14-10 Chapter 14 Troubleshooting Microsoft Exchange Server 2003
Sometimes an X.400 connector is the solution rather than the problem. By default,
Exchange Server 2003 routing groups are connected by routing connectors. If, how-
ever, the connection is unreliable or non-persistent (a demand-dial connection, for
example), then transfer reliability can be improved by using an X.400 connection,
which uses message-based data transfer rather than remote procedure call (RPC).
You also need to take care how you specify encoding formats for your POP3 and Inter-
net Message Protocol version 4 (IMAP4) clients on the relevant virtual servers. This was
discussed in Chapter 9, “Virtual Servers.” If your clients use UNIX to UNIX encoding
(uuencode), then your virtual servers need to be set up appropriately. For Macintosh
clients, you need to specify uuencode and then select BinHex for Macintosh.
Microsoft Outlook users tend to take calendaring for granted because it is a built-in
Outlook function. However, the Calendar Connector’s properties are set not to syn-
chronize calendar data by default. Thus when Outlook users attempt to view the
schedules of users on foreign systems, for example Lotus Notes, the information could
be out of date.
Exam Tip If you get a question about interaction with a foreign system, read it carefully to
determine if you are getting no communication with the foreign system, in which case a con-
nector is down or a virtual server has failed. If, on the other hand, you are getting a connec-
tion but the messages are garbled, then the encoding format may be specified incorrectly.
Practice: Using the Netdiag and Dcdiag Command-Line Utilities
The netdiag utility tests network connectivity. The tool lets you specify a number of
optional parameters, such as /test: to run a specific test and /d: to specify a domain.
However, it is typically run either with no parameters or with the /fix switch to repair
minor errors and the /debug switch to give detailed output. The output from the tool
can be redirected to a text file for analysis.
The dcdiag utility is mainly used to test domain controller operation, but it also tests
DNS availability. If there is a problem with your Active Directory domain or your DNS
server, then Exchange Server 2003 will not install and dcdiag can help troubleshoot the
failure. The utility has a number of parameters, all of which are optional. You can use
the /s: switch to specify a domain controller, the /u: switch to specify a user (by user-

name and domain name), and the /p: switch to specify a password. If you do not sup-
ply any of these parameters, then the utility will test the host on which it is run in the
context of the logged in user. The /fix switch fixes the Service Principal Names (SPNs)
on the specified domain controller, and the /test: switch allows you to specify particu-
lar tests. All tests except DcPromo and RegisterInDNS must be run on a domain
controller.
!
Lesson 1 Troubleshooting Exchange Server 2003 Server Migration and Interoperability 14-11
See Also Details of the netdiag and dcdiag tests and parameters may be obtained from
the Windows Server 2003 help files. Search under “Support Tools.”
In this practice, you create files to hold the output of the tests, run the netdiag tests on
a normal system and on a faulty system, compare the outputs, and then do the same
with the dcdiag tests.
Exercise 1: Create Files to Hold the Test Output
To create files to hold the test output, perform the following steps:
1. On Server01, create a new folder named C:\Tests.
2. In the C:\Tests folder, create the following empty text files:
❑ Netdiag1.txt
❑ Netdiag2.txt
❑ Dcdiag1.txt
❑ Dcdiag2.txt
Note Some administrators do not create the required folder and files before using
command-line utilities such as netdiag and dcdiag, because the utilities create them
automatically. However, not all command-line utilities do this. Arguably, it is good practice to
create files before you run any utility that uses them.
Exercise 2: Use Netdiag to Check Network Connectivity
To use netdiag to test network connectivity on Server01, perform the following steps:
1. On Server01, open the Command console.
2. Enter netdiag /debug /fix > c:\tests\netdiag1.txt.
3. Open the Netdiag1.txt file using Microsoft Notepad.

4. Read the test output. Use the search function to find “Errors,” “Warning,” or
“Failed.” A section of the test output is shown in Figure 14-1.
14-12 Chapter 14 Troubleshooting Microsoft Exchange Server 2003
F14es01
Figure 14-1 Netdiag output
Exercise 3: Use Netdiag to Find a Connection Fault
To create a connection fault on Server01 and use netdiag to diagnose the fault, perform
the following steps:
1. On Server01, unplug the connector from Local Area Connection.
2. Open the Command console.
3. Enter netdiag /debug /fix > c:\tests\netdiag2.txt.
4. Open the Netdiag2.txt file using Notepad.
5. Read the test output. Use the search function to find “Fatal.” The relevant section
of the test output is shown in Figure 14-2.
F14es02
Figure 14-2 Netdiag output showing a fatal error
6. Replace the network connector for Local Area Connection. Test the connection by
pinging Server02.
Lesson 1 Troubleshooting Exchange Server 2003 Server Migration and Interoperability 14-13
Exercise 4: Use Dcdiag to Test Server02
In this exercise, you run dcdiag from Server01 to test Server02. If Server02 is not a
domain controller on your test network, then test Server01 instead. To test Server02
using dcdiag, perform the following steps:
1. On Server01, open the Command console.
2. Enter dcdiag /s:server02 /n:contoso.com /u:contoso.com\administrator
/p:* /v /f:c:\tests\dcdiag1.txt /fix.
3. Enter the password for the contoso.com administrator when prompted. The test
completes as shown in Figure 14-3.
F14es03
Figure 14-3 Running dcdiag on Server02

4. Open the Dcdiag1.txt file using Notepad and read the results. A section of the test
output is shown in Figure 14-4.
F14es04
Figure 14-4 Output of dcdiag test on Server02
Exercise 5: Use Dcdiag to Detect a Fault on Server02
In this exercise, you stop the DNS service on Server02 and then run dcdiag from
Server01 to test Server02. To use dcdiag to detect a fault on Server02, perform the fol-
lowing steps:
14-14 Chapter 14 Troubleshooting Microsoft Exchange Server 2003
1. On Server02, open the DNS console, right-click SERVER02, and then click Stop.
2. On Server01, open the Command console.
3. Enter dcdiag /s:server02 /n:contoso.com /u:contoso.com\administrator
/p:* /v /f:c:\tests\dcdiag2.txt /fix.
4. Enter the password for the contoso.com administrator when prompted.
5. Open the Dcdiag2.txt file using Notepad and read the results. The relevant section
of the test output is shown in Figure 14-5.
F14es05
Figure 14-5 Dcdiag failure notification on Server02
6. Start the DNS service on Server02.
Lesson Review
The following questions are intended to reinforce key information presented in this
lesson. If you are unable to answer a question, review the lesson materials and then try
the question again. You can find answers to the questions in the “Questions and
Answers” section at the end of this chapter.
1. You are installing Exchange Server 2003, Enterprise Edition, on a standalone
server. The server meets the recommended hardware requirements and Windows
Server 2003, Enterprise Edition, is installed. You have installed and enabled SMTP,
NNTP, the World Wide Web service, and ASP.NET. The server is a standard primary
DNS server. Will the installation succeed? If not, why not?
2. You migrate an Exchange Server 5.5 organization to Exchange Server 2003. You

use the Active Directory Migration Tool to migrate the mailboxes. You find that the
mailboxes have migrated with all the user permissions intact, but user passwords
have not migrated. What is the probable reason?
Lesson 1 Troubleshooting Exchange Server 2003 Server Migration and Interoperability 14-15
3. Your Exchange Server 2003 organization connects to a UNIX e-mail system over
an X.400 connector. You establish connectivity with the system, but e-mail mes-
sages are garbled. How do you solve the problem?
Lesson Summary
■ Exchange Server 2003 will fail to install if your hardware resources are inadequate,
if your member server does not have the appropriate operating system, or if Active
Directory or DNS are not accessible.
■ Other reasons for installation failure are that SMTP, NNTP, and the World Wide
Web service are not installed and running and that POP3 is installed. When install-
ing on a Windows Server 2003 member server, you also need to install and enable
ASP.NET.
■ Migration from Exchange systems requires that mailboxes be migrated. When
migrating to Exchange Server 2003 you should use version 2 of the Active Direc-
tory Migration Tool, which will migrate mailboxes that are associated with user
accounts and will also migrate passwords. You need to configure an SMTP virtual
server to replace the Internet Mail connector used by Exchange Server 5.5 and
configure DNS accordingly.
■ When you need to coexist with foreign e-mail systems, it is important to check
your encoding. Exchange Server 2003 defaults are not always suitable for this
coexistence.
■ You can use support tools such as netdiag and dcdiag to check network connec-
tivity and DNS and Active Directory operation.
14-16 Chapter 14 Troubleshooting Microsoft Exchange Server 2003
Lesson 2: Troubleshooting Exchange Server 2003 Servers
The performance of an Exchange Server 2003 server depends upon the efficiency of
general server processes, such as memory and processor operation, in addition to the

processes specific to Exchange. Troubleshooting server health involves interpreting the
values of the appropriate counters recorded in a performance log and taking action as
required. If you suspect that a fault is occurring that could result in an unusually high
or low counter reading, you can set thresholds to trigger an alert. The alert could in
turn initiate logging of other counters.
Loss of data is a very serious matter in an Exchange organization, and you need to be
proactive in troubleshooting data storage to prevent a disaster. If a disaster does occur,
you need to have confidence that your data recovery process is operating correctly. If
your servers are clustered to provide failover or load sharing, then you need to have
procedures in place to ensure that those clusters are operating correctly and to repair
any failures before they affect your users.
After this lesson, you will be able to
■ Interpret a Windows Server 2003 server performance log and take action, as
appropriate
■ Troubleshoot data storage and ensure that disk performance and failover protection are
maintained
■ Troubleshoot Exchange Server 2003 server clusters
■ Troubleshoot backup and recovery operations
Estimated lesson time: 90 minutes
Troubleshooting Server Health
Chapter 13 described how you can configure a performance log and diagnostic logging
in order to monitor counters and resources on an Exchange Server 2003 server. In this
lesson, you learn the significance of the results obtained and the action that you can
take when these results indicate a problem.
You can also set up alerts to indicate when resource usage or a performance counter
exceeds a critical limit. There are many counters and instances of counters in an
Exchange Server 2003 server. The following are among the most commonly used to
diagnose problems with server health:
■ Memory\Pages/sec This counter indicates the rate at which pages are read
from or written to disk to resolve hard page faults. It is the sum of Memory\Pages

Input/sec and Memory\Pages Output/sec, and indicates the type of faults that
cause system-wide delays. It includes pages retrieved to satisfy faults in the file
Lesson 2 Troubleshooting Exchange Server 2003 Servers 14-17
system cache (usually requested by applications) and non-cached mapped mem-
ory files. If the counter value increases over time, it could indicate that memory is
becoming a bottleneck. It can also indicate “leaky” applications that use memory
when running but do not release it when they stop. Typically, the counter value
should not exceed five. A value of 20 or more indicates a problem.
■ Processor\% Processor Time This is the percentage of elapsed time that the
processor spends to execute a non-idle thread. The counter is the primary indica-
tor of processor activity and displays the average percentage of busy time
observed during the sample interval. It is quite normal for this counter to reach
100 percent. However, a value in excess of 80 percent averaged over a period of
time indicates that the processor may be overloaded. If you have a symmetrical
microprocessor (SMP) computer, then each processor is monitored as an instance
of this counter. If you discover high readings for one processor and low readings
for another, then you should use Task Manager to discover what processes have a
hard affinity to the first processor.
■ Process\% Processor Time This indicates the percentage of elapsed time for
which all of the threads of a process used the processor to execute instructions. An
instruction is the basic unit of execution in a computer, a thread is the object that
executes instructions, and a process is the object created when a program is run.
Because there are many processes created in an Exchange Server 2003 server (or
any server), there are many instances of this counter (for example, store). Use the
counter instances to keep track of key processes. There is no “correct” value for
this counter. You need to establish a baseline for normal operation and compare
your current readings against this. If the processor time used by a particular pro-
cess increases over time, you need to judge whether there is a problem with the
process or whether this is normal behavior that indicates that you may eventually
need to upgrade the processor.

■ MSExchangeIS\RPC Requests The MSExchangeIS object represents the ser-
vice that allows access to mailbox and public folder stores. Remote Procedure Call
(RPC) Requests is the number of client requests that are currently being processed
by the information store. The RPC protocol is used to transfer messages between
computers and across connectors. You need to look at the value of this counter,
together with the readings for MSExchangeIS\RPC Packets/sec (the rate that RPC
packets are processed) and MSExchangeIS\RPC Operations/sec (the rate that RPC
operations occur) to determine whether there is a bottleneck in the system.
■ PhysicalDisk\Disk Transfers/sec The value in this counter indicates the rate
of read and write operations on a physical disk. A physical disk can contain sev-
eral logical disks or volumes. Conversely, if disk arrays are used, a logical disk can
contain several physical disks. You can add this counter to a performance log, but
you will get a value of zero unless the disk counters are enabled using the diskperf
command-line utility. Do not enable disk counters unless you have a problem that
14-18 Chapter 14 Troubleshooting Microsoft Exchange Server 2003
you need to solve, and do not enable them for any longer than you must. Enabling
disk counters can seriously degrade server performance.
■ SMTP Server\Local Queue Length This indicates the number of messages in
the local queue on an SMTP server. You can get the same information from Queue
Viewer, but a performance log lets you view a report over time and track trends.
You should look at this counter in conjunction with the SMTP Server\Messages
Delivered/sec counter, which indicates the rate at which messages are delivered to
local mailboxes. It is possible that there are a lot of messages in a queue, but the
queue is being processed at a rate sufficient to ensure that the messages are deliv-
ered promptly. You can also set alerts on counters such as SMTP Server\Bad-
mailed Messages (No Recipient) so that you are warned if an excessive amount of
anonymous mail is delivered, possibly indicating spamming or a Denial of Service
(DoS) attack.
■ MSExchangeIS Mailbox\Local Delivery Rate This is the rate at which mes-
sages are delivered locally. The MSExchangeIS Mailbox object counters specifi-

cally measure mailbox, as opposed to both mailbox and public folder, traffic.
Other counters that you might need to monitor are MSExchangeIS Mailbox\Folder
Opens/sec, which is the rate that requests to open folders are submitted to the
Information Store, and MSExchangeIS Mailbox\Message, which is the rate that
requests to open messages are submitted to the information store. You need to
compare these counter values against performance baselines to determine
whether a bottleneck exists and to track trends over time.
Troubleshooting Data Storage
Chapter 12 discussed the various redundant array of independent drives (RAID) con-
figurations that can be used to store Exchange Server 2003 server databases and trans-
action logs. We saw in that chapter that recovery to the point of failure is possible only
if circular logging is disabled (the default) and transaction logs are stored on separate
disks or disk arrays from databases. We also saw that a well-designed backup strategy
could prevent disks from being filled with an excessive number of transaction logs.
With the exception of RAID-0, the failure of a disk in an array is not always immedi-
ately obvious. It is possible to generate an alert if a counter such as Physical\Disk
Transfers/sec drops to zero, but this would necessitate having the disk counters
enabled (and may be a good reason for enabling these counters). You can also config-
ure Monitoring And Status in Exchange System Manager to write an event to the appli-
cation log in Event Viewer if free disk space in the array falls below a predefined limit,
and you can configure Notifications in the Monitoring And Status tool to notify you by
e-mail or by some other method specified in a script file when the event occurs. This
will alert you if there are capacity problems, but will not indicate a disk failure in an
array because the loss of a spindle in an array does not affect free disk space.
Lesson 2 Troubleshooting Exchange Server 2003 Servers 14-19
However, it is important that you deal with a disk failure immediately because your
array is no longer fault-tolerant. If you are using RAID-5, then the loss of a spindle will
result in noticeable performance degradation; basically everything slows down. In
RAID-1 and RAID-0+1 arrays, however, the degradation in read performance may not
be immediately noticeable, especially during quiet periods. Commercial hardware

RAID systems can generate visual and audible warnings of disk failure, and you should
take this functionality into account when choosing a system.
Mailbox and Public Store Policies
You can create mailbox and public store policies for any administrative group by
expanding the administrative group in Exchange System Manager, right-clicking Sys-
tem Policies, and then specifying either a new mailbox or a new public store policy.
Chapter 7, “Managing Recipient Objects and Address Lists,” and Chapter 8, “Public
Folders,” discuss policies in detail. From a troubleshooting viewpoint, limiting the size
of public and mailbox stores, specifying a retention policy for deleted items, and not
permanently deleting mailboxes until the store has been backed up are the most useful
components of these policies. In Chapter 13, you learned how to monitor mailbox
sizes and start the mailbox management process.
These procedures help to troubleshoot storage, because problems can occur when
databases grow too large. Enforcing mailbox limits can prevent such problems. Proac-
tive troubleshooting—that is, preventing problems from occurring—is the hallmark of
the efficient administrator.
Real World But There’s Hardly Anything in My Mailbox!
Not all users will see mailbox limits as good proactive troubleshooting. They will
assure you that they regularly read and delete items and download extensions to
their local disk. You need to explain that unless an e-mail message with a large
extension is deleted, it will remain in the mailbox, and that deleted items are kept
in mailboxes until they are backed up. Carefully note details of any issues that a
user has with your policies. The information can be very useful when the same
user asks you to retrieve a message that he or she deleted six months ago.
Troubleshooting Clusters
When a cluster node goes down and failover occurs, it is not always immediately obvi-
ous that you have a problem. You need to use Cluster Administrator on a daily basis to
check the health of your clusters.
One of the main problems when using clusters is virtual memory fragmentation. You
need to monitor the following virtual memory counters for each node in the cluster to

determine when an Exchange virtual server must be restarted due to this fragmentation:
14-20 Chapter 14 Troubleshooting Microsoft Exchange Server 2003
■ MSExchangeIS\V Largest Block Size When this counter drops below 32 MB,
Exchange Server 2003 logs a warning in the Event Viewer application log (Event
ID=9582). It logs an error if the counter drops below 16 MB.
■ MSExchangeIS\VM Total 16MB Free Blocks You should monitor the trend on
this counter to predict when the number of 16-MB blocks is likely to drop below
three. When this number drops below three, you should restart all the services on
the node.
■ MSExchangeIS\VM Total Free Blocks This counter enables you to calculate
the degree of fragmentation of available virtual memory. The smaller the average
block size, the greater the fragmentation. You also need the value returned by the
store instance of the Process\Virtual bytes counter. The average block size is the
Process (store)\Virtual Bytes value divided by the MSExchangeIS\VM Total Free
Blocks value.
■ MSExchangeIS\VM Total Large Free Block Bytes If the value in this counter
drops below 32 MB on any node in the cluster, failover the Exchange virtual serv-
ers, restart all the Exchange services on the node (or restart the server), and then
failback the Exchange virtual servers.
Troubleshooting Backup and Restore
As you learned in Chapter 12, an online backup uses a checksum to check files for cor-
ruption and writes events to the application log of Event Viewer if any inconsistencies
are found. In addition, a backup log is generated. Thus if an online backup runs with
no errors recorded, you can have a good degree of confidence that the data has been
backed up correctly.
Sometimes an offline backup is necessary, either when an online backup fails or when
third-party software is used that does not support online backups. In this case, you can
use the eseutil command-line utility with the /k switch to verify the backup copy.
No matter how confident you may be about your online backup, it is wise to perform
a practice restore. You can perform a practice restore on a recovery server, which is

also used to recover deleted mailboxes after their retention periods have expired. A
recovery server needs to be in a separate forest. You can also restore on the same
server, or on a server in the same organizational group, by using a recovery storage
group.
Recovery Storage Groups
A recovery storage group is a specialized storage group that can exist alongside the
regular storage groups in an Exchange Server 2003 server (even if the server already
has four normal storage groups). You can restore mailbox stores from any normal
Exchange Server 2003 storage group to the recovery group. You can then, if
Lesson 2 Troubleshooting Exchange Server 2003 Servers 14-21
appropriate, use the exmerge command-line utility to move the recovered mailbox
data from the recovery storage group to the regular storage group.
Recovery storage groups allow you to restore without overwriting the data in the stores
you backed up. This is important when you suspect there may be a problem with
backups and you do not want to risk overwriting your current data with corrupted
backup data. In addition, you can recover an entire mailbox store (all of the database
information, including the log data) or just a single mailbox.
If you have confidence in your backup and restore processes, then backup becomes a
troubleshooting tool rather than a troubleshooting problem. You can restore the last
full backup and, when appropriate, the last differential backup or series of incremental
backups. You can then replay any transaction logs that are stored on a separate disk to
restore the data on up to the point of failure.
Practice: Configuring an Alert
In this practice, you configure an alert that triggers if 20 or more messages are waiting
to be sent out from the Server01 mailbox. In your test network, this number is an arbi-
trary choice. On a production network, you would use a performance log and monitor
Queue Viewer to create baselines for normal and busy periods. The number of queued
messages that you choose to trigger the alert should be higher than the highest antici-
pated number during busy periods, and therefore indicate a fault in the messaging
environment.

Exercise 1: Configure a Queue Alert
To configure a queue alert, perform the following steps:
1. On Server01, open the Performance console.
2. Expand Performance Logs And Alerts, right-click Alerts, and then click New Alert
Settings.
3. In New Alert Settings, in the Name box, type Send Queue Alert and then click
OK.
4. On the General tab of the Send Queue Alert dialog box, type Alert if 20
messages, and then click Add.
5. In the Add Counters dialog box, in the Performance Counters drop-down menu,
select MSExchangeIS Mailbox. In the Select Counters From List box, select Send
Queue Size (normally selected by default), and in the Select Instances From List
box, select First Storage Group–Mailbox Store (SERVER01), as shown in
Figure 14-6.
14-22 Chapter 14 Troubleshooting Microsoft Exchange Server 2003
F14es06
Figure 14-6 Selecting a performance object, counter, and instance
Note You have a choice of instance because you created the My Storage Group–My Mailbox
Store in Chapter 12. If you did not do this and there is no choice of instance, then the First
Storage Group–Mailbox Store (SERVER01) will be monitored by default.
6. Click Add to add the counter, and then click Close.
7. In the Alert When Value Is box, select Over.
8. In the Limit box, type 20.
Exam Tip The Alert When Value Is box can be set only to Over or Under. Therefore, Over
means “greater than or equal to,” and Under means “less than or equal to.” So if you want
the alert to trigger at 20 messages, you set “Over 20.” If you did not know this, you might
assume that “Over 19” would trigger on 20. Examiners sometimes test areas where the intu-
itive answer is not the correct one.
9. Ensure that the sample interval is at the default value of 5 seconds. Figure 14-7
shows the alert settings.

!
Lesson 2 Troubleshooting Exchange Server 2003 Servers 14-23
F14es07
Figure 14-7 Settings for the send queue alert
10. On the Action tab, select Send A Network Message To and type Administrator in
the associated box.
Note This sends a network message to any PC (assuming it has a Windows NT, Windows
2000, Windows Server 2003, or Windows XP operating system and the messenger service is
enabled) where you are logged on using the Administrator account. You might want to con-
sider sending messages to the ordinary user account that you created for yourself according
to the Principle of Least Privilege. In a production network, you should log on using the Admin-
istrator account as seldom as possible. Also note that by default an event is logged in the
applications log in Event Viewer, that you can start a performance log if an alert is triggered,
and that you can run an executable file. This file could send you an e-mail message or, if you
have the appropriate technology installed, could trigger a personal bleeper.
11. Click OK.
12. In the Performance console, click Alerts. In the details pane, right-click the alert
and confirm that it has started (Start is unavailable).
Warning You can also determine that an alert is running because it is green, but this
method is not infallible. A newly created alert may be started but appear as red until the first
time you click it. Also, those who are prone to color blindness easily confuse red and green.
14-24 Chapter 14 Troubleshooting Microsoft Exchange Server 2003
Lesson Review
The following questions are intended to reinforce key information presented in this
lesson. If you are unable to answer a question, review the lesson materials and then try
the question again. You can find answers to the questions in the “Questions and
Answers” section at the end of this chapter.
1. You are the administrator of an Exchange Server 2003 organization. During busy
times the performance of one of your Exchange Server 2003 servers slows. The
server uses a RAID-1 array to store system files, a RAID-5 array to store database

files, and a RAID-0+1 array to store transaction logs. Currently all of the disk arrays
are used at less than 60 percent of total capacity. You check your performance
counters during a busy period and find that your Processor\%Processor Time
counter is consistently at 70 percent or above and your Memory\Pages/sec
counter is typically between 30 and 40. You notice that there is an unusually high
amount of disk activity. What is the most likely cause of the poor performance?
a. A disk in one of your arrays is faulty.
b. One of your disk controllers is faulty.
c. The server needs additional memory.
d. You need to upgrade your processor.
2. You set alerts on all the nodes on a cluster group to warn you if the value that the
MSExchangeIS\VM Total 16m Free Blocks counter returns is three or less. What
action should you take on any node on which the alert is triggered?
3. You want to test your backup and restore procedures by restoring a mailbox store.
You do not want to dismount the store while you are performing the restore,
and you do not want to overwrite the data in the store with backed up data that
might be faulty. You do not have a recovery server. How can you test the restore?
Lesson 2 Troubleshooting Exchange Server 2003 Servers 14-25
Lesson Summary
■ Performance logs can be used for troubleshooting server health. An alert can be
set to indicate a problem associated with a particular resource.
■ Faults in data storage are sometimes not immediately obvious but can affect the
failover protection that RAID systems provide. Disk storage systems need to be
monitored frequently. Limiting the size of mailboxes and public stores can lessen
storage problems.
■ Problems can occur in clusters where a node failure may not be immediately obvi-
ous. Memory fragmentation is a problem in clusters, and several counters are
available to help monitor the problem.
■ Recovery storage groups can be used to test backup and restore.
14-26 Chapter 14 Troubleshooting Microsoft Exchange Server 2003

Lesson 3: Troubleshooting the Exchange Server 2003
Organization
While some faults are restricted to specific Exchange Server 2003 servers, others affect
the entire Exchange Server 2003 organization. Problems with public folders can affect
everyone in your organization, as can problems with virtual servers. If you use a back-
end/front-end configuration, it is easy to misconfigure certain parameters, and you also
need to ensure that your front-end and back-end servers can communicate through
your firewall. Connectivity problems can prevent your Exchange Server 2003 servers
from accessing Active Directory and DNS, which will in turn affect your whole
organization.
After this lesson, you will be able to
■ Describe the problems that can occur with public folders, and restrict the ability to cre-
ate top-level public folders to selected users or groups
■ Explain how diagnostic and protocol logging can help troubleshoot problems on virtual
servers
■ Describe the problems associated with a front-end/back-end server configuration
■ List the tools that you can use to troubleshoot connectivity problems within your
Exchange Server 2003 organization
Estimated lesson time: 45 minutes
Troubleshooting Public Folders
Public folders can contain internal company information and can also be used for col-
laboration projects with partner organizations and to give information about your com-
pany to external users. Problems in public folders therefore impinge upon the image
that your organization presents to its own employees, to its partner organizations, and
to the world at large. Any problems that affect public folders need to be resolved
urgently.
Some of the problems that can occur with public folders concern the limits imposed by
any public store policies that you decide to create. There are sound reasons for limiting
the size of public folders and the size of individual items within any folder. However,
you need to be proactive in deleting any items that are no longer required. Users who

can post items to a public folder will report warnings and write prohibitions as errors.
Also, it reflects badly on your organization if some of the content of a public folder is
irrelevant or out of date. You can delegate the task of ensuring that obsolete items are
deleted. Indeed, you should do so. As an administrator, you are not in a position to
judge whether items posted by, for example, the human resources department can be
deleted. However, you do need to keep a close eye on folder size.
Lesson 3 Troubleshooting the Exchange Server 2003 Organization 14-27
If you have a dedicated public folder server, the task of restoring public folders can
lead to failure reports because you need to dismount a public folder to restore it.
Sometimes this is inevitable, for example, if the data in a public folder is corrupt. Trial
restores of public folders, however, should be done on a recovery server in this
instance.
Another possible source of error is when you have a public folder that should be acces-
sible through e-mail. Public folders are not mail-enabled by default, and you need to
enable this function. The procedure to do this is described in the troubleshooting lab
in Chapter 8.
However, the main source of errors in public folders is incorrectly configured permis-
sions. If, for example, you allow too many users to create top-level folders, then your
folder tree will become large, unorganized, and difficult to browse or manage. You can
control permissions to create top-level folders by right-clicking your Exchange organi-
zation in Exchange System Manager and granting the permission only to selected indi-
viduals or groups. Figure 14-8 shows the Create Top Level Public Folder permission
being granted to Don Hall.
F14es08
Figure 14-8 Granting the Create Top Level Public Folder permission
Another common permission problem occurs when users who should only be permit-
ted to read items in a public folder are also granted write or delete permission. In gen-
eral, users should have only read permission to public folder items, with write and
delete permissions being granted very sparingly. Remember also that permissions
granted on a high-level public folder will, by default, propagate to lower-level folders.

If permissions are changed at the wrong level, errors can result.
14-28 Chapter 14 Troubleshooting Microsoft Exchange Server 2003
Troubleshooting Virtual Servers
Chapter 9 and Chapter 13 discussed many of the techniques that are used for managing
virtual servers and monitoring their performance. Protocol logs provide a powerful
method of recording every detail of every event that occurs in each individual virtual
server. If, for example, a message is rejected because it is oversized, this can be
deduced from the SIZE xxxxxxx entry in the SMTP virtual server’s protocol log. Diag-
nostic logging is configured using Exchange System Manager, except for Hypertext
Transport Protocol (HTTP) virtual servers, for which you use IIS Manager and config-
ure diagnostic logging for the Web site associated with the virtual server.
Diagnostic Logging
Diagnostic logging can assist in troubleshooting both virtual servers and the general
health of an Exchange Server 2003 server and of the Exchange Server 2003 organiza-
tion. You can configure the level of diagnostic logging on the following services:
■ IMAP4SVC This service allows users to access mailboxes and public folders
through IMAP4. Detailed logging can help locate faults on IMAP4 virtual servers.
■ MSADC This service runs connection agreements if the Active Directory Con-
nector is installed.
■ MSExchangeAL This service allows users to address e-mail through address
lists.
■ MSExchangeDSAccess This service allows Exchange access to Active Directory.
■ MSExchangeIS This service allows access to the Information Store.
■ MSExchangeMTA This service allows X.400 connectors to access the message
transfer agent (MTA).
■ MSExchangeMU This service replicates Exchange configuration information
changes to the IIS metabase.
■ MSExchangeSA This counter records an entry when Exchange uses Active
Directory to store and share directory information.
■ MSExchangeSRS This counter records an entry whenever Site Replication Ser-

vices are used to replicate computers running Exchange 2000 Server or later with
computers running Exchange Server 5.5.
■ MSExchangeTransport This counter records an entry whenever SMTP is used
to route messages. Configuring the diagnostic logging level can assist in trouble-
shooting SMTP virtual servers.
■ POP3SVC This counter records an entry whenever POP3 is used to access
e-mail. Configuring the diagnostic logging level can assist in troubleshooting POP3
virtual servers.
Lesson 3 Troubleshooting the Exchange Server 2003 Organization 14-29
Encoding and Relaying
Errors can occur in IMAP4 and POP3 virtual servers if incorrect encoding methods are
specified. Often you can solve the problem by creating an additional virtual server and
allowing access to a group of clients with particular encoding requirements. If only a
few clients have requirements that differ from those of the majority, then you can con-
figure client settings on a per-client basis. This is discussed in Chapter 9.
Open relaying can cause problems with SMTP virtual servers. Relaying is disabled by
default, but IMAP4 and POP3 clients need to use the facility so that they can use SMTP
to send e-mail. Relaying can be enabled for specific clients, but it is usually better prac-
tice to create an additional SMTP virtual server that permits relaying and allows access
only to POP3 and IMAP4 clients. This is also discussed in Chapter 9.
Troubleshooting Front-End and Back-End Servers
There are several advantages to a front-end and back-end configuration. Front-end
servers do not host mailboxes and can be located outside the main firewall. Back-end
servers can use the Microsoft Cluster Service for failover protection while front-
end servers can use Network Load Balancing to enhance performance. The use of
front-end servers means that mailboxes on your domain can be accessed using a single
Uniform Resource Locator (URL), no matter what back-end server you put them on.
You can move mailboxes from one back-end server to another, and such a move is
invisible to the end user.
However, the advantages that the configuration offers bring their own troubleshooting

issues. Front-end servers need to be able to communicate with back-end servers
through your firewall without compromising either security or usability. Load balanc-
ing clusters are not applicable to back-end servers, nor are Windows clusters to front-
end servers, and incorrectly configured clustering can lead to problems. A failure of a
mailbox store or a virtual server on a back-end server can look like a fault on a front-
end server, and it is important to track messages and find out where the fault occurred.
You need to create a virtual HTTP server on each back-end server to handle front-end
requests. A failure on any one of these servers can result in Outlook Web Access
(OWA) clients being unable to send mail to or receive mail from your domain.
For all of these reasons, the techniques for troubleshooting communication across a
firewall, the use of Cluster Administrator, and the use of virtual server troubleshooting
techniques such as protocol logging become even more important when you have a
back-end/front-end configuration. The following problems are also common in this
configuration:
■ Authentication is misconfigured The implementation of authentication set-
tings varies between server roles. On front-end servers, IMAP4 and POP3 virtual
14-30 Chapter 14 Troubleshooting Microsoft Exchange Server 2003
servers use basic authentication, and this cannot be changed. On POP3 and IMAP4
virtual servers on back-end servers, you can select basic authentication or
Integrated Windows Authentication. Integrated Windows Authentication cannot
be specified on front-end HTTP virtual servers. Because authentication methods
vary with the server type (for good reasons), it is sometimes difficult to work out
the settings that meet your required objectives and easy to misconfigure
authentication.
■ Users are disconnected when downloading messages On back-end servers,
the connection timeout setting limits the length of time for which a client is per-
mitted to remain connected to the server without performing any activity. On
front-end servers, the connection timeout setting limits the total length of the cli-
ent’s session, regardless of client activity. A common configuration error is to set
back-end connection timeout values on front-end servers. You need to configure

this setting on your front-end servers so that your users can download the maxi-
mum message size permitted over the slowest supported connection speed with-
out being disconnected.
■ Calendaring settings on front-end POP3 and IMAP4 virtual servers are
ignored Exchange Server 2003 does not recognize any URL settings configured
on the Calendaring tab of IMAP4 and POP3 virtual servers on your front-end serv-
ers unless you configure the corresponding virtual servers on your back-end
servers to use front-end settings.
Troubleshooting Connectivity
Because connectivity problems can prevent Exchange Server 2003 from installing, the
netdiag utility was discussed in Lesson 1 of this chapter. In addition to netdiag, you can
use ping to test connectivity with domain controllers, DNS servers, Exchange Server
2003 servers, IIS servers, and other significant hosts on your network. If you can ping
by Internet Protocol (IP) address but not by hostname, then this indicates name reso-
lution problems and possibly a problem with DNS.
You can use telnet to check whether a TCP port (for example port 25 for SMTP) can be
opened to a receiving host and whether the receiving host is responding. Telnet is use-
ful for testing connectivity over a firewall that blocks the Internet Control and Messag-
ing Protocol (ICMP) on which ping depends.
You can use the nslookup command to query DNS to confirm that DNS is working
properly and that MX and A (host) records exist for a particular Exchange Server 2003
server or for all such servers in a domain. You can, for example, use the nslookup –
querytype=mx tailspintoys.com command to return all the MX records for the tail-
spintoys.com domain.
Lesson 3 Troubleshooting the Exchange Server 2003 Organization 14-31
Practice: Limiting Write and Delete Permissions to Public Folders
In your organization, only the senior managers group, which contains users Sean Alex-
ander, Don Hall, and Kim Akers, is permitted to place information in public folders.
Only Don Hall is permitted to delete files in public folders. Domain administrators have
full control over public folders for administrative purposes. All other users have only

read permission. This practice sets up these permissions.
Exercise 1: Create the Senior Managers Security Group
This exercise assumes that mail-enabled accounts exist for Kim Akers, Don Hall, and
Sean Alexander. These accounts were created in Chapter 9. If the accounts do not exist,
use the Active Directory Users And Computers console to create them before you start
this exercise.
To create the Senior Managers security group, perform the following actions:
1. On Server01, open the Active Directory Users And Computers console.
2. Expand TailSpinToys.com, right-click Users, click New, and then click Group.
3. On the New Object–Group page, in the Group Name box, type Senior Managers.
4. Ensure that the Group Scope is Global and the Group Type is Security, as shown
in Figure 14-9. Click Next.
F14es09
Figure 14-9 Specifying the Senior Managers global security group
5. You have the option at this stage of mail-enabling the group. However, the use of
mail-enabled global security groups is not recommended and is not appropriate in
this exercise. Click Next.
6. Click Finish.
14-32 Chapter 14 Troubleshooting Microsoft Exchange Server 2003
7. In the details pane of Active Directory Users And Computers, right-click Senior
Managers, and click Properties.
8. On the Members tab, click Add.
9. In the Enter The Object Names To Select box, type Don Hall.
10. Click Check Names, and then click OK.
11. Repeat the procedure described in steps 8, 9, and 10 to add Kim Akers and Sean
Alexander to the security group.
12. The Senior Managers Properties dialog box should contain the entries shown in
Figure 14-10. Click OK to close the dialog box.
F14es10
Figure 14-10 The Senior Managers Properties dialog box

13. On Server01, open the Domain Controller Security Policy console and click User
Rights Assignment.
14. In the details pane, double-click Allow Log On Locally and add the Senior Manag-
ers group to that right. This lets you test the configuration that you will carry out
in the next exercise. In a production network, you would not typically grant ordi-
nary users log on locally rights on a domain controller.
Exercise 2: Configure Permissions on a Public Folder Store
In this exercise, you configure permissions such that the Senior Managers group can
add files to the public folder store and amend files, but only Don Hall can delete files
that were created by other users.
Lesson 3 Troubleshooting the Exchange Server 2003 Organization 14-33
To configure permissions on a public folder store, perform the following actions:
1. Start Exchange System Manager.
2. Navigate to Administrative Groups\First Administrative Group\Servers\Server01
\First Storage Group\Public Folder Store (Server01).
3. Right-click Public Folder Store (Server01), and then click Properties.
4. On the Security tab, click Add.
5. In the Enter The Object Names To Select box, type users and then click OK.
6. In the Group Or User Names box, click Users. In the Permissions For Users box,
clear all the Allow check boxes except Read, Execute, Read Permissions, List Con-
tents, and Read Properties.
7. Click Add. In the Enter The Object Names To Select box, type Senior Managers
and then click OK.
8. In the Group Or User Names box, click Senior Managers. In the Permissions For
Users box, clear all the Allow check boxes except Read, Write, Execute, Read Per-
missions, List Contents, and Read Properties. Figure 14-11 shows permissions
being specified for the Senior Managers group.
F14es11
Figure 14-11 Specifying permissions for the Senior Managers group
9. Click Add. In the Enter The Object Names To Select box, type Don Hall and then

click OK.
10. In the Group Or User Names box, click Don Hall. In the Permissions For Users
box, clear all the Allow check boxes except Read, Write, Execute, Delete, Read
Permissions, List Contents, and Read Properties.
14-34 Chapter 14 Troubleshooting Microsoft Exchange Server 2003
Note Write permission enables users to create files, change the content of files, and
delete files that they created. Delete permission allows users to delete files that were cre-
ated by other users.
11. Click OK to close the dialog box.
12. Open Outlook and create a new public folder called My Public Folder. Post a mes-
sage to that public folder.
13. Log off, and then log on as Kim Akers. If you set up the accounts as specified in
Chapter 9, then the username is k.akers and the password is password&2.
14. Open Outlook and investigate what you can and cannot do in My Public Folder.
You should, for example, be able to post items to the folder.
15. Log off, and then log on as Don Hall. If you set up the accounts as specified in
Chapter 9, then the username is d.hall and the password is password&2.
16. Open Outlook and investigate what you can and cannot do in My Public Folder.
Discover whether Don Hall has any more rights than Kim Akers.
17. Experiment with changing the permissions that the Senior Managers group and
Don Hall’s individual user account have on Public Folder Store (Server01). Ensure,
however, that you are logged on as Administrator at the end of this exercise.
Lesson Review
The following questions are intended to reinforce key information presented in this
lesson. If you are unable to answer a question, review the lesson materials and then try
the question again. You can find answers to the questions in the “Questions and
Answers” section at the end of this chapter.
1. You are configuring authentication on an IMAP4 virtual server. You discover that
the check boxes appear dimmed, and you cannot change the authentication set-
ting, which is basic authentication. What is the reason for this?

2. Files in a public folder are being added and deleted without official sanction. How
can you prevent this happening?