RE: Event Service won't start
Q270677 Jon -Original Message- From: Alex Alborzfard [mailto:[EMAIL PROTECTED] Posted At: Tuesday, January 13, 2004 7:32 AM Posted To: exchange Conversation: Event Service won't start Subject: Event Service won't start EX 5.5, NT4 SP6a Event service won't start and displays the following error message: Could not start the Microsoft Exchange Event Service service on \\s-mail Error 2140: An internal Windows NT error occured. The only entry related in EV is Event ID 5 with the following description: An unexpected MAPI error occured. Error returned was [0x80040154] This happened right after all EX 5.5 services and the Server service one day shut down and the server couldn't log on to the domain. Installing an NT Hotfix and some WINS tweaking resolved all the problems, except for the Event Service stoppage. --Alex Alborzfard _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
RE: PST Alternative?
This brings up the old philosophical question about how much disk space do you allow any one user. 100mb, 1gb, 10gb, 100gb?? I work at a place where folks work 20, 30, 40 years. Some of these folks would keep every shred of email forever if there was not some upper limit on their space. We try to be flexible and have users with hundreds of mb of email stored in Exchange. However, we have also shown some of our most retentive folks how to create PST files and burn them of to CD. Jon -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Posted At: Tuesday, January 13, 2004 7:58 AM Posted To: exchange Conversation: PST Alternative? Subject: RE: PST Alternative? Increase the disk space and thus the limits on the Exchange server. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Dietz Sent: Tuesday, January 13, 2004 6:19 AM To: Exchange Discussions Subject: PST Alternative? I am looking for alternate solutions to using PST files. I have had numerous users come to me with corrupt files. Are there any out there? Kevin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
Incorrect NDRs Miss-Addressed Email Queues
Yesterday morning the Unix box our Exchange system hands off Internet-bound email to was having a problem, as initially evidenced on the Exchange side by the filling up of remote SMTP queues. As part of the troubleshooting process I restarted the SMTP virtual server. When I did this it flushed all of the email out with NDRs indicating that it 'Could not deliver the message in the time limit specified.' These emails had been in the queue less than 12 hours, so that message seems a little pre-mature. The settings for this are default, and I believe that it should wait at least two days before generating such and NDR. Additionally, it flushed out about 100 messages from somewhere that had been sent in the past month to miss-identified internal users. Primarily these were emails automatically generated by internal systems that send emails addressed similar to [EMAIL PROTECTED] In the cases of these rejected emails whoever configured these internal notifications miss-spelled the userid. These emails were not in the queues I know of and normally monitor, and they generated the same NDR as above - 'Could not deliver the message in the time limit specified'. So, the two questions before the house are: 1. Why did bouncing the SMTP service cause 'Could not deliver the message in the time limit specified' NDRs for email that had been queued for a relatively short period of time? 2. Where are the miss-addressed emails being stored, and why are they being held there for up to a month? Many thanks . . . Jon _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
RE: Incorrect NDRs Miss-Addressed Email Queues
Guess I should have mentioned that this is an Exchange 2000 sp3 system. Jon -Original Message- From: Martin, Jon Posted At: Monday, January 12, 2004 8:35 AM Posted To: exchange Conversation: Incorrect NDRs Miss-Addressed Email Queues Subject: Incorrect NDRs Miss-Addressed Email Queues Yesterday morning the Unix box our Exchange system hands off Internet-bound email to was having a problem, as initially evidenced on the Exchange side by the filling up of remote SMTP queues. As part of the troubleshooting process I restarted the SMTP virtual server. When I did this it flushed all of the email out with NDRs indicating that it 'Could not deliver the message in the time limit specified.' These emails had been in the queue less than 12 hours, so that message seems a little pre-mature. The settings for this are default, and I believe that it should wait at least two days before generating such and NDR. Additionally, it flushed out about 100 messages from somewhere that had been sent in the past month to miss-identified internal users. Primarily these were emails automatically generated by internal systems that send emails addressed similar to [EMAIL PROTECTED] In the cases of these rejected emails whoever configured these internal notifications miss-spelled the userid. These emails were not in the queues I know of and normally monitor, and they generated the same NDR as above - 'Could not deliver the message in the time limit specified'. So, the two questions before the house are: 1. Why did bouncing the SMTP service cause 'Could not deliver the message in the time limit specified' NDRs for email that had been queued for a relatively short period of time? 2. Where are the miss-addressed emails being stored, and why are they being held there for up to a month? Many thanks . . . Jon _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
RE: OWA and URLScan-Blocked Special Characters
Thanks for the input on this. While both my post here and on the MS newsgroups failed to elicit detailed specifics as to what exploits were being prevented by blocking these particular characters, these responses were useful and definitely preferable to what I received yesterday from MS PSS. Their answer was 'We know, but for security reasons we cannot tell you.' ( A snide aside: Thanks, MS. That took five phone calls, five emails, and you still have not agreed to non-decrement the case.) On a much more positive front, I received an excellent response from Rand Morimoto ([EMAIL PROTECTED]), author of the book Exchange 2003 Unleashed. My query to Rand was to help explain the two most problematic character blocks (from a customer irritation point a view) - the '..' and the ''. Rand's response was as follows: The '..' in a URL allows for traversal of the directory tree. This means that when I get access to one location on an Exchange server, I can send a .. command and walk up the directory tree. This can actually be minimized by having tight security rights, so I really don't see a problem with that issue. The '' is more of a problem because that allows you to string together multiple commands. So you can tell an IIS server to open an email and to launch an executable at the same time. However this too can be minimized as a risk by hardening the server so that someone cannot hack the server to then launch an executable (i.e. I send an email to someone with an attachment, I somehow know that persons logon/password, I then open and launch the executable that brings the whole network down). This presumes that you allow executables into your network AND it presumes that someone has their user account compromised. But it's possible. So by themselves, the ability to bypass URLScan for these commands, while it does weaken security, requires a couple other compromises to take place in your environment. Another option is go to IIS6 / Exchange 2003 OWA. IIS6 has functionality that allows you to run and access messages that may otherwise be URLScan compromising, however Exchange 2003 / IIS6 have better protections to allow access without restricting accessibility while minimizing security risks. The bottom line in our environment is that we will open the '..' and '' for OWA, and let other security measures handle the potential risks. Jon -Original Message- From: Martin, Jon Sent: Thursday, October 16, 2003 5:20 PM Posted To: exchange - new Conversation: OWA and URLScan-Blocked Special Characters Subject:OWA and URLScan-Blocked Special Characters OK, we all know that when you run Urlscan on an Exchange server that you will not be able to view certain notes in OWA, specifically those notes with special characters in the subject line. The special characters are below, along with the reason, according to MS documentation, that these should be blocked. .. Allows directory traversals ./ Allows trailing dot on a directory name \ Allows backslashes in URL % Allows escaping after normalization Allows multiple CGI processes to run on a single request My management wants these characters unblocked. To prevent this I need a better understanding of what potential problems are being prevented by the disabling of these characters. The above explanation in the MS documentation is probably not going to be sufficient. Does anyone have a more detailed explanation of the possible exploits being blocked by disabling these characters?? Thanks. Jon Martin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
OWA and URLScan-Blocked Special Characters
OK, we all know that when you run Urlscan on an Exchange server that you will not be able to view certain notes in OWA, specifically those notes with special characters in the subject line. The special characters are below, along with the reason, according to MS documentation, that these should be blocked. .. Allows directory traversals ./ Allows trailing dot on a directory name \ Allows backslashes in URL % Allows escaping after normalization Allows multiple CGI processes to run on a single request My management wants these characters unblocked. To prevent this I need a better understanding of what potential problems are being prevented by the disabling of these characters. The above explanation in the MS documentation is probably not going to be sufficient. Does anyone have a more detailed explanation of the possible exploits being blocked by disabling these characters?? Thanks. Jon Martin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Outlook to Exchange over VPN issues
Never personally tried it over dial-up, although we have a few users doing that and I've heard no complaints (then again, I am not on the Help Desk). It works fine (Outlook97 2k going against Exch5.5 2k) over DSL/Cable. There is one annoyance which may account for the port 135 reference - Outlook over VPN does not update the Unread Items counter in a timely fashion. Sometimes it takes a few minutes for incoming mail to register via the counters on the right side of folder names. I recall that there was some UDP port you could open to fix this, but we left things closed. Clicking on any folder would force an Unread Items count update. Jon -Original Message- From: Alex Alborzfard [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 9:21 AM Posted To: exchange - new Conversation: Outlook to Exchange over VPN issues Subject:Outlook to Exchange over VPN issues We are in the process of rolling out VPN (PPTP/IPSEC) to allow access to remote access to Exchange. But I've heard the performance is really dismal especially over dial-up. I've also heard OL 03 with EX 03 takes care of this problem, by using RPC over HTTP. Should we wait and upgrade to OL/EX 03 instead? What are other OL(2000) to EX(5.5/2K) over VPN connectivity issues? Thanks --Alex Alborzfard Exchange Admin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: 3 Layers of Virus protection.
One note related to this. It seems to me that having more than one vendor is as important as having multiple layers. If you have three or four layers of 'insert your AV vendor here' products and they miss the boat on some virus, then all of those layers are irrelevant. Jon -Original Message- From: Tony Hlabse [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 5:39 AM Posted To: exchange - new Conversation: 3 Layers of Virus protection. Subject:3 Layers of Virus protection. I was curious how many have 3 layers of protection for their email systems. My current assignment has me at a place where they are comfortable with desktop and a set of SMTP servers doing virus and spam. Desktop is Symantec and Trend on the SMTP servers. My gut feeling is to also protect the IS stores too. How many have 3 levels. _ bGet MSN 8/b and help protect your children with advanced parental controls. http://join.msn.com/?page=features/parental _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Way OT: Love that Windows File Protection - NOT!
A tale of bad programming gone awry, and a cautionary tale concerning our future ability to push out software upgrades. I work for a company of 1,800 users and over the past five years my work has included installing and maintaining the companiy's NT domain and Exchange 5.5 system, automating the rollout of the upgrade from Office 97 to Office 2000, and upgrading the NT domain/Exchange 5.5 system to Windows AD and Exchange 2000. Even with that level of experience with Microsoft products (not to mention using pretty much every MS OS since 1983) I was surprised at what I went through this past weekend. Task at hand: Install Office 2000 SR-1 (the same distribution we used for the Office 2000 rollout at our company). The target: a Dell GX110 with a newly laid-out copy of Windows 2000 Professional fully patched and updated using the Windows Update feature. The installation of Office 2k runs for a while, and then pops up an error message: Windows File Protection: must copy files from CDROM of SP4. Please insert SP4 disk in CDROM Drive. OK, a fully patched and updated copy of Win2k now includes SP4. With the rollout of SP4 Microsoft has implemented a feature called Windows File Protection, which ostensibly will protect certain system files and DLLs from being overwritten, causing system instability, in theory a laudable goal. Problem number one with this error is that I did not have SP4 on a CDROM because it had been installed using the Windows Update feature. So I go out to Microsoft to download the Network Administrator version of SP4, unzipped it onto my local drive, and burn it to CD. I burn the SP4 files to disc two ways, copying the i386 folder to the root of the disk (so that all required files were at least one folder down) and also burning the contents of the i386 folder to the root (so that all required files were at the root level), not knowing which way the system would try to read these files. Since the installation of the CD burning software required a number of reboots, I was forced to abandon the installation of Office 2000 where it errored out. Not wanting some hosed-up partial install on my new system, I ghosted back to the image I created right before beginning the process (love the Ghost 2003). I start the Office 2000 install process again, get to the error message, and armed with my SP4 CDROM clicked on continue (or whatever), where it refused to recognize my CDROM as acceptable. As you might expect, I am less than pleased. OK, a little research on this Windows File Protection reveals a couple of ways to disable it. Both are registry edits. One disables it for one reboot, and one permanently. Thinking that it may be a useful feature in the future, I disable it temporarily, reboot (again killing the Office 2000 install partway through), and restart the install. Loeth and beholdeth, the install completes fine - no errors, no pause for the CDROM (which was inserted in the drive). Again, not wanting some bastardized uncompleted Office 2k install on my system I re-image back to the pre-install state. I make the registry change to temporarily turn the Windows File Protection off, reboot and restart the Office 2k install. What's this? I get the same error message again. Blood pressure is up, invectives are flying. OK, that's it. I re-image, use the registry editor to permanently kill the Windows File Protection, reboot, check the registry to confirm the kill entry is in place, and go to re-install Office 2k. Same error!! OK, put on the thinking cap. I had one successful Office 2k install. What was different about that attempt? One thing: I had attempted a second install of Office 2k on the same image (no re-image between attempts). To test this theory, I canceled the Office 2k install at the error point, watched it 'undo' whatever it had done, and restarted the install process. Loeth and beholdeth again, the installation process completed successfully (and partway through it started reading the CDROM drive with no problem!). This does not bode well for future software rollouts. Even though we can theoretically disable this Windows File Protection service, telling users 'begin the installation process, wait for the error message, cancel the install and restart it' is lame. Needless to say, Microsoft is not on my A-list this week. Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Way OT: Love that Windows File Protection - NOT!
That's a nice, arrogant way to put it. I can only hope that the powers-that-be at Microsoft do not have a similar attitude towards their customers. I do not think it too much to ask that a fresh install of a supported OS, fully patched using their supported methods, would allow me to install their flagship office productivity tools in a straightforward manner. Jon -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 10:21 AM Posted To: exchange - new Conversation: Way OT: Love that Windows File Protection - NOT! Subject:Re: Way OT: Love that Windows File Protection - NOT! Needless to say, Microsoft is not on my A-list this week. You can always switch to another OS. Of course if all OS vendors are doing the same thing, then you can either accept it or go without automated software updates. No one is forcing you to use software. Hmm... Nope. Just drink the cool-aid and move along, nothing to see here. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Two Unusual Outlook 2002 Problems
Chris, Thanks for the reply. I did think of that and used the Windows Component app to undo the IE Enhanced Security Configuration stuff, but it did not resolve these problems. It would not surprise me to learn that there was still something leftover that was causing these things. Jon -Original Message- From: Chris H [mailto:[EMAIL PROTECTED] Posted At: Wednesday, June 04, 2003 3:53 PM Posted To: exchange - new Conversation: Two Unusual Outlook 2002 Problems Subject: Re: Two Unusual Outlook 2002 Problems in server 2003 a lot of IE is disabled by default. Could that have something to do with it? I know IE and Outlook share a lot of components. - Original Message - From: Martin, Jon [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 4:59 PM Subject: Two Unusual Outlook 2002 Problems Recently I reconfigured my production workstation from scratch to include: - Windows 2003 Server Enterprise Edition; and - Office XP with sp2 This replaces a Windows 2000 Advanced Server with Office 2000 SR-1. Now I am getting two weird problems (so far) with Outlook 2002. 1. My ability to modify Outlook folder permissions now consists of modifying the Default permissions, and adding users to the list of those who have permissions. I cannot modify any permissions (except Default) and I cannot delete users from the list of those who have permissions. This is true of my individual mailbox folders, and also Public Folders. Essentially, almost everything is grayed out. 2. Every time I go to modify the current view of a folder (like add a field) using the View - Current View - Customize Current View etc. routine I get a Microsoft Outlook has encountered a problem and needs to close. We are sorry for the inconvenience. message, after which Outlook restarts. I can modify things by using the Field Chooser tool, or by dragging fields off the board. This is a pretty vanilla install; it has only been in production for two days. If I go back to an Outlook 2000 install I have on another Windows 2000 box everything works normally. Any ideas? Thanks . . . Jon Martin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Two Unusual Outlook 2002 Problems
Recently I reconfigured my production workstation from scratch to include: - Windows 2003 Server Enterprise Edition; and - Office XP with sp2 This replaces a Windows 2000 Advanced Server with Office 2000 SR-1. Now I am getting two weird problems (so far) with Outlook 2002. 1. My ability to modify Outlook folder permissions now consists of modifying the Default permissions, and adding users to the list of those who have permissions. I cannot modify any permissions (except Default) and I cannot delete users from the list of those who have permissions. This is true of my individual mailbox folders, and also Public Folders. Essentially, almost everything is grayed out. 2. Every time I go to modify the current view of a folder (like add a field) using the View - Current View - Customize Current View etc. routine I get a Microsoft Outlook has encountered a problem and needs to close. We are sorry for the inconvenience. message, after which Outlook restarts. I can modify things by using the Field Chooser tool, or by dragging fields off the board. This is a pretty vanilla install; it has only been in production for two days. If I go back to an Outlook 2000 install I have on another Windows 2000 box everything works normally. Any ideas? Thanks . . . Jon Martin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Outlook/Exchange Problem with Save To Folder
Exchange server: Exch2k sp 3/Win2k sp3 relatively recently patched Outlook client: Win2k Pro with Outlook 2000 User uses the Save To feature regularly to file outgoing mail to various folders other than the Sent Items folder. Multiple times daily (3 or 4 times out of 25-50 emails sent using this feature) and seemingly randomly he gets the following message when sending an email with the Save To feature: The folder you have selected in not a subfolder of the default store. To select a different folder, click OK. Q260099 is the only reference I can find with this error, and the cause specified in that article does not apply. This user is attempting to save to folders within his own mailbox, which is the default mail delivery location. This does not happen when saving to a specific folder, or mail with a specific type or attachment. It appears to be random. Once this happens the system will only let him save that email to the Sent Items or to the root of his mail folder tree, but none of his sub-folders. (He has a folder at the same level as his Inbox named MailFolders. All incoming mail goes to his the Inbox, and he moves them to this folder tree. This tree is relatively wide - logs of folders off the root - but not very deep; the deepest branch is three folders deep.) Any ideas?? Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Weird OWA Cannot See Items Problem
We have a strange problem for which the symptoms look like those in 'Q267570 Unable to View Items in Inbox When Accessing OWA Through a Proxy Server Using Internet Explorer 5 or Later'. However, the details of our specific problem differ significantly, and therefore the fix in the Q doc is irrelevant. The situation: Servers: Exch2k sp3, Win2k sp3, relatively recently patched; workstations tested are Win2k and XP. One user having a problem. He opens up IE 6 on any workstation after logging on to the network as himself. Logs onto OWA on the server his mailbox is located (there is no front-end/back-end thing going on here; only a few users are aware of the URL for OWA and are using it just for testing the look-and-feel of OWA). No additional prompt for userid and password when connecting to Outlook via OWA, he gets right in. If he logs on to his workstation (only his workstation) and network using another user id, and then attempts to open his mailbox via OWA it prompts for a userid/password/domain and lets him in. He goes to any other workstation where the workstation is logged onto the net using some other userid. Opens up IE 6, logs onto OWA. No userid or password prompt, takes him to essentially the empty inbox described in the Q doc. No folder list available, no access to anything. However, if we attempt, on the same workstation, to use OWA to connect to any other Outlook mailbox, it prompts for the userid/password/domain, and assuming we have a set of credentials that has the appropriate access, it lets us in. Weird. Am I missing something really basic? Any ideas?? Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Securing the OWA Kiosk
I do not believe that many of our users would opt for OWA via VPN if they have Outlook available on the VPNd client, although I would not care either way. The key thing in that scenario is that the VPN is doing its security thing. Jon -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 5:44 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In fact, I've IP-limited OWA to external users only. We provide Outlook for a reason - we expect it to be used. As I said before, we do secure OWA with a multi-factor one time use authentication system (RSA's SecurID) which works well. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 1:38 PM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Mark, Thanks - interesting audit. If we decide to go forward with allowing non-VPN clients access to Outlook we will take a closer look at the product. Is anyone aware of similar products? A question for the group on a related topic: is it common practice to allow non-VPN clients to access Outlook via OWA, or do most companies require at least a VPN connection? Jon -Original Message- From: Mark Rotman [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 9:52 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Jon, You could have a look at this OWA audit for some more details. Be aware that the document is useful, but the issues in it (as well as your #1) are handled by Messageware's SecureLogoff product. http://www.messageware.net/audits/owa.html -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 3:22 PM To: Exchange Discussions Subject: Securing the OWA Kiosk How are folks handling the following potential security risks using OWA from unsecured workstations, such as a kiosk or library environment? 1. Cached web pages, etc. on the workstation. User walks away without closing the browser, the next user has access to the previous users' email. 2. Stealth keyboard capture program grabs userids and passwords. It seems like there is a common train of thought about remote OWA that 'It is only email, what is the worst that could happen?' My take is someone who has unauthorized access to email can potentially: - Get people fired; - Get people arrested; - Get companies/people sued; - Cost companies/people money. Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Securing the OWA Kiosk
NFuse as in nfuse,com? Never heard of them, so I just spent five minutes on their web site and based on what I read there I have no idea of what they do. Nice new-age menu system, though. Jon -Original Message- From: Martin Tuip [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 3:13 PM To: Exchange Discussions Subject: Re: Securing the OWA Kiosk What about pushing Outlook through NFuse ? -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org www.sharepointserver.com [EMAIL PROTECTED] -- - Original Message - From: Hansen, Eric [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Friday, December 13, 2002 6:07 PM Subject: RE: Securing the OWA Kiosk We use a VPN/terminal services combo, works good. -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 9:42 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk I do not believe that many of our users would opt for OWA via VPN if they have Outlook available on the VPNd client, although I would not care either way. The key thing in that scenario is that the VPN is doing its security thing. Jon -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 5:44 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In fact, I've IP-limited OWA to external users only. We provide Outlook for a reason - we expect it to be used. As I said before, we do secure OWA with a multi-factor one time use authentication system (RSA's SecurID) which works well. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 1:38 PM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Mark, Thanks - interesting audit. If we decide to go forward with allowing non-VPN clients access to Outlook we will take a closer look at the product. Is anyone aware of similar products? A question for the group on a related topic: is it common practice to allow non-VPN clients to access Outlook via OWA, or do most companies require at least a VPN connection? Jon -Original Message- From: Mark Rotman [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 9:52 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Jon, You could have a look at this OWA audit for some more details. Be aware that the document is useful, but the issues in it (as well as your #1) are handled by Messageware's SecureLogoff product. http://www.messageware.net/audits/owa.html -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 3:22 PM To: Exchange Discussions Subject: Securing the OWA Kiosk How are folks handling the following potential security risks using OWA from unsecured workstations, such as a kiosk or library environment? 1. Cached web pages, etc. on the workstation. User walks away without closing the browser, the next user has access to the previous users' email. 2. Stealth keyboard capture program grabs userids and passwords. It seems like there is a common train of thought about remote OWA that 'It is only email, what is the worst that could happen?' My take is someone who has unauthorized access to email can potentially: - Get people fired; - Get people arrested; - Get companies/people sued; - Cost companies/people money. Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource
RE: Securing the OWA Kiosk
Oh - now there is a company I've heard of. Thanks. Jon -Original Message- From: Andy Haigh [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 3:38 PM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Nfuse as in Citrix -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Saturday, 14 December 2002 10:37 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk NFuse as in nfuse,com? Never heard of them, so I just spent five minutes on their web site and based on what I read there I have no idea of what they do. Nice new-age menu system, though. Jon -Original Message- From: Martin Tuip [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 3:13 PM To: Exchange Discussions Subject: Re: Securing the OWA Kiosk What about pushing Outlook through NFuse ? -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org www.sharepointserver.com [EMAIL PROTECTED] -- - Original Message - From: Hansen, Eric [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Friday, December 13, 2002 6:07 PM Subject: RE: Securing the OWA Kiosk We use a VPN/terminal services combo, works good. -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 9:42 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk I do not believe that many of our users would opt for OWA via VPN if they have Outlook available on the VPNd client, although I would not care either way. The key thing in that scenario is that the VPN is doing its security thing. Jon -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 5:44 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In fact, I've IP-limited OWA to external users only. We provide Outlook for a reason - we expect it to be used. As I said before, we do secure OWA with a multi-factor one time use authentication system (RSA's SecurID) which works well. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 1:38 PM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Mark, Thanks - interesting audit. If we decide to go forward with allowing non-VPN clients access to Outlook we will take a closer look at the product. Is anyone aware of similar products? A question for the group on a related topic: is it common practice to allow non-VPN clients to access Outlook via OWA, or do most companies require at least a VPN connection? Jon -Original Message- From: Mark Rotman [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 9:52 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Jon, You could have a look at this OWA audit for some more details. Be aware that the document is useful, but the issues in it (as well as your #1) are handled by Messageware's SecureLogoff product. http://www.messageware.net/audits/owa.html -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 3:22 PM To: Exchange Discussions Subject: Securing the OWA Kiosk How are folks handling the following potential security risks using OWA from unsecured workstations, such as a kiosk or library environment? 1. Cached web pages, etc. on the workstation. User walks away without closing the browser, the next user has access to the previous users' email. 2. Stealth keyboard capture program grabs userids and passwords. It seems like there is a common train of thought about remote OWA that 'It is only email, what is the worst that could happen?' My take is someone who has unauthorized access to email can potentially: - Get people fired; - Get people arrested; - Get companies/people sued; - Cost companies/people money. Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED
RE: Securing the OWA Kiosk
Mark, Thanks - interesting audit. If we decide to go forward with allowing non-VPN clients access to Outlook we will take a closer look at the product. Is anyone aware of similar products? A question for the group on a related topic: is it common practice to allow non-VPN clients to access Outlook via OWA, or do most companies require at least a VPN connection? Jon -Original Message- From: Mark Rotman [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 9:52 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Jon, You could have a look at this OWA audit for some more details. Be aware that the document is useful, but the issues in it (as well as your #1) are handled by Messageware's SecureLogoff product. http://www.messageware.net/audits/owa.html -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 3:22 PM To: Exchange Discussions Subject: Securing the OWA Kiosk How are folks handling the following potential security risks using OWA from unsecured workstations, such as a kiosk or library environment? 1. Cached web pages, etc. on the workstation. User walks away without closing the browser, the next user has access to the previous users' email. 2. Stealth keyboard capture program grabs userids and passwords. It seems like there is a common train of thought about remote OWA that 'It is only email, what is the worst that could happen?' My take is someone who has unauthorized access to email can potentially: - Get people fired; - Get people arrested; - Get companies/people sued; - Cost companies/people money. Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Securing the OWA Kiosk
On the common practice follow-up question, I should have been a bit more concise by indicating that my question relates to users who are connecting to our corporate email system via the Internet, not internal users. Jon -Original Message- From: Martin, Jon Sent: Thursday, December 12, 2002 10:38 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Mark, Thanks - interesting audit. If we decide to go forward with allowing non-VPN clients access to Outlook we will take a closer look at the product. Is anyone aware of similar products? A question for the group on a related topic: is it common practice to allow non-VPN clients to access Outlook via OWA, or do most companies require at least a VPN connection? Jon -Original Message- From: Mark Rotman [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 9:52 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Jon, You could have a look at this OWA audit for some more details. Be aware that the document is useful, but the issues in it (as well as your #1) are handled by Messageware's SecureLogoff product. http://www.messageware.net/audits/owa.html -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 3:22 PM To: Exchange Discussions Subject: Securing the OWA Kiosk How are folks handling the following potential security risks using OWA from unsecured workstations, such as a kiosk or library environment? 1. Cached web pages, etc. on the workstation. User walks away without closing the browser, the next user has access to the previous users' email. 2. Stealth keyboard capture program grabs userids and passwords. It seems like there is a common train of thought about remote OWA that 'It is only email, what is the worst that could happen?' My take is someone who has unauthorized access to email can potentially: - Get people fired; - Get people arrested; - Get companies/people sued; - Cost companies/people money. Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Securing the OWA Kiosk
How are folks handling the following potential security risks using OWA from unsecured workstations, such as a kiosk or library environment? 1. Cached web pages, etc. on the workstation. User walks away without closing the browser, the next user has access to the previous users' email. 2. Stealth keyboard capture program grabs userids and passwords. It seems like there is a common train of thought about remote OWA that 'It is only email, what is the worst that could happen?' My take is someone who has unauthorized access to email can potentially: - Get people fired; - Get people arrested; - Get companies/people sued; - Cost companies/people money. Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Post Ex2k Migration Calendar Permissions Hosed
After migrating the mailboxes from Exchange 5.5 to Exchange 2000 (basically by bringing new Exchange 2000 servers into our Exchange 5.5 organization and then moving mailboxes from the 5.5 to 2000 servers) we have ended up with two outstanding problems that, to date, PSS has not been able to resolve. This is one of the two: In our organization the default calendar permission on all user calendars is Reviewer. (This was the default in our previous email system - PROFS/OV - and users wanted to keep this capability when we went to Exchange four years ago.) Post Exchange 5.5 to 2000 migration, a large number of user calendars (more than 25%, less than 50%) have permissions that include not only this default, but in addition the first 250 or so users in our address book now have specific permissions of Reviewer also. That is bad enough, but in addition, no one can actually review these user calendars. And, changes/deletions cannot be made though Outlook to these permission settings. Free/Busy info for the establishment of meetings still works. So far there is no fix. (Well, I can export the user's calendar entries to a PST file, then use the old pre-Outlook Exchange client to delete the calendar, then use Outlook with the /resetfolders option to re-create the calendar, and then import the PST file back in. This sounded viable when I thought the problem was five to ten users; now it looks more like upwards of 800-900 users.) MS PSS had me run through an ISINTEG -fix -test alltests run, which was exciting and all, but did not fix the problem. At this point, the 'why did this happen' aspect is much less important to me than the 'how do I fix it' question (we are not migrating back!). Any ideas?? Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange;ls.swynk.com Exchange List admin:[EMAIL PROTECTED]
Shared Calendar Appointment Ownership
Fallout from Exchange 5.5 to 2000 Upgrade Part II: After migrating the mailboxes from Exchange 5.5 to Exchange 2000 (basically by bringing new Exchange 2000 servers into our Exchange 5.5 organization and then moving mailboxes from the 5.5 to 2000 servers) we have ended up with two outstanding problems that, to date, PSS has not been able to resolve. This is one of the two: In Exchange 5.5 we utilized the delegate account method (Q169872) to deal with meetings that included shared resources. As part of the upgrade to Exchange 2000 we used the NTDSNoMatch attribute on these calendars to force the ADC to create disabled accounts for them. So far, so good; it worked as advertised. Now that we have migrated, on an apparently random basis, users cannot modify meetings that they scheduled on conference room calendars prior to the migration. Not all meetings on any calendar have this problem; not all meetings scheduled by any one user have this problem. Of course in the migrated system the default access permissions to conference room calendars is Author. Creating new meetings that include resource calendars is working fine. Behind the scenes, what has happened on the problematic meeting entries is that the Owner of the meeting is no longer the same as the Meeting Organizer; the Owner is the disabled conference room account instead. The meeting organizer tries to update the meeting, and gets a Your changes could not be saved because you don't have permission to modify some or all of the items in this folder So far the only 'fix' that works is to make the default calendar access permission on the conference rooms 'Editor'. In an organization or our size (60 resource accounts, 1700 users) that would create a disaster all its own. At this point, the 'why did this happen' aspect is much less important to me than the 'how do I fix it' question (we are not migrating back!). Any ideas?? Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange;ls.swynk.com Exchange List admin:[EMAIL PROTECTED]
RE: No more free/busy data?
The user may know more about their calendars than we do, but we have been directed by management to make as much calendar info available as possible to assist in creating a meeting. If you have to call a user who is blocking this info, it is a waste of time. We update their registry to make 12 months available at every log on. Jon -Original Message- From: Chris Jordan [mailto:Chris.Jordan;cmg.com] Sent: Wednesday, November 13, 2002 7:59 AM To: Exchange Discussions Subject: RE: No more free/busy data? You asked: why the hell do we want our users in control of when their calendars are available? The answer is because they know a lot more about their calendars than you do! Why would a user want some lowly e-mail admin controlling how much information they show?? -Original Message- From: Yanek Korff [mailto:yanek;cigital.com] Sent: 13 November 2002 15:36 To: Exchange Discussions Subject: RE: No more free/busy data? Yeah, I saw and read that article. The real problem here is that ... well... why the hell do we want our users in control of when their calendars are available? Seomtimes meetings need to be scheduled more than 1 month in advance -- so we make all users go into their settings and change them? I think not. I walk around to everybody's desk and change it for them? Also unacceptable. I load their profile and change it there? Nope, I don't want to do that either. There's got to be a better way... ? -Yanek. -Original Message- From: Tim Ault [mailto:timault;westat.com] Sent: Wednesday, November 13, 2002 09:43 To: Exchange Discussions Subject: RE: No more free/busy data? Any value in excess of 12 is ignored. Only 12 months of F/B info is available (10 months past and one month prior to the current day, plus the current month). ref: Q262812 Tim. x3683 -Original Message- From: Yanek Korff [mailto:yanek;cigital.com] Sent: Wednesday, November 13, 2002 8:55 AM To: Exchange Discussions Subject: RE: No more free/busy data? Well that was the first place I looked. Mine is set to 2 months, surely. However, I am one of the few individuals who has free/busy data available until the end of time (sometime in 4051 apparently). Why am I an exception (and no, I'm not making the appointment to check this)? There are other exceptions too but their free/busy is set to two months also. Why the discrepancy? Is it always the 1st of the month? I would have guessed that if today were the 13th (and so it is!) that free/busy data would be available until Jan 13, 2003. Is there any way to effect a corporate policy on this enforce it? -Yanek. -Original Message- From: Couch, Nate [mailto:nate.couch;eds.com] Sent: Wednesday, November 13, 2002 07:23 To: Exchange Discussions Subject: RE: No more free/busy data? Check their settings under Tools - Options - Calendar Options - Free/Busy Options. -Original Message- From: Yanek Korff [mailto:yanek;cigital.com] Sent: Tuesday, November 12, 2002 3:43 PM To: Exchange Discussions Subject: No more free/busy data? I noticed something odd today and I'm wondering why this is the case. When a user goes into their calendar and tries to set an appointment for anytime after Jan 1, 2003, the calendar displays No Information. Starting exactly on Jan 1, 2003. Mind you there are exceptions... SOME users have regular grey squares ad infinitum. What's going on here? -Yanek. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange;ls.swynk.com Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange;ls.swynk.com Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange;ls.swynk.com Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange;ls.swynk.com Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe:
RE: LDAP DN Question
Oops. According to Q276266, apparently not all of the developers at MS qualify as smart. Jon -Original Message- From: missy koslosky [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 19, 2002 6:40 AM To: Exchange Discussions Subject:Re: LDAP DN Question The \ is simply an escape character to differentiate the comma from a delimitor. Smart developers won't find this to be a problem. Missy - Original Message - From: Martin, Jon [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, June 18, 2002 5:58 PM Subject: LDAP DN Question In our current NT/Exchange 5.5 system, user display names are formatted as 'lastname, firstname'. In testing Win2k/Exch2k upgrades I noticed, using ADSI Edit, that the LDAP distinguished name for users ends up 'lastname\, firstname', with the slash thrown in to escape the comma character. There are references on various software development newsgroups that this slash in the DN occasionally causes headaches for developers. Has anyone seen this slash in the DN cause a problem in either Exchange or other applications that depend on LDAP? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Block Size
My theory: 1. Assuming you install the OS on a new drive, the boot/OS drive is in 4k blocks by default. You can probably pre-NTFS-format the drive in another machine with larger or smaller blocks, but you may create other issues by doing so. 2. Exchange writes to the database in 4k pages. Numerous Q docs mention this. Formatting the drive in 4k blocks may have a beneficial effect. 3. Best as I can tell, the transaction logs, which are 5mb each, are written to transaction by transaction. Use performance monitor or other tools to figure out what your average transaction size is (this assumes you have a system in place already to monitor), and make the block size the next size up from that (assuming your average transaction is not above 64k). This is just my theory . . . -Original Message- From: Marc Mearns [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 20, 2002 6:39 AM To: Exchange Discussions Subject:Block Size User Group We are using Exchange 2000 SP2 NT 2000 SP2 Can someone please point me to a document that will give me definitive answers to my questions below or can respond with positive answers: 1. What should the block size be for the Transaction logs (assuming that I have placed then on a different disk volume) 2. What should the block size be for the database taking into consideration that you have edb and stm files on the same volume. 3. What should the block size be for the operating system. 4. Can you please give an explanation as to why you would use the recommended block size for the above 3 questions. 5. Can anyone recommend a good TechNet article that covers this topic. Note I have looked on TechNet but have not really found anything concrete and on the user group archives. Regards Marc Mearns Mobile - 07775-630508 Office - 020 7695 0286 ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ( [EMAIL PROTECTED] ). The format of address is: [EMAIL PROTECTED] This footnote also confirms that this email message has been swept by MAILsweeper for the presence of computer viruses. J Sainsbury plc (185647 England) Sainsbury's Supermarkets Limited (3261722 England) Registered Offices: 33 Holborn London EC1N 2HT ** _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Allocation Unit (Cluster) Size Question
I don't use the word much, but this is an awesome book. Tweakers nit pickers will have months of fun implementing the millions of useful recommendations in this book. In the same way that you should not trust a default Windows implementation to be secure, you should not trust it to be optimized for performance, either. This book tells you why, and how to get the most from your hardware OS. And the answer to the original question is: I was close. Keep the write size (4k for Exchange db), cluster (allocation unit) size and RAID stripe size in sync. What I was not thinking of is the RAID stripe size applies to the amount of data written in one contiguous chunk to each disk in the array. There is a corollary number to plug into the equations - the stripe width, which is the number of drives in the array which data is written to. So if I read this correctly, you would want the RAID stripe size to be 4k divided by the stripe width. Keeping it simple, if you had four drives in a RAID 0 array, the correct stripe size to match the 4k Exchange database writes would be 1k. The fact no one would run Exchange in RAID 0, and that you would really have eight drives in a RAID 0/1 array does not change the optimum stripe size in this example. Additional performance? Sure. Enough to re-config a production box? Probably not, unless you have a high degree of tolerance for risk and pain. Good to know for new boxes, though. Now if we can just get someone to spend a bunch of time testing this all out in their lab, and report back. -Original Message- From: Martin, Jon Sent: Monday, June 17, 2002 4:17 PM To: Exchange Discussions Subject:RE: Allocation Unit (Cluster) Size Question Already on order. Thanks. Jon -Original Message- From: Ray Zorz [mailto:[EMAIL PROTECTED]] Sent: Monday, June 17, 2002 4:12 PM To: Exchange Discussions Subject: RE: Allocation Unit (Cluster) Size Question Then get the Curt Aubley book mentioned previously. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin, Jon Sent: Monday, June 17, 2002 4:01 PM To: Exchange Discussions Subject: RE: Allocation Unit (Cluster) Size Question Actually, my boss prefers that I get the most out of the money he spends on hardware and software. When I ask a group of knowledgeable folks a question concerning a little documented but potentially useful way to increase system performance, my boss sees that as a useful expenditure of my time. Trading shots with someone who has indicated she really doesn't know the answer probably would not meet his idea 'useful expenditure of time', but he will probably get over it. -Original Message- From: Baker, Jennifer [mailto:[EMAIL PROTECTED]] Sent: Monday, June 17, 2002 2:37 PM To: Exchange Discussions Subject: RE: Allocation Unit (Cluster) Size Question If performance is really an issue maybe you should consider different hardware configurations. For instance, RAID 0+1 instead of RAID5, use more disks in your RAID array to spread the data access, faster disks, higher end controllers with more R/W cache, etc. To worry about negligible performance (probably .01%) increases while investing actual productive time probably means you need your boss to assign you more work. Unless, of course the time you spend measuring all the differences in performance while tweaking your system with different configurations actually translates to no extra cost. -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Monday, June 17, 2002 12:55 PM To: Exchange Discussions Subject: RE: Allocation Unit (Cluster) Size Question Uh, if I understand you correctly, you are not much interested in tweaking a few easy (during system installation, anyways) settings to optimize (at no extra cost) the performance of your system. Jon -Original Message- From: Baker, Jennifer [mailto:[EMAIL PROTECTED]] Sent: Monday, June 17, 2002 11:32 AM To: Exchange Discussions Subject: RE: Allocation Unit (Cluster) Size Question If I understand you correctly, you are talking about some nit-picky settings that probably will have very little, if any, affect on performance. -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Monday, June 17, 2002 9:57 AM To: Exchange Discussions Subject: Allocation Unit (Cluster) Size Question Exchange writes to the database in 4k pages. This being the case, does it not make sense to format database drives in 4k Allocation Units (clusters)? And beyond that, since my RAID controller gives me the ability to control the stripe size, shouldn't make this 4k also? Get everyone (database, OS and hardware) in 4k harmony, so to speak. On a similar track regarding transaction logs, if we have valid information as to the average size of messages in our system, would there be a performance boost by configuring the transaction log drive to use clusters and stripes close to (but a little bigger
LDAP DN Question
In our current NT/Exchange 5.5 system, user display names are formatted as 'lastname, firstname'. In testing Win2k/Exch2k upgrades I noticed, using ADSI Edit, that the LDAP distinguished name for users ends up 'lastname\, firstname', with the slash thrown in to escape the comma character. There are references on various software development newsgroups that this slash in the DN occasionally causes headaches for developers. Has anyone seen this slash in the DN cause a problem in either Exchange or other applications that depend on LDAP? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: NT to AD Backout Problem
Basically your suggestion is correct, but if you have 800 Win2k workstations you can appreciate the technical, logistical and PR problem this would create. The problem and solution is thus: The problem: Win2k workstations, once given the opportunity to speak Win2k AD/Kerberos to a Win2k AD DC, will not automatically go back to WinNT/NTLM stuff. In a default upgrade scenario, if we put the old NT PDC back online because of some catastrophic problem during the AD upgrade, we would have to do the 'add to workgroup/add to domain' kind of thing. The solution: Prior to running the DCPROMO part of the NT to AD upgrade use your favorite registry editing tool to go the HKLM/System/CCS/Service/Netlogon/Parameters key and add the following REG_DWORD value: NT4Emulator = 1. This can be done on the NT PDC prior to starting the Win2k upgrade, or after the OS part of the Win2k upgrade but prior to the DCPROMO stuff. This hack is detailed in Q298713 and Q284937. It basically presents an NT front to clients from Win2k AD DCs, and is intended as a short-term fix for situations such as this. You would not keep this hack active for an extended period of time. Additionally, it prevents some types of communications that you would prefer to succeed, such as trying to promote another Win2k server to a DC in the new AD world. To get around that you go to the server you want to communicate with your new DC and add, in the same HKLM/System/CCS/Service/Netlogon/Parameters key, the REG_DWORD value NeutralizeNT4Emulator = 1. In our case, the window where any kind of backout would be contemplated is not big - two or three days at most. After that, kill the registry entries. This has been tested in our lab - what could go wrong?? Jon -Original Message- From: kanee [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 5:10 PM To: Exchange Discussions Subject: RE: NT to AD Backout Problem you need to remove those win2k workstations out of the domain into a workgroup, then reboot, then readd them back to the domain, this time when you add them to the domain they will pick up the correct nt domain from your nt servers. Even though your domain is the same name , win2k workstations have to be removed from the domain because they have a domain sid assigned in their registry which points to the win2k DC, since you took the win2k dc's offline, the win2k servers still are looking for that domain sid and your nt server does not have the same domain sid and thus the message trust has been broken. Remove them from the domain and add them back and all your win2k workstations will be fine. Let me know if that helped. thx -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 3:06 PM To: Exchange Discussions Subject: RE: NT to AD Backout Problem My gut feel is that you'd have better luck promoting one of the BDCs to PDC for backout. -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 10:48 AM To: Exchange Discussions Subject: NT to AD Backout Problem More of an NT/AD than an Exchange issue, but we're only going to AD to get to Exchange 2000, so here goes: As part of planning our migration from our current single NT domain to a single-forest, single-domain active directory, a plan to back out this upgrade in case of unforeseen problems is being developed and tested. The upgrade plan goes something like this: - Create a new NT BDC on new hardware. - Take the production NT PDC offline prior to the AD upgrade. - Promote a new BDC to the PDC. - Upgrade the PDC to AD This is all done using the same netbios domain name in AD as we had in NT, and an internal DNS namespace name that happens to be the same as our WinNT/AD domain name. And, it works great. But, just in case it does not go as well in the real world as it does in our lab, we have the following as a backout plan: - Take the new AD DC(s) offline - Put the old PDC online. - Re-sync the NT domain So far, so good. It all works great - everyone can log back on to the old NT domain and keep going while I figure out what went wrong. Well there is one exception: Windows 2000 workstations and member servers cannot log on - they get a 'Broken trust relationship with the domain controller' message at log on. Win9x and NT boxes have no problem. Any ideas?? Much thanks for any assist. Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe
NT to AD Backout Problem
More of an NT/AD than an Exchange issue, but we're only going to AD to get to Exchange 2000, so here goes: As part of planning our migration from our current single NT domain to a single-forest, single-domain active directory, a plan to back out this upgrade in case of unforeseen problems is being developed and tested. The upgrade plan goes something like this: - Create a new NT BDC on new hardware. - Take the production NT PDC offline prior to the AD upgrade. - Promote a new BDC to the PDC. - Upgrade the PDC to AD This is all done using the same netbios domain name in AD as we had in NT, and an internal DNS namespace name that happens to be the same as our WinNT/AD domain name. And, it works great. But, just in case it does not go as well in the real world as it does in our lab, we have the following as a backout plan: - Take the new AD DC(s) offline - Put the old PDC online. - Re-sync the NT domain So far, so good. It all works great - everyone can log back on to the old NT domain and keep going while I figure out what went wrong. Well there is one exception: Windows 2000 workstations and member servers cannot log on - they get a 'Broken trust relationship with the domain controller' message at log on. Win9x and NT boxes have no problem. Any ideas?? Much thanks for any assist. Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]