Month: December 2011

RIM / BlackBerry buyout

by ucinfo, posted in BlackBerry, Microsoft

#BlackBerry
Number of interesting articles in the news over the last couple of days, with the likes of Amazon and Microsoft / Nokia looking at buying RIM.

Could be interesting to see where this goes, especially with the fact that RIM licences ActiveSync from Microsoft already and the new BBx devices may or may not ;-) natively support the ActiveSync protocol.

Think it would be good for Microsoft / Nokia to takem, Nokia with the devices and Microsoft with the server products .. Let’s see … Wonder if you can get Windows Phone 7 ported to a playbook?

Enumerate-Groups.ps1

by ucinfo, posted in Powershell

#Powershell #Exchange2010

I just wanted to share this cmdlet I created today.  I had a need to workout from Nested Groups including DDL’s the number of users a DL would reach, so I knocked this baby up.

Its v1, so any feedback is very welcome.  Usage is basically

Enumerate-Groups.ps1 –GroupName “Group”

or

Get-Group “Group” | ForEach{.Enumerate-Groups.ps1 –GroupName $_.DistinguishedName }

Enjoy

 

PARAM([String]$GroupName="",[Switch]$ShowUsers=$False, [String]$DomainController="<DC NAME>")

If($GroupName -eq ""){Write-Host "You need to specify a group";Exit}

##########################################################################################

$AppName = "Enumerate-Groups.ps1"

$AppVer  = "v1.0 [19 December2011]"

#v1.0 19 Dec 2011 : A script it born

#

# This script take a groupname as an agrument and then attempts to enumerate the users

# contained in the group by checking all necessary nested groups

#

#Parameters:

#GroupName        : Name of the group (top level) that you want to enumerate

#ShowUsers        : Displays and exports userlist to CSV

#DomainController : Name of a DC to use

#

#Written By Paul Flaherty

#blogs.flaphead.com 

##########################################################################################

#Display script name and version

#########################################################################################

Write-host " " $AppName -NoNewLine -foregroundcolor Green

Write-Host ": " $AppVer -foregroundcolor Green

Write-host "`n Run on $ServerName at $Today by $xUser" -foregroundcolor Yellow

Write-Host "|——————————————————————-|`n"

##########################################################################################

#Load the Exchange 2010 bits & bobs

#########################################################################################

$xPsCheck = Get-PSSnapin | Select Name | Where {$_.Name -Like "*Exchange*"}

If ($xPsCheck -eq $Null) {Add-PsSnapin Microsoft.Exchange.Management.PowerShell.e2010}

Import-Module ActiveDirectory

Function Enumerate-Group($InGroup){

  $tmpADo = Get-AdObject $InGroup  -Server $script:dc

  $tmpADo.ObjectClass

  If($tmpADo.ObjectClass -ne "msExchDynamicDistributionList"){

    $tmpExGroup = Get-Group $InGroup -resultsize 1 -DomainController $Script:DC

    $tmpGroup = Get-ADGroup $tmpExGroup.DistinguishedName -Properties Members  -Server $script:dc

    Write-Host "-"$tmpGroup.Name":"$tmpGroup.ObjectClass

    Write-host "+- Member Count: " $tmpGroup.Members.Count

    $Members = $tmpGroup.Members | Sort

    ForEach($Item in $Members){

      $tmpMember = Get-AdObject $Item  -Server $script:dc

      $tmpName   = $tmpMember.Name

      If($tmpMember.ObjectClass -ne "user"){

        Write-Host "+–" $tmpName":" $tmpMember.ObjectClass

      }

      $tmpUsers = "" | Select Name, DDL

      If($tmpMember.ObjectClass -eq "user"){

        $tmpUsers.Name = $tmpMember.name

        $tmpUsers.DDL  = $tmpGroup.Name

        $Script:Users += $tmpUsers

      }#If user

      if($tmpMember.ObjectClass -eq "group"){Enumerate-group $tmpMember.Name}

      if($tmpMember.ObjectClass -eq "msExchDynamicDistributionList"){

        Enumerate-DDL $TmpMember.Name

      } #If msExchDynamicDistributionList

    } #ForEach

  }ELSE{

    Write-Host "-"$tmpADo.Name":"$tmpGroup.ObjectClass

    Enumerate-DDL $tmpADo.Name

  }#IF

} #Function Enumerate-Group

Function Enumerate-DDL($InDDL){

  $tmpDDL   = Get-DynamicDistributionGroup $InDDL -DomainController $Script:DC

  $mc = Measure-Command {$tmpRecp  = Get-Recipient -RecipientPreviewFilter $tmpDDL.RecipientFilter -OrganizationalUnit $tmpDDL.RecipientContainer -ResultSize Unlimited -DomainController $Script:DC}

  $tmpCount = 0

  ForEach($r in $tmpRecp){$tmpCount ++}

  Write-Host "+— User Count: " -NoNewLine

  Write-Host $tmpCount -ForeGroundColor Green -NoNewLine

  Write-Host " in" $mc.TotalSeconds "Seconds`n"

  ForEach($item in $tmpRecp){

    If ($Item.name -ne ""){

      $tmpUsers = "" | Select Name, DDL

      $tmpUsers.Name = $Item.name

      $tmpUsers.DDL  = $tmpDDL.Name

      $Script:Users += $tmpUsers

    }

  }#ForEach

}#Function Enumerate-DDL

$script:DC    = $DomainController

$Script:users = @()

Write-Host "Domain Controller:.. $script:dc"

Write-Host "Show Users:……… $ShowUsers"

$g = Get-ADObject $GroupName -Server $script:dc

If($g -eq $Null){Write-host "Problem with the group";Exit}ELSE{Enumerate-group $GroupName}

$totusers  = $script:Users.Count

$tmpusers  = $script:users | sort Name -Unique

$totuusers = $tmpusers.count

Write-Host "`nTotal Users: " -NoNewLine

Write-Host $totusers -Foregroundcolor Green

Write-Host "`nTotal Unique Users: " -NoNewLine

Write-Host $totuusers -Foregroundcolor Green

If($ShowUsers){

  Write-Host "`n`nUser List" -foregroundcolor blue

  Write-Host "- Exporting to GroupUserList.csv"

  $Script:Users | Export-CSV GroupUserList.csv -NoTypeInformation -Delimiter "|"

  $Script:Users | sort DDL, Name

}

#End

RIM delays BlackBerry 10 phones until late 2012

by ucinfo, posted in BlackBerry

#BlackBerry

Read this in the Time today.  This is really going to mess up my roadmap Disappointed smile

http://www.manufacturingdigital.com/technology/rim-delays-blackberry-10-phones-until-late-2012

Former king of the corporate smartphone market BlackBerry looks set to lose further ground to rivals Apple, Samsung, HTC and the rejuvenated Nokia. Research In Motion (RIM) revealed that its range of BlackBerry 10 devices will not come out until late 2012.

The range of smartphones were due to be released in the first quarter of next year, however RIM’s co-CEO Mike Lazaridis told analysts on a conference call that a required highly integrated chipset would not be available until mid-2012.

Forefront Protection for Exchange

by ucinfo, posted in Exchange 2010, Forefront

#Exchange #Exchange2010

So it’s been annoying me, when Forefront sends you an email, the from address it is a bit pants, and I want to change it.  By default it’s ForefrontServerProtection@servername.server.

I looked around the PowerShell add in for Forefront and drew a blank so after a bit of googling I found this: http://technet.microsoft.com/en-us/library/dd639362.aspx

Essentially …

Changing the From address for notifications

FPE utilizes SMTP messaging for notification purposes, placing the message in the SMTP service Pickup folder and resolving the Exchange name with the Active Directory directory service. By default, the server profile used for identifying notifications is: ForefrontServerProtection@servername.server. However, you can change this server profile by modifying the FromAddress registry value.

To modify the FromAddress registry value

Open the Registry Editor and navigate to the following registry key:

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftForefront Server SecurityNotifications

Modify the default value of FromAddress to the sender name you would like. Alphanumeric characters are acceptable. You may also use the at sign (@) or a period (.), but these characters cannot be the first or last character. Any illegal characters will be replaced with an underscore (_).

You must restart the relevant Microsoft Exchange and Microsoft Forefront Server Protection services in order for this change to take effect.

What computer locked me out

by ucinfo, posted in Uncategorized

So following on my other two posts Who locked me out? and AD Account Lockout is what is probably the last on this subject .. What computer locked me out.

Found this and its shweet: http://serverfault.com/questions/32633/how-to-check-who-is-currently-logged-on-to-windows-workstation-from-command-line

My problem today, was that some donkey was logging on to server using a service account, and getting the password wrong Disappointed smile and so locking the service account out!

So you can check on the server itself in the security log for event id 529.  The hope is that this will show a Source Network Address.

What you can then do is use the following command with the Source Network Address to find the donkey that is using the computer and so locking the account out!

WMIC /NODE: <IP or hostname> COMPUTERSYSTEM GET USERNAME

This should return the username currently logged!  How cool is that?!

BES 5.0 SP3 MR 6

by ucinfo, posted in BlackBerry, Exchange 2010

#BlackBerry #Exchange #Exchange 2010

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 | Service Pack: 3 | Maintenance
Release: 6

Service Pack 3 Maintenance Release 6

  • Filename: besx503mr6.zip
  • Filesize: 192 MB
  • Date posted: 14-Dec-11

http://docs.blackberry.com/en/admin/deliverables/37020/BlackBerry_Enterprise_Server_for_Microsoft_Exchange-Maintenance_Release_Notes–1931471-1130104742-001-5.0.3-US.pdf

FIXED ISSUES

Activation

  • *If you created a new user and selected Create a user with a generated activation password, the BlackBerry Administration Service did not always send the activation email. (DT 1059145)

BlackBerry Administration Service

  • *In some circumstances an exception error was displayed when an administrator searched for data using particular search criteria. (DT 2033693)
  • *The BlackBerry Administration Service became slow to respond and administrators could not log in due to an SQL disconnect. (DT 2019181)
  • Several BlackBerry Web Services API calls were not integrated with the BlackBerry Administration Service. (DT *2330494, 1970659, 1967817, 1938039, 1889249, 1889248, 1889245, 1889244, 1889215, 1889210, and 1889207)
  • After you upgraded from BlackBerry Enterprise Server 5.0 SP2 to 5.0 SP3, the BlackBerry Administration Service might not have performed as expected. This might have been the result of the BlackBerry Administration Service attempting to process a large number of tasks that it could not process during the upgrade. (DT 1968029)
  • The BlackBerry Administration Service did not clear old addresses from the database causing the database to gradually increase in size until you could not add new users. (DT 1842397)
  • *In some circumstances, administrators with the appropriate permissions were not able to see the list of users in a group. (DT 1271633)
  • *Administrators could not send IT policies through the policy server directly, which delayed the delivery of IT policies to devices because of dependencies on previous job tasks. (DT 1225228 )
  • If you upgraded BlackBerry Enterprise Server to 5.0 SP3 while the BlackBerry Administration Service was reconciling jobs, the BlackBerry Administration Service did not finish reconciling jobs after the upgrade process completed. (DT 1216175)
  • If one BlackBerry Administration Service instance sent a reconciliation task to a second instance, and the connection between the instances dropped so that the reconciliation task failed, reconciliation stopped on all BlackBerry Administration Service instances. The first BlackBerry Administration Service instance then wrote the following error to its log file: “org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket:”. The BlackBerry Administration Service checks for unprocessed reconciliation events every 24 hours and restarts them at that time. For more information, contact RIM Support. (DT 1159175)
  • *If a user switched to another device, the BlackBerry Administration Service sent applications to the device before the device had completed the activation process, and the device could not properly install the applications. (DT 1120052)
  • *If there were thousands of software configuration jobs pending, the BlackBerry Administration Service became unresponsive and administrators were unable to log in. (DT 1087186)
  • If you set the BlackBerry Device Software deployment managed by BlackBerry Administration Service option to Yes, the BlackBerry Administration Service did not hide the Allow Wireless Security Updates IT policy rule, even though it is no longer applicable. (DT 1056730)
  • When the BlackBerry Administration Service lost a connection to the BlackBerry Configuration Database, the BlackBerry Administration Service was restarted and some events were not processed. (DT 1042891)
  • If you updated the SMTP email address of administrators with access to the BlackBerry Monitoring Service in Microsoft Active Directory, the BlackBerry Administration Service did not update the email address in the BlackBerry Configuration Database. (DT 1028523)
  • The interval for the failsafe mechanism in the BlackBerry Administration Service was too long (24 hours), which meant that some events were not processed in a timely manner. (DT 1014960)
  • *The BlackBerry Administration Service did not support searching for user accounts using the mailbox ID. As a result, if you used the BlackBerry Enterprise Server User Administration Tool, you could not search for user accounts by canonical name. (DT 604566)

BlackBerry Attachment Service

  • When a user viewed an .xls or .xlsx attachment on their device, negative percentages (example, -25%) were not displayed correctly. (DT 1428205)

BlackBerry Collaboration Service

  • Some valid characters were not permitted in the user name or domain name for Microsoft Office Communications Server. (DT 2081919)
  • *Users were unable to log in to enterprise instant messaging when the BlackBerry Enterprise Server pool and the instant messaging server pool appeared in different DNS subdomains. (DT1115118)
  • On some occasions, when users were logged in to the client for Microsoft Office Communications Server 2007 R2 on both their computer and their device, the first reply to a new chat session was not delivered. (DT 1031517)
  • If a BlackBerry device user using Microsoft Office Communications Server sent instant messages to a recipient that was logged in to both a BlackBerry device client and Microsoft Communicator Web Access, the messages were not received. (DT 525962)
  • Users were unable to re-invite participants to an expired conference. (DT 353483)

BlackBerry MDS Connection Service

  • *The BlackBerry MDS Connection Service did not send an error message to the device when it dropped a connection request. (DT 2082262)
  • *Users were unable to browse to internal and external websites from their devices because the BlackBerry MDS Connection Service stopped responding to incoming IPPP requests. (DT 2036927)
  • *Users were unable to load a map image when a direct request was made to the website. (DT 1995079)
  • *When a device was activated with a SIM card, and then the SIM card was removed, the BlackBerry Enterprise Server was unable to push data to the device over a Wi-Fi connection. (DT 1437011)
  • If you gave the Microsoft SQL Server a name that contained a "$", the BlackBerry MDS Connection Service did not start. (DT 1429111)
  • You could not send push messages to large numbers of users in groups that were on different BlackBerry Enterprise Server instances. (DT 1404460)
  • If the list of supported BlackBerry Dispatcher instances for the BlackBerry MDS Connection Service exceeded 256 characters, the BlackBerry MDS Connection Service was unable to process any push requests. (DT 1175023)
  • If you submitted a certificate request to a CA a second time for the same profile, the enrollment might have failed. (DT 1175008)
  • When you disabled the "Use scalable HTTP" feature of the BlackBerry MDS Connection Service, users could not access some HTTPS sites. (DT 1170693 and DT 1049666)
  • If a group in the BlackBerry Administration Service had users that resided on mult
    iple BlackBerry Enterprise Server instances, push messages to that group failed. (DT 1125058)
  • After a user submitted numerous certificate requests to an enterprise CA or stand-alone CA that were approved, an enrollment process might have failed while the device was waiting for an approved certificate. (DT 1116098)
  • *If your organization used a proxy server for web browsing on a device, users could not log in to an application that had been coded with the TLS setting "EndToEndRequired" (for example, BlackBerry App World™). (DT 914899)
  • If you configured integrated Windows authentication for the BlackBerry MDS Connection Service, set the File URL Pattern to .*, and created the required access control rules, when a user tried to browse to a file that included an @ (at sign) in the file name, the device could not display the file. The BlackBerry MDS Connection Service truncated the file and removed every letter before the @. The BlackBerry MDS Connection Service also logged a DFTF/1.1
    404 error message in its log file. (DT 846883)

BlackBerry Mail Store Service

  • *When a company that is hosting the BlackBerry Enterprise Server added a new user to their mail  server, they had to wait up to 24 hours before they could add the user to the BlackBerry Enterprise Server. (DT 1391094)

BlackBerry Messaging Agent

  • There is improved handling of partial name collisions that may have occurred in the LegacyExchangeDN field where the expected user account had been disabled. (DT 1448927)
  • When a missed call message was delivered to Microsoft Outlook, the same message was not delivered to the BlackBerry device. (DT 1161394)
  • *The PFContactMonitor scan was running a full scan approximately every 20 minutes, instead of once a day or on restart. (DT 1147411)
  • In some circumstances email messages were not delivered promptly because of high disk I/O on Microsoft Exchange 2010 mailbox servers. (DT 1141515)
  • *When performing a user lookup using a device, fields in the user search results might have appeared blank if the user account had multiple values entered for a field. For example, if the user account had multiple home phone numbers, the search results did not display the user’s home phone number. (DT 1002292)
  • When you composed an email message containing both Hebrew and English characters on a device, the version that was received in Microsoft Outlook was not readable because the direction of the Hebrew characters was changed. (DT 765816) Support for bi-directional languages is also dependent on an update to BlackBerry Device Software that will be available following the release of this MR.

BlackBerry Enterprise Server Resource Kit

  • The BlackBerry Enterprise Server Resource Kit 5.0 SP3 includes the BlackBerry Directory Sync Tool, which you can use to synchronize the membership of security and distribution groups in Microsoft Active Directory to selected groups in a BlackBerry Domain. In the initial release of the tool, you could not synchronize group membership  from a group in Microsoft Active Directory to a BlackBerry Enterprise Server group that had more than 2000 members. After you upgrade to BlackBerry Enterprise Server 5.0 SP3 MR3, you can make changes to the tool’s configuration file and use the tool to synchronize group membership to BlackBerry Enterprise Server groups with more than 2000 members.

    For more information about changing the maximum size of a BlackBerry Enterprise Server group that the tool can synchronize changes to, visit http://www.blackberry.com/go/serverdocs to read the BlackBerry Analysis, Monitoring, and Troubleshooting Tools Administration Guide. (DT 1214644)

BlackBerry Synchronization Service

  • *When a user was migrated from BlackBerry Enterprise Server 4.x to 5.x, the BlackBerry Synchronization Service did not trigger a versioning check so users could not see records belonging to any newly added or updated syncable databases. (DT 2077524)
  • When the BlackBerry Synchronization Service tried to synchronize data for many devices that were not in service, a high CPU usage resulted. (DT 1839166)
  • In certain circumstances, the throttling code scheduled more slow synchronization requests than expected, which might have increased the CPU usage on the computer where the BlackBerry Synchronization Service is installed. (DT 1008489)
  • In certain circumstances, when backing up PIN messages for a particular user account, the BlackBerry Synchronization Service stopped responding. (DT 796168)

BlackBerry Web Desktop Manager

  • When you used the default version of USB drivers to connect a BlackBerry device to BlackBerry Web Desktop Manager, sometimes the attached device was not recognized and could not be activated. (DT 1168677)

High Availability

  • *After a failover, in some circumstances the newly active BlackBerry Enterprise Server could not access a user’s mailbox. (DT 1838303)

Logging

  • SMS log files truncated the first two characters from email addresses in the To field. (DT 711626)

Organizer data synchronization

  • Contacts that used a custom message class, did not synchronize with Public Folders. (DT 1400600)
  • If you changed the Mappings settings for organizer data synchronization at the component level, the organizer data was not synchronized. (DT 1396390)

Security

  • A vulnerability in the BlackBerry Collaboration Service could have allowed a potentially malicious BlackBerry device user within an organization to log in to the BlackBerry Collaboration Service as another BlackBerry Collaboration Service user within the same organization. The potentially malicious user could then impersonate the legitimate
    user within the enterprise instant messaging environment. The vulnerability was present in the component that provides connectivity between the BlackBerry Collaboration Service and the following clients on a BlackBerry
    device:
    • BlackBerry Client for use with Microsoft Office Communications Server 2007 R2
    • BlackBerry Client for use with Microsoft Lync Server 2010
    For more information about the issue, visit http://www.blackberry.com/btsc to read article KB28524. (DT 2047669)
  • *Some BlackBerry Enterprise Server ports allowed weak cipher suites that should have been excluded on certain SSL encrypted connections. (DT 1254022)
  • Vulnerabilities existed in how the BlackBerry Collaboration Service and the BlackBerry Messaging Agent processed PNG images and TIFF images for rendering on BlackBerry devices. These vulnerabilities could have allowed a potentially malicious user to execute arbitrary code using the privileges of the BlackBerry Enterprise Server login
    account. (DT 1238271 and DT 1125216)
  • These issues are resolved by this maintenance release. The update replaces the image.dll file that the affected components uses with an image.dll file that is not affected by the vulnerabilities. For more information, visit http://www.blackberry.com/btsc to read KB27244.
  • A vulnerability existed in the BlackBerry Administration API which could have allowed an attacker to read files that contain only printable characters on the BlackBerry Enterprise Server, including unencrypted text files. Binary file formats, including those used for message storage, were not affected. This issue could have caused resource exhaustion and therefore could have been leveraged as a partial Denial of Service. The vulnerability was limited
    to the user permissions granted to the BlackBerry Administration API. (DT 1183849)
    For more information, visit http://www.blackberry.com/btsc and read KB27258.

SNMP

  • If SNMP for the BlackB
    erry Monitoring Service was not set up correctly, the BlackBerry MDS Connection Service continuously wrote the following error to its log file: <ERROR>:<LAYER = SCM, BMS: setConfigConfig failed rc=-1000>. (DT 891612)

UK DLVA V5C

by ucinfo, posted in Uncategorized

I got a new red V5C vehicle log book in the post.  The attached note made me smile. 

Q. Why have you sent me a new V5C(NI)?
A. We are replacing all existing blue V5C(NI)s. The new certificate is being introduced following the theft of a number of blank blue V5Cs. The aim is to reduce the risks to motorists of buying a stolen or cloned vehicle.
For tips and advice go to www.direct.gov.uk/motoring

WTF, you don’t keep them under lock and key?

Some more links

http://www.direct.gov.uk/en/Motoring/BuyingAndSellingAVehicle/RegisteringAVehicle/DG_189329

http://www.direct.gov.uk/en/Nl1/Newsroom/DG_189469

Elevation of privilege vulnerability for the BlackBerry PlayBook

by ucinfo, posted in BlackBerry, PlayBook

#BlackBerry #PlayBook

Doh!

http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB29191

This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 7.2/10.

12-06-2011: A vulnerability that could allow elevation of access privilege on a BlackBerry PlayBook tablet exists in the BlackBerry PlayBook service used to share files over a USB connection between the tablet and a computer running BlackBerry Desktop Software. This vulnerability cannot be exploited by a remote attacker and it presents a low security risk of elevation of privilege attacks against BlackBerry PlayBook tablet users. RIM is not currently aware of this issue being used in attacks against BlackBerry customers.

A user could execute specially crafted code to use this vulnerability to manipulate a BlackBerry PlayBook backup archive file and alter a specific configuration file in order to gain root user privileges (access to system administration-level functionality) on the BlackBerry PlayBook tablet. An individual attempting to use this vulnerability to gain root privileges to the BlackBerry PlayBook tablet requires local access to both the tablet and to the connected computer running BlackBerry Desktop Software, including knowledge of any security passwords that are set.

 

Exchange 2010 whitespace reclamation

by ucinfo, posted in Exchange 2010

#Exchange2010

Sanjay sent me this from a Symantec blog by Alex Brown  .. interesting, very interesting.  The Microsoft hotfix listed in the KB doesn’t seem to be available (The KB article has no public hotfixes.)? Wonder if it’s included in SP2?

http://www.symantec.com/connect/blogs/exchange-2010-whitespace-reclamation-0

Some of you may be aware of a scenario in which the reclamation of Exchange 2010 database whitespace during item deletion or truncation is not as great as expected. So why is this a problem for Enterprise Vault customers?

Archiving data from a mailbox will frequently invoke either a deletion or truncation request to the Exchange server. If Exchange is not fully honouring this request then the database from which a customer is archiving will continue to grow as pending whitespace reclamation requests are not processed fully and available whitespace is not recognised.

The good news is that Microsoft have recognised and now resolved the issue: http://support.microsoft.com/kb/2621266

So what was the problem?

In summary the primary complaint was that in some cases Exchange 2010 customers were noticing that their mailbox databases were continuing to grow even though archiving was taking place and items were being archived as normal. The root cause of this was actually down to how Exchange reclaims whitespace and specifically the changes to this process in Exchange 2010. Modifications to the Online Defragmentation process caused, in some cases, whitespace to not be reclaimed for re-use essentially making that space unusable.

MS have now issued a fix which corrects the action of Online Defragmentation allowing customers to reclaim the excessive whitespace that has been building up in their databases.

Also check out

http://www.symantec.com/connect/blogs/exchange-2010-whitespace-reclamation

http://www.symantec.com/business/support/index?page=content&id=TECH164949&cache=refresh