RE: Exchange 2007 SCR replication logs infected with trojan

2010-08-18 Thread Liby Philip Mathew
Thanks to both Mike & Dan.  Will look into the suggestions.

From: Dan Cooper [mailto:d...@180amsterdam.com]
Sent: Wednesday, August 18, 2010 4:21 PM
To: MS-Exchange Admin Issues
Subject: RE: Exchange 2007 SCR replication logs infected with trojan

Maybe the SCR target event log was generating errors on 1 particular log 
precisely  because you have scanning enabled on the log files folder, the and 
the AV software was not allowing exchange to process the file correctly...maybe.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: woensdag 18 augustus 2010 14:42
To: MS-Exchange Admin Issues
Subject: RE: Exchange 2007 SCR replication logs infected with trojan

The long and the short of it is - you can't. You also can't be certain that, 
even now, the log is actually infected. It's very common for things like this 
to be false positives.

Generally speaking you want perimeter scanning (i.e., scanning of incoming and 
outgoing e-mail in your DMZ) and you want desktop scanning (to ensure that your 
e-mail submitters aren't submitting malware to Exchange). It used to be that we 
also would recommend store/transport level scanning; but that's no longer 
considered a best practice. The bigger an Exchange database gets, the more 
challenging that is to do performantly.

The real question to consider is this: ok, you have an email with a Trojan 
sitting in your mailbox database. That means it will exist in a at least two 
places - a log file and the database itself. If you have an CR technology, 
it'll also exist in another log file and database on the target machine.

What can that Trojan do? The answer is: nothing. Absolutely nothing.

If a user happens to activate the Trojan, it can conceivably impact the user's 
workstation. But the AV on the workstation should catch it.

If you want it gone from the store so that a user never has a chance to 
activate it - you have to do store level scanning. And that typically is an 
add-on package from an AV vendor.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Liby Philip Mathew [mailto:lmat...@path-solutions.com]
Sent: Wednesday, August 18, 2010 7:50 AM
To: MS-Exchange Admin Issues
Subject: RE: Exchange 2007 SCR replication logs infected with trojan

Thanks Mike,
My SCR target event log was generating errors on 1 particular log.  So I went 
to the source and scanned that particular log file with McAfee without 
cleaning/repairing option and it detected the Trojan.  I have followed the link 
long back and excluded the required files from scanning.  I'll go thru it once 
again.  But how can I make sure that the logs or DB's are not infected with 
Trojans or virus.
TIA
Liby

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, August 18, 2010 2:34 PM
To: MS-Exchange Admin Issues
Subject: RE: Exchange 2007 SCR replication logs infected with trojan

You should not be scanning the log files. Ever. Exclude that directory and 
remove all the log files from quarantine, restoring them to their original 
location.

See



and the articles linked from that article, especially



Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Liby Philip Mathew [mailto:lmat...@path-solutions.com]
Sent: Wednesday, August 18, 2010 6:24 AM
To: MS-Exchange Admin Issues
Subject: Exchange 2007 SCR replication logs infected with trojan

Hi,
I have a SCR replication log file infected with a Trojan which is not 
replicating to the SCR target.  McAfee identified it as a JS/Redirector.z on 
the source.  How can I get rid of this Trojan without deleting the log so that 
the SCR replication will continue?
How can I avoid future infection to the logs?
Regards
Liby


Disclaimer
[The information contained in this e-mail message and any attached files are 
confidential information and intended solely for the use of the individual or 
entity to whom they are addressed. This transmission may contain information 
that is privileged, confidential or exempt from disclosure under applicable 
law. If you have received this e-mail in error, please notify the sender 
immediately and delete all copies. If you are not the intended recipient, any 
disclosure, copying, distribution, or use of the information contained herein 
is STRICTLY PROHIBITED. Path Solutions accepts no responsibility for any 
errors, omissions, computer viruses and other defects.]


DISCLAIMER 18-8-2010 15:20:41

This communication is intended only for use by MS-Exchange Admin Issues. It may 
contain confidential or privileged information. If you receive this 
communication unintentionally, please inform us immediately. Thank you. 180  
has registered companies in the United States and in the Netherlands. 180 Los 
Angeles  LLC . (180)  1733

RE: Uninstall Exchange 2000

2010-08-18 Thread greg.sweers
Ah, nothing like having that one scratch you cant itch, and finally someone 
hands you a backscratcher for the ultimate..ahhh..  Congrats!

From: Steve Hart [mailto:sh...@wrightbg.com]
Sent: Wednesday, August 18, 2010 8:46 PM
To: MS-Exchange Admin Issues
Subject: RE: Uninstall Exchange 2000

SCORE!!

Thanks Ben, I've been struggling with this off and on for months and this 
finally did the trick.

Process Monitor wouldn't work on the particular patch level on Win 2K I had, 
but it led me to find an old copy of RegMon. That enabled me to pin down the 
key "HKLM\System\CurrentControlSet\Control\SecurePipeServers\WinReg" as the 
culprit. A little googling told me that SYSTEM typically has full control over 
that key and it didn't in my case. I added that permission, ran the uninstall 
and it completed perfectly. The server is no longer showing up in ESM on my 
workstation and our email is flowing perfectly.

A big public THANK YOU for your help, Michael's and everyone else's.

Steve Hart
Network Administrator
503.491.4343 -Direct | 503.492.8160 - Fax

From: Sean Martin [mailto:seanmarti...@gmail.com]
Sent: Wednesday, August 18, 2010 4:58 PM
To: MS-Exchange Admin Issues
Subject: Re: Uninstall Exchange 2000

Run it first on your Exch 2000 box before doing anything else. This will show 
you which processes are currently running and what you can filter from your 
capture when you do try the uninstall again. Makes it a lot easier to sift 
through the results.

- Sean
On Wed, Aug 18, 2010 at 3:29 PM, Steve Hart 
mailto:sh...@wrightbg.com>> wrote:
That's a new tool to me.  Thanks

I take it I should start it on the E2000 box, run the uninstall again and see 
what it flags?



Steve Hart

Network Administrator

503.491.4343 -Direct | 503.492.8160 - Fax


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Wednesday, August 18, 2010 4:23 PM
To: MS-Exchange Admin Issues
Subject: Re: Uninstall Exchange 2000
On Wed, Aug 18, 2010 at 7:10 PM, Steve Hart 
mailto:sh...@wrightbg.com>> wrote:
> I'm checking permissions on each of registry keys specified in KN
> 260378, trying to determine why my uninstall is failing.

 Get a hold of Process Monitor from Microsoft Sysinternals, and
filter on "ACCESS DENIED" and see what it's actually failing on.  (If
anything.  Over the years, I've noticed that Microsoft reports a lot
of things as "Access is denied" when it's something else entirely.
It's like that error is their catch-all or something.)

-- Ben




Re: Uninstall Exchange 2000

2010-08-18 Thread Ben Scott
On Wed, Aug 18, 2010 at 8:46 PM, Steve Hart  wrote:
> Thanks Ben, I’ve been struggling with this off and on for months and this
> finally did the trick.

  Sweet.  Glad to be of help!

-- Ben




RE: Uninstall Exchange 2000

2010-08-18 Thread Michael B. Smith
Congrats!

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Steve Hart [mailto:sh...@wrightbg.com]
Sent: Wednesday, August 18, 2010 8:46 PM
To: MS-Exchange Admin Issues
Subject: RE: Uninstall Exchange 2000

SCORE!!

Thanks Ben, I've been struggling with this off and on for months and this 
finally did the trick.

Process Monitor wouldn't work on the particular patch level on Win 2K I had, 
but it led me to find an old copy of RegMon. That enabled me to pin down the 
key "HKLM\System\CurrentControlSet\Control\SecurePipeServers\WinReg" as the 
culprit. A little googling told me that SYSTEM typically has full control over 
that key and it didn't in my case. I added that permission, ran the uninstall 
and it completed perfectly. The server is no longer showing up in ESM on my 
workstation and our email is flowing perfectly.

A big public THANK YOU for your help, Michael's and everyone else's.

Steve Hart
Network Administrator
503.491.4343 -Direct | 503.492.8160 - Fax

From: Sean Martin [mailto:seanmarti...@gmail.com]
Sent: Wednesday, August 18, 2010 4:58 PM
To: MS-Exchange Admin Issues
Subject: Re: Uninstall Exchange 2000

Run it first on your Exch 2000 box before doing anything else. This will show 
you which processes are currently running and what you can filter from your 
capture when you do try the uninstall again. Makes it a lot easier to sift 
through the results.

- Sean
On Wed, Aug 18, 2010 at 3:29 PM, Steve Hart 
mailto:sh...@wrightbg.com>> wrote:
That's a new tool to me.  Thanks

I take it I should start it on the E2000 box, run the uninstall again and see 
what it flags?



Steve Hart

Network Administrator

503.491.4343 -Direct | 503.492.8160 - Fax


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Wednesday, August 18, 2010 4:23 PM
To: MS-Exchange Admin Issues
Subject: Re: Uninstall Exchange 2000
On Wed, Aug 18, 2010 at 7:10 PM, Steve Hart 
mailto:sh...@wrightbg.com>> wrote:
> I'm checking permissions on each of registry keys specified in KN
> 260378, trying to determine why my uninstall is failing.

 Get a hold of Process Monitor from Microsoft Sysinternals, and
filter on "ACCESS DENIED" and see what it's actually failing on.  (If
anything.  Over the years, I've noticed that Microsoft reports a lot
of things as "Access is denied" when it's something else entirely.
It's like that error is their catch-all or something.)

-- Ben




RE: Uninstall Exchange 2000

2010-08-18 Thread Steve Hart
SCORE!!

Thanks Ben, I've been struggling with this off and on for months and this 
finally did the trick.

Process Monitor wouldn't work on the particular patch level on Win 2K I had, 
but it led me to find an old copy of RegMon. That enabled me to pin down the 
key "HKLM\System\CurrentControlSet\Control\SecurePipeServers\WinReg" as the 
culprit. A little googling told me that SYSTEM typically has full control over 
that key and it didn't in my case. I added that permission, ran the uninstall 
and it completed perfectly. The server is no longer showing up in ESM on my 
workstation and our email is flowing perfectly.

A big public THANK YOU for your help, Michael's and everyone else's.

Steve Hart
Network Administrator
503.491.4343 -Direct | 503.492.8160 - Fax

From: Sean Martin [mailto:seanmarti...@gmail.com]
Sent: Wednesday, August 18, 2010 4:58 PM
To: MS-Exchange Admin Issues
Subject: Re: Uninstall Exchange 2000

Run it first on your Exch 2000 box before doing anything else. This will show 
you which processes are currently running and what you can filter from your 
capture when you do try the uninstall again. Makes it a lot easier to sift 
through the results.

- Sean
On Wed, Aug 18, 2010 at 3:29 PM, Steve Hart 
mailto:sh...@wrightbg.com>> wrote:
That's a new tool to me.  Thanks

I take it I should start it on the E2000 box, run the uninstall again and see 
what it flags?



Steve Hart

Network Administrator

503.491.4343 -Direct | 503.492.8160 - Fax


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Wednesday, August 18, 2010 4:23 PM
To: MS-Exchange Admin Issues
Subject: Re: Uninstall Exchange 2000
On Wed, Aug 18, 2010 at 7:10 PM, Steve Hart 
mailto:sh...@wrightbg.com>> wrote:
> I'm checking permissions on each of registry keys specified in KN
> 260378, trying to determine why my uninstall is failing.

 Get a hold of Process Monitor from Microsoft Sysinternals, and
filter on "ACCESS DENIED" and see what it's actually failing on.  (If
anything.  Over the years, I've noticed that Microsoft reports a lot
of things as "Access is denied" when it's something else entirely.
It's like that error is their catch-all or something.)

-- Ben





Re: Uninstall Exchange 2000

2010-08-18 Thread Sean Martin
Run it first on your Exch 2000 box before doing anything else. This will
show you which processes are currently running and what you can filter from
your capture when you do try the uninstall again. Makes it a lot easier to
sift through the results.

- Sean

On Wed, Aug 18, 2010 at 3:29 PM, Steve Hart  wrote:

> That's a new tool to me.  Thanks
>
> I take it I should start it on the E2000 box, run the uninstall again and
> see what it flags?
>
>
>
> Steve Hart
>
> Network Administrator
>
> 503.491.4343 -Direct | 503.492.8160 - Fax
>
>
> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Wednesday, August 18, 2010 4:23 PM
> To: MS-Exchange Admin Issues
> Subject: Re: Uninstall Exchange 2000
>
>  On Wed, Aug 18, 2010 at 7:10 PM, Steve Hart  wrote:
> > I'm checking permissions on each of registry keys specified in KN
> > 260378, trying to determine why my uninstall is failing.
>
>  Get a hold of Process Monitor from Microsoft Sysinternals, and
> filter on "ACCESS DENIED" and see what it's actually failing on.  (If
> anything.  Over the years, I've noticed that Microsoft reports a lot
> of things as "Access is denied" when it's something else entirely.
> It's like that error is their catch-all or something.)
>
> -- Ben
>
>
>
>


RE: Uninstall Exchange 2000

2010-08-18 Thread Steve Hart
That's a new tool to me.  Thanks

I take it I should start it on the E2000 box, run the uninstall again and see 
what it flags?



Steve Hart

Network Administrator

503.491.4343 -Direct | 503.492.8160 - Fax


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, August 18, 2010 4:23 PM
To: MS-Exchange Admin Issues
Subject: Re: Uninstall Exchange 2000

On Wed, Aug 18, 2010 at 7:10 PM, Steve Hart  wrote:
> I'm checking permissions on each of registry keys specified in KN
> 260378, trying to determine why my uninstall is failing.

  Get a hold of Process Monitor from Microsoft Sysinternals, and
filter on "ACCESS DENIED" and see what it's actually failing on.  (If
anything.  Over the years, I've noticed that Microsoft reports a lot
of things as "Access is denied" when it's something else entirely.
It's like that error is their catch-all or something.)

-- Ben





Re: Uninstall Exchange 2000

2010-08-18 Thread Ben Scott
On Wed, Aug 18, 2010 at 7:10 PM, Steve Hart  wrote:
> I'm checking permissions on each of registry keys specified in KN
> 260378, trying to determine why my uninstall is failing.

  Get a hold of Process Monitor from Microsoft Sysinternals, and
filter on "ACCESS DENIED" and see what it's actually failing on.  (If
anything.  Over the years, I've noticed that Microsoft reports a lot
of things as "Access is denied" when it's something else entirely.
It's like that error is their catch-all or something.)

-- Ben



RE: Uninstall Exchange 2000

2010-08-18 Thread Steve Hart
I'm checking permissions on each of registry keys specified in KN 260378, 
trying to determine why my uninstall is failing. I got to thinking if these are 
the keys that would need to be manually deleted, then these are probably the 
keys the uninstall is trying to delete.

When I try to look at permissions on the key 
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeMGMT", I get a 
popup reading "The permissions on MSExchangeMGMT are incorrectly ordered, which 
may cause some entries to be ineffective. Press OK to continue and sort the 
permissions correctly, or Cancel to reset the permissions".

Any idea what the permissions should be on this key? 

Steve




Steve Hart

Network Administrator

503.491.4343 -Direct | 503.492.8160 - Fax


-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, August 18, 2010 3:28 PM
To: MS-Exchange Admin Issues
Subject: RE: Uninstall Exchange 2000

>> can we just do the last step "start Exchange System Manager and select the 
>> server object...

Give it a go. I doubt it'll work, but it can't hurt.

KB 260378 leaves quite a bit in AD. It's intended for the situation where you 
are going to go reinstall a server of the same name.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Steve Hart [mailto:sh...@wrightbg.com] 
Sent: Wednesday, August 18, 2010 6:24 PM
To: MS-Exchange Admin Issues
Subject: RE: Uninstall Exchange 2000



Getting back to my E2000 server that won't go away, I've already gone through 
http://technet.microsoft.com/en-us/library/bb288905%28EXCHG.80%29.aspx


The Exchange uninstall process is still dying with "Access Denied" when 
removing registry entries.


If I go through http://support.microsoft.com/kb/260378/ to manually remove the 
server will that leave any baggage in AD?

Alternatively, since we are going to trash the server anyway, can we just do 
the last step "start Exchange System Manager and select the server object. 
Right-click the object, click All Tasks, and then click Remove Server" and skip 
the registry work on the server?

Steve






Steve Hart

Network Administrator

503.491.4343 -Direct | 503.492.8160 - Fax


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, August 12, 2010 4:21 PM
To: MS-Exchange Admin Issues
Subject: Re: Uninstall Exchange 2000

On Thu, Aug 12, 2010 at 7:03 PM, Steve Hart  wrote:
> In regedit, there's no "properties" selection displayed.  In regedt32, I can 
> get to permissions from the security menu.

  Oh.  I forgot that Win 2000 has the brain damaged registry editor
twins.  Sorry.  Yah.

> There a lot of groups with Full Control.
...
> Domain\Domain Admins
...
> The account I'm using is a member of Domain Admins ...

  Hmmm.  Interesting.  Did you check for any "Deny" permissions on
that registry key?

   Beyond that... nothing comes to mind immediately.

--  Ben










RE: Uninstall Exchange 2000

2010-08-18 Thread Michael B. Smith
>> can we just do the last step "start Exchange System Manager and select the 
>> server object...

Give it a go. I doubt it'll work, but it can't hurt.

KB 260378 leaves quite a bit in AD. It's intended for the situation where you 
are going to go reinstall a server of the same name.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Steve Hart [mailto:sh...@wrightbg.com] 
Sent: Wednesday, August 18, 2010 6:24 PM
To: MS-Exchange Admin Issues
Subject: RE: Uninstall Exchange 2000



Getting back to my E2000 server that won't go away, I've already gone through 
http://technet.microsoft.com/en-us/library/bb288905%28EXCHG.80%29.aspx


The Exchange uninstall process is still dying with "Access Denied" when 
removing registry entries.


If I go through http://support.microsoft.com/kb/260378/ to manually remove the 
server will that leave any baggage in AD?

Alternatively, since we are going to trash the server anyway, can we just do 
the last step "start Exchange System Manager and select the server object. 
Right-click the object, click All Tasks, and then click Remove Server" and skip 
the registry work on the server?

Steve






Steve Hart

Network Administrator

503.491.4343 -Direct | 503.492.8160 - Fax


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, August 12, 2010 4:21 PM
To: MS-Exchange Admin Issues
Subject: Re: Uninstall Exchange 2000

On Thu, Aug 12, 2010 at 7:03 PM, Steve Hart  wrote:
> In regedit, there's no "properties" selection displayed.  In regedt32, I can 
> get to permissions from the security menu.

  Oh.  I forgot that Win 2000 has the brain damaged registry editor
twins.  Sorry.  Yah.

> There a lot of groups with Full Control.
...
> Domain\Domain Admins
...
> The account I'm using is a member of Domain Admins ...

  Hmmm.  Interesting.  Did you check for any "Deny" permissions on
that registry key?

   Beyond that... nothing comes to mind immediately.

--  Ben








RE: Uninstall Exchange 2000

2010-08-18 Thread Steve Hart


Getting back to my E2000 server that won't go away, I've already gone through 
http://technet.microsoft.com/en-us/library/bb288905%28EXCHG.80%29.aspx


The Exchange uninstall process is still dying with "Access Denied" when 
removing registry entries.


If I go through http://support.microsoft.com/kb/260378/ to manually remove the 
server will that leave any baggage in AD?

Alternatively, since we are going to trash the server anyway, can we just do 
the last step "start Exchange System Manager and select the server object. 
Right-click the object, click All Tasks, and then click Remove Server" and skip 
the registry work on the server?

Steve






Steve Hart

Network Administrator

503.491.4343 -Direct | 503.492.8160 - Fax


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, August 12, 2010 4:21 PM
To: MS-Exchange Admin Issues
Subject: Re: Uninstall Exchange 2000

On Thu, Aug 12, 2010 at 7:03 PM, Steve Hart  wrote:
> In regedit, there's no "properties" selection displayed.  In regedt32, I can 
> get to permissions from the security menu.

  Oh.  I forgot that Win 2000 has the brain damaged registry editor
twins.  Sorry.  Yah.

> There a lot of groups with Full Control.
...
> Domain\Domain Admins
...
> The account I'm using is a member of Domain Admins ...

  Hmmm.  Interesting.  Did you check for any "Deny" permissions on
that registry key?

   Beyond that... nothing comes to mind immediately.

--  Ben






RE: Frontbridge?

2010-08-18 Thread Joseph L. Casale
Stupid question, but...

When you reply-to, what email address are you sending to, if a reply-to header 
exists that incorrect because joebob is not on the ball

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, August 18, 2010 3:19 PM
To: MS-Exchange Admin Issues
Subject: Frontbridge?

We have an e-mail issue where a mail sent from my company to 
joe...@joebob.domain bounces if REPLYING to 
joebob. If a new e-mail is composed and sent to that address, it works fine. 
E-mail from joebob to other domains (gmail, etc) can be replied to without 
issue.

Our e-mail travels though Frontbridge (Forefront) and I'm thinking it might be 
there, even though the error is: Requested #5.0.0 smtp;550 Requested action not 
taken: mailbox unavailable
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764



Frontbridge?

2010-08-18 Thread David Lum
We have an e-mail issue where a mail sent from my company to 
joe...@joebob.domain bounces if REPLYING to 
joebob. If a new e-mail is composed and sent to that address, it works fine. 
E-mail from joebob to other domains (gmail, etc) can be replied to without 
issue.

Our e-mail travels though Frontbridge (Forefront) and I'm thinking it might be 
there, even though the error is: Requested #5.0.0 smtp;550 Requested action not 
taken: mailbox unavailable
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764



Re: OWA and OMA Problems in 2 New Servers

2010-08-18 Thread sms adm
More info:
We found that the old servers were in several domain wide security groups
while the new servers are in 3 local groups, but no domain wide security
groups ... strange.

Does anyone know the repercussions of dropping and adding an Exchange server
from the domain?

Thx

On Wed, Aug 18, 2010 at 11:06 AM, sms adm  wrote:

> We thing there may be some kind of GPO problem with permissions in the
> Exchange folder under IIS??? It's a theory we're exploring.
>
> Thx
>
> On Wed, Aug 18, 2010 at 10:49 AM, Doug Rooney 
> wrote:
>
>> You said minutes later… possibly enough time for DNS entries or other AD
>> rules to propagate?
>>
>> After re-boot do you get that windows again, or nothing?
>>
>>
>>
>>
>>
>> *Thank You*
>>
>> [image: Description:
>> file:///S:/Meadow%20Stebbins/Individuals/images/DRooney_01.jpg]
>>
>>
>>
>> *From:* sms adm [mailto:sms...@gmail.com]
>> *Sent:* Wednesday, August 18, 2010 7:32 AM
>>
>> *To:* MS-Exchange Admin Issues
>> *Subject:* Re: OWA and OMA Problems in 2 New Servers
>>
>>
>>
>> We tried restarting the box and it went down instead. Nothing in the logs
>> to indicate what went wrong there.
>> We do have some firewall issues that we expect to fix tomorrow morning.
>> What perplexes me is that it worked fine right after the reboot, then all of
>> a sudden, it didn't work.
>>
>> Thx
>>
>> On Wed, Aug 18, 2010 at 10:19 AM, James Bensley 
>> wrote:
>>
>> If there is no logs or errors of any sort is it a connectivity issue,
>> routing issues, power issues, driver issue, hardware issue etc? Have
>> you rule out all of these?
>>
>> --
>> Regards,
>> James.
>>
>> http://www.jamesbensley.co.cc/
>>
>> There are 10 kinds of people in the world; Those who understand
>> Vigesimal, and J others...?
>>
>>
>>
>>
>> --
>> smsadm
>>
>
>
>
> --
> smsadm
>



-- 
smsadm
<>

Re: OWA and OMA Problems in 2 New Servers

2010-08-18 Thread sms adm
We thing there may be some kind of GPO problem with permissions in the
Exchange folder under IIS??? It's a theory we're exploring.

Thx

On Wed, Aug 18, 2010 at 10:49 AM, Doug Rooney wrote:

> You said minutes later… possibly enough time for DNS entries or other AD
> rules to propagate?
>
> After re-boot do you get that windows again, or nothing?
>
>
>
>
>
> *Thank You*
>
> [image: Description:
> file:///S:/Meadow%20Stebbins/Individuals/images/DRooney_01.jpg]
>
>
>
> *From:* sms adm [mailto:sms...@gmail.com]
> *Sent:* Wednesday, August 18, 2010 7:32 AM
>
> *To:* MS-Exchange Admin Issues
> *Subject:* Re: OWA and OMA Problems in 2 New Servers
>
>
>
> We tried restarting the box and it went down instead. Nothing in the logs
> to indicate what went wrong there.
> We do have some firewall issues that we expect to fix tomorrow morning.
> What perplexes me is that it worked fine right after the reboot, then all of
> a sudden, it didn't work.
>
> Thx
>
> On Wed, Aug 18, 2010 at 10:19 AM, James Bensley 
> wrote:
>
> If there is no logs or errors of any sort is it a connectivity issue,
> routing issues, power issues, driver issue, hardware issue etc? Have
> you rule out all of these?
>
> --
> Regards,
> James.
>
> http://www.jamesbensley.co.cc/
>
> There are 10 kinds of people in the world; Those who understand
> Vigesimal, and J others...?
>
>
>
>
> --
> smsadm
>



-- 
smsadm
<>

Re: OWA and OMA Problems in 2 New Servers

2010-08-18 Thread sms adm
Services were fine.
Working on a reboot window now (we're in the middle of moving mailboxes
there ... 2000 already moved.

Thx

On Wed, Aug 18, 2010 at 10:42 AM, Ellis, John P. wrote:

>  Have the services crashed?
> And if you reboot again, does the same happen?
>
> John
>
>  --
> *From:* sms adm [mailto:sms...@gmail.com]
> *Sent:* 18 August 2010 15:10
> *To:* MS-Exchange Admin Issues
> *Subject:* OWA and OMA Problems in 2 New Servers
>
> Just stood up 2 new servers in a new data center.
> Objective is to move mailboxes from present 2 servers in old data center to
> the new servers in the new data center.
>
> New servers up and tested well (or so we thought).
> MAPI and RPC over HTTPS work well.  No problems.
> After a reboot, I can access my mail through OWA and OMA.
> Minutes later, these 2 are not available???  Not even locally on the
> Exchange server.
>
> No errors in the IIS logs or the Exchange server system, security, or
> application logs.
>
> Anyone have any ideas? We're stumped??
>
> Thx
>
> **
>
> This email and any files transmitted with it are confidential and
>
> intended solely for the use of the individual or entity to whom they
>
> are addressed. If you have received this email in error please notify
>
> the system manager.
>
>  This footnote also confirms that this email message has been swept by
>
> MIMEsweeper for the presence of computer viruses.
>
>  www.clearswift.com
>
> **
>
>


-- 
smsadm


RE: OWA and OMA Problems in 2 New Servers

2010-08-18 Thread Doug Rooney
You said minutes later... possibly enough time for DNS entries or other
AD rules to propagate?
After re-boot do you get that windows again, or nothing?
 
 
Thank You
 
 
From: sms adm [mailto:sms...@gmail.com] 
Sent: Wednesday, August 18, 2010 7:32 AM
To: MS-Exchange Admin Issues
Subject: Re: OWA and OMA Problems in 2 New Servers
 
We tried restarting the box and it went down instead. Nothing in the
logs to indicate what went wrong there.
We do have some firewall issues that we expect to fix tomorrow morning.
What perplexes me is that it worked fine right after the reboot, then
all of a sudden, it didn't work.

Thx
On Wed, Aug 18, 2010 at 10:19 AM, James Bensley 
wrote:
If there is no logs or errors of any sort is it a connectivity issue,
routing issues, power issues, driver issue, hardware issue etc? Have
you rule out all of these?

--
Regards,
James.

http://www.jamesbensley.co.cc/

There are 10 kinds of people in the world; Those who understand
Vigesimal, and J others...?



-- 
smsadm
<>

RE: OWA and OMA Problems in 2 New Servers

2010-08-18 Thread Ellis, John P.
Have the services crashed?
And if you reboot again, does the same happen?
 
John



From: sms adm [mailto:sms...@gmail.com] 
Sent: 18 August 2010 15:10
To: MS-Exchange Admin Issues
Subject: OWA and OMA Problems in 2 New Servers


Just stood up 2 new servers in a new data center.
Objective is to move mailboxes from present 2 servers in old data center
to the new servers in the new data center.

New servers up and tested well (or so we thought).
MAPI and RPC over HTTPS work well.  No problems.
After a reboot, I can access my mail through OWA and OMA.
Minutes later, these 2 are not available???  Not even locally on the
Exchange server.

No errors in the IIS logs or the Exchange server system, security, or
application logs.

Anyone have any ideas? We're stumped??

Thx



**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.clearswift.com
**




Re: OWA and OMA Problems in 2 New Servers

2010-08-18 Thread sms adm
We tried restarting the box and it went down instead. Nothing in the logs to
indicate what went wrong there.
We do have some firewall issues that we expect to fix tomorrow morning. What
perplexes me is that it worked fine right after the reboot, then all of a
sudden, it didn't work.

Thx

On Wed, Aug 18, 2010 at 10:19 AM, James Bensley  wrote:

> If there is no logs or errors of any sort is it a connectivity issue,
> routing issues, power issues, driver issue, hardware issue etc? Have
> you rule out all of these?
>
> --
> Regards,
> James.
>
> http://www.jamesbensley.co.cc/
>
> There are 10 kinds of people in the world; Those who understand
> Vigesimal, and J others...?
>
>


-- 
smsadm


Re: OWA and OMA Problems in 2 New Servers

2010-08-18 Thread James Bensley
If there is no logs or errors of any sort is it a connectivity issue,
routing issues, power issues, driver issue, hardware issue etc? Have
you rule out all of these?

-- 
Regards,
James.

http://www.jamesbensley.co.cc/

There are 10 kinds of people in the world; Those who understand
Vigesimal, and J others...?



OWA and OMA Problems in 2 New Servers

2010-08-18 Thread sms adm
Just stood up 2 new servers in a new data center.
Objective is to move mailboxes from present 2 servers in old data center to
the new servers in the new data center.

New servers up and tested well (or so we thought).
MAPI and RPC over HTTPS work well.  No problems.
After a reboot, I can access my mail through OWA and OMA.
Minutes later, these 2 are not available???  Not even locally on the
Exchange server.

No errors in the IIS logs or the Exchange server system, security, or
application logs.

Anyone have any ideas? We're stumped??

Thx


RE: Exchange 2007 SCR replication logs infected with trojan

2010-08-18 Thread Dan Cooper
Maybe the SCR target event log was generating errors on 1 particular log 
precisely  because you have scanning enabled on the log files folder, the and 
the AV software was not allowing exchange to process the file correctly...maybe.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: woensdag 18 augustus 2010 14:42
To: MS-Exchange Admin Issues
Subject: RE: Exchange 2007 SCR replication logs infected with trojan

The long and the short of it is - you can't. You also can't be certain that, 
even now, the log is actually infected. It's very common for things like this 
to be false positives.

Generally speaking you want perimeter scanning (i.e., scanning of incoming and 
outgoing e-mail in your DMZ) and you want desktop scanning (to ensure that your 
e-mail submitters aren't submitting malware to Exchange). It used to be that we 
also would recommend store/transport level scanning; but that's no longer 
considered a best practice. The bigger an Exchange database gets, the more 
challenging that is to do performantly.

The real question to consider is this: ok, you have an email with a Trojan 
sitting in your mailbox database. That means it will exist in a at least two 
places - a log file and the database itself. If you have an CR technology, 
it'll also exist in another log file and database on the target machine.

What can that Trojan do? The answer is: nothing. Absolutely nothing.

If a user happens to activate the Trojan, it can conceivably impact the user's 
workstation. But the AV on the workstation should catch it.

If you want it gone from the store so that a user never has a chance to 
activate it - you have to do store level scanning. And that typically is an 
add-on package from an AV vendor.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Liby Philip Mathew [mailto:lmat...@path-solutions.com]
Sent: Wednesday, August 18, 2010 7:50 AM
To: MS-Exchange Admin Issues
Subject: RE: Exchange 2007 SCR replication logs infected with trojan

Thanks Mike,
My SCR target event log was generating errors on 1 particular log.  So I went 
to the source and scanned that particular log file with McAfee without 
cleaning/repairing option and it detected the Trojan.  I have followed the link 
long back and excluded the required files from scanning.  I'll go thru it once 
again.  But how can I make sure that the logs or DB's are not infected with 
Trojans or virus.
TIA
Liby

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, August 18, 2010 2:34 PM
To: MS-Exchange Admin Issues
Subject: RE: Exchange 2007 SCR replication logs infected with trojan

You should not be scanning the log files. Ever. Exclude that directory and 
remove all the log files from quarantine, restoring them to their original 
location.

See



and the articles linked from that article, especially



Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Liby Philip Mathew [mailto:lmat...@path-solutions.com]
Sent: Wednesday, August 18, 2010 6:24 AM
To: MS-Exchange Admin Issues
Subject: Exchange 2007 SCR replication logs infected with trojan

Hi,
I have a SCR replication log file infected with a Trojan which is not 
replicating to the SCR target.  McAfee identified it as a JS/Redirector.z on 
the source.  How can I get rid of this Trojan without deleting the log so that 
the SCR replication will continue?
How can I avoid future infection to the logs?
Regards
Liby


Disclaimer
[The information contained in this e-mail message and any attached files are 
confidential information and intended solely for the use of the individual or 
entity to whom they are addressed. This transmission may contain information 
that is privileged, confidential or exempt from disclosure under applicable 
law. If you have received this e-mail in error, please notify the sender 
immediately and delete all copies. If you are not the intended recipient, any 
disclosure, copying, distribution, or use of the information contained herein 
is STRICTLY PROHIBITED. Path Solutions accepts no responsibility for any 
errors, omissions, computer viruses and other defects.]



DISCLAIMER 18-8-2010 15:20:41

This communication is intended only for use by MS-Exchange Admin Issues. It may 
contain confidential or privileged information. If you receive this 
communication unintentionally, please inform us immediately. Thank you. 180  
has registered companies in the United States and in the Netherlands. 180 Los 
Angeles  LLC . (180)  1733 Ocean Avenue, Suite 400, Santa Monica, California 
90401, is registered with the trade register in the US in Delaware under file 
number 4260284 and the corporation's FEIN is 20-5982098. 180 Amsterdam BV (180) 
Herengracht 506, 1017 CB, Amsterdam 

RE: Exchange 2007 SCR replication logs infected with trojan

2010-08-18 Thread Michael B. Smith
The long and the short of it is - you can't. You also can't be certain that, 
even now, the log is actually infected. It's very common for things like this 
to be false positives.

Generally speaking you want perimeter scanning (i.e., scanning of incoming and 
outgoing e-mail in your DMZ) and you want desktop scanning (to ensure that your 
e-mail submitters aren't submitting malware to Exchange). It used to be that we 
also would recommend store/transport level scanning; but that's no longer 
considered a best practice. The bigger an Exchange database gets, the more 
challenging that is to do performantly.

The real question to consider is this: ok, you have an email with a Trojan 
sitting in your mailbox database. That means it will exist in a at least two 
places - a log file and the database itself. If you have an CR technology, 
it'll also exist in another log file and database on the target machine.

What can that Trojan do? The answer is: nothing. Absolutely nothing.

If a user happens to activate the Trojan, it can conceivably impact the user's 
workstation. But the AV on the workstation should catch it.

If you want it gone from the store so that a user never has a chance to 
activate it - you have to do store level scanning. And that typically is an 
add-on package from an AV vendor.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Liby Philip Mathew [mailto:lmat...@path-solutions.com]
Sent: Wednesday, August 18, 2010 7:50 AM
To: MS-Exchange Admin Issues
Subject: RE: Exchange 2007 SCR replication logs infected with trojan

Thanks Mike,
My SCR target event log was generating errors on 1 particular log.  So I went 
to the source and scanned that particular log file with McAfee without 
cleaning/repairing option and it detected the Trojan.  I have followed the link 
long back and excluded the required files from scanning.  I'll go thru it once 
again.  But how can I make sure that the logs or DB's are not infected with 
Trojans or virus.
TIA
Liby

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, August 18, 2010 2:34 PM
To: MS-Exchange Admin Issues
Subject: RE: Exchange 2007 SCR replication logs infected with trojan

You should not be scanning the log files. Ever. Exclude that directory and 
remove all the log files from quarantine, restoring them to their original 
location.

See



and the articles linked from that article, especially



Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Liby Philip Mathew [mailto:lmat...@path-solutions.com]
Sent: Wednesday, August 18, 2010 6:24 AM
To: MS-Exchange Admin Issues
Subject: Exchange 2007 SCR replication logs infected with trojan

Hi,
I have a SCR replication log file infected with a Trojan which is not 
replicating to the SCR target.  McAfee identified it as a JS/Redirector.z on 
the source.  How can I get rid of this Trojan without deleting the log so that 
the SCR replication will continue?
How can I avoid future infection to the logs?
Regards
Liby


Disclaimer
[The information contained in this e-mail message and any attached files are 
confidential information and intended solely for the use of the individual or 
entity to whom they are addressed. This transmission may contain information 
that is privileged, confidential or exempt from disclosure under applicable 
law. If you have received this e-mail in error, please notify the sender 
immediately and delete all copies. If you are not the intended recipient, any 
disclosure, copying, distribution, or use of the information contained herein 
is STRICTLY PROHIBITED. Path Solutions accepts no responsibility for any 
errors, omissions, computer viruses and other defects.]


RE: Exchange 2007 SCR replication logs infected with trojan

2010-08-18 Thread Liby Philip Mathew
Thanks Mike,
My SCR target event log was generating errors on 1 particular log.  So I went 
to the source and scanned that particular log file with McAfee without 
cleaning/repairing option and it detected the Trojan.  I have followed the link 
long back and excluded the required files from scanning.  I'll go thru it once 
again.  But how can I make sure that the logs or DB's are not infected with 
Trojans or virus.
TIA
Liby

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, August 18, 2010 2:34 PM
To: MS-Exchange Admin Issues
Subject: RE: Exchange 2007 SCR replication logs infected with trojan

You should not be scanning the log files. Ever. Exclude that directory and 
remove all the log files from quarantine, restoring them to their original 
location.

See



and the articles linked from that article, especially



Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Liby Philip Mathew [mailto:lmat...@path-solutions.com]
Sent: Wednesday, August 18, 2010 6:24 AM
To: MS-Exchange Admin Issues
Subject: Exchange 2007 SCR replication logs infected with trojan

Hi,
I have a SCR replication log file infected with a Trojan which is not 
replicating to the SCR target.  McAfee identified it as a JS/Redirector.z on 
the source.  How can I get rid of this Trojan without deleting the log so that 
the SCR replication will continue?
How can I avoid future infection to the logs?
Regards
Liby


Disclaimer
[The information contained in this e-mail message and any attached files are 
confidential information and intended solely for the use of the individual or 
entity to whom they are addressed. This transmission may contain information 
that is privileged, confidential or exempt from disclosure under applicable 
law. If you have received this e-mail in error, please notify the sender 
immediately and delete all copies. If you are not the intended recipient, any 
disclosure, copying, distribution, or use of the information contained herein 
is STRICTLY PROHIBITED. Path Solutions accepts no responsibility for any 
errors, omissions, computer viruses and other defects.]


RE: Exchange 2007 SCR replication logs infected with trojan

2010-08-18 Thread Michael B. Smith
You should not be scanning the log files. Ever. Exclude that directory and 
remove all the log files from quarantine, restoring them to their original 
location.

See



and the articles linked from that article, especially



Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Liby Philip Mathew [mailto:lmat...@path-solutions.com]
Sent: Wednesday, August 18, 2010 6:24 AM
To: MS-Exchange Admin Issues
Subject: Exchange 2007 SCR replication logs infected with trojan

Hi,
I have a SCR replication log file infected with a Trojan which is not 
replicating to the SCR target.  McAfee identified it as a JS/Redirector.z on 
the source.  How can I get rid of this Trojan without deleting the log so that 
the SCR replication will continue?
How can I avoid future infection to the logs?
Regards
Liby


Disclaimer
[The information contained in this e-mail message and any attached files are 
confidential information and intended solely for the use of the individual or 
entity to whom they are addressed. This transmission may contain information 
that is privileged, confidential or exempt from disclosure under applicable 
law. If you have received this e-mail in error, please notify the sender 
immediately and delete all copies. If you are not the intended recipient, any 
disclosure, copying, distribution, or use of the information contained herein 
is STRICTLY PROHIBITED. Path Solutions accepts no responsibility for any 
errors, omissions, computer viruses and other defects.]


Exchange 2007 SCR replication logs infected with trojan

2010-08-18 Thread Liby Philip Mathew
Hi,
I have a SCR replication log file infected with a Trojan which is not 
replicating to the SCR target.  McAfee identified it as a JS/Redirector.z on 
the source.  How can I get rid of this Trojan without deleting the log so that 
the SCR replication will continue?
How can I avoid future infection to the logs?
Regards
Liby


Disclaimer
[The information contained in this e-mail message and any attached files are 
confidential information and intended solely for the use of the individual or 
entity to whom they are addressed. This transmission may contain information 
that is privileged, confidential or exempt from disclosure under applicable 
law. If you have received this e-mail in error, please notify the sender 
immediately and delete all copies. If you are not the intended recipient, any 
disclosure, copying, distribution, or use of the information contained herein 
is STRICTLY PROHIBITED. Path Solutions accepts no responsibility for any 
errors, omissions, computer viruses and other defects.]


RE: Delegated mailbox access and sent items

2010-08-18 Thread Dave Wade
One other option is to use OWA to access the shared account. They will of 
course need to go to the in-box URL of the shared account. I guess IMAP might 
also work but I havn't tried that.

Dave Wade
0161 474 5456



From: Simon Butler
Sent: Tue 17/08/2010 18:39
To: MS-Exchange Admin Issues
Subject: RE: Delegated mailbox access and sent items


Nothing native with that version.
You could look at Unisent from ivasoft.biz. 
Outlook 2010 will do it for you as well. 
I have also been told it can be done with rules, but I was unable to find a 
reliable combination of rules that worked - plus it has to be setup for each 
user individually. 

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/ 



-Original Message-
From: Ellis, John P. [mailto:johnel...@wirral.gov.uk] 
Sent: 17 August 2010 15:42
To: MS-Exchange Admin Issues
Subject: Delegated mailbox access and sent items

Outlook 2003 and 2007 with Exchange 2003
We have a number of users that have their own mailboxes and also
delegate access into a group email account.
They have send of behalf of permissions.
Is it possible that when a user replies to an email in the delegate
account the email will remain in the sent items of said delegate mailbox
instead of going into the main users sent items?

Thanks
John

**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.clearswift.com
**