TCP/IP Filtering is a “cheap” way to close off or open up certain ports to the outside world. Filtering was never meant to be an all-encompasing security approach, and should never be treated as such. It is an often overlooked but extremely easy security measure to implement. A couple notes of caution when using TCP/IP Filtering:

1. It applies to ALL network adapters on the computer, so adjust accordingly. If you have two adapters and they both need certain ports open/closed, the filtering policy will be applied to both.

2. You will need to restart your computer when changes are applied. In a server environment, sometimes this is an issue.

Steps:

Start Menu –> Control Panel –> Network and Internet Connections –> Right-Click (on the Adapter you want) and select Properties


The Following Properties box comes up: Select Internet Protocol (TCP/IP) and select Properties.

Select Advanced under the General Tab in TCP/IP Properties.

Under the Advanced Settings, select the Options tab, select TCP/IP filtering and select Properties.

In the TCP/IP Filtering dialog box, check Enable TCP/IP Filtering (All Adapters) and select Permit Only under TCP Ports or UDP Ports depending on your particular needs. Click here for a list of common ports and their uses.

(No Ratings Yet)

No Comments |  Print This Post

Here are a few TCP / UDP Ports you might come across. It is useful when applying TCP/IP Filtering to make sure all your services continue working

(No Ratings Yet)

2 Comments |  Print This Post

‘Microsoft Exchange Server’ reported error (0x8004010F) is received when trying to send and receive email on Outlook 2000/2003 with Exchange Server 2003. It occurs when Outlook hasn’t synchronized the offline address book properly, or it has been corrupted or missing.

If the OAB is missing, the server might be pointed to the wrong location of the address book.

1. Open Exchange Manager
2. Double-click Servers
3. Double-click on Server Name
4. Double-click on Storage Group (Ex. First Storage)
5. Right-click on it and select “Properties”
6. Make sure there is a server listed in the box. If not, browse to it.

If the Offline Address Book (OAB) is corrupted, you must rebuild it.

1. Open Exchange Manager
2. Double-click Recipients Folder
3. Double-click Offline Address List
4. Right-click on it and select “Rebuild”

(No Ratings Yet)

No Comments |  Print This Post

‘Microsoft Exchange Server’ reported error (0x8004011D): ‘The server is not available. Contact your administrator if this condition persists.’

This is a familiar error for many people. In my experience of diagnosing and fixing exchange issues, 9 / 10 times there has been an information store being dismounted due to an underlying service crashing.

Let’s go through a few basic steps to narrow it down:

1. Check to see that all MSExchange Services are started. (MSExchangeES, MSExchangeIS, MSExchangeMTA, MSExchangeSA)
2. If any of these are not started, start them!
   net start MSExchangeES /yes
   net start MSExchangeIS /yes
   net start MSExchangeMTA /yes
   net start MSExchangeSA /yes
3. Check to see if the Information Stores are mounted. Exchange Manager -> Servers -> Server Name -> First Storage Group -> Right-click on Mailbox Store and select “Mount Store” if dismounted.
4. Perform a database check.
   C:\Program Files\Exchsrvr>bin\eseutil /mh mdbdata\priv1.edb
5. Sometimes the error code will be thrown when a database is “dirty.” Doing the above check reveals what state the database is in, if you see State: Dirty Shutdown, then you must make sure all transaction logs from the checkpoint and later are present, then mount the store. If the logs are gone, you have to repair the database using Eseutil /p to make the database consistent to start. This can result in data loss, so back up everything beforehand just in case. After running Eseutil /p, run Eseutil /d to defrag the database. Then run the Information Store integrity checker Isinteg.exe -fix. Running these commands should fix any problems associated with a dirty database, and allow the stores to be mounted again. Please do make sure you have 1.5 – 2 times the database file size in free space on the drive for the system to work.

(average: 1.00 out of 5)

1 Comment |  Print This Post

Exchange server runs atop Active Directory on Windows. If underlying services are performing poorly, exchange server performance will suffer also.

Assigning a Specific Global Catalog Server to Exchange

Every time Active Directory needs to access the Global Address List (GAL) it queries the Global Catalog Server through LDAP. The default Global Catalog Server is the first domain controller deployed in the AD forest. The GCS holds all forest operations. If the GCS has other roles or services on it, it can get overloaded easily.

You can designate one or more domain controllers to act as Global Catalog Servers. Once you have done this, you can have Exchange use a specific GCS. If that server ever fails or is unreachable, it will use one of the other GCS’ available.

1. Go to Active Directory Sites and Services Console -> Sites -> Default First Site Name -> Servers -> Server of choice -> NTDS Settings -> Right-Click and select Properties.

2. Go to the General Tab and Select the Global Catalog checkbox. Click OK.

3. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
   MSExchangeDSAccess\Profiles\Default\UserDC1 on the Exchange Server. If it is not there, create it.

4. Create a REG_SZ value named HostName. Type in the fully qualified domain name (FQDN) of the global catalog server you wish to use.

5. Create a REG_DWORD value named IsGC. Assign a value of 0x1.

6. Create a REG_DWORD key named PortNumber. Assign a value of 0xCC4 or 0xCC5 for SSL. This is the LDAP port for accessing the GCS.

7. Relax and watch your Exchange Server run faster and more efficiently.

(No Ratings Yet)

No Comments |  Print This Post