This week I've had to refresh my memory with something I've not done in a long time. I had to recover a mailbox store for an urgent mailbox restore, but in this case the server that was the home of the mailbox at the date they wanted had been decommissioned long ago. This presents a problem with a) the recovery storage group, as the 'add database to recover' dialog will not show the store, and b) backup exec, which wants to log on to the old server for some reason! This is how it was done (our servers are all Exchange 2003 SP2 (native mode) and backup exec is 11d).
Also for a quick sanity check before kicking off the restore I had checked the database tab on all the stores, just to check 'this database can be overwritten by a restore' was not checked.
For an older Exchange restore (Exchange 5.5) you would need a temporary server to rebuild to replicate your old 5.5 environment.
Starting up
1. Recall the tape!
2. Inventory the drive and catalog the tape. Note the mailbox store name that contains your target mailbox.
3. On the server you are using for recovery, create the recovery storage group (this can have any name, just ensure there is enough disk space for the database files where you create it)
4. Say for example the store you need to recover is called “Mailbox Store 1 (SVHEXBETEMP01)”. Obviously when you right click on the RSG and select “add database to recover”, this database will not be in the list. To get around this, you have to create a new mailbox store that has this name. You can do this on any server in your org. The name has to match exactly with the store you are recovering.
5. Now right click on the RSG and select ‘add database to recover’ and add the new store.
6. Go back to Backup Exec. Click Restore - new restore job (not by wizard)
7. Change beginning backup date as required.
8. View by resource, and drill down to the required store
9. Under Microsoft Exchange Redirection, check ‘Redirect Exchange sets’. Enter the server name to redirect to
10. Under Microsoft Exchange, select ‘Restore all transaction logs until point-in-time; skip transaction logs after this time’
11. Change path for storage of temporary files to a volume that has plenty of free space.
12. Uncheck mount database after restore.
13. Run now!
Restoring the mailbox
1. If the mailbox you are restoring still exists in your org, migrate the mailbox to your new store (e.g. “Mailbox Store 1 (SVHEXBETEMP01)”)
2. If they mailbox does not exist, create one with the same name in this store.
3. In the RSG, right click on the target mailbox and use the recovery option. Select the target (you probably will not be able top modify this option)
4. Copy option is safer than Merge.
5. Now you can use ExMerge to extract the PST, or just tell the user their data has been recovered.
Cleaning up
1. Migrate the user back to their original location.
2. Delete the temporary mailbox store.
3. Delete the recovered mailbox store and recovery storage group.
4. Delete the database files from disk.
Question: What happens when a user sends a 1Mb e-mail to 2000 external recipients, and also requests delivery receipts?
Answer: MailSweeper delivery service will die and mail will start to queue on your server. Messages will build up in the 'domains' folders and in 'holding' as your the policy server becomes unable to deliver any more mail.
This happened to me today. It was noticed early as I use an spool watching utility (free on JMC's mswtools.org) which uses blat to send alerts when the number of files in the MSW spool directories go over certain thresholds.
According to the ClearSwift engineer I spoke to, the problem is to do with the way the delivery service can only handle 50 threads at a time. One would imagine a policy server would cope with 2000 messages being dumped on it but apparently this will just keel it over. Multiple reboots did seem to give enough short bursts to clear the 'domains' queues apart from one internal domain containing around 800 delivery receipts and 100 business e-mails. The problem was, on most of these delivery receipts and delivery failures the original message was attached, and the queue was standing at around 900Mb. This would not clear and forcing a retry seemed to make the processing just freeze up. Unfortunately MailSweeper lacks controls on this part of the homepage to delete items in the delivery queue, so to purge all of the delivery receipts I had to delete the corresponding files in the file system on the PS. The problem to overcome then is, how do you make sure you only delete the delivery receipts when the folder is full of randomly named RCP files? I used the following commands within that domain folder to achieve this:
findstr /S /M "Message relayed" *.RCP > output.txt
FOR /F %I IN (output.txt) DO del %I
Tomorrow I'll be implementing a much lower limit on the number of recipients per message that can be sent through Exchange, and of course suggesting a better method of delivering this PDF in the future. I'm thinking Morse code ...
Edit: Just found the default in Exchange 2003 is a maximum of 64000 recipients per message!
Technorati Tags: MailSweeper, MIMESweeper
Any time you make a MIMESweeper policy change, the MSW services on the Policy Servers (PS) will stop and start. Sometimes, when saving changes to the policy you may find the security service on a PS goes into 'Stopping' and gets stuck there. And unless you babysit your MailSweeper system or permanently have a copy of the System Health page open, this might go unnoticed for a while and you can end up with big queues of messages and angry users.
System Health will show you the server with the problem. Rebooting your PS fixes it in the short term, but it will happen again unless the cause of the problem is fixed.
The failure is due to corrupt messages in the analysis queue. When your system is healthy, on the Message Center page under Message Queues - "Waiting for analysis (Analysis)" should normally be zero. During very busy periods or if your PS is struggling it may vary between 1-5 but generally you should not have anything queued for analysis. If you ALWAYS have 1 message queued here then this is telling you the Security Service is unable to process a message in this queue. Using the MSW Manager stop the Receiver Service and Security Service on your PS and remote on to it. Find the queue in your file system (E:\Program Files\Clearswift\MIMEsweeper for SMTP\Mail\Queues\Content Analysis\Normal), in there you can normally see the .RCP and .MSG pair causing the problem - it should be the oldest files in the folder. Try and open the .MSG file, you should see header information and other stuff, but if you just see garbage and symbols then you have a corrupt message on your hands. Removing the message pair from this folder and starting the services again will fix your problem.
"Tooms" - a longstanding member of the Clearswift MimeSweeper forums, has published a comprehensive guide for integrating SpamAssassin with MimeSweeper for SMTP (version 5 upwards). This gives you such benefits as:
- Plugins such as DCC, Pyzor, Razor, Fuzzy OCR
- Award winning anti-spam engine
- Well documented, many forums for support
- Open Source (and free)
I would recommend a beefy server for this though, SpamAssassin is known for being somewhat greedy with system resources.
The guide is on Tooms's homepage - here.
ActiveSync certificate problems are well known to the Windows Mobile community. If you have certificate problems on Windows mobile 2003, you could disable certificate checking using disablecertchk.exe, but this does not work on WM5 and you have to export the certificate and install it on the device to get around the 0x80072F0D problem:
If you are the Exchange administrator for your domain and you have several hundred devices to configure, instead of visiting each device to install the certificate, you could prevent this problem by installing a certificate on the OMA-ActiveSync website that is already in the root store.
This can be found in Start > Settings > Certificates:
Installing a certificate from any of the vendors in this list will avoid the problem described above. They may cost you 20 bucks $150 more than your normal provider, but it could be worth the money if it saves you hours of hassle and extra work.
Technorati Tags: Windows Mobile, Certificates, 0x80072F0D, WM5, disablecertchk
ExMerge is probably one of the exchange administrators most used tools, but is a pain to use if you are working with large mailboxes, as it uses Outlook 2000 PST files which corrupt when they reach 2Gb. ExMerge also does not work with Outlook 2003 PST's ... I'm sure (and really hope ) this will be addressed in Exchange 2007.
So, if you find yourself in a situation where you want to move the contents of a 10Gb mailbox to a another mailbox, and you don't have any tools such as Mail Attender for Exchange that can do it for you, you have to run ExMerge several times using date ranges to ensure the PST's don't exceed the 2Gb limit.
In my particular situation, I have a folder in a mailbox containing 300,000 items that I want to move to a journal mailbox to be picked up by a mail archiving system. I can't move them across manually using Outlook, because it fails when you drag and drop more than 2000 items, and trying to navigate around such a massive mailbox anyway is too slow to mention.
One of the vb experts here helped me write a macro to complete this task. It can be run from the Visual Basic Editor in Outlook. To run it use Tools - Macros - Visual Basic Editor, and click Yes to enable macros. Modify the code below so that Mailbox 1 and Mailbox 2 match the names of the mailboxes you are working on. Mailbox 1 is the source mailbox, and Mailbox 2 is the destination. You must then open both of these mailboxes in your Oulook profile before you start the macro.
Sub move_messages
()
Dim objExch2003 As Outlook.MAPIFolder, objErrors As Outlook.MAPIFolder, objInbox As Outlook.MAPIFolder, objJournal As Outlook.MAPIFolder, objJournalInbox As Outlook.MAPIFolder
Dim objNS As Outlook.NameSpace, intcount As Integer, i As Integer, objMailItem As Object
Set objNS = Application.GetNamespace("MAPI")
Set objExch2003 = objNS.Folders("Mailbox - Mailbox 1")
Set objJournal = objNS.Folders("Mailbox - Mailbox 2")
Set objInbox = objExch2003.Folders("Inbox")
Set objJournalInbox = objJournal.Folders("Inbox")
Set objErrors = objInbox.Folders("Errors")
Do While objErrors.Items.Count > 0
For i = 100 To 1 Step -1
Set objMailItem = objErrors.Items(i)
objMailItem.Move objJournalInbox
Next
Loop
End Sub
After you start it your Outlook will appear to crash - this is normal and it is really working in the background. You can use ESM to watch the number of items decrease in Mailbox 1 and increase in Mailbox 2.
Technorati Tags: Outlook 2003, PST, Macros, ExMerge, Exchange 2003, Exchange Administration
MIMESweeper for SMTP (5.2) can be configured to only accept a message at your mail gateway if the e-mail address exists in your organisation. This is done by creating an LDAP address list and ensuring all mail enabled objects in your Active Directory are added to the list. Then in your MIMESweeper policy, you can configure the list as a Relay Target in the Anti-Relay settings so that mail from external hosts will only be delivered if the recipient is a member of the list. Depending on your mail throughput, implementing this could relieve a lot of the load on your Exchange system and MIMESweeper quarantine areas by cutting out all the junk mails associated with directory harvesting attacks, and all the NDR's which bounce back because the original recipient doesn't exist.
The caveat that prevented us from implementing this in my last company was we had an oversize public folder structure with thousands of mail enabled public folders, a lot of which had additional SMTP addresses. How to you create the LDAP query to add all of these to the LDAP address list? Here is the solution. If you select the View | "Advanced Features" option in Active Directory Users and Computers, you will see the Microsoft Exchange System Objects OU appears. This OU is dynamically updated and contains all Public Folders. In your MIMESweeper Address List, you can simply add a search criteria pointing to this folder, like so:
Full DN: cn=microsoft exchange system objects,dc=xxx,dc=yourdomain,dc=com
Class: objectclass=*
Attributes: mail,proxyAddresses
Technorati Tags: MIMESweeper, MailSweeper, LDAP, Spam, Microsoft Exchange, Exchange Admin
Recent Comments