June 7th, 2007 11:08am
Dmitri Daiter
In AD 2008, Microsoft finally introduces the ability to set up a password policy for something smaller than a domain. If you think that something smaller than a domain is an OU, you’ve guessed wrong. It’s a Global Group. For sure, that’s is going to confuse lots of people but, if you think about it, it kind of makes sense. In fact, the current mechanism of setting up password policy through GPO interface doesn’t make much sense. Password policy has nothing to do with GPO. It’s a set of a domain object attributes in AD.
Entry Filed under: AD
October 17th, 2006 05:25pm
Dmitri Daiter
I have already described how it can be done using rpcdump tool. The problem with that method however is that an average Exchange server has about 200 RPC interfaces, so the rpcdump output is going to be quite big. That is why we created a new tool called mapirpc. It only shows Exchange IS RPC interfaces. The tool can be downloaded here. The second tool there is called zpoltestdc. It does the same tests that MS policytest, except it tests the DC specified in the command line. The link requires a free registration but it is quite harmless.
Entry Filed under: Exchange
September 18th, 2006 05:12pm
Dmitri Daiter
There are a couple of pretty interesting webinars currently in the works:
1. How to Simplify Exchange Troubleshooting – An In-Depth Look at Tools. I’d recommend this one to anybody who works with Exchange
2. IT Operations: The Next 5 Years. This one will be useful to anybody who is trying to make a career in IT.
Entry Filed under: Zenprise
July 17th, 2006 05:34pm
Dmitri Daiter
Microsoft would’ve made my job a lot easier if they had documented heuristics attribute. It contains a lot of interesting system information about an Exchange server object for any software that can read from Active Directory. Unfortunately, all the information there is presented in bits and all the documentation… is not presented at all. I take that back. You can find this:
Contains special connector attributes, such as “allow system messages”.
OK, that helps… Also, you can find this:
| Bit |
Value |
Significance |
| 0 |
0 |
Replication of attribute between sites |
| |
1 |
No replication of attribute between sites |
| 1 |
0 |
Not accessible by anonymous clients through LDAP |
| |
1 |
Accessible to both anonymous and authenticated LDAP clients |
2 |
0 |
Not accessible by authenticated clients through LDAP |
| |
1 |
Accessible to authenticated clients but not to anonymous clients |
| 3 |
0 |
Not an operational attribute |
| |
1 |
An operational attribute |
| 4 |
0 |
Not visible through the Administrator program, on the Attributes tab of the DS Site Configuration object (property page can be used to configure the non-operational attributes of the site) |
| |
1 |
Visible through the Administrator program, on the Attributes tab of the DS Site Configuration object |
Not a lot. Especially, if you remember that the second piece is actually about Exchange 5.5.
During the last several month we also found a couple of things about heuristics information:
- Bit 11 (2048) is set to 1 if the Exchange server is a cluster EVS.
- Bit 29 (536870912) is set to 1 if RPC over HTTPS is enabled. This one is a courtesy of Bharat.
That’s it. If you know anything else on the topic, feel free to contact me.
Entry Filed under: Exchange
July 6th, 2006 03:54pm
Dmitri Daiter
Windows IT Pro has finally published the winners list:
Zenprise won in the Messaging category. “Zenprise provides a powerful automated email problem resolution solution that collects operational data from across the entire Exchange infrastructure. It constructs a baseline profile showing typical system activity and performance levels and automatically analyzes deviations from these baselines, matching the symptoms against possible causes. The product then provides a series of steps that the administrator can follow to resolve the problem,” said Otey.
Yes, we are that good.
Entry Filed under: Zenprise
June 23rd, 2006 11:58am
Dmitri Daiter
There is an interesting Exchange performance counter bug.
When a client connects to the secure POP3/IMAP4 port and doesn’t do an SSL handshake (for instance, if you just do telnet to the port), Perfmon does not register the connection, i.e. Connections Current counter does not change. But when that connection is dropped, Perfmon registers that event, i.e. Connections Current counter value decreases by one. That causes the counter to show incorrect (lower or ridiculously large if drops below 0) connections number.
At the same time, connections number limit is not affected. For instance, if the limit is set to 100 and the server has 100 connections, the next connection attempt will fail even if the Connections Current counter shows 98 (for instance).
How to reproduce the problem
On the Exchange server watch the following performance counter: MSExchangePOP3(1)\Connections Current.
Initial Connections Current = 0
- On a client machine, run telnet 110. Connections Current = 1.
- On a client machine, run telnet 995. Connections Current = 1.
- On a client machine, close the second telnet window. Connections Current = 0.
- On a client machine, close the first telnet window. Connections Current = 4294967295.
This test was performed on Windows 2003/Exchange 2003, but I’m pretty sure Exchange 2000 has the same bug. Also, I suspect it affects OWA.
Entry Filed under: Exchange
June 15th, 2006 05:49am
Dmitri Daiter
Yes. We got it in the Messaging category. I can’t believe just last year we were presenting our first Beta version here.
Entry Filed under: Zenprise
Previous Posts
