Love it? People love that thing? Good god, I would beat it with a stick if I could get a good solid view of it. I have to admit, it does deliver messages, when it works that is. That just isn't good enough for me. I seem to see Exchange more when it isn't working or is working half ass though I have finally seen some good running installs but it took a lot of work to get them that way, too much in my opinion.
Setting up Exchange to run in a large org (hundreds of thousands) is ridiculously complicated and needlessly over taxed with bad assumptions on what Exchange can and should do and how permissions should work. Anyone who says Exchange is great has not spent much time actually looking at the implementation of the whole ACLing implementation. I find I have no end of bad thoughts when I see more and more new features being dumped into the product when its core basic features are so flipping unstable and difficult to deal with. I think the product has the capability to be great, certainly better than most anything else out there, however it needs to start by bringing it into the light (and the developers) and show key critical people how it is really used and how painful it can be to troubleshoot what should be simple things to troubleshoot, like exactly what queries is DSACCESS choking on right now? What DLs are being expanded right now? Etc. Overall, it would seem that most people think it runs well because they don't know what to look for to see if it is indeed broke. Exchange has this ability to run ok even when multiple things are broken or misconfigured right up until you hit the point where it won't run and then it hits the floor hard and you are sitting there asking yourself, whats wrong and MS is asking for a memory dump. Unfortunately when it gets in this state, most people don't understand how it was supposed to be working, they just knew it worked before, so they have little understanding of what to look at to see why it isn't working. There are very few people, in my opinion, that can really sit down and look at Exchange and the AD Interactions of Exchange and understand what it is doing right and what it is doing wrong at any given moment. I am not one of them. I am slowly trying to become one of them but mostly just from a how is AD being abused side of it. I have no desire to understand mail routing, etc. Anyway, back to people not knowing what to look for to see if it is indeed broke. I just submitted a bug through multiple channels about the Directory Access Tab (and the backend WMI Exchange_DSAccessDC class) being entirely untrustworthy unless you just restarted the Microsoft Exchange Management Service. I posted it in a couple of the Exchange NNTP groups as well with full repro steps as that is what the SP2 CTP said to do. This is something Exchange admins around the world have been using since Exchange 2000 SP2. And it doesn't work right. The funny thing with this bug is nearly everyone (MS and non-MS) I asked about it said one of the following: 1. Yeah I never thought that thing was reporting properly. 2. This is a known issue. 3. This is really familiar to me, I think this is a known issue. 4. I saw this back in Exchange 2000. You mean it isn't fixed in Exchange 2003? I stumbled on this completely by accident in my home lab when testing a theory on how to force an Exchange server to fail its config DC to an out of site DC via IPSEC IP blocking when the insite DC was still responding, but in a piss poor way. I noticed that the failover was occurring because DSACCESS and the event log and a cache dialed down to 1 second turnover were all telling me it was happening not to mention queries going to the out of site DC showing it. But neither WMI nor the Directory Access tab ever reflected a change, even after 26 hours it didn't report a change. I then went off on that tangent to check it out because it quite frankly scared me knowing full well some people monitor their Exchange servers through the WMI interfaces and watch for changes in the dsaccess lists to determine there are DC issues. After a while I finally tied it down to the Exchange Management service and that restarting it, not the SA, would cause the list to immediately update. This meant it wasn't a DSACCESS issue, it was a data reporting issue. DSACCESS could have been completely on fire but the reporting mechanism would say everything was five by five. The reporting mechanism could tell you that DC1 was being used so you take down DC2 for work only to find you blew up Exchange because it was really using DC2... Not only does this bug suck, it is actually dangerous. I would rather have to guess what DCs are being used and know it was a guess than be told incorrectly but in an authoritative way what was being used. On the positive side, the bug I fought to get recognized as a bug back in 2003/2004 has finally been tackled and hopefully killed in SP2. Directory The DSAccess API has been changed to return a list of all servers in the topology with their home domain DNS names. This causes the DSProxy RFR service to return global catalogs only from the root directory of the mailbox of the client. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, August 26, 2005 2:18 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange issues again(ot) >> Sheesh, i'm getting to hate Exchange That's a very common feeling. Eventually people either come to love it or learn to live with it - ask Joe :-) Anyway, your question is broad, but let me briefly explain this: When you ran ForestPrep, you are just creating (empty) place-holders in the Schema for Exchange-specific objects and attributes. Things like ms-Exch-Information-Store, ms-Exch-IP-Address, like Org name, server name, Routing Groups, etc. You were putting the structure in place, so to speak. Now, that you are really installing Exchange, the install process needs to supply values for some of those "place-holders". We need to plug in the name of the Exchange server(s), the admin/routing group info, things like that. You follow? If you REALLY must know what's done when and where, the Exchange Server Technical Reference is a good (and informative) weekend-killer. You should be able to download it from the exchange site on microsoft.com/exchange Good luck. Now I have to bail. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Kern, Tom Sent: Fri 8/26/2005 10:56 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange issues again(ot) Can you tell me what setup needs to write to the schema? Isn't this kinda a bug or at the least a big annoyance that everytime you need to recover or install a new exchange server, you need connectivity to the schema master? What would a reinstall need to write, anyway? its already in AD. What the heck is it doing? whats the point of forestprep then? Sheesh, i'm getting to hate Exchange. Thanks, i'll see if your "hack" works and write back. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Fri 8/26/2005 1:09 PM To: ActiveDir@mail.activedir.org Cc: Subject: RE: [ActiveDir] Exchange issues again(ot) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
