17 October 2007

Exchange Message Tracking

Today, a customer had a strange problem. An end-user had send a message to 69 recipients with a small attachment (not important in this case). After a couple of minutes the user reported that she and a colleague received dozens of messages all send by the original sender.

She had the message only once in her send items. I checked the recipients in the message and I didn’t find any faults made by the user. The next step was checking Exchange Message Tracking. This reported that the actually has send the email. There was only one strange thing. The original message showed her Display Name and all the other messages showed her email address.

While we were searching for a solution the end user was called by multiple recipients complaining that they received the email 100+ times. So we decided to disable all outbound email. Because we are using SurfControl Email filter as a gateway I created a rule on this server for isolating all messages from that particular email address.

After I disabled all outbound email the flood of messages wouldn’t stop. The queue on the Exchange server didn’t contain any messages from the end user. The gateway’s queue also didn’t contained any messages. So I analyzed the headers of the isolated messages. The headers didn’t contain information about our servers sending the email. The server was only listed as the receiving end server. I asked a friend to take a look at the headers (thanks Jasper) because after a while I was losing all logic due to watching too long. Together we found the source of all evil: the server of one of the recipients. Called the organization and they disabled all outbound email until they will found a proper solution. After a while the flooding stopped.

The thing confused me the most was Exchange Message Tracking, because all the messages appeared in this logs just like the user has send the messages. The reason is pretty simple: if a message arrives at the server Exchange Message Tracking tracks this message in the database. If the email address of the sender is similar of to an email address from of an user, Exchange will record this message as a message send by the user ALSO in the situation that the email address is spoofed.
There’s only one simple solution. Messages send from within the network use the Display Name of the user. In my particular situation the email address was listed. So take a good look in this type of situations.

In my opinion this type of messages shouldn’t be listed in the Message Tracking Log only in a situation that the message is send by a server in his Exchange organization. Just a thing to keep in mind!

10 October 2007

Visionapp Remote Desktop

As an Administrator you probably uses the program Remote Desktops from Microsoft to access your servers. This works perfect, but has a big disadvantage. The problem is that you can’t sort the list with servers.

A new colleague showed me today an product which you can sort and acts just like Remote Desktops. It’s called Visionapp Remote Desktop. Version vRD 1.5 has also support for Vista.
You can now organize your servers in your own specific needs (geographic, alphabetical, etc, etc.)

Special Functions:
• Credential organizer. You can make groups of servers which uses the same credentials to login. You can direct the credentials to these groups so you don’t have to supply the credentials to each server individually. NOTE: Please don’t forget the security risks when using this option. The security risk is the same when using Remote Desktop, but the difference is the time saving option to distribute the credentials to a group of servers.
• Tabs with connected servers.
• Different icon when connected. Easily see to which servers you’re connected.
• Connect and disconnect groups of servers.
• Password protected backup file of configuration. Distribute your configuration easy and secure to colleagues.
• And much more…

There’s also another big advantage, because this program is freeware.

You can download it HERE at the site of Visionapp. NOTE: you must register first to download.

Active Directory Topology Diagrammer

Microsoft Technet sended today to there Dutch subscribers a newsletters. In this newsletter they always have a small section with downloadable products. Today they advised a program called “Active Directory Topology Diagrammer”.

The description of Microsoft about this program is: “The Microsoft Active Directory Topology Diagrammer reads an Active Directory configuration using ActiveX Data Objects (ADO), and then automatically generates a Visio diagram of your Active Directory and /or your Exchange 200x Server topology. The diagramms include domains, sites, servers, administrative groups, routing groups and connectors and can be changed manually in Visio if needed.”

Downloaded and installed it immediately. This is pure gold! It’s a three step procedure.
1. Fill in some information about a Global Catalog in your organization.
a. Check or uncheck some checkboxes for more or less information (optional).
2. Hit the discover button
3. After the discovery, Hit the Draw button and sit back and relax while your Active Directory and Exchange organisation will be drawn in Visio.

Download it at Here at Microsoft.

Reinstallation of a SBS2003 with Transition Packs

For a customer we transformed a Small Business Server 2003 server with Transition Packs to a Windows Server 2003 Standard. After a successful migration of 2 networks the server loses his role as a DC and his function in the new network. We wanted to use this server in a complete different role and network.

But there’s the question what to do with the OS of this server. The server contains a lot of garbage and leftovers of the original Small Business Server installation even after a cleanup. Continuing with this server in this configuration would cause a lot of problems in the future. The Eventviewer contained a lot of errors caused by the Small Business configuration. Reinstallation was the only good option.

There’s only one problem. What is the correct reinstallation path in this situation?
1. Installing Small Business Server 2003
2. Applying Transition Packs
3. Using the transformed Windows Server 2003.

In this situation we would get the same problems before we started. Garbage and leftovers from the SBS2003 installation. Google wouldn’t help in this situation (where is Google if you really need it ). Eventually I called the License Helpdesk of Microsoft. They couldn’t helped me and advised me to call the Technical Support desk of Microsoft. Rather strange because in my opinion this is just a license issue: "Can and may I use the product key from the Transition Packs with a retail Media Kit of Microsoft Windows Server 2003?".

The answer is YES. I called the Technical Support desk of Microsoft and they haven’t received this question earlier, but his answer was that this was purely a license issue. If I installed this configuration and I get an audit by Microsoft or other organisation this won’t be a problem if I got the original Small Business Server License and the Transition Packs license present.

The only problem is of this really works. Can I use the serial number as printed on the Transition Packs case when installing Windows Server 2003 standard. The answer is also YES. Today I started the reinstallation of the system. Used a Retail Windows Server 2003 CD and the product code (serial number) of the Transition Pack and this works flawless.