About Me

My photo
Chennai, TamilNadu, India
I am Nageswari Passionate on Exchange server Messaging technology..Love my parents like anything & everything.

Exchange Server 2007 Email Routing Architecture

0

Posted by Nageswari Vijayakumar | Posted in | Posted on 4:31 AM

Exchange Server 2007contains a completely new implementation of email routing. Each of the Active Directory service sites where Exchange mailboxes are hosted must have a Hub Transport server role to control messaging between sites, even within a single site. Within this article we will dive a little bit deeper into this new technology and I will explain how it works. Part I explains the vocabulary and the architecture to help you understand how Exchange is designed and how it works, Part II will show how to configure it on Exchange Server 2007 using the GUI administration tools and Powershell.
Message Flow Architecture

The Hub Transport server role is essential for each Exchange Server 2007 to route internal and external emails. The service running on these servers is the Exchange Transport Service (MSExchangeTransport.exe).

Inbound Email

Inbound email is email that is delivered from outside Exchange Server 2007, for example, from the Internet. We should have a gateway server implemented which can be an Edge Transport server role or Hub Transport server role. This depends on what internet connectivity and firewall structure is implemented. Best practice should be installing an Exchange Server 2007 Edge Transport server role residing in the perimeter network (also known as DMZ) without the need of Active Directory. This server then routes incoming messages into your Exchange Server 2007 organization.

Outbound Email

Outbound email means messages that are being sent from internal mailbox users to external recipients residing on the Internet. After a Hub Transport server has processed the mail and identified it as outbound mail, the server routes it to the Internet, either directly or again by passing a gateway server. This gateway server can be an Edge Server Transport server.

Local Email

Local mail flow refers to messages that are processed by a Hub Transport server in an Exchange Server 2007 organization and delivered to a mailbox on the same Active Directory Site.

Remote Email

Remote Email flow refers to messages that are processed by a Hub Transport server in an Exchange Server 2007 organization and delivered to a mailbox on a different Active Directory site from the source mailbox.
SMTP Connectors

SMTP connectors are Exchange Server 2007 components that support one-way SMTP connections. Due to this new restriction (based on earlier versions of Exchange Server) we need two connectors:

*
SMTP Receive Connectors
*
SMTP Send Connectors

An SMTP Receive connector is required for an Exchange Server 2007 server system to accept any SMTP connection. It is used to enable an Exchange Server Hub Transport role or Edge Transport server role to receive email from any other SMTP server on the Internet, other Exchange Server 2007 Hub Transport server roles, Edge Transport server roles or other Exchange Server 2007 environments. You can configure multiple SMTP Receive connectors with different parameters on a single Exchange Server due to implementation or high availability reasons. You do not have to create SMTP Receive connectors to route mail between Hub Transport server roles within the same forest.

An SMTP Send connector is required for an Exchange Server 2007 system to send any SMTP email. It is required to send email to any SMTP server on the internet or to any SMTP server within the same Exchange Server organization.

You can manage each of them using the Exchange Management Console or Exchange Management Shell. To manage connectors using the shell use the Set-ReceiveConnector and Set-SendConnector cmdlets.
Message Transport Components

To work with Exchange Server and troubleshoot message transport problems you should know the internal workings of Exchange message routing.

Messaging Components are:

*
Submission Queue
*
Store Driver
*
Microsoft Exchange Mail Submission Service
*
Pickup Directory
*
Categorizer

Messages from outside your Exchange organization enter the transport pipeline through an SMTP Receive Connector. Messages inside enter the pipeline through the Hub Transport server role.
Submission Queue

Each Transport server role (Hub or Edge Transport) has one submission queue that is created by the categorizer when Exchange Transport Service starts. It stores all messages on the local hard disk until they are processed by the categorizer for delivery. They are then finally removed from this queue.
Store Driver

Messages sent by a mailbox user enter the transport pipeline when they reach the sender’s outbox. The store driver on the Hub Transport retrieves it from the user’s Outbox and then transfers it to the submission queue. After the message has been successfully added to the submission queue, it is moved from the sender’s Outbox to the sender’s Sent Items. Messages are stored in MAPI format and must be converted to Summary Transport Neutral Encapsulation Format (S/TNEF) before being placed in the Submission Queue. This conversion is the job of the store driver, too. If this conversion is unsuccessful, a non-delivery report (NDR) is generated.
Microsoft Exchange Mail Submission Service

The Microsoft Exchange Mail Submission Service is a notification service that runs on Mailbox server roles. It notifies the Hub Transport server role to pick up the message from the sender’s Outbox. If there are multiple Hub Transport server roles on one Active Directory site, the Message Exchange Mail Submission service attempts to evenly distribute notifications between each transport role using static load balancing.
Pickup Directory

Each message that is transferred to the pickup directory has been successfully submitted to the submission queue via the categorizer. Messages placed in the Pickup Directory must be in the appropriate format and have read/write permissions configured. It allows you to take a properly formatted text file and have the Hub Transport server role process and deliver it. This can be very helpful when mail flow is being validated in the organization or relaying specific messages or returning to the transport pipeline. Even 3rd party applications may place messages in the Pickup directory rather than communicating directly with the Exchange Server.
Categorizer

The categorizer always picks the oldest message from the Submission queue and checks whether this message has to be routed internally in the Exchange organization or externally.

On each Hub Transport server the categorizer performs the following tasks:

*
Identification and verification of recipients
*
Expansion of distribution lists
*
Determination of routing paths
*
Conversion of content formats
*
Application of message policies

Implementation of Message Transports

Every time you install Hub Transport server roles in Exchange Server 2007 environments, message routing is enabled by default, but you may need to configure additional options on the Hub Transport server role. This process can look like this:

*
Configure server-specific settings
*
Configure authoritative domains and email address policies
*
Configure a postmaster mailbox
*
Configure Internet message flow
*
Configure messaging policies
*
Configure administrative permissions:
o
Exchange Organization Administrators
o
Exchange Server Administrators
o
Exchange View-Only Administrators

Each of these configuration settings are unique and need to be defined in a design document before the configuration for each company.
Conclusion

As you have seen within this theoretical drilldown, Exchange Server 2007 email routing is a little bit different to earlier versions, but this new release allows a clear and easily understandable way to configure Email transport using role based installation and configuration tasks.

In the next part of this article you will see how the tasks described can be configured within Exchange Server 2007 using the GUI administration tools and the Exchange Server Powershell, too

WIndows Server 2008

0

Posted by Nageswari Vijayakumar | Posted in | Posted on 4:27 AM

Why Add a Child Domain?

There are several good reasons for splitting the new office into its own child domain, here are 3 of them:

* Less Network Traffic between your main office and the new one – that means your company will spend less money on the direct connection between the two offices and you will never experience a network delay.

* You will be able to delegate control of the new network to another administrator who actually lives in the location of the new office. If your offices are close and you are about 20 minutes away to any one of them, then I guess that’s no big deal. But if your main office is located in New York and the new office is going to be in … oh, let’s say Paris, how the heck are you going to get there in case of an emergency? See my point?

* Having the child domain will allow you to keep track what is going on in a specific office.

These are only the main good reasons for creating a child domain. Once you start working in an environment with sub domains you will realize there are a lot more good reasons for splitting the two locations in your Active Directory.
Before you begin …

1. In order to create a child domain on your network, you will need another server, or rather a Domain Controller.

You can build that DC in your main office and then ship it out to the new office. This DC will also be a Global Catalog as well as DNS Server to assist all the clients in the new office with any DNS requests, etc.

2. You also need to prepare your current network for the new sub domain. So before you begin with the new DC configuration you need to do the following:

* Create a new site in your Active Directory that will represent the physical structure of your network. In my example our main office is in New York and the new one is in Chicago. Based on that info, you would create a new site for the Chicago office.

* In addition to the new site you will also need to create a new subnet for your new location. It will allow you to track all of your machines by location. This new subnet should be assigned to your new location.

Once you prepare your network as mentioned above, we are now ready to create a new Domain Controller.
Creating a New Domain Controller

Once you have prepared your network for you child domain and have created the site and sub domain, it’s time to install the new DC on our new site.

As you can see our main office is in New York and we have 3 DCs already configured in the New York Site (see the screenshot below).

Our new site called Chicago doesn’t have any DCs configured yet –- this is where we are going to configure our new DC.

Server 2008 Active Directory: Adding a Child Domain - 1

1. After you have installed Windows Server 2008 on your new machine and completed all the Initial Configuration Tasks, open up Server Manager and click on the Roles section.

Server 2008 Active Directory: Adding a Child Domain - 2

2. We will need to install the Active Directory Domain Services (ADDS) Role first. So go ahead and check the box next to it and click Next.

Server 2008 Active Directory: Adding a Child Domain - 3

3. In this window you will see some additional information about ADDS. Once ready, click on Next.

Server 2008 Active Directory: Adding a Child Domain - 4

4. As always you are being informed that once the installation is completed the server will restart and you will need to use the ADDS Installation Wizard to make the server a fully functional Domain Controller.

Go ahead and click on the Install button.

Server 2008 Active Directory: Adding a Child Domain - 5

5. The installation will now run for a few minutes.

Server 2008 Active Directory: Adding a Child Domain - 6

6. Now it’s time to click on the link and run dcpromo.exe.

Server 2008 Active Directory: Adding a Child Domain - 7

7. Go ahead and click Next on the welcome screen.

Server 2008 Active Directory: Adding a Child Domain - 8

8. And Next again

Server 2008 Active Directory: Adding a Child Domain - 9

9. Since this is going to be your child domain, make sure you select theExisting forest option and then select Create a new domain in an existing forest.

When ready, click on the Next button.

Server 2008 Active Directory: Adding a Child Domain - 10

10. Type in your domain name with the correct internet suffix. In my example I’m are using our globomantics.com domain.

Since this domain already exists and you are logged in to this machine only as a local administrator you will also need to enter alternate credentials of a domain administrator in order to proceed.

So go ahead and click on the Set button.

Server 2008 Active Directory: Adding a Child Domain - 11

11. Enter the domain administrator’s name and password, then hit OK.

Server 2008 Active Directory: Adding a Child Domain - 12

12. When ready, click on Next.

Server 2008 Active Directory: Adding a Child Domain - 13

13. In this step you will need to enter the Fully Qualified Domain Name (FQDN) of your child domain in two steps.

The first is the FQDN of your parent domain. In our example it is going to beglobomantics.com.

Next you need to enter the single-label DNS name of your child domain — that means anything that is before the globomantics.com.

In my example I entered na for na.globomantics.com — as seen on the bottom.

That will be our FQDN for the new child domain. Once ready, click on theNext button.

Server 2008 Active Directory: Adding a Child Domain - 14

14. Now it’s time to select a site for this DC.

Now you see why we needed to create the new site before we started this installation. Select the correct site and click Next.

Server 2008 Active Directory: Adding a Child Domain - 15

15. As mentioned earlier we are going to make this DC be our DNS serveras well as Global catalog for our new site.

Make sure both check-marks are checked and then click on the Nextbutton.

Server 2008 Active Directory: Adding a Child Domain - 16

16. I would recommend leaving the default locations for these databases unless you have a really good reason not to. Click Next.

Server 2008 Active Directory: Adding a Child Domain - 17

17. In this windows you will need to setup the Directory Services Restore Mode Administrative Password for restore purposes.

Go ahead and type that in and then click on the Next button.

Server 2008 Active Directory: Adding a Child Domain - 18

18. On this summary window double check your selections and when ready click Next.

Server 2008 Active Directory: Adding a Child Domain - 19

19. You can check the box Reboot on completion and let the installation complete.

Server 2008 Active Directory: Adding a Child Domain - 20

Congratulations! Your Child Domain has been created!

Server 2008 Active Directory: Adding a Child Domain - 21

Read more: http://newadmins.blogspot.com/search/label/Windows%20Server%202008#ixzz0rlkDgJGo

Difference Between Windows Server 2003 & Windows Server 2008

0

Posted by Nageswari Vijayakumar | Posted in | Posted on 4:26 AM

Difference between windows 2000 server and windows 2003 server

1. Domain rename is not possible in windows 2000

2.In w 2003 server inbuilt firewall is there.

3. windows 2k - IIS 5 and windows 2k3 - II6

4.Windows 2k - IE 5 and Windows 2k3 - IE6

5. Terminal service are enhanced in win2k3

6.Windows 2k doesn't have 64 bit version

7. DNS Stub zone has introduced in win2k3.

8. Shadow copying has introduced.

9. Schema version has changed from ver.13 to ver.30.

10.Win2000 Supports 4-node clustering and 2003 supports 8-node clustering.

11Win 2003 has High HCL Support (Hardware Compatibility List) issued by Microsoft.

12.Code name of 2000 is Win NT 5.0 and Code name of 2003 is Win NT 5.1

13.In 2000 we can create 1 million users and in 2003 we can create 1 billion users.

14.Win2003 has Improved Print management compared to 2000 server.

15.Win2003 has telnet sessions available.

16.Win2000 supports IPV4 whereas 2003 supports IPV4 and IPV6.

17In Win 2000 server we can apply 620 group policies but in 2003 we can apply nearly 720 so Win2003 server is more secure than win 2000 server.

18.Win2000 doesn’t support Dot net whereas 2003 Supports Microsoft .NET 2.0

19.In 2000 it supports of 8 processors and 64 GB RAM (In 2000 Advance Server) whereas in 2003 supports up to 64 processors and max of 512GB RAM.

20.Win2000 has Server and Advance Server editions whereas 2003 has Standard, Enterprise, Datacenter and Web server Editions.

21.Win2000 has basic concept of DFS (Distributed File systems) with defined oots whereas 2003 has Enhanced DFS support with multiple roots.

22.In 2000 there is complexality in administering Complex networks whereas 2003 is easy administration in all & Complex networks.

23.In 2003 we have concept of Volume shadow copy service which is used to create hard disk snap shot which is used in Disaster recovery and 2000 doesn’t have this service.

24.In 2000 we don’t have end user policy management, whereas in 2003 we have a End user policy management which is done in GPMC (Group policy management console).

25In 2000 we have cross domain trust relation ship and 2003 we have Cross forest trust relationship.

26.2003 has service called ADFS (Active Directory Federation Services) which is used to communicate between branches with safe authentication.

27.In 2003 their is improved storage management using service File Server Resource Manager (FSRM).

28.2003 has service called Windows Share point Services (It is an integrated portfolio of
collaboration and communication services designed to connect people, information, processes, and systems both within and beyond the organizational firewall).

29.When installing terminal services for win2000 u r prompted to select application server functions or administrative functions sets can be installed sequently on one server but it performs only one function at one time. But in 2003 still distinguishes between application and administrative services but installation and management are now consolidated.

Win2000 ADS :-
1.Only one million object can be created.
2.Universal group membership is not present.
3. Between parent and child, there is no built in trust .It is called as non-transitive trust.
4. There is only three AD partition, Domain partition, configuration partition, schema partition.
5. In Win 2000 server we can apply 620 group policies .
6. but 2k only Emergency Repair Disk(ERD) is there.

Win2003 ADS :-
1.2 Million object can be created .
2.Between parent and child, there is built in trust .It is called as transitive trust.
3. Same partitions are there in 2003, but one additional partition called Application directory partition is present.
4. but in 2003 we can apply nearly 720 so Win2003 server is more secure than win 2000 Server.
5. Automated System Recovery(ASR) is there.

Read more: http://newadmins.blogspot.com/search/label/Win%202000Server%20and%20Win%202003Server#ixzz0rljkYMNF

Difference Between Exchange Server 2003 & Exchange Server 2007

1

Posted by Nageswari Vijayakumar | Posted in | Posted on 4:24 AM

Difference between Exchange 2003 and 2007

Exchange Server 2003

Exchange Server 2003 may be run on the Windows 2000 Server if the fourth service pack has already been installed. It may also be run on 32 bit Windows Server 2003. There is a new disaster recovery feature that is even better than before. It allows the server to experience less downtime. The Exchange Server 2003 received some features form Microsoft Mobile Information server as well. These include Outlook Mobile Access as well as ActiveSync. Improved versions of anti-spam and anti-virus were also included. Management tools for mailboxes and messages have been improved and Instant Messaging and Exchange Conferencing Server are now separate products. There are two versions available of Exchange Server 2003. These include the Enterprise edition and the Standard edition. There are many other features that are available on Exchange Server 2003.

Exchange Server 2007

When Exchange Server 2003 was released there were no immediate plans as to what would happen to the product. A 2005 edition was dropped and it was not until the end of 2006 that the new version was released. Some of the new features included integration of voicemail, improved filtering, Web service support, and Outlook Web Access interface. The new edition was run on a 64 bit x 64 version of Windows Server. This increases the performance significantly. There are quite a few improvements to Exchange Server 2007. These include better calendaring, improved web access, unified messages, and better mobility. From a system protection standpoint there is more clustering, antivirus, anti spam, and compliance included. The IT experience is improved overall with a 64-bit performance. Deployment is better; routing is simplified as well as the command line shell and GUI.

There have been many changes and improvements to the Exchange Server 2007 and it is better than ever. There are no definite plans as to what Microsoft has in store for Exchange Server but the next version will certainly be better than ever.

What is the Difference between Exchange 2003 and 2007?

Exchange 2003 and 2007 difference

· 2003 is 32 bit
· Single server base, No roles base
· Outlook Mobile Access (or OMA)
· Active sync
· Up-To-Date Notifications

Exchange 2003 with SP2

· Direct Push
· Global Address List lookup
· Mobile Admin

2007 exchange server Enhanced and Newly added features

· Has Power full command line Power shell for configuration
· Most of configuration is done through power shell
· Fast message retrieval
· Follow-up flags
· Meeting attendee information
· Enhanced Exchange Search
· Windows Share Point and file share document access
· Reset PIN/Password
· Enhanced PPC security
· Autodiscover for over the air (OTA) provisioning
· Out of Office
· Support for HTML messages

Missing/ Removed features in 2007 RTM due to stability Issue but available in SP1

· Information Rights Management (IRM)
· Support for S/MIME

Completely Removed Feature

· Outlook Mobile Access (OMA)

Exchange 2007 has Role base Infrastructure. These are:

Mailbox Role

· Stores Mailboxes and Public folder
. Client Access Client request for mail are fetched by this Role
· Browser-based clients using either the full-featured Outlook Web Access (OWA) or a new OWA Light client
· Mobile devices via Exchange ActiveSync (EAS)
· Phone devices via Outlook by Phone
· POP3 or IMAP4 clients, such as Outlook Express and Eudora

Hub Transport
Responsible for all internal mail flow

Inbound mail are accepted by Edge Transport and passed on to Mailbox server and all outbound mail is relayed from the Hub Transport to the Edge Transport and out to the Internet.

Edge transport

Edge Transport server handles all Internet-facing mail flow, which provides Simple Mail Transfer Protocol (SMTP) relay and smart host services for the Exchange organization.

Unified Messaging

Unified Messaging combines email, voicemail and fax into the Exchange Server databases, and makes this data available to mailbox users via both telephone and computer.

Exchange 2007 System Requirements

PROCESSER

· x64 architecture-based computer with Intel processor that supports Intel 64 architecture
· AMD processor that supports the AMD64 platform
· Intel Itanium IA64 processors not supported
· Intel Pentium or compatible 800-megahertz (MHz) or faster 32-bit processor (for testing and training purposes only; not supported in production)

Memory

· Minimum: 2 gigabytes (GB) of RAM for Single Roles
· 5 GB of RAM. if Roles are installed on single server.
· 8 megabytes (MB) of RAM per mailbox
· Minimum based on number of storage groups

Disk space

· At least 2.5 GB on the drive on which you install Exchange
· An additional 500 MB of available disk space for each Unified Messaging (UM) language pack that you plan to install
· 200 MB of available disk space on the system drive
· In Exchange 2007 RTM, a hard disk drive that stores the message queue database on an Edge Transport server or Hub Transport server with at least 4 GB of free space
· In Exchange 2007 SP1, a hard disk drive that stores the message queue database on an Edge Transport server or Hub Transport server with at least 500 MB of free space
· Disk partitions formatted as NTFS file systems.

Upgrade Tip

· It is not supported to upgrade Exchange 2007 RTM to Exchange 2007 SP1, and then upgrade your operating system to Windows Server 2008.
· Complete Fresh Installation of Ex-2007-SP1 on 2008 is supporte

Read more: http://newadmins.blogspot.com/search/label/Exchange%20Server%202007#ixzz0rlj8jrPI

Exchange Server 2007

0

Posted by Nageswari Vijayakumar | Posted in | Posted on 4:21 AM

Q: What is Exchange Server 2007?

A: Microsoft Exchange Server 2007 is the next version of Microsoft Exchange. Microsoft Exchange is the industry’s leading e-
mail, calendaring, and unified messaging server. The release of Exchange Server 2007 is closely aligned with the 2007
Microsoft Office release. Together, these products deliver a best-in-class enterprise messaging and collaboration solution.
2.0
Q: What’s new in Exchange Server 2007?

A: Exchange 2007 provides built-in protection to keep the e-mail system up and running and protected from outside threats
and lets employees work more productively from wherever they are by using a variety of clients. These clients include
Microsoft Office Outlook 2007, Microsoft Office Outlook Web Access, and mobile devices. Exchange Server 2007 makes it
easier for IT departments to deliver these new capabilities to their organizations by making the messaging environment easier
to manage and more cost-efficient. For more information about Exchange Server 2007, see What's New in the
Exchange 2007 product documentation.
3.0
Q: How does Exchange Server 2007 integrate with Microsoft Office Outlook 2007?

A: Outlook 2007 provides the most complete e-mail, calendaring, contacts, and tasks functionality available in an e-mail client
that is compatible with Exchange. When Outlook 2007 is used with Exchange Server 2007, users benefit from the new
Scheduling Assistant that automates time-consuming meeting and resource scheduling, the ability to plan and customize out-
of-office communications, and managed e-mail folders that facilitate compliance with internal and regulatory policies.
Outlook 2007 and Exchange Server 2007 also combine to enhance security by offering features that are easy to use and let
users confidently send and receive sensitive business communications through e-mail. By enabling the Autodiscover service,
you can reduce the complexity of client configuration and reduce administrative costs that are associated with troubleshooting
connectivity issues for users.
4.0
Q: Where can I find Microsoft Exchange Server 2007 product documentation?

A: You can find Exchange Server 2007 product documentation on the Exchange Server 2007 Technical Library Web site, on the Start menu, or by clicking F1 within the product after it has been installed. You can also access product documentation from the Microsoft Exchange Server TechCenter. You can visit the Exchange Server Community Web site or the
Exchange Team Blog Web site for additional product information, common issues, and troubleshooting assistance.
5.0
Q: What are the Exchange Server 2007 licensing options?

A: Customers can purchase the Exchange Enterprise Client Access License (CAL) or the Exchange Standard CAL. The
Exchange Enterprise CAL is sold as an add-on to the Exchange Standard CAL. Two server editions will continue to be offered:
Exchange Server Enterprise Edition and Exchange Server Standard Edition. You can run either CAL together with either server
edition. For more information about Exchange Server 2007 editions and Client Access Licenses, see Exchange Server 2007
Editions and Client Access Licenses.
6.0
Q: What do I get with the Exchange Enterprise CAL vs. the Exchange Standard CAL?

A: In addition to the improvements and new capabilities that are available with the Exchange Standard CAL, the Exchange
Enterprise CAL includes Unified Messaging, advanced compliance capabilities, and on-premises and hosted antivirus and anti-
spam protection. For more information about Exchange Server 2007 editions and Client Access Licenses, seeExchange
Server 2007 Editions and Client Access Licenses.
7.0
Q: What are the different editions of Exchange Server 2007?

A: Exchange Server 2007 is offered in two server editions: Standard Edition and Enterprise Edition. Exchange Server 2007
Standard Edition is designed to meet the messaging and collaboration needs of small and medium organizations. It may also
be appropriate for specific server roles or branch offices. Exchange Server 2007 Enterprise Edition, designed for large
enterprise organizations, enables the creation of multiple storage groups and databases. For more information about Exchange
Server 2007 editions and Client Access Licenses, see Exchange Server 2007 Editions and Client Access Licenses.
Hardware and Software Requirements
8.0
Q: Will I have to buy new hardware to run Exchange Server 2007?
A: If you are running 64-bit hardware in your current messaging environment, you may not have to buy additional hardware.
However, Exchange 2007 does require hardware and an operating system that are 64-bit. 64-bit hardware provides the system

Virtual Private Network

1

Posted by Nageswari Vijayakumar | Posted in | Posted on 4:13 AM

What is Virtual Private Network (VPN)?

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost.

A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.

Components of VPN
A VPN in servers running Windows Server 2003 is made up of a VPN server, a VPN client, a VPN connection (that portion of the connection in which the data is encrypted), and the tunnel (that portion of the connection in which the data is encapsulated). The tunneling is completed through one of the tunneling protocols included with servers running Windows Server 2003, both of which are installed with Routing and Remote Access. The Routing and Remote Access service is installed automatically during the installation of Windows Server 2003. By default, however, the Routing and Remote Access service is turned off.

The two tunneling protocols included with Windows are:
Point-to-Point Tunneling Protocol (PPTP): Provides data encryption using Microsoft Point-to-Point Encryption.
Layer Two Tunneling Protocol (L2TP): Provides data encryption, authentication, and integrity using IPSec.

Your connection to the Internet must use a dedicated line such as T1, Fractional T1, or Frame Relay. The WAN adapter must be configured with the IP address and subnet mask assigned for your domain or supplied by an Internet service provider (ISP). The WAN adapter must also be configured as the default gateway of the ISP router.

NOTE: To turn on VPN, you must be logged on using an account that has administrative rights.

VPN Installation
To install and turn on a VPN server, follow these steps:

1. Click Start, point to Administrative Tools, and then click Routing and Remote Access.
2. Click the server icon that matches the local server name in the left pane of the console. If the icon has a red circle in the lower-left corner, the Routing and Remote Access service has not been turned on. If the icon has a green arrow pointing up in the lower-left corner, the Routing and Remote Access service has been turned on. If the Routing and Remote Access service was previously turn on, you may want to reconfigure the server. To reconfigure the server:
1. Right-click the server object, and then click Disable Routing and Remote Access. Click Yes to continue when you are prompted with an informational message.
2. Right-click the server icon, and then click Configure and Enable Routing and Remote Access to start the Routing and Remote Access Server Setup Wizard. Click Next to continue.
3. Click Remote access (dial-up or VPN) to turn on remote computers to dial in or connect to this network through the Internet. Click Next to continue.
3. Click to select VPN or Dial-up depending on the role that you intend to assign to this server.
4. In the VPN Connection window, click the network interface which is connected to the Internet, and then click Next.
5. In the IP Address Assignment window, click Automatically if a DHCP server will be used to assign addresses to remote clients, or click From a specified range of addresses if remote clients must only be given an address from a pre-defined pool. In most cases, the DHCP option is simpler to administer. However, if DHCP is not available, you must specify a range of static addresses. Click Next to continue.
6. If you clicked From a specified range of addresses, the Address Range Assignment dialog box opens. Click New. Type the first IP address in the range of addresses that you want to use in the Start IP address box. Type the last IP address in the range in the End IP address box. Windows calculates the number of addresses automatically. Click OK to return to the Address Range Assignment window. ClickNext to continue.
7. Accept the default setting of No, use Routing and Remote Access to authenticate connection requests, and then click Next to continue. Click Finish to turn on the Routing and Remote Access service and to configure the server as a Remote Access server.


The Routing and Remote Access Wizard Component

Like most wizards, the first screen of the Routing and Remote Access wizard is purely informational and you can just click Next.

The second screen in this wizard is a lot meatier and asks you to decide what kind of remote access connection you want to provide. Since the goal here is to set up a PPTP-based VPN, select the "Virtual Private Network VPN and NAT" selection and click Next.

Select the VPN option and click Next

The next screen of the wizard, entitled VPN Connection, asks you to determine which network adapter is used to connect the system to the Internet. For VPN servers, you should install and use a separate network adapter for VPN applications. Network adapters are really cheap and separation makes the connections easier to secure. In this example, I've selected the second local area network connection , a separate NIC from the one that connects this server to the network. Notice the checkbox labeled "Enable security on the selected interface by setting up Basic Firewall" underneath the list of network interfaces. It's a good idea to enable since option it helps to protect your server from outside attack. A hardware firewall is still a good idea, too.


Select the network adapter that connects your server to the Internet

With the selection of the Internet-connected NIC out of the way, you need to tell the RRAS wizard which network external clients should connect to in order to access resources. Notice that the adapter selected for Internet access is not an option here.

Select the network containing resources needed by external clients

Just like every other client out there, your external VPN clients will need IP addresses that are local to the VPN server so that the clients can access the appropriate resources. You have two options (really three รข€" I'll explain in a minute) for handling the doling out of IP addresses.

First, you can leave the work up to your DHCP server and make the right configuration changes on your network equipment for DHCP packets to get from your DHCP server to your clients. Second, you can have your VPN server handle the distribution of IP addresses for any clients that connect to the server. To make this option work, you give your VPN server a range of available IP addresses that it can use. This is the method I prefer since I can tell at a glance exactly from where a client is connecting. If they're in the VPN "pool" of addresses, I know they're remote, for example. So, for this setting, as shown in below, I prefer to use the "From a specified range of addresses" option. Make your selection and click Next.

Your choice on this one! I prefer to provide a range of addresses

If you select the "From a specified range of addresses" option on the previous screen, you now have to tell the RRAS wizard exactly which addresses should be reserved for distribution to VPN clients. To do this, click the New button on the Address Range Assignment screen. Type in the starting and ending IP addresses for the new range and click OK. The "Number of addresses" field will be filled in automatically based on your entry. You can also just enter the starting IP address and the number if IP addresses you want in the pool. If you do so, the wizard automatically calculates the ending IP address. Click OK in the New Address Range window; your entry appears in the Address Range Assignment window. Click Next to continue.

You can have multiple address ranges, as long as they are all accessible

The next screen asks you to identify the network that has shared access to the Internet. This is generally the same network that your VPN users will use to access shared resources.


Pick the network adapter that gives you access to the Internet

Authenticating users to your network is vital to the security of your VPN infrastructure. The Windows VPN service provides two means for handling this chore. First, you can use RADIUS, which is particularly useful if you have other services already using RADIUS. Or, you can just let the RRAS service handle the authentication duties itself. Give users access to the VPN services by enabling dial-in permissions in the user's profile (explained below). For this example, I will not be using RADIUS, but will allow RRAS to directly authenticate incoming connection requests.


Decide what means of authentication you want to provide

That's it for the RRAS wizard! You're provided with a summary screen that details the selections you made.

The RRAS wizard summary window

This also completes the installation of the Remote Access/VPN Server role.
User Configuration

By default, users are not granted access to the services offered by the VPN; you need to grant these rights to each user that you want to allow remote access to your network. To do this, open Active Directory Users and Computers (for domains) or Computer Management (for stand alone networks), and open the properties page for a user to whom you'd like to grant access to the VPN. Select that user's Dial-In properties page. On this page, under Remote Access Permissions, select "Allow access". Note that there are a lot of different ways to "dial in to" a Windows Server 2003 system; a VPN is but one method. Other methods include wireless networks, 802.1x, and dial-up. This article assumes that you're not using the Windows features for these other types of networks. If you are, and you specify "Allow access", a user will be able to use multiple methods to gain access to your system. I can't go over all of the various permutations in a single article, however.

Allow the user access to the VPN
Up and Running

These are the steps needed on the server to get a VPN up and running.

How to Configure a VPN Connection from a Client Computer

1. On the client computer, confirm that the connection to the Internet is correctly configured.
2. Click Start, click Control Panel, and then click Network Connections. Click Create a new connection under Network Tasks, and then click Next.
3. Click Connect to the network at my workplace to create the dial-up connection. Click Next to continue.
4. Click Virtual Private Network connection, and then click Next.
5. Type a descriptive name for this connection in the Company name dialog box, and then click Next.
6. Click Do not dial the initial connection if the computer is permanently connected to the Internet. If the computer connects to the Internet through an Internet Service Provider (ISP), click Automatically dial this initial connection, and then click the name of the connection to the ISP. Click Next.
7. Type the IP address or the host name of the VPN server computer (for example, VPNServer.SampleDomain.com).
8. Click Anyone's use if you want to permit any user who logs on to the workstation to have access to this dial-up connection. Click My use only if you want this connection to be available only to the currently logged-on user. Click Next.
9. Click Finish to save the connection.
10. Click Start, click Control Panel, and then click Network Connections.
11. Double-click the new connection.
12. Click Properties to continue to configure options for the connection. To continue to configure options for the connection, follow these steps:
* If you are connecting to a domain, click the Options tab, and then click to select the Include Windows logon domain check box to specify whether to request Windows Server 2003 logon domain information before trying to connect.
* If you want the connection to be redialed if the line is dropped, click theOptions tab, and then click to select the Redial if line is dropped check box.

To use the connection, follow these steps:

1. Click Start, point to Connect to, and then click the new connection.
2. If you do not currently have a connection to the Internet, Windows offers to connect to the Internet.
3. When the connection to the Internet is made, the VPN server prompts you for your user name and password. Type your user name and password, and then clickConnect.
Your network resources must be available to you in the same way they are when you connect directly to the network.NOTE: To disconnect from the VPN, right-click the connection icon, and then click Disconnect.

Troubleshooting
Troubleshooting Remote Access VPNs
Cannot Establish a Remote Access VPN Connection

* Cause: The name of the client computer is the same as the name of another computer on the network.

Solution: Verify that the names of all computers on the network and computers connecting to the network are using unique computer names.


* Cause: The Routing and Remote Access service is not started on the VPN server.

Solution: Verify the state of the Routing and Remote Access service on the VPN server.


* Cause: Remote access is not turned on on the VPN server.

Solution: Turn on remote access on the VPN server.


* Cause: PPTP or L2TP ports are not turned on for inbound remote access requests.

Solution: Turn on PPTP or L2TP ports, or both, for inbound remote access requests.


* Cause: The LAN protocols used by the VPN clients are not turned on for remote access on the VPN server.

Solution: Turn on the LAN protocols used by the VPN clients for remote access on the VPN server.


* Cause: All of the PPTP or L2TP ports on the VPN server are already being used by currently connected remote access clients or demand-dial routers.

Solution: Verify that all of the PPTP or L2TP ports on the VPN server are already being used. To do so, click Ports in Routing and Remote Access. If the number of PPTP or L2TP ports permitted is not high enough, change the number of PPTP or L2TP ports to permit more concurrent connections.


.

* Cause: The VPN server does not support the tunneling protocol of the VPN client.

By default, Windows Server 2003 remote access VPN clients use the Automaticserver type option, which means that they try to establish an L2TP over IPSec-based VPN connection first, and then they try to establish a PPTP-based VPN connection. If VPN clients use either the Point-to-Point Tunneling Protocol (PPTP) or Layer-2 Tunneling Protocol (L2TP) server type option, verify that the selected tunneling protocol is supported by the VPN server.

By default, a computer running Windows Server 2003 Server and the Routing and Remote Access service is a PPTP and L2TP server with five L2TP ports and five PPTP ports. To create a PPTP-only server, set the number of L2TP ports to zero. To create an L2TP-only server, set the number of PPTP ports to zero.

Solution: Verify that the appropriate number of PPTP or L2TP ports is configured.



* Cause: The VPN client and the VPN server in conjunction with a remote access policy are not configured to use at least one common authentication method.

Solution: Configure the VPN client and the VPN server in conjunction with a remote access policy to use at least one common authentication method.



* Cause: The VPN client and the VPN server in conjunction with a remote access policy are not configured to use at least one common encryption method.

Solution: Configure the VPN client and the VPN server in conjunction with a remote access policy to use at least one common encryption method.



* Cause: The VPN connection does not have the appropriate permissions through dial-in properties of the user account and remote access policies.

Solution: Verify that the VPN connection has the appropriate permissions through dial-in properties of the user account and remote access policies. For the connection to be established, the settings of the connection attempt must:
o Match all of the conditions of at least one remote access policy.
o Be granted remote access permission through the user account (set to Allow access) or through the user account (set to Control access through Remote Access Policy) and the remote access permission of the matching remote access policy (set to Grant remote access permission).
o Match all the settings of the profile.
o Match all the settings of the dial-in properties of the user account.
See the Windows Server 2003 Help and Support Center for an introduction to remote access policies, and for more information about how to accept a connection attempt. Click Start to access the Windows Server 2003 Help and Support Center.


* Cause: The settings of the remote access policy profile are in conflict with properties of the VPN server.

The properties of the remote access policy profile and the properties of the VPN server both contain settings for:
o Multilink.
o Bandwidth allocation protocol (BAP).
o Authentication protocols.
If the settings of the profile of the matching remote access policy are in conflict with the settings of the VPN server, the connection attempt is rejected. For example, if the matching remote access policy profile specifies that the Extensible Authentication Protocol - Transport Level Security (EAP-TLS) authentication protocol must be used and EAP is not enabled on the VPN server, the connection attempt is rejected.

Solution: Verify that the settings of the remote access policy profile are not in conflict with properties of the VPN server.

See the Windows Server 2003 Help and Support Center for more information about additional information about multilink, BAP and authentication protocols. Click Start to access the Windows Server 2003 Help and Support Center.


* Cause: The answering router cannot validate the credentials of the calling router (user name, password, and domain name).

Solution: Verify that the credentials of the VPN client (user name, password, and domain name) are correct and can be validated by the VPN server.


* Cause: There are not enough addresses in the static IP address pool.

Solution: If the VPN server is configured with a static IP address pool, verify that there are enough addresses in the pool. If all of the addresses in the static pool have been allocated to connected VPN clients, the VPN server cannot allocate an IP address, and the connection attempt is rejected. If all of the addresses in the static pool have been allocated, modify the pool. See the Windows Server 2003 Help and Support Center for more information about TCP/IP and remote access, and how to create a static IP address pool.


* Cause: The VPN client is configured to request its own IPX node number and the VPN server is not configured to permit IPX clients to request their own IPX node number.

Solution: Configure the VPN server to permit IPX clients to request their own IPX node number.


* Cause: The VPN server is configured with a range of IPX network numbers that are being used elsewhere on your IPX network.

Solution: Configure the VPN server with a range of IPX network numbers that is unique to your IPX network.


* Cause: The authentication provider of the VPN server is improperly configured.

Solution: Verify the configuration of the authentication provider. You can configure the VPN server to use either Windows Server 2003 or Remote Authentication Dial-In User Service (RADIUS) to authenticate the credentials of the VPN client.


* Cause: The VPN server cannot access Active Directory.

Solution: For a VPN server that is a member server in a mixed-mode or native-mode Windows Server 2003 domain that is configured for Windows Server 2003 authentication, verify that:
o The RAS and IAS Servers security group exists. If not, create the group and set the group type to Security and the group scope to Domain local.
o The RAS and IAS Servers security group has Read permission to the RAS and IAS Servers Access Check object.
o The computer account of the VPN server computer is a member of the RAS and IAS Servers security group. You can use the netsh ras show registeredserver command to view the current registration. You can use thenetsh ras add registeredserver command to register the server in a specified domain.

If you add (or remove) the VPN server computer to the RAS and IAS Serverssecurity group, the change does not take effect immediately (because of the way that Windows Server 2003 caches Active Directory information). To immediately effect this change, restart the VPN server computer.
o The VPN server is a member of the domain.

* Cause: A Windows NT 4.0-based VPN server cannot validate connection requests.

Solution: If VPN clients are dialing in to a VPN server running Windows NT 4.0 that is a member of a Windows Server 2003 mixed-mode domain, verify that the Everyone group is added to the Pre-Windows 2000 Compatible Access group with the following command:
"net localgroup "Pre-Windows 2000 Compatible Access""
If not, type the following command at a command prompt on a domain controller computer, and then restart the domain controller computer:
net localgroup "Pre-Windows 2000 Compatible Access" everyone /add

* Cause: The VPN server cannot communicate with the configured RADIUS server.

Solution: If you can reach your RADIUS server only through your Internet interface, do one of the following:
o Add an input filter and an output filter to the Internet interface for UDP port 1812 (based on RFC 2138, "Remote Authentication Dial-In User Service (RADIUS)"). –or-
o Add an input filter and an output filter to the Internet interface for UDP port 1645 (for older RADIUS servers), for RADIUS authentication and UDP port 1813 (based on RFC 2139, "RADIUS Accounting"). -or-

o -or- Add an input filter and an output filter to the Internet interface for UDP port 1646 (for older RADIUS servers) for RADIUS accounting.

* Cause: Cannot connect to the VPN server over the Internet using the Ping.exe utility.

Solution: Because of the PPTP and L2TP over IPSec packet filtering that is configured on the Internet interface of the VPN server, Internet Control Message Protocol (ICMP) packets used by the ping command are filtered out. To turn on the VPN server to respond to ICMP (ping) packets, add an input filter and an output filter that permit traffic for IP protocol 1 (ICMP traffic).

Cannot Send and Receive Data

* Cause: The appropriate demand-dial interface has not been added to the protocol being routed.

Solution: Add the appropriate demand-dial interface to the protocol being routed.

* Cause: There are no routes on both sides of the router-to-router VPN connection that support the two-way exchange of traffic.

Solution: Unlike a remote access VPN connection, a router-to-router VPN connection does not automatically create a default route. Create routes on both sides of the router-to-router VPN connection so that traffic can be routed to and from the other side of the router-to-router VPN connection.

You can manually add static routes to the routing table, or you can add static routes through routing protocols. For persistent VPN connections, you can turn on Open Shortest Path First (OSPF) or Routing Information Protocol (RIP) across the VPN connection. For on-demand VPN connections, you can automatically update routes through an auto-static RIP update. See Windows Server 2003 online Help for more information about how to add an IP routing protocol, how to add a static route, and how to perform auto-static updates.

* Cause: A two-way initiated, the answering router as a remote access connection is interpreting router-to-router VPN connection.
*

Solution: If the user name in the credentials of the calling router appears under Dial-In Clients in Routing and Remote Access, the answering router may interpret the calling router as a remote access client. Verify that the user name in the credentials of the calling router matches the name of a demand-dial interface on the answering router. If the incoming caller is a router, the port on which the call was received shows a status of Active and the corresponding demand-dial interface is in a Connectedstate.

* Cause: Packet filters on the demand-dial interfaces of the calling router and answering router are preventing the flow of traffic.

Solution: Verify that there are no packet filters on the demand-dial interfaces of the calling router and answering router that prevent the sending or receiving of traffic. You can configure each demand-dial interface with IP and IPX input and output filters to control the exact nature of TCP/IP and IPX traffic that is permitted into and out of the demand-dial interface.

* Cause: Packet filters on the remote access policy profile are preventing the flow of IP traffic.

Solution: Verify that there are no configured TCP/IP packet filters on the profile properties of the remote access policies on the VPN server (or the RADIUS server if Internet Authentication Service is used) that are preventing the sending or receiving of TCP/IP traffic. You can use remote access policies to configure TCP/IP input and output packet filters that control the exact nature of TCP/IP traffic permitted on the VPN connection. Verify that the profile TCP/IP packet filters are not preventing the flow of traffic.


Read more: http://newadmins.blogspot.com/search/label/VPN#ixzz0rlh3moN1

How to Attend the interview

0

Posted by Nageswari Vijayakumar | Posted in | Posted on 11:42 PM

Dont's :

1. If you are not aware of the answer for an question - Tell the panel that i dint had an Opportunity instead of telling i dont know.

2. If you know something partialy , tell that you have not implemented,if i had a chance i would do it. Dont tell him that i know few things..

3. Dont over show off that you know nook & corner which will lead the panel to think negatively.

Do's:

1. Give an Firm Handshake.

2. Keep in good Eye - Contact

3. Introduce yourself in a different manner. Start with previous job roles & responsibilities while introducing.

4. If the interviewer asks you do you have any questiosn for me?
YOu need to ask you regarding the scope of the project, what would be my role in the project.

Is this an new project or an exsisting project.

Which COuntry do we support.
It worked out for me well.

Hope the same for you!!!
All the best

Viewers suggestions are welcome.

What is What

0

Posted by Nageswari Vijayakumar | Posted in | Posted on 2:20 AM

HI Viewers,

If you have any questions which needs an answer , YOU are most welcome Post an Question?

I will post the answers As soon as possible.

Happy Reading

IMPORTANT WINDOWS SERVER INTERVIEW QUESTIONS

0

Posted by Nageswari Vijayakumar | Posted in | Posted on 2:17 AM

1. What are the ways to configure DNS & Zones?
2. What are the types of backup? Explain each?
3. What are Levels of RAID 0, 1, 5? Which one is better & why?
4. What are FMSO Roles? List them.
5. Describe the lease process of the DHCP server.
6. Disaster Recovery Plan?
7. What is scope & super scope?
8. Differences between Win 2000 Server & Advanced Server?
9. Logical Diagram of Active Directory? What is the difference between child domain & additional domain server?
10. FTP, NNTP, SMTP, KERBEROS, DNS, DHCP, POP3 port numbers?
11. What is Kerberos? Which version is currently used by Windows? How does Kerberos work?



1. GAL, Routing Group, Stm files, Eseutil & ininteg - what are they used for?
2. What is MIME & MAPI?
3. List the services of Exchange Server 2000?
4. How would you recover Exchange server when the log file is corrupted



1. Group Policies - how to apply and order in which they apply.
2. Global catalog servers - how many is a specific two plus site implementation
3. Describe different zones and a scenario in which you would use them
4. What is the system state?
5. What is a Global Catalog server?
6. What is an OU?
7. What Ms tools (standard) are used to troubleshoot AD issues?
What tools from the Support kit and resource kit can aid troubleshooting?
What the standard mistakes made when setting up Ms products?
8. What do you have to do to secure a Exchange server from being a relay?
9. When a full backup runs what does it do to the log files?
10. What the basic steps to recovering a Lost Exchange/DC server?
11. How do you build redudancy in to DNS?
12. How can you secure AD DNS?

Windows Cluster FAQ's

1

Posted by Nageswari Vijayakumar | Posted in | Posted on 1:54 AM

Frequently asked questions
• Q. If a cluster passes all tests in the cluster validation wizard, is it supported?

A. If all hardware and software components in the cluster meet the qualifications for the "Certified for Windows Server 2008" or “Certified for Windows Server 2008 R2” logo, and the cluster passes the validation tests, then it is considered to be supported by Microsoft CSS for failover clustering.
• Q. Will failover cluster solutions be listed in the Windows Catalog?

A. No, Microsoft will not maintain a list of vendor solutions for failover clusters. However, many vendors list recommended failover cluster solutions and components on their Web sites.
• Q. Does this new support policy also apply to Windows Server 2003?

A. No, this is for Windows Server 2008 and Windows Server 2008 R2 only. The current support policies for previous versions of Windows will continue as they exist today.
• Q. How does Microsoft CSS check if the solution has been validated?

A. The cluster validation wizard generates a simple HTML report that clearly displays whether a solution has passed all tests. This report will be collected as part of the standard diagnostics utility, MSDT.
• Q. What if I make a change to the cluster configuration, like add a node? Does the validation wizard have to be run again?

A. Yes, the cluster validation wizard should be run any time a change is made to an existing failover cluster, as defined by Understanding the validation tests required for your scenario earlier in this document.

Cluster Verification tolls & wizards

0

Posted by Nageswari Vijayakumar | Posted in | Posted on 1:51 AM

What is cluster validation?
With the cluster validation wizard, you can run a set of focused tests on a collection of servers that are planned for use as cluster nodes. The cluster validation process tests the underlying hardware and software directly, and individually, to obtain an accurate assessment of how well failover clustering can be supported on a given configuration.
Important
Before you create a failover cluster, we strongly recommend that you run all tests in the cluster validation wizard.

Cluster validation is intended to catch hardware or configuration problems before the cluster goes into production. Cluster validation helps to ensure that the solution you are about to deploy is truly dependable. Cluster validation can also be performed on configured failover clusters as a diagnostic tool.
Considerations for performing cluster validation on an existing cluster
When you perform cluster validation on an already configured cluster, you might not always run all tests. If you include storage tests in the set of tests you run, there are different considerations to keep in mind than if you do not include storage tests. This section outlines the main considerations:
• Considerations when including storage tests: When cluster validation is performed on an already configured cluster, if the default tests (which include storage tests) are selected, only disk resources that are in an Offline state or are not assigned to a clustered service or application will be used for testing the storage. This builds in a safety mechanism, and the cluster validation wizard warns you when storage tests have been selected but will not run on storage in an Online state, that is, storage used by clustered services or applications. This is by design to avoid disruption to highly available services or applications that depend upon these disk resources being online.

One scenario where Microsoft CSS may request you to run the validation on production clusters is when there is a cluster storage failure that could be caused by some underlying storage configuration change or failure. By default, the wizard warns you if storage tests have been selected but will not be run on storage that is online, that is, storage used by clustered services or applications. In this situation, you can perform a valid test by creating or choosing a new logical unit number (LUN) from the same shared storage device and presenting it to all nodes. By testing this LUN, you can avoid disruption to clustered services and applications already online within the cluster and still test the underlying storage subsystem.

If a failover cluster passed the full set of validation tests and has no future hardware or software changes, then it will continue to be a supported configuration. However, when you perform routine updates to software components such as drivers and firmware, it may be necessary to re-run the validation wizard to ensure that the current configuration of the failover cluster is supported. The following guidelines can help in this process:
• All components of the storage stack must be identical across all nodes in the cluster. These components consist of the HBA and HBA drivers and firmware, multi-path I/O software, and Device Specific Module (DSM) components.
• To minimize impact to highly available applications and services, a best practice is to keep a small LUN available to allow the validation wizard to run tests on available storage without negatively impacting clustered services and applications. This way, if Microsoft CSS requests you to run a full set of cluster validation tests, the wizard will follow the default behavior and run tests on the available storage (the new LUN only).
• Considerations when not including storage tests: System configuration tests, inventory tests, and network tests have very low overhead, and can be performed without significant effect on servers in a cluster.

Microsoft CSS may request you to run the cluster validation on a production cluster as part of normal troubleshooting procedures (not focused on storage). In this scenario, you will use the wizard to inventory hardware and software, perform network testing, and validate system configuration. There may be certain scenarios in which only a subset of the full tests are needed. For example, if troubleshooting a problem with networking on a production cluster, Microsoft CSS may request that you run only the hardware and software inventory and the network tests.
How to provide a validation report when obtaining support from Microsoft
Microsoft will help you collect the validation report through the Microsoft Support Diagnostic Tool (MSDT), which is the replacement for the MPSReports data collection utility. Microsoft CSS will send the MSDT via e-mail with instructions on how to capture the data. In some situations, Microsoft CSS may request that the contents of the C:\Windows\Cluster\Reports folder be zipped and sent in for analysis. Either method will collect the required cluster validation report.
How to run the cluster validation wizard for a failover cluster
To validate a new or existing failover cluster
1. Identify the server or servers that you want to test and confirm that the failover cluster feature is installed:
• If the cluster does not yet exist, choose the servers that you want to include in the cluster, and make sure you have installed the failover cluster feature on those servers. To install the feature, on a server running Windows Server 2008 or Windows Server 2008 R2, click Start, click Administrative Tools, click Server Manager, and under Features Summary, click Add Features. Use the Add Features wizard to add the Failover Clustering feature.
• If the cluster already exists, make sure that you know the name of the cluster or a node in the cluster.
2. Review network or storage hardware that you want to validate, to confirm that it is connected to the servers. For more information, see http://go.microsoft.com/fwlink/?LinkId=111555.
3. Decide whether you want to run all or only some of the available validation tests. For detailed information about the tests, see the topics listed in http://go.microsoft.com/fwlink/?LinkId=111554.
The following guidelines can help you decide whether to run all tests:
• For a planned cluster with all hardware connected: Run all tests.
• For a planned cluster with parts of the hardware connected: Run System Configuration tests, Inventory tests, and tests that apply to the hardware that is connected (that is, Network tests if the network is connected or Storage tests if the storage is connected).
• For a cluster to which you plan to add a server: Run all tests. Before you run them, be sure to connect the networks and storage for all servers that you plan to have in the cluster.
• For troubleshooting an existing cluster: If you are troubleshooting an existing cluster, you might run all tests, although you could run only the tests that relate to the apparent issue.
Important
If a clustered service or application is using a disk when you start the wizard, the wizard will prompt you about whether to take that clustered service or application offline for the purposes of testing. If you choose to take a clustered service or application offline, it will remain offline until the tests finish.
4. In the failover cluster snap-in, in the console tree, make sure Failover Cluster Management is selected and then, under Management, click Validate a Configuration.

5. Follow the instructions in the wizard to specify the servers and the tests, and run the tests.
Note that when you run the cluster validation wizard on unclustered servers, you must enter the names of all the servers you want to test, not just one.
The Summary page appears after the tests run.
6. While still on the Summary page, click View Report to view the test results.
To view the results of the tests after you close the wizard, see SystemRoot\Cluster\Reports\Validation Report date and time.html where SystemRoot is the folder in which the operating system is installed (for example, C:\Windows).
7. To view Help topics that will help you interpret the results, click More about cluster validation tests.
To view Help topics about cluster validation after you close the wizard, in the failover cluster snap-in, click Help, click Help Topics, click the Contents tab, expand the contents for the failover cluster Help, and click Validating a Failover Cluster Configuration.
Understanding validation results
After the validation wizard has completed, the Summary Report will display the results. All tests must pass with either a green check mark or in some cases a yellow triangle (warning). The following table shows the symbols in the summary and tells what they mean:

Symbol Meaning
The corresponding validation test passed, indicating that this aspect of the cluster can be supported.
The corresponding validation test produced a warning, indicating that this aspect of the cluster can be supported, but it might not meet the recommended best practices and should be reviewed. Microsoft CSS might ask you to investigate or address the problem if it appears to be directly linked to the issue that you are troubleshooting.
The corresponding validation test failed, and this aspect of the cluster is not supported. You must correct the problem before you can create a failover cluster that is supported.
The corresponding validation test was canceled. This can occur when the test depended on another test that did not complete successfully.
When looking for problem areas (red Xs or yellow question marks), in the part of the report that summarizes the test results, click an individual test to review the details. Also review the summary statement for information about whether or not the cluster is a supported configuration.
After you take action to correct the problem, you can rerun the wizard as needed to confirm that the configuration passes the tests.
What to do if validation tests fail
In most cases, if any tests in the cluster validation wizard fail, then Microsoft does not consider the solution to be supported. There are exceptions to this rule, such as the case with multi-site (geographically dispersed) clusters where there is no shared storage. In this scenario the expected result of the validation wizard is that the storage tests will fail. This is still a supported solution if the remainder of the tests complete successfully.
The type of test that fails is a guideline to the corrective action to take. For example, if the storage test "List all disks" fails, and subsequent storage tests do not run (because these would also fail), contact the storage vendor to troubleshoot. Similarly, if a network test related to IP addresses fails, consult with your network infrastructure team. Not all warnings or errors indicate a need to call Microsoft CSS. Most of the warnings or errors should result in working with internal teams or with a specific hardware vendor.
For information about correcting failures listed in a validation report, see the previous section, Understanding validation results.
After the issues have been addressed and resolved, it is necessary to re-run the cluster validation wizard. It is required in order to be a supported configuration that all tests are run and completed successfully without failures.
Multi-site or geographically dispersed clusters
Failover cluster solutions that do not have a common shared disk and instead leverage data replication between nodes might not pass the cluster validation "storage" tests. This is a common configuration in cluster solutions where nodes are stretched across geographic regions. If a cluster solution does not require external storage to fail over from one node to another, it does not need to pass the "storage" tests to be a fully supported solution.
For more information on multi-site or geographically dispersed clusters, see the following whitepaper (http://go.microsoft.com/fwlink/?LinkId=112125).
Logos for Windows Server 2008 and Windows Server 2008 R2
Designed for line-of-business and mission-critical applications, the "Certified for Windows Server 2008" and "Certified for Windows Server 2008 R2" logos indicate that the application or hardware has been independently tested to meet the highest bar for stability, security, reliability, availability, Windows operating system fundamentals, and platform compatibility.
Hardware components that can run Windows Server 2008, Windows Server 2008 R2, or both, are eligible to receive the corresponding logo or logos. A logo covers each of the individual server hardware components such as the host bus adapter (HBA) or network adapter, and each associated driver or firmware revision is eligible for the appropriate logo. Components such as routers, hubs, or switches are not eligible to receive a logo.
Specific validation scenarios
The following lists describe scenarios in which validation is needed or useful.
• Validation before the cluster is configured
• A set of servers ready to become a failover cluster: This is the most straightforward validation scenario. The hardware components (systems, networks, and storage) are connected, but the systems are not functioning as a cluster. Running tests in this situation has no impact on availability.
• Cloned or imaged systems: With systems that you have cloned or imaged to different hardware, you must run the cluster validation wizard as you would with any other new cluster. We recommend that you run the wizard just after you connect the hardware components and install the failover cluster feature, before the cluster begins being used by clients.
• Virtualized servers: With virtualized servers in a cluster, run the cluster validation wizard as you would with any other new cluster. The requirement for running the wizard is the same regardless of whether you have a "host cluster" (where failover will occur between two physical computers), a "guest cluster" (where failover will occur between guest operating systems all on the same physical computer), or some other configuration that includes one or more virtualized servers.
• Validation when the cluster has only one node: You might want to run a limited number of validation tests on a single server that you intend to use in a cluster. Some tests cannot be run in this situation: tests that confirm that the software and software updates match between servers, and storage tests that simulate failover between nodes. When you bring one or more servers into the configuration, you must run the cluster validation wizard again so that all tests can complete. In other words, you must have at least two nodes in a cluster before you can complete the cluster validation process.
• Validation after the cluster is configured and in use
• For confirmation that the cluster is supported, or to rule out configuration problems: If you need support and it is necessary to rule out configuration problems with hardware, drivers, and basic system configuration, Microsoft CSS might require you to provide the report from the cluster validation wizard. If you have not already run the wizard and saved the report, you might need to take the cluster offline to run the wizard. The report shows whether your configuration is supported and can help with troubleshooting the issues on the cluster.
• Before adding a node: When you add a server to a cluster, we strongly recommend that you start by connecting the server to the cluster networks and storage and then run the cluster validation wizard, specifying both the existing cluster nodes and the new node. With some advance planning, running validation before adding a server can have relatively little impact on cluster availability. The network tests and system inventory tests have little or no impact on availability. For the storage tests, if you make a small, unused LUN available (as described earlier in this document in What is cluster validation?), the impact on availability is also small.
• When attaching new storage: When you attach new storage to the cluster (different from exposing a new LUN in existing storage), you must run the cluster validation wizard to confirm that the new storage will function correctly. To minimize the impacts to availability, we recommend that you run the wizard after attaching the storage but before beginning to use any of the new LUNs in clustered services or applications.
• When making changes that affect firmware or drivers: If you want to upgrade or make other changes to the cluster that would require changing the firmware or drivers, you must run the cluster validation wizard to confirm that the new combination of hardware, firmware, drivers, and software supports failover cluster functionality. If the change affects firmware or drivers for the storage, we recommend that you keep a small LUN available (unused by clustered services and applications) so that you can run the storage validation tests without taking your services and applications offline.
• After restoring a system from backup: After you restore a system from backup, run the cluster validation wizard to confirm that the system can function correctly as part of a cluster. The system is not considered a supported system until the validation tests are run.
Understanding the validation tests required for your scenario
You do not always need to run all tests in the cluster validation wizard when making a change to your cluster. This section lists the kinds of changes you might make to a cluster and the corresponding tests to run.
Important
To begin the process of adding hardware (such as an additional server) to a failover cluster, connect the hardware to the failover cluster. Then run the cluster validation wizard, specifying all servers that you want to include in the cluster. The wizard tests cluster connectivity and failover, not just isolated components (such as individual servers).
Categories of validation tests
• Full: The complete set of tests. This requires some cluster downtime.
• Single LUN: The complete set of tests, where you run the storage tests on only one LUN. The LUN might be a small LUN that you set aside for testing purposes, or the witness disk (if your cluster uses a witness disk). This validates the storage subsystem, but not specifically each individual LUN or disk. You can run these validation tests without causing downtime to your clustered services or applications.
• Omit storage tests: The system configuration, inventory, and network tests, but not the storage tests. You can run these validation tests without causing downtime to your clustered services or applications.
• None: No validation tests are needed.

Cluster Concepts

1

Posted by Nageswari Vijayakumar | Posted in | Posted on 1:46 AM

When the physical disks are not powering up or spinning, Cluster service cannot initialize any quorum resources.
Cause: Cables are not correctly connected, or the physical disks are not configured to spin when they receive power.
Solution: After checking that the cables are correctly connected, check that the physical disks are configured to spin when they receive power.
The Cluster service fails to start and generates an Event ID 1034 in the Event log after you replace a failed hard disk, or change drives for the quorum resource.
Cause: If a hard disk is replaced, or the bus is reenumerated, the Cluster service may not find the expected disk signatures, and consequently may fail to mount the disk.
Solution: Write down the expected signature from the Description section of the Event ID 1034 error message. Then follow these steps:
1. Backup the server cluster.
2. Set the Cluster service to start manually on all nodes, and then turn off all but one node.
3. If necessary, partition the new disk and assign a drive letter.
4. Use the confdisk.exe tool (available in the Microsoft Windows Server 2003 Resource Kit) to write that signature to the disk.
5. Start the Cluster service and bring the disk online
6. If necessary, restore the cluster configuration information.
7. Turn on each node, one at a time.
For information on replacing disks in a server cluster, see Knowledge Base article Q305793, "How to Replace a Disk with Windows 2000 or Windows Server 2003 family Clusters" in the Microsoft Knowledge Base.
Drive on the shared storage bus is not recognized.
Cause: Scanning for storage devices is not disabled on each controller on the shared storage bus.
Solution: Verify that scanning for storage devices is disabled on each controller on the shared storage bus.
Many times, the second computer you turn on does not recognize the shared storage bus during the BIOS scan if the first computer is running. This situation can manifest itself in a "Device not ready" error being generated by the controller or in substantial delays during startup.
To correct this, disable the option to scan for devices on the shared controller.
Note
• This symptom can manifest itself as one of several errors, depending on the attached controller. It is normally accompanied with a one- to two-minute start delay and an error indicating the failure of some device.
Configuration cannot be accessed through Disk Management.
Under normal cluster operations, the node that owns a quorum resource locks the drive storing the quorum resource, preventing the other nodes from using the device. If you find that the cluster node that owns a quorum resource cannot access configuration information through Disk Management, the source of the problem and the solution might be one of the following:
Cause: A device does not have physical connectivity and power.
Solution: Reseat controller cards, reseat cables, and make sure the drive spins up when you start.
Cause: You attached the cluster storage device to all nodes and started all the nodes before installing the Cluster service on any node.
Solution: After you attach all servers to the cluster drives, you must install the Cluster service on one node before starting all the nodes. Attaching the drive to all the nodes before you have the cluster installed can corrupt the file system on the disk resources on the shared storage bus.
SCSI or fiber channel storage devices do not respond.
Cause: The SCSI bus is not properly terminated.
Solution: Make sure that the SCSI bus is not terminated early and that the SCSI bus is terminated at both ends.
Cause: The SCSI or fiber channel cable is longer than the specification allows.
Solution: Make sure that the SCSI or fiber channel cable is not longer than the cable specification allows.
Cause: The SCSI or fiber channel cable is damaged.
Solution: Make sure that the SCSI or fiber channel cable is not damaged. (For example, check for bent pins and loose connectors on the cable and replace it if necessary.)
Disk groups do not move or stay online pending after move.
Cause: Cables are damaged or not properly installed.
Solution: Check for bent pins on cables and make sure that all cables are firmly anchored to the chassis of the server and drive cabinet.
Disks do not come online or Cluster service does not start when a node is turned off.
Cause: If the quorum log is corrupted, the Cluster service cannot start.
Solution: If you suspect the quorum resource is corrupted, see the information on the problem "Quorum log becomes corrupted" in Node-to-node connectivity problems.
Drives do not fail over or come online.
Cause: The drive is not on a shared storage bus.
Solution: If drives on the shared storage bus do not fail over or come online, make sure the disk is on a shared storage bus, not on a nonsystem bus.
Cause: If you have more than one local storage bus, some drives in Shared cluster disks will not be on a shared storage bus.
Solution: If you do not remove these drives from Shared cluster disks, the drives do not fail over, even though you can configure them as resources.
Shared cluster disks is in the Cluster Application Wizard.
Mounted drives disappear, do not fail over, or do not come online.
Cause: The clustered mounted drive was not configured correctly.
Solution: Look at the Cluster service errors in the Event Log (ClusSvc under the Source column). You need to recreate or reconfigure the clustered mounted drive if the description of any Cluster service error is similar to the following:
Cluster disk resource "disk resource": Mount point "mount drive" for target volume "target volume" is not acceptable for a clustered disk because reason. This mount point will not be maintained by the disk resource.
When recreating or reconfiguring the mounted drive(s), follow these guidelines:
• Make sure that you create unique mounted drives so that they do not conflict with existing local drives on any node in the cluster.
• Do not create mounted drives between disks on the cluster storage device (cluster disks) and local disks.
• Do not create a mounted drive from a clustered disk to the cluster disk that contains the quorum resource (the quorum disk). You can, however, create a mounted drive from the quorum disk to a clustered disk.
• Mounted drives from one cluster disk to another must be in the same cluster resource group, and must be dependent on the root disk.
Basic Troubleshooting Steps
When working with SQL Server failover clustering, remember that the server cluster consists of a failover cluster instance that runs under Microsoft Cluster Services (MSCS). The instance of SQL Server might be hosted by Microsoft MSCS-based nodes that provide the Microsoft Server Cluster.
If problems exist on the nodes that host the server cluster, those problems may manifest themselves as issues with your failover cluster instance. To investigate and resolve these issues, troubleshoot a SQL Server failover cluster in the following order:
1. Hardware: Review Microsoft Windows system event logs.
2. Operating system: Review Windows system and application event logs.
3. Network: Review Windows system and application event logs. Verify the current configuration against the Knowledge Base article, Recommended Private "Heartbeat" Configuration on a Cluster Server.
4. Security: Review Windows application and security event logs.
5. MSCS: Review Windows system, application event, and cluster logs.
6. SQL Server: Troubleshoot as normal after the hardware, operating system, network, security, and MSCS foundations are verified to be problem-free.
Recovering from Failover Cluster Failure
Usually, failover cluster failure is to the result of one of two causes:
• Hardware failure in one node of a two-node cluster. This hardware failure could be caused by a failure in the SCSI card or in the operating system.
To recover from this failure, remove the failed node from the failover cluster using the SQL Server Setup program, address the hardware failure with the computer offline, bring the machine back up, and then add the repaired node back to the failover cluster instance.
For more information, see How to: Create a New SQL Server Failover Cluster (Setup) and How to: Recover from Failover Cluster Failure in Scenario 1.
• Operating system failure. In this case, the node is offline, but is not irretrievably broken.
To recover from an operating system failure, recover the node and test failover. If the SQL Server instance does not fail over properly, you must use the SQL Server Setup program to remove SQL Server from the failover cluster, make necessary repairs, bring the computer back up, and then add the repaired node back to the failover cluster instance.
Recovering from operating system failure this way can take time. If the operating system failure can be recovered easily, avoid using this technique.
For more information, see How to: Create a New SQL Server Failover Cluster (Setup) and How to: Recover from Failover Cluster Failure in Scenario 2.
Resolving Common Problems
Problem: The Network Name is offline and you cannot connect to SQL Server using TCP/IP
Issue 1: DNS is failing with cluster resource set to require DNS.
Resolution 1: Correct the DNS problems.
Issue 2: A duplicate name is on the network.
Resolution 2: Use NBTSTAT to find the duplicate name and then correct the issue.
Issue 3: SQL Server is not connecting using Named Pipes.
Resolution 3: To connect using Named Pipes, create an alias using the SQL Server Configuration Manager to connect to the appropriate computer. For example, if you have a cluster with two nodes (Node A and Node B), and a failover cluster instance (Virtsql) with a default instance, you can connect to the server that has the Network Name resource offline using the following steps:
1. Determine on which node the group containing the instance of SQL Server is running by using the Cluster Administrator. For this example, it is Node A.
2. Start the SQL Server service on that computer using net start. For more information about using net start, see Starting SQL Server Manually.
3. Start the SQL Server SQL Server Configuration Manager on Node A. View the pipe name on which the server is listening. It should be similar to \\.\$$\VIRTSQL\pipe\sql\query.
4. On the client computer, start the SQL Server Configuration Manager.
5. Create an alias SQLTEST1 to connect through Named Pipes to this pipe name. To do this, enter Node A as the server name and edit the pipe name to be \\.\pipe\$$\VIRTSQL\sql\query.
6. Connect to this instance using the alias SQLTEST1 as the server name.
Problem: SQL Server Setup fails on a cluster with error 11001
Issue: An orphan registry key in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.X\Cluster]
Resolution: Make sure the MSSQL.X registry hive is not currently in use, and then delete the cluster key.
Problem: Cluster Setup Error: "The installer has insufficient privileges to access this directory: \Microsoft SQL Server. The installation cannot continue. Log on as an administrator or contact your system administrator"
Issue: This error is caused by a SCSI shared drive that is not partitioned properly.
Resolution: Re-create a single partition on the shared disk using the following steps:
1. Delete the disk resource from the cluster.
2. Delete all partitions on the disk.
3. Verify in the disk properties that the disk is a basic disk.
4. Create one partition on the shared disk, format the disk, and assign a drive letter to the disk.
5. Add the disk to the cluster using Cluster Administrator (cluadmin).
6. Run SQL Server Setup.
Problem: Applications fail to enlist SQL Server resources in a distributed transaction
Issue: Because the Microsoft Distributed Transaction Coordinator (MS DTC) is not completely configured in Windows, applications may fail to enlist SQL Server resources in a distributed transaction. This problem can affect linked servers, distributed queries, and remote stored procedures that use distributed transactions. For more information about how to configure MS DTC, see Before Installing Failover Clustering.
Resolution: To prevent such problems, you must fully enable MS DTC services on the servers where SQL Server is installed and MS DTC is configured.
To fully enable MS DTC, use the following steps:
1. In Control Panel, open Administrative Tools, and then open Computer Management.
2. In the left pane of Computer Management, expand Services and Applications, and then click Services.
3. In the right pane of Computer Management, right-click Distributed Transaction Coordinator, and select Properties.
4. In the Distributed Transaction Coordinator window, click the General tab, and then click Stop to stop the service.
5. In the Distributed Transaction Coordinator window, click the Logon tab, and set the logon account NT AUTHORITY\NetworkService.
6. Click Apply and OK to close the Distributed Transaction Coordinator window. Close the Computer Management window. Close the Administrative

Technical Interview Questions – Exchange 2003

0

Posted by Nageswari Vijayakumar | Posted in | Posted on 1:32 AM

Tell me a bit about the capabilities of Exchange Server.
What are the different Exchange 2003 versions?
What's the main differences between Exchange 5.5 and Exchange 2000/2003?
What are the major network infrastructure for installing Exchange 2003?
What is the latest Exchange 2003 Service Pack? Name a few changes in functionality in that SP.
What are the disk considerations when installing Exchange (RAID types, locations and so on).
You got a new HP DL380 (2U) server, dual Xeon, 4GB of RAM, 7 SAS disks, 64-bit. What do you do next to install Exchange 2003? (you have AD in place)
Why not install Exchange on the same machine as a DC?
Are there any other installation considerations?
How would you prepare the AD Schema in advance before installing Exchange?
What type or permissions do you need in order to install the first Exchange server in a forest? In a domain?
How would you verify that the schema was in fact updated?
What type of memory optimization changes could you do for Exchange 2003?
How would you check your Exchange configuration settings to see if they're right?
What are the Exchange management tools? How and where can you install them?
What types of permissions are configurable for Exchange?
How can you grant access for an administrator to access all mailboxes on a specific server?
What is the Send As permission?
What other management tools are used to manage and control Exchange 2003? Name the tools you'd use.
What are Exchange Recipient types? Name 5.
You created a mailbox for a user, yet the mailbox does not appear in ESM. Why?
You wanted to change mailbox access permissions for a mailbox, yet you see the SELF permission alone on the permissions list. Why?
What are Query Based Distribution groups?
What type of groups would you use when configuring distribution groups in a multiple domain forest?
Name a few configuration options for Exchange recipients.
What's the difference between Exchange 2003 Std. and Ent. editions when related to storage options and size?
Name a few configuration options related to mailbox stores.
What are System Public Folders? Where would you find them?
How would you plan and configure Public Folder redundancy?
How can you immediately stop PF replication?
How can you prevent PF referral across slow WAN links?
What types of PF management tools might you use?
What are the differences between administrative permissions and client permissions in PF?
How can you configure PF replication from the command prompt in Exchange 2003?
What are the message hygiene options you can use natively in Exchange 2003?
What are the configuration options in IMF?
What are virtual servers? When would you use more than one?
Name some of the SMTP Virtual Server configuration options.
What is a Mail Relay? Name a few known mail relay software or hardware options.
What is a Smart Host? Where would you configure it?
What are Routing Groups? When would you use them?
What are the types of Connectors you can use in Exchange?
What is the cost option in Exchange connectors?
What is the Link State Table? How would you view it?
How would you configure mail transfer security between 2 routing groups?
What is the Routing Group Master? Who holds that role?
Explain the configuration steps required to allow Exchange 2003 to send and receive email from the Internet (consider a one-site multiple server scenario).
What is DS2MB?
What is Forms Based Authentication?
How would you configure OWA's settings on an Exchange server?
What is DSACCESS?
What are Recipient Policies?
How would you work with multiple recipient policies?
What is the "issue" with trying to remove email addresses added by recipient policies? How would you fix that?
What is the RUS?
When would you need to manually create additional RUS?
What are Address Lists?
How would you modify the filter properties of one of the default address lists?
How can you create multiple GALs and allow the users to only see the one related to them?
What is a Front End server? In what scenarios would you use one?
What type of authentication is used on the front end servers?
When would you use NLB?
How would you achieve incoming mail redundancy?
What are the 4 types of Exchange backups?
What is the Dial-Tone server scenario?
When would you use offline backup?
How do you re-install Exchange on a server that has crashed but with AD intact?
What is the dumpster?
What are the e00xxxxx.log files?
What is the e00.chk file?
What is circular logging? When would you use it?
What's the difference between online and offline defrag?
How would you know if it is time to perform an offline defrag of your Exchange stores?
How would you plan for, and perform the offline defrag?
What is the eseutil command?
What is the isinteg command?
How would you monitor Exchange's services and performance? Name 2 or 3 options.
Name all the client connection options in Exchange 2003.
What is Direct Push? What are the requirements to run it?
How would you remote wipe a PPC?
What are the issues with connecting Outlook from a remote computer to your mailbox?
How would you solve those issues? Name 2 or 3 methods
What is RPC over HTTP? What are the requirements to run it?
What is Cached Mode in OL2003/2007?
What are the benefits and "issues" when using cached mode? How would you tackle those issues?
What is S/MIME? What are the usage scenarios for S/MIME?
What are the IPSec usage scenarios for Exchange 2003?
How do you enable SSL on OWA?
What are the considerations for obtaining a digital certificate for SSL on Exchange?
Name a few 3rd-party CAs.
What do you need to consider when using a client-type AV software on an Exchange server?
What are the different clustering options in Exchange 2003? Which one would you choose and why.