8th July 2008: Microsoft Messaging & Mobility User Group UK Gathering

Okay so Tuesday and a bunch of us headed to Microsoft’s office in Victoria to hear from Gordon McKenna talk about Managing and Monitoring Exchange using SCOM 2007.  Here are my notes from the event … hopefully its not to disjoined ;-)

So eight of us joined Gordon who is actually a Windows Management MVP. Check out the Windows Management User Group: http://wmug.co.uk/

So let the writing of the rambings being …

With MOM 2005, the product groups wrote the management pack. In some cases, this is true, especially for Exchange, but not for other applications. In SCOM, the MOM team are writing the management pack

Two types of Management Packs exist:
Converted: MOM management packs that are converted from MOM to SCOM
Native: Properly built from the ground up especially for that product

If you are using  MOM with the Exchange 2003 MP, make sure you have downloaded and installed the Exchange MP Config wizard.  This will enable you to take advantage of the MOM Synthetic Transactions.

The Synthetic Transactions, once configured, will allow you test mail flow between servers and storage groups.  Another test is MOM will perform MAPI logons to the exchange server, to track client logon information & latency.

The Exchange MP config wizard will also allow you monitor Exchange 2003 Front End services (OWA, OMA, Exchange Active Sync).

What is interesting, is that the MOM data warehouse actually has a whole load of data in it, that is not used by all the standard reports. … but you can access it, if you know how ;-)

Gordon mention the Windows Mobile Device Manager .. It has the ability to monitor Windows Mobile devices.

SCOM SP1 is really a requirement if you are thinking about installing SCOM.  SCOM provides “service/components” and not just server management of Exchange.  The Exchange 2007 Management Pack is the largest MP for SCOM.

There will be an “out of the box” connector for Remedy that is due with SCOM SP2

So, the SCOM console was kinda designed to look like outlook, which you either love or hate.  You can get the latest Exchange 2007 MP from here: http://www.microsoft.com/downloads/details.aspx?FamilyId=1A83E112-8677-4E03-83C3-F1B7EBFC3A4B&displaylang=en&displaylang=en. When you download this, install it and look at the OM2007_MP_EX2007.doc.  It has a wealth of knowledge in it.

In SCOM the management packs are sealed, and the only way to make changes is to use “overrides”.  Check this out it is damm good! Gordon recommended that you always create an “override” management pack, and do any customisation to this override group. That way if an MP is upgraded you wont loose (in theory) any custom changes.

Gordon recommended creating a “Closed Alerts” view as SCOM will auto close alerts if they exceed a threshold, and then go below the threshold.  This is cool, but you might want to see them, hence the need for this view.

OWA Monitoring with SCOM doesn’t work too well, but the built in Web Application recording facility in SCOM is a better way to monitor OWA in SCOM.

Some other stuff:

  • You should run the script New-TestCasConnectivityUser.ps1 in the Exchange Server 2007 to create the test mailbox for MOM/SCOM. Run it in the Scripts folder under the Exchange Server 2007 installation directory. You will need to run  this on each mailbox server you have.
  • A Monitor rule has a “Before and After” condition.  This will set an alert (go red) and have the ability to clear (go green)
  • A Rule is as simple as picking an event
  • SCOM has 3 type of notifications: SMTP, SMS text (built in GSM interface, all you need is a GSM modem to hang off the server), IM / OCS.
  • Priority: High, Medium, Low.  Can be used to monitor the same alerts for different types of servers like production and test servers, and works well with overrides
  • Create a group for production & uat servers
  • You should create a Distribute Applications View for Exchange.
  • It is now possible to put components into maintenance mode as well as a server.  To completely put a server into maintenance mode you will still get heartbeat alerts, and need to put another two components into maintenance mode too.
  • 75% of the SCOM SDK is in the UI.  So 25% is only available via Windows Powershell.
  • Availability reporting is now out of the box and you can report on application availability.  You can also select business hours!  You can drill down in the report too!
  • The size of the Data warehouse SQL database will now be 2 thirds smaller than MOM due to the way SCOM aggregates data and only collects changes in counters.
  • With MOM the data warehouse was written to once a day.  With SCOM it is written to all the time and is up to the minute!
  • Gordon helped develop a Service Level Dashboard that can report SLA information for applications. This is coming soon!

There are some bugs in the SCOM, that are resolved with the Exchange 2007 MP Version 6.0.6278.12 and these KBs: 950853, 951979, 951380.  Basically this is all to do with the way SCOM agent interfaces with some of the exchange powershell commands causes a memory link in the SCOM agent that causes the agent to fail.

This is a handy link to a post that explains how to setup Exchange 2007 MOM Monitoring

Gordon’s Tip on the first things to do when you walk into a preinstalled SCOM environment:

  • Go into SCOM, Reporting and run “Most Common Alerts”.  This will give you the most common alerts for the last 24 hours for each management pack.

Enjoy .. Any comments or bit I have wrong, please comment

Exchange 2007 Service Pack 1 – RU3

Okay that was a smoother installation than I expected.  So Ari recommended using this from the command prompt

Exchange2007-KB949870-x64-EN.msp /quiet /lxv* KB949870.log

I Did bit found it a bit scarey that you get no feedback on what is happening so I tried /passive instead. 

But what I did find was this in the Application event log when the rollup was applied:

Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1022
Description:
Product: Microsoft Exchange Server – Update ‘Update Rollup 3 for Exchange Server 2007 Service Pack 1 (KB949870) 8.1.291.2’ installed successfully.

Another check is to use Add/Remove programs, check the “show updates” and then under “Microsoft Exchange Server 2007”, you should see “Update Rollup 3 for Exchange 2007 Service Pack 1(KB949870)

Essentially you can query the subkeys for this: SOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products461C2B4266EDEF444B864AD6D9E5B613Patches
 

OST performance slow? Defrag it

I found this up on BlankMan’s Blog and it’s damm cool.

… One of the frustrating realities about OST files is that they become progressively slower as they become older. One of the factors influencing this is fragmentation.

 As the Exchange Team blog says: 
“We usually recommend no more than about 2500 – 5000 messages in any of the critical path folders.  The critical path folders are the Calendar, Contacts, Inbox, and Sent Item folder. Ideally, keep the Inbox, Contacts and Calendar to 1000 or less.  Other folders, particularly custom folders created by the user, can handle having larger numbers of items without having a broad impact on the user experience (20,000 items in my “Cookie Recipes” folder?  No problem – except when I need to find that recipe from last Christmas!).”

So the more folders, the slow thing go … so BlankMan used Contig.exe from Sysinternals to defrag is OST :-|.  Contig is a single-file defragmenter that attempts to make files contiguous on disk and is perfect for quickly optimizing files that are continuously becoming fragmented, or that you want to ensure are in as few fragments as possible.

The syntax for Contig.exe:

Contig v1.54 – Makes files contiguous
Copyright (C) 1998-2007 Mark Russinovich
Sysinternals – http://www.sysinternals.com/


Contig is a utility that relies on NT’s built-in defragging support
to make a specified file contiguous on disk. Use it to optimize execution
of your frequently used files.

Usage:
    d:utilsContigContig.exe [-v] [-a] [-s] [-q] [existing file]
or  d:utilsContigContig.exe [-v] -n [new file] [new file length]

  -v: Verbose
  -a: Analyze fragmentation
  -q: Quiet mode
  -s: Recurse subdirectories

So lets check out my OST:

C:>d:utilsContigContig.exe outlook0.ost -a

Contig v1.54 – Makes files contiguous
Copyright (C) 1998-2007 Mark Russinovich
Sysinternals – http://www.sysinternals.com/

Processing outlook0.ost
outlook0.ost is in 42 fragments

Summary:
     Number of files processed   : 1
     Average fragmentation       : 42 frags/file

d:utilsContigContig.exe outlook.ost -a

Contig v1.54 – Makes files contiguous
Copyright (C) 1998-2007 Mark Russinovich
Sysinternals – http://www.sysinternals.com/

Processing C:outlook.ost
C:outlook.ost is in 61 fragments

Summary:
     Number of files processed   : 1
     Average fragmentation       : 61 frags/file

so time to defrag

C:>d:utilsContigContig.exe outlook.ost

Contig v1.54 – Makes files contiguous
Copyright (C) 1998-2007 Mark Russinovich
Sysinternals – http://www.sysinternals.com/

Processing C:outlook.ost

Summary:
     Number of files processed   : 1
     Number of files defragmented: 1
     Average fragmentation before: 61 frags/file
     Average fragmentation after : 1 frags/file

Kewl, now lets check it out
C:d:utilsContigContig.exe outlook.ost -a

Contig v1.54 – Makes files contiguous
Copyright (C) 1998-2007 Mark Russinovich
Sysinternals – http://www.sysinternals.com/

Processing outlook.ost
C:outlook.ost is defragmented

Summary:
     Number of files processed   : 1
     Average fragmentation       : 1 frags/file

Kewl ;-) Thanks BlankMan!

MS08-039: Which users are vulnerable to the OWA XSS vulnerability?

This makes an interesting read .. Found it up on the Security Vulnerability Research & Defense Blog


Today we released MS08-039 which addressed several XSS vulnerabilities in Microsoft Exchange’s Outlook Web Access component.  While this is an update to be applied to the Exchange server, the clients who use OWA are the computers potentially at risk.  We’d like to explain a little more about the vulnerability so that you can determine whether you or your organization are at risk.

OWA has two modes: OWA Light (or OWA Basic for Exchange 2003), and OWA Premium. In short, if OWA Light/Basic is used, you are vulnerable to the XSS vulnerability. You can tell whether OWA Light is used via the “Use Outlook Web Access Light” check box in OWA’s logon screen.

Security Update for Exchange Server 2003 SP2 (KB950159)

So we have a KB, Download and a Security Bulletin ;-) 

NOTE: This also affects Exchange 2007, but is included in RU3 for Exchange 2007 SP1 and RU7 for Exchange 2007 RTM

Source: http://www.microsoft.com/downloads/details.aspx?FamilyID=e099c1d1-5af6-4d6c-b735-9599412b3131&DisplayLang=en

This update addresses the Microsoft Exchange Server vulnerability addressed in the Microsoft Security Bulletin MS07-026.


MS08-039: Vulnerabilities in Outlook Web Access for Exchange Server could allow elevation of privilege
http://support.microsoft.com/kb/953747


Microsoft Security Bulletin MS08-039 – Important
http://www.microsoft.com/technet/security/bulletin/MS08-039.mspx

Executive Summary
This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session. This security update is rated Important for all supported editions of Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by modifying the validation of HTTP session data within OWA. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation.  Microsoft recommends that customers apply the update at the earliest opportunity.
Known Issues.  Microsoft Knowledge Base Article 953747 documents the currently known issues that customers may experience when installing this security update

Affected Software
Microsoft Exchange Server 2003 Service Pack 2
Microsoft Exchange Server 2007
Microsoft Exchange Server 2007 Service Pack 1
 

Update Rollup 3 for Exchange Server 2007 SP1 and Update Rollup 7 for Exchange 2007 RTM have been released

ohh .. Rollup, rollup (sorry couldn’t resist!) HOT off the press!


Update Rollup 3 for Exchange Server 2007 Service Pack 1 (KB949870)
http://www.microsoft.com/downloads/details.aspx?FamilyId=63E7F26C-92A8-4264-882D-F96B348C96AB&displaylang=en

Update Rollup 3 for Exchange Server 2007 Service Pack 1 (SP1) resolves issues that were found in Exchange Server 2007 SP1 since the software was released. This update rollup is highly recommended for all Exchange Server 2007 SP1 customers.

For a list of changes that are included in this update rollup, see KB949870 (http://support.microsoft.com/?kbid=949870).

This update rollup does not apply to Exchange Server 2007 Release To Manufacturing (RTM). For a list of update rollups applicable to Exchange Server 2007 RTM, refer to the section Update rollups for Exchange Server 2007 RTM in the Knowledge Base article KB937052.


Update Rollup 7 for Exchange Server 2007 (KB953469)
http://www.microsoft.com/downloads/details.aspx?FamilyId=086A2A13-A1DE-4B1D-BD12-B148BFD2DAFA&displaylang=en

Update Rollup 7 for Exchange Server 2007 resolves issues that were found in Exchange Server 2007 since the software was released. This update rollup is highly recommended for all Exchange Server 2007 customers.

For a list of changes that are included in this update rollup, see KB953469 (http://support.microsoft.com/?kbid=953469).