Exchange

Remove UM DialPlan Associated with UM IP Gateway for Exchange UM and Lync Integration

Removing DialPlan that is associated with UM IP Gateway (after running ExchUCUtil.ps1 scrip …etc) is not a Next,Next, Finish task as deleting a standard DialPlans.

Andrew Morpeth explained how to do this with details in this very helpful article here: https://ucgeek.co/2014/04/removing-exchange-2013-um-dial-plan/

Below is my attempt to provide an alternate approach to the Powershell script provided in above article (You need to provide the DIalPlan Name in the first line):

$UMDialPlan = "<YourDialPlanName>"
Get-UMMailboxPolicy | where {$_.UMDialPlan -eq $UMDialPlan} | FL Name, UMDialPlan
Get-UMMailboxPolicy | where {$_.UMDialPlan -eq $UMDialPlan} | Remove-UMMailboxPolicy
Get-UMHuntGroup | where {$_.UMDialPlan -eq $UMDialPlan}
Get-UMHuntGroup | where {$_.UMDialPlan -eq $UMDialPlan} | Remove-UMHuntGroup
Get-UMService | where {$_.DialPlans -contains $UMDialPlan} | FL Name, DialPlans
Get-UMService | where {$_.DialPlans -contains $UMDialPlan} | Set-UMService -DialPlans @{Remove="$UMDialPlan"}
Get-UMService | Get-UMCallRouterSettings | where {$_.DialPlans -contains $UMDialPlan} | FL Identity, DialPLans
Get-UMService | Get-UMCallRouterSettings | where {$_.DialPlans -contains $UMDialPlan} | Set-UMCallRouterSettings -DialPlans @{Remove=$UMDialPlan}
Remove-UMDialPlan -Identity $UMDialPlan 

Exchange 2013 Preferred Architecture

Here’s a cut-to-the-chase summary of The Preferred Architecture blog by Ross Smith IV, you will find a link for the original article at the end of this blog.

Here’s the summary (with el touch beta3y):

  • Simplicity, Simplicity, Simplicity.
  • For each exchange service (OWA, SMTP,…) Use one name that balances the connections between the 2 datacenters (If you have 2 Datacenter with “fast” network connection).
  • Each datacenter is a separate AD site.
  • All Exchange servers are multi-role servers (Each Server have Mailbox and CAS roles).
  • All Exchange servers are Physical servers!!!
  • 2 Disks in a RAID 1 to host the OS, Exchange binaries, protocol/client logs, and transport database.
  • JBOD SAS 7.2K disks with large capacity for Databases files and logs.
  • AutoReseed is enabled, and at least 1 disk is reserved for it.
  • DAG is stretched across the 2 Datacenters, and active copies distributed equally across all servers in the DAG.
  • Each Datacenter have the same number of Servers in the DAG.
  • The DAG have even numbers of servers, and a witness server is used for for quorum arbitration.
  • DAG’s witness server is placed in a third reliable Datacenter.
  • Use a single network card that will carry both MAPI and Replication traffic (Assuming you network infrastructure can provides 10 Gb end-to-end).
  • Each database has four copies, with two copies in each datacenter
  • ReplayLagTime is 7 days for the lagged database copy (Set-MailboxDatabaseCopy -Identity DatabaseName\MailboxServerName -ReplayLagTime 7.0:0:0)
  • Backup, Backup, backup.

References:

The Preferred Architecture

Configure AutoReseed for a database availability group

How to Isolate Forefront Protection For Exchange While Troubleshooting Emails Related Issues

It’s likely for while troubleshooting an emails related issues like some Exchange services are not starting, or there’s a delay in the messages processing… etc, that you will be thinking to isolate the issue to perform your root cause analysis.

One thing you may consider is to temporarily disable the integration of the Exchange Services and Forefront Protection for Exchange 2010 (FPE 2010) or the old Forefront Security for Exchange FSE.

A specific utility called Fscutility.exe that’s available in the FPE installation directory (as well as FSE) can help you to easily perform this action as shown below:

1- Open the command prompt (cmd.exe)

2- Move to the Forefront Protection for Exchange installation directory, for Example:

CD “C:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server”

3- To check the current integration status, run this command:

Fscutility /status

4- To Disable the Integration:

Fscutility /disable

5- To Re-Enable the integration:

Fscutility /enable

Note:

I found that this utility parameters are case sensitive, so Fscutility /disable is correct, but Fscutility /Disable will not work.

Ticket#7: Exchange 2007 Stop Receiving Emails From Time to Time

Issue:

Exchange 2007 stops receiving external emails periodically from time to time.

 

Analysis:

When you try to telnet the HUB server IP on port 25 you receive this error:

4.3.1 Insufficient system resources

 

On an SMTP server on the front of the HUB server –that should deliver emails to the HUB server-, the below warning is logged in the Application Event log:

Message delivery to the host ‘HUB_SERVER_IP’ failed while delivering to the remote domain ‘DOMAIN.TLD’ for the following reason: An SMTP protocol error occurred.
The SMTP verb which caused the error is ‘MAIL’.  The response from the remote server is ‘452 4.3.1 Insufficient system resources

 

Well, now go to the HUB server, open the event viewer, and filtered the Application log by:

Source: MSExchangeTransport

Category: ResourceManager

 

You will find Warning(s) error(s) like the one mentioned below:

 

Exchange Back Pressure

 

Cause:

That’s due to the Back Pressure effect of Exchange 2007/2010, that checks periodically on some aspects on the HUB server(s) and see if it’s out of the limit or not –in my case above, there’s an issue with the free disk space on the Partition C:\-.

 

Solution:

Solve the issue mentioned in the event viewer.

Note: While it’s possible to disable the Back Pressure, it’s not recommended at all.

best way to go, is to investigate why it’s happening, and solve the root cause.

What is SMTP Session Tarpitting.

SMTP Session Tarpitting for Windows 2003 and Exchange

A common strategy for increasing the cost of would-be mail abuse uses a technique called tarpitting. Mail servers that tarpit wait a specified period of time before issuing SMTP responses to the client, thus increasing the time investment needed to successfully send a large amount of mail or a constant stream of (usually invalid) SMTP commands. To minimize the impact on the performance of well-meaning senders, servers can tarpit responses only for SMTP errors and allow authenticated clients to bypass the tarpit time.

Tarpitting is a useful countermeasure for:

  • Dictionary harvest attacks (where an attacker is trying to compile a list of valid e-mail addresses from your organization)
  • User account attacks (where an attacker repeatedly attempts to authenticate via username/password guessing)
  • Spam scripts that send more invalid than valid e-mail recipients.

Most of these abuses depend on quick SMTP server responses to complete in an acceptable timeframe. SMTP servers that tarpit slow down the amount of work they can do in a given amount of time, thereby making the abuse less enticing or lucrative.

Until recently, there wasn’t a way to enable tarpitting behavior for Windows/Exchange. Now, you can.

Simply install the KB:842851 package and KB:885881 package. The only requirement is that you’re running Windows Server 2003 with Internet Information Services 6.0. If you’re running Microsoft Exchange, the package automatically integrates with it.

Then, create/set the following registry key:

HKLM\System\CurrentControlSet\Services\SmtpSvc\Parameters\TarpitTime (DWORD)

The key value is the number of seconds you wish the server to tarpit error responses. You must stop/start the SMTP service for the change to take place.

When used with Microsoft Exchange Server 2003 features like recipient lookup, tarpitting increases the cost of invalid lookups that makes it harder to abuse the feature to launch a dictionary harvest attack.

Update#1

SMTP Tarpitting In Exchange 2007…

SMTP Tarpitting is enabled by default in Exchange 2007. This is really good news as admins who configure recipient filtering are automatically protected against directory harvest attacks. This was not the case in exchange 2003, as a registry edit was necessary to enable the feature. Check this KB article for information regarding how to enable tarpitting on an exchange 2003 server.

SMTP Tarpitting is the feature by which a delay is introduced to the rejection response. When a recipient is rejected with a 5.x.x response, a delay of few seconds is introduced before the response is initiated. This makes it difficult for spammers to find legitimate email addresses in a domain by using directory harvesting attacks.

Exchange 2007 has a default tarpit interval of 5 seconds, which can be increased upto a maximum of 10 minutes. Much thought should be put in while changing the tarpit interval, as it will affect legitimate emails as well (the ones that are not spam, like misspelt addresses). The default interval is good in most cases. Tarpit interval is set on the receive connector and is in the format hh:mm:ss.

In order to find the tarpit interval, run the following command

Get-ReceiveConnector connectorname | select tarpitinterval

To increase the tarpit interval to 10 seconds, run Set-ReceiveConnector connectorname –TarpitInterval 00:00:10

Run Set-ReceiveConnector connectorname –TarpitInterval 00:00:00 to disable tarpitting (not recommended).

Sources: The Microsoft Exchange Team Blog, How Exchange Works

Forefront Protection 2010 for Exchange Server Capacity Planning Tool

Download

Brief Description

The Forefront Protection 2010 for Exchange Server (FPE) capacity planning tool lets you understand the hardware requirements for planning new FPE deployments. It also lets you evaluate the system requirements for existing deployments.

Overview
The FPE capacity planning tool helps you understand how CPU utilization and memory requirements vary by specifying different protection settings of FPE. This tool is based on the capacity planning guidance provided for Exchange Server 2010. The FPE capacity planning tool uses two specific reference architectures, the Standard Reference Architecture which is targeted at the small to medium size customers and then the Enterprise Reference Architecture targeting larger organizations. You can select a workflow associated with a reference architecture and specify CPU utilization and maximum memory constraints for your targeted hardware. You can specify the desired protection settings for each of the FPE server roles in the associated reference architecture, and describe the desired environment to be supported. After all these items are specified, the tool produces a summary of the hardware requirements with the number of servers that should be utilized to support the targeted environment given the FPE protection settings and the specified hardware constraints. The tool also provides performance guidance using graphs to understand performance aspects of the product and comparative performance of virtualized and non-virtualized scenarios with different operating systems and Exchange versions.

System Requirements

* Supported Operating Systems:Windows 7;Windows Server 2003;Windows Server 2008 R2;Windows Vista;Windows XP

Microsoft Excel 2007 or higher.

Instructions

Download the file and open in Excel. Thoroughly read the “Directions” and “Readme” tabs.

Ref.: http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=2303c87d-f976-4424-a192-24d2af02064d&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MicrosoftDownloadCenter+%28Microsoft+Download+Center%29#tm

Forefront for Exchange troubleshooting: How to use the Fscutility.exe Utility

How to use the Fscutility.exe Utility to disconnect (remove services dependency) the Forefront Security services from Exchange Server or from SharePoint Portal Server:

INTRODUCTION
This article describes how to use the Fscutility.exe program in Microsoft Forefront Security for Exchange or in Microsoft Forefront Security for SharePoint to disconnect the Forefront Security services from Microsoft Exchange Server or from Microsoft SharePoint Portal Server.

Note Forefront Security for Exchange was previously called Microsoft Antigen for Exchange. Forefront Security for SharePoint was previously called Antigen for SharePoint.
MORE INFORMATION
Warning This workaround may make a computer or a network more vulnerable to atta…
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

If you are an administrator, you can use the Fscutility.exe program to disconnect the Forefront Security services from the Exchange server or from the SharePoint server. After you disconnect the Forefront Security services from the Exchange server or from the SharePoint server, Forefront Security is disabled.

In this scenario, Forefront Security remains installed. However, it is no longer connected to the Exchange server or to the SharePoint server. Therefore, Forefront Security cannot scan incoming and outgoing e-mail messages. You may have to disable Forefront Security to do any of the following:

* Troubleshoot issues with Forefront Security
* Run diagnostics on the server
* Install a service pack on the server

For example, if you are experiencing an issue with Forefront Security but you are not sure whether the issue is caused by Forefront Security, you can use the Fscutility.exe program to disable Forefront Security. Then, you can test to see whether the issue still occurs.

You can use the following command-line options with the Fscutility.exe program:

* /status Use this option to display the status of Forefront Security and of the Exchange server or the SharePoint server.
* /enable Use this option to enable Forefront Security if the Exchange server or the SharePoint server services have been stopped.
* /disable Use this option to disable Forefront Security if the Exchange server or the SharePoint server services have been stopped.
* /remove Use this option to remove Microsoft Forefront Security’s registry keys.
* /regmon Use this option to register FSCMonitor.
* /unregmon Use this option to unregister FSCMonitor.

To use the Fscutility.exe program to disconnect the Forefront Security services from the Exchange server or from the SharePoint server, follow these steps:

1. Stop the Exchange server services or the SharePoint server services and the Forefront Security services. To do this, follow these steps:
1. Click Start, click Run, type services.msc, and then click OK.
2. Right-click the service that you want to stop, and then click Stop.

Note Stop the Exchange server services in the following order:
1. FSCController
2. Microsoft Exchange Transport Service
3. System Attendant
4. Information Store

Note Stop the SharePoint server services in the following order:
1. FSCController
2. IIS Admin Service
Note When you stop the Exchange server services or the SharePoint server services, the Forefront Security services will be stopped automatically. If a Forefront Security service is still running after you stop the Exchange server services or the SharePoint server services, right-click the Forefront Security service that is still running. Then, click Stop.
2. Start a command prompt, and then move to the Forefront Security for Exchange folder. By default, the Forefront Security for Exchange folder is in the following location:
Program Files (x86)\Microsoft Forefront Security\Exchange Server
The Forefront Security for SharePoint folder is in one of the following locations:
* x86
Program Files\Microsoft Forefront Security\SharePoint
* x64 or IA-64
Program Files (x86)\Microsoft Forefront Security\SharePoint
3. At the command prompt, type the following command to disable the Forefront Security service, and then press ENTER.

Important When you run this command, the Forefront Security services will be disconnected from the Exchange Server or from the SharePoint server. During this time, Forefront Security will be disabled. Forefront Security will not be protecting your environment by using enhanced virus protection. We recommend that you use the Fscutility.exe program to disable Forefront Security only in a controlled environment. Additionally, make sure that you use an alternative method to maintain enhanced virus protection when Forefront Security is disabled.

Fscutility /disable

After you run this command, you receive the following message:
Microsoft Forefront Server Security VSAPI hooking dll is disabled.
Status: Microsoft Forefront Server Security NOT Integrated
To enable the Forefront Security service, type the following command, and then press ENTER:

Fscutility /enable

After you run the command, you receive the following message:
Microsoft Forefront Server Security VSAPI hooking dll is enabled.
Status: Microsoft Forefront Server Security successfully integrated!
4. To make sure that the Forefront Security services are disconnected from the Exchange server or from the SharePoint server, type Fscutility /status, and then press ENTER.
5. Troubleshoot Forefront Security, run diagnostics, or install a service pack.
6. Restart the Exchange server or the SharePoint server services that you stopped. To do this, follow these steps:
1. Click Start, click Run, type services.msc, and then click OK.
2. Right-click the Exchange server services or the SharePoint server services that you want to start, and then click Start.

After you start the Exchange server services or the SharePoint server services, make sure that the Forefront Security services have restarted. The Forefront Security services should automatically restart after you restart the Exchange server services. If a Forefront Security service has not restarted, right-click the Forefront Security service, and then click Start.

APPLIES TO

* Forefront Security for Exchange

Ref:  KB929076