RE: Named Property Limit
That does help a little. I'm still confused though on what the named property list is even used for? We do have Event ID: 9667 over and over again for our Storage Group 7. Failed to create a new named property for database SG7\MDB7 because the number of named properties reached the quota limit (9274). User attempting to create the named property: EXCH-HUB$ Named property GUID: 00020386---c000-0046 Named property name/id: x-hostmaurice-mailscanner-information For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. How did you put a user name to your violators? Did you match the GUID somehow? From: Alex Fontana [mailto:afontana...@gmail.com] Sent: Friday, March 20, 2009 1:05 AM To: MS-Exchange Admin Issues Subject: Re: Named Property Limit Seems this turned into a b-ch fest rather than answering your original question...;-) While I agree this is a ridiculous characteristic in the design and one that opens us up for DoS attacks (eventually), it is what it is and we need to figure out how to work around it. You have a few options; increase the limit, move users off, or find out what is causing it and stop it. My first suggestion is to take inventory of where your databases are as far as named props are concerned, you need to expose some IS counters to see this info, but it'll give you an understanding on whether it's widespread or concentrated on a set of databases (or users). Next start monitoring your event logs. An event ID is logged by default each time a new named prop is added (event id 9873 I believe) and when the quota's been reached (9666, 7, 8, 9). This can help you track down the culprit. Note, the initial limit reached is the default quota...not the limit. My understanding is that when the hard limit (32k) is reached the database will dismount and you will have to restore from backup and move users off. In my situation I found that less than a dozen users were creating hundreds of named props daily for weeks. This was the result of an open source imap client called offlineIMAP. This client is used to bidirectionally synch messages via IMAP. It does this by creating a unique X-header for EVERY message that comes in, as opposed to a single X-header with a specific value. After finding this out I reached out to the users, and being the ridiculously intelligent (and curious) crew they are they crafted a patch for offlineIMAP (http://software.complete.org/software/issues/show/114). Hope this helps. -alex ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Named Property Limit
Another quick question. Is there any way to see how close we are to the 32k hard limit today? From: Alex Fontana [mailto:afontana...@gmail.com] Sent: Friday, March 20, 2009 1:05 AM To: MS-Exchange Admin Issues Subject: Re: Named Property Limit Seems this turned into a b-ch fest rather than answering your original question...;-) While I agree this is a ridiculous characteristic in the design and one that opens us up for DoS attacks (eventually), it is what it is and we need to figure out how to work around it. You have a few options; increase the limit, move users off, or find out what is causing it and stop it. My first suggestion is to take inventory of where your databases are as far as named props are concerned, you need to expose some IS counters to see this info, but it'll give you an understanding on whether it's widespread or concentrated on a set of databases (or users). Next start monitoring your event logs. An event ID is logged by default each time a new named prop is added (event id 9873 I believe) and when the quota's been reached (9666, 7, 8, 9). This can help you track down the culprit. Note, the initial limit reached is the default quota...not the limit. My understanding is that when the hard limit (32k) is reached the database will dismount and you will have to restore from backup and move users off. In my situation I found that less than a dozen users were creating hundreds of named props daily for weeks. This was the result of an open source imap client called offlineIMAP. This client is used to bidirectionally synch messages via IMAP. It does this by creating a unique X-header for EVERY message that comes in, as opposed to a single X-header with a specific value. After finding this out I reached out to the users, and being the ridiculously intelligent (and curious) crew they are they crafted a patch for offlineIMAP (http://software.complete.org/software/issues/show/114). Hope this helps. -alex ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Named Property Limit
You can use the perfmons at the bottom of this: http://technet.microsoft.com/en-us/library/bb851495.aspx On Fri, Mar 20, 2009 at 8:30 AM, McCready, Robert rob.mccrea...@dplinc.comwrote: Another quick question. Is there any way to see how close we are to the 32k hard limit today? -- *From:* Alex Fontana [mailto:afontana...@gmail.com] *Sent:* Friday, March 20, 2009 1:05 AM *To:* MS-Exchange Admin Issues *Subject:* Re: Named Property Limit Seems this turned into a b-ch fest rather than answering your original question...;-) While I agree this is a ridiculous characteristic in the design and one that opens us up for DoS attacks (eventually), it is what it is and we need to figure out how to work around it. You have a few options; increase the limit, move users off, or find out what is causing it and stop it. My first suggestion is to take inventory of where your databases are as far as named props are concerned, you need to expose some IS counters to see this info, but it'll give you an understanding on whether it's widespread or concentrated on a set of databases (or users). Next start monitoring your event logs. An event ID is logged by default each time a new named prop is added (event id 9873 I believe) and when the quota's been reached (9666, 7, 8, 9). This can help you track down the culprit. Note, the initial limit reached is the default quota...not the limit. My understanding is that when the hard limit (32k) is reached the database will dismount and you will have to restore from backup and move users off. In my situation I found that less than a dozen users were creating hundreds of named props daily for weeks. This was the result of an open source imap client called offlineIMAP. This client is used to bidirectionally synch messages via IMAP. It does this by creating a unique X-header for EVERY message that comes in, as opposed to a single X-header with a specific value. After finding this out I reached out to the users, and being the ridiculously intelligent (and curious) crew they are they crafted a patch for offlineIMAP (http://software.complete.org/software/issues/show/114). Hope this helps. -alex ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Named Property Limit
Set your limit to somewhat less than the hard limit as per the technet articles and wait for your eventlog to fill up :-) Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: pran...@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From: McCready, Robert [mailto:rob.mccrea...@dplinc.com] Sent: 20 March 2009 12:31 To: MS-Exchange Admin Issues Subject: RE: Named Property Limit Another quick question. Is there any way to see how close we are to the 32k hard limit today? From: Alex Fontana [mailto:afontana...@gmail.com] Sent: Friday, March 20, 2009 1:05 AM To: MS-Exchange Admin Issues Subject: Re: Named Property Limit Seems this turned into a b-ch fest rather than answering your original question...;-) While I agree this is a ridiculous characteristic in the design and one that opens us up for DoS attacks (eventually), it is what it is and we need to figure out how to work around it. You have a few options; increase the limit, move users off, or find out what is causing it and stop it. My first suggestion is to take inventory of where your databases are as far as named props are concerned, you need to expose some IS counters to see this info, but it'll give you an understanding on whether it's widespread or concentrated on a set of databases (or users). Next start monitoring your event logs. An event ID is logged by default each time a new named prop is added (event id 9873 I believe) and when the quota's been reached (9666, 7, 8, 9). This can help you track down the culprit. Note, the initial limit reached is the default quota...not the limit. My understanding is that when the hard limit (32k) is reached the database will dismount and you will have to restore from backup and move users off. In my situation I found that less than a dozen users were creating hundreds of named props daily for weeks. This was the result of an open source imap client called offlineIMAP. This client is used to bidirectionally synch messages via IMAP. It does this by creating a unique X-header for EVERY message that comes in, as opposed to a single X-header with a specific value. After finding this out I reached out to the users, and being the ridiculously intelligent (and curious) crew they are they crafted a patch for offlineIMAP (http://software.complete.org/software/issues/show/114). Hope this helps. -alex ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Named Property Limit
For those running Exchange 2007. http://www.codeplex.com/HeaderFilterAgent Header filter agent that will strip all x-headers from incoming internet email. From: Randal, Phil [mailto:pran...@herefordshire.gov.uk] Sent: Friday, March 20, 2009 12:20 PM To: MS-Exchange Admin Issues Subject: RE: Named Property Limit Set your limit to somewhat less than the hard limit as per the technet articles and wait for your eventlog to fill up :-) Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: pran...@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From: McCready, Robert [mailto:rob.mccrea...@dplinc.com] Sent: 20 March 2009 12:31 To: MS-Exchange Admin Issues Subject: RE: Named Property Limit Another quick question. Is there any way to see how close we are to the 32k hard limit today? From: Alex Fontana [mailto:afontana...@gmail.com] Sent: Friday, March 20, 2009 1:05 AM To: MS-Exchange Admin Issues Subject: Re: Named Property Limit Seems this turned into a b-ch fest rather than answering your original question...;-) While I agree this is a ridiculous characteristic in the design and one that opens us up for DoS attacks (eventually), it is what it is and we need to figure out how to work around it. You have a few options; increase the limit, move users off, or find out what is causing it and stop it. My first suggestion is to take inventory of where your databases are as far as named props are concerned, you need to expose some IS counters to see this info, but it'll give you an understanding on whether it's widespread or concentrated on a set of databases (or users). Next start monitoring your event logs. An event ID is logged by default each time a new named prop is added (event id 9873 I believe) and when the quota's been reached (9666, 7, 8, 9). This can help you track down the culprit. Note, the initial limit reached is the default quota...not the limit. My understanding is that when the hard limit (32k) is reached the database will dismount and you will have to restore from backup and move users off. In my situation I found that less than a dozen users were creating hundreds of named props daily for weeks. This was the result of an open source imap client called offlineIMAP. This client is used to bidirectionally synch messages via IMAP. It does this by creating a unique X-header for EVERY message that comes in, as opposed to a single X-header with a specific value. After finding this out I reached out to the users, and being the ridiculously intelligent (and curious) crew they are they crafted a patch for offlineIMAP (http://software.complete.org/software/issues/show/114). Hope this helps. -alex ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Smart Host vs SMTP connector
Is there anyone that has any ideas? _ From: John Stevens [mailto:j...@js-internet.co.uk] Sent: 20 March 2009 03:02 To: MS-Exchange Admin Issues Subject: RE: Smart Host vs SMTP connector Presumably, I can just remove the new server as a member of the existing routing group and that will force the server to use the smart host on the smtp virtual server Is this the best way or should I be creating an additional smtp connector just for this server and specify the address spaces that are being used for this server? _ From: John Stevens [mailto:j...@js-internet.co.uk] Sent: 20 March 2009 02:35 To: MS-Exchange Admin Issues Subject: Smart Host vs SMTP connector Folks I have installed an additional Exchange 2003 server into our environment for a specific role of mailboxes that will be created on this server will have a completely different smtp address and inbound and outbound routing of mail will go via a separate link. i.e. via a third party who are doing some filtering and AV/Content/Spam scanning etc I have created an additional recipient policy and set the filter to pick up users created on this new server. However, regarding the routing of the outbound mail, I don't want it to use the SMTP connector that is already installed for the other servers in the existing routing group. I want to ensure that it passes outbound through the to the third party server. Would I just add the fqdn or IP address in the smart host on the smtp virtual server on this new server or will the SMTP connector over-ride it and take precedence. I have read somewhere that it does. Can anyone explain the best way forward for this? Thanks John ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Named Property Limit
Had me concerned for a moment. Glad it has a whitelist, as some X- headers are useful, and perhaps even necessary. On Fri, Mar 20, 2009 at 10:03, Schwartz, Jim jschwa...@bbandt.com wrote: For those running Exchange 2007. http://www.codeplex.com/HeaderFilterAgent Header filter agent that will strip all x-headers from incoming internet email. From: Randal, Phil [mailto:pran...@herefordshire.gov.uk] Sent: Friday, March 20, 2009 12:20 PM To: MS-Exchange Admin Issues Subject: RE: Named Property Limit Set your limit to somewhat less than the hard limit as per the technet articles and wait for your eventlog to fill up :-) Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: pran...@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From: McCready, Robert [mailto:rob.mccrea...@dplinc.com] Sent: 20 March 2009 12:31 To: MS-Exchange Admin Issues Subject: RE: Named Property Limit Another quick question. Is there any way to see how close we are to the 32k hard limit today? From: Alex Fontana [mailto:afontana...@gmail.com] Sent: Friday, March 20, 2009 1:05 AM To: MS-Exchange Admin Issues Subject: Re: Named Property Limit Seems this turned into a b-ch fest rather than answering your original question...;-) While I agree this is a ridiculous characteristic in the design and one that opens us up for DoS attacks (eventually), it is what it is and we need to figure out how to work around it. You have a few options; increase the limit, move users off, or find out what is causing it and stop it. My first suggestion is to take inventory of where your databases are as far as named props are concerned, you need to expose some IS counters to see this info, but it'll give you an understanding on whether it's widespread or concentrated on a set of databases (or users). Next start monitoring your event logs. An event ID is logged by default each time a new named prop is added (event id 9873 I believe) and when the quota's been reached (9666, 7, 8, 9). This can help you track down the culprit. Note, the initial limit reached is the default quota...not the limit. My understanding is that when the hard limit (32k) is reached the database will dismount and you will have to restore from backup and move users off. In my situation I found that less than a dozen users were creating hundreds of named props daily for weeks. This was the result of an open source imap client called offlineIMAP. This client is used to bidirectionally synch messages via IMAP. It does this by creating a unique X-header for EVERY message that comes in, as opposed to a single X-header with a specific value. After finding this out I reached out to the users, and being the ridiculously intelligent (and curious) crew they are they crafted a patch for offlineIMAP (http://software.complete.org/software/issues/show/114). Hope this helps. -alex ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Smart Host vs SMTP connector
Using a connector is the best practice. You don't really need a whole separate server to accomplish the objective, I don't think. From: John Stevens [mailto:j...@js-internet.co.uk] Sent: Friday, March 20, 2009 2:05 PM To: MS-Exchange Admin Issues Subject: RE: Smart Host vs SMTP connector Is there anyone that has any ideas? _ From: John Stevens [mailto:j...@js-internet.co.uk] Sent: 20 March 2009 03:02 To: MS-Exchange Admin Issues Subject: RE: Smart Host vs SMTP connector Presumably, I can just remove the new server as a member of the existing routing group and that will force the server to use the smart host on the smtp virtual server Is this the best way or should I be creating an additional smtp connector just for this server and specify the address spaces that are being used for this server? _ From: John Stevens [mailto:j...@js-internet.co.uk] Sent: 20 March 2009 02:35 To: MS-Exchange Admin Issues Subject: Smart Host vs SMTP connector Folks I have installed an additional Exchange 2003 server into our environment for a specific role of mailboxes that will be created on this server will have a completely different smtp address and inbound and outbound routing of mail will go via a separate link. i.e. via a third party who are doing some filtering and AV/Content/Spam scanning etc I have created an additional recipient policy and set the filter to pick up users created on this new server. However, regarding the routing of the outbound mail, I don't want it to use the SMTP connector that is already installed for the other servers in the existing routing group. I want to ensure that it passes outbound through the to the third party server. Would I just add the fqdn or IP address in the smart host on the smtp virtual server on this new server or will the SMTP connector over-ride it and take precedence. I have read somewhere that it does. Can anyone explain the best way forward for this? Thanks John ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
OWA and ISA
Any suggestions greatly appreciated. We have ISA 2006 in front of Exchange 2003 OWA. Split DNS but same internal and external names. On the exchange box, our free StartCom certificate expired today. We have purchased a DigiCert wildcard cert last year for some other stuff and as the StartCom is not trusted by many browsers. I've had the DigiCert cert on the ISA server for a long time and outside users were working fine. Internal users hitting the OWA directly worked but they got the certificate not trusted warning. Today, I've tried using the new wildcard certificate on the Exchange server. Now internal users are working normally, no prompt about the certificate not being trusted. Life is good, except. Outside users can't log in. The get an error about target principle name incorrect. OWA works fine on the isa server, doesn't complain about the cert and it is using the exchange cert. I've googled and played with the host header settings but nothing seems to make a difference. Thanks. Glen. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Named Property Limit
Please forgive me if I appear stupid. Am I reading this whole thread correctly ? Every time exchange 2007 encounters an email with a X-header that it hasn't seen before, it creates a new named property in the table. I'm looking at the amount of x-headers in my inbound emails, 32,000 could very soon become depleted when we implement exchange 2007. I hope Microsoft are planning on resolving this.. Cheers Matt From: Randal, Phil [mailto:pran...@herefordshire.gov.uk] Sent: 20 March 2009 16:20 To: MS-Exchange Admin Issues Subject: RE: Named Property Limit Set your limit to somewhat less than the hard limit as per the technet articles and wait for your eventlog to fill up :-) Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: pran...@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From: McCready, Robert [mailto:rob.mccrea...@dplinc.com] Sent: 20 March 2009 12:31 To: MS-Exchange Admin Issues Subject: RE: Named Property Limit Another quick question. Is there any way to see how close we are to the 32k hard limit today? From: Alex Fontana [mailto:afontana...@gmail.com] Sent: Friday, March 20, 2009 1:05 AM To: MS-Exchange Admin Issues Subject: Re: Named Property Limit Seems this turned into a b-ch fest rather than answering your original question...;-) While I agree this is a ridiculous characteristic in the design and one that opens us up for DoS attacks (eventually), it is what it is and we need to figure out how to work around it. You have a few options; increase the limit, move users off, or find out what is causing it and stop it. My first suggestion is to take inventory of where your databases are as far as named props are concerned, you need to expose some IS counters to see this info, but it'll give you an understanding on whether it's widespread or concentrated on a set of databases (or users). Next start monitoring your event logs. An event ID is logged by default each time a new named prop is added (event id 9873 I believe) and when the quota's been reached (9666, 7, 8, 9). This can help you track down the culprit. Note, the initial limit reached is the default quota...not the limit. My understanding is that when the hard limit (32k) is reached the database will dismount and you will have to restore from backup and move users off. In my situation I found that less than a dozen users were creating hundreds of named props daily for weeks. This was the result of an open source imap client called offlineIMAP. This client is used to bidirectionally synch messages via IMAP. It does this by creating a unique X-header for EVERY message that comes in, as opposed to a single X-header with a specific value. After finding this out I reached out to the users, and being the ridiculously intelligent (and curious) crew they are they crafted a patch for offlineIMAP (http://software.complete.org/software/issues/show/114). Hope this helps. -alex _ This e-mail (including all attachments) is confidential and may be privileged. It is for the exclusive use of the addressee only. If you are not the addressee, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately at h...@generalatlantic.com mailto:h...@generalatlantic.com. Thank You. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: OWA and ISA
I vaguely remember something about wildcard certs not working properly with Outlook Anywhere/RPC over HTTP. Thanks, Jeremy Phillips From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, March 20, 2009 1:12 PM To: MS-Exchange Admin Issues Subject: OWA and ISA Any suggestions greatly appreciated. We have ISA 2006 in front of Exchange 2003 OWA. Split DNS but same internal and external names. On the exchange box, our free StartCom certificate expired today. We have purchased a DigiCert wildcard cert last year for some other stuff and as the StartCom is not trusted by many browsers. I've had the DigiCert cert on the ISA server for a long time and outside users were working fine. Internal users hitting the OWA directly worked but they got the certificate not trusted warning. Today, I've tried using the new wildcard certificate on the Exchange server. Now internal users are working normally, no prompt about the certificate not being trusted. Life is good, except. Outside users can't log in. The get an error about target principle name incorrect. OWA works fine on the isa server, doesn't complain about the cert and it is using the exchange cert. I've googled and played with the host header settings but nothing seems to make a difference. Thanks. Glen. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: OWA and ISA
I just got it working. Had to take the host name off the setting where it says site to publish. We aren't using outlook anywhere or RPC over HTTP. Thanks anyway and now I can go home and have a good weekend. Glen. From: Jeremy Phillips [mailto:jeremy.phill...@azaleos.com] Sent: Friday, March 20, 2009 4:20 PM To: MS-Exchange Admin Issues Subject: RE: OWA and ISA I vaguely remember something about wildcard certs not working properly with Outlook Anywhere/RPC over HTTP. Thanks, Jeremy Phillips From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, March 20, 2009 1:12 PM To: MS-Exchange Admin Issues Subject: OWA and ISA Any suggestions greatly appreciated. We have ISA 2006 in front of Exchange 2003 OWA. Split DNS but same internal and external names. On the exchange box, our free StartCom certificate expired today. We have purchased a DigiCert wildcard cert last year for some other stuff and as the StartCom is not trusted by many browsers. I've had the DigiCert cert on the ISA server for a long time and outside users were working fine. Internal users hitting the OWA directly worked but they got the certificate not trusted warning. Today, I've tried using the new wildcard certificate on the Exchange server. Now internal users are working normally, no prompt about the certificate not being trusted. Life is good, except. Outside users can't log in. The get an error about target principle name incorrect. OWA works fine on the isa server, doesn't complain about the cert and it is using the exchange cert. I've googled and played with the host header settings but nothing seems to make a difference. Thanks. Glen. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: OWA and ISA
Does the Subject alternate name (SAN) on the certificate also show the wildcard details eg *.domain.com Also when you exported the certificate, did you export the entire certificate chain, using the certificates mmc, rather than using IIS manager to export the certificate When you test the rule in ISA do you get any errors ? Cheers Matt From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: 20 March 2009 20:12 To: MS-Exchange Admin Issues Subject: OWA and ISA Any suggestions greatly appreciated. We have ISA 2006 in front of Exchange 2003 OWA. Split DNS but same internal and external names. On the exchange box, our free StartCom certificate expired today. We have purchased a DigiCert wildcard cert last year for some other stuff and as the StartCom is not trusted by many browsers. I've had the DigiCert cert on the ISA server for a long time and outside users were working fine. Internal users hitting the OWA directly worked but they got the certificate not trusted warning. Today, I've tried using the new wildcard certificate on the Exchange server. Now internal users are working normally, no prompt about the certificate not being trusted. Life is good, except. Outside users can't log in. The get an error about target principle name incorrect. OWA works fine on the isa server, doesn't complain about the cert and it is using the exchange cert. I've googled and played with the host header settings but nothing seems to make a difference. Thanks. Glen. _ This e-mail (including all attachments) is confidential and may be privileged. It is for the exclusive use of the addressee only. If you are not the addressee, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately at h...@generalatlantic.com mailto:h...@generalatlantic.com. Thank You. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Named Property Limit
This is not new in Exchange 2007. Same behavior exists in Exchange 2003. And the table is unique per Information Store. --James On 3/20/09, Davies,Matt mdav...@generalatlantic.com wrote: Please forgive me if I appear stupid. Am I reading this whole thread correctly ? Every time exchange 2007 encounters an email with a X-header that it hasn't seen before, it creates a new named property in the table. I'm looking at the amount of x-headers in my inbound emails, 32,000 could very soon become depleted when we implement exchange 2007. I hope Microsoft are planning on resolving this.. Cheers Matt From: Randal, Phil [mailto:pran...@herefordshire.gov.uk] Sent: 20 March 2009 16:20 To: MS-Exchange Admin Issues Subject: RE: Named Property Limit Set your limit to somewhat less than the hard limit as per the technet articles and wait for your eventlog to fill up :-) Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: pran...@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From: McCready, Robert [mailto:rob.mccrea...@dplinc.com] Sent: 20 March 2009 12:31 To: MS-Exchange Admin Issues Subject: RE: Named Property Limit Another quick question. Is there any way to see how close we are to the 32k hard limit today? From: Alex Fontana [mailto:afontana...@gmail.com] Sent: Friday, March 20, 2009 1:05 AM To: MS-Exchange Admin Issues Subject: Re: Named Property Limit Seems this turned into a b-ch fest rather than answering your original question...;-) While I agree this is a ridiculous characteristic in the design and one that opens us up for DoS attacks (eventually), it is what it is and we need to figure out how to work around it. You have a few options; increase the limit, move users off, or find out what is causing it and stop it. My first suggestion is to take inventory of where your databases are as far as named props are concerned, you need to expose some IS counters to see this info, but it'll give you an understanding on whether it's widespread or concentrated on a set of databases (or users). Next start monitoring your event logs. An event ID is logged by default each time a new named prop is added (event id 9873 I believe) and when the quota's been reached (9666, 7, 8, 9). This can help you track down the culprit. Note, the initial limit reached is the default quota...not the limit. My understanding is that when the hard limit (32k) is reached the database will dismount and you will have to restore from backup and move users off. In my situation I found that less than a dozen users were creating hundreds of named props daily for weeks. This was the result of an open source imap client called offlineIMAP. This client is used to bidirectionally synch messages via IMAP. It does this by creating a unique X-header for EVERY message that comes in, as opposed to a single X-header with a specific value. After finding this out I reached out to the users, and being the ridiculously intelligent (and curious) crew they are they crafted a patch for offlineIMAP (http://software.complete.org/software/issues/show/114). Hope this helps. -alex _ This e-mail (including all attachments) is confidential and may be privileged. It is for the exclusive use of the addressee only. If you are not the addressee, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately at h...@generalatlantic.com mailto:h...@generalatlantic.com. Thank You. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- Sent from my mobile device ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Named Property Limit
I'm surprised I have never seem this error before exchange 2003 Perhaps there is hope after all -Original Message- From: James Wells [mailto:jam...@gmail.com] Sent: 20 March 2009 20:39 To: MS-Exchange Admin Issues Subject: Re: Named Property Limit This is not new in Exchange 2007. Same behavior exists in Exchange 2003. And the table is unique per Information Store. --James On 3/20/09, Davies,Matt mdav...@generalatlantic.com wrote: Please forgive me if I appear stupid. Am I reading this whole thread correctly ? Every time exchange 2007 encounters an email with a X-header that it hasn't seen before, it creates a new named property in the table. I'm looking at the amount of x-headers in my inbound emails, 32,000 could very soon become depleted when we implement exchange 2007. I hope Microsoft are planning on resolving this.. Cheers Matt From: Randal, Phil [mailto:pran...@herefordshire.gov.uk] Sent: 20 March 2009 16:20 To: MS-Exchange Admin Issues Subject: RE: Named Property Limit Set your limit to somewhat less than the hard limit as per the technet articles and wait for your eventlog to fill up :-) Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: pran...@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From: McCready, Robert [mailto:rob.mccrea...@dplinc.com] Sent: 20 March 2009 12:31 To: MS-Exchange Admin Issues Subject: RE: Named Property Limit Another quick question. Is there any way to see how close we are to the 32k hard limit today? From: Alex Fontana [mailto:afontana...@gmail.com] Sent: Friday, March 20, 2009 1:05 AM To: MS-Exchange Admin Issues Subject: Re: Named Property Limit Seems this turned into a b-ch fest rather than answering your original question...;-) While I agree this is a ridiculous characteristic in the design and one that opens us up for DoS attacks (eventually), it is what it is and we need to figure out how to work around it. You have a few options; increase the limit, move users off, or find out what is causing it and stop it. My first suggestion is to take inventory of where your databases are as far as named props are concerned, you need to expose some IS counters to see this info, but it'll give you an understanding on whether it's widespread or concentrated on a set of databases (or users). Next start monitoring your event logs. An event ID is logged by default each time a new named prop is added (event id 9873 I believe) and when the quota's been reached (9666, 7, 8, 9). This can help you track down the culprit. Note, the initial limit reached is the default quota...not the limit. My understanding is that when the hard limit (32k) is reached the database will dismount and you will have to restore from backup and move users off. In my situation I found that less than a dozen users were creating hundreds of named props daily for weeks. This was the result of an open source imap client called offlineIMAP. This client is used to bidirectionally synch messages via IMAP. It does this by creating a unique X-header for EVERY message that comes in, as opposed to a single X-header with a specific value. After finding this out I reached out to the users, and being the ridiculously intelligent (and curious) crew they are they crafted a patch for offlineIMAP (http://software.complete.org/software/issues/show/114). Hope this helps. -alex _ This e-mail (including all attachments) is confidential and may be privileged. It is for the exclusive use of the addressee only. If you are not the addressee, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately at h...@generalatlantic.com mailto:h...@generalatlantic.com. Thank You. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- Sent from
