshooting the Migration to Exchange 2003

Exercise 2 Troubleshooting Solutions When Users Cannot Receive Internet E-Mail
In this exercise, you will use the flowchart and the Lab Toolkit resources identified at the beginning of this lab to identify and resolve the problem in the scenario. Lab note: This scenario requires that you send Internet e-mail to the London server to test whether you can send e-mail to all Northwind Traders and Contoso servers from the Internet as indicated in the diagram at the beginning of this lab. In earlier labs, you used the Vancouver to simulate the Internet e-mail server. This lab however, simulates a migration scenario where the Exchange 5.5 organization is being migrated to the Exchange Server 2003 organization. To simulate the Internet connection to London in this lab, use the following procedure: 1. From Vancouver, open a command prompt and type Telnet london 25. 2. Type ehlo. The server will respond with a listing of the functionality supported by the server. 3. Type mail from: Test@fabrikam.com 4. Type rcpt to: recipientname where recipientname is the full SMTP address for the recipient to whom you are sending e-mail. 5. If the Exchange server returns an error message indicating that relaying is not allowed for that domain, then you cannot send e-mail to the recipient. If the Exchange server returns a message such as 250 2.1.5 recipientname then the server will accept the message. 6. Type data 7. Type a short message and press ENTER. Type . (a period) and press Enter again. 8. Type quit to exit the telnet session. This procedure tests whether you can send an e-mail message from a recipient that is outside either Exchange organization to a user in the Exchange organization. Important When typing these commands in telnet, you must type each line without an error. If you make an error, press Enter and retype the line. You may wish to turn on echo to better identify typing errors in the Telnet window. Scenario Tawana Nusbaum has entered a service request. Tawana is the purchasing manager and her service ticket says that she is not receiving e-mail from Internet users. The Internet users are sending e-mail to Tawana’s TawanaNusba@Contoso.msft address and the e-mail is not being delivered to her mailbox on the London Exchange server. Other members of her team, whose mailboxes are still on the Vancouver Exchange 5.5 server, are also not receiving Internet e-mail.

Unit 9: Troubleshooting the Migration to Exchange 2003

21

Level 1 support comments

“Talked to Tawana. She is not receiving any e-mails from her suppliers on the Internet. She talked to other members of her team, and they are experiencing the same problem. “I checked with the migration team, Tawana’s mailbox just got migrated to the server running Exchange Server 2003 over the weekend. Some members of her team also had their mailboxes migrated. “I checked with Rebecca Laszlo, who is a member of Tawana’s team and whose mailbox is on the Exchange 5.5 server. Rebecca is also not receiving the e-mail messages from the Internet. “The suppliers on the Internet are using the address TawanaNusba@Contoso.msft to send e-mail to Tawana and RebeccaLaszl@Contoso.msft to send e-mail to Rebecca. “Tawana is really irritated by this, she says that she and all her team members rely a great deal on e-mail, and they have to be able to send e-mail to each other and to and from Internet clients.” You must resolve the problem so that Tawana Nusbaum and Rebecca Laszlo can send and receive e-mail from both Exchange organizations as well as Internet users. What did you determine to be the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

What steps did you take to identify and resolve the problem in this scenario? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________

22

Unit 9: Troubleshooting the Migration to Exchange 2003

Exercise 3 Troubleshooting Solutions When Users Cannot Send E-Mail to Some Recipients
In this exercise, you will use the flowchart and the Lab Toolkit resources identified at the beginning of this lab to identify and resolve the problem in the scenario. For this lab, you are resolving a problem for a user with a mailbox on the Vancouver Exchange 5.5 server. To troubleshoot the problem, log on to Vancouver using Nwtraders\RichardCarey and use Outlook 2000 to troubleshoot the e-mail delivery. Scenario “Richard Carey has entered a service request. His service request states that he is unable to send e-mail to Jim Kim at jimkim@nwtraders.msft. He can receive e-mail from everyone and can send e-mail to some people, like his coworker, Lynn Tsoflias at lynntsofl@nwtraders.msft, but not to another coworker, Jim Kim. “I spoke to Richard. Most of the time when he sends e-mail to other users, the e-mail goes through. However, once in a while he can’t send e-mail. “He says the delivery problems always seem to happen when he tries to send e-mail to the same people. He said that he can’t send e-mail to Jim Kim, his assistant. He said that he tried to reply to a message he received from Jim Kim, and he tried to send a message to Jim by typing Jim’s name in the To: box. In both cases, the messages are not being delivered. “I checked with the migration team. Richard’s user account has been migrated to the Nwtraders domain. Richard’s mailbox is still on the Exchange 5.5 server. Jim Kim’s mailbox has been migrated to the Exchange Server 2003 server. “I confirmed that Richard can send to some other user accounts, like Lynn Tsoflias, that have been moved to the new server.” You must resolve the problem so that Richard can send e-mail to Jim Kim. What did you determine to be the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ What steps did you take to identify and resolve the problem in this scenario? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________

Level 1 support comments

Unit 9: Troubleshooting the Migration to Exchange 2003

23

Lab Virtual PC Cleanup

For this lab, you used the Vancouver and London Virtual PCs. Please undo any changes that were made during your troubleshooting by closing each image. Important When you shut down the Virtual PCs using these instructions, all changes made to the Virtual PCs will be lost. To clean up after this lab: 1. On Vancouver, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and then click OK. 2. On London, on the menu, click PC, click Shut Down, click Turn off PC and undo changes, and thne click OK.

24

Unit 9: Troubleshooting the Migration to Exchange 2003

Lab Discussion

*****************************ILLEGAL FOR NON-TRAINER USE****************************** What steps did you follow in the troubleshooting flowcharts?
! ! ! !

What were the root causes of the problem described in the scenario? What steps did you use and how did the steps help identify the problem? What other steps could you have used to identify the problem faster? How did you test your solution?

How will you approach these types of troubleshooting issues in your work environment?
! ! !

What is different in your work environment than the test environment? How would your work environment change the troubleshooting process? What steps would you take in the future when troubleshooting similar problems?

THIS PAGE INTENTIONALLY LEFT BLANK

Unit 10: Troubleshooting an Exchange Server 2003 Organization
Contents
Overview Approach to Exchange Server 2003 Troubleshooting Challenge Information – Company Background Challenge Information – Service Request Log Challenge Information – Change Management Log Challenge Workshop Evaluation 1 2 5 6 9 11 13

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Unit 10: Troubleshooting an Exchange Server 2003 Organization

1

Overview

*****************************ILLEGAL FOR NON-TRAINER USE****************************** In the previous units of this course, you have had the opportunity to learn a great deal about troubleshooting a Microsoft® Exchange Server 2003 environment and about specific tools and processes for troubleshooting. In this unit, you will learn about using organizational procedures to assist with troubleshooting. You will also have the opportunity to test your skills with a Challenge Lab. Objectives After completing this unit, you will be able to:
!

Identify multiple issues affecting the messaging functionality within an organization. Troubleshoot the following: • Network connectivity • Public folders and mailboxes • Microsoft Outlook® Web Access (OWA) and Outlook Mobile Access (OMA) • Client connectivity • Server connectivity • Server performance • Security issues • Migration from Exchange 5.5 to Exchange 2003

!

2

Unit 10: Troubleshooting an Exchange Server 2003 Organization

Approach to Exchange Server 2003 Troubleshooting

*****************************ILLEGAL FOR NON-TRAINER USE****************************** The troubleshooting process requires an organized approach. If you do not use some type of organized approach, you may find yourself moving from one component or configuration setting to another, searching for the problem. Sample troubleshooting questions In many cases, the approach you take to troubleshoot a problem with the Exchange Server 2003 environment will be based on several questions that you ask yourself. These questions include:
Questions What changes have been made recently, according to the configuration management log? What you can learn Review the configuration management log, which all companies maintain manually, on a system-bysystem basis, or electronically. The log should track all changes that have been made to the environment. For example: You receive a service request stating that the user is unable to access e-mail using Internet Message Access Protocol version 4rev1 (IMAP4) through Microsoft Outlook Express. You review the configuration management log and see an entry from earlier that day stating that the IMAP4 virtual server was secured using a new certificate and is now able to support Secure Sockets Layer (SSL) connections. Based on these two circumstances, you might begin troubleshooting by checking the user’s Outlook Express configuration and helping him or her change it to support IMAP4 with SSL. Keeping the log updated will have significant value in your approach to troubleshooting.

Unit 10: Troubleshooting an Exchange Server 2003 Organization (continued) Questions Is the problem predictable or random? What you can learn

3

If the problem is predictable, there are tools to monitor computers running Exchange Server 2003 in your environment and other tools to monitor the services required by Exchange. For example, if you know that there are performance problems, and that they usually happen at 7:00 A.M. each day, use your troubleshooting tools to identify the component or components that are causing the poor performance. Intermittent, or random, performance problems are much more difficult to identify because you will have to log all of these processes continuously while waiting for the problem to resurface and expose itself. Intermittent problems are often related to defective hardware. For example, the hardware may run properly until it overheats or until a drive hits a certain spot on the disk. Sometimes you can force these problems to surface by using programs that stress your server components.

On what day and at which time did the problem occur?

It is very important to note the day and the time at which problems occur. If you are monitoring your servers, you should be able to review the entries in the logs (including the event logs) around those times to see if anything unusual is reported. If you know the business that you support, you may be able to do some detective work to figure out the problem. For example, if you know that Accounting has weekly closings every Wednesday at about 6:00 P.M., this will help you identify that the work they are performing might be the cause for the performance lapses at that time on the network.

Could the problem be related to Microsoft Active Directory®?

Since Exchange Server 2003 is closely tied to Active Directory, it is important to consider if the problem might be related to Active Directory issues. For example, are users complaining that e-mail address lookups took too long during the two hours that you had taken down one of the global catalog servers to repair a hard drive? It is important to note that Active Directory will have capacity issues that can be mitigated by adding new servers to balance the load. Also, there may be other applications that use Active Directory information that are causing performance problems in your Exchange Server 2003 environment.

4

Unit 10: Troubleshooting an Exchange Server 2003 Organization (continued) Questions What should be the priority of pending service requests? What you can learn Many administrators believe that first in first out (FIFO) is the proper way to address all service requests. However, this might not be reasonable if one problem is impacting a large number of people. It might make sense to escalate that problem and complete it first so that more people can be productive quicker. For example, fixing a problem with an external DNS Mail Exchanger (MX) record and restoring incoming Internet traffic for the entire company might be placed higher on the priority list of logged support calls than an individual user’s connectivity issue.

Unit 10: Troubleshooting an Exchange Server 2003 Organization

5

Challenge Information – Company Background

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Company background Contoso, Ltd., is an international organization of approximately 20,000 users. All users and all computers are members of the same domain: contoso.com. The data for the company is shown below:
Number of users 5,000 8,000 3,000 3,800 200 Exchange mailbox servers 4 6 4 3 1 Exchange public folder servers 1 2 1 1 1 Number of Active Directory domain controllers 5 (3 Global Catalog Servers) 7 (3 Global Catalog Servers) 4 (2 Global Catalog Servers) 4 (3 Global Catalog Servers) 2 (1 Global Catalog Server)

City Denver Vancouver Miami London Paris

The Exchange Server 2003 environment has been running without any major problems for the last two months. Network configuration Contoso’s business requirements are dependent on its network and its messaging environment. The company network design reflects this business need by:
! !

Connecting all offices to each other using leased T-3 lines. Connecting each office to two other offices so that all offices are connected redundantly. Connecting each physical location using routing group connectors. Providing each office with a T-1 connection to the Internet. Configuring each office to send outbound Internet e-mail. Receiving inbound Internet e-mail in Vancouver and then routing it to the proper Exchange.

! ! ! !

6

Unit 10: Troubleshooting an Exchange Server 2003 Organization

Challenge Information – Service Request Log

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Service Request Log Contoso, Ltd. uses three levels of technical support. When a call is made to the Support Center, all information gathered from the user is entered into the Service Request Log, as well as all progress and changes to the environment. As each service request is completed, it is logged and maintained. In the event that a similar problem presents itself in the future, first-level technical support personnel can read the log entries and try to fix the problem using the documented process. The service requests for the last week are listed below:
Problem description Unable to connect to mailbox using Outlook Express Notes and solution with support personnel initials ST – Ann is able to connect to Web sites from home, including the company Web server in Vancouver. Ann is not able to ping any Web sites on the Internet. We tried several that I know will respond to ping commands. BD – Talked to Exchange team; there are no problems with London. They have verified that its Exchange servers are all working correctly. Ann appears to have full Internet connectivity but she can’t connect to our Exchange server. SR – Ann states that when she tries to ping any Internet address, it does not even resolve the IP address. This sounds like a DNS issue. Helped Ann create a host file to resolve the front-end server for IMAP connections and now she can connect. It appears that Anne has a proxy server configured for her Web browsing through her ISP; that is why she can get to Web sites but is not able to ping.

User Ann Beebe

Location London

Unit 10: Troubleshooting an Exchange Server 2003 Organization (continued) User Bryan Baker Location London Problem description Unable to receive Internet e-mail Notes and solution with support personnel initials BK – Checked to make sure that Bryan’s mailbox is not full. He has been able to receive Internet e-mail in the past. Checked the Change Configuration log; there have not been any changes in the last two days that would impact Internet e-mail. Escalating to the network support group. JJ – The router for the T-1 and T-3 lines was down. The power circuit overloaded. It should now be fixed. Returning to Help Desk. BK – Checked with Bryan—all is OK. Closing request. Michael Allen Miami Unable to connect to Exchange from home office RF – Checked the Outlook Express configuration; everything seems to be configured correctly. Michael is able to ping the firewall and the Exchange server by name and IP. SR – Walked Michael through using Telnet on port 143 to test IMAP4 connectivity. Michael is unable to connect to port 143. Escalating to the network support group. JJ – After talking to Michael, found that he has a personal firewall that was configured to block 143. Problem is resolved. Closing request. Mike Tiano Miami Unable to connect internally using Outlook Web Access (OWA) Reports poor performance with Outlook while in Paris office RF – Mike was using the wrong OWA address for internal use. Gave him the correct URL and he is able to connect and run OWA. Request closed. KR – Verified that the Exchange server in Denver is up and running. Guy is able to connect to it, but it is slow when he tries to open e-mail, especially attachments. Referring to the network support group. JJ – The network is not a factor in this issue. None of the links between Denver and Paris are saturated; all have plenty of bandwidth available. KR – Tried to open Guy’s mailbox from here in Paris; can see that the performance is poor. It does not appear to be his computer. Forwarding to Exchange team. SR – Ran system monitor on the Denver server; its hard drives are running almost constantly. Checked with Denver operations. They know it is slow; it is currently running its backup. This is an off-peak time in Denver, even though it is early morning in Paris. Referred back to Help Desk to contact Guy. KR – Explained issue to Guy. He is not happy as he will be in Paris for next three to four months working on a project. He has asked that this be escalated to IT management for resolution since his work is severely slowed. Called SR in Exchange team and explained that Guy needs some resolution to the problem, as he will be in Paris for a longterm project. SR will move his mailbox to Paris.

7

Guy Gilbert

Denver

8

Unit 10: Troubleshooting an Exchange Server 2003 Organization

(continued) User Mike Tiano Location Miami Problem description Unable to connect externally using OWA Unable to open mailbox using Outlook 2003 Notes and solution with support personnel initials RF – Again, Mike was using the wrong OWA address. He bookmarked the address for internal use and tried to use it for external use. Helped him configure a new shortcut for external use and he is able to connect now. Request closed. FP – The Exchange server is up. Frank is able to ping his Exchange server. Checked Frank’s Outlook configuration and it is correct. Escalating to the network support group. JJ – There are no problems with the network connection between Frank and his Exchange server. Referring to Exchange team. SR – Frank’s storage group was offline for some unknown reason. Brought his storage group back online. Called Frank and made sure he was able to access his mailbox. He is up and running again. Closing service request.

Frank Lee

Vancouver

Unit 10: Troubleshooting an Exchange Server 2003 Organization

9

Challenge Information – Change Management Log

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Change Management Log As each Exchange administrator makes changes to the environment, the information is logged in a local Change Management Log. All of the Contoso, Ltd., Exchange administrators work in Vancouver. In the event of a messaging problem, the Exchange team consults the log and verifies that the changes made are not the cause of the current problem. Only second-level support and thirdlevel support members on the Exchange team are authorized to make changes to the Exchange Server 2003 environment. The change management log for last week is listed below:
Date Last week Administrator SR Change(s) made Changed the global settings to enable Outlook Mobile Access on ExchParis1, ExchDenver1, ExchLondon1, ExchVancouver1, and ExchMiami1. Enabled all check boxes for Exchange ActiveSync®. Updated the DNS settings on Miami Exchange servers to use the same DNS server, DC2, for their DNS. Shut down and removed ExchParis3. Redeployed the server for Remote Installation Services (RIS) for the Paris location; new name is RISParis1. Finished moving the mailboxes on the old Exch55Denver Exchange 5.5 server to their new locations on the other Exchange servers in the environment. Removed the Active Directory Connector (ADC) and removed all Site Replication Service (SRS) instances. Renewed the certificate used for OWA access in London.

Last week

SR

Last week

SR

Two days ago

SV

Two days ago

SV

10

Unit 10: Troubleshooting an Exchange Server 2003 Organization (continued) Date Yesterday Administrator SR Change(s) made Added another storage group to ExchLondon3 for VIPs. Configured the backup software to do bricklevel backups of the new storage group mailbox stores. Moved mailboxes from ExchLondon3 to ExchLondon1 and ExchLondon2. ExchLondon3 appears to have a corrupt mailbox store. Once all mailboxes were moved, deleted the store and created a new mailbox store. Have not moved mailboxes back yet; will wait a week to make sure that ExchLondon3 is stable. Upgraded the antivirus software on all Denver Exchange servers. It is now currently running and appears to be working.

Today

SR

Today

SV

Unit 10: Troubleshooting an Exchange Server 2003 Organization

11

Challenge

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Overview Review the information included in the above Challenge Information pages to become familiar with the company and its current history associated with the Exchange Server 2003 environment. As a class, prepare any questions that you may have for your instructor. Be prepared to ask your instructor about any particular settings and what they would look like, and also be prepared to explain what you hope to find and how you think it will help your class troubleshoot the scenario. Your instructor will be able to tell you the results of your query or test if you can properly explain how you would search for the setting and how you would test functionality of a service or process. For more information on completing this lab, see Appendix A, “Lab Guidance,” located at the back of the student workbook. Your job is to resolve the problems presented in the following scenarios. After completing this challenge, you will be able to identify multiple issues affecting the messaging functionality within an organization. Estimated time to complete this challenge: 60 minutes Scenario 1 David Campbell has placed a service request. He states that he is unable to access his e-mail. The Help Desk documentation states that David is based in Denver and has just received a new laptop. He logged into the laptop and tried to start Outlook 2003. During the setup wizard, he entered ExchDenver1 for his Exchange server and DCampbell for his user name. It resolved properly for him. However, when he tried to take the next step by clicking Next, Outlook 2003 froze for several minutes. David was then able to click Finish and complete his Outlook profile. His computer again froze for several minutes.

12

Unit 10: Troubleshooting an Exchange Server 2003 Organization

Scenario 2

Ben Smith has called in a service request. Ben states that he is unable to access his Exchange mailbox this morning. He states that he has never had any problems before; however, when he brought in his laptop this morning and plugged it in, he was unable to open his e-mail. Ben is a vice president, so this has been escalated directly to the Exchange team. Janet Sheperdigian has called in a service request. She just had a security team member audit her work environment at home and he said that he was able to capture all her e-mail to and from members in the company as well as all her e-mail to and from the Internet. Janet is based in Vancouver and company policy says that all international offices must have remote e-mail secured so that all messaging traffic between remote e-mail users and the company network is encrypted. Because this is such a high-level security issue, it has been escalated directly to the Exchange team. H. Brian Valentine has called in a service request. He states that he is unable to access his e-mail using OWA. He is based in London. He says that he was able to access OWA last week, but today he is no longer able to access it. Jeff Hay has called in a service request. He states that he is unable to send encrypted e-mail to one of the company business partners, Tai Yee. He says that when he tries to send encrypted e-mail, his Outlook 2003 client indicates that Outlook has problems encrypting the message because of missing or invalid certificates. Jeff states that he has a valid certificate and uses it all the time. Scott Bishop has entered a service request. He states that his Outlook 2003 client is extremely slow. Every time he clicks on a message, it takes about 15–20 seconds before it will open up. Scott is based in London.

Scenario 3

Scenario 4

Scenario 5

Scenario 6

Unit 10: Troubleshooting an Exchange Server 2003 Organization

13

Workshop Evaluation

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Your evaluation of this workshop will help Microsoft understand the quality of your learning experience. To complete a workshop evaluation, go to http://www.CourseSurvey.com. Microsoft will keep your evaluation strictly confidential and will use your responses to improve your future learning experience.

THIS PAGE INTENTIONALLY LEFT BLANK

Appendix A: Lab Guidance

Contents
Unit 1: Introduction to Troubleshooting Exchange Server 2003 Unit 2: Troubleshooting Network Connectivity Unit 3: Troubleshooting Public Folders and Mailboxes Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access Unit 5: Troubleshooting Client Connectivity Unit 6: Troubleshooting Server Connectivity Unit 7: Troubleshooting Server Performance Unit 8: Troubleshooting Security Issues Unit 9: Troubleshooting the Migration to Exchange 2003 Unit 10: Troubleshooting an Exchange Server 2003 Organization 1 2 4 6 8 10 12 14 16 18

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Appendix A: Lab Guidance

1

Introduction
This document is intended to assist you with the troubleshooting labs in Workshop 2011A, Troubleshooting Microsoft® Exchange Server 2003. You should use this document to obtain additional guidance and direction during the troubleshooting process. Although there are potentially several approaches to the resolution of the problems presented in the labs, this document describes only one possible method to identify and resolve each problem. This method is provided in the section corresponding to each workshop unit and lesson.

Unit 1: Introduction to Troubleshooting Exchange Server 2003
Lab: Exploring the Troubleshooting Environment
Exercise 1: Troubleshooting a Mapped Network Drive There are five goals in this exercise: 1. Become familiar with the purpose of flow charts in this workshop. 2. Prepare yourself mentally for troubleshooting in general. 3. Resolve the problem identified in the scenario by using the flow chart. 4. Become comfortable documenting problems and solutions. 5. Become comfortable with post-lab discussions. The problem that you are troubleshooting in this lab is intentionally simple in order to help you learn how to use the flow chart, and was chosen because most Microsoft Windows® administrators have a great deal of experience with mapping network drives and troubleshooting problems with mapped network drives. You should follow the steps in the flow chart in order to identify the problem described in the scenario. It is important that you become comfortable using the flow chart in this exercise, because all subsequent exercises in this workshop will incorporate flow charts. Once you identify the problem, you must document your solution. At the end of each lab in this workshop, you will discuss with the class your approach to troubleshooting the problem and your findings during troubleshooting. To resolve the problem in this scenario: 1. Log on to the London Virtual PC and restart the server service on London. Restart all other failed services that are dependent on the server service. 2. Share the kdrive folder on London. 3. Log on to the Acapulco Virtual PC and map the K drive to \\london\kdrive. 4. Test the connection by opening the test files. Exercise 2: Configuring Common Troubleshooting Components In this exercise, you will walk through the process of configuring both logging and monitoring of the various Exchange Server 2003 components. There is no goal for this exercise other than to explore these settings. The settings configured in this exercise will be saved for your future use throughout this workshop.

2

Appendix A: Lab Guidance

Unit 2: Troubleshooting Network Connectivity
Lab: Troubleshooting Connectivity Problems
Exercise 1: Troubleshooting Internal User E-Mail Failure In this exercise, Jeff Pike cannot send e-mail to Mindy Martin. Mindy is located on the Miami Virtual PC and Jeff is located on London. To resolve the problem in this scenario: 1. Configure Microsoft Outlook® 2003 on Acapulco for Jeff Pike and try sending e-mail to users with mailboxes on London. Jeff can send and receive e-mail to and from others on London. 2. Try sending e-mail to Mindy Martin (mindymarti). Mindy has a mailbox on Miami (as does every user whose name begins with “Mi”). Jeff is unable to successfully send e-mail to any users on Miami. This can be tested by accessing Mindy’s mailbox using Outlook Web Access (OWA) on Miami. 3. Check DNS and network routes and the problem should be discovered. Miami has an incorrect DNS address registered on London’s DNS server. 4. Correct Miami’s DNS A record on London; London users should now be able to send e-mail to and receive e-mail from Miami users. Miami’s IP address is 192.168.1.2. You may need to flush the DNS cache on London in order to force London to recognize the updated IP address in DNS. To flush the DNS cache, open a command prompt on London and type ipconfig /flushdns Exercise 2: Troubleshooting when a Remote User Is Unable to Receive E-Mail In this exercise, Brian Clark is unable to access his e-mail from home using Outlook Express. To resolve the problem in this scenario: 1. Configure an Internet Message Access Protocol version 4rev1 (IMAP4) mail account in Outlook Express on Acapulco. When prompted to download folders, you should receive an error that the connection to the server has failed. 2. Configure Outlook Express or use OWA on Acapulco for another messaging user on London and try sending e-mail to Brian Clark. Brian’s mailbox information in Exchange System Manager should increment, but Brian cannot connect to the server to access the message. 3. Since Brian is using Outlook Express, the next step in the flow chart includes testing the protocol virtual servers. At this point it should be discovered that IMAP4 is not running. 4. Start the IMAP4 service and protocol virtual server on London and test email to and from Brian and another user on London. Brian should now be able to connect to the server using IMAP4 and send and receive e-mail.

Appendix A: Lab Guidance

3

Exercise 3: Troubleshooting when a Company is Not Receiving Internet E-Mail

In this exercise, Brenda Diaz cannot receive or send Internet e-mail. You must configure a messaging client on the Vancouver Virtual PC to send and receive e-mail from London. Because Vancouver is in Contoso.msft and London is in NWTraders.msft, you can use Vancouver to simulate an Internet host. To resolve the problem in this scenario: 1. Configure Outlook 2003 on Acapulco for Brenda Diaz and try sending e-mail to users with mailboxes on London. This should be successful. 2. Use Outlook 2003 on Acapulco and try sending e-mail to users with mailboxes on Vancouver using their @contoso.msft addresses. The e-mail should not be delivered. 3. Use Outlook 2000 on Vancouver and try sending e-mail to users with mailboxes on London using their @nwtraders.msft e-mail addresses. The e-mail should not be delivered. 4. Testing for Simple Mail Transfer Protocol (SMTP) Deny should not uncover a problem. 5. Testing for mail exchanger (MX) records should reveal that there are no MX records for the nwtraders.msft domain or the contoso.msft domain. 6. Edit the existing (same as parent folder) A record for NWTraders.msft to 192.168.1.1. If there is no “same as parent folder” entry, create one using 192.168.1.1. Add an MX record for NWTraders pointing to london.nwtraders.msft. E-mail should now send properly from Contoso to NWTraders (Contoso uses London for DNS). 7. Add an A record for Contoso.msft for 192.168.1.3. and then add an MX record for Vancouver.contoso.msft. E-mail should now send properly from NWTraders to Contoso. It may take a few minutes for messages to flow correctly in both directions after DNS is repaired.

4

Appendix A: Lab Guidance

Unit 3: Troubleshooting Public Folders and Mailboxes
Lab: Troubleshooting Public Folder and Mailbox Problems
Exercise 1: Troubleshooting Solutions When a User Cannot Send Internal E-Mail In this exercise, Bryan Walton cannot send or receive any e-mail to or from internal or external users. To resolve the problem in this scenario: 1. Attempt to open the mailbox by using OWA from London. You should receive “The page cannot be found” error message. 2. In Exchange System Manager, verify that Bryan Walton is in the global address list (GAL). He is in the GAL. 3. Check Bryan’s e-mail addresses on his Microsoft Active Directory® object. His e-mail addresses are missing and the Recipient Update Service update box is unchecked. Check the box. 4. Browse to the Default Recipient Policy in Exchange System Manager and apply the policy. 5. Force an immediate update of the Recipient Update Service. 6. In Active Directory Users and Computers, verify that the correct e-mail addresses are now listed. 7. To verify that the problem is solved, open Bryan’s mailbox using OWA and verify that he can send and receive e-mail to and from nwtraders\administrator and contoso\administrator. Exercise 2: Troubleshooting Solutions When a User Cannot Receive Internet E-Mail In this exercise, Andy Teal cannot receive e-mail from the Internet. You must use Vancouver to simulate an Internet host. To resolve the problem in this scenario: 1. From Vancouver, open the Administrator mailbox using Outlook and send an e-mail to andyteal@nwtraders.msft. You should receive a non-delivery report (NDR). 2. On London, look at Andy Teal’s properties in Active Directory Users and Computers. He has a false e-mail address. 3. Change Andy’s SMTP e-mail address in Active Directory Users and Computers to andyteal@nwtraders.msft and then check the Policy Update box. 4. Open the Exchange System Manager on London, browse to the Default Recipient Policy, and apply the policy. 5. Force an immediate update of the Recipient Update Service. 6. Send another e-mail to andyteal@nwtraders.msft from Contoso\Admin. It should be delivered correctly.

Appendix A: Lab Guidance

5

Exercise 3: Troubleshooting Solutions When a User Cannot Post to a Public Folder

In this exercise, Ben Smith cannot post to a public folder. To resolve the problem in this scenario: 1. Open Ben Smith’s mailbox using OWA. 2. Open Public Folders and open SalesReports. Ben is able to open the folder but receives an error when attempting to post. 3. Check permissions on SalesReports. Only the SalesGroup and London Admin have permissions. 4. In Active Directory Users and Computers, check membership of SalesGroup. Notice that Ben is not a member of the group. 5. Add Ben to the membership of SalesGroup and attempt to post to SalesReports from Ben’s account by using OWA. Ben should be able to post to the public folder. (You may need to close OWA and log on again as Ben. If you add Ben Smith to the SalesGroup, you still may not be able to post to the public folder because the Exchange server has cached the directory service lookup. If you restart the Exchange System Attendant, the server cache will clear and you will be able to post to the folder using Ben’s account.)

6

Appendix A: Lab Guidance

Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems
Exercise 1: Troubleshooting Solutions When a User Cannot Access Outlook Web Access In this exercise, Amy Rusko is unable to access her mailbox by using Outlook Web Access. To resolve the problem in this scenario: 1. Log on to OWA as Amy Rusko from Miami or from your host computer. You should get an error. 2. Try to connect using https://miami/exchange. You should get a “Page cannot be displayed” error. 3. Try to connect to the back-end server (http://london/exchange). You should get an error indicating that you need to use https://. 4. If you try to connect to https://london/exchange, you will be able to connect as Amy. This means that the virtual server on London is configured to require Secure Sockets Layer (SSL). 5. On London, open Internet Information Services (IIS) Manager, browse to the Exchange virtual directory, and access the properties. 6. On the Directory Security tab, under Secure Communications, click Edit and clear the check box to require SSL. 7. Attempt to connect to Amy’s mailbox by using OWA against the Miami front-end server. You should be successful. Exercise 2: Troubleshooting Solutions When a User Cannot Access Outlook Mobile Access In this exercise, Raman Iyer (nwtraders\ramaniyer) cannot access his mailbox using Outlook Mobile Access (OMA). To resolve the problem in this scenario: 1. Try to connect to Raman Iyer’s OMA mailbox using http://miami/oma. You should receive an HTTP 404 error. 2. Attempt to ping Miami by IP address and host name. Both should work. 3. Try connecting to OMA on the back-end server, London. OMA should not work on the back-end server. You should receive an error that your user account has not been enabled for wireless access. 4. In Exchange System Manager, select Mobile Services global settings and then enable OMA and unsupported devices. 5. On Miami, try connecting to OMA on the back-end server, London, by using the URL http://london/oma and Raman’s credentials. OMA should now work on the back-end server. 6. Try connecting to OMA on Miami, the front-end server, by using the URL http://miami/oma. This still won’t work – you should receive another HTTP 404 error. 7. Check OMA configuration on the front-end server by viewing the Web Service Extensions in IIS Manager. You will notice that Asp.net is prohibited on the front-end server.

Appendix A: Lab Guidance

7

8. Allow asp.net. 9. Verify that you can now connect to http://miami/oma as nwtraders\ramaniyer. Exercise 3: Troubleshooting Solutions When a User Cannot Log On to Outlook Web Access In this exercise, Hanying Feng cannot access his mailbox using OWA. To resolve the problem in this scenario: 1. On Miami, attempt to connect to Hanying Feng’s mailbox by using OWA against the front-end server (http://miami/exchange). You should get an error. 2. On Miami, attempt to ping London by IP address and host name. Neither works. 3. From Miami, try connecting to OWA on the back-end server, London. In this case, OWA should not work on the back-end server. 4. Check the security configuration – Internet Protocol Security (IPSec) policy is configured on London but not on Miami. To access IPSec policy information on London, open the Default Domain Controller Security Settings console. To access this information on Miami, open the Local Security Policy console. 5. Export the policy configuration on London to a location that you can access from Miami, such as a shared folder on the host computer. 6. On Miami, import the security policy to ensure that Miami has the same settings as the London policy. This policy includes the need to require security for all IP traffic, the need to use a pre-shared key P@ssw0rd, and the need to configure a filter action set to Require Security. Modify the imported Exchange policy to use a destination address of 192.168.1.1 instead of 192.168.1.2. Apply and then assign the policy. 7. Open Microsoft Internet Explorer on Miami and connect to http://miami/exchange. Log on as nwtraders\hanyingfeng. If you cannot log on to OWA on Miami, connect to http://london/exchange and log on as nwtraders\hanyingfeng. This should be successful. Restart Internet Explorer and connect to http://miami/exchange again; this should be successful.

8

Appendix A: Lab Guidance

Unit 5: Troubleshooting Client Connectivity
Lab: Troubleshooting Client Connectivity Problems
Exercise 1: Outlook Express User Unable to Send E-Mail to the Internet In Exercise 1: Chris Gray is unable to use Outlook Express to send or receive e-mail from an Internet recipient. To resolve the problem in this scenario: 1. Log on to Acapulco as nwtraders\chrisgray and configure Outlook Express for secure SMTP and secure IMAP4. This includes configuring the account to require authentication for the outgoing mail server. 2. On London, verify that SMTP is running. If it is not running, start SMTP service. 3. On London, verify that SMTP virtual server is configured to use SSL. It should not. 4. Create a new IP address for London’s local area network (LAN) connection, and then create another SMTP virtual server for SSL that uses the new IP address. You can create additional IP addresses depending upon the student configuration used; use any 192.169.1.x address not already in use in the class. One SMTP virtual server with SSL is needed for client-to-server communication and another SMTP virtual server (without SSL) is needed for server-to-Internet communication. Install a new certificate on London to be used by the new virtual server for SSL communications. Start the new SMTP virtual server if it does not start automatically. 5. From Acapulco, attempt to ping London to verify DNS resolution and that the route exists between the client and the server. This should be successful. 6. Verify that Chris Gray has the proper protocol permissions for the user account. 7. Verify that the IMAP4 virtual server is running. It should not be running, so start the IMAP4 virtual server. 8. Verify that the IMAP4 virtual server is configured to require SSL. It should not be configured to require SSL. Configure the IMAP4 virtual server to use SSL. 9. Verify that Chris can now send and receive messages to and from Internet recipients by sending e-mail to a mail user on Vancouver using an @contoso.msft e-mail address. The message should be delivered, as should a reply to Chris.

Appendix A: Lab Guidance

9

Exercise 2: Outlook Express User Unable to Connect to Exchange Server 2003 Server

In this exercise, Alex Hankin is receiving a “The connection to the server has failed” error message. To resolve the problem in this scenario: 1. Log on to Acapulco as nwtraders\alexhanki and configure Outlook Express for secure SMTP and secure IMAP4. This includes configuring the account to require authentication for the outgoing mail server. 2. Verify that SMTP is running. 3. Attempt to ping London by using the host name. Note that the address resolved is incorrect and London should not respond. 4. Using the DNS administrator, correct the IP address of London. London’s correct IP address is 192.168.1.1. 5. Verify that Alex Hankin has the proper protocol permissions for the user account. 6. Verify that the IMAP4 virtual server is running. It should not be running. Start the IMAP4 virtual server. 7. Verify that Alex can access his mailbox by using Outlook Express. Send a test message to another user and then use OWA or Outlook Express to verify receipt of the e-mail. You may need to use ipconfig/flushdns on Acapulco to flush the previously cached, incorrect London IP address.

Exercise 3: New Outlook User Unable to Open His Mailbox

In this exercise, Gary Schare is unable to open his mailbox using Outlook 2003. To resolve the problem in this scenario: 1. Log on to Acapulco as nwtraders\garyschar and configure Outlook 2003. It can take as long as 20 minutes to log on, and then Outlook 2003 may appear to hang during configuration. 2. Verify that IP configuration on the client is correct. 3. Attempt to ping London by using the host name. Note that the address resolved is incorrect and London should not respond. 4. Using the DNS administrator, verify that the IP address for London is correct. The correct address is 192.168.1.1. 5. Attempt to ping London by using the host name. Note that the address resolved is still incorrect and London should not respond. 6. Check the hosts and lmhosts files located in the C:\Windows\system32\drivers\etc folder on Acapulco. Note that the hosts file reflects an incorrect address for London. Correct the address in the hosts file. You should either log on to Acapulco as nwtraders\administrator or use London to access the C$ share in order to modify the file. 7. Verify that Gary Schare can now open his Outlook 2003 mailbox and that he can send mail to another user on London. Use OWA or Outlook Express to verify receipt of the e-mail.

10

Appendix A: Lab Guidance

Unit 6: Troubleshooting Server Connectivity
Lab: Troubleshooting Server Connectivity Problems
Before starting this lab, you must create a new routing group and move Miami into the routing group using the procedure described at the beginning of the lab. Exercise 1: Troubleshooting Solutions When Users Cannot Send Messages between Routing Groups In this exercise, Annette Hill (annettehill) is unable to send messages from her mailbox on London to Michael Allen on the Miami server. To resolve the problem in this scenario: 1. From the London server, connect to Annette Hill’s mailbox on London by using OWA. 2. From the Miami server, connect to Michael Allen’s mailbox on Miami by using OWA. 3. Attempt to send a message from Annette to Michael. Verify that no message is received by Michael. 4. Message tracking was enabled in Unit 1. If you have not already enabled message tracking, enable it now and then resend a message from Annette to Michael. 5. In Exchange System Manager, track the message in the Message Tracking Center. Notice that the message is “routed and queued for remote delivery.” The server location should indicate that the message is still on London, which is the bridgehead server. 6. Attempt to Telnet to Miami on port 25. Telnet should be successful. 7. Check the queues on London—one of the SMTP queues should have the message stuck in it. This means that the queue is backed up. 8. Check routing group connector configuration. Notice that no routing group connector exists, so you need to create one in each direction. 9. Confirm that you can now send messages from Annette’s account to Michael. Exercise 2: Troubleshooting Solutions When Users Cannot Send Messages to the Internet In this exercise, Gustavo Camargo (gustavocamar) is unable to send messages to an Internet recipient. You must use Vancouver to simulate an Internet host. To resolve the problem in this scenario: 1. Connect to Gustavo Camargo’s mailbox on London by using OWA and his nwtraders\gustavocamar Active Directory account. 2. Try sending e-mail from Gustavo to administrator@contoso.msft Use Outlook 2000 on Vancouver to verify that the message is not delivered. 3. London is both the sender’s mailbox server and the bridgehead server, so you know that messages are being delivered to the bridgehead server. 4. Attempt to Telnet to Vancouver using port 25. Telnet should be successful. 5. Check SMTP virtual server configuration. Notice that in the Advanced Delivery settings of the Delivery tab an invalid external DNS address is configured for the SMTP virtual server. 6. Delete the invalid DNS address and then restart the SMTP virtual server. 7. Confirm that you can now send messages from Gustavo to the Contoso Administrator.

Appendix A: Lab Guidance

11

Exercise 3: Troubleshooting Solutions When Users Cannot Receive Messages from the Internet

In this exercise, Angela Barbariol (angelabarba) is unable to receive messages sent from Internet users to the SalesRequests distribution group. You must use Vancouver to simulate an Internet host. To resolve the problem in this scenario: 1. Connect to Angela Barbariol’s mailbox on London by using OWA. 2. On Vancouver, open the Administrator’s mailbox by using Outlook 2000 and send a message to the distribution group salesrequests@nwtraders.msft. Notice that the message is not delivered to Angela’s mailbox; you should receive an NDR in the Administrator’s mailbox. 3. View SalesRequests’ Active Directory properties and confirm the e-mail addresses and group membership. The e-mail addresses and membership should look correct. 4. From Vancouver, attempt to ping London’s IP address and host name. London should respond to ping. 5. From Vancouver, verify that nslookup indicates an MX record for London when querying for nwtraders.msft. The MX record should appear to be configured correctly. 6. From Vancouver, attempt to open a Telnet session to London on port 25. Telnet should be successful. 7. From London, check the SMTP virtual server properties and the SMTP Connector properties. The properties should appear to be configured correctly. 8. On London, check Global Settings. Note that the Recipient filtering tab in the Message Delivery properties indicates that salesrequests@nwtraders.msft is a blocked recipient. 9. Remove the distribution group from the recipient list and then restart the SMTP virtual server on London. 10. Confirm that you can send e-mail to salesrequests@nwtraders.msft from Vancouver and that Angela receives the message.

12

Appendix A: Lab Guidance

Unit 7: Troubleshooting Server Performance
Lab: Troubleshooting Server Performance
Exercise 1: Address Resolution and Address Lookups Are Very Slow In this exercise, Paul West reports that address resolution and address lookups are very slow using Outlook 2003. To resolve the problem in this scenario: 1. Configure the Performance console to monitor London using counters described in this unit’s text for the processor, memory, physical disk, and network interface. Start the monitor. Notice the high CPU utilization. London should be consistently 100% utilized. 2. Check for scheduled applications or services running at inappropriate times. The strCPU service is running, but it is not set to automatic. You should note that strCPU is not a service used by the operating system or Exchange. 3. Check the Task Manager. The executable manythreads.exe is consuming most of the CPU resources. You should note that manythreads.exe is not part of the operating system or used by Exchange. 4. Stop the strcCPU service or end the manythreads.exe process. 5. Verify that London has returned to normal performance levels by the Performance console. Exercise 2: Outlook Is Very Slow When Retrieving a Message from Exchange In this exercise, Pete Male is complaining that Outlook is very slow when he tries to send messages. To resolve the problem in this scenario: 1. Configure the Performance console to monitor London using counters described in this unit’s text for the processor, memory, physical disk, and network interface. Start the monitor. Notice the high RAM utilization. 2. Check for scheduled applications or services running at inappropriate times. The strRAM service is running, but it is not set to automatic. You should note that strRAM is not a service used by the operating system or Exchange. 3. Stop the strRAM service. 4. Verify that London has returned to normal performance levels by using the Performance console.

Appendix A: Lab Guidance

13

Exercise 3: Multiple Users are Unable to Open Their Mailboxes Using Outlook

In this exercise, several users, including Max Benson, are experiencing delays when trying to open their mailboxes and also when trying to send messages to others on the network. It is very important that you do not stop the script for this exercise. The command prompt window will remain open, and it may be 10 minutes or longer before the script completes. You can minimize the window so that it will not be in your way while you troubleshoot. To resolve the problem in this scenario: 1. Configure the Performance console to monitor London using counters described in this unit’s text for the processor, memory, physical disk, and network interface. Start the monitor. Notice the high disk utilization. 2. Check for scheduled applications or services running at inappropriate times. There are none. 3. Check for available disk space. The server is running out of disk space. 4. Stop the script. Note that if the script is allowed to run continuously, London will run out of disk space, causing Exchange services to fail.

14

Appendix A: Lab Guidance

Unit 8: Troubleshooting Security Issues
Lab: Troubleshooting Exchange Security
When using OWA on London to test messaging functionality, you may occasionally get a 503 error. In most cases, just refreshing the screen will load OWA. If this doesn’t work, log on to OWA as Administrator and then log on as the user. Exercise 1: Troubleshooting Solutions When Users Cannot Send and Receive Encrypted E-Mail In this exercise, Eric Parkinson (ericparki) and Fernando Caro (fernandocaro) are unable to send and receive encrypted e-mail. To resolve the problem in this scenario: 1. On Acapulco, log on as Eric Parkinson and create an Outlook profile for Eric. Start Outlook. 2. On London, start Outlook Express and create an IMAP4 account for Fernando Caro. 3. Send an unsecured message from Fernando to Eric and vice versa. This should work correctly. 4. Attempt to send an encrypted message from Eric to Fernando. You should receive an error stating that you cannot send a secure message because you do not have a certificate. 5. Use the Certificate Authority procedure at the beginning of the lab to request and install a certificate for Eric. 6. Attempt to send a signed message from Eric to Fernando. The message should be delivered correctly. In Outlook Express, add Eric to Fernando’s Contacts list. 7. Attempt to send a signed message from Fernando to Eric. You should receive an error stating that you cannot send a secure message because you do not have a certificate. 8. Use the Certificate Authority procedure at the beginning of the lab to request and install a certificate for Fernando. 9. Attempt to send a signed message from Fernando to Eric. The message should be delivered correctly. In Outlook, add Fernando to Eric’s Contacts list. 10. Verify that Eric and Fernando can now exchange secure e-mail by sending an encrypted and signed message from Eric to Fernando and vice versa. The messages should be delivered.

Appendix A: Lab Guidance

15

Exercise 2: Troubleshooting Solutions When Users Cannot Connect to Exchange Using RPC over HTTP

In this exercise, Judy Lew (judylew) is unable to connect to her Exchange server using RPC over HTTP. To resolve the problem in this scenario: 1. On Acapulco, log on as judylew and open Outlook. An Outlook profile for Judy Lew has already been created. Use the Outlook Connection Status feature to see that Outlook is connecting to Exchange using TCP/IP. 2. Close Outlook. 3. Use the Lab Toolkit resources for RPC/HTTP to verify that the server is configured correctly. The server should be configured correctly. 4. Check Judy’s Outlook profile. Notice that the profile is configured to use NTLM authentication, and to use HTTPS only on slow networks. Modify the profile to use Basic authentication, and to use HTTPS on fast networks. 5. Open Outlook and use the Outlook Connection Status feature to see that Outlook is connecting to Exchange by using HTTPS, which verifies RPC/HTTP.

Exercise 3: Troubleshooting Solutions When Users Cannot Send or Receive Internet E-Mail

In this exercise, Deb Waldal (debwalda) is unable to receive e-mail from the Internet. To resolve the problem in this scenario: 1. On Vancouver, open the Administrator’s mailbox by using Outlook. 2. On London, open Deb Waldal’s mailbox by using OWA. 3. Send a message from Deb to administrator@contoso.msft and vice versa. The message to administrator@contoso.msft should be delivered, but the message to Deb should not be delivered. 4. On Vancouver, the Administrator mailbox should receive an NDR that says “Unable to deliver message due to a communications failure.” Notice that in the NDR is an indication that the connection needs Starttls. 5. On London, check the default SMTP virtual server properties. The Access tab’s Communication properties are set to require SSL. Clear the check box so that London no longer requires SSL and then restart the SMTP server. 6. Verify that the problem is solved by attempting to send a message from administrator@contoso.msft to debwalda@nwtraders.msft. The messages should be delivered.

16

Appendix A: Lab Guidance

Unit 9: Troubleshooting the Migration to Exchange 2003
Lab: Troubleshooting the Migration to Exchange 2003
Exercise 1: Troubleshooting Solutions When Users Cannot Access Their Mailboxes In this exercise, Salman Mughal (salmanmugha) is unable to access his mailbox. To resolve the problem in this scenario: 1. On Vancouver, log on as nwtraders\salmanmugha and create an Outlook profile for Salman Mughal’s mailbox on Vancouver. You should receive an error saying that the user does not have permission to log on. Log off of Vancouver. 2. On Vancouver, log on as Contoso\administrator and confirm that the Exchange services are running. 3. In Exchange Administrator, check the permissions on Salman’s Exchange 5.5 mailbox. The primary Microsoft Windows NT® account is contoso\salmanmugha. If the SIDHistory attribute was migrated during the account migration, Salman should be able to access the mailbox. 4. On London, check Salman’s Active Directory account in NWTraders.msft to see if the SIDHistory attribute is populated. The attribute is not populated. 5. On Vancouver, modify Salman’s mailbox properties to use nwtraders\salmanmugha as the primary NT account. Log off of Vancouver. 6. On Vancouver, log on as nwtraders\salmanmugha and open Outlook. This should confirm that Salman can access his Exchange 5.5 mailbox using his Active Directory account. Note In some cases, you will not be able to access the mailbox until the Exchange Directory Service updates the permissions on the mailbox. You can force an immediate update by stopping and restarting the Directory Service on Vancouver. Exercise 2: Troubleshooting Solutions When Users Cannot Receive Internet E-Mail In this exercise, Tawana Nusbaum (tawananusba) and Rebecca Laszlo (rebeccalaszl) are not receiving e-mail from the Internet. To resolve the problem in this scenario: 1. Use the Telnet commands listed at the beginning of this exercise to confirm that you cannot send e-mail to tawananusba@contoso.msft. Note that because Vancouver is no longer considered external to Northwind Traders, you cannot use Vancouver to verify Internet connectivity. 2. Use the Telnet commands to confirm that you cannot send e-mail to rebeccalaszl@contoso.msft through London to her mailbox on Vancouver. 3. Check Tawana Nusba’s e-mail addresses in Active Directory Users and Computers. She should not have a contoso.msft address. Manually add the contoso.msft address. 4. Attempt to send e-mail to tawananusba@contoso.msft using Telnet commands. The message should not be delivered.

Appendix A: Lab Guidance

17

5. To fix the problem, you must configure Northwind Traders and Contoso to share the contoso.msft SMTP domain name. These steps are described in the Lab Toolkit resource “Configuring a Shared SMTP Address Space” and include creating a recipient policy and configuring an SMTP connector as described in the following two steps. 6. On London, create a Recipient policy for the contoso.msft domain name. Ensure that the organization is not authoritative for the domain. 7. On London, configure an SMTP connector with an address space of Contoso.msft to route messages between the two organizations. Ensure that the SMTP connector is configured to relay messages for the domain. 8. Attempt to send e-mail to tawananusba@contoso.msft using Telnet commands against the London server. The message should be delivered correctly. 9. Attempt to send e-mail to rebeccalaszl@contoso.msft using Telnet commands against the London server. The message should be delivered correctly. 10. On London, open Tawana’s mailbox using OWA and confirm that the e-mail was delivered. Try sending a message to rebeccalazl@contoso.msft. 11. On Vancouver, log on as nwtraders\rebeccalaszl and then open Outlook. Confirm that Rebecca Laszlo received the e-mail from Tawana and that she can send to Tawana. Exercise 3: Troubleshooting Solutions When Users Cannot Send E-Mail to Some Recipients In this exercise, Richard Carey is unable to send e-mail to his co-worker Jim Kim. He can send and receive e-mail to and from other co-workers, including his co-worker Lynn Tsoflias. To resolve the problem in this scenario: 1. On Vancouver, log on as nwtraders\richardcarey and then open Outlook. 2. Attempt to send e-mail to Lynn Tsoflias. Reply to the e-mail in the Inbox from Jim Kim. Try to send an e-mail to Jim by typing Jim Kim in the To box. 3. On London, open Lynn’s mailbox using OWA. Verify that the message is delivered. 4. On London, open Jim’s mailbox using OWA. Jim should not have received either message. 5. On Vancouver, log on as contoso\administrator and open Exchange Administrator. Confirm that both Jim and Lynn are custom recipients and that they are configured in the same way. Log off of Vancouver. 6. On Vancouver, log on as nwtraders\richardcarey and open Outlook. Check Richard Carey’s Contacts folder. There should be a contact for Jim that contains an incorrect e-mail address. Delete the contact for Jim, or modify the e-mail address. 7. To reply to the message in the Inbox, click Reply, and then search the GAL for Jim’s account. 8. Attempt to send e-mail to Jim from Richard’s Outlook client. The message should be delivered correctly.

18

Appendix A: Lab Guidance

Unit 10: Troubleshooting an Exchange Server 2003 Organization
There are no hands-on labs for this unit. You will participate as a class in a final challenge consisting of six scenarios. In each scenario, you will troubleshoot the virtual environment by asking the trainer questions and explaining what tasks you would like to perform to try and resolve the scenarios. It is up to you to request more information and up to your trainer to decide what the response should be to each of your questions. Read through all six scenarios before beginning. Scenario 1: David Campbell is unable to access his e-mail from his new laptop. The laptop has the lab DNS settings, which have the wrong IP addresses for production servers. If you try to ping any servers, the trainer will respond that you received responses, but the IP addresses do not look correct in the return responses. This happens because the lab has different settings for its environment that do not map to the production environment. Once you identify that the DNS settings for TCP/IP are incorrect, David’s Outlook 2003 should start working, assuming you try it after making the changes. Scenario 2: Ben Smith is unable to access his mailbox after starting up his laptop. The problem is that Ben’s laptop cable is loose. He should experience intermittent connectivity during ping testing and all other student testing. The trainer should play the part of Ben and often say “No, no response,” and then say, “Hey, it just worked,” and then, “Nope, it isn’t working again.” This will be very confusing and frustrating, and it should encourage you to drop back to the basics and verify that the network cable is plugged in properly. Remember that Ben is a vice president. He probably should have been bumped ahead of David Campbell. Scenario 3: Janet Sheperdigian’s Outlook Express client is not properly configured to use SSL to protect traffic transmitted between her messaging client and the Exchange server. Janet is unable to connect to Exchange using SSL with SMTP because there is only a single SMTP virtual server on the Exchange server. If you try to reconfigure it, the trainer should respond, “Well, now the Exchange team is getting flooded with calls about people unable to send e-mail to the Internet from the Vancouver office.” You must create a new SMTP virtual server and implement SSL on it. SSL also needs to be implemented on IMAP4 or POP3, depending on whichever you determine Janet is using. If you do not ask about IMAP4 or POP3, the trainer should tell you that the auditor has re-tested and is still able to capture e-mail to Janet. Scenario 4: H. Brian Valentine is unable to access his e-mail using OWA. Brian’s statement about being able to use it last week is misleading. The problem is that Brian is not entering “https” when trying to connect to the OWA server. If you ask to ping the OWA server, the trainer should respond that the server gave “Request timed out” messages. Pinging by name should resolve to the correct IP address. However, there should be no responses from the server. Pinging by IP should also give a request timed out message. If you ask during the scenario about firewalls or Internet Security and Administration (ISA) servers, the trainer should respond that all OWA servers are protected by ISA servers. By default, ISA does not allow Internet Control Message Protocol (ICMP) from the Internet to internally published sources.

Appendix A: Lab Guidance

19

Scenario 5: Jeff Hay is unable to send encrypted e-mail to Tai Yee. Tai is not a member of Jeff’s company; Tai is an employee of another company. The problem is that Tai never sent a digital certificate to Jeff, so Jeff is unable to send an encrypted message to Tai. Scenario 6: Scott Bishop is experiencing poor performance when using Outlook to connect to his mailbox. The problem is that the Exchange server that holds Scott’s mailbox is overloaded. You may not have noticed that the Change Management Log states that one of the Exchange servers in London was shutdown and all mailboxes were moved to other servers. With the additional load, the Exchange server that Scott is on has become overloaded and is extremely slow in its responses. If you have difficulty with these scenarios, feel free to review the flow charts from the previous units and to ask for help from your classmates. Do not feel the need to rush. Take time to think for a few minutes.

THIS PAGE INTENTIONALLY LEFT BLANK

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
What Is a Workshop?
The workshop is designed as a hands-on learning activity. It addresses a particular business or technical problem and its solution. As such, a workshop can be designed to familiarize a beginning audience with the basic implementation of a new product or an expert audience to optimize their enterprise network for a robust security infrastructure. In a workshop, lecture time is kept to a minimum to give students the maximum opportunity for hands-on, scenario-based labs. The workshop format enables students to reinforce learning by doing and by problem-solving. Workshop components include hands-on labs, resources in the Lab Toolkit, slides, and reference material. Each unit in a workshop is weighted as follows:
Presentation (introduce) Lab (apply) Review (synthesize)

10%

75%

15%

These percentages are a guideline. Some variation is expected based on the content, but students should spend at least 60 percent of each unit concentrating on the hands-on lab.

2

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Workshop Delivery
The lab is the main focus of the workshop. Each lab presents a problem or series of problems that students must solve. Use the slides that precede the lab to orient the student but keep the presentation to a minimum. After you have taught the workshop a few times, you may identify topics that typically give students some trouble. If appropriate, present a resource from the Lab Toolkit before the lab to prepare them for those possible problem areas. The labs in a workshop are designed to allow students to explore several options for completing complex tasks. As a result, students may require more assistance than they do with a prescriptive lab activity. If most of the students get stuck on a step or procedure, be prepared to pause the lab and demonstrate the procedure or concept to the entire class. If most of the students are struggling with the lab, you might find it valuable to perform the steps as a class, but allow students to continue working on their own if they choose. Check the students’ progress periodically during the lab. You might find it useful to establish protocols for students to alert you when they have questions and when they are finished with the lab. For example, you might create additional tent cards or adapt existing ones so student can turn to the “need help” side or the “lab complete” side. You can also give each student different colored notes to signal that they need help or that they have completed the lab. Some students may leave the room after they finish the lab while other students are still working. Therefore, identify a time to reconvene in the room so you can decide if you need to extend the lab period or move on to the next unit. After the lab, there is usually a designated time to discuss the results of the lab. Answer the questions that were posed during the lab. When there are several ways to complete the lab, ask the students which method they used and why. Be prepared to discuss the advantages and disadvantages of each decision, both from a technical and business perspective. If the students do not demonstrate mastery of the important concepts, review the relevant resources in the Lab Toolkit until you are satisfied that they understand.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

3

Delivery Strategies
One of the biggest challenges with a workshop is that attending students may have a wide range of skills and learning styles. It is very likely that some students will complete the labs in minimal time while other students may struggle with basic concepts and may never actually finish a lab. Some students will be uncomfortable with labs that do not tell them how to do every step. This section gives you some suggestions for dealing with various classroom situations. If you have other techniques and successes, please share them with other trainers on the Microsoft® Certified Trainer (MCT) forums at Microsoft.private.mct.trainer.preparation. You can find instructions on how to access the forums on the MCT private Web site. Screening student ability The introductory lab in Unit 1 has several purposes. The obvious objective is to familiarize the students with the Lab Toolkit and the resources in the Lab Toolkit. Other objectives helping students get into the troubleshooting frame of mind and to establish a workshop atmosphere where students feel free to communicate openly with their peers and the instructor. This unit also gives you a chance to screen the students. If students cannot complete the minimal lab instruction they are given in Unit 1 on their own, they may have a difficult time succeeding in the workshop format. In an average class, some students will probably finish the lab long before others. Some students will need to use every resource in the Lab Toolkit while others may only need one or two. You might suggest that the most advanced students try to complete the lab by just looking at the service request and only referring to the lab instructions if they get stuck. In some workshops, there will be additional challenge material and “if time permits” activities to accommodate students who finish faster. Most workshops will include additional reading on the Student Materials compact disc that contains information that is beneficial but too detailed to be placed in the Lab Toolkit. For students who finish early, suggest that they explore the additional reading because they will probably be too busy after they return to the office. Guiding students through the lab If most of the students do not meet the prerequisites, they may have a difficult time with labs that assume a lot of prior knowledge and do not provide detailed steps. In this situation, guide them through the entire lab rather than presenting the introductory slides and having them complete the labs at their own pace. Read the service request as a group and note the technical issues that may come up during troubleshooting. Then, discuss strategies to resolve the problem. Instead of waiting to answer the lab questions at the end of the lab, answer each question as you complete the steps. When there are multiple ways of completing a task, you may need to guide the students to pick the optimal solution. In cases where there is no single best way, you might decide to split the class into two groups and have half do it one way and half the other way. If conducting the workshop this way takes too much time, you may need to incorporate the introductory slides into the lab. For example, rather than lecture about DNS stub zones before students start the lab, wait until the group reaches that step and then discuss it just before they work on that task.

Dealing with advanced students

4

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Adapting to different skill levels

If only some of the students meet the prerequisites, you may have a difficult time balancing the needs of all students. You can have more experienced students sit next to less experienced students and give the more experienced students a brief tutorial on how to be a good mentor. For example, you can advise them to:
! ! !

Guide their partners, but not do the work for them. Let their partners make mistakes because they will learn more. Try to summarize the material from the resources in the Lab Toolkit for their partners without divulging the answers to the questions.

If pairing students with mentors is impractical because of ratios or personalities, you can group the remedial students together and guide them through the labs as a group, as described previously. Allow the advanced students to perform the labs at their own pace and to participate in the remedial discussions as they like. Adapting to different learning styles Some learners enjoy the challenge of starting an activity and learning about it as they go. Other learners may be reluctant to begin without knowing all the necessary information. These learners may be uncomfortable with the basic workshop format. You can adapt the format to their learning style by suggesting that they read and perform all the resources in the Lab Toolkit before they begin the lab. These students may not be able to finish every lab step, but they may feel that they have acquired the knowledge they need to do the steps in the future.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

5

About This Workshop
This section provides you with a brief description of the workshop, audience, suggested prerequisites, objectives, and strategies for delivering this workshop. Description This workshop is designed as a 300 level, three-day, instructor-led workshop. This workshop is targeted at current Exchange administrators with one or more years of messaging and network experience. The workshop will focus exclusively on the troubleshooting skills and objectives that align with Exam 70-284: Implementing and Managing Microsoft Exchange Server 2003. The labs are a series of problem-centered scenarios that required students to use troubleshooting flow charts to identify and resolve problems. This workshop is targeted to the Systems Engineer already skilled in Microsoft Exchange Server 2003 support tasks. Students should have a 300 skill level as an Exchange administrator and have one or more years of messaging and network experience supporting Exchange Server. The workshop format is also intended for students who learn best by doing. This workshop requires that students meet the following prerequisites:
!

Audience

Student prerequisites

Complete Course 2400, Implementing and Managing Exchange Server 2003.  or  Complete Course 2009, Upgrading Your Skills from Exchange Server 5.5 to Exchange Server 2003. One or more years of messaging and network experience supporting Exchange Server.

!

!

Workshop objectives

After completing this workshop, the student will be able to:
!

Apply knowledge of a troubleshooting methodology to identify and resolve a problem. Identify and resolve network connectivity problems and problems arising from host resolution protocols. Identify and resolve problems with public folders and mailboxes.

!

!

Identify and resolve front-end server and back-end server issues that cause problems with Microsoft Outlook® Web Access (OWA).
!

Identify and resolve problems with Internet protocol virtual servers such as SMTP, IMAP, and POP. Identify and resolve connectivity problems between servers running Exchange Server 2003, between Exchange Server 2003 and other messaging systems, and problems with relay configurations. Identify and resolve problems with bandwidth, services, database corruption, service failures, disk space, and other server performance problems. Identify and resolve encryption and digital signature issues and problems caused by viruses.

!

!

!

6

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
!

Identify and resolve problems related to migrating from Exchange Server 5.5 to Exchange Server 2003. Apply knowledge of troubleshooting methodology to create a troubleshooting strategy and identify the appropriate tools, processes, and procedures for each step of the strategy.

!

Required materials

To teach this workshop, you need the following materials:
! !

Student Workbook Trainer Materials compact disc

Preparation tasks

To prepare for this workshop, you must:
!

Complete the Workshop Preparation Checklist that is included with the trainer materials.

Workshop design

The overall strategy for this workshop combines the lab-centric requirement of workshops with a problem-based learning methodology. Labs will provide hands-on learning activities guided by scenarios that are relevant to the Exchange administrator job role. During these labs, students can access a variety of support resources (such as procedures, annotated screen shots, and links to Exchange Server 2003 Help documentation) to help them complete the lab exercises. The topics that precede the lab will provide information designed to help prepare students succeed in the lab. A common approach for the design and selection of these topics is that the key to troubleshooting is understanding how things should work. As a result, the preparation topics will focus on the process of how a particular Exchange component or messaging functionality works.

Lab scenarios
The workshop-wide scenario will imitate a fictitious help-desk organization that has just hired the student (who is currently an experienced Exchange administrator) to perform Tier-3 help-desk support tasks in a Windows Server 2003- and Exchange Server 2003-based environment. This approach will provide the context for the workshop to present troubleshooting scenarios. The online toolkit resources will be used to implement the workshop-wide scenario in each learning unit. To implement a problem-based learning methodology for this workshop, a service request will provide the information (such as symptoms, configuration information, and so on) necessary for the student to troubleshoot the problem. In each lab, students will use the information in the service request and a troubleshooting flow chart printed in the workshop manual to diagnose and, whenever possible, fix the problem. Toolkit resources will be mapped and associated to the relevant step in the troubleshooting flow chart and will provide students with “just-in-time” help during that specific point in the troubleshooting process. Important Because service request information is often misleading or incorrect in real-world scenarios, there are some places where misleading or incorrect information is provided to the student.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

7

Pre-lab activity
In the first part of each lab, the instructor reviews the first service request with students and asks students their approach to identifying the problem. The instructor should note students’ recommendations on the whiteboard. Then the students perform the lab. After the lab is complete, the instructor can use the information generated from the pre-lab activity and the lab results to facilitate the discussion during the lab review.

Lab reviews
Each lab will be followed by review of the lab exercises, which is facilitated by the instructor. The instructor can use Appendix A, “Lab Guidance,” to guide students through the “correct” path through the troubleshooting flow chart. The lab review should:
! ! ! !

Identify what each step in the flow chart accomplishes during the process Generate an understanding for the flow of troubleshooting steps Discuss the tools used during the lab Compare the pre-lab recommendations with the actual lab to generate recommendations and student-generated best practices

During this review, the instructor should elicit feedback from students and generate discussion about the students’ experience during the lab (such as what they did right and what they did wrong). The lab review can also contain links or references to additional information (such as Knowledge Base articles, white papers, Exchange help docs, and so on) that pertain to the unit objective.

8

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Workshop Timing
The following schedule is an estimate of the workshop timing. Your timing may vary. Every student may not finish every lab. Use your judgment to set a reasonable time to move on to the next unit.

Day 1
Start 9:00 9:30 9:45 10:45 11:00 11:15 12:00 1:00 2:30 2:45 3:00 4:15 End 9:30 9:45 10:45 11:00 11:15 12:00 1:00 2:30 2:45 3:00 4:15 4:30 Unit Introduction Unit 1: Introduction to Troubleshooting Exchange Server 2003 Lab: Exploring the Troubleshooting Environment Break Unit 2: Troubleshooting Network Connectivity Lab: Troubleshooting Connectivity Problems Lunch Lab: Troubleshooting Connectivity Problems (continued) Break Unit 3: Troubleshooting Public Folders and Mailboxes Lab: Troubleshooting Public Folder and Mailbox Problems Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access

Day 2
Start 8:30 9:00 10;00 10:15 11:45 12:45 1:00 2:00 2:15 3:15 3:30 End 9:00 10:00 10:15 11:45 12:45 1:00 2:00 2:15 3:15 3:30 5:00 Unit Day 1 review Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems Break Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access Problems (continued) Lunch Unit 5: Troubleshooting Client Connectivity Lab: Troubleshooting Client Connectivity Problems Break Lab: Troubleshooting Client Connectivity Problems (continued) Unit 6: Troubleshooting Server Connectivity Lab: Troubleshooting Server Connectivity Problems

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

9

Day 3
Start 8:30 9:00 9:15 10:15 10:30 10:45 12:00 1:00 1:45 2:00 2:15 3:45 End 9:00 9:15 10:15 10:30 10:45 12:00 1:00 1:45 2:00 2:15 3:45 4:30 Unit Day 2 review Unit 7: Troubleshooting Server Performance Lab: Troubleshooting Server Performance Break Unit 8: Troubleshooting Security Issues Lab: Troubleshooting Exchange Security Lunch Lab: Troubleshooting Security Issue Problems (continued) Unit 9: Troubleshooting the Migration to Exchange 2003 Break Lab: Troubleshooting the Migration to Exchange 2003 Unit 10: Troubleshooting an Exchange Server 2003 Organization

10

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Trainer Materials Compact Disc Contents
The Trainer Materials compact disc contains the following files and folders:
!

Autorun.exe. When the compact disc is inserted into the compact disc drive, or when you double-click the Autorun.exe file, this file opens the compact disc and allows you to browse the Student Materials or Trainer Materials compact disc. Autorun.inf. When the compact disc is inserted into the compact disc drive, this file opens Autorun.exe. Default.htm. This file opens the Trainer Materials Web page. Readme.txt. This file explains how to install the software for viewing the Trainer Materials compact disc and its contents and how to open the Trainer Materials Web page. 2011a_In.doc. This file contains the Instructor Notes for this workshop, which are provided to assist the instructor in delivering this workshop. 2011a_MS.doc. This file is the Manual Classroom Setup Guide. It contains the steps for manually setting up the classroom computers. Powerpnt. This folder contains the PowerPoint slides that are used in this workshop. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this workshop. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

!

! !

!

!

!

!

Pptview. This folder contains the PowerPoint Viewer 97, which can be used to display the PowerPoint slides if PowerPoint 2002 is not available. Do not use this version in the classroom. Setup. This folder contains the files that install the workshop and related software to computers in a classroom setting. Setup includes the Virtual PC differencing drives, which build on base drives provided on the 2400B Trainer Materials DVD. Student. This folder contains the Web page that provides students with links to resources pertaining to this workshop, including additional reading, review and lab answers, lab files, multimedia presentations, the Lab Toolkit, and workshop-related Web sites. Tprep. This file contains the Trainer Preparation Presentation for this course. Review these materials before teaching this course. Webfiles. This folder contains the files that are required to view the workshop Web page. To open the Web page, open Windows Explorer, and in the root directory of the compact disc, double-click Default.htm or Autorun.exe.

!

!

!

!

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

11

Instructor Notes for Unit 0: Introduction
Presentation: 30 minutes The Introduction unit provides students with an overview of the workshop content, materials, and logistics for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003.

How to Teach This Unit
This section describes the instructional methods for teaching this unit. Introduction Welcome students to the workshop and introduce yourself. Provide a brief overview of your background to establish credibility. Ask students to introduce themselves and provide their background, product experience, and expectations of the workshop. Record student expectations on a whiteboard or flip chart for reference later in class. What is a workshop? Use the students’ expectations, discussed in the previous slide, as a lead-in to describe what a workshop is. Emphasize that 75 percent to 80 percent of the time will focus on hands-on activities during the lab. The rest of the time will focus on preparing students for the lab and reviewing how students performed the lab. Briefly demonstrate the Lab Toolkit, highlighting its components and how they will be used during the lab. Tell students that the Lab Toolkit is installed on their student computers in the classroom and is also available on the Student Materials compact disc for use after the workshop. Workshop materials Tell students that everything they will need for this workshop is provided at their desk. Have students write their names on both sides of the name cards. Describe the contents of the student workbook and the Student Materials compact disc. Tell students where they can send comments and feedback on this workshop. Demonstrate how to open the Web page that is provided on the Student Materials compact disc by double-clicking Autorun.exe or Default.htm in the Student folder on the Trainer Materials compact disc. Prerequisites Describe the prerequisites for this course. This is an opportunity for you to identify students who may not have the appropriate background or experience to attend this course. Briefly describe each unit and what students will learn. Be careful not to go into too much detail because the workshop is introduced in detail in Unit 1. Explain how this workshop will meet students’ expectations by relating the information that is covered in individual units to their expectations.

Workshop outline

12

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Demonstration: Using Virtual PC

Prior to performing this demonstration, start 2400_London–Virtual PC. Because London takes several minutes to start, it should be completely started before you begin this presentation. Microsoft now owns Connectix Virtual PC. In this course, students will use Connectix Virtual PC to perform all the hands-on practices. Demonstrate how to use Virtual PC by performing the following procedure: 1. On your desktop, tell students that they can use either the Start menu or their desktop shortcuts to open Connectix Virtual PC. 2. In Connectix Virtual PC, click Miami, and then click Start Up. Mention that, with 1 GB of memory, the students will be able to run two virtual computers at a time, and that starting the third virtual computer will cause performance problems. There are labs in this workshop that require the simultaneous use of three virtual computers. 3. Show the students that the system tray of the host computer contains an icon for Virtual PC. If Virtual PC is running but the window becomes hidden, you can reactivate the window by double-clicking the icon in the system tray. 4. Show the students that the title bar of each virtual PC indicates which server is accessed. 5. Switch to 2011_London–Virtual PC and then log on to London by pressing the ALT key on the right side of the keyboard at the same time you press the DELETE key. Log on as NWTraders\Administrator with a password of P@ssw0rd. Point out that the ALT key on the right side of the keyboard is referred to as both the RIGHT-ALT key and the HOST key in Connectix Virtual PC Help and menus. 6. Demonstrate Full Screen mode by pressing the ALT key on the right side of the keyboard at the same time you press ENTER. Repeat this key sequence to return to a Window view. Tell students that if they have display problems during class, they can use Full Screen mode to improve performance. 7. Point out that the London desktop indicates the word LONDON, and mention that each virtual PC indicates the computer name on the desktop. 8. Switch to Miami and then log on to Miami as administrator by pressing ALT+DELETE. Point out that all accounts in the Microsoft Active Directory® directory service have been preconfigured with a password of P@ssw0rd. 9. Point out that the Miami desktop indicates the word MIAMI. 10. Use ipconfig /all at a command prompt at London, Miami, and the host computer to show the IP addresses configured for each. Use ping to show that London and Miami can ping each other and the host, but not any other computer on the host’s network. For your information, the IP address for London is 192.168.1.1 and the IP address for Miami is 192.168.1.2. The host computers should be configured with an IP address on the same subnet as the virtual PCs.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

13

11. From London, show how to map drive Z to drive C of the host computer. Point out that when the drive is mapped, students can access information stored on the host computer by using this mapped drive, and that they can create additional mapped drives by using the Settings option on the Edit menu of Connectix Virtual PC. 12. Close London and save changes. Close Miami and save changes. Point out that students can choose to either discard or commit their changes when closing Virtual PC, and that in general in this course, they should discard their changes each time they close Virtual PC. Setup Microsoft Official Curriculum Describe any necessary setup information for the course, including course files and classroom configuration. Explain the Microsoft Official Curriculum (MOC) program and present the list of additional recommended learning products. Refer students to the Microsoft Official Curriculum Web page at http://www.microsoft.com/traincert/training/ for information about curriculum paths. Microsoft Certified Professional program Facilities Inform students about the Microsoft Certified Professional (MCP) program, any certification exams that are related to this workshop, and the various certification options. Explain the class hours, extended building hours for labs, parking, rest room location, meals, phones, message posting, and where smoking is and is not allowed. Let students know if your facility has Internet access that is available for them to use during class breaks. Also, make sure that the students are aware of the recycling program if one is available.

14

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Instructor Notes for Unit 1: Introduction to Troubleshooting Exchange Server 2003
Presentation: 15 minutes Lab: 60 minutes Review: 5 minutes Required materials After completing this unit, students will be able to:
! ! !

Configure and prepare servers for basic troubleshooting. Analyze process and data flow in a flow chart. Access and apply information from a service request and other workshop components. Identify a problem and recommend a solution.

!

To teach this unit, you need the unit slides, the student workbook, and the Lab Toolkit. Important It is recommended that you use Microsoft PowerPoint® 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

Preparation tasks

To prepare for this unit, read all the written materials and review the resources in the Lab Toolkit, practice the labs and guided activities, and prepare to facilitate the discussion questions. In addition, you should:
!

Review Module 4, “Managing Recipients,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003. Review Module 7, “Implementing and Managing Client Access with Internet Protocols,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003. Review Module 11, “Managing Data Storage and Hardware Resources,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003. Review the Open Systems Interconnection (OSI) model and be prepared to discuss how it can be used for troubleshooting client/server applications. Prepare to explain to students how to use the toolkit resources.

!

!

!

!

Classroom setup

The information in this section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab.

! Prepare for the lab
• Remind students to run the breaklab1a.bat script in the beginning of the Lab for Unit 1 in the Lab Virtual PC Configuration section.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

15

How to Teach This Unit
This section describes the instructional methods for teaching this unit. Presentation The presentation includes a lot of information. To cover the four presentation slides, you will need to move quickly. The students should already have some background information about the topics in the presentation, so focus on how each of the topics is relevant to troubleshooting. Keep in mind that the slides in this unit are intended to introduce students to troubleshooting and some of the processes used in troubleshooting. Because most Exchange Administrators are not responsible for the network infrastructure, they may feel some frustration in the first two units. Stress to them the importance of understanding the basic networking concepts when troubleshooting an Exchange environment. Point out to the students that even if they are not directly responsible for the network and its components, knowledge of these components can help them rule out network problems without the network team’s assistance in many cases. “Topic 1: Understanding Exchange Server 2003” discusses the various components of an Exchange system and that problems can exist at any level in an Exchange environment. Focus on the troubleshooting aspects for each component. For example, discuss how one mailbox store can be corrupted and others in the same storage group not impacted. Make sure to engage students in the discussion by asking them how they would troubleshoot a problem in each area if they knew the problem existed in that component. For example, ask them how they would troubleshoot a MAPI client problem if they knew it was a client issue and not a server component problem. “Topic 2: Troubleshooting Methodology” discusses two common troubleshooting processes that are used in the industry. Explain to students how vital the process is, and how it can be organized using the OSI model. Walk them through the OSI model on the whiteboard and stress how the model starts at the top of the client using Microsoft Outlook at the application, moves down through the model to the wire (physical layer), across the wire to the server side and up through the model to the Exchange Server 2003 server as the server application. Ask students what they think might be some issues that they could run into at each layer of the OSI model. Also discuss how to use the working system model when it comes to troubleshooting. Use the example of how Outlook Web Access (OWA) works. Explain how you might troubleshoot OWA both at the browser level and at the server level. “Topic 3: Preparing to Troubleshoot Exchange Server 2003” discusses the places where logging and monitoring can be used for troubleshooting. The lab will walk them through most of the processes. However, you might want to demonstrate how to use Netmon to do a capture to see how an OWA client connects to the server and then explain what you captured and how students can replicate it. “Topic 4: Pre-Lab Discussion” is your opportunity to prepare students for the lab. Because the purpose of the troubleshooting exercise in this lab is to introduce students to the service requests, flow charts, and toolkit resources, you should demonstrate for the students how to use the flow chart and the toolkit resources to solve the problem describe in the scenario and service request for the first step or two. Use this page to provide context for the lab and help students better understand the importance of the concepts in this unit when it comes to troubleshooting the lab scenarios.

16

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Lab

The first exercise is the first of what will be many scenarios that are used in all the other units in this workshop. Explain to students that the first exercise is not Exchange related because they are supposed to learn how to use the flow charts and the toolkit resources in this exercise. The problem that you are troubleshooting in Exercise 1 is intentionally simple in order to help students learn how to use the flow chart, and was chosen because most Windows administrators have a great deal of experience with mapping network drives and troubleshooting problems with mapped network drives. Students should follow the steps in the flow chart in order to identify the problem provided in the scenario. It is important that students become comfortable using the flow chart in this exercise because all subsequent exercises in this workshop will incorporate flow charts. Once students identify a problem, they must document their solution. At the end of each lab in this workshop, you will discuss with the class their approach to troubleshooting problems, and their findings during troubleshooting. In the second exercise, students configure logging and monitoring on the computer running Exchange Server 2003 to familiarize themselves with all the logging capabilities they have. Configuration settings will be saved at the end of the lab so that students can continue to use the items that they configure during this exercise. You should also mention that although most labs in this workshop have the students discard changes made to their virtual PC environment, changes in this lab will be saved so that they can continue to use the troubleshooting tools that they configured during Exercise 2. For more information on completing this lab, direct students to Appendix A, “Lab Guidance,” located at the back of the student workbook. If necessary, be prepared to provide desk side assistance to each student during the lab phase of class. You can help students along in their troubleshooting by asking how they would normally test a process or lookup information. You will want to maintain a “study hall” atmosphere within the classroom while students complete the lab. The toolkit resources for this unit include items that are not related specifically to the flow chart for this unit. These items are referenced in the Lab Toolkit resources section of the unit by exercise number. For example, if an item is needed only for Exercise 2, but does not support the flow chart, the Flow Chart Reference column of the table will indicate “Ex 2 only”.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

17

Review

You should review some of the settings and configurations of the different logs and monitoring tools that the students used during the lab. For example, you might ask students how they would configure logging and monitoring in their networks as a standard configuration, and then ask them the same question but with users reporting that Outlook 2003 access to their mailboxes is slower than normal. Use the whiteboard to record the information provided by the students and encourage them to expand on the information that you write. Discuss how the students used the troubleshooting flow chart to determine the root cause of the problem. Walk all students through the flow chart for Exercise 2 in the lab. Ask them to provide feedback on what they found. While going through the flow chart, have students pull out the Toolkit Resources booklet and point out the detailed information. Point out how the Toolkit items are correlated to the flow chart through the reference letters. Discuss how the students tested their solution to the problem and how they knew they were successful in resolving the problem. Make sure students followed the instructions to shut down the Virtual PCs after the lab.

18

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Instructor Notes for Unit 2: Troubleshooting Network Connectivity
Presentation: 15 minutes Lab: 135 minutes Review: 5 minutes After completing this unit, students will be able to:
!

Identify the underlying causes when mail from one server is not received by recipients on another and resolve the problem. Identify the underlying causes when a user cannot connect to a Microsoft Exchange Server 2003 server as a remote user and resolve the problem. Identify the underlying causes when no one in the organization can receive Internet e-mail and resolve the problem.

!

!

Required materials

To teach this unit, you need the unit slides, the student workbook, and the Lab Toolkit. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

Preparation tasks

To prepare for this unit, read all the written materials and review the resources in the Lab Toolkit, practice the labs and guided activities, and prepare to facilitate the discussion questions. In addition, you should:
!

Review Module 7, “Implementing and Managing Client Access with Internet Protocols,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003. Review Module 8, “Managing Client Configuration and Connectivity,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

!

Classroom setup

The information in this section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab.

! Prepare for the lab
• Make sure to remind all students to run the scripts in the beginning of each exercise in the Lab for Unit 2. Follow the directions in the Lab Virtual PC configuration section.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

19

How to Teach This Unit
This section describes the instructional methods for teaching this unit. Presentation This is the first unit where you really start to get into troubleshooting Exchange Server 2003. You need to be very careful and keep the focus on network configuration and network services in this unit as there is another unit later that covers client connectivity. Because most Exchange Administrators are not responsible for the network infrastructure, they may feel some frustration in the first two units. Stress to them the importance of understanding the basic networking concepts when troubleshooting an Exchange environment. Point out to the students that, even if they are not directly responsible for the network and its components, knowledge of these components can help them rule out network problems in many cases and not require the network team’s assistance. “Topic 1: Tools for Troubleshooting Network Connectivity” discusses the various tools available to the students when troubleshooting network connectivity and network services issues. You should explain how these tools are most often used for troubleshooting and what each tool can tell you about whether something works properly. For example, you might talk about how using ping with the host name will tell you that name resolution works if it responds properly. However, you should also tell students that because there is no response that does not mean that the target computer is not working. There might be an intervening firewall or a router that filters out ICMP traffic and thereby preventing student from seeing the response. Explain how to use telnet at the command prompt and how to use Hyper Terminal to connect to nontelnet ports. “Topic 2: Common Network Connectivity Problems” discusses some of the common connectivity issues. Explain that these problems are easy to resolve and provide examples of how you can test for each one. For example, explain how you can use telnet from a computer outside the firewall to test connections through the firewall to an internal system. A good example would be to test port 25 connections and see if they are properly redirected to the computer running Exchange Server 2003 and if a response is provided by the Exchange server. “Topic 3: Pre-Lab Discussion” is your opportunity to prepare students for the lab. You should help students begin to think about the underlying problems that might result in the indicated situations, and document their suggestions on the whiteboard. Use this page to provide context for the lab and help students better understand the importance of the concepts in this unit when it comes to troubleshooting the lab scenarios. Note When using OWA on London to test messaging functionality, you may occasionally get a 503 error. In most cases, just refreshing the screen will load OWA. If this doesn’t work, log on to OWA as Administrator and then log on as the user. You may wish to remind students of this periodically throughout this workshop. In the flow chart, in solution box C, the students are directed to check the network route. You may wish to remind them that this means to check both the physical and logical network connectivity between clients and servers, as well as between servers in the Exchange organization. There is a toolkit resource for verifying routing group connectivity that can be used for this task.

20

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Lab Review

If students have difficulty with the lab, use the flow charts to focus their troubleshooting efforts. If needed, ask them which steps they have completed. If they have gone past the step where they fix the problem, ask them to explain what they found in that step and the step before. This workshop assumes prerequisite knowledge in managing an Exchange Server 2003 environment. If students do not meet the prerequisites, you may need to review some procedures with the students. For more information on completing this lab, direct students to Appendix A, “Lab Guidance,” located at the back of the student workbook. If necessary, be prepared to provide desk side assistance to each student during the lab phase of class. You will want to maintain a “study hall” atmosphere within the classroom while students complete the lab. You should spend some time during the pre-lab discussion, with all student workbooks closed, going over some ways that students would troubleshoot the scenarios covered in the lab. Write their ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab. Discuss how the students used the troubleshooting flow charts to determine the root causes of the problems. Compare the processes of the flow charts to what the students said they would do before the lab. Record on the whiteboard the information provided by the students. Discuss how they would troubleshoot the problem now based on what they learned in the lab. Discuss how the students tested their solutions to the problems and how they knew they were successful in resolving the problems. Make sure students followed the instructions to shut down the Virtual PCs after the lab. Note Sometimes Internet Explorer fails to load all data when connecting to Outlook Web Access. If this happens, remind the students to close and restart Internet Explorer.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

21

Instructor Notes for Unit 3: Troubleshooting Public Folders and Mailboxes
Presentation: 15 minutes Lab: 75 minutes Review: 5 minutes After completing this unit, students will be able to:
!

Identify the underlying causes when a user cannot send Internet e-mail and resolve the problem. Identify the underlying causes when a user cannot receive Internet e-mail to his e-mail address and resolve the problem. Identify the underlying causes when a user is unable to post a message to a public folder and resolve the problem.

!

!

Required materials

To teach this unit, you need the unit slides, the student workbook, which includes the lab flow charts and service request scenarios, and the Lab Toolkit. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

Preparation tasks

To prepare for this unit, read all the written materials and review the resources in the Lab Toolkit, practice the labs and guided activities, and prepare to answer the discussion questions. In addition, you should:
!

Review Module 4, “Managing Recipients,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003. Review Module 6, “Managing Address Lists,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003. Review Module 14, “Performing Preventative Maintenance,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

!

!

Classroom setup

The information in this section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab.

! Prepare for the lab
1. To perform this lab, the students must start the London and Vancouver Virtual PCs using the procedures described in the lab. 2. To create the troubleshooting scenarios, the students must run the Breaklab3.vbs script from the c:\moc\2011\Labfiles\Lab03 directory. This script creates all the error conditions required for the lab.

22

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

How to Teach This Unit
This section describes the instructional methods for teaching this unit. Presentation To cover the four presentation slides in 15 minutes, you will need to move quickly. The students should already have some background information on the topics in the presentations, so focus on how each topic is relevant to troubleshooting. “Topic 1: Troubleshooting Client Connectivity to Mailboxes and Public Folders” discusses the issues that can arise when a user tries to connect to an Exchange server. Focus on the troubleshooting aspects for each topic. For example, discuss if the problem is DNS resolution, what symptoms the user would see, and what you would do to troubleshoot the problem. “Topic 2: Troubleshooting Mailbox and Public Folder Properties” discusses the mailbox and public folder configuration issues that can cause e-mail delivery problems. The students should be familiar with the user interface (UI) where these settings are configured, so avoid demonstrating the UI. The lab scenarios focus on mailbox and public-folder configuration issues, so minimize the time you spend on this topic. Most of your time should be spent addressing the troubleshooting portions of each bullet on the page, which are typically located in the last sentence of each bullet. “Topic 3: Troubleshooting Single Server Message Flow” discusses how e-mail messages flow through a single server. Review the single server message flow but then focus on how the Queue Viewer and message tracking can be used to troubleshoot the message flow. “Topic 4: Troubleshooting the Recipient Update Service” discusses recipient policies and the Recipient Update Service. These concepts should be familiar to the students, so focus on how configuration errors in the recipient policies, and configuration errors or service failures in the Recipient Update Service may cause e-mail delivery failures. “Topic 5: Pre-Lab Discussion” is your opportunity to prepare students for the lab. You should help students begin to think about the underlying problems that might result in the indicated situations, and document their suggestions on the whiteboard. Use this page to provide context for the lab and help students better understand the importance of the concepts in this unit when it comes to troubleshooting the lab scenarios. Lab If students have difficulty with the lab, use the flow charts to focus their troubleshooting efforts. If needed, ask them which steps they have completed. If they have gone past the step where they fix the problem, ask them to explain what they found in that step and the step before. This workshop assumes prerequisite knowledge in managing an Exchange Server 2003 environment. If students do not meet the prerequisites, you may need to review some procedures with the students. For more information on completing this lab, direct students to Appendix A, “Lab Guidance,” located at the back of the student workbook. If necessary, be prepared to provide desk side assistance to each student during the lab phase of class. You will want to maintain a “study hall” atmosphere within the classroom while students complete the lab.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

23

Note Sometimes Internet Explorer fails to load all data when connecting to Outlook Web Access. If this happens, remind the students to close and restart Internet Explorer. There are two flow charts for this lab. The first flow chart which is located in the beginning of the lab is used for exercises 1 and 2. The second flow chart is for use while completing exercise 3, which is located at the end of the lab. You may wish to point out the location of the flow chart for your students. In the flow chart entitled “Troubleshooting Mailbox Problems,” solution boxes C and D direct the student to “Check content scanner.” Content scanning is a feature provided by third-party manufacturers. Because no content scanners are installed as part of this workshop’s setup, the students will be unable to perform this task. You should mention that students would follow manufacturer’s instructions for verifying their content scanner configuration in their own production environments. Review You should have spent some time during the pre-lab discussion, with all student books closed, reviewing ways that the students would troubleshoot the scenarios covered in the lab. Record the students’ ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab. Discuss how the students used the troubleshooting flow chart to determine the root cause of the problem. Compare the process of the flow chart to what the students said they would do before the lab. Make sure you record the information provided by the students. Discuss how they would troubleshoot the problem now based on what they learned in the lab. Discuss how the students tested their solution to the problem and how they knew they were successful in resolving the problem. Make sure students shut down the Virtual PCs following the instructions after the lab.

24

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Instructor Notes for Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
Presentation: 15 minutes Lab: 150 minutes Review: 5 minutes After completing this unit, students will be able to:
!

Identify the underlying causes when a user cannot access OWA because of a security error. Identify the underlying causes when a user cannot access Outlook Web Access because of an authentication error and resolve the problem. Identify the underlying causes when a user cannot access Outlook Mobile Access and resolve the problem.

!

!

Required materials

To teach this unit, you need the unit slides, the student workbook, which includes the lab flow charts and the service request forms, and the Lab Toolkit. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

Preparation tasks

To prepare for this unit, read all the written materials and review the resources in the Lab Toolkit, practice the labs and guided activities, and prepare to answer the discussion questions. In addition, you should:
!

Review Module 7, “Implementing and Managing Client Access with Internet Protocols,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003. Review Module 10, “Managing Mobile Devices with Exchange Server 2003,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003. Review Module 3, “Securing Exchange Server 2003,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

!

!

Classroom setup

The information in this section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab. This lab includes three scenarios. Prior to starting each scenario, a script must be run that will create the problem that the students will be troubleshooting.

! Prepare for the lab
1. The students will use the London Virtual PC and the Miami Virtual PC for this lab. The Miami Virtual PC must be configured as a front-end server using the procedure in the lab. 2. To create the troubleshooting scenario for Exercise 1, the students must run the breaklab4a.bat script. 3. To create the troubleshooting scenario for Exercise 2, the students must run the breaklab4b.bat script. 4. To create the troubleshooting scenario for Exercise 3, the students must run the breaklab4c.bat script.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

25

How to Teach This Unit
This section describes the instructional methods for teaching this unit. Presentation To cover the three presentation slides in 15 minutes, you will need to move quickly. The students should already have some background information on the topics in the presentations, so focus on how each of the components is relevant for troubleshooting. “Topic 1: Troubleshooting Outlook Web Access” discusses the issues that can arise when a user tries to connect to an Exchange server using Outlook Web Access. Focus on the troubleshooting aspects of the topic. The table that lists the error messages a user may receive are intended for reference, so don’t go into too much detail. Perhaps review just one row so the students can see the format. Spend more time on the troubleshooting topics after the table because these cover how to approach troubleshooting in an OWA environment. “Topic 2: Troubleshooting a Front-End and Back-End Server Topology with Outlook Web Access” discusses how adding a front-end and back-end server configuration can complicate troubleshooting. The section briefly discusses the front-end, back-end topology, and students should be familiar with the topic. Spend most of your time on the troubleshooting section, highlighting how you can test each component within front-end, back-end server topology to isolate the problem. The lab scenarios focus on front-end, back-end configuration issues. “Topic 3: Troubleshooting Outlook Mobile Access” discusses how Outlook Mobile Access is different than Outlook Web Access. Spend some time discussing that both services rely on Internet Information Server (IIS) so troubleshooting may include troubleshooting IIS as well as Exchange. “Topic 3: Pre-Lab Discussion” is your opportunity to prepare students for the lab. You should help students begin to think about the underlying problems that might result in the indicated situations, and document their suggestions on the whiteboard. Use this page to provide context for the lab and help students better understand the importance of the concepts in this unit when it comes to troubleshooting the lab scenarios. Lab If students have difficulty with the lab, use the flow charts to focus their troubleshooting efforts. If needed, ask them which steps they have completed. If they have gone past the step where they fix the problem, ask them to explain what they found in that step and the step before. This workshop assumes prior knowledge in managing an Exchange Server 2003 environment. If students do not meet this prerequisite, you may need to review some procedures with the students. For more information on completing this lab, direct students to Appendix A, “Lab Guidance,” located at the back of the student workbook. If necessary, be prepared to provide desk side assistance to each student during the lab phase of class. You will want to maintain a “study hall” atmosphere within the classroom while students complete the lab.

26

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Review

You should have spent some time during the pre-lab discussion, with all student books closed, reviewing ways that the students would troubleshoot the scenarios covered in the lab. Record the students’ ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab. If students have questions about Exercise 2, you should refer them to the toolkit resource, “Verifying the Configuration of the Default Web Site.” This resource describes how to determine whether ASP.NET is allowed or prohibited. This can happen if a company has deployed OMA much after the initial installation of Exchange. The company may have decided to disable ASP.NET, and then not realized that they need to enable it for OMA to function. Another scenario is that an IIS administrator may notice the setting, believe that it poses a security risk, and may turn it off. Discuss how the students used the troubleshooting flow chart to determine the root cause of the problem. Compare the process of the flow chart to what the students said they would do before the lab. Make sure you record the information provided by the students. Discuss how they would troubleshoot the problem now based on what they learned in the lab. Discuss how the students tested their solution to the problem and how they knew they were successful in resolving the problem. Make sure students shut down the VPCs following the instructions after the lab.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

27

Instructor Notes for Unit 5: Troubleshooting Client Connectivity
Presentation: 15 minutes Lab: 120 minutes Review: 5 minutes After completing this unit, students will be able to:
!

Identify the underlying causes when a user is unable to send e-mail to the Internet from home using Outlook Express and resolve the problem. Identify the underlying causes when a user receives a “The connection to the server has failed” message and resolve the problem. Identify the underlying causes when a new user receives an error message when trying to connect to their mailbox and resolve the problem.

!

!

Required materials

To teach this unit, you need the unit slides, the student workbook, and the Lab Toolkit. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

Preparation tasks

To prepare for this unit, read all the written materials and review the resources in the Lab Toolkit, practice the labs and guided activities, and prepare to facilitate the discussion questions. In addition, you should:
!

Review Module 7, “Implementing and Managing Client Access with Internet Protocols,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003. Review Module 8, “Managing Client Configuration and Connectivity,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

!

Classroom setup

The information in this section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab.

! Prepare for the lab
• Remind Students to follow the directions for the Lab Virtual PC configuration, and remind all students to run the scripts in the beginning of each exercise in the Lab for Unit 5.

28

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

How to Teach This Unit
This section describes the instructional methods for teaching this unit. Presentation This unit covers client connectivity. It is important to keep the focus on messaging client configuration and client connection issues. The students should already have some background information on these topics in the presentation; you will want to focus on how the information presented is critical to troubleshooting. “Topic 1: Messaging Clients Used to Access Exchange Server 2003” discusses the various messaging clients available to messaging users. It is important to note that different clients have different requirements for connection to an Exchange Server 2003 server. You should explain, for example, that Outlook Web Access requires only a compliant browser and connectivity using Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) if Secure Sockets Layer (SSL) is being used. However, Outlook 2003 is a full-featured messaging client that needs additional available ports to connect to the Exchange Server 2003 server, Active Directory domain controllers, and Active Directory global catalog servers. Discuss with the students how they can use different messaging clients to troubleshoot other messaging clients. For example, using OWA successfully will inform the student that the Exchange server is running properly and help eliminate the server as the problem for a MAPI client. “Topic 2: How Messaging Clients Connect to Exchange Server 2003” focuses on the network requirements that Exchange services require by each messaging client to connect to the Exchange Server 2003 environment. Stay focused on the different communication methods used by each client and the ports that are needed to be open for each client. It is important to discuss the network services that are required on the Exchange Server 2003 server so that the messaging client can properly connect. “Topic 3: Additional Services Required for Connecting to Exchange Server 2003” discusses the supporting network services that are required for the messaging client to connect to the Exchange server. For example, without DNS, Outlook 2003 would not be able to find the Exchange server on the network. Without IIS installed and running, Outlook Web Access and Outlook Mobile Access would not be able to connect to the Exchange Server 2003 environment. SMTP, POP3, and IMAP4 allow Outlook Express to connect to the Exchange server internally on the network as well as externally from the Internet if the ports have been published on the firewall and redirected to the Exchange server. Focus the discussion on how troubleshooting requires verifying these services as part of the messaging client connectivity requirements. “Topic 4: Pre-Lab Discussion” is your opportunity to prepare students for the lab. You should help students begin to think about the underlying problems that might result in the indicated situations, and document their suggestions on the whiteboard. Use this page to provide context for the lab and help students better understand the importance of the concepts in this unit when it comes to troubleshooting the lab scenarios.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

29

Lab

If students have difficulty with the lab, use the flow charts to focus their troubleshooting efforts. If needed, ask them which steps they have completed. If they have gone past the step where they fix the problem, ask them to explain what they found in that step and the step before. This workshop assumes prerequisite knowledge in managing an Exchange Server 2003 environment. If students do not meet the prerequisites, you may need to review some procedures with the students. One issue may arise in Exercise 1 where students are required to create a second SMTP virtual server and then configure one of the two SMTP virtual servers using SSL and the IMAP4 virtual server using SSL. Some students have never done this work, even though it is covered in the prerequisite courses. Make sure you can do these tasks and explain them to the students. In Exercise 2, students need to take several steps to prepare the environment for troubleshooting. The configuration for this exercise is a little more complex than others because we need to configure a cached credential for AlexHanki and then reset the computer so that it does not retained cached DNS information. For more information on completing this lab, direct students to Appendix A, “Lab Guidance,” located at the back of the student workbook. If necessary, be prepared to provide desk side assistance to each student during the lab phase of class. You will want to maintain a “study hall” atmosphere within the classroom while students complete the lab. In the third exercise of the lab, on Acapulco, students will need to log off as Alex Hankin and log back on as Gary Schare. Because of the modifications made by the script, it can take as long as 20 minutes to log back on to Acapulco. You should consider directing students to begin the log on process, and then take a break.

Review

You should have spent some time during the pre-lab discussion with all student books closed; going over some ways that the students would troubleshoot the scenarios covered in the lab and then record the students’ ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab. Discuss how the students used the troubleshooting flow chart to determine the root cause of the problem. Compare the process of the flow chart to what the students said they would do before the lab. Make sure you record the information provided by the students. Discuss how they would troubleshoot the problem now based on what they learned in the lab. Discuss how the students tested their solution to the problem and how they knew they were successful in resolving the problem. Make sure students shut down the Virtual PCs following the instructions after the lab.

30

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Instructor Notes for Unit 6: Troubleshooting Server Connectivity
Presentation: 15 minutes Lab: 90 minutes Review: 5 minutes After completing this unit, students will be able to:
! ! !

Troubleshoot message delivery between servers in the same routing group. Troubleshoot message delivery between servers in different routing groups. Troubleshoot message delivery between an Exchange organization and another e-mail system. Troubleshoot message delivery between an Exchange organization and the Internet.

!

Required materials

To teach this unit, you need the unit slides, the student workbook, which includes the lab flow charts and the lab scenarios, and the Lab Toolkit. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

Preparation tasks

To prepare for this unit, read all the written materials and review the resources in the Lab Toolkit, practice the labs and guided activities, and prepare to answer the discussion questions. In addition, you should:
!

Review Module 9, “Managing Routing,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

Classroom setup

The information in this section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab. This lab requires that the students create a new routing group and move Miami into the routing group using the procedure described at the beginning of the lab.

! Prepare for the lab
1. For the first exercise in the lab, the students will use the London Virtual PC and the Miami Virtual PC. In preparation for the lab, they must configure an additional routing group and move the Miami Exchange server into the routing group using the procedures at the beginning of the lab. 2. For the second and third exercises in the lab, the students will use the London Virtual PC and the Vancouver Virtual PC. The Vancouver Virtual PC will be used to simulate an Internet connection. 3. To create the troubleshooting problems for Exercise 2 in this lab, the students must run the breaklab6b.bat script. 4. To create the troubleshooting problems for Exercise 3 in this lab, the students must run the breaklab6c.bat

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

31

How to Teach This Unit
This section describes the instructional methods for teaching this unit. Presentation To cover the four presentation slides in 15 minutes, you will need to move quickly. The students should already have some background information on the topics in the presentations, so focus on how each of the components that are relevant for troubleshooting. The four topics in the unit build on the single server message flow information discussed in Unit 3. Remind the students of that information and discuss the fact that in some cases the reason why messages are not delivered to other servers may be a failure on one server. The four topics in this unit also build from simple to more complex environments starting with a single site, multiple sites, and external e-mail systems and finishing with connecting to the Internet. Discuss this progression with the students as you introduce the topics in this unit. “Topic 1: Troubleshooting Intra-Routing Group Connectivity” discusses how messages are routed between severs in a single routing group. Discuss the characteristics of message routing in a single routing group and ask the students what could fail in this environment, and what the symptoms would be. You may wish to use the whiteboard to indicate a geographically disperse routing group and discuss the fact that there are no logical bridgehead servers even when there are physical servers providing the connection between locations. This diagram can then carry forward into the next topic. Then discuss the troubleshooting steps. This is a good place to review the strong dependency of Exchange Server 2003 on DNS and Active Directory, in that most message delivery problems come from DNS or Active Directory resolution problems. As you discuss ways to resolve DC/GC or DNS issues, ensure that the students understand how to implement the solutions. If the students do not have the Active Directory background, refer them to Active Directory courses available from Microsoft. “Topic 2: Troubleshooting Routing Group Connectivity” discusses message routing between routing groups and how to troubleshoot the errors. Students should be familiar with the routing group connector options in Exchange Server 2003 so focus on the troubleshooting sections. Point out that the message flow through bridgehead servers mean that the first step to troubleshooting message routing in multiple routing groups is to ensure that messages are flowing in the single routing group to the bridgehead server. “Topic 3: Troubleshooting Connectivity to Other E-Mail Systems” discusses connecting the Exchange organization to other e-mail systems such as Lotus Notes or Novell Groupwise. Many students will not be familiar with this topic so review the concepts and the connector options briefly, mentioning the differences between Exchange Server 2003 and Exchange 2000. The lab does not include any scenarios where students will connect to another e-mail system. “Topic 4: Troubleshooting Connectivity to the Internet” discusses how to troubleshoot both incoming and outgoing e-mail. The most significant component to troubleshooting incoming e-mail is configuring the Mail Exchanger (MX) records, so make sure that the students understand MX records and their role. If students are not familiar with MX records then show the students the MX records on the London virtual hard disk on the instructor computer. Review the SMTP connector configurations with the students when discussing outbound e-mail.

32

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

“Topic 5: Pre-Lab Discussion” is your opportunity to prepare students for the lab. You should help students begin to think about the underlying problems that might result in the indicated situations, and document their suggestions on the whiteboard. Use this page to provide context for the lab and help students better understand the importance of the concepts in this unit when it comes to troubleshooting the lab scenarios. Lab If students have difficulty with the lab, use the flow charts to focus their troubleshooting efforts. If needed, ask them which steps they have completed. If they have gone past the step where they fix the problem, ask them to explain what they found in that step and the step before. This workshop assumes prerequisite knowledge in managing an Exchange Server 2003 environment. If students do not meet the prerequisites, you may need to review some procedures with the students. For more information on completing this lab, direct students to Appendix A, “Lab Guidance,” located at the back of the student workbook. If necessary, be prepared to provide desk side assistance to each student during the lab phase of class. You will want to maintain a “study hall” atmosphere within the classroom while students complete the lab. Review You should have spent some time during the pre-lab discussion, with all student books closed, reviewing ways that the students would troubleshoot the scenarios covered in the lab and recording the students’ ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab. Discuss how the students used the troubleshooting flow chart to determine the root cause of the problem. Compare the process of the flow chart to what the students said they would do before the lab. Make sure you record the information provided by the students. Discuss how they would troubleshoot the problem now based on what they learned in the lab. Discuss how the students tested their solution to the problem and how they knew they were successful in resolving the problem. Make sure students shut down the Virtual PCs following the instructions after the lab.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

33

Instructor Notes for Unit 7: Troubleshooting Server Performance
Presentation: 15 minutes Lab: 60 minutes Review: 5 minutes After completing this unit, students will be able to:
!

Identify and resolve message problems related to performance problems in domain controllers and global catalog servers. Identify and resolve messaging performance problems caused by the running of scheduled applications. Troubleshoot messaging problems caused by hardware components in server systems.

!

!

Required materials

To teach this unit, you need the unit slides, the student workbook, and the Lab Toolkit. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

Preparation tasks

To prepare for this unit, read all the written materials and review the resources in the Lab Toolkit, practice the labs and guided activities, and prepare to facilitate the discussion questions. In addition, you should:
!

Review Module 13, “Performing Preventative Maintenance,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

Classroom setup

The information in this section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab.

! Prepare for the lab
• Make sure to remind all students to run the scripts before all exercises.

How to Teach This Unit
This section describes the instructional methods for teaching this unit. Presentation This unit covers server performance problems. As servers become overwhelmed with normal and abnormal network use, the students will need to troubleshoot the cause of the poor performance and then make recommendations on how to fix the problems. The students should already have some background information on the topics in the presentations, so focus on how the information presented is important for troubleshooting. “Topic 1: System Components That Cause Server-Related Performance Problems” discusses the various components of the server that can cause performance problems for Exchange Server 2003 and messaging clients that connect to the server. You should discuss the counters used to monitor server performance whether the server is an Exchange server or any other application server. Discuss how using System Monitor can help identify the performance constraint causing the problem and what actions can be taken to alleviate the performance problem.

34

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

“Topic 2: Common Server-Related Problems” focuses on performance problems that can be mitigated by offloading some services, rescheduling some activities, and changing maintenance schedules. A chart is provided to demonstrate examples of how to mitigate performance problems. “Topic 3: Pre-Lab Discussion” is your opportunity to prepare students for the lab. You should help students begin to think about the underlying problems that might result in the indicated situations, and document their suggestions on the whiteboard. Use this page to provide context for the lab and help students better understand the importance of the concepts in this unit when it comes to troubleshooting the lab scenarios. Lab It is very important that the students do not stop the script for Exercise 3. The command prompt window will remain open, so it will probably be a clue for the students that whatever is running is the problem. It would be a very good time to give students a break. Let them know that once they start the script, it may take 10 minutes or more. Let them know that they can minimize the window, so that it will not be in their way while they start troubleshooting. The script will cause the students to eventually run out of disk space. Because running the script can take over thirty minutes (depending on system performance) you may allow students to start troubleshooting after ten minutes. They will find the excessive disk activity. As you review the lab with the students, point out all the extra files created by the script and that if it kept running, it would eventually fill up the disk. Point out to the students that when the disk fills, the MTA will stop and eventually all Exchange services will stop once the last of the log files are filled. The solution is that the drive needs to have the extra files deleted and Exchange services restarted if necessary. If students have difficulty with the lab, use the flow charts to focus their troubleshooting efforts. If needed, ask them which steps they have completed. If they have gone past the step where they fix the problem, ask them to explain what they found in that step and the step before. This workshop assumes prerequisite knowledge in managing an Exchange Server 2003 environment. If students do not meet the prerequisites, you may need to review some procedures with the students. For more information on completing this lab, direct students to Appendix A, “Lab Guidance,” located at the back of the student workbook. If necessary, be prepared to provide desk side assistance to each student during the lab phase of class. You will want to maintain a “study hall” atmosphere within the classroom while students complete the lab. Review You should have spent some time during the pre-lab discussion, with all student books closed, reviewing ways that the students would troubleshoot the scenarios covered in the lab, recording their ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab. Discuss how the students used the troubleshooting flow chart to determine the root cause of the problem. Compare the process of the flow chart to what the students said they would do before the lab. Record on the whiteboard the information provided by the students. Discuss how they would troubleshoot the problem now based on what they learned in the lab. Discuss how the students tested their solution to the problem and how they knew they were successful in resolving the problem. Make sure students shut down the Virtual PCs following the instructions after the lab.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

35

Instructor Notes for Unit 8: Troubleshooting Security Issues
Presentation: 15 minutes Lab: 120 minutes Review: 5 minutes Required materials After completing this unit, students will be able to:
! ! !

Identify and resolve problems related to encrypting e-mail using S/MIME. Identify and resolve problems related to using SSL to secure e-mail. Identify and resolve problems related to Exchange Server 2003 security configurations.

To teach this unit, you need the unit slides, the student workbook, which includes the lab flow charts and the service request forms, and the Lab Toolkit. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

Preparation tasks

To prepare for this unit, read all the written materials and review the resources in the Lab Toolkit, practice the labs and guided activities, and prepare to answer the discussion questions. In addition, you should:
!

Review Module 3, “Securing Exchange Server 2003,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003. Review Module 7, “Implementing and Managing Client Access with Internet Protocols,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

!

Classroom setup

The information in this section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab. This lab requires that the students create a new routing group and move Miami into the routing group using the procedure described at the beginning of the lab.

! Prepare for the lab
1. For the first two scenarios in the lab, the students will use the London Virtual PC and the Acapulco Virtual PC. 2. In the troubleshooting Exercise 1, the problem is created by an incomplete classroom configuration. 3. In the troubleshooting Exercise 2, the problem is created by an incorrectly configured user profile. The profile has been created as part of the classroom setup. 4. For the last exercise in the lab, the students will use the London Virtual PC and the Vancouver Virtual PC. 5. To create the troubleshooting problems for Exercise 3 in this lab, the students must run the Breaklab8c.bat script.

36

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

How to Teach This Unit
This section describes the instructional methods for teaching this unit. Presentation Not all companies have implemented SSL and S/MIME to secure e-mail. This means that some students are likely to have limited background understanding of PKI, SSL and S/MIME. If students do not have the expected background, then be prepared to spend more time explaining the concepts. An understanding of the concepts is required to troubleshoot issues with e-mail security. Before starting the topics, spend some time determining how familiar the students are with this content. Ask how many have deployed an internal CA, how many use S/MIME in their company, how many use SSL to secure OWA, how many use SSL to secure other e-mail protocols. “Topic 1: PKI Requirements for Secure E-Mail” discuss the concepts of PKI and the implementation options available when deploying a PKI. Use this slide to briefly discuss the components that enable digital signature and encryption capabilities. Use the information listed in the table to explain the role each PKI component plays in creating an infrastructure that can be used to secure e-mail. The amount of time you spend on this topic will depend on student familiarity with the concepts. If students are interested in learning more about using PKI to improve network security refer them to Course 2821: Designing and Managing a Microsoft Windows Public Key Infrastructure. “Topic 2: Troubleshooting S/MIME E-Mail Issues” discuss the concepts, implementation and troubleshooting of S/MIME. Stress that S/MIME requires digital certificates for all e-mail clients that want to send secure e-mail, so most of the S/MIME troubleshooting issues will be client based. Tell the students that they can implement S/MIME security without modifying any settings on the Exchange server because the Exchange server will just accept the encrypted e-mail messages and forward them to other servers. “Topic 3: Troubleshooting SSL Issues” discusses the concepts, implementation and troubleshooting of SSL. Tell students that, in contrast to S/MIME, almost all SSL troubleshooting will be server-based or network based, because all Internet protocol clients are enabled for SSL. Stress that although SSL is easier to implement than S/MIME, it is not as easy to use when sending secure e-mail to external clients. With S/MIME you can send secure e-mail to anyone as long as you have the required digital certificates. SSL is used only to secure client connections to Exchange servers and possibly, to secure SMTP e-mail sent between two Exchange servers. “Topic 4: Pre-Lab Discussion” is your opportunity to prepare students for the lab. You should help students begin to think about the underlying problems that might result in the indicated situations, and document their suggestions on the whiteboard. Use this page to provide context for the lab and help students better understand the importance of the concepts in this unit when it comes to troubleshooting the lab scenarios.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

37

Lab

If students have difficulty with the lab, use the flow charts to focus their troubleshooting efforts. If needed, ask them which steps they have completed. If they have gone past the step where they fix the problem, ask them to explain what they found in that step and the step before. This workshop assumes prerequisite knowledge in managing an Exchange Server 2003 environment. If students do not meet the prerequisites, you may need to review some procedures with the students. For more information on completing this lab, direct students to Appendix A, “Lab Guidance,” located at the back of the student workbook. If necessary, be prepared to provide desk side assistance to each student during the lab phase of class. You will want to maintain a “study hall” atmosphere within the classroom while students complete the lab. In the flow chart, solution box A directs the student to “Check SMTP gateway or smart host configuration”. Because SMTP gateway or smart host is not installed as part of this workshop’s setup, the students will be unable to perform this task. You should mention that students would follow manufacturer’s instructions for verifying their SMTP gateway or smart host configuration in their own production environments.

Review

You should have spent some time during the pre-lab discussion, with all student books closed, going over some ways that the students would troubleshoot the scenarios covered in the lab and recording the students’ ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab. Discuss how the students used the troubleshooting flow chart to determine the root cause of the problem. Compare the process of the flow chart to what the students said they would do before the lab. Make sure you record the information provided by the students. Discuss how they would troubleshoot the problem now based on what they learned in the lab. Discuss how the students tested their solution to the problem and how they knew they were successful in resolving the problem. Make sure students shut down the Virtual PCs following the instructions after the lab.

38

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Instructor Notes for Unit 9: Troubleshooting the Migration to Exchange 2003
Presentation: 15 minutes Lab: 90 minutes Review: 15 minutes After completing this unit, students will be able to:
!

Identify the underlying causes when a user cannot access their mailbox after a migration and resolve the problem. Identify the underlying causes when a user cannot send e-mail to the Exchange 5.5 organization during a migration and resolve the problem. Identify the underlying causes when a user cannot send e-mail to some users during a migration and resolve the problem.

!

!

Required materials

To teach this unit, you need the unit slides, the student workbook, which includes the lab flow charts and the service request forms, and the Lab Toolkit. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

Preparation tasks

To prepare for this unit, read all the written materials and review the resources in the Lab Toolkit, practice the labs and guided activities, and prepare to answer the discussion questions. In addition, you should:
!

Review Module 14, “Migrating User from Exchange 5.5 to Exchange Server 2003,” from Course 2400, Implementing and Managing Microsoft Exchange Server 2003.

Classroom setup

The information in this section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab.

! Prepare for the lab
1. The students need to start the London and Vancouver Virtual PCs for this lab. 2. The students do not need to run any scripts to prepare the lab environment. The environment is preconfigured for the lab.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

39

How to Teach This Unit
This section describes the instructional methods for teaching this unit. Presentation This unit discusses a scenario that most companies will go through only once. If the students have worked with a company that has gone through a migration to either Exchange 2000 or Exchange Server 2003, they are likely to be quite familiar with the content. If they have not gone through a migration, they may have no experience with the content of this unit. Before starting the topics, spend a short time determining how familiar the students are with this content. Ask how many have been involved in a migration project. The third topic covers the troubleshooting issues that can occur during the migration. Spend most of your instruction time discussing these issues and their resolutions. “Topic 1: Standard Migration Overview” provides a very brief overview of how to upgrade an existing Exchange 5.5 organization to Exchange Server 2003. If the students do not have experience with concepts such as SIDHistory and NTDSNoMatch, you may need to spend some time discussing what these terms refer to and why they are so important in a migration scenario. If the students are not familiar with the migration steps, expect to spend some additional time on this topic. “Topic 2: External Migration Overview” provides a very brief overview of how to migrate mailboxes and public folders from an existing Exchange 5.5 organization to a new Exchange Server 2003 organization. Many of the steps in the migration appear similar to the standard migration, but the procedures may be quite different. For example, moving a mailbox within the same site or administrative/routing group is very different from moving the mailbox between organizations. “Topic 3: Troubleshooting Migration Issues” discusses the troubleshooting issues that may arise during a migration and suggests resolutions for the issues. If you have students that have been part of a migration project, ask them to highlight the issues they faced during the migration as well as any additional issues they faced. “Topic 4: Pre-Lab Discussion” is your opportunity to prepare students for the lab. You should help students begin to think about the underlying problems that might result in the indicated situations, and document their suggestions on the whiteboard. Use this page to provide context for the lab and help students better understand the importance of the concepts in this unit when it comes to troubleshooting the lab scenarios.

40

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Lab

The lab includes three exercises. Before starting the lab, the students must start up the London and Vancouver Virtual PCs. Before starting the lab, highlight the Lab Scenario information at the beginning of the lab. Due to time constraints, students will not be able to perform an actual migration in the lab, but will start the lab with an organization that is partially migrated and where the two Exchange organizations coexist. Highlight the Important note at the beginning of the lab. In this simulation of the migration environment, all the user accounts in the Contoso domain have been migrated to the Nwtraders.msft domain. The students should always be logging onto the NWTraders.msft domain when they are working on the lab. The only exception is if they need to log in as Contoso\Administrator. If students have difficulty with the lab, use the flow charts to focus their troubleshooting efforts. If needed, ask them which steps they have completed. If they have gone past the step where they fix the problem, ask them to explain what they found in that step and the step before. This workshop assumes prerequisite knowledge in managing an Exchange Server 2003 environment. If students do not meet the prerequisites, you may need to review some procedures with the students. For more information on completing this lab, direct students to Appendix A, “Lab Guidance,” located at the back of the student workbook. If necessary, be prepared to provide desk side assistance to each student during the lab phase of class. You will want to maintain a “study hall” atmosphere within the classroom while students complete the lab.

Review

You should have spent some time during the pre-lab discussion, with all student books closed, going over some ways that the students would troubleshoot the scenarios covered in the lab and recording the students’ ideas on the whiteboard. After completing the lab, review what they would have done before seeing the lab. Discuss how the students used the troubleshooting flow chart to determine the root cause of the problem. Compare the process of the flow chart to what the students said they would do before the lab. Make sure you record the information provided by the students. Discuss how they would troubleshoot the problem now based on what they learned in the lab. Discuss how the students tested their solution to the problem and how they knew they were successful in resolving the problem.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

41

Instructor Notes for Unit 10: Troubleshooting an Exchange Server 2003 Organization
Presentation: 45 minutes Lab: NA Review: NA After completing this unit, students will be able to:
!

Identify multiple issues affecting the messaging functionality within an organization. Troubleshoot the following: • Network Connectivity • Public Folders and Mailboxes • Outlook Web Access and Outlook Mobile Access • Client Connectivity • Server Connectivity • Server Performance • Security Issues • Migration from Exchange 5.5 to Exchange Server 2003

!

Required materials

To teach this unit, you need the unit slides, the student workbook, and the Lab Toolkit. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly.

Preparation tasks

To prepare for this unit, read all the written materials and review the resources in the Lab Toolkit, practice the labs and guided activities, and prepare to facilitate the discussion questions. There are no tasks required to prepare for the lab, the entire unit is the lab.

Prepare for the lab

42

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

How to Teach This Unit
This section describes the instructional methods for teaching this unit. Presentation This unit contains all the information that is normally provided to an administrator when troubleshooting problems with an Exchange Server 2003 server environment. This lab is for the students to show what they have learned and to put it all together. “Topic 1: Approach to Exchange Server 2003 Troubleshooting” discusses how troubleshooting tasks should be addressed and resolved. This topic provides several questions that an administrator should ask as part of their troubleshooting process. For example, when discussing the Time/Date subject, it is important to note that the time of the day and the day of the week can have considerable impact on the troubleshooting process. If the problem occurs every day from 7 A.M. to 8 A.M. that should point to it being a peak time frame and that the only way to fix the problem would be to encourage users to vary the time of the day when they log onto their computers and open their messaging clients. Because this probably isn’t a solution, the student/administrator should consider ways to improve performance during these specific times or inexpensive ways to add capacity to the environment. One of the favorites of the students should be the Prioritization subject. Encourage them to explain how they prioritize service requests when they have more than one or two waiting for their attention. “Topic 2-4: Challenge Information” provides the detail for the students in their troubleshooting scenario. There is no hands-on lab for this unit. In this unit, students will use the information provided in the Challenge Information pages to assist them with troubleshooting the scenarios presented in the Challenge. The challenge information provides the students with very high level Company Background, excerpts from the Change Management Log, and excerpts from the Service Request Log. This information provides the students with some recent history regarding user problems as well as recent history regarding changes made to the Exchange Server 2003 environment. Some of the information is helpful, and some of it is misleading. It is important that students learn that Service Requests and Help Desk information is not necessarily trustworthy. Lab If students have difficulty with the lab, use the flow charts to focus their troubleshooting efforts. If needed, ask them which steps they have completed. If they have gone past the step where they fix the problem, ask them to explain what they found in that step and the step before. This workshop assumes prerequisite knowledge in managing an Exchange Server 2003 environment. If students do not meet the prerequisites, you may need to review some procedures with the students. For more information on completing this lab, direct students to Appendix A, “Lab Guidance,” located at the back of the student workbook. If necessary, be prepared to provide desk side assistance to each student during the lab phase of class. You will want to maintain a “study hall” atmosphere within the classroom while students complete the lab. The challenge consists of six scenarios where students troubleshoot the virtual environment by asking the trainer questions and explaining what tasks that they would like to perform. The scenarios are very briefly described in the challenge. It is up to the students to request more information and up to the trainer to decide what the response should be to each of the student questions.

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

43

Have the students read through all six scenarios before beginning and ask them where they want to start working. You may want to approach this lab by letting students volunteer their questions and troubleshooting steps that they would take. You may also want to just start in one corner and ask each person what they would do next. If a student is lost for words or just out of ideas, encourage the class to give that student some ideas. For example: Trainer: “Student 1, what would you do first in troubleshooting this problem?” Student 1:”I would like to verify that network connectivity exists between the messaging client and the Exchange server.” Trainer: “Student 1, how would you do that?” Student 1: “I would use the ping command from the client and see if I can ping the server using the host name and then try the IP address if the host name doesn’t work.” Trainer: “Excellent idea, you are able to properly ping the Exchange server by its host name. Student 2, what would you like to do next?” Student 2: “I would like to verify that the domain controllers and global catalog servers are up and running for this network segment. I would do this by running netdiag from my client machine and also by running dcdiag from one of the domain controllers.” Trainer: “Excellent idea, your results show that one domain controller is down.” Of course, the trainer is also allowed to provide unimportant information like in the above example, where a domain controller being down doesn’t necessarily affect the outcome. Scenario 1: David Campbell is unable to access his e-mail. His laptop is a new computer that he was just provided. The laptop has the lab DNS settings which have the wrong IP addresses for production servers. If students try to ping any servers you will tell them that you received responses, but it does not look like the right IP address in the return responses. The reason that this happens is that the lab has different settings for its environment that do not map to the production environment. Once students identify that the DNS settings for TCP/IP are incorrect, then David’s Outlook 2003 will start working, assuming they try it after making the changes. Scenario 2: Ben Smith is unable to access his mailbox after starting up his laptop. The problem is that Ben’s laptop cable is loose and he gets intermittent connectivity during ping testing and all other testing done by the students. As the trainer, you should play the part of Ben and often say, “No, no response,” and then say, “Hey, it just worked,” and then, “No, it isn’t working again.” This will drive the students crazy, but it should encourage them to drop back to the basics and verify that the network cable is plugged in properly. Remind them that Ben is a vice president. He probably should have been bumped ahead of David Campbell.

44

Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003

Scenario 3: Janet Sheperdigian’s Outlook Express client is not properly configured to use SSL to protect traffic transmitted between her messaging client and the Exchange server. Janet is unable to connect to Exchange using SSL with SMTP because there is only a single SMTP VS on the Exchange server. If students try to reconfigure it, the trainer will state, “Well, now the Exchange team is getting flooded with calls about people unable to send e-mail to the Internet from the Vancouver office.” Students must create a new SMTP VS and implement SSL on it. SSL also needs to be implemented on IMAP4 or POP3 depending on whichever they find that Janet is using. If the students do not ask about IMAP4 or POP3, then tell them that the auditor has re-tested and is still able to capture e-mail to Janet. Scenario 4: H. Brian Valentine is unable to access his e-mail using OWA. Brian’s statement about being able to do it last week is misleading, so students may jump off track. Be patient. They will return to the basics soon enough. The problem is that Brian is not entering https when trying to connect to the OWA server. If anyone asks to ping the OWA server, it will result in “Request timed out” messages. Pinging by name will resolve to the correct IP address. However, there will be no responses from the server. Pinging by IP will also give a request timed out message. This can be explained very easily. If the students ask during the scenario about firewalls or ISA servers, you should tell them that all OWA servers are protected by ISA servers. By default, ISA does not allow Internet Control Message Protocol (ICMP) from the Internet to internally published sources. Scenario 5: Jeff Hay is unable to send encrypted e-mail to Tai Yee. Tai Yee is not a member of Jeff’s company; Tai is an employee of another company. The problem is that Tai never sent a digital certificate to Jeff, so Jeff is unable to send an encrypted message to Tai. Scenario 6: Scott Bishop is experiencing poor performance when using Outlook to connect to his mailbox. The problem is that the Exchange server that holds Scott’s mailbox is overloaded. Students may not have noticed that the Change Management Log states that one of the Exchange servers in London was shutdown and all mailboxes were moved to other servers. With the additional load, the Exchange server that Scott is on has become overloaded and is extremely slow in its response. If students have difficulty with the scenarios, encourage them to feel free to review the flow charts from the previous units and to ask for help from their classmates. Do not feel the need to rush the students; let them think for a few minutes and make sure to provide positive feedback. This workshop assumes prior knowledge in managing an Exchange Server 2003 environment; if the students do not meet the prerequisites, you may need to review some procedures with the students. Review There is no review for this unit because the challenge is the review for the workshop.


				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:92
posted:11/27/2009
language:English
pages:330