MCSE Top-Rated Sites


 

Installing, Configuring, and Administering Exchange 2000 Server

Installation and Upgrading
Requirements
The recommended hardware for Exchange 2000 server is as follows:
• 128 to 256 MB of RAM
• 2 GB of available disk space on the drive for Exchange 2000 server with 500 MB available on the system drive. All drives that Exchange 2000 server interacts with should be NTFS partitions.
• VGA compatible display adapter
• Paging file set to at least twice the amount of RAM
• CD-ROM drive
• Pentium 300 MHZ or faster processor 

Exchange 2000 server must be installed on a Windows 2000 Server, Advanced Server, or Datacenter Server computer that has Service Pack 1, Internet Information Services (IIS) with TCP/IP, Network News Transfer Protocol (NNTP), and Simple Mail Transport Protocol (SMTP) installed. Exchange 2000 Server must have access to a DNS server, and the installing user should have permission to change the Active Directory schema.

An installer should thoroughly plan the configuration of Exchange 2000 server before installation.

You should take into account the size, scope, network topology, and arrangement of the organization that the Exchange 2000 server will serve.

Initial Configuration and Setup
Preparing Active Directory Schema for Installation
There are certain changes that need to be made to Active Directory before Exchange 2000 server may be installed. The Exchange administrator may not necessarily be the network administrator and therefore may not have the proper permissions to make the necessary pre-installation changes to Active Directory. In this case, Active directory must be prepared using the /forestprep and/or the /domainprep command switch of the Exchange 2000 server setup program. These options run installation utilities that separate the activities that require high lever Active Directory access from the activities that can be run under a lower security/administration context.

The /forestprep switch executes the ForestPrep utility which executes Active Directory changes that require SchemaAdmin and EnterpriseAdmin permissions. ForestPrep creates the Exchange organization in Active Directory, and extends Active Directory to include Exchange specific information. The person running ForestPrep must have SchemaAdmin and EnterpriseAdmin permission.

The /domainprep switch will execute the DomainPrep utility. The DomainPrep utility executes Exchange server installation activities that require DomainAdmin permissions on the network.

ForestPrep must be run and all changes by ForestPrep must be replicated before DomainPrep can successfully be executed.

Routing Groups
Routing groups are used to define areas of high-speed connection on a network used to control the flow of messages between servers. Routing groups are typically used when segments of a network are geographically separated. Servers in the same routing groups communicate with each other via SMTP. Messages whose origin and destination are within the same routing group are directly transferred using SMTP as well. Contact and message flow between routing groups requires connectors.

Administrative Groups
Administrative groups are used to allow an administrator to define how an Exchange organization should be managed. Administrative groups define boundaries of authority for groups of administrators to manage designated servers. Administrative groups also prevent an administrator from making administrative actions on a server that the administrator is not responsible for.

Front-End and Back-End Servers (FE/BE)
Front-end servers are computers that receive all user requests and then relay those requests to backend servers that contain the actual data. Data on a back-end server can be accessed from and through a front-end server but it can be totally isolated to external user change if necessary. The typical front-end/back-end configuration consists of a small amount of back-end servers that handle all information and a larger group of front-end servers that handle client requests. The frontend/ back-end server scheme is useful when dealing with users who access resources over the Internet. Servers in a front-end/back-end configuration have the ability to enforce encryption between front-end servers and Internet based clients through the use of Secure Socket Layer (SSL).

Upgrading to Exchange 2000 Server from Exchange Server 5.5
There are two methods of upgrading from Exchange 5.5 to Exchange 2000. The first option is an in-place upgrade, and the second option is a mailbox migration.

In-Place upgrade
The in-place upgrade is supported when upgrading from an installation of Exchange 5.5 server with service pack 3 installed. The setup program is invoked on the computer that you plan to upgrade.

The setup program will automatically detect the previous installation and perform the in-place upgrade. An in-place upgrade will not allow you to make any configuration changes. To make any configuration changes, you will need to run the setup program again in maintenance mode.

Mailbox Migration
Mailbox Migration is a clean installation of Exchange Server 2000, which is joined to an existing Exchange 5.5 organization. Once Exchange 2000 has been installed and joined, the mailboxes are then migrated to the new server. Existing connectors must be updated if you plan to remove the old site. The advantage of a mailbox migration is that operations are not interrupted by the upgrade.

Replicating Directory Information
Changes made to a domain controller or Exchange server can be replicated all across the network on computers that support Active Directory through the use of Active Directory replication features.

The Active Directory Connector (ADC) included with Windows 2000 is a basic connector that provides for functionality and replication between Windows 2000 and Exchange 5.5 server.

Exchange 2000 installs a new ACD when it is first installed. This new ADC has enhanced replication functionality and is required to operate Exchange 2000 server. The new ADC can be integrated with Exchange 5.5 to allow for the replication. There must be at least one instance of the Exchange 2000 ADC in the Active Directory forest.

Site replication is achieved through the use of the Site Replication Service (SRS). The SRS is the Exchange 2000 version of the directory service from Exchange 5.5. SRS replicates information via Remote Procedure Call (RPC) for data sent within a site. E-mail messages are used to replicate directory data between sites.

Messaging Client Deployment
Exchange 2000 supports several different types of messaging such as real time chat in the form of IRC and Instant Messenger in addition to Internet e-mail.

Microsoft Outlook
Microsoft Outlook is the recommended e-mail program for use with Exchange 2000 server.

Exchange 2000 was designed with Outlook in mind and therefore Outlook is able to take advantage of all the features that Exchange 2000 has to offer. When Outlook is first invoked it will prompt the user for the information required for it to function. This information creates a mail profile that specifies the setting that Outlook will use to function as a messaging client. Organizations that want to ensure a uniform profile among their users can elect to use the Custom Installation Wizard, which will allow the setup program to automatically generate a uniform messaging profile when Outlook is installed.

Outlook Web Access
Outlook Web Access (OWA) is a server-based application based on Microsoft’s Internet Server Application Programming Interface (ISAPI). The version of OWA included with Exchange 2000 is not compatible with earlier versions of OWA. Any Internet browser that supports frames and Java can utilize OWA. In addition to e-mail, OWA also has contact management and calendar features.

POP3 and IMAP
POP3 and IMAP are e-mail messaging protocols. Post Office Protocol 3 or POP3 is a protocol that e-mail clients use to download messages from a remote server. Internet Message Access Protocol 4 or IMAP4 is a protocol that allows a user to manipulate messages on a remote server without actually retrieving the message.

IRC
IRC stands for Internet Relay Chat. IRC allows a user to join live discussions from anywhere on the Internet. Joining an IRC discussion requires an IRC client and an Internet connection. The primary IRC client for Exchange 2000 is Microsoft Instant Messenger, which is included with Exchange 2000 server.

Configuring Exchange 2000 Server
Configuring Server Objects
Configuring Storage Groups
There are several types of mechanisms that Exchange 2000 uses to store information on a server.

Data can be arranged to take advantage of the hardware configuration and to streamline administration. Storage groups define groups of associated mailbox and public stores. The files in a storage group share one set of transaction logs. Each server in an Exchange organization can contain a maximum of four storage groups.

There are several options that can be configured for storage groups and the files contained within:

• Enable/disable circular logging: unless transaction log files are purged by a successful shut down of Exchange 2000 server or by a successful full or incremental backup they are retained. Circular logging re-uses existing log files to minimize disk space requirements.

• Transaction log location: designates the physical disk location that the log files are to be kept.

• System path location: designates the location of any temporary files that are required for use by Exchange 2000 server.

• Zero out deleted database pages: increases the security of various Exchange databases by removing deleted pages from the database file.

Files in storage groups can be further administered by implementing mailbox store and public store policies.

Public Store Policies Public store policies allow you to configure several options for public stores. The policy template allows you to graphically create a custom maintenance schedule. You can also designate full-text indexing options like rebuild and refresh times. The public store policy template also allows you to define disk storage limits for public stores and folders as well as replication schedules and options.

Mailbox Store Policies Mailbox store policies allow you to configure nearly the same options on mailbox stores as public store policies do on public stores. The most notable exception is replication. You are able to define maintenance schedules, storage limits, and full-text indexing options.

Creating Multiple Storage Groups for Data Partitioning
While each storage groups requires that you designate a physical disk location for the transaction files and databases, the places for these objects does not necessarily have to be the same. Indeed there can be some compelling performance reasons for the objects not inhabiting the same space. If transaction logs and database files exist on separate physical disks, then they do not compete for the same disk access resources and therefore will increase the performance of your Exchange 2000 server. Placing storage groups on separate physical disks or arrays of physical disks creates a similar performance enhancement.

Configuring Multiple Databases in a Single Storage Group
In a large Exchange organization mailboxes should be split between a larger number of mailbox store databases rather than one large mailbox store. The spreading of mailboxes has several benefits.

In a large organization, if mailbox stores are spread across several physical disks, there is a potential for performance gains as there is less competition for disk resources. Disaster recovery becomes easier al quicker when mailboxes are decentralized. Multiple smaller mailbox store databases are more easily and quickly restored.

Configuring Virtual Servers to Support Internet Protocols
Through the use of virtual servers, you can make a single computer appear as multiple servers.

Virtual protocol servers are created and managed from the Exchange System Manager utility. There is only one virtual server created for each protocol by default, but others can be created. Each virtual server must be assigned a separate IP address or a customized TCP port for unsecured and SSL communication or both.

Configuring Exchange 2000 Server Information in Active Directory
The integration of Exchange 2000 with Active Directory enables an administrator to manage user accounts through Active Directory reducing administrative overhead. Exchange 2000 relies on Active Directory for user account information through the Global Catalog server. The Global Catalog server is a domain controller that supports forest-wide directory lookups. Earlier versions of Exchange used their own directory services systems and therefore must be adapted to be able to interface with Exchange 2000 and Active Directory. Exchange 2000 has a feature called DSProxy that will relay Exchange 5.5 server information requests to the Global Catalog server.

Configuring Instant Messaging Objects
The primary Instant messaging client program for Exchange 2000 is MSN Messenger, which comes with Exchange 2000 server. Instant messaging requires IIS 5.0 to be installed on a server in the forest to function. Instant messaging is installed by invoking the Exchange 2000 setup program.

The setup program will further update the Active Directory schema with new classes and attributes for instant messaging. Instant messaging is managed from the Exchange System Manager. To implement Instant Messaging, an Instant Messaging virtual server must be created.

Configuring Chat Objects
Exchange 2000 Chat Service is managed through chat communities, which are a series of channels and user classes. When the initial configuration is performed, a single default chat community is created. Other communities can be added as needed. An administrator can create permanent communities within a community, called registered channels, or users can create channels dynamically. Chat channels are typically organized by the subject of discussion. An administrator can designate the security permissions on all user accounts. There are three levels of security instant messaging:

• Sysop: monitors and controls chat channels. Sysops are able to ban users from chat conversations.

• Administrator: have full Sysop permissions and can override Sysop decisions. Administrators become the owner of every channel they join and they cannot be banned from joining any channel.

• User: able to participate in chat conversations.

Creating and Managing Administrative Groups
Administrative groups are used to simplify the delegation of authority in multi-server, multi-domain, or multi-location environments. Administrative groups are created in the Exchange System Manager. Once an administrative group is created, it is empty. Once the group is created, you can add servers and policies. Control of administrative groups can be delegated to other administrators in order to spread the responsibilities. Configuration objects can be copied between administrative groups.

Configuring Exchange 2000 Server Resources for High-Volume Access
For performance and fault tolerance reasons, it is beneficial to locate mailbox and public folder stores and their associated transaction logs on different physical disks. This configuration reduces competition for disk access resources. When there is a large volume of traffic on the server the performance gains yielded by physical disk separation can be great.

RAID disk configurations are also useful disaster prevention tools. RAID stands for Redundant Array of Independent (or Inexpensive) Disks. In RAID systems, data and error-checking parity values are striped across three or more physical disks. This insures that if one of the disks fails, the data on the array can be reconstructed and accessed.

Diagnosing and Resolving Exchange 2000 Performance Problems
The Computer Management snap-in and the Performance utility are useful tools in monitoring performance and system state data. Both allow an administrator to access the performance logs and Alerts tool but the Performance utility also provides access to the System Monitor. An administrator can examine performance data supplied in real-time charts with the Performance Monitor. The Alerts tool is useful for notifying administrators when certain performance conditions or system problems occur.

Configuring Exchange 2000 Server for High Security
Configuring Exchange 2000 Server to Issue v.3 Certificates.
Certificate Services are part of the standard components of Windows 2000 and can be installed as needed. Certificate Services are installed through Add/Remove Programs in the Control Panel. A Certificate Authority destined for use with Exchange 2000 will be integrated with Active Directory and therefore, depending on the Public Key Infrastructure, the Certificate Authority (CA) should be an Enterprise Subordinate or Enterprise Root CA.

Enabling Digest Authentication for Instant Messaging
Digest Authentication sends login information in an encrypted hash to the authenticating server. An Administrator can enable Digest Authentication for Instant Messaging in the Web Site container of the Internet Services Manager.

Configuring Virtual servers to Limit Access through Firewalls
A network containing a Firewall could consist of several areas:

• External Users and/or the Internet: users who you want to prevent gaining unauthorized access but whom you still want to grant appropriate authorized access.

• External Network: area of the network that has the little if any sensitive information. Web servers are typically installed on the external network.

• Firewall: hardware or software that keeps users from accessing internal resources.

• Perimeter Network: also called the Demilitarized Zone or DMZ. This is the only area to which network communication on either side of the firewall is allowed.

• Internal Network: most of the network data is kept here. This prevents direct access to the data as all data is transferred from the Internal Network through the DMZ and out through the firewall.

Virtual protocol servers are set up in the DMZ. From the DMZ all communication and access is routed through the firewall.

Configuring Key Management Service (KMS) to Issue Digital Signatures
The Key Management System (KMS) is a system that Exchange 2000 uses to encrypt e-mail that integrates Windows 2000 Certificate Services. If you plan to send encrypted e-mail messages you must install KMS. Each user who encrypts a message has a private encryption key that only they have access to. To decrypt the encrypted message there must be a corresponding public key, which is available to the entire organization.

A digital signature is a mathematical value derived from analysis of the message that is to be digitally signed. The message is then encrypted using the sender’s private signing key. The digital signature is attached to a message when it is sent. Once received, the message is decrypted using the sender’s public decrypting key and again analyzed. The mathematical value derived in the second analysis is compared to the value obtained during the first analysis. If the values are equal then the message has not been altered between the time it was sent and received.

Create, configure, and manage a public folder solution.
A public folder is contained in a public folder tree and contains information that can be accessed by users. Much like the hierarchical system of directories and files on a hard disk, public folders can contain subfolders, which can also contain subfolders. Public folders are also similar to the system of directories and files in that their security can be implemented in much the same way.

Configuring the Active Directory Object Attributes of a Public Folder
An administrator can alter the attributes of a public folder in Active Directory through the use of Exchange System Manager. Exchange System Manager will allow you to mail enable a folder.

Once enabled, the folder will display new, changeable e-mail related Active Directory attributes in addition to the Standard tab in the properties sheets.

Configuring the Store Attributes of a Public Folder
Using the Exchange System Manager you can alter the store attributes of a public folder. You are able to place disk space restrictions that send warning messages when users near the storage limits and also prohibit users from adding items that will put them over the storage limit. You can also define maximum item size, which will disallow the storage of objects in a public folder if the objects are larger than the designated size.

Configuring Multiple Public Folder Trees
A public folder tree is a hierarchical grouping of Public folder trees are created in the Exchange System Manager. There are two types of public folder trees, MAPI and general purpose. MAPI trees are used to interface with messaging programs like Microsoft outlook. There is a limit of one MAPI public folder tree per store. General-purpose trees are not MAPI compatible and cannot be viewed with MAPI applications. Unlike MAPI public folder trees, there can be multiple generalpurpose trees in a store.

Configuring and Managing System Folders
All public stores contain folders that are not visible in the hierarchy. These folders can be viewed through the Exchange System Manager. These are important system folders viewable in the Exchange System Manager:

• Schema: contains the list of properties for objects contained in the public store.

• Events Root: contains subfolders that hold scripts for the Event service.

• StoreEvents: contains internal and external event links for a specific server There are also containers that are viewable through the Exchange System Manager:

• Schedule+ Free/Busy: has a subfolder for each administrative group for Schedule+ Free/Busy information, which allows users to view availability status of other users in Outlook.

• EForms Registry: holds forms published through the Organizational Forms Library.

• Offline Address Book: holds folders that contain offline address books, which can be downloaded by clients.

The default setting is that only the first server installed in an administrative group will contain the Schedule+ Free/Busy and the Offline address book containers. Public folders can be replicated between servers.

Managing Recipient Objects
Configuring a User Object for Messaging
Configuring a User Object for E-mail
The extended Active Directory schema installed with Exchange 2000 allows you to manage and create user e-mail accounts through Active Directory Users and Computers. If the Microsoft Exchange System Management Tools are installed when a new user is created in the Users and Computers console you are asked if you would like to create a mailbox for the new user. Creating a mailbox in this way allows the user to immediately participate in the Exchange organization. You can later return and add mailboxes for users who do not already have them.

Configuring a User Object for Instant Messaging
Any user that will use Instant Messaging must have permissions to do so. Permissions may be granted through the Active Directory Users and Computers console. When assigning permissions, you must designate which Instant Messaging virtual or home server and the domain name that you wish the user to use.

Configuring a User Object for Chat
Chat service is not installed by default. Therefore if you plan to use chat you should designate the setup program to install it when you are building the server. If you are going to implement chat after the server is already running you can run the setup program again to install chat service. It is possible to manage chat services through the Active Directory Users and Computers console.

Diagnosing and Resolving Problems Involving Store Placement
Security Exchange 2000 information stores are protected with Windows 2000 security, which uses Active Directory information to grant and deny access to resources. Information stores are the most secure when they exist in a back-end server in a FE/BE configuration. In this configuration, information stores benefit from two levels of security, the initial FE login security and the FE/BE interface.

Performance When dealing with large groups of users, performance considerations are very important.

Information store placement can contribute to, as well as hinder, performance. Performance will be impacted if the transaction logs for a mailbox store are on the same physical drive as the mailbox store. The transaction log update operation and the mailbox store update operation will have to share the disk access resources for the physical disk. This slows down both processes, especially if there are a large number of changes to the mailbox store over a given period of time. Similarly, if several public stores that are accessed frequently by many users exist on the same physical disk, performance problems could arise because of access sharing.

Disaster Recovery Disaster recovery is a very important consideration when placing information stores. If all the stores for an organization are on the same server and that server fails, the network may be out of service for a long time. It is important to spread information stores widely to keep any one server from becoming too important. It is also important to perform regular backups to ensure that if a disaster does occur, your network will be down for the shortest period of time. Information disaster recoveries also benefit from fault tolerant drives, such as RAID arrays and mirrored volumes. These hardware/software solutions may be able to limit network downtime considerably.

Creating and Managing Address Lists
Exchange 2000 groups are created through the Active Directory Users and Computers console.

Groups are receptacles that contain other objects, like users and contacts. There are two types of groups, security and distribution.

Distribution Groups
A Distribution group is a mechanism for grouping e-mail recipients. Distribution groups cannot have permissions applied to them.

Security Groups
Security groups are groups of Windows 2000 users that can be assigned permissions in Active Directory to access resources. Security groups can also function as distribution groups if they have been mail enabled.

Recipient Update Service
Recipient Update Service is the mechanism that Exchange 2000 uses to propagate changes to user information throughout the network. The changes include attributes like group membership and email address. The service uses the membership lists contained on a Windows 2000 domain controller to generate its updates so it is vital that the service be able to communicate with the domain controller. The Exchange System Manager is used to configure the Recipient Update Service. The service can be set to “Always Run”, which means that any changes that are made to user accounts are immediately replicated to other servers or it can be set to run on a user defined schedule. There must be a Recipient Update Service assigned to each domain.

 
Monitoring and Managing Messaging Connectivity
Managing Exchange 2000 Server Messaging Connectivity
Multiple Virtual Servers
The initial Exchange 2000 setup configures all servers to use one SMTP virtual server to communicate with other servers in the routing group. This virtual server is also capable of supporting Internet mail users. One virtual server is usually adequate for most implementations of Exchange 2000. There are circumstances where multiple virtual servers are appropriate, such as if an administrator wants the ability to manage message sizes and settings separately.

Message Relay
Message Relay is the process by which a remote SMTP forwards messages through another SMTP host, using that host’s network resources to relay the messages. Message Relay is commonly used by Internet advertisers to relay unsolicited advertising messages. Exchange 2000 server can be configured to allow message relay from certain servers or to disable message relay completely.

Filter Management
Filters may be used to prevent the receipt of unsolicited advertising e-mail messages from specific sources. Filters are created in the Filtering tab of the Exchange System Manager. Wildcards can be used in the creation of filters and can thwart many typical methods of circumventing filters. Filtered messages can be archived for review later to ensure that only valid messages were ignored.

Message Delivery Options
Filters may be used to prevent the receipt of unsolicited advertising e-mail messages from specific sources. Filters are created in the Filtering tab of the Exchange System Manager. Wildcards can be used in the creation of filters and can thwart many typical methods of circumventing filters. Filtered messages can be archived for review later to ensure that only valid messages were ignored.

Managing Connectivity to Foreign Mail Systems
Exchange 2000 server has the ability to connect to a variety of foreign hosts. The most internally supported of which is MS Mail, a legacy Microsoft mail system. Connection to an MS mail system is achieved through the MS Mail connector, which is installed through the Exchange 2000 server setup program. The SMTP transport engine is used to transfer messages from Exchange 2000 systems to foreign hosts. The transfer engine collaborates with the Mail Transfer Agent (MTA) to handle the foreign host message transfer. When transferring messages to MS Mail systems, the MS Mail connector receives messages from the MTA. The connector converts the messages to MS Mail format and then sends them to the appropriate destination post offices.

Internet Messaging Connectivity
X.400
Exchange 2000 server supports connections to X.400 foreign systems through the use of the Microsoft Exchange Message Transfer Agent (MTA). An Exchange 2000 server uses an X.400 connector to connect to a X.400 foreign system. To use the X.400 connector, you must install an MTA Transport Stack and configure the X.400 connector to properly connect the foreign system.

The X.400 connector very efficiently transmits messages over networks, which makes it a good choice for networks with limited bandwidth.

SMTP
SMTP connectors are used to connect to other Exchange 2000 servers, Exchange 5.5 servers, and remote Internet hosts. The SMTP connector supports SSL message encryption. Either side in a SMTP connector relationship can queue messages to be sent at once in order to efficiently use bandwidth.

Diagnosing and Resolving Routing Problems
A multiple routing group organizational model should be used when portions of a network are separated geographically. Wide Area Networks (WAN) generally fall into this category. WANs typically have high cost communications links that have limited bandwidth. Constant SMTP server traffic across these communications links is not desirable. The typical problem with routing groups is performance across WAN links generated by excessive traffic from various sources.

Replication of resources that are accessed over WAN links is a useful way to reduce WAN traffic.

Replication between routing groups is possible, but be aware that replication requires network resource overhead. Replication of large amounts of data between routing groups can greatly decrease network performance if the replication is performed at times of peak network usage.

Replication schedules can be set to replicate data at off-peak times.

Messaging connectors can also prevent inefficient use of bandwidth. Servers can queue messages that must travel between routing groups and transmit them when connection costs are lower or during off-peak times. Routing group connectors can also be configured to use alternate delivery schedules for messages that are overly large.

Diagnosing and Resolving Problems Reported by Non-Delivery Report Messages (NDR)
A NDR is generated whenever the transport of a message cannot be completed. There can be several reasons for this. When diagnosing the cause of an NDR it is useful to first determine what the sender was attempting to do with the message. If the recipient is incorrect then a NDR will be generated and delivered to the sender. An improperly configured routing group connector object could also cause a NDR to be generated.

Managing Messaging Queues for Multiple Protocols
The paths that messages take through an organization can be tracked to determine where problems are and how these problems should be fixed. The Message Tracking Center is the tool used for this purpose. Message tracking is disabled by default. Message tracking allows an administrator to locate the specific queues that a message is in, quantify delays on each segment of a route, and verify successful message delivery.

SMTP Queues
Each SMTP virtual server allows an administrator to access connector and system queues. If a message is blocking the successful delivery of other messages in a particular queue, the message may be deleted. Messages can also be frozen, which prevents a message from being delivered until unfrozen. Notifications may also be configured for SMTP queues. If the number of messages or the growth of the number of messages in a queue rises above a designated threshold the system can notify a specified user or administrator.

X.400 Queues
X.400 queues can be monitored in much the same way as SMTP queues. For X.400 messages to be monitored the MTA Stacks service must be running. Like SMTP servers, messages can be deleted or frozen from queues.

Monitoring Link Status
Monitoring Messages between Exchange 2000 Server Computers
An administrator can use the System Monitor to regularly check and determine the status of specified resources on a server. If a resource is available and operating below a defined threshold the system is designated as active, but if a resource violates criteria by being either unavailable or problematic the system enters a critical or warning state. If a server enters the critical state, the link status information (LSI) on that server is updated and the status of the server is propagated to other servers on the network.

The following items are monitored by default and if any stop functioning the server enters a critical state:
• Microsoft Exchange Information Store
• World Wide Web Publishing Services
• Microsoft Exchange System Attendant
• Microsoft Exchange Routing Engine
• SMTP
• Microsoft Exchange Information Stacks
• Microsoft Exchange MTS Stacks 

These are the services monitored by default but administrators can designate that other services be monitored as well. The System Monitor is also capable of monitoring system resources, such as disk space and CPU usage. The Exchange System Monitor can be configured to notify a user via e-mail if the system enters a critical state.

Configuring and Monitoring Client Connectivity
Microsoft Outlook
Outlook is the preferred messaging client for Exchange 2000 server. Outlook 2000 is bundled with Microsoft Office but it is also available separately. The Exchange server transport is a MAPI component that Outlook uses to communicate with an Exchange 2000 server. The Exchange server transport uses Remote Procedure Calls to communicate between the client and the server. You can test server connectivity and setting accuracy by clicking Check name in the General property sheet of the Exchange server dialog box.

  Outlook Web Access (OWA)
OWA is capable of operating on any web browser that supports Java and frames. Any client that has a browser that meets these criteria can access their messages on an OWA server. OWA requires a HTTP virtual server and accesses resources on remote servers through the use of HTTP virtual directories. OWA is usually set up in a FE/BE configuration to prevent damage to internal resources by unauthorized Internet users.

Post Office Protocol 3 (POP3)
POP3 is a protocol that defines commands that enable clients to download messages. POP3 commands consist of keywords that can be followed by arguments if necessary. POP3 will only allow a user to download messages from a server-based inbox. After the messages are downloaded, they are typically removed from the server. POP3 clients require a POP3 virtual server, but utilize SMTP to send messages and therefore require a SMTP server as well. POP3 clients are unable to utilize Windows authentication.

Internet Mail Access Protocol Version 4 (IMAP4)
Unlike POP3 an IMAP4 client is not restricted to the server-based inbox, but allows a user to access different server-based mailboxes. With IMAP4 it is possible to perform all message processing on the server. Like POP3, it is also possible to download messages and perform all message manipulation on a local workstation. Outlook Express is an IMAP4 client.

Public Folder Connectivity
Configuring and Monitoring Public Folder Replication
There are times when it is advantageous to have instances of public folder information in several locations. Replicated folders can add an element of fault-tolerance and may decrease network traffic between servers. Exchange 2000 server uses the Public Folder Replication Agent (PFRA) to replicate public folder information over existing network links. One disadvantage to folder replication is that it utilizes network resources to transport information between servers and may negatively impact performance.

Replication is configured using the Exchange System Manager. Replication is achieved by e-mail messages sent between servers. E-mail messages are always used no matter the link between the servers. This allows an administrator to create a replica anywhere in the Exchange organization. An administrator can designate the replication interval, age limits, and the maximum message size for replication.

Diagnosing and Resolving Public Folder Replication Problems
Most replication problems are resolved by the PFRA itself. There are a few problems that require direct intervention. Many replication problems stem from replication latency. Latency is the lag time between when the original object was changed and when it was replicated. Latency can result in out of date information in public folders that have not had information replicated to them in a timely manner.

Another common problem is replication conflict. Replication conflict occurs when the same item is altered in two different locations at the same time and the PFRA cannot decide which should take precedence in replication. When conflict occurs the owners of the public folders are notified by a conflict message generated by the PFRA. An administrator will have to decide which version of the item is to be kept.

Managing Exchange 2000 Server Growth
Monitoring Public Folder Usage
An administrator can set several limits on a public folder to regulate its growth. These limits include:
• Maximum size: a maximum size can be established as well as a size threshold that will trigger a notification that the user is nearing the size limit.
• Age Limits: an administrator can designate the length of time that files are retained in public folders. This will ensure that out-of-date items are not kept.

By using the public folders object, a user can obtain the status of a public folder including total disk space used, last access time, and number of items in the folder.

Managing Growth of User Population and Message Traffic
Exchange 2000 server gives an administrator concerned with diminishing resources caused by user growth several tools to monitor that growth. The System Monitor is a very valuable tool that allows an administrator to see how well the current hardware configuration serves the users. The Active Directory Users and Computers snap-in allows an administrator to manage the user accounts in the Exchange organization.

The Computer Management utility allows an administrator to control all services currently operating on local and remote servers. The Computer Management utility also allows the administrator access to several different system management utilities like Disk Management, Event Viewer, and System Information.

The Performance utility allows an administrator to monitor the system in much the same way as the Computer Management utility, however the Performance utility also gives access to the System Monitor.

Managing Recipient and Server Policies.
Policies are an excellent way of managing changes to large groups of user accounts. Policies allow an administrator to establish and change default values associated with existing and new user accounts. Policies can be applied to single users or to entire groups of users. Policies are developed and added in the Exchange System Manager.

Diagnosing and Resolving Problems Involving Recipient and Server Policies
Policies apply to the objects to which they are explicitly assigned. Policies may also propagate from parent to child objects. If policy inheritance is blocked or the policy has not been assigned to an object then the policy will not apply. There are areas to check when diagnosing policy problems.

Another concern is the situation where policies have conflicting settings. The policy defined at the lowest level will supercede all other policies.

Optimizing Public Folder and Mailbox Searching
Searching folder items is accomplished through the use of the Microsoft Search utility, which is installed with Windows 2000. Microsoft Search both indexes and searches the items in a store.

Full-text indexing catalogs significant words in documents, messages, and attachments to support comprehensive word searches. Full-text indexing allows the index to be searched and not the actual message, which increases efficiency.

Configuring a Public Folder for Full-Text Indexing
Full-text indexing is a feature that allows the IMAP4 compatible clients to keyword searches of messages. Full-text indexing can be enabled on a store-by-store basis. To create a full-text index for a store right-click the store and select Create Full-Text index from the shortcut menu, then designate the default directory. Once the catalog is created you must set it to begin population again by right clicking. As indexed documents change, their index becomes more and more out of date, so periodically the index must be updated. It is possible to set the interval between updates or to designate a custom update schedule to minimize impact on server resources. Updating a full-text index can be both time and resource intensive and, if possible, should be scheduled for off-peak server hours to minimize the impact on the mail system.

Restoring System Functionality and User Data
Applying a Backup and Restoration Plan
When designing a backup and restoration plan an administrator should take into account the goals they wish to achieve. A balance must be struck between the conflicting needs of the organization, speed and reliability.

Backing up an Exchange 2000 server is not particularly difficult, but great care should be taken to maintain the integrity of backup data. You select the items that you wish to backup, such as information stores or security databases, and the method that you want to use, online or offline, full, incremental, or differential. Exchange 2000 server should be installed on a domain controller to easily backup the configuration of the server with Active directory information included. There should be regularly scheduled backups performed on all servers to ensure that any failed server can be restored quickly, with the most current data available.

Restoring User and System State Data
Since the Exchange databases do not contain configuration information, it is not adequate to only perform database backups if the entire server is to be restored. Active Directory information, the IIS metabase, and registry information need to be backed up as well to ensure the successful recovery of a failed server. If the Exchange 2000 server is a domain controller this data can be backed up by checking the System State checkbox of the Windows 2000 Backup utility.

Recovering Deleted Mailboxes
An accidentally deleted mailbox can be restored through the Exchange System Manager. The deleted mailboxes are not initially deleted, but marked as disconnected. There is a default time period of 30 days before the Exchange 2000 Server Cleanup Agent will purge the mailbox. After that point, the mailbox must be recovered from a backup. If has been less than 30 days, the deleted mailbox can be reconnected to any user account through the Exchange System Manager.

Recovering Deleted Items
It is possible for Exchange 2000 to retain items deleted by users after they have been deleted, without the need to restore from a backup. If the items are found to have been deleted by mistake, they can be recovered as long as the item is still in the store. The administrator can set the interval that the system will retain deleted objects to ensure that there is enough time to reconsider the deletion. This interval is set in the Limits tab of the store.

To recover a deleted item, select Recover Deleted Items from the Tools menu. This will bring up the Recover Deleted Items From window. You can select the objects that you wish to recover in this window. Clicking the Recover Selected Items button in the toolbar then restores items to the Deleted Items folder where the items can be manipulated as if the Wastebasket had not been emptied.

Configuring a Server for Disaster Recovery
Circular logging
A server may be configured to delete a transaction log file and its associated entry once the transactions have been committed to the database. This is called circular logging. Circular logging is useful when disk space is at a premium as it prevents duplicate disk space usage, but it does reduce the fault tolerance of the information contained in the database. Circular logging is not compatible with certain types of backup options that require transaction log files to perform restoration.

Backup
Offline Backups Offline backups are standard file backups of the Exchange server system files and directories. The Offline backup can only be performed when services are stopped and the server is offline. Offline backups can include several items that other backups cannot. Offline backups can include the program files of the server, the message queues of the MTA connectors, or the MS Mail Dirsync database. Offline backups are not aware of mailbox databases and do not purge transaction log files.

Since the server must be offline while the offline backup is taking place, it is only undertaken occasionally, after upgrades or large changes in structure.

Online Backups Unlike offline backups, online backups do not require that the server services be stopped while the backup is running. Online backups are aware of mailbox databases and in some cases they do purge transaction log files. Online backups can be much faster than offline databases because they do not include the server’s program files. There are four types of online backups:

• Copy: copies files and transaction logs but does not purge files from the system. Copy backups are generally used whenever minor configuration settings are changed.

• Full: backs up entire information store, both databases and transaction log entries. Transaction logs already committed to the database are purged. The full backup allows the entire server to be restored from one database but require more storage space than any other backup.

• Incremental: saves new transaction files and purges them after backup. The incremental backup does not save any database files, only the transaction logs that have been created since the last full or incremental backup. Circular logging will not work with Incremental backups.

• Differential: like the incremental backup, the differential backup saves only transaction files. The differential backup saves transaction files created since the last full backup and does not purge the transaction log files. Circular logging will not work with differential backups.

Restoration
Restoring to the Same Server Restoring backed up databases to their original location does not require the server to be offline unless the Key Management System (KMS) or Site Replication Service (SRS) databases are being restored. The database that will be restored must be dismounted before the restoration. Other databases may remain mounted and functioning during restoration.

Restoring with Incremental or Differential Backups When using differential or incremental backups to restore, you must first restore the last full database backup. If you are using a Differential backup to restore information you should restore the differential backup after restoring the last full backup. If you are using the incremental backup you should restore the last full backup and then all incremental backups made after the full backup starting with the oldest and moving to the most recent. When you reach the last backup that you plan to restore step in your restoration process you should check the Last Restore Set check box. If this is not done, the databases cannot be mounted.

Restoring to a Different Server When restoring the backups of an Exchange 2000 server to a different computer you should be aware of potential problems that might arise because of differing hardware between the old system and the new. The steps for restoration are as follows: 

1. Install the same version of the Windows 2000 operating system in exactly the same way that it was on the previous computer and reapply all service packs. Designate the same system directories and drives as they existed on the old server.

2. Restore all system state and file backups.

3. Run the Exchange 2000 server setup program with /disasterrecovery.

4. Restore all backups of Exchange server information, beginning with the most recent full backup.

Diagnosing and Resolving Security Problems Involving User Keys
When diagnosing problems regarding user keys, first check to ensure that both parties involved have advanced security enabled. Encrypted messages can only be exchanged with users who have this enabled.

Problems with user keys normally involve a user losing their encryption password, which renders their encrypted messages unreadable. In these instances, you can use the KMS object in the System Manager to recover the account. The user must then be provided with a new token and re-enrolled into the KMS.