Professional Documents
Culture Documents
Reference Guide
Microsoft Corporation
Abstract
This guide is for Exchange Server experts who require detailed information about the
architecture and interaction among core components of Microsoft Exchange Server 2003.
Contents.................................................................................................................. .................3
How to Display All Information Obtained for a Mailbox Store or Public Folder Store............148
Procedure........................................................................................................................ ..148
How to Enable the Enable Direct Metabase Edit Feature in IIS Manager............................237
Before You Begin................................................................................... ...........................238
Procedure........................................................................................................................ ..238
How to Enable Diagnostics Logging for the SMTP Service in Exchange System Manager..308
Before You Begin................................................................................... ...........................308
Procedure........................................................................................................................ ..309
How to Set the Diagnostics Logging Level for MSExchangeTransport Categories to Field
Engineering......................................................................................................... ..............309
Before You Begin................................................................................... ...........................309
Procedure........................................................................................................................ ..310
For More Information................................................................................................... ......310
How to Replay DAT Files After an MTA Database Wipe via a Complete Replay..................347
Before You Begin................................................................................... ...........................347
Procedure........................................................................................................................ ..348
For More Information................................................................................................... ......349
How to Replay DAT Files After an MTA Database Wipe via a Remote Replay.....................350
Before You Begin................................................................................... ...........................350
Procedure........................................................................................................................ ..351
For More Information................................................................................................... ......351
How to Replay DAT Files After an MTA Database Wipe via an Incremental Replay.............352
Before You Begin................................................................................... ...........................352
Procedure........................................................................................................................ ..352
For More Information................................................................................................... ......353
How to Check Whether a Server Running Exchange Server Contains a Replica of the
Free/Busy System Folder for the Administrative Group.................................................... .479
Before You Begin................................................................................... ...........................479
Procedure........................................................................................................................ ..479
How to Enable SMTP Logging and Log the Files to a Shared Disk......................................594
Before You Begin................................................................................... ...........................595
Procedure........................................................................................................................ ..595
How to Create Virtual Directories for an Exchange Virtual Server in a Windows Server Cluster
.......................................................................................................................... ................597
Before You Begin................................................................................... ...........................597
Procedure........................................................................................................................ ..598
For More Information................................................................................................... ......599
How to Create an HTTP Virtual Server Resource for an Exchange Virtual Server in a
Windows Server Cluster............................................................................................ ........599
Before You Begin................................................................................... ...........................600
Procedure........................................................................................................................ ..600
Copyright............................................................................................................. .................600
16
This detailed reference guide is not for beginning administrators and does not show you how
to implement or maintain Exchange Server 2003. Instead, this guide is for Microsoft Certified
Systems Engineers (MCSEs) and Exchange Server experts who want to take their
knowledge about Exchange Server 2003 to the next level.
Note:
Download Microsoft Exchange Server 2003 Technical Reference Guide to print or
read offline.
This detailed reference guide is not for beginning administrators and does not show you how
to implement or maintain Exchange Server 2003. Instead, this guide is for Microsoft Certified
17
System Engineers (MSCEs) and Exchange experts who want to take their knowledge about
Exchange Server 2003 to the next level. See "What Should You Read First?" later in this topic
for a list of books that you might want to study before reading this technical reference guide.
This technical reference guide is structured according to the key components in Exchange
Server 2003, so that you can choose the chapter that interests you. For example, if you are
troubleshooting Active Directory communication problems, go to Exchange Server 2003 and
Active Directory, or if you are having issues with the SMTP service, go to SMTP Transport
Architecture. This guide provides detailed answers to the following questions:
• How are the various Exchange Server 2003 components integrated with the
operating system?
• What are the services dependencies of each Exchange Server 2003 component?
• How does Exchange Server 2003 handle message transfer and routing?
• What are the internal components of the Simple Mail Transfer Protocol (SMTP)
service that Exchange Server 2003 replaces or extends to implement Exchange-
specific functionality?
• How exactly does the SMTP service communicate with the Exchange store for
inbound and outbound message transfer?
• What is the role of the Exchange message transfer agent (MTA) in the message
transfer architecture?
• What is the architecture of the Extensible Storage Engine (ESE) that Exchange
Server 2003 uses to maintain the Exchange store?
18
• How does Exchange Server 2003 replicate public folders between servers in the
same Exchange organization?
This guide was designed for the following types of Exchange experts:
• System developers who create messaging solutions that go beyond the standard
capabilities of Exchange Server 2003.
Exchange Server 2003 Technical Reference Guide assumes that you have read the following
books:
• Exchange Server 2003 Deployment Guide This book provides installation and
deployment information for intermediate and advanced administrators who plan to
deploy Exchange Server 2003.
19
• Exchange Server 2003 Administration Guide This book covers the core
concepts of Exchange Server 2003 administration.
• Exchange Server 2003 Interoperability and Migration Guide This book guides
you through the process of determining an efficient strategy to move from common
non-Exchange messaging platforms, such as Lotus Notes and Domino, Novell
GroupWise, and other messaging systems, to Exchange Server 2003.
• It supports various e-mail clients that are used to access or download messages.
Exchange Server 2003 includes these features and many more. However, Exchange
Server 2003 does not provide these features by itself. Exchange Server 2003 integrates
tightly with the TCP/IP infrastructure provided by Microsoft Windows Server 2003 and Active
Directory directory service. To understand the Exchange Server 2003 architecture, you must
first understand TCP/IP-related technologies, Microsoft Windows Server 2003, and
Active Directory.
Additionally, you must be familiar with the following general messaging concepts:
• Message store This includes understanding the role and purpose of the
message store in a messaging system.
20
• Supported e-mail clients This includes understanding the various clients and
message access protocols that you can use in an Exchange Server 2003
organization.
This section gives you a foundation for later topics in this technical reference. For maximum
benefit from this guide, you must be familiar with Windows Server 2003 technologies.
For more information about Windows Server 2003, see the Windows Server 2003 Technology
Centers.
• An interface that e-mail clients can use to communicate with a server in the
messaging environment
• Directory The directory contains information about the users of the system.
This information is used to deliver messages to the intended users. The directory
also stores most of the configuration information about the message handling
system. It includes information about how the system is configured and how to route
messages from one messaging server to another. In Exchange Server 2003,
Active Directory provides the directory. Many components in Exchange Server 2003
use a directory access module, known as DSAccess, to communicate with
Active Directory. For more information about Exchange Server 2003 directory
architecture, see Exchange Server 2003 and Active Directory.
• Message store In Exchange Server 2003, the message store (that is, the
Exchange store) stores e-mail messages and other items in mailboxes and public
folders. It also contains message tables that the transfer subsystem uses to store
messages temporarily when messages are routed from one server to another. The
Exchange store relies on Extensible Storage Engine (ESE) technology to implement
the messaging databases. For more information about Exchange store architecture,
see Exchange Information Store Service Architecture.
• User agent The user agent provides access to the messaging system. In other
words, the user agent is the messaging client. Exchange Server 2003 supports a
wide variety of messaging clients, including MAPI clients, HTTP clients, and clients
that use POP3, IMAP4, and Network News Transfer Protocol (NNTP). Lightweight
Directory Access Protocol (LDAP) support for directory lookups, on the other hand, is
provided by Active Directory.
22
• IP and TCP Exchange Server 2003 requires TCP/IP to communicate with other
computers on the network. Exchange Server 2003 does not support other network
protocols.
• DNS Exchange Server 2003 requires DNS to resolve the IP addresses for other
hosts on a TCP/IP network, locate domain controllers and global catalog servers in
an Active Directory domain, and locate the e-mail servers in other messaging
organizations.
• DHCP and WINS Exchange Server 2003 does not require Dynamic Host
Configuration Protocol (DHCP) to function. But some of the networking clients on the
23
TCP/IP network may require this service. DHCP is used to automatically assign an IP
address to computers on a network. Windows Internet Name Service (WINS), on the
other hand, is used by Microsoft Windows clients to perform NetBIOS name
resolution. In network environments that contain routers that do not forward
broadcasts across network segments, WINS is required to resolve the IP addresses
for other computers on the network. Exchange Server 2003 requires WINS.
• Active Directory Active Directory provides the directory service for Exchange
Server 2003.
• Windows I/O Manager The I/O Manager on the server that is running
Exchange Server manages the transfer of data between the server hard disks.
Exchange Server 2003 uses the I/O Manager to access the transaction logs and
databases that are stored on the server hard disk. The I/O Manager also controls the
network file systems, such as server and client for Microsoft networks. Exchange
Server 2003 shares several file-system folders for network access and accesses
these folders using the Microsoft network file system.
Directory Integration
The Exchange Server 2003 information in Active Directory includes information about
recipients in the messaging system, as well as configuration information about the messaging
organization. Active Directory also provides the security subsystem for Exchange
Server 2003. Active Directory security ensures that only authorized users can access
mailboxes and that only authorized administrators can modify the Exchange configuration in
the organization.
24
• Mail-enabled contacts A mail-enabled contact does not have a SID and thus
does not have an Exchange mailbox in the Exchange organization. This means that a
mail-enabled contact cannot access resources in the domain, but the recipient object
is visible in the global address list. E-mail messages sent to a contact are routed to
the e-mail address associated with the contact object.
Note:
Exchange recipient objects are stored in the domain partition in Active Directory
(Active Directory partitions are also referred to as directory partitions). The domain
partition contains all of the objects in a specific domain and is replicated to every
25
domain controller in that domain, but not beyond that domain. The domain partition is
shown in Figure 1.3. For more information about the replication of domain
information, see the product documentation in the Windows Server 2003 Technology
Centers.
• DSProxy This component provides an address book service for MAPI clients
running Outlook 2002 Service Release 1 (SR-1) and earlier versions. Exchange
versions 5.5 and earlier implemented a directory service so that clients could view the
global address list by querying the server running Exchange Server. In
Exchange 2000 Server and Exchange Server 2003, DSProxy emulates this address
book service.
Note:
Directory Service Proxy (DSProxy) refers Microsoft Outlook 2003 directly to a
global catalog server. Unlike earlier versions of Outlook, Outlook 2003 does not
require a directory proxy component on the server running Exchange Server
itself.
For detailed information about DSAccess and DSProxy, see Exchange Server 2003 and
Active Directory.
27
The following components are involved in every message transfer on a server running
Exchange Server 2003:
• SMTP service The SMTP service handles the SMTP communication between
remote SMTP hosts and clients. This service implements the SMTP protocol
commands that Exchange Server 2003 supports.
• Store driver The store driver allows the SMTP service to communicate with the
Exchange store to save messages that are passing through the SMTP service. The
store driver also handles the delivery of messages for local recipients.
• Routing engine The routing engine provides the routing logic necessary to
pass outbound messages to the correct messaging connector or SMTP virtual server.
• Queue manager The queue manager controls link queues. Link queues are
used to store messages that are waiting for transfer to the next remote destination.
For detailed information on message routing architecture and the relationships between these
components, see Message Routing Architecture.
28
Message delivery within a single routing group has the following characteristics:
Message delivery within a single routing group is illustrated in the following figure.
Exchange Server 2003 supports the use of multiple routing groups. Message delivery
between routing groups has the following characteristics:
• All messages sent between routing groups flow through bridgehead servers in
each routing group.
The following figure illustrates message routing between multiple routing groups.
Exchange Server 2003 supports the following three routing group connectors:
the routing group connector and the SMTP connector, an X.400 connector can be
used to link Exchange routing groups. Generally, X.400 connectors are used only
when connecting to other X.400 messaging systems.
Exchange Server 2003 supports the following optional connectors that you can use to
connect the organization to non-Exchange messaging systems:
• Exchange Connector for Lotus Notes Exchange Connector for Lotus Notes is
used for message routing and directory synchronization between an Exchange
organization and a Lotus Notes messaging system.
transaction handling in Exchange Server 2003, see Exchange Information Store Service
Architecture.
The following figure shows one possible storage group and store configuration on a server
running Exchange Server.
The primary reason for deploying multiple storage groups and stores is to reduce the size of
each individual database while still supporting many users on one server. Having multiple
smaller stores enhances Exchange Server backup and recovery. Because all of the stores in
a storage group share a transaction log, each storage group should be backed up as a whole.
If your backup infrastructure supports multiple backup streams, you can back up multiple
storage groups at the same time. If you must restore data on the server running Exchange
Server, you restore each store individually. When you restore each store, you can mount it
and make it available to users.
32
Note:
Exchange Server 2003 supports a dedicated Recovery Storage Group so that you
can restore databases while users are connected to the original databases. Using the
Recovery Storage Group, you can restore individual mailboxes without disconnecting
unaffected users from the server.
Protocol Description
Protocol Description
To understand Exchange Server 2003 as a client/server system, you must be aware of the
following components, their dependencies, and their interactions:
34
This section provides an overview of operating system and Exchange-specific services that
are required to run a fully functional server running Exchange Server 2003. It is assumed that
you are familiar with the Microsoft Windows Server 2003 platform, networking services, and
Active Directory, as well as Exchange Server 2003 administration concepts. For additional
information about Windows Server 2003, see the Windows Server 2003 Technology Centers.
For additional information about Exchange Server 2003 administration, see the Exchange
Server 2003 Administration Guide.
35
Note:
The SCM process is a remote procedure call (RPC) server service. RPCs enable
service control programs to communicate with SCM locally or over the network, in
order to control services on remote computers.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
The services database contains a key for each installed service and driver. The name of the
key corresponds to the name of the service, as specified when the service was installed by a
service configuration program. For example, MSExchangeIS is the name of the Microsoft
Exchange Information Store service and MSExchangeSA is the name of the Microsoft
Exchange System Attendant service. The maximum service name length is 256 characters.
The following figure shows several Exchange-specific service entries in the registry.
Note:
The names that you can see when working with the Services tool are the display
names of Windows services. For example, MSExchangeSA has a display name of
Microsoft Exchange System Attendant. The display name is defined in a REG_SZ
value named DisplayName that you can find under:
37
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<service
name>.
Note:
When administering services that take a very long time to start, remember that you
cannot reconfigure startup type or other configuration settings during the service start
process, because SCM locks the service database. You can apply configuration
changes only before or after you start a service.
configuration to discard the most recent changes to the service configuration. Windows stores
the "last known good" configuration in the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001
registry key and updates this key every time you log on successfully to the operating system.
When you log on to Windows with an incorrect configuration, you apply the incorrect settings
to the "last known good" configuration.
To quickly verify the dependencies and startup type of Exchange services, you can use the
tool SC.exe with the command sc <service name> qc. For example, the following output
represents the standard configuration of System Attendant (command line: sc qc
MSExchangeSA):
SERVICE_NAME: MSExchangeSA
TYPE : 10 WIN32_OWN_PROCESS
ERROR_CONTROL : 1 NORMAL
LOAD_ORDER_GROUP :
TAG : 0
SERVICE_START_NAME : LocalSystem
To determine the startup type, from the Services tool, click the General tab, and then click
Startup Type. You can also use the Services tool to start System Attendant or use SC.exe
with the command line sc start MSExchangeSA. You can also start services with the net
start command, such as net start MSExchangeSA. Most administrators prefer using the
Services tool.
Whether you use the Services tool, SC.exe, the net start command, or any other service
control program, SCM performs the following sequential steps to start a service:
The user name and password of the service account are specified at the time the service
is installed. SCM stores the user name in a REG_SZ registry value named ObjectName
within the Registry key of the individual service
(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<service name>). The
password is in a secure portion of Local Security Authority (LSA). You can change the
service account in the Services tool, using the Log On tab.
Note:
Exchange Server 2003 services use the LocalSystem account by default. The
LocalSystem account is a predefined local account that has extensive privileges
39
on the local computer. This account is only available to system processes and
does not have a password.
All active processes must have an identity in Windows, and service applications are no
exception. When starting a service, SCM uses the account information obtained from the
services database and logs on to Windows. On the local computer, the account that SCM
uses to log on must have the special user right Log on as a service.
Note:
The LocalSystem account has the Log on as a service right implicitly, because
this account has complete access to all local resources.
3. Creates the service in suspended state
SCM starts new services in a suspended state, because the service is useful only after
SCM adds the required security information to the new process.
After it completes the logon procedure and assigns the access token, SCM can allow the
service to run and perform its functions.
A service control program can stop a service using a service control function by sending
a SERVICE_CONTROL_STOP request to the service through SCM.
If SCM determines that other services are running that are dependent on the service
specified in the stop request, SCM returns an error code to the service control program.
Before it triggers the stop procedure, the service control program must enumerate and
stop all services that depend on the specified service. For example, the Services tool
displays a Stop Other Services dialog box, which asks if you want to stop all dependent
services as well. SC.exe, however, simply reports the failure code and states that the
service cannot be stopped, because other active services depend on it.
If it detects no dependent active services, SCM instructs the specified service to stop by
forwarding the stop code to the service. The service must now free its allocated
resources and shut down.
• Service Type A service can be a file system driver, device driver, or a Windows
service, and can run its own process or share a process with other services. System
Attendant is an example of a service that runs its own process. The SMTP service,
however, is a service that shares a process with other services that are integrated
with Internet Information Services (IIS).
• Current state The service state can be starting, running, paused, stopping, or
not running.
• Acceptable control codes Theses are the control codes that the service is
able to accept and process in its handler function, according to the current state.
• Windows exit code The service uses this code to report an error that occurs
when it is starting or stopping. To return an error code specific to the service, the
service must set this value to ERROR_SERVICE_SPECIFIC_ERROR to indicate that
additional information can be found in the service exit code. The service sets this
value to NO_ERROR when it is running or stopping properly.
• Service exit code The service uses this code to report an error when it is
starting or stopping. The value is ignored unless the Windows exit code is set to
ERROR_SERVICE_SPECIFIC_ERROR.
• Wait hint The service uses this code to report the estimated time, in
milliseconds, required for a pending start, stop, pause, or continue operation.
• Checkpoint The service uses this value to periodically report its progress
during a lengthy start, stop, pause, or continue operation. For example, the Services
tool uses this value to track the progress of the service during start and stop
operations.
Tip:
To display the current status for all Windows services, you can use the command sc
query state= all type= service.
41
• Full control to all local resources Because Exchange Server 2003 services
have full control over all local resources, these services usually have unrestricted
access to the registry database, IIS metabase, and the file system. This is not the
case, however, if the special Windows account SYSTEM or the Everyone account is
explicitly denied access, which is not recommended. Thus, if Exchange 2003 is
installed on a domain controller, Exchange Server 2003 services have full access to
Active Directory, because the domain controller hosts a directory replica, and
LocalSystem has complete access to local resources.
Note:
Most security-conscious organizations do not install Exchange Server 2003 on a
domain controller, because this installation does not enable separate
administration of Exchange Server 2003 and Active Directory.
The NetworkService account corresponds to the computer account of the local computer
in the domain. An Exchange service that runs in the security context of the LocalSystem
account uses the local computer account credentials when accessing domain resources,
such as Active Directory, over the network. Thus, Exchange Server 2003 has
substantially fewer privileges on a member server than on a domain controller, because
computer accounts by default have very few privileges and do not belong to any groups.
The default configuration for computer accounts permits only minimal access to
Active Directory.
To address this issue and grant the computer account the required permissions,
Exchange Server 2003 creates the following two special security groups in
Active Directory:
42
Note:
Do not rename or move the Exchange Domain Servers or Exchange Enterprise
Servers security groups, and do not remove computer accounts of existing
servers running Exchange from these groups.
• The startup
program logs the
error but continues
the startup operation.
• The startup
program logs the
error and displays a
message but
continues the startup
operation.
• The startup
program logs the
error. If the "last
known good"
configuration is
started, the startup
operation continues.
Otherwise, the
system is restarted
with the "last known
good" configuration.
• The startup
program logs the
error, if possible. If
the "last known good"
configuration is
started, the system
startup is cancelled.
Otherwise, the
system is restarted
with the "last known
good" configuration.
45
• Enum This key contains parameters that SCM uses to enumerate the services
in the services database. For example, the REG_SZ parameter 0 contains a value
that refers to subkeys under the
47
Caution:
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.
In addition to the Windows kernel, Exchange Server 2003 has the following Windows
services dependencies:
• Event Log This service enables event log messages issued by Exchange
services and other Windows-based programs and components to be viewed in Event
Viewer. This service cannot be stopped.
• NTLM Security Support Provider This service provides security for programs
that use remote procedure calls (RPCs) and transports other than named pipes to log
on to the network using the NTLM authentication protocol.
48
• Remote Procedure Call (RPC) This service enables the RPC endpoint mapper
to support RPC connections to the server. This service also serves as the
Component Object Model (COM).
RPCs and lightweight remote procedure calls (LRPCs) are important inter-process
communication mechanisms. LRPCs are local versions of RPCs. LRPCs are used
between the Exchange store and those server components that depend on MAPI and
related APIs for communication, such as messaging connectors to non-Exchange
messaging systems. Regular RPCs, however, are used when clients must communicate
with server services over the network. Typical RPC clients are MAPI clients, such as
Microsoft Outlook and Exchange System Manager, but internal components of System
Attendant, such as DSProxy, are also RPC clients. To accept directory requests from
MAPI clients and pass them to an address book provider, DSProxy must use RPCs to
communicate with Active Directory through the name service provider interface (NSPI).
For more information about DSProxy, see Exchange Server 2003 and Active Directory.
Note:
By default, Exchange services use dynamic TCP ports between 1024 and 5000
for RPC communication. For various services, such as System Attendant and
Exchange Information Store service, it is possible to specify static ports using
registry parameters. However, the client must contact the RPC endpoint mapper
whether the port assignment is dynamic or static.
• Server This service enables file and printer sharing and named pipe access to
the server through the server message block (SMB) protocol. For example, if you
access message tracking log files using the message tracking center in Exchange
System Manager, you communicate with the server service because message
tracking logs are shared for network access through \\<server name>\<server
name>.Log, such as \\Server01\Server01.log. The SMB protocol is also required for
remote Windows administration.
The SCM key for the server service is lanmanserver. Underneath this registry key, you
can find an important subkey called Shares. This key contains parameters for all shares
on the server. One share that is particularly important for System Attendant is Address,
which provides access to the proxy address generation DLLs that the Recipient Update
Service uses to assign mailbox-enabled and mail-enabled recipient objects, X.400,
SMTP, Lotus Notes, Microsoft Mail, Novell GroupWise, and Lotus cc:Mail addresses
according to the settings in recipient policies. Address generation DLLs are accessed
over the network, because gateway connectors (and their address generation DLLs) do
not necessarily exist on the local server running Exchange Server. Recipient Update
Service is part of System Attendant, so the server service must be started before System
Attendant can start.
• Workstation This service is the counterpart to the server service. It enables the
computer to connect to other computers on the network based on the SMB protocol.
This service must be started before System Attendant will start.
In addition, there are also several Windows services that Exchange Server 2003 requires in
specific situations:
• COM+ Event System This service supports system event notification for COM+
components, which provide automatic distribution of events to subscribing COM
components. You should not disable this service on servers running Exchange
Server 2003, because event sinks wrapped in a COM+ component application that
run out-of-process on the server will not function properly.
• HTTP SSL This service implements the secure HTTP (HTTPS) for the HTTP
service, using Secure Socket Layer (SSL). If you want to use HTTPS to secure
Outlook Web Access or RPC over HTTP connections, you must enable this service.
• IPSec Services This service enables Internet Protocol security (IPSec), which
provides end-to-end security between clients and servers on TCP/IP networks. This
service must be enabled if you want to use IPSec to secure network traffic between a
server running Exchange Server and other computers on the network, such as a
front-end server running Exchange Server or domain controller.
• Net Logon This service enables a secure channel between the server running
Exchange Server and a domain controller. This service is required for users to
access mailboxes on the server running Exchange Server and for any service that is
using a domain account to start.
• Performance Logs and Alerts This service collects performance data from
local or remote computers based on preconfigured schedule parameters, and then
writes the data to a log or triggers an alert. If you stop this service, you cannot collect
51
performance information using the Performance Logs and Alerts snap-in, which is
available in the Performance tool.
• System Event Notification This service monitors system events and notifies
subscribers to COM+ Event System of these events. If this service is stopped, COM+
Event System subscribers do not receive Exchange system event notifications. The
following table lists the system events provided by Exchange Server 2003.
Event Description
• Volume Shadow Copy This service manages and implements Volume Shadow
Copies used for backup and other purposes. This service must be running if your
backup solution uses an Exchange Server 2003 Volume Shadow Copy service
requestor to create shadow copies of messaging databases. If this service is
disabled, your backup processes could fail.
Note:
The services listed above are configured to start automatically on Windows
Server 2003. They run within the security context of the LocalSystem account.
hosts the NNTP, IMAP4, and POP3 protocol engines that provide Internet users with access
to messaging data over most Internet access protocols. The File Transfer Protocol (FTP)
service is the only IIS protocol service that is not relevant for Exchange 2003, because FTP is
not a messaging protocol.
The following figure illustrates how SMTP, NNTP, IMAP4, POP3, Outlook Web Access,
Outlook Mobile Access, and Exchange ActiveSync are integrated into the architecture of
IIS 6.0.
Exchange Server 2003 relies on the following key components in IIS 6.0:
• Metabase The metabase is a data store that holds IIS configuration data. The
metabase is a plain-text .xml file that can be edited manually or programmatically.
You can find the metabase.xml file in the \Windows\System32\Inetsrv directory. For
more information on the metabase, see Protocol Virtual Servers in Exchange Server
2003.
• IIS Admin service The IIS Admin service (IIS Admin) manages the IIS
metabase and updates the registry for the Web service, FTP service, SMTP service,
53
POP3 service, IMAP4 service, and NNTP service. IIS Admin also provides access to
the IIS configuration information to other applications, such as to the metabase
update service, which is an internal component of System Attendant. For more
information on the metabase update service, see Exchange Server 2003 and Active
Directory.
Note:
The IIS Admin service must be running on every server running Exchange
Server 2003.
• SMTP Service The SMTP service runs the SMTP protocol engine that accepts
incoming SMTP messages on TCP port 25 by default and sends messages to other
hosts using SMTP. On a server running Exchange Server 2003, the SMTP service
also controls the core transport engine. The SMTP service is included with Windows
Server 2003 and is extended by Exchange Server 2003. For more information about
the SMTP transport architecture, see SMTP Transport Architecture.
Note:
Although no other services depend on the SMTP service, the SMTP service must
be running on every Exchange Server 2003, because the entire Exchange
Server 2003 messaging system depends on it.
• POP3 Service The POP3 service is included with Exchange Server 2003 and
provides Internet users with access to their mailboxes through Post Office Protocol
version 3. Clients, such as Outlook Express, can download messages through POP3
when the user has the required permissions and when the POP3 service is running
on the server running Exchange Server. The POP3 service provides access only to
the Inbox folder. Other mailbox folders or public folders are not accessible.
Note:
Because no other Exchange services depend on the POP3 service, the POP3
service is not required to be running if users do not use POP3 clients to access
their mailboxes.
• NNTP Service The NNTP service enables an Exchange Server 2003 server to
host NNTP newsgroups (such as discussion groups) based on public folders.
Because this feature complies fully with the NNTP protocol, users can use any
newsreader client to participate in newsgroup discussions. If the NNTP service runs
on a server running Exchange Server 2003, the NNTP service can also be used to
replicate newsgroups with other NNTP hosts through newsfeeds. The NNTP service
is included with Windows Server 2003 and is extended by Exchange Server 2003.
Note:
Because no other Exchange services depend on the NNTP service, the NNTP
service is not required to be running if you do not replicate newsgroups with other
NNTP hosts and if users do not use newsreader clients to access public folders.
• IMAP4 Service The IMAP4 service ships with Exchange Server 2003 and
enables Internet users to access their mailboxes and public folders through the
Internet Mail Access Protocol version 4. Clients, such as Outlook Express, can
download messages through IMAP4 when the user has the required permissions and
when the IMAP4 service is running on the server running Exchange Server. IMAP4
users can also work with messages directly on the server.
Note:
Because no other Exchange services depend on the IMAP4 service, the IMAP4
service is not required to be running if users do not use IMAP4 clients to access
their mailboxes.
55
• World Wide Web Publishing Service The World Wide Web Publishing service,
included with Windows Server 2003, is a user-mode configuration and process
manager, which manages the IIS components that process HTTP requests and run
Web applications, such as Outlook Web Access, Outlook Mobile Access, and
Exchange ActiveSync. The Web service is also a monitoring component, which
periodically checks the Web applications to determine if these applications are
running or have stopped unexpectedly. The Web service comes with Windows
Server 2003. Exchange Server 2003 extends this service with ISAPI components for
Outlook Web Access, Outlook Mobile Access, and Exchange ActiveSync.
The Web service runs in an Svchost.exe service group called IISSvcs. Svchost.exe uses
service groups to run separate services together in a single instance of Svchost.exe.
Multiple instances of Svchost.exe can run on a server and each Svchost.exe session can
contain a separate group of services. Svchost groups are listed in the following registry
key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost.
Each entry under this key is a REG_MULTI_SZ parameter that represents a separate
Svchost group. Each value contains the service names that run together in a service
group. If you check the value of the IISSvcs entry, you see that the Web service is the
only service in the IISSvcs group.
• World Wide Web Worker Process All Web application processing, including
loading of ISAPI filters and extensions, as well as authentication and authorization, is
done by a World Wide Web worker process. The worker process executable is called
w3wp.exe. Each worker process provides complete isolation from system
components and other Web applications, and receives requests directly from the
HTTP.sys kernel-mode driver.
All necessary HTTP application run-time services, such as ISAPI extension support, are
equally available in any application pool. This design prevents a malfunctioning Web
application or Web site from disrupting other Web applications (or other Web sites)
served from other worker processes on that server. It is now possible to unload in-
process components without having to stop the entire Web service. The host worker
process can be paused temporarily without affecting other worker processes that are
communicating with Web browsers or other Web applications. An application pool can
also leverage other operating system services that are available at the process level (for
example, CPU throttling).
Note:
Applications can be assigned to another application pool in the IIS Manager
snap-in while the server is running. IIS supports up to 20,000 application pools
per server.
HTTP.sys maintains a queue for each application pool so that the individual HTTP
requests are routed to the correct user-mode worker processes serving an application
pool. If a user-mode worker process quits unexpectedly, HTTP.sys continues to accept
and queue requests, provided the Web service is still running. HTTP.sys continues to
accept requests and queues them on the appropriate queue until there are no queues
available, there is no space left on the queues, or the Web service has been shut down.
Once the Web service notices the failed worker process, it starts a new worker process, if
there are outstanding requests waiting to be serviced for the worker process's application
pool. Thus, while there might be a temporary disruption in user-mode request processing,
the user does not experience the failure because requests continue to be accepted and
queued.
Core Windows services and their dependent core Exchange Server 2003 services
IIS Admin service and SMTP service are integrated with IIS, as discussed in the previous
section. The SMTP service must run on every server running Exchange Server 2003 because
all messages sent to or from local recipients must pass through the SMTP transport engine. If
the SMTP service is stopped or unavailable, Exchange Server 2003 cannot deliver
messages. For more information about the routing architecture of Exchange Server 2003,
see Message Routing Architecture.
The core components of Exchange Server 2003 have the following responsibilities.
Offline Address Book Generating offline address The offline address book
Generator books generator (Oabgen.dll)
creates address lists in the
Exchange store on an offline
address list server. Users can
then connect to this server
and download the offline
address lists. Offline address
lists provide access to
address information when a
user is working remotely and
does not have a permanent
connection to the server.
Because offline address lists
are stored in a hidden public
folder, it is possible to
replicate the offline address
lists to multiple servers.
Recipient Update Service Applying recipient policies The Recipient Update Service
and generating proxy (Abv_dg.dll) is the System
addresses Attendant component that
monitors all mail-enabled user
objects and recipient policies,
and applies recipient policies
to mail-enabled user objects.
For more information about
the Recipient Update Service,
see Exchange Server 2003
and Active Directory.
62
The Exchange store uses Extensible Storage Engine (ESE) to maintain the messaging
databases and supports a variety of clients through corresponding store extensions. The
following figure illustrates how the various client types can access messaging data.
MAPI clients communicate directly with the Exchange Information Store service through
MAPI RPCs. Internet clients, however, use protocol engines integrated with IIS, as
explained earlier in this section. Internet clients and Web applications communicate with
the Exchange store through IIS protocol engines. This communication takes place
through a store driver, Epoxy.dll, and store extensions, such as ExSMTP.dll or
ExIMAP.dll. The EPOXY layer is a fast inter-process communication (IPC) mechanism
based on shared memory, which is used by Drviis.dll and store extensions to coordinate
64
their processing. For example, when delivering an inbound message through SMTP,
Drviis.dll uses the Exchange installable file system to create a message item in the
Exchange store, and then communicates with ExSMTP.dll through EPOXY to instruct the
Exchange store to further process the message (that is, to place the message into the
recipient's mailbox). For more information about the interaction between Drviis.dll,
Epoxy.dll, store extensions, Store.exe and ExIFS, see Exchange Information Store
Service Architecture.
Information Store service depends on ExIFS. The registry key for ExIFS is
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EXIFS. For more information
about ExIFS and the architecture of the Exchange store, see Exchange Information Store
Service Architecture.
Note:
ExIFS is the only kernel-mode component in Exchange Server 2003.
• Connector for Lotus Notes The Connector for Lotus Notes service enables
the transfer of messages and directory synchronization between Exchange
Server 2003 and Lotus Notes. This service depends on Event Log, Connectivity
Controller, and the Exchange Information Store service. For more information about
the architecture of Connector for Lotus Notes, see Gateway Messaging Connectors
Architecture.
• Exchange Event service The Exchange Event service monitors folders and
triggers events for server scripts that are compatible with Exchange Server 5.5. This
service is required only when you are running Exchange Server 5.5 compatible
applications on a server running Exchange Server 2003. It is disabled by default. This
service depends on the Exchange Information Store service. The executable file is
Events.exe, which resides in the \Program Files\Exchsrvr\Bin directory. The registry
key is HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeES.
The Exchange Management service depends on the Remote Procedure Call (RPC)
service and the Windows Management Instrumentation (WMI) service. The executable
file is Exmgmt.exe, which resides in the \Program Files\Exchsrvr\Bin directory. The
registry key is HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeMGMT.
The executable file of the Microsoft Exchange MTA Stacks service is EMSMTA.exe,
which is located in the \Program Files\Exchsrvr\bin directory. This service depends on
System Attendant and maintains its own specific message queues outside the Exchange
store in the \Program Files\Exchsrvr\Mtadata directory. The registry key is
HKEY_Local_Machine\System\CurrentControlSet\Services\MSExchangeMTA.
Note:
You should leave the Microsoft Exchange MTA Stacks service running, so that
server monitors in their default configuration do not report a server running
Exchange Server as unavailable. For more information about server status
tracking, see Exchange System Manager Architecture.
• Router for Novell GroupWise The Router for Novell GroupWise service works
in conjunction with Connector for Novell GroupWise to transfer messages and
perform directory synchronization between Exchange Server 2003 and Novell
GroupWise. The Router for Novell GroupWise service interfaces with the Novell
GroupWise API gateway, while Connector for Novell GroupWise interfaces with
Exchange Server 2003. For more information about the architecture of Connector for
Novell GroupWise, see Gateway Messaging Connectors Architecture.
The Router for Novell GroupWise service depends on System Attendant. The executable
file is GWRouter.exe, which resides in the \Program Files\Exchsrvr\Bin directory. The
registry key is HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeGWRtr.
• Routing Engine The Routing Engine service provides topology and routing
information to servers running Exchange Server 2003. The advanced queuing engine
within the SMTP transport subsystem uses this service to provide next-hop
information when routing messages within the Exchange organization. If this service
is stopped, optimal routing of messages is not available. For additional information on
the Routing Engine service and its role in message delivery, see SMTP Transport
Architecture.
The Routing Engine service depends on IIS Admin and runs within the Inetinfo.exe
process. This service is implemented in a file called RESvc.dll, which resides in the
\Program Files\Exchsrvr\Bin directory. The registry key is
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RESvc.
The following figure illustrates how the additional services integrate with the core services of
Exchange, IIS, and the operating system.
Tip To stop all Exchange Server 2003 services on a server, you must stop System
Attendant, IIS Admin service, ExIFS, and SRS (if this service is running), and all dependent
services. For detailed instructions about how to stop all Exchange Server 2003 services on a
server, see How to Stop All Exchange Server 2003 Services on a Server.
69
• To stop all Exchange Server 2003 services on a server. you must stop System
Attendant, IIS Admin service, ExIFS, and SRS (if this service is running), and all
dependent services. The easiest way to restart all services is to reboot the server.
Procedure
Stop all Exchange Server 2003 services on a server
1. Use the command net stop MSExchangeSA /y to stop System Attendant
and all its dependent services.
2. Use the command net stop IISAdmin /y to stop all IIS engines.
3. Use the command net stop ExIFS to stop the Exchange installable file
system (ExIFS) driver.
This section describes the directory access components of Exchange Server 2003, their
purpose, their architecture, and how the core technology works. This information can help
70
you maintain directory access and troubleshoot directory access issues. This section
discusses the following concepts:
For more information about planning, designing, and deploying Exchange 2003, see the
following guides:
The following three directory partitions in Active Directory contain Exchange-related data:
• Domain directory partition Exchange recipient and system objects are stored
in the domain directory partition in Active Directory. The domain directory partition is
replicated to every domain controller in a particular domain.
Note:
Not all configuration information is stored in Active Directory. Exchange also uses the
local registry, the IIS metabase, and in special situations, configuration files.
The Exchange Server 2003 Setup program extends the Active Directory schema by importing
a series of .ldf files into Active Directory. Except for Exschema.ldf, all .ldf files are in the
72
The following table lists the various .ldf files that define the objects and attributes for
Exchange Server 2003.
Exchange Server 2003 installation files with Active Directory schema extensions
Note:
Schema1.ldf through Schema8.ldf are
identical for Exchange 2000 Server
and Exchange Server 2003.
Schema9.ldf contains the schema
extensions that are new in Exchange
Server 2003.
Note:
You can use .ldf files in conjunction with low-level Active Directory tools, such as
Ldifde.exe, to repair a damaged Active Directory schema. Troubleshooting the Active
Directory schema, however, is beyond the scope of this book. Note that schema
changes might reset the global catalog, in which case all recipient objects must be
replicated again to the global catalog. This can cause significant increases in data
traffic in large organizations.
DSAccess is a shared API that is used by multiple components in Exchange 2003 to query
Active Directory and obtain both configuration and recipient information. DSAccess is
implemented in DSAccess.dll, which is loaded by both Exchange and non-Exchange
components, including System Attendant, message transfer agent, Microsoft Exchange
Information Store service, Exchange Management Service, Internet Information Services (IIS)
and Windows Management Instrumentation (WMI). DSAccess discovers the Active Directory
topology, detects domain controllers and global catalog servers, and maintains a list of valid
directory servers that are suitable for use by Exchange components. In addition, DSAccess
maintains a cache that is used to minimize the load on Active Directory by reducing the
number of Lightweight Directory Access Protocol (LDAP) requests that individual components
send to Active Directory servers.
Important:
DSAccess.dll is the primary DLL that implements DSAccess. To operate correctly, the
DSAccess.dll version must match the version of its companion DLLs. The companion
DLLs, Dscmgs.dll and Dscperf.dll, store event log message strings and performance
object providers, respectively.
DSAccess partitions the available directory service servers into the following three (possibly
overlapping) categories:
• Global catalog servers Exchange Server 2003 must access global catalog
servers to obtain complete address information for all recipient objects in the forest.
Only global catalog servers contain a complete replica of all objects in the domain
and a partial replica of all objects in the forest. Global catalog servers that an
Exchange server currently uses are called working global catalog servers.
Almost all Exchange Server 2003 user-context directory service transactions target global
catalogs. Regardless how many global catalog servers are located in the local
Active Directory site, a maximum of ten global catalog servers can be added to the
working global catalog list. If there are no global catalog servers in the local site, or if
none of the global catalog servers in the local site pass the suitability tests, DSAccess
uses a maximum of 200 off-site global catalog servers with the lowest costs. Because the
directory service server used for a global catalog is also itself a domain controller, this
server may be used as both types of directories.
Queries to working domain controllers are load-balanced on a round robin basis to avoid
overloading a single domain controller. If the working domain controllers are not hard-
coded in the registry, the list of working domain controllers is re-evaluated and re-
generated every 15 minutes using the topology discovery process and suitability tests.
The core components of Exchange Server 2003 rely on DSAccess to provide a current list of
Active Directory servers. For example, the message transfer agent (MTA) routes LDAP
queries through the DSAccess layer to Active Directory. To connect to databases, the store
process uses DSAccess to obtain configuration information from Active Directory. To route
messages, the transport process uses DSAccess to obtain information about the connector
arrangement.
DSAccess updates the list of available global catalogs and domain controllers as changes in
the state of the directory service are detected. This list can be shared with other directory
consumers that do not use DSAccess as their gateway for accessing the directory service (for
example, DSProxy and other components in System Attendant). The service that is
requesting this list is responsible for the detection of subsequent directory service state
changes.
Note:
Unless domain controllers and global catalog servers are hard-coded in the registry,
the list of global catalog servers and domain controllers is re-evaluated and re-
generated every 15 minutes using a topology discovery process and suitability tests.
process that uses DSAccess. DSAccess updates these LDAP connections with directory
service state information (Up, Slow, or Down) that it detects. DSAccess uses this state
information to decide which LDAP connection to use to forward requests to Active Directory.
The set of LDAP connections to available domain controllers and global catalog servers and
their associated states forms the DSAccess profile.
Note:
Because all Exchange Server 2003 and IIS services use the same security context
(the LocalSystem account), it is possible for DSAccess to reuse the LDAP
connections from one request to another. At startup or a topology change, DSAccess
opens LDAP connections to all suitable domain controllers and global catalog servers
in the topology.
To verify the suitability of a domain controller or global catalog server, DSAccess determines
that the server is reachable over port 389 (domain controller) and port 3268 (global catalog
server) and that it resides in a domain that was prepared with DomainPrep. DomainPrep
ensures that the group policy system access control list (ACL) is configured correctly to grant
Exchange Server 2003 services access to Active Directory. Server suitability checks are
covered later in this section.
Note:
To obtain suitability reports in the application event log, you can enable diagnostics
logging for the topology category of the DSAccess service in Exchange System
Manager.
The DSAccess topology always contains two lists, the in-site list and the out-of-site list. One
list (in-site) contains servers from the local Active Directory site of the Exchange server and
the other list (out-of-site) contains servers from other Active Directory sites. Initially,
DSAccess uses only servers from the local site, but when all local servers from a certain
category (for example, global catalog servers) are not suitable, DSAccess immediately starts
using the out-of-site list. DSAccess then keeps checking the local site every five minutes and
77
fails back as soon as it is possible. User requests are retried on the out-of-site servers
immediately and seamlessly for users.
Some Exchange Server 2003 components, such as the Exchange Routing Engine service,
also register with Active Directory to be automatically informed by Active Directory of any
changes to configuration information. This notification mechanism eliminates polling, but the
event registration is per target server. If DSAccess marks the target server as down, it
reissues the event registration and informs the client process, such as the Routing Engine
service, of a change, because the monitored values could have changed during the process
of selecting a new domain controller or global catalog server.
Note:
If you hard-code the directory servers that are used by DSAccess (as described
below), DSAccess bypasses the discovery process and checks for server suitability
only.
The following sequential list outlines the discovery process and indicates differences between
initial discovery and rediscovery:
4. DSAccess queries the bootstrap server to identify local domain controllers and
global catalog servers. DSAccess then determines server suitability and assigns
server roles.
6. DSAccess queries the bootstrap server to identify the domain controllers and
global catalog servers that are located in the secondary topology sites.
78
7. DSAccess identifies the full topology and compiles a list of working domain
controllers, and a list of working global catalog servers.
By default, DSAccess initialization during startup must finish within one minute; otherwise,
DSAccess stops. One minute is usually long enough for DSAccess to initialize. If initialization
takes longer than one minute, this might indicate a problem with the network or topology
configuration. Although you can extend the time-out parameter by setting a registry key, you
should first determine why initialization takes longer than expected. To configure the time-out,
use the following registry setting.
Location HKEY_LOCAL_MACHINE\SYSTEM
\CurrentControlSet\Services\MSExchangeDSAc
cess
Value TopoCreateTimeoutSecs
Type REG_DWORD
Note:
If you set the diagnostics logging level for all categories of the
MSExchangeDSAccess service to Maximum, Exchange System Manager
automatically obtains detailed information about the initialization of DSAccess and
places that information in the application event log.
If you use ICMP to determine if a server is available, you might create a problem if all
connections in your network do not support ICMP. For example, an Exchange server
might reside in a perimeter network, which has no ICMP connectivity between the
Exchange server and the domain controllers. In this situation, you should disable the
ICMP check and set the following registry parameter to zero.
Location HKEY_LOCAL_MACHINE\SYSTEM
\CurrentControlSet\Services\MSExchangeDSAc
cess
Value LdapKeepAliveSecs
Type REG_DWORD
For more information about the LdapKeepAliveSecs registry key, see Microsoft Knowledge
Base article 320529, "XADM: Using DSAccess in a Perimeter Network Firewall Scenario
Requires a Registry Key Setting."
Caution:
Incorrectly editing the registry can cause serious problems that may require you
to reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up
any valuable data.
• Group policy SACL permission Together with the regular access control list
(ACL) permissions, Setup grants all servers running Exchange 2003 Server security
access control list (SACL) permission to view ntSecurityDescriptor attributes.
Permission is granted through the SeSecurityPrivilege privilege. DSAccess reads the
security descriptor of the configuration directory partition object, on the server, to
verify that the SACL is readable. If the SACL cannot be read, DSAccess considers
the server not suitable.
In a perimeter network, in which RPC traffic is not allowed, the NetLogon check cannot
occur. However, the NetLogon check continues to issue RPCs until it fails, which can take
a long time. Because repeated NetLogon checks decrease performance, you should stop
DSAccess from issuing NetLogon checks by creating the following registry key.
Location HKEY_LOCAL_MACHINE\SYSTEM
\CurrentControlSet\Services\MSExchangeDSAc
cess
Value DisableNetLogonCheck
Type REG_DWORD
For more information, see Microsoft Knowledge Base article 320228, "XGEN: The
"DisableNetLogonCheck" Registry Value and How to Use It."
• Version of the operating system Exchange Server 2003 can use only domain
controllers and global catalog servers running Microsoft Windows Server 2003 or
Windows 2000 Server Service Pack 3 or later. DSAccess determines whether the
directory server meets these requirements.
After hard tests are complete, DSAccess runs a series of soft tests to determine which
directory servers can accommodate the additional load placed on them by Exchange
Server 2003. To make this determination, DSAccess runs the following soft suitability tests:
• DNS weight DSAccess uses the weight value of the domain controllers and
global catalog servers, as specified in each server's (SRV) resource records in DNS
to determine which server the client should prefer. A higher weight results in a higher
probability that DSAccess will choose a server. If DSAccess cannot read the weight,
it uses a default weight of 100.
loads, making it a less than ideal candidate for use by Exchange Server 2003. For
this reason, DSAccess performs a soft suitability test to locate the PDC FSMO role
owner, so that it can remove it from the list of suitable directory servers.
Note:
DSAccess includes support for full round robin load balancing and failover to
another directory server, if a currently used server becomes unavailable. These
features are disabled when Exchange Server 2003 is running on a domain
controller or global catalog server.
On initialization, DSAccess reads the registry to determine if any domain controllers or global
catalog servers are statically configured. If any domain controllers or global catalog servers
are statically configured, the dynamic topology detection is not performed. If no static
directory servers are identified, DSAccess dynamically detects the directory service servers in
the topology.
from the list of available domain controllers (whether this list is dynamically or statically
configured).
DSAccess Profiles
Domain controllers and global catalogs used for user-context requests are profile-dependent.
Therefore, the values in the registry for these settings are located under a
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeDSAccess\Profiles\Defau
ltsubkey. The following registry keys are required to statically configure domain controllers
and global catalog servers for use by DSAccess.
Location MSExchangeDSAccess\Profiles\Default\<Name
of DC>
Value IsGC
Type REG_DWORD
Location MSExchangeDSAccess\Profiles\Default\<Name
of DC>
Value HostName
Type REG_SZ
Location MSExchangeDSAccess\Profiles\Default\<Name
of DC>
Value DSType
Type REG_SZ
Value Data 0
Location MSExchangeDSAccess\Profiles\Default\<Name
of DC>
Value PortNumber
Type REG_DWORD
84
Location MSExchangeDSAccess\Profiles\Default\<Name
of GC>
Value IsGC
Type REG_DWORD
Location MSExchangeDSAccess\Profiles\Default\<Name
of GC>
Value HostName
Type REG_SZ
Location MSExchangeDSAccess\Profiles\Default\<Name
of GC>
Value DSType
Type REG_SZ
Value Data 0
Location MSExchangeDSAccess\Profiles\Default\<Name
of GC>
Value PortNumber
Type REG_DWORD
Location MSExchangeDSAccess\Instance0
Value ConfigDCHostName
Type REG_SZ
Location MSExchangeDSAccess\Instance0
Value ConfigDCPortNumber
Type REG_DWORD
Pack 3 or later, that all suitability tests are passed equally, and that no static domain
controllers are hard-coded (that is, DSAccess performs dynamic topology discovery).
DSAccess running on Exchange Server 2003 servers in Site A will detect the topology shown
in the following table.
DSAccess running on Exchange Server 2003 servers in Site B will detect the topology shown
in the following table.
87
Global catalog 2 or 3
In each case, the order of the listed servers is important. The servers are listed and used in
the order in which they are discovered by DSAccess and determined to be suitable.
DSAccess running on Exchange Server 2003 servers in Domain 1 and Site A will detect the
topology shown in the following table.
88
Global catalogs 1, 2, or 3
DSAccess running on Exchange Server 2003 servers in Domain 2 and Site A will detect the
topology shown in the following table
Global catalogs 1, 2, or 3
DSAccess running on Exchange Server 2003 servers in Domain 2 and Site B will detect the
topology as shown in the following table.
Global catalog 4
Global catalog 4
Once again the servers are listed and used in the order in which they are discovered and
determined to be suitable.
89
Process Description
The following table lists the various Exchange components that use DSAccess to acquire
user and configuration information.
SMTP categorizer (SMTP CAT) List of global catalog servers in the topology
Directory Service Proxy (DSProxy) List of global catalog servers in the topology
The DSAccess cache enables the directory lookups performed by these components to be
cached for a period of time. During that time, if another process requests the same
information, it can be retrieved from the DSAccess cache, instead of repeating the same
query against a working global catalog. All directory access, except Address Book lookups
from MAPI clients and certain portions of SMTP inbound and outbound routing, goes through
the DSAccess process and is cached.
By default, directory entries are cached for 15 minutes for configuration data and five minutes
for user data. The default size of the user cache is 140 megabytes (MB), and the
configuration cache is 5 MB. The number of users, the maximum number of entries, the
maximum cache size (memory), and the cache expiration time are all parameters that can
affect the optimal size and performance of the DSAccess cache.
The following registry keys (none of which are present by default) provide low-level control of
the DSAccess cache for configuration data.
Caution:
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.
Location MSExchangeDSAccess\Instance0
Value CacheTTLConfig
Type REG_DWORD
Location MSExchangeDSAccess\Instance0
Value MaxEntriesConfig
Type REG_DWORD
The following registry keys (none of which are present by default) provide low-level control of
the DSAccess cache for user data.
91
Location MSExchangeDSAccess\Instance0
Value CacheTTLUser
Type REG_DWORD
Location MSExchangeDSAccess\Instance0
Value MaxEntriesUser
Type REG_DWORD
Preloading DSAccess
You should preload search filters to avoid the problem of running multiple search instances
against Active Directory concurrently, which occurs when various search filters are issued on
the same user object. You can enable preloading through the following registry keys, which
define the scope, the base distinguished name (BaseDN), and the filter of the search.
Caution:
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.
The following registry values can be used to preload the DSAccess cache.
Location MSExchangeDSAccess
Value PreloadBaseDNs
Type REG_MULTI_SZ
Location MSExchangeDSAccess\
Value PreloadFilters
Type REG_MULTI_SZ
A number of Exchange transactions could trigger a preloading event, but specific criteria must
be met. These preloading events occur in the following order:
• At this point, the returned record is parsed, and the attributes specified in
the preloaded search string are extracted. The attributes required for
constructing the search filter must exist. In the following example of a
multiplexed search, at least one of the attributes must exist:
(|(objectGuid=%) (msExchMailboxGuid=%))
Because of the ambiguity in the returned result, the attribute in the preloaded filter
string must not be multivalued. For example, proxyAddresses = % is not a valid
preloaded search filter, because proxyAddresses is a multivalued attribute, and
DSAccess does not know which value to use for the open value.
2. A search entry is constructed from the scope, BaseDN, attributes, and filter string
— and is linked to this distinguished name entry in the cache. For example:
DSAccess processes future Active Directory search requests on the preloaded filters and
BaseDNs using the cache instead of Active Directory.
Although its name implies that it provides proxy services only, DSProxy provides both proxy
and referral services.
MAPI clients that are running versions of Outlook earlier than Outlook 2000 access the
directory through the DSProxy component. These earlier clients were designed with the
assumption that each Exchange server contains a directory service. In Exchange 2000
Server and later versions, this is no longer the case. Therefore, DSProxy emulates a directory
service so that earlier clients can function by having the Exchange 2003 server forward the
requests to Active Directory.
94
Later versions of Outlook, such as Outlook 2000 and Outlook 2002, still use a Name Service
Provider Interface (NSPI) proxy on the initial connection to Exchange Server. However, after
the client contacts the server, the DSProxy service passes a referral back to the client. From
that point on, all future directory requests are sent directly to the referral server. The referral
server in this case is the global catalog server.
Note:
In the original release of Outlook 2000, a referral is refreshed only if the global
catalog server becomes unreachable. In Outlook 2000 Service Release 2 (SR2), the
referral is refreshed every time that Outlook starts. This change prevents
Outlook 2000 from continually binding to an unsuitable global catalog server.
Outlook 2002 and later versions updates its global catalog referral whenever the
client restarts or a failure occurs.
DSProxy obtains its list of working global catalog servers from DSAccess but it does not route
its queries through DSAccess. This is because DSProxy uses the NSPI to submit MAPI
address book lookups. DSAccess handles only LDAP queries. However, DSProxy fully relies
on DSAccess to provide global catalog failover support.
DSProxy Operations
DSProxy performs the following operations.
• It acquires the list of working global catalogs from DSAccess and filters out global
catalogs that are not suitable.
• It proxies MAPI queries from pre-Outlook 2000 clients to the global catalog
servers, based on the number of global catalogs and the client IP.
• It refers Outlook 2000 and later version clients to global catalog servers by using
a round robin mechanism.
DSProxy at first runs as a single thread, which can support as many as 512 client
connections. DSProxy automatically spawns an additional thread for every 512 connections.
Unlike DSAccess, DSProxy has no caching mechanism. This means that every MAPI query
processed through DSProxy is sent to a working global catalog.
Before Exchange Server 2003 SP2, Outlook MAPI clients would receive either a referral to a
global catalog server or they would use the Exchange server to send directory-related
requests. In the scenario where the client is Outlook 2000, after the Outlook client connects to
the Exchange server, the DSProxy service passes a referral back to the client. From that
point on, all future directory requests are sent directly to the referred global catalog server.
• The global catalog is located in the same Active Directory site as the Exchange
server (typical behavior).
• The global catalog is located in an Active Directory site that is directly connected
to the Exchange server’s Active Directory site (when all in-site global catalogs are
unavailable).
In addition to honoring site membership, DSProxy prefers to use global catalog servers that
are members of the same domain as the Exchange server. If there are none available,
DSProxy uses the other global catalog servers in the Active Directory site.
This behavior presents issues in multiple-domain environments where DomainPrep has been
run against the domains. Specifically, if an Outlook client is referred to a global catalog server
that does not reside in the same domain as the mailbox-enabled user, that user will access
data that is in a read-only format. This means that updates to certain objects could fail. The
updates could be updates to the mailbox-enabled user such as delegate access or
distribution group membership.
Pre-SP2 Scenario
The forest contains three domains, each of which has been prepared for Exchange Server. All
users and distribution groups reside in the domain, UserDomain. A global catalog server from
UserDomain and ThirdDomain are members of the Exchange server’s Active Directory site.
The Outlook clients reside in a different Active Directory site. The domain of the Exchange
server is not represented and there are no global catalog servers from that domain in the
Exchange Server Active Directory site.
96
When an Outlook 2003 client connects to the Exchange server, DSProxy could potentially
refer the client to any one of the three global catalog servers in the Exchange server’s Active
Directory site, assuming that one or more of these global catalog servers are online and
reachable. Because there are no global catalog servers that are members of the Exchange
server's domain, the pre-SP2 behavior does not prefer any of the global catalog servers over
any other. DSProxy will load-balance referral requests across the available global catalog
servers to evenly distribute clients.
In considering the above design, there is a 66 percent chance that DSProxy will refer the
Outlook client to a global catalog server not in the client's home domain. For the purposes of
this discussion, assume that DSProxy refers the client to a ThirdDomain global catalog
server. In this scenario, the Outlook clients can use that global catalog server successfully for
all directory requests except the following:
• Publishing certificates to the global address list (GAL) using the Publish to GAL
option in Outlook.
If DSProxy referred the Outlook client to the UserDomain GC1, the Outlook client could
perform the requests listed above.
For more information about pre-SP2 behavior and its potential issues, see the following
Microsoft Knowledge Base articles.
• 872897, "How to control the DSProxy process for RPC over HTTP connections in
Exchange Server 2003 sp1"
97
• 318074, ""Do not have sufficient permissions" error message occurs when you
use Outlook Address Book to manage distribution list membership"
• Constraint 4 A global catalog that is in the same Active Directory site as the
Exchange server – 2 points
• Constraint 5 A global catalog that is one of the global catalogs that the
Exchange server is currently using – 1 point
DSProxy distributes the global catalog servers that have the most points first, and
sequentially allocates resources if there is a tie.
Constraint 1 is computed every five minutes and is configurable through changing the
LdapKeepAliveSecs registry key. Constraints 2 and 3 are "dynamic" because they must be
computed every time that a client demands a referral. Constraints 4 and 5 are "static"
because they are computed one time for each global catalog and then stored.
Constraint 5 is also known as the incarnation list. When DSAccess initializes, it builds an
incarnation list of 10 in-site global catalog servers that it can use. If all in-site global catalog
98
servers are unavailable, DSAccess builds an incarnation list of 10 out-of-site servers from the
directly connected sites, starting with the site that has the lowest site link cost. Because of the
constraint ordering, DSProxy prefers servers in the incarnation list of DSAccess so that by
default, it will prefer the 10 servers that have the lowest site link cost. However, DSProxy has
a list of all global catalog servers in all directly connected sites and only uses membership in
the incarnation list to assign points to servers.
The following figure shows the scenario where there are two domains, Exchange Domain and
UserDomain.
In this scenario, the global catalog servers will be assigned the points by the DSProxy service
as shown in the following table. Be aware that the assumption is made that all global catalog
servers are up and responsive in the Exchange Active Directory site.
99
Note:
As you can see from the table, Exchange Domain GC7 and UserDomain GC5 are not
included because they are not directly connected to the Exchange server’s Active
Directory site. In other words, the Exchange server never uses those global catalog
servers for DSAccess or DSProxy functions.
From this example, you can see that this algorithm may prioritize an out-of-site global catalog
server over an in-site global catalog server, which differs from typical pre-SP2 DSProxy
behavior.
100
In this example, Exchange Server provides the UserDomain global catalog servers to the
Outlook clients (in a sequential manner to load-balance requests) because those global
catalog servers have a greater point calculation than the Exchange Domain global catalog
servers. This means that Exchange can now refer clients to out-of-site global catalog servers
(but only those that are directly connected to the Exchange Active Directory site) if there are
no mailbox home-domain global catalog servers available in the Exchange server’s Active
Directory site. In this particular example, the Outlook client could receive a referral to a
UserDomain global catalog server that is located in Active Directory site B or the Client Active
Directory site.
Additionally, if all the UserDomain global catalog servers were unreachable (that is, those
servers failed Constraint 1), DSProxy would refer the Outlook clients to the global catalog
servers that reside in the Exchange Active Directory site, because they have the next highest
point cost.
For more information about post-SP2 DSProxy referral, see the Exchange Server Team blog
article Exchange 2003 post-SP2 DSProxy Referral Update.
Note:
The content of each blog and its URL are subject to change without notice.
Additionally, although the new behavior could solve the delegate permission and certificate
publishing issues, it might not address the mail recipient’s ability to update distribution group
membership. The distribution group must belong to the same domain as the mail recipient for
the mail recipient to update the membership. If the distribution group does not belong to the
same domain as the mail recipient, updating the membership will fail. Therefore, you may still
have to examine another solution to provide all users with the capability to update group
membership.
• Unless there is prior consideration with regard to network design, this change
may cause clients to be referred to incorrect global catalog servers from a network
101
SMTP Categorizer
The SMTP categorizer (also referred to as the categorizer) is a component of the Exchange
Server 2003 transport engine. When a message is submitted to the transport process, the
categorizer uses the header information on the message to query Active Directory for
information about how and where the message must be delivered. For example, from an
SMTP address such as Ted@contoso.com, the categorizer identifies the
Exchange Server 2003 server that contains the user's mailbox and determines how to route
the message to that server. The categorizer also expands distribution lists and applies per-
user limits to messages. For more information about the architecture of the SMTP transport
engine, see SMTP Transport Architecture.
The categorizer relies on DSAccess for the list of Active Directory servers that it should use
for lookups. However, like DSProxy, the categorizer uses its own mechanism to read
information from Active Directory, only after it has the server list.
There are two types of categorizers. One is the base categorizer, which is installed with the
IIS SMTP transport stack, and the other is the Exchange categorizer, which is installed with
Exchange. The base categorizer is implemented in Aqueue.dll. The base categorizer
performs some basic functions, such as using LDAP queries to resolve recipient information
against Active Directory. It also performs efficient batching, sending a number of queries as
one. The base categorizer can also perform distribution list expansion. It has the SMTP
forwarding features, and it triggers categorizer server events. Exchange Server 2003
enhances the basic categorizer by installing a DLL called PhatCat.dll. The PhatCat.dll adds to
the functionally provided by the base categorizer. It does not replace the base categorizer
default functionality, but it does extend the base categorizer functionality for its own use.
The categorizer also checks to verify that the mail attribute exists in Active Directory, and
stamps the mail attribute as the SMTP address. The categorizer is also responsible for
applying per-sender and per-recipient limits and then marking recipients appropriately. The
categorizer then applies per domain, outbound and inbound Internet message format settings
to sender and recipients, and then sets appropriate flags for the IMAIL conversion properties.
You can configure message format settings in Exchange System Manager when you select
the Global Settings container.
For local delivery, the categorizer marks the recipient as local by setting a per-recipient
property on a message indicating the destination server for each recipient. The usual format
of this property is the fully qualified domain name (FQDN) of the recipient's server. The
homeMDB attribute of the recipient indicates on which server the recipient's mailbox resides.
103
The categorizer operations are run as a series of transport event sinks inside the categorizer
event portion of the advanced queuing engine. The base categorizer includes ten event sinks.
The following seven event sinks are used to query Active Directory:
• Register This event sink is called to initialize itself at the beginning of message
categorization.
• BuildQuery This event sink is called once for each user who must be verified in
the directory.
• BuildQueries This event sink is called once for each batch lookup. In each of
these scenarios, the categorizer builds an LDAP-compliant filter for the user.
• SendQuery This event sink sends the batch lookup. It runs the directory server
work under the Request attributes. It performs an asynchronous LDAP lookup on a
directory server.
The following three event sinks are used on a per-user basis and after post-directory service
lookup events:
• ProcessItem This event sink resolves addresses. For example, if a local MAPI
client submits a message, the MAPI client resolves all other addresses, such as
X.400, X.500 DN, Legacy-Exchange-DN, and SMTP addresses, and returns them on
the mail message.
• ExpandItem This event sink adds more recipients to the message, for example,
in the case of message journaling, distribution group expansion, and content
conversions. This is the server event that adds members, such as the expansion in
SMTP forwarding.
• CompleteItem This event sink performs its processing when all other
categorizer event sinks have completed their work. This event sink takes the status
codes that previous event sinks have returned and maps these codes to the
recipients of the e-mail message. Error codes then cause the advanced queuing
engine to generate non-delivery reports (NDRs) for affected recipients.
The Exchange categorizer components in PhatCat.dll extend the IIS categorizer by adding
the following three event sinks:
• Register Sink This event sink initializes the Exchange categorizer components,
but it also initializes DSAccess, the routing engine, and the store driver code. If any
one of these fail, then PhatCat.dll will fail to initialize itself.
104
• BuildQuery This event sink verifies whether the user resides in the DSAccess
cache. If the verification is affirmative, it returns an ICategorizerItemAttributes object.
This bypasses the directory service lookup code for the IIS categorizer. Processing
continues with the ProcessItem event.
• Domain Recipient Update Service You must have a Recipient Update Service
for each domain that contains mailbox-enabled users.
For each particular domain in a forest, Recipient Update Service associates one Exchange
Server 2003 computer (on which Recipient Update Service runs) with one domain controller
(on which the directory objects are updated). Only one Recipient Update Service can be
associated with any directory server at any given time.
recipient policy settings of all recipients in a domain at the next scheduled interval. You can
also select the Update Now command to perform this processing immediately.
Recipient Update Service searches the directory for objects to update in the following three
ways:
• Update new and modified objects only This is the default behavior that
Recipient Update Service exhibits each time it searches for objects to update. This is
also the default behavior that Recipient Update Service exhibits when you use
Update Now, if you do not select the Rebuild option, and none of the policies were
modified or applied.
Recipient Update Service tracks the last change that occurred on the domain controller,
against which Recipient Update Service is configured to run. Based on the schedule that
is set on the Recipient Update Service object, Recipient Update Service periodically
checks for objects that have been created or updated since it last checked.
The Update Now function in Exchange System Manager sets the msExchReplicateNow
attribute to TRUE, and causes Recipient Update Service to temporarily ignore its
schedule and immediately query for new changes and take appropriate action on those
objects. After the Update Now process is finished, msExchReplicateNow is reset to
FALSE.
• Update all objects When you select the Rebuild option in Exchange System
Manager, you set the msExchDoFullReplication attribute on Recipient Update
Service to TRUE. After msExchDoFullReplication is set to TRUE, the next time that
Recipient Update Service starts, it looks at every object, instead of querying only for
new objects. When the Rebuild process finishes, msExchDoFullReplication is reset to
FALSE.
However, users who are subject to a different policy do not have their e-mail addresses
re-generated automatically. To update the addresses on those users to match the current
policy, you must use the Apply Now command to apply the current policy.
If you change only the e-mail addresses on a policy, the default behavior of Recipient
Update Service does not change. It updates new and modified objects only. You must
change the filter on the policy to cause Recipient Update Service to query automatically
106
for all users who match that policy and to update all of them. However, even if you
change the filter on the policy, and Recipient Update Service queries for all users,
Recipient Update Service does not re-generate the users' existing e-mail addresses to
match the new recipient policy settings. Instead, new e-mail addresses are added.
When you apply a policy, Exchange System Manager populates the gatewayProxy
attribute on the Recipient Update Service objects with each address from the applied
policy. The gatewayProxy attribute acts as an action list. For example, the gatewayProxy
attribute on your Recipient Update Service objects might be populated with a list of
values similar to the following values:
{667A1454-FCD1-434F-B3C6-D9B6D2B4A336}X400:c=us;a= ;p=Organization;o=Exchange;
{667A1454-FCD1-434F-B3C6-D9B6D2B4A336}SMTP:@contoso.com
{667A1454-FCD1-434F-B3C6-D9B6D2B4A336}smtp:@fabrikam.com
These values contain the objectGUID attribute of the policy, followed by the addresses on
the policy. Note that two of the address types are in uppercase text. This indicates that
these are primary proxy addresses. The one SMTP address type that is in lowercase text
is a secondary proxy address.
Based on the action list, Recipient Update Service updates the proxy addresses on all
users that match the corresponding policy filter. To apply the policy to all users, you also
must modify the filter on the policy (the purportedSearch attribute), by either adding or
removing a space. This modification causes Recipient Update Service, the next time it
runs, to query for all objects that match this policy, instead of querying for new changes
only. After Recipient Update Service completes the recipient update, the addresses
corresponding to that particular policy are removed from the gatewayProxy action list.
Note:
Recipient Update Service re-generates or removes existing addresses on a
recipient only when the action list is populated with those address types.
The DS2MB process copies entire subtrees from Active Directory, without changing the
shape of the subtree. This is a one-way write from Active Directory to the metabase; the
metabase never writes to Active Directory. The DS2MB process does not add or compute any
attribute when copying. The paths in the metabase are called keys. Properties can be set at
107
each key, and each property can have attributes that customize that property. All identifiers
that are present in the directory service image of the subtree are required in the metabase,
including identifiers such as KeyType. In addition, the Relative Distinguished Name of the
object in the directory is mapped directly to the key name in the metabase.
DS2MB Operations
The metabase update is a subprocess that is launched when System Attendant is started.
The operation of SMTP, POP3, IMAP4, Outlook Web Access and Outlook Mobile Access are
all dependent on the replication by DS2MB. DS2MB registers with the config domain
controller after startup, enabling the config domain controller to notify DS2MB of any changes
that are made to the Exchange configuration. This notification occurs within 15 seconds of the
change. As soon as the change is replicated to the configuration domain controller, the
change should be replicated to the metabase by DS2MB. DS2MB tracks changes to directory
objects based on update sequence numbers (USNs).
• MMC Integration Because all Exchange System Manager snap-ins are based
on MMC, you must understand how these snap-ins integrate with MMC.
• This section assumes that you are familiar with Active Directory and the basic
concepts of managing an Exchange Server 2003 organization. It also assumes that
you know how to install Exchange System Manager on a dedicated workstation.
For more information about how to install Exchange System Manager and how to manage an
Exchange Server 2003 organization efficiently, see the Exchange Server 2003 Administration
Guide.
registry key define the threading model for the COM classes, the ProgID, the version
number of the COM class, and more.
NameStringIndirect=
@C:\\Program
Files\\Exchsrvr\\bin\\
exadmin.dll,-12577
specifies the name of
the Exchange System
snap-in, as found in
Exadmin.dll. If
NameStringIndirect
does not exist, or if its
value data does not
lead to a successful
string load, MMC then
uses the NameString
value as the name
string.
112
Extension snap-ins do
not have a StandAlone
key. Therefore, the
snap-in cannot be
added to an MMC
console without first
adding a stand-alone
snap-in that provides
the nodes that the
extension snap-in is
designed to extend.
For example, the
Exchange Information
Store extension snap-
in extends the System
Manager snap-in.
Therefore, you can
add only this
extension snap-in
when you add the
System Manager
snap-in to your MMC
console. Extension
snap-ins are listed as
available extensions
113
The following table lists the available Exchange Server 2003 snap-ins and their possible
snap-in extensions.
The Exchange
Servers snap-in is an
extension snap-in of
the Exchange System
stand-alone snap-in.
117
Note:
Configuring
Exchange 20
00 Server
resources
using
Exchange
Server 2003
System
Manager is
not
supported.
Make sure
you use
Exchange 20
00 System
Manager to
configure
directory
synchronizati
on with
Microsoft
Mail.
Note:
Configuring
Exchange 20
00 Server
resources
using
Exchange
Server 2003
System
Manager is
not
supported.
Make sure
you use
Exchange 20
00 System
Manager to
configure
Connector for
Lotus cc:Mail.
121
Note:
Configuring
Exchange 20
00 Server
resources
using
Exchange
Server 2003
System
Manager is
not
supported.
Make sure
you use
Exchange 20
00 System
Manager to
configure
directory
synchronizati
on with
Microsoft
Mail.
Note:
Configuring
Exchange 20
00 Server
resources
using
Exchange
Server 2003
System
Manager is
not
supported.
Make sure
you use
Exchange 20
00 System
Manager to
configure
Connector for
Microsoft
Mail.
Note:
Configuring
Exchange 20
00 Server
resources
using
Exchange
Server 2003
System
Manager is
not
supported.
Make sure
you use
Exchange 20
00 System
Manager to
configure
Schedule+
Free/Busy
Connector.
Instead of adding separate snap-ins to the console, you can add the full Exchange System
snap-in and then locate the object in the MMC namespace that you want to provide, such as
the Public Folders node. When you right-click this node, you can select the New Window
from Here command from the context menu. This will open a subwindow with the selected
node as the root of the hierarchy. You can then close the subwindow that shows all nodes
and save the console in its current state in an .msc file.
MMC consoles can run in one of two modes: author mode or user mode. You can use author
mode to create new consoles or modify existing consoles. You use user mode to work with
existing consoles for system administration. There are three levels of user mode:
• User mode - full access When running a console in this mode, the user can
use all available functionality of the snap-ins, but the user cannot add or remove
snap-ins or save changes to the console.
• User mode - limited access, multiple window When running a console in this
mode, the user cannot add or remove snap-ins or save changes to the console. The
user also cannot close any windows that were open when the console author last
saved the console.
• User mode - limited access, single window Running a console in this mode,
the user cannot add or remove snap-ins or save changes to the console. The user
also cannot open additional subwindows.
The following figure shows a custom console for public folder management.
127
You can use the MMC command line switch /a to open a saved console in author mode and
make changes to saved consoles. When you open saved consoles using the /a switch, they
are opened in author mode, regardless of their default mode. However, this does not
permanently change the default mode setting. When you do not specify the /a switch, MMC
opens console files according to their default mode settings.
Note:
Do not add the StandAlone key to the registry settings of an extension snap-in to
convert the snap-in to a stand-alone snap-in. Extension snap-ins depend on nodes
and features exposed by their parent snap-ins and cannot function correctly as stand-
alone snap-ins.
Note:
You can manage an Exchange Server 2003 organization only from a computer that is
a member of a domain that is trusted by the domain controllers in the forest
containing the servers running Exchange Server 2003.
Serverless binding is the process in which ADSI uses the locator service implemented by the
Netlogon service to find the best domain controller to use. This domain controller is always
located in the domain associated with the current security context of the user who connects to
Active Directory. Each domain controller registers its host name in the Domain Name System
(DNS) and its NetBIOS name using a transport-specific mechanism, for example, Windows
Internet Name Service (WINS). The locator service locates the name, and then sends a
datagram to the domain controller that registered the name. For NetBIOS domain names, the
datagram is a mailslot message. A mailslot is a mechanism provided by the operating system
for one-to-one or one-to-many interprocess communications (IPC). For DNS domain names,
the datagram is an LDAP User Datagram Protocol (UDP) search. Each responding domain
controller indicates that it is currently operational.
Note:
NetBIOS is still required for Exchange Server 2003. Therefore, you must not
decommission installed WINS servers in your network. For example, Exchange
System Manager might select NetBIOS for remote procedure call (RPC)-based
communication with an Exchange server, if defined in the RPC protocol binding order.
The RPC protocol binding order is defined in a REG_STRING registry parameter
named Rpc_Binding_Order, located under:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Exchange Provider. The default
value includes NetBIOS:
ncalrpc,ncacn_ip_tcp,ncacn_spx,ncacn_np,netbios,ncacn_vns_spp. However,
communication with domain controllers is based on LDAP and does not require
NetBIOS or WINS.
129
As indicated in the following figure, the locator service prefers domain controllers in the local
Active Directory site and connects to the first domain controller that responds. When the
locator service sends a datagram to the domain controller, the domain controller looks up the
Internet Protocol (IP) address of the client in the Configuration/Sites/Subnet container in
Active Directory, to find a subnet object that corresponds to the client's IP address region.
The siteObject property of the subnet object reveals the distinguished name of the site that
contains the client, for example: CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=fabrikam,DC=com. The domain controller responds
to the datagram with the distinguished name of the site that contains the client, together with
an indicator of whether this domain controller covers that site. If the domain controller does
not cover that site, and the locator service has not yet tried to find a domain controller in the
client's site, the locator service tries again to find a domain controller in the local site. After a
domain controller has been located, an LDAP connection to Active Directory is established,
and the connection information is cached, so that subsequent connections from the same
application do not require a repeat of the serverless bind algorithm. The bind cache contains
connection handles to the appropriate servers, in addition to connection characteristics, such
as encryption and authentication information.
Note:
A serverless bind is the preferred connection method, because it balances requests
from multiple clients between multiple domain controllers, and it is able to switch to
another domain controller automatically when a domain controller becomes
unavailable.
130
The following figure illustrates the hierarchy of directory objects from the configuration
directory partition (displayed in Active Directory Sites and Services) compared to the
hierarchy of configuration objects in Exchange System Manager (with administrative and
routing groups enabled).
Exchange System Manager arranges the configuration objects from the configuration
directory partition in the console tree, according to the following general categories:
131
• Global Exchange objects Global Exchange objects are objects that define
Internet message formats and other settings that affect the whole Exchange
organization. For example, the Mobile Services object defines settings for Exchange
ActiveSync and Microsoft Office Outlook Mobile Access that apply to all recipients in
the Exchange organization. The directory objects that correspond to these
configuration objects reside in the Global Settings container, under the Exchange
organization container in the configuration directory partition.
• Recipient objects Recipient objects define rules that determine the e-mail
addresses that Recipient Update Service assigns to mailbox-enabled and mail-
enabled recipient objects. Recipient objects also determine how server-based
address lists are generated. Using the configuration objects in the Recipients
container in Exchange System Manager, you can customize details and address
templates to change the address book user interface in Outlook.
• Server objects Server objects contain the settings that apply to individual
Exchange servers in the messaging organization. Server objects also hold additional
configuration objects for storage groups and messaging protocols. When displaying
the properties of a server object, Exchange System Manager consolidates
information from a variety of information sources on the various property tabs. Server
configuration objects correspond to server directory objects in the configuration
directory partition that resides in the Servers container, under an administrative
group.
• System policy objects You can use system policy objects to simplify system
administration by configuring parameters for multiple Exchange servers through a
single configuration object, such as mailbox store, public folder store, or server
settings. However, by default, system policy objects do not exist. To create a system
policy, you first must add a specific System Policies container to your administrative
group. To do this, right-click the administrative group, point to New, and then select
132
System Policies Container. Then, to create either a Mailbox store policy, Public
store policy, or Server policy, right-click the System Policies container and
configure your policy. For more information about configuring the mailbox store,
public folder store, or server properties, see the Exchange Server 2003
Administration Guide.
Note:
The Tools node in Exchange System Manager does not correspond to a directory
object in the configuration directory partition. The Tools node provides access to
extension snap-ins, such as Message Tracking Center, which in turn might access
objects in Active Directory to persist configuration information.
• Exchange Full Administrator This role grants the administrator full control
over the Exchange organization. However, the Receive As and Send As permissions
are specifically denied. Therefore, an Exchange full administrator cannot impersonate
another user in the Exchange organization. For example, an administrator who does
not have Send As permission cannot send e-mail messages on behalf of another
user.
The following table lists the key differences among the various Exchange administrator roles.
Moreover, if you assign a security group the Exchange Full Administrator role at the
organization level, later you cannot use Administration Delegation Wizard to downgrade
members of that group to the Exchange View Only Administrator role for a specific
administrative group. This is because Administration Delegation Wizard does not deny
permissions granted through security settings inherited from parent containers. If you use
Administration Delegation Wizard to assign individual members the Exchange View Only
134
Administrator role for an administrative group, Administration Delegation Wizard lists these
accounts as Exchange View Only Administrator accounts. However, these accounts retain
their Exchange Full Administrator role, which is inherited through their group membership
from the organization level. To examine actual security settings, you must enable the
Security tab for the organization and administrative group objects in Exchange System
Manager. To do this, set the ShowSecurityPage registry parameter, as shown in the following
table.
HKEY_CURRENT_USER\Software\Microsoft
\Exchange\ExAdmin
ShowSecurityPage
Value Name
REG_DWORD
Data Type
1
Value
• Address lists
• Mailbox stores
Caution:
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.
135
• Create Public
Folder
• Execute
• List Contents
• List Object
• Read
• Read
Permissions
• Read Properties
• List Object
136
• Write • Send As
• Execute
• Delete
• Read
Permissions
• Change
Permissions
• Take Ownership
• Create Children
• List Contents
• Add/remove Self
• Read Properties
• Write Properties
• List Objects
• Create Public
Folder
• Modify Public
Folder Admin ACL
• Modify Public
Folder Replica List
• Read Metabase
Properties
• Administer
Information Store
• Create Named
Properties in the
Information Store
• View Information
137
• Send As
• Create Public
Folder
• Execute
• List Contents
• List Objects
• Read
• Read
Permissions
• Read Properties
Most permissions settings are inherited by the Exchange organization object from parent
containers in the hierarchy of the configuration directory partition. For example, Enterprise
administrators are granted the Full Control permissions at the root container of the
configuration directory partition. Because permissions are by default inherited by all child
objects in the configuration directory partition, including the Exchange organization container,
Enterprise Administrators are also Exchange Full Administrators.
You cannot use Exchange System Manager to examine security settings for parent
containers in the configuration directory partition, but you can examine the actual settings
using the ADSI Edit tool. Figure 4.4 shows the security settings for the Enterprise Admins
group, as they are applied to the configuration container. The following figure also illustrates
that these settings are applied to the configuration container and all child objects, including
the Exchange organization.
138
logons. It uses Distributed Authoring and Versioning (DAV) protocol to display and manage
public folder resources.
MAPI-Based Communication
The following figure illustrates the difference between mailbox store and public folder store
objects in Active Directory and Exchange System Manager. In Active Directory Sites and
Services, mailbox store and public folder store objects are represented by leaf nodes that do
not contain child objects. In Exchange System Manager, however, mailbox store and public
folder store objects are represented as nodes in the console tree. They contain several child
containers, such as Logons, Mailboxes or Public Folders, Public Folder Instances,
Replication Status, and Full-Text Indexing.
Mailbox and public folder store objects in Active Directory Sites and Services and
Exchange System Manager
System Manager must communicate with the Exchange store through the
IExchangeManageStore interface, which is an internal MAPI-based interface. This MAPI
communication is dynamic in nature and occurs when you expand a particular mailbox store
or public folder store in Exchange System Manager. You cannot display the child containers
of a mailbox store or public folder store if the mailbox store or public folder is dismounted.
Communication through MAPI also occurs when you add mailbox stores or public folder
stores to an Exchange server, when you display the properties of an individual mailbox store
or public folder store, and when you mount or dismount mailbox stores or public folder stores.
Note:
MAPI-based communication requires you to work with an Exchange System Manager
account that is a member of the local Administrators group. This gives you Write
permissions to the \System32 directory on the local computer. This is required so that
Exchange System Manager can create a dynamic MAPI profile. Communication with
an Exchange server cannot take place through MAPI without a MAPI profile.
Tip:
You can display all information obtained for a mailbox store or public folder store. For
detailed instructions, see How to Display All Information Obtained for a Mailbox Store
or Public Folder Store.
141
Note:
If you must install Outlook and Exchange Server 2003 on the same computer, for
example, because a non-Microsoft solution, such as a MAPI-based backup program,
requires Outlook components, first read Microsoft Knowledge Base article 266418,
"Microsoft does not support installing Exchange Server components and Outlook on
the same computer."
DAV-Based Communication
To create, manage, and delete public folder resources, Exchange System Manager
(specifically the Public Folders snap-in) uses DAV to communicate with the Exchange store.
DAV is an HTTP-based protocol. Therefore, access to the Exchange store is provided
through the World Wide Web Publishing service (w3svc). DAV commands, such as
PROPFIND, SEARCH, DELETE, MOVE, COPY, and OPTIONS, are encoded using XML.
Note:
Exchange System Manager uses DAV for public folder management, because DAV is
the only remotable protocol in Exchange Server 2003 that works with MAPI-based
and general-purpose public folder hierarchies.
• Exchweb Stores graphics and additional files required for Microsoft Office
Outlook Web Access for Exchange Server 2003. This is a standard virtual directory
that points to the \Program Files\Exchsrvr\Exchweb directory on the server's hard
disk.
• Exchange Used by Outlook Web Access for mailbox access. This virtual
directory binds to the URL \\.\BackOfficeStorage\<server's fully qualified domain
name>\mbx.
• Public Used by Outlook Web Access for public folder access. This virtual
directory binds to the URL \\.\BackOfficeStorage\<server's fully qualified domain
name>\public folders.
For Exchange System Manager, the most important HTTP virtual directory is the Exadmin
virtual directory. Exadmin provides access to all public folder hierarchies, also named public
folder trees, on an Exchange server. This access is enabled because Exadmin points directly
to the BackOfficeStorage namespace. To provide access to all mailbox and public folder
stores on an Exchange server, the Exchange OLE DB (ExOLEDB) provider registers the
BackOfficeStorage namespace with the OLE DB RootBinder. When you expand the public
folder hierarchy or create, manage, or delete public folders in Exchange System Manager,
communication occurs through the Exadmin virtual directory.
Exchange System Manager also uses other HTTP virtual directories. For example, Exchange
System Manager uses the Public virtual directory to display the content of MAPI-based public
folders. The Public virtual directory exists on all Exchange servers. However, if you create an
additional general-purpose public folder tree and associate it with an additional public store,
Exchange System Manager cannot display public folder contents until you create a virtual
directory to provide HTTP-based access to this hierarchy. For more information about how to
create and configure public folder hierarchies and stores, see the Exchange Server 2003
Administration Guide.
The following figure shows the content of a public folder, as it appears in Exchange System
Manager.
143
Exchange System Manager performs the following steps when it connects to the Exadmin
virtual directory:
Tip:
You can see the Exchange stores as listed in the msExchOwningPFTreeBL
attribute when you display the properties of the public folder hierarchy in
Exchange System Manager. The stores are listed on the General tab, under
Public stores associated to the folder tree.
Note:
If you are running Exchange System Manager locally on an Exchange server that
hosts a public store associated with the public folder hierarchy, Exchange System
Manager tries to connect to the local server first.
4. Displays the top level public folders Exchange System Manager displays the
top level public folders as container objects in the console tree, under the public
folder hierarchy. This step is not illustrated in the figure above.
Note:
By default, only the top level folders in the interpersonal message (IPM) subtree
are displayed, but you can also display the folders in the non-IPM subtree, if you
right-click the hierarchy object and then select View System Folders.
Note:
Exchange System Manager always connects directly to the Exchange server that
hosts the public store associated with the selected public folder hierarchy. You cannot
connect to a public store through a front-end server.
146
Note:
You cannot change the Host header value that Exchange System Manager uses
when it connects to the Exadmin virtual directory. Exchange System Manager always
uses the NetBIOS name of the target Exchange server. Therefore, the Web site must
define the server's NetBIOS name in the Host header value parameter or define no
value.
However, you can assign the default Web site that hosts the Exadmin virtual directory a
dedicated IP address and a custom TCP port using IIS Manager. When you display the
properties of the Web site, specify an IP address or custom TCP port on the Web Site tab.
Exchange System Manager tries to connect to TCP port 80 first. If this connection attempt
fails, Exchange System Manager communicates with the IIS Admin service on the Exchange
server through remote procedure calls (RPCs), to determine the required port number. The
IIS Admin service returns the custom port number to Exchange System Manager, because it
is registered in the IIS metabase. Exchange System Manager then registers the custom port
in the msExchServerBindings attribute of the Exadmin directory object. After this, Exchange
System Manager connects to the Exadmin virtual directory, as discussed earlier in this
section.
Communication with the IIS Admin service fails if RPCs are not supported between the
Exchange server and the computer that is running Exchange System Manager. For example,
a firewall blocking access to the RPC Endpoint Mapper through TCP port 135 might prevent
this communication. In this case, Exchange System Manager cannot determine the custom
port dynamically. It is best to use the default port number 80 for the Exadmin virtual directory.
147
Note:
Using Exchange System Manager over network connections that do not support
RPCs is not supported.
The following figure illustrates how the process of connecting to an Exadmin virtual directory
through HTTP over SSL (HTTPS) works.
When connecting to the Exadmin virtual directory over HTTPS for the first time, Exchange
System Manager performs the following steps:
2. Because HTTPS is required for the Exadmin directory, the Web server responds
to the HTTP request with an HTTP status code of 403 – Forbidden.
3. Exchange System Manager queries the IIS Admin service through RPCs for
SSL-specific information, such as the SSL port that must be used to connect to the
Web site that hosts the Exadmin virtual directory. The IIS Admin service returns this
information to Exchange System Manager.
4. Exchange System Manager connects to the Exadmin virtual directory through
HTTPS and displays the list of public folders in the hierarchy.
Note:
The security certificate that you register for the Web site that hosts the Exadmin
virtual directory must list the local Exchange server's fully qualified domain name
(FQDN) as the Web site's common name. Also, the computer that is running
Exchange System Manager must trust the certificate authority that issued the
SSL certificate. Otherwise, Exchange System Manager displays an error
message that states that the SSL certificate is incorrect, and does not display the
public folder hierarchy.
Procedure
Display all information obtained for a mailbox store or public folder store
1. Right-click the child container of interest (for example, Mailboxes or
Logons).
149
2. Point to View.
4. In the Add/Remove Columns dialog box, add all entries from the Available
columns list to the list of Displayed columns.
5. Click OK.
Procedure
Connect to a specific Exchange server in Exchange System Manager
1. Right-click the public folder hierarchy object (for example, Public Folders) in
Exchange System Manager.
3. Select the target public folder store that you want from the Select a Public
Store dialog box.
environment. All WMI interfaces are based on Component Object Model (COM). Therefore,
the communication between Exchange System Manager and Winmgmt is based on RPCs.
WMI is based on a three-tier model that includes management applications, the Common
Information Model (CIM) object manager, and WMI providers.
Management applications, which consume WMI data, are at the top of the WMI architecture.
Exchange System Manager is an example of a WMI management application. You can also
create custom applications and scripts to process WMI data. The management applications
use one common API, WMI, to communicate with the CIM object manager in the middle tier.
The CIM object manager provides the programmable object classes that represent the
underlying information sources.
The CIM object manager is implemented in the WMI service in Windows Server 2003. The
WMI service maintains its own database, named the CIM database, to track which WMI
classes are available and which provider is responsible for supplying instances of those
classes. The class definitions are stored in the CIM database. Static data can also be stored
in the CIM database and retrieved without a provider. However, the WMI subsystem is
designed to obtain dynamic information about a managed system, such as Exchange
Server 2003. This is accomplished completely through WMI providers.
151
WMI providers are at the bottom of the WMI architecture. WMI providers access the CIM
object manager through a set of standardized COM interfaces and act as intermediate agents
between the managed system and the CIM object manager. WMI providers extract
management information from the underlying managed system. They then map this
information to object classes that the CIM object manager presents to the WMI management
applications. Exchange Server 2003 includes many WMI providers and classes. For more
information about these classes, see the WMI documentation in the Exchange SDK.
You can analyze message-tracking information in a text editor when you open message
tracking log files directly, or in the Exchange Message Tracking Center snap-in.
Exchange Message Tracking Center is available as a stand-alone snap-in. It is available
in Exchange System Manager, under the Tools node, and can also be used separately in
custom MMC tools. In Exchange Server 2003, Message Tracking Center reads tracking
information from the ExchangeMessageTrackingProvider on the local computer. If remote
servers are used for the message transfer, the ExchangeMessageTrackingProvider on
152
Diagnostics logging settings in Registry Editor and in the Properties dialog box for a
server object in Exchange System Manager
The Remote Registry service is bypassed when you work with registry settings on the local
computer. However, if you want to set the diagnostics logging level for an Exchange server
remotely, Exchange System Manager must first use the RegConnectRegistry function of the
registry API to establish a connection to the registry key that you want on the remote
computer. For this function call, the Exchange administrator must have access permissions to
the Remote Registry service. Otherwise, the Remote Registry connection cannot be
established.
Caution:
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
155
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.
The default configuration for Windows permits only local Administrators remote access to the
registry. To make sure that Exchange administrators can remotely administer an Exchange
server, System Attendant automatically adds those accounts that have an Exchange
administrator role to the access control list (ACL) of the WinReg registry key and grants them
Full Control permissions. This key can be found under the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers.
With the required permissions for the Remote Registry service, the Exchange administrator
can establish a remote connection to the target registry. However, this does not mean that the
Exchange administrator is also permitted to read or write settings of other registry keys. For
example, an administrator might have Full Control permissions for the WinReg key, but no
permissions for the MSExchangeMTA key in the services control database. In this case,
Exchange System Manager could connect to the remote server's registry but might not be
able to list the services or diagnostics categories on the Diagnostics Logging tab. To make
sure that an Exchange administrator can read and write settings for Exchange services,
System Attendant grants Exchange administrators Full Control permissions for the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Services key. All subkeys under this
registry key inherit the permissions settings. For more information about the registry settings
for Exchange services, see Exchange Server 2003 Services Dependencies.
• Key elements of the Exchange Server 2003 routing topology You must be
able to identify the components that comprise the message routing topology of an
156
• Exchange Server 2003 message routing Exchange Server 2003 uses link
state information to make dynamic routing decisions, rather than routing decisions
based on a static routing table. To understand dynamic message routing in
Exchange Server 2003, you must understand how Exchange Server 2003 selects
message routes and how changes to the routing topology influence the message
routing process.
This section assumes that you are familiar with routing group topology design and the
configuration of messaging connectors. For more information on transport and routing, see
the Exchange Server 2003 Transport and Routing Guide.
routing group A. Multiple bridgehead servers are deployed in routing group A to provide
redundant message transfer paths.
The message routing topology shown in the figure above includes the following key
components:
• Routing groups These are logical collections of servers, used to control mail
flow and public folder referrals. Routing groups share one or more physical
connections. In a routing group, all Exchange servers communicate and transfer
messages directly to one another, using Simple Mail Transfer Protocol (SMTP) virtual
servers. In a native mode organization, routing groups can include servers from
different administrative groups. However, in a mixed mode organization, routing
groups cannot span multiple administrative groups, due to backward compatibility
with Exchange Server 5.5. This is because the routing topology in Exchange 5.5 is
defined by sites, and sites provide the functionality of both the administrative group
and the routing group.
Tip:
SMTP works well over any type of TCP/IP connection. Therefore, a routing group
does not necessarily define regions on a computer network with high network
bandwidth. Routing groups can span slow network connections, if the connection
158
is permanent and reliable. For example, if all servers in Figure 5.1 can
communicate directly through TCP/IP, you might consolidate all Exchange
servers into one routing group, thus eliminating four of the five bridgehead
servers and all routing group connectors. This significantly streamlines the
routing group topology. In Figure 5.1, the bridgehead server running a connector
to the non-Exchange messaging system must remain connected to the external
messaging system. Note, however, that all servers in a routing group periodically
poll the routing group master. Gaining control over server-to-server
communication might require you to implement multiple routing groups, which
might be especially important if communication over wide area network (WAN)
connections generates costs. For more information about the design and
configuration of routing group topologies, see Exchange Server 2003 Transport
and Routing Guide (http://go.microsoft.com/fwlink/?LinkId=26041).
Note:
The Routing Group Connector (note the capitalization) is a specific type of
connector that can only be used to connect routing groups with each other.
Other connectors that can connect routing groups are the SMTP connector
and X.400 connector. However, these connectors can also be used to
connect an Exchange organization to an external messaging system through
SMTP or X.400. To avoid confusion, this guide uses "Routing Group
Connector" to refer to the specific connector that can only be used between
routing groups and "routing group connector" to refer to all types of
connectors that can be used to connect routing groups.
Exchange Server 2003 can then send messages over this connector using
the X.400 protocol.
Note:
X.400 connectors are available only in Exchange Server 2003 Enterprise
Edition.
In Exchange Server 2003, the SMTP transport engine handles messages as follows:
2. The pre-submission queue is the entry point in the advanced queuing engine.
When a message is put into the pre-submission queue, custom SMTP processing
code, such as event sinks for antivirus screening, processes the message. The
advanced queuing engine then moves the message to the pre-categorization queue,
so that the categorizer, an internal component of the SMTP transport engine, can
process it further.
3. The categorizer resolves both recipient and sender addresses, expands any
mail-enabled groups, checks restrictions, applies per-sender and per-recipient limits,
and more. If the recipient's mailbox resides in the local Exchange Server 2003
organization, the categorizer marks the recipient as local by setting a per-recipient
property indicating the fully qualified domain name (FQDN) of the recipient's home
server. This is an important routing step. Later, the advanced queuing engine uses
the recipient's home server FQDN to determine the message transfer path.
4. After categorization, the advanced queuing engine puts the message in the post-
categorization queue. Now, a distinction must be made between messages for local
recipients and messages for recipients on remote systems, as follows:
• Local delivery For local recipients, routing is skipped. The mailbox store
that holds the target mailbox is stamped on the message and the advanced
165
queuing engine transfers the message to the Local Delivery queue. From the
Local Delivery queue, the Exchange store driver obtains the message and
puts it in the mailbox of the recipient.
• Remote delivery The routing engine must process all messages to non-
local recipients, because the SMTP transport engine must find an available
transfer path for the destination. Correspondingly, the advanced queuing
engine transfers the message to the pre-routing queue, calls the routing
engine, and then passes the destination address (that is, the FQDN of the
recipient's home server for internal recipients or the SMTP domain name for
external recipients) to the routing engine. The routing engine returns the next
hop that the message will use to the caller and classifies the next hop, as
listed in the following table.
The next hop is to the local server This indicates that the transport engine must
pass the message to the Exchange MTA for
transfer, either through RPCs to an
Exchange 5.5 server in the local routing
group, through an X.400 connector to a
remote X.400 MTA, or through a MAPI-based
messaging connector, such as Connector for
Lotus Notes or Connector for Novell
GroupWise, to a non-Exchange messaging
system.
The next hop is to a server in the local routing This indicates that the transport engine must
group pass the message to the default virtual SMTP
server for transfer to the destination over
SMTP.
The next hop is to a server in a remote This indicates that the transport engine must
routing group pass the message to a routing group
connector on the local Exchange server. It
must be noted, however, that this type applies
only to messages transferred over SMTP. If
you use X.400 connectors to connect routing
groups, the transport engine passes the
messages to the Exchange MTA (that is, the
next hop is to the local server).
166
The next hop is to a server outside the This indicates that the transport engine must
Exchange organization pass the message to an SMTP connector or
virtual SMTP server that can transfer the
message to the external messaging system.
Again, this hop type only refers to
destinations reachable through SMTP. If the
message is destined to a non-Exchange
messaging system connected through a
MAPI-based connector that is controlled by
the Exchange MTA, the transport engine
passes the messages to the Exchange MTA
(that is, the next hop is to the local server).
The next hop is to a server that is currently This indicates that a destination path exists,
unreachable but that this path is currently unavailable. The
transport engine retains the message until the
transfer path is available again or until the
message expires and must be returned to the
sender with an NDR.
The next hop is to a server that is This indicates that no final destination path
unreachable exists, and the transport engine returns the
message to the sender with an NDR.
5. The advanced queuing engine caches the next hop type information and
destination, and moves the message to a corresponding link queue. Link queues are
dynamic and are managed by Queue Manager. The name of each link queue
matches its remote delivery destination.
Note:
Link queues exist and are available in the Queue viewer of Exchange System
Manager only when messages are waiting for transfer to the corresponding
destination. Queue Manager expires a link queue about a minute after the last
message in the link queue is transmitted.
6. Messages in link queues other than the Exchange MTA queue are transferred
using the SMTP protocol engine. However, messages in the Exchange MTA queue
are transferred to the Exchange MTA outbound message queue in the Exchange
store, which is a system folder named MTS-OUT. The Exchange store driver
performs this task. The Exchange MTA obtains the message and then communicates
with the routing engine through MTARoute.dll to determine the appropriate and
available connector. If the message is for a connector to a non-Exchange messaging
system, the Exchange MTA places the message in that connector's outbound
167
message queue in the Exchange store (the connector's MTS-OUT folder). Otherwise,
the MTA transfers the message directly using RPCs or an X.400 connector. For more
information about the Exchange MTA, see X.400 Transport Architecture.
Note:
Administrative groups are not part of the routing topology in an Exchange
organization.
• Routing group objects The routing engine enumerates all routing groups that
exist in any administrative groups and queries each routing group for all object
attributes, including the msExchRoutingGroupMembersBL attribute that contains a
list of all routing group member servers. The routing engine places this information in
the link state table. The routing engine also places the servers together with the
GUID of the server's routing group in a server cache in memory. Each entry in the
server cache is a server FQDN appended by the server's routing group GUID.
• Messaging connector objects The routing engine enumerates all child objects
with an object type of msExchconnector that exist in the Connections container of
each routing group. The msExchconnector objects in the Connections container are
the routing group connectors and connectors to external messaging systems
configured in the routing group. The routing engine reads all attributes from these
connector objects to determine address spaces, cost values, restrictions, and more.
The routing engine places the information for each connector in the link state table.
This enables messages to destinations outside the local routing group to be routed.
The process continues until the routing engine identifies all directly and indirectly connected
routing groups and queries for the configuration details of their messaging connectors. When
this process ends, the routing engine has a complete view of all available transfer paths
across the Exchange organization. All links are assumed to be up and available for message
transfer. Following the initialization of the link state table, the routing engine communicates
with the Microsoft Exchange Routing Engine service on the local server to obtain dynamic link
state information that reflects the current state of each connector. The Exchange Routing
Engine service connects to the routing group master in the local routing group through TCP
port 691 to retrieve this information. For more information about link state information, see the
section, "Examining the Link State Table," later in this topic.
routing. The Exchange Routing Engine service communicates link state information between
servers that are running Exchange 2000 Server and Exchange Server 2003 in the local
routing group. The Exchange Routing Engine service is implemented in resvc.dll, which
resides in the \Program Files\Exchsrvr\bin\ directory. The service name is RESvc. For more
information about the Microsoft Windows services of Exchange Server 2003, see Exchange
Server 2003 Services Dependencies.
The Exchange Routing Engine service is an intra-routing group link state communication
service, instead of a routing engine. The actual routing engine that the SMTP advanced
queuing engine and Exchange MTA use to route messages is implemented in a file that is
named reapi.dll. For the Exchange MTA, some additional code is in mtaroute.dll. Therefore,
when the Exchange Routing Engine service is stopped, both the advanced queuing engine
and Exchange MTA still use the code in reapi.dll to route messages. Only dynamic updates to
the link state table are not received any longer.
Note:
Although not generally recommended, you can disable the Exchange Routing Engine
service on all servers that are running Exchange Server 2003 in an organization. The
code in reapi.dll can still initialize the link state table on each server with information
from Active Directory, but there are no dynamic updates to the link state table. In this
case, Exchange Server 2003 performs static message routing.
Note:
The WinRoute tool also shipped with Exchange 2000 Server, but it is best to
download and use the Exchange Server 2003 version of this tool on all
Exchange 2000 and Exchange Server 2003 servers in your organization.
The WinRoute tool connects to the link state port, TCP port 691, on the selected Exchange
server and extracts the link state table. The information in this table is a series of GUIDs and
American Standard Code for Information Interchange (ASCII) text that represent routing
groups, routing group members, and connectors in the routing groups. The link state table
also includes information about the configuration of each connector. The information fields in
the link state table are separated by parentheses as follows:
'General Info' ('Routing Group' 'Routing Group Master' 'Version Info' 'Routing Group
Addresses' (Routing Group Members) (Connectors in Routing Group (Connector
configuration))).
170
The following is a shortened example of a link state table (all but one routing group removed):
d38082e7c9ecd74dbff32bada8932642 d037d6eaf2fa7cd10934aca433390623
(489416bfa3a4ff459b8f4403f20cad0d 1650c1fe32aef740be236e1089e0da6a 8 0 2
c2da71f9b39ec748aaf44119a2bdcb36 {26}*.489416BF-A3A4-FF45-9B8F-4403F20CAD0D
{4c}c=DE;a= ;p=TailspinToys;o=Exchange;cn=489416BF-A3A4-FF45-9B8F-4403F20CAD0D;*
{55}/o=TailspinToys/ou=First administrative Group/*/489416BF-A3A4-FF45-9B8F-
4403F20CAD0D ( 1650c1fe32aef740be236e1089e0da6a YES 1 1b20 {10}0701000000000101 )
( aa582d35e9621c4ca8ae57aa33d953a1 ( CONFIG {4}SMTP {}
{23}_aa582d35e9621c4ca8ae57aa33d953a1_D {63}/o=TailspinToys/ou=First administrative
Group/cn=Configuration/cn=Connections/cn=RGC RG A <-> RG B 0 0 0 0 ffffffff ffffffff 0
1 0 () 0 () 0 () 0 () ARROWS ( {2}RG {20}83bd0e29fad06d4eb8b00faab3265cd5 1 {4}X400
{23}c=DE;a= ;p=TailspinToys;o=Exchange; 1 ) BH () TARGBH
( 766a192b43bfc3459ee85608d65a98a9 CONN_AVAIL {19}server01.TailspinToys.com ) STATE
UP)))
(... next routing group... (... next routing members...) (... connectors in routing
group (... connector configuration..)))
The following table maps this information to the various information fields in the link state
table.
• Major
updates Represen
t routing topology
changes, such as
connector
configuration
changes (that is,
adding or deleting a
connector, adding or
deleting an address
space on a
connector, or
designating a new
server as the routing
group master).
• Minor
updates Represen
t changes to the
availability of a
virtual server or
connector. For
example, the state
of a connector might
change from up to
down if the
connector's source
bridgehead server is
unavailable.
• User
updates Represen
t changes that occur
when services are
started or stopped
174
SERVER01.TailspinToys.com.
489416BF-A3A4-FF45-9B8F-
4403F20CAD0D.
• The objectGUID
of the server:
1650c1fe32aef740b
e236e1089e0da6a
• Whether the
member is
connected to the
routing group
master. YES
indicates that the
server is connected.
• Server version
number: 1
• Build version:
1b20 hex = 6944
• User data:
176
Tip:
The number in curly
brackets is not an
identifier. This
number indicates
the string length of
the field value in
hexadecimal format.
Note:
There is no explicit
type for routing
group connectors.
Routing group
connectors use
SMTP to transfer
messages.
178
• No value If no
source bridgehead
server is specified,
then any server in
the local routing
group can use this
connector to transfer
messages. This
applies to routing
group connectors if
the option Any local
server can send
mail over this
connector is used.
• A connector
GUID For SMTP
connectors and
routing group
connectors, you can
specify specific local
bridgehead servers,
in which case the
Source Bridgehead
Address field lists
the connector GUID
appended by an
"_S" (without the
quotation marks), to
indicate a source
bridgehead, such
as:
{23}_76290a25817c0643a
1a6999e669b1d5f_S
• A bridgehead
179
• No
value X.400
connectors and
MAPI-based
connectors do not
have a destination
bridgehead server in
the link state table.
These connectors
use connector-
specific information
to determine their
target system, such
as the remote host
name in the stacks
configuration of an
X.400 connector.
• A connector
GUID For routing
group connectors,
the Destination
Bridgehead Address
field lists the
connector GUID
appended by a "_D"
(without the
quotation marks) to
indicate a
destination
bridgehead. In this
case, the target
bridgehead servers
are listed later in the
TARGBH field in the
connector
information.
• A bridgehead
180
• The scope of
the connector is
identified by the first
digit. A value of 0
indicates that the
scope is
"Organization." A
value of 1 indicates
that the scope is
"Routing Group."
Note:
Routing group
connectors always
have a scope of
"Organization."
Connectors to
external messaging
systems can be
restricted to the
local routing group.
• Address space
type The address
space type
determines the
format of the
address space
information that
follows in the next
position. For
example, an X.400
address space
requires address
space information in
a valid X.400 format.
An SMTP address
space, on the other
hand, contains parts
of an SMTP domain
name. For routing
group connectors,
the address space
type is RG, which
stands for a routing
group objectGUID.
• Address
183
• Bridgehead
Server
objectGUID The
GUID of a virtual
SMTP server, which
is specified in the
connector
configuration as a
local bridgehead
server.
• Bridgehead
Server
Status Information
that indicates the
availability of the
bridgehead server,
as follows:
CONN_AVA
IL The
bridgehead
server is
available.
VS_NOT_S
TARTED A
virtual
SMTP
server is
stopped or
is not
started.
184
• Bridgehead
Server
objectGUID 766a19
2b43bfc3459ee85608d
65a98a9
• Bridgehead
Server
Status CONN_AVAIL
• Virtual Server
FQDN {19}server0
1.TailspinToys.com
185
• STATE
UP Indicates that
the connector is
available.
• STATE
DOWN Indicates
that the connector is
unavailable.
Note:
For a connector to
be marked as down,
all local bridgehead
servers for this
connector must be
unavailable. Routing
group connectors
configured to use
the option Any local
server can send
mail over this
186
Note:
The WinRoute tool provides an intuitive view of the routing topology and link state
table by resolving the GUIDs in the link state table to names in a format that you can
read, if the tool has access to Active Directory. The upper pane of the WinRoute
program window displays the interpreted data, the middle pane lists all existing
address spaces, and the lower pane displays the raw information from the link state
table. For more information about the WinRoute tool, see tools downloads at Tools for
Exchange Server 2003.
Note:
Message routing should follow the physical network topology. If the underlying
network topology is designed in a true hub-and-spoke arrangement (with routing
groupA as the hub), it makes little sense to define routing group connectors as shown
in the figure above. Instead, routing groups B, C, D, and E should be connected
directly to routing groupA, and all inter-routing group message transfer should be
routed through routing groupA. In a genuine hub-and-spoke arrangement, there are
no alternate message paths, and the routing path selection is straightforward. For the
explanations in this section, however, it is assumed that the physical network
topology is a mesh that follows the arrangement of routing group connectors shown.
The routing engine uses the following information to determine the best route:
188
Address spaces can be added to a connector through the Address Space tab. As
mentioned in the "Information in the link state table" table, address spaces consist of an
address type, such as RG, SMTP, X400, MSMAIL, or CCMAIL, an address , and a cost
value. The cost value that you assign to an address space is an important routing
criterion. The routing engine uses the Dijkstra shortest-path algorithm to make routing
decisions. This algorithm is based on cost values.
189
Note:
Routing group connectors are always available across the whole organization.
• Restrictions The routing engine determines the message size, priority, and
message type (that is, system or non-system message). The routing engine
compares these properties with available connector restriction information. It then
excludes those connectors that cannot transfer the message due to effective
connector restrictions from the list of potential connectors.
• Status Only available connectors are included in the route selection process.
The status field of each connector indicates whether the connector is available
(STATE UP) or unavailable (STATE DOWN).
connector restrictions to exclude all those connectors that must not be used
to transfer the message.
e. It computes a filter value for the message, which uniquely defines the
message type. The message type identifies the actual path that messages
with similar characteristics can use. The message type is cached. Therefore,
the routing engine does not recalculate the filter value for subsequent
messages with similar characteristics.
Note:
The advanced queuing engine maintains a separate message queue for
each message type.
f. It creates associated message types. An associated message type is
similar to the actual message type, but is calculated with relaxed restrictions.
Associated message types enable the SMTP transport subsystem to return
extended error codes if a transfer path is not available for the actual
message type because of connector restrictions.
g. It returns the index of the cached message type to the advanced queuing
engine.
2. The routing engine determines the next hop on the shortest route. To complete
this step, the advanced queuing engine calls the GetMessageType method on the
IMessageRouter interface. The most important information that the advanced
queuing engine passes to the routing engine at this point is the destination address
and the message type ID. For recipients in the Exchange organization, the
destination address is the FQDN of the recipients' home server. The routing engine
determines the destination routing group from the server cache, checks the available
route for the message type, and returns the next hop on the route to the destination
routing group to the advanced queuing engine. The advanced queuing engine can
then transfer the message to the next hop on the way to the destination.
The following figure shows that even in a relatively straightforward routing topology, many
routes can exist from one routing group to any other routing group. The figure shows the
routing group connectors from Figure 5.4 in simplified form, with their default cost values of 1.
191
In 1959, Professor Edsger Dijkstra solved the single-source shortest paths problem by
developing an algorithm that locates, in a single calculation, the shortest paths from a given
source to all points in a topology.
1. It is assumed that the routing topology representing all the paths from one routing
group to all other routing groups is a spanning tree. This determines that the topology
must include all routing groups and routing group connectors, and that there are no
loops between routing groups. Therefore, paths in the routing topology that allow a
message to return to the source routing group are illegal transfer paths and are not
included in the calculation.
2. Based on Dijkstra's algorithm, the routing engine maintains two sets of routing
groups. The first set includes all groups for which the shortest path from the source
routing group has already been determined. The second set includes all remaining
routing groups. At first, the set of routing groups for which the shortest paths from the
source routing group have already been determined is empty. As long as there are
routing groups remaining that have not been processed, the routing engine performs
Steps 3 through 6, as follows.
192
3. The routing engine sorts the remaining routing groups according to the current
best estimate of their distance (that is, the sum of cost values) from the source
routing group.
4. It then adds the closest routing group to the set of routing groups for which the
shortest paths have been determined.
5. The routing engine then updates the costs of all the routing groups connected to
that routing group (if this improves the best estimate of the shortest path for each of
the remaining routing groups) by including the cost value of the connector between
those routing groups in the distance value.
6. It updates the predecessor for all updated routing groups. The list of
predecessors eventually defines the shortest path from each routing group to the
destination routing group.
The following steps illustrate how the routing engine finds the shortest paths from routing
group A to all other routing groups in the routing topology:
1. The calculation begins at routing group A because in this example the source is
routing group A. The distance value of routing group A to itself is zero. The distance
value of all other routing groups has not been determined.
2. Routing group A is added to the set of routing groups for which the shortest paths
from the source routing group have been determined. Then, the distance value of all
routing groups adjacent to routing group A is updated with the cost values of their
connectors. The predecessor (indicated by the source of the black arrows) for all
these routing groups is then updated. The predecessor is routing group A.
3. The routing engine sorts the remaining routing groups according to the current
best estimate of their distance from the source routing group. It adds the closest
routing group to the set of routing groups for which the shortest paths have been
determined. Because routing groups B and C have the same distance value, the
routing engine selects one routing group at random. This example assumes that the
routing engine selects routing group B.
4. The routing engine calculates the distance value of all remaining routing groups
adjacent to routing group B, by combining the cost value of the connector between
routing group B and the adjacent routing group with the distance value of routing
group B. It updates the distance value of an adjacent routing group only if the
calculated distance value is smaller than the value that is already assigned to the
routing group, and only then updates the predecessor (indicated by black arrows).
The neighbors of routing group B are routing groups C, D, and E. The current distance
value of routing groups C and D is not defined. Therefore, their distance value is updated
with the cost values of their connectors, plus the distance value of routing group B (1+1).
Then the predecessor (indicated by the source of the black arrows) for all these routing
groups is updated. The predecessor is routing group B.
193
Routing group C is not updated, because the sum of the distance value of routing group
C and the connector cost (1+1) is larger than the current distance value of routing group
C.
5. The routing engine sorts the remaining routing groups according to the current
best estimate of their distance from the source routing group and adds the closest
routing group to the set of routing groups for which the shortest paths have been
determined. The algorithm now picks routing group C, because this routing group has
the smallest distance value.
6. The routing engine calculates the distance value of all remaining routing groups
adjacent to routing group C, by combining the cost value of the connector between
routing group C and the adjacent routing groups with the distance value of routing
group C. It updates the distance value of an adjacent routing group only if the
calculated distance value is smaller than the value that is already assigned to the
routing group, and only then updates the predecessor (indicated by black arrows).
The remaining routing groups that are neighbors of routing group C are routing groups D
and E (routing groups A and B were already processed).
The current distance value of routing groups D and E is 2. This value is smaller than the
sum of the connector cost and distance value of routing group C (1+2). Therefore, the
distance value and predecessor list of routing groups D and E are not updated.
7. The routing engine sorts the remaining routing groups (routing groups D and E)
according to the current best estimate of their distance from the source routing group
and adds the closest routing group to the set of routing groups for which the shortest
paths have been determined.
Because routing groups D and E have the same distance value, the routing engine
selects one routing group at random. This example assumes that the routing engine
chooses routing group D.
The only remaining neighbor is routing group E, which has a current distance value of 2.
This value is smaller than the sum of the connector cost and distance value of routing
group D (1+2). Therefore, the distance value and predecessor list of routing group E are
not updated.
The last routing group that has not been added to the list of routing groups for which the
shortest paths have been determined is routing group E. There are no remaining
adjacent routing groups. Therefore, the calculation of the shortest path is complete. The
shortest paths from routing group A to any other routing group in the topology have been
determined.
194
The following table lists the load-balancing configurations that you can use between routing
groups.
195
A single routing group connector with With these types of connectors, the routing
multiple source or multiple destination engine returns the connector GUID in the
bridgehead servers, or both. next hop information for the advanced
queuing engine. The advanced queuing
engine then randomly selects the
bridgehead server that must be used,
thereby load-balancing the message
transfer across all bridgehead servers.
Note:
It is best to specify multiple source
and destination bridgeheads for a
single routing group connector
between two routing groups. This
practice improves load-balancing
and redundancy.
196
Multiple connectors with the same address In this type of configuration, true load
space (or connected routing group), same balancing is not achieved. Load balancing
weight (cost), and each with a single is performed only to the extent of selecting
source and destination bridgehead server a connector initially for a given message
type. The routing engine determines the
message type one time, caches this
information, and then routes all messages
of the same type over the same connector.
The second connector is used only if the
first connector fails. However, a second
server might select the second connector
and in this way balance the load to some
extent.
Note:
It is not a good practice to use
multiple connector instances
between routing groups for load
balancing, because true load
balancing cannot be achieved.
Multiple connectors with the same address If you want to configure connectors to fail
space (or connected routing group), over automatically, you can create two
different weights (cost), and each with a separate connectors on different
single source and destination bridgehead bridgehead servers, each with a different
server cost. Link state for a connector is
determined by its local bridgehead server. If
the bridgehead server on the preferred
connector with the lowest cost is
unavailable, the connector is considered to
be unavailable and the routing automatically
chooses the second connector. When the
bridgehead server that is hosting the
connector with the lowest cost becomes
available, Exchange servers then begin
using it again.
197
• If you want to load-balance traffic across multiple destination servers, either have
the destination administrator configure DNS correctly (using a suitable configuration
of MX and A records), or specify multiple smart host addresses on the connector.
Or, if you want to ensure failover resiliency, create multiple SMTP connectors scoped with the
same address space, different costs, and different source bridgeheads. If the bridgehead
server on the preferred connector with the lowest cost in unavailable, the connector is
considered unavailable and routing automatically chooses the second connector. If you use
two connectors with the same cost, Exchange servers will randomly select which bridgehead
server and connector that they will use. Then if this bridgehead server becomes unavailable,
they will fail over to the second connector. However, once the first bridgehead server
becomes available, the servers will not fail back to this server because the route has the
same cost as the server that they are already using.
The connector configuration in the following figure, for example, is not load-balanced for
failover configuration because the address spaces do not match. Messages sent to external
users in a .NET domain always travel over the SMTP connector with the .NET address space.
This is because the routing engine chooses the most detailed address before evaluating
costs.
A connector configuration that does not provide load balancing or fault tolerance
198
Note:
If restrictions exist on the connector with the *.NET address space, and the
restrictions prevent certain messages from crossing this connector (for example,
because the sender is denied message transfer over this connector), the routing
engine returns the message to the sender with an NDR. The routing engine does not
fall back to the second connector for those messages. The most detailed address
space determines which connectors can be used to transfer a message. Connectors
with less detailed address spaces are excluded from the route calculation.
The routing engine considers a connector as down if one of the following conditions is true:
• None of the source bridgehead servers can transfer the message to a destination
bridgehead server successfully. Source bridgehead servers that cannot transfer
messages to the destination are marked as CONN_NOT_AVAIL.
Note:
If you use X.400 connectors, and the connector cannot transfer messages, the
Exchange MTA informs the routing engine that a link failure occurred. The state of the
source bridgehead server is then CONN_NOT_AVAIL. X.400 connectors can have
only one source bridgehead server.
Message Rerouting
To guarantee efficient message transfer, the routing engine informs the advanced queuing
engine and Exchange MTA immediately of any link state changes. To avoid sending
messages along broken paths, all queued messages must be routed again. This process is
named rerouting. In rerouting, the advanced queuing engine discards all cached next hop
information, because this information is no longer valid. Each message that is currently
waiting to be transferred is passed to the routing engine again, to recalculate the next hop.
This can be a resource-intensive task.
199
The following figure shows a rerouting example in which the bridgehead server in routing
group E is down. No messages can reach this routing group currently. When the routing
engine recalculates the shortest paths for messages to recipients in routing group E, it
discovers that no path is available. Connectors marked as down are excluded from the
routing process. Therefore, routing group E is currently isolated.
Because no valid path exists, the routing engine cannot determine a valid next hop for
messages that are waiting to be transferred to routing group E. The routing engine informs
the advanced queuing engine, in the next hop type information, that the next hop is currently
unreachable. The advanced queuing engine must retain the message until at least one
transfer path becomes available, or until the message expires and is returned to the sender
with an NDR.
Note:
If only one connector to a routing group exists, and there are no alternative paths, the
link state is always marked as available to reduce the number of link state changes in
the routing topology. Exchange Server 2003 queues the messages and sends them
when the route becomes available again.
200
Note:
The routing engine does not reroute messages from a connector with a specific
address space to a connector with a less specific address space, because the routing
engine considers this a different destination. The messages remain on the source
bridgehead server until the connector with the detailed address space becomes
available.
If there are restrictions on the connector with the .NET address space, and the restrictions
prevent certain messages from crossing this connector, for example because the sender is
denied message transfer over this connector, the routing engine returns the message to the
sender with an NDR. The routing engine does not fall back to the second connector for those
messages. The most detailed address space determines which connectors can be used to
transfer a message. Connectors with less detailed address space are excluded from the route
calculation.
Connector Recovery
The routing engine determines that a connector is available again in one of the following
ways:
active, to become active only at specified times, or to be never active, in which case the
connector does not transfer messages until the connector schedule is changed again. You
can also configure a connector as remote initiated, which means that the connector does not
initiate a connection itself. Instead, it waits for a remote server to connect and trigger the
message transfer.
The connector schedule affects the message transfer only. It does not affect message
routing. The routing engine considers connectors with any schedule type as available if they
are STATE UP. Therefore, messages might even be routed to connectors for which the
activation schedule is set to never. Link state changes and rerouting do not occur for these
connectors. Messages wait in the connector's queue until the activation schedule is changed.
The same is true for remote initiated connectors. Messages are not rerouted while they are
waiting for their retrieval.
Tip:
If you want to avoid message routing to a connector, set its maximum message size
to 1 Kilobyte (KB).
Propagating link state information among all servers has the following advantages:
• Each Exchange server can select the optimum message route at the source
instead of sending messages along a route on which a connector is unavailable.
• Messages no longer bounce back and forth between servers, because each
Exchange server has current information about whether alternate or redundant routes
are available.
• Intra-routing group LSA Within a routing group, the routing group master
tracks link state information and propagates it to the remaining servers in the routing
group. The remaining servers are also named member nodes or routing group
members. When a member node is started and has initialized its routing table with
information from Active Directory, it establishes a TCP/IP connection to port 691. It
then authenticates with the routing group master and obtains most recent information
about the state of all links in the routing topology. All intra-routing group connections
require two-way authentication. The connection remains so that master and
subordinate node can communicate with each other whenever link state changes
occur.
Within a routing group, Exchange Server 2003 updates link state information as follows:
b. The local routing engine, acting as a caching proxy between the routing
group master and the advanced queuing engine or Exchange MTA, forwards
the link state information to the routing group master over the link state
connection to TCP port 691.
Note:
An MD5 hash is a cryptographic block of data derived from a message by
using a hashing algorithm that generates a 128-bit hash from a list of blocks
203
with 512 bits. The same message always produces the same hash value
when the message is passed through the same hashing algorithm.
Messages that differ by even one character can produce very different hash
values.
d. The routing group master sends the whole link state table (that is, the
OrgInfo packet) to each routing group member. Each routing group member
compares the MD5 hash of the new OrgInfo packet with the MD5 hash in its
own link state table and determines if the local server has the most up-to-
date information.
e. If the MD5 values are different, the routing group member processes the
OrgInfo packet. After replacing the link state table in memory, the routing
group member sends a short reply to the routing group master, now also
referencing the new MD5 hash value.
f. The routing group master processes this information, discovers that the
routing group member is updated, and sends a short acknowledgment to the
routing group member.
g. Every five minutes thereafter, the routing group member polls the master
to query for up-to-date routing information. Master and member node
compare their MD5 hash values to determine if changes occurred.
Note:
All servers within a routing group must communicate with the routing group
master through a reliable TCP/IP connection.
If the communication between routing groups is SMTP-based (that is, Routing Group
Connector or SMTP connector), link state information is exchanged before regular
message transfer by using the extended SMTP command, X-LINK2STATE, as follows:
b. The bridgehead servers authenticate each other using the X-EXPS GSS
API command.
d. First, the bridgehead servers compare their MD5 hashes to detect any
changes to link state information. Then the local bridgehead server uses the
DIGEST_QUERY verb to request the MD5 hash from the remote bridgehead
server. The DIGEST_QUERY verb contains the GUID of the Exchange
organization and the MD5 hash of the local bridgehead server.
e. The remote bridgehead server now compares its MD5 hash to the MD5
hash received through the DIGEST_QUERY verb. If the hashes are the
same, the remote bridgehead server sends a DONE_RESPONSE verb to
indicate that the link state table does not require updating. Otherwise, the
remote bridgehead server sends its entire OrgInfo packet.
f. After receiving the OrgInfo packet, the remote and local bridgehead
servers reverse roles and the local bridgehead server sends its own OrgInfo
packet to the remote bridgehead server. Both bridgehead servers transfer the
received OrgInfo packet to their routing group masters. The routing group
master determines whether to update the link state table with the information
from the OrgInfo packet. A higher version number indicates a more recent
OrgInfo packet.
Note:
Routing group masters never accept information about their local routing
group from a routing group master in a remote routing group.
For details about SMTP communication between servers running Exchange Server 2003,
see SMTP Transport Architecture.
Note:
When you link routing groups by means of an X.400 connector, link state information
is exchanged between the MTAs as part of typical message transmission. A binary
object, called the Orginfo packet, is sent in a system message to the receiving MTA
before interpersonal messages are transferred. The receiving MTA then transfers the
Orginfo packet to the local routing engine, which communicates the transfer to the
routing group master.
An LSA Example
The following figure illustrates how the link state algorithm works in an Exchange organization
that contains multiple routing groups. The figure illustrates an environment that contains an
unavailable bridgehead server in routing group E. Also, the bridgehead servers in the other
routing groups have not received the information that there is a routing problem.
205
Exchange Server 2003 discovers the routing problem in the following way:
2. The routing engine chooses the path shown in Figure 5.9. Therefore, the
message is transferred to the bridgehead server in routing group B.
3. The bridgehead server in routing group B tries a direct transfer to the bridgehead
server in routing group E. Because the remote bridgehead is unavailable, the try fails.
After three consecutive connection tries, the routing group connector's local
bridgehead server is marked as CONN_NOT_AVAIL. Because there are no more
bridgeheads in the connector configuration, the connector is marked as STATE
DOWN.
206
4. The bridgehead server in routing group B connects to its routing group master
through TCP port 691 and transmits the new link state information. The master
incorporates the information into the link state table and notifies all servers in the
routing group about the change.
7. The bridgehead server in routing group C connects to its routing group master
through TCP port 691 and transmits new link state information. The routing group
master incorporates the information in the link state table and notifies all servers in
the routing group about the change. All servers in routing group B and C now know
that the routing group connector between routing group B and routing group E is
unavailable.
207
8. The bridgehead server in routing group C tries a direct transfer to the bridgehead
server in routing group E. Because the remote bridgehead is unavailable, the
connection try fails. After three connection tries, the connector is marked as STATE
DOWN.
9. The bridgehead server in routing group C connects to its routing group master
through TCP port 691 and transmits new link state information. The routing group
master incorporates the information in the link state table and notifies all other
servers in the routing group about the change.
10. The link state change causes a rerouting event in routing group C. The message
is sent now to routing group D, because the routing engine still sees an available
transfer path from routing group D to routing group E. The bridgehead server in
routing group C informs its remaining adjacent remote bridgehead servers (routing
groups A, B and D) about the link state changes.
11. The message is transferred to routing group D, but before the actual message
transfer, the bridgehead servers in routing group B and C compare their MD5 hashes
and exchange link state information.
12. The bridgehead server in routing group D connects to its routing group master
through TCP port 691 and transmits new link state information. The routing group
208
master incorporates the information into the link state table and notifies all servers in
the routing group about the change. All servers in routing group D now know that the
routing group connectors between routing groups B and E and routing groups C
and E are unavailable.
13. The bridgehead server in routing group D tries a direct transfer to the bridgehead
server in routing group E, but because the remote bridgehead is unavailable, the
connection try fails. After three connection tries, the connector is marked as STATE
DOWN.
14. The bridgehead server in routing group D connects to its routing group master
through TCP port 691 and transmits new link state information. The master
incorporates the information into the link state table and notifies all servers in the
routing group about the change.
15. The link state change causes a rerouting event in routing group D. Because no
additional transfer paths are available to routing group E, the message remains in
routing group D, until at least one transfer path is available. The message is
transferred to routing group E as soon as the bridgehead server in routing group E is
available.
209
16. The bridgehead server in routing group D informs its remaining adjacent remote
bridgehead servers (routing groups B and C) about the link state changes. These
routing groups then propagate the link state changes to routing group A.
Exchange Server 2003 detects link state changes in the following way:
• Major version number Major changes are actual physical changes in the
routing topology. For example, you create a major change when you add a new
connector to the routing group or change a connector configuration. To receive
notification of major changes to its routing group in the routing topology, the routing
group master registers with Active Directory for change notifications using DSAccess.
The configuration domain controller sends these notifications to the Exchange server,
according to the standard Lightweight Directory Access Protocol (LDAP) change
notification process. When a routing group master receives an update to the routing
topology from the configuration domain controller, it sends the updated information to
all member servers in its routing group. It also notifies all bridgehead servers in
remote routing groups, as explained earlier in the section "Link State Algorithm." For
more information about the role of DSAccess and the configuration domain controller
on Exchange 2003, see Exchange Server 2003 and Active Directory.
• Minor version number Minor changes are changes in link state information,
such as a connector changing from a STATE UP to STATE DOWN. Unreliable
network connections, however, could lead to a situation in which connectors are
frequently marked up and down, which causes extra link state updates across the
Exchange organization. A substantial increase in processing overhead may occur,
because of extra route resets and message rerouting. By default, Exchange
Server 2003 mitigates oscillating connectors by delaying link state changes for a
period of ten minutes. During this period, changes that occur are consolidated and
then replicated across the organization in one batch. However, an oscillating
connection can still generate link state traffic if changes occur for extended periods of
time.
You can increase or decrease the update window through the following registry
parameter.
Location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl
Set\Services\RESvc\Parameters\
StateChangeDelay
Value
210
Type REG_DWORD
You can also prevent the routing group master from marking down its connectors by
setting the following Registry key. This can be helpful, especially in hub-and-spoke routed
scenarios, in which each destination can be reached only through a single connector.
Message rerouting cannot occur if alternate connectors are not available.
Location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl
Set\Services\RESvc\Parameters\
SuppressStateChanges
Value
Type REG_DWORD
• User version number User updates include minimal changes, such as when
the routing group master changes, when services are started or stopped on an
Exchange server, when another server is added to the routing group, or when a
member server loses connectivity to the routing group master.
If you shut down a routing group master for more than a brief time, you should nominate a
different routing group master to avoid inefficient message routing. In Exchange System
Manager, expand the desired routing group and select the Members container. In the details
pane, right-click the server that you want to promote to the routing group master, and then
select Set as Master.
211
Note:
Changing the routing group master represents a major link state change. In a link
state change, link state information is propagated across the organization, and all
Exchange servers must reroute their messages. Therefore, do not change the routing
group master frequently.
Sometimes, two or more servers mistake the wrong server as the routing group master. For
example, if a routing group master is moved or deleted without choosing another routing
group master, msExchRoutingMasterDN, the attribute in Active Directory that designates
the routing group master, might point to a deleted server, because the attribute is not linked.
This situation can also occur when an old routing group master refuses to detach as master,
or a rogue routing group master continues to send link state ATTACH information to an old
routing group master. In Exchange Server 2003, if msExchRoutingMasterDN points to a
deleted object, the routing group master relinquishes its role as master and initiates a
shutdown of the master role.
• Check for healthy link state propagation in the routing group on port 691. Verify
that a firewall or SMTP filter is not blocking communication.
• Check Active Directory for replication latencies, using the Active Directory
Replication Monitor tool (Replmon.exe), which is included in Microsoft Windows
Server 2003.
• Check for deleted routing group masters or servers that no longer exist. In these
instances, a transport event 958 is logged in the application log of Event Viewer. This
event states that a routing group master no longer exists. Verify this information by
using a directory access tool, such as LDP (ldp.exe) or ADSI Edit (adsiEdit.msc).
These applications are included in the Windows Server 2003 support tools.
212
• Routing groups cannot span multiple administrative groups. This is because the
routing topology in Exchange Server 5.5 is defined by sites. Sites in Exchange
Server 5.5 provide the functionality of both the administrative group and the routing
group in Exchange Server 2003. This difference in routing topology limits the
functionality of routing groups in a mixed-mode environment.
• You cannot move servers between routing groups that exist in different
administrative groups.
213
• Exchange Server 5.5 connectors with a local scope are available to all
Exchange 2003 users in the organization, because this connector scope has no
counterpart in Exchange Server 2003. In Exchange Server 5.5, you can specify
connector availability at three different levels: organization, site, and server location.
In Exchange Server 2003, only the organization and routing group (site) scopes are
available.
Topology Updates
Because Exchange Server 5.5 servers do not use a link state table, routing groups with a
routing group master running Exchange Server 5.5 (that is, sites without a server running
Exchange Server 2003) do not send topology updates. To address this issue, routing group
masters periodically obtain the routing group topology for all Exchange Server 5.5-controlled
routing groups from Active Directory and then replicate this information across the
Exchange Server 2003 routing topology.
You can configure the following registry key on a routing group master to determine when the
routing engine reads topology information from Active Directory.
Location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl
Set\Services\RESvc\Parameters\
ReloadOsInterval
Value
Type REG_DWORD
When a routing group propagates link state information, its major version number increases.
Bridgehead servers in other routing groups expect to receive link state changes from this
routing group. However, a problem occurs if you revert the bridgehead server to Exchange
Server 5.5, because the bridgehead server then has no link state table. Other servers still
214
expect the bridgehead server running Exchange Server 5.5, formerly the bridgehead server
running Exchange Server 2003, to participate in link state propagation. Therefore, other
servers wait for this server to give them updated link state information. When this occurs, this
routing group becomes isolated and does not participate in dynamic link state updates in the
organization.
The following figure illustrates a situation in which this isolated routing group can be
problematic. Specifically, because the Exchange 5.5 bridgehead server in the Exchange 5.5
routing group was formerly and Exchange 2000 or Exchange 2003 bridgehead server, the
other servers expect it to participate in link state propagation. In Figure 5.13, the Exchange
Server 5.5 Internet Mail Connector and Exchange Server 2003 SMTP connector both use a
single smart host to route mail to the Internet. The smart host becomes unavailable.
Therefore, the bridgehead server running Exchange Server 2003 marks the route through its
SMTP connector as unavailable. However, because the bridgehead server expects the server
running Exchange 5.5 to send link state information about its routing groups and connectors,
it assumes that the route through Internet Mail Connector is available and attempts to deliver
messages through this route. After one failure, the server running Exchange 2003 detects a
possible loop and does not attempt delivery through this route.
Servers running Exchange 5.5 and Exchange 2003 connecting to a smart host
Link state propagation can also be broken if a firewall that is blocking link state propagation is
added to the system. For example, ports 25 and 691 are required within a routing group and
port 25 is required between routing groups. Also, the Extended Simple Mail Transfer Protocol
(ESMTP) command X-LINK2STATE must not be blocked by a firewall.
• To reset non-connected routing groups to link state major version number 0, shut
down all Exchange servers in your organization simultaneously, and then restart all
Exchange servers.
For more information about isolated or disjointed routing groups and the major version
numbers, see Microsoft Knowledge Base article 842026, "Routing status information is not
propagated correctly to all servers in Exchange 2000 Server or in Exchange Server 2003."
• SMTP service design The SMTP service runs in the Inetinfo process and when
extended through Exchange event sinks, processes all inbound and outbound
messages. When messages pass through the transport subsystem, SMTP makes
heavy use of Internet Information Services (IIS) resources. You must understand the
SMTP service design to understand how the entire Exchange 2003 transport
subsystem works.
• Logging and message tracking Protocol logging, event logging, and message
tracking are features that you can use to analyze the details of message transfer. You
must understand the implementation of these features, especially in troubleshooting
situations.
This section assumes that you are familiar with the general concept of message handling in
Exchange Server 2003. For more information about message handling, see Message
Routing Architecture. This section also assumes that you are familiar with the concepts of
configuring virtual SMTP servers, SMTP connectors, and routing group connectors. For more
information about these concepts, see the Exchange Server 2003 Transport and Routing
Guide.
Note:
Unmanaged code refers to code that is executed directly by the operating system,
outside the Microsoft .NET Framework common language runtime (CLR).
Unmanaged code provides its own memory management, type checking, and
security support. Managed code receives these services from the common language
runtime.
uses to handle all incoming network connection requests. A thread is an instance of code
execution within a process. A process consists of a virtual address space, processor context,
and at least one thread. Threads are created by using the CreateThread() method of the
operating system and run within the virtual address space of the calling process (that is, the
IIS Inetinfo process).
In asynchronous processing, each thread runs in the Inetinfo process without waiting for other
threads to finish their processing. In synchronous processing, threads run after each other in
a synchronized way (code execution is blocked at a function call until the function is
complete). To synchronize asynchronous threads (for example, to avoid conflicts because of
concurrent access to a particular resource), the operating system provides synchronization
objects. An example of a synchronization object for a particular resource is an event object for
a Windows socket. The SMTP service uses event objects to receive notifications of incoming
SMTP connections. A Windows socket is an IP address combined with a port number. The
default port to reach the SMTP protocol engine is TCP port 25. Combined with the IP address
of the Exchange server that is running the SMTP service, this port number forms the socket
of the default SMTP virtual server, for example: 192.168.1.100:25.
Note:
Only the default SMTP virtual server exists on an Exchange server. The default
SMTP virtual server accepts incoming connections on TCP port 25 for all IP
addresses of the server. You can change this configuration in Exchange System
Manager, from the General tab, in Default SMTP Virtual Serverproperties.
1. When you start the SMTP service, the Inetinfo process initializes the SMTP
virtual server's socket in TCP/IP to listen for incoming connection requests. To
support multiple concurrent connections through the same virtual server, the socket is
initialized in non-blocking mode for overlapped I/O operations. By default, an SMTP
virtual server can accept almost an unlimited number of incoming network
connections (although the actual physical limit is about 5000).
Note:
In Microsoft Windows Server 2003, the server can handle only about 2,000
concurrent connections. In Windows Server 2003 Service Pack 1, the default is
increased from 2,000 to 5,000 and can be increased even more through a setting
in the metabase.
that a thread from this thread pool can be notified when the synchronization object
signals an incoming network connection.
3. The TCP/IP transport stack receives an incoming SMTP connection and signals
this event to the Inetinfo process. Now a thread from ATQ can run to read data from
the SMTP socket.
Note:
The Inetinfo process can create additional threads in ATQ to ensure a sufficient
number of threads available to listen for incoming connection requests. To tune
IIS performance, you can specify the maximum number of threads that can be
created in the system through the following registry parameter.
Location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl
Set\Services\InetInfo\Parameters
Value PoolThreadLimit
Type REG_DWORD
4. The IIS thread runs the code in SMTPSvc.dll and responds to the incoming client
request with a server greeting, named an SMTP banner, such as: 220
server01.TailspinToys.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.0
ready at Sun, 21 Mar 2004 23:48:47 +0100.
5. The SMTP conversation progresses as the remote SMTP host transfers the
message. Each time an SMTP command is received, a thread from ATQ runs the
SMTP protocol code in SMTPSvc.dll and triggers events in the SMTP service that
cause code in other DLLs to run. For example, the NTFS store driver writes the
message in the form of a file into the virtual SMTP server's \Queue folder on the file
system.
6. After the current SMTP command is processed, the Inetinfo process places the
thread that was used to perform the SMTP processing back into ATQ to listen for new
incoming commands or new connection requests. IIS reuses existing threads to avoid
the overhead of creating a new thread each time a new command or connection
request is received.
7. The remote host issues a Quit command, and the SMTP service releases the
connection.
220
Note:
The time to live (TTL) of inactive threads in ATQ is 24 hours. The Inetinfo process
has at least two threads in ATQ at any one time to respond to incoming
connection requests.
To avoid this situation, you can reserve an adequate number of threads for other IIS services
by limiting the percentage of threads that the SMTP service can use. This is accomplished
using the following registry parameter.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\SMTPSVC\Queuing
Value MaxPercentPoolThreads
Type REG_DWORD
MaxPercentPoolThreads = 90/(2*Number of
SMTP virtual server instances)
You can also increase the overall number of threads in the Inetinfo process using the
following registry parameter, if sufficient memory is available for the additional threads.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\SMTPSVC\Queuing
Value AdditionalPoolThreadsPerProc
Type REG_DWORD
AdditionalPoolThreadsPerProc =
((9/(MaxPercentPoolThreads/100))–4)/2
Note:
If the
AdditionalPoolThreadsPerProcvalu
e is greater than 200, you must
increase the value of the
PoolThreadLimit parameter under
HKEY_LOCAL_MACHINE\
System\CurrentControlSet\Servic
es\InetInfo\Parameters\. Set the
PoolThreadLimit to at least the
same value as
AdditionalPoolThreadsPerProc.
After a message is received through SMTP, it is passed to the advanced queuing engine
(Phatq.dll). The thread that the SMTP service uses to pass the message to the advanced
queuing engine is then returned to ATQ. The advanced queuing engine uses its own thread
pool to process queued messages. This thread pool is separate from the thread pool used to
handle SMTP protocol operations. You can read more about the advanced queuing engine in
The Advanced Queuing Engine.
222
The following types of events can occur in the SMTP transport subsystem of Exchange 2003:
• SMTP protocol events These events are specific to SMTP and allow event
sinks to modify the behavior of the SMTP protocol engine by modifying, disabling, or
adding inbound and outbound commands, as well as responses to those commands.
For example, the X-LSA Sink protocol event sink of Exchange Server 2003
implements an additional SMTP command, X-LINK2STATE, to transmit link state
information across routing groups, as explained in Message Routing Architecture.
Protocol event sinks can also be used to modify standard SMTP and ESMTP
commands, such as EHLO, to broaden the capabilities of the SMTP protocol.
Protocol event sinks are covered in SMTP Protocol Extensions.
• SMTP store events These events allow store event sinks (that is, store driver
implementations) to persist the content of messages in file system directories or in
the Exchange store. For example, in the transport subsystem of Exchange
Server 2003, store events are used to perform local delivery to Exchange recipients.
Store drivers are covered in SMTP Service Store Drivers.
• SMTP transport events These events occur when messages arrive at the
server, flow through the core transport subsystem, and are delivered to Exchange
recipients or relayed to other SMTP hosts. In Exchange Server 2003, transport
events are used to perform message categorization and message routing. The
routing engine is covered in Message Routing Architecture. The categorizer event
sinks are covered in SMTP Transport Components.
• SMTP system events These events translate into calls to a sink acting as a
system component. For example, the SMTP Eventlog sink is a system component
that registers for system events to write internal processing information into the
application event log.
223
Note:
SMTP event sinks enable non-Microsoft vendors to implement custom extensions to
the SMTP transport subsystem, such as mail filters and anti-virus scanners. SMTP
event sinks do not support COM+ applications.
1. The event dispatcher compares the sink's event registration with the event
conditions. If the conditions are met, the sink is executed.
Note:
Some SMTP events, such as store events, do not have event conditions.
2. If necessary, the event dispatcher creates an instance of the sink using the class
ID (CLSID) of the event sink COM class.
224
Note:
Sinks can be cached to avoid this step on subsequent events.
4. The event dispatcher runs the sink by calling the appropriate event method on
the sink interface. For transport events, the event dispatcher passes the message in
the form of a MailMsg object to the event sink. This object contains the whole
message, together with the transport envelope fields. The message and the envelope
fields can be modified by the sink.
5. When the sink finishes processing, it returns an event status flag to the event
dispatcher. The event dispatcher checks this flag to determine whether to notify
subsequent sinks. For example, an event sink might instruct the event dispatcher to
skip all remaining sinks to stop all further message processing.
Event sinks use the following return codes to indicate whether to notify subsequent sinks:
• S_FALSE Other sinks at the same or lower priority are not called.
Note:
SMTP protocol event sinks might also return the value
MAILTRANSPORT_S_PENDING to indicate that the processing will
complete asynchronously by calling the NotifyAsyncCompletion method. A
protocol event sink can call the NotifyAsyncCompletion method to notify the
inbound protocol event dispatcher that asynchronous processing is complete
and to pass the processing result.
6. For transport events, after each sink is notified, or after one sink indicates to skip
the remaining sinks, the status envelope field is examined for the message to
determine the next action. A message might be delivered to the appropriate location,
discarded, or placed in the SMTP virtual server's \Badmail folder on the file system.
Note:
In the SMTP service, the protocol engine and the advanced queuing engine assume
the roles of event dispatchers. The protocol engine dispatches protocol events. The
advanced queuing engine dispatches transport events. Both protocol engine and
advanced queuing engine also dispatch store and system events.
Administrative Interfaces
The primary tool for managing SMTP protocol settings and SMTP virtual servers on a server
running Exchange Server 2003 is Exchange System Manager, specifically the Exchange
225
Note:
Creating multiple SMTP virtual servers on a server running Exchange Server 2003
does not increase system performance. Each SMTP virtual server is multithreaded
and can handle numerous connections concurrently. For example, the default
maximum number of concurrent outgoing connections per SMTP domain is 100, and
the total maximum number of concurrent outgoing connections is 1,000.
• IIS metabase The core components of the SMTP service that ship with
Windows Server 2003 are not Active Directory-aware. For example, any settings that
you apply to an SMTP virtual server must be transferred from Active Directory to the
IIS metabase. This is the task of the metabase update service. The metabase update
service registers with the configuration domain controller that Exchange Server 2003
uses to receive notification of any changes to the Exchange configuration. This
notification occurs within 15 seconds of the change. As soon as the change is
replicated to the configuration domain controller, IIS metabase update service
replicates the change to the IIS metabase.
• Registry Most configuration settings that you can configure for the SMTP
transport subsystem are stored in Active Directory or IIS metabase. However, several
system parameters that affect the SMTP service, such as MaxPercentPoolThreads or
AdditionalPoolThreadsPerProc, are stored in the registry database under the
following key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMTPSVC.
226
Because all SMTP event sinks are COM components, they must be registered in the
registry under the HKEY_CLASSES_ROOT hive. You can use Regsvr32.exe to manually
register and unregister COM components.
The following table lists important configuration information that Exchange Server 2003 stores
for SMTP virtual servers in Active Directory. To learn how to manage SMTP virtual server
settings in Active Directory programmatically, see Setting Message Restriction on an SMTP
Virtual Server Using ADSI.
Note:
The metabase update service replicates all these configuration settings into the IIS
metabase.
In IIS 6.0, Extensible Markup Language (XML)-formatted files, named MetaBase.xml and
MBSchema.xml, replace the earlier binary file. The IIS configuration information is stored in
the MetaBase.xml file, while the metabase schema is stored in the MBSchema.xml file. When
IIS is started, these files are read by the metabase storage layer and then written to the in-
memory metabase through Admin Base Objects (ABO), as shown in the following figure.
The Location property in the configuration entries defines the hierarchy of the configuration
objects. For example, in Location ="/LM/SmtpSvc/1", LM means local machine, SmtpSvc
represents the SMTP service in general, and the numeral (1) represents the default SMTP
virtual server. The enumerator "1" corresponds to the CN attribute of the default SMTP virtual
server object in Active Directory.
231
The following figure illustrates the hierarchy of configuration entries for SMTP virtual servers,
according to the Location property of each IIsSmtp metabase entry.
Parameters that apply to the SMTP service generally are registered in the metabase in the
SmtpSvc node. You can find this node when you search for the Location ="/LM/SmtpSvc".
The following section is a shortened listing of this key:
ConnectionTimeout="600"
DefaultDomain="server01.TailspinToys.com"
DomainRouting=""
EnableReverseDnsLookup="FALSE"
232
FullyQualifiedDomainName="server01.TailspinToys.com"
...
SmtpRemoteProgressiveRetry="15,30,60,240"
SmtpRemoteRetryThreshold="3"
>
<Custom
Name="AuthFlags"
ID="6000"
Type="DWORD"
UserType="IIS_MD_UT_SERVER"
Attributes="INHERIT"
/>
...
<Custom
Name="UnknownName_61537"
ID="61537"
Value="0"
Type="DWORD"
UserType="IIS_MD_UT_SERVER"
Attributes="NO_ATTRIBUTES"
/>
</IIsSmtpService>
Under the SmtpSvc node, you find the configuration settings for each SMTP virtual server
that you created on the server that is running Exchange Server 2003. SMTP virtual servers
inherit the general settings configured for the SMTP service and can overwrite these settings.
The following is a schematic listing of the configuration section for the default SMTP virtual
server. Note the Location information.
>
233
<Custom
/>
</IIsSmtpServer>
Note:
When you compare the parameter names for SMTP virtual servers in the IIS
metabase with the attributes of SMTP virtual servers in Active Directory, you find
close matches. For example, the metabase parameter called PickupDirectory
corresponds to the Active Directory attribute called msExchSmtpPickupDirectory.
Note:
The domain definitions also contain entries that refer to Active Directory sites. An
example of such a domain name is 705260ab-46c4-454d-bfdd-
96b9c605364c._msdcs.fabrikam.com. The route action for these entries causes the
SMTP virtual server to place the messages in the \Drop directory from which Active
Directory can retrieve them. Do not change or remove these domain entries to avoid
directory replication issues. Active Directory uses the SMTP service to replicate
directory changes between sites.
234
EventTypes/{283430C9-1850-11D2-9E03-00C04FA322BA}/
Bindings/{A928AD15-1610-11D2-9E02-00C04FA322BA}/
SinkClass"
>
<Custom
Name="MD_0"
ID="0"
Value="Exchange.Router"
Type="STRING"
UserType="UNKNOWN_UserType"
Attributes="NO_ATTRIBUTES"
/>
</IIsConfigObject>
Event binding parameters are defined under each event sink node in the metabase hierarchy.
The current listing defines a SinkClass value that creates an association between the SMTP
transport OnGetMessageRouter event and the Exchange.Router sink class. Additional
binding entries exist to define the display name for the event sink as Exchange Router, and to
define other parameters, such as the priority of the event sink. The following table lists the
parameters that can be specified for an event binding.
235
Fortunately, you do not have to work with GUIDs to manage event sink bindings. You can use
server extension objects implemented in Seo.dll instead. Microsoft has developed a script
that demonstrates using server extension objects to manage event bindings for the SMTP
service. This script is called SMTPReg.vbs, and you can find it at smtpreg.vbs Event
Management Script. For example, you can use SMTPReg.vbs with the following command to
write all SMTP event bindings from the IIS metabase into a file called Event_Bindings.txt:
cscript smtpreg.vbs /enum > Event_Bindings.txt. The following listing shows the output
for the Exchange Router binding entry:
---------
| Binding |
---------
ID: {A928AD15-1610-11D2-9E02-00C04FA322BA}
SinkClass: Exchange.Router
Enabled: True
SourceProperties: {
priority = 8192
Caution:
If you edit the metabase incorrectly, you could cause serious problems that could
require you to reinstall your Exchange server. Microsoft cannot guarantee that you
can solve problems that result from editing the IIS metabase incorrectly. You edit the
metabase at your own risk. Make sure you have a valid backup copy of the metabase
files before you apply any changes.
Procedure
To enable the Enable Direct Metabase Edit Feature in IIS Manager
1. In IIS Manager, right-click the server object, and then click Properties.
3. If you want to change parameters that are not available in Exchange System
Manager, you can edit the metabase settings directly. For example, you can change
the SMTP banner of your SMTP server by adding a value for the ConnectResponse
property to the default SMTP virtual server's configuration object
(<IIsSmtpServerLocation ="/LM/SmtpSvc/1">) to prevent disclosing Exchange-
specific version information in SMTP communications, as follows:
ClusterEnabled="FALSE"
ConnectionTimeout="600"
...
4. If you find Notepad inconvenient, you can use Active Directory Service Interfaces
(ADSI) instead to modify metabase settings. The following code block performs the
same change to the SMTP banner. The following figure illustrates the modified SMTP
banner.
239
' Get the configuration object for the default SMTP virtual server
5. For more information about how to access IIS metabase settings using ADSI, see
Using ADSI to Configure IIS in the Microsoft Platform SDK.
Note:
You must restart the IIS Admin service and all its dependent services, including
the SMTP service, to save the changes. The SMTP service is designed to obtain
changes to the system configuration automatically, without requiring a restart. But
some modifications, such as changing the SMTP banner, might require a restart.
Note:
The base SMTP service of Windows Server 2003 uses an advanced queuing engine
implemented in Aqueue.dll to process received messages. The extended version of
the SMTP service does not use Aqueue.dll. Exchange Server 2003 replaces this
component with an Exchange advanced queuing engine, implemented in Phatq.dll.
To load Phatq.dll, Exchange Server 2003 modifies the SmtpAdvQueueDll property for
the SMTP service in the IIS metabase and points it to the Exchange advanced
queuing engine. Aqueue.dll and Phatq.dll perform similar functions, but Phatq.dll is
the only version that works with Exchange Server 2003.
Note:
The OnSubmission event is the only event that offers a Collaboration Data
Objects (CDO) interface. Therefore, you can program event sinks using Microsoft
Visual Basic or Visual Basic Scripting Edition (VBScript). You must program all
other event sinks using C/C++ or Microsoft Visual C#.
CDO-based event sinks can register for the CDO_OnArrival event, which is a wrapper
around the OnSubmission event that provides a handle to the message in CDO message
format. The major benefit to using CDO_OnArrival is that the CDO message object
interface has many useful methods, such as the parsing of MIME and Request for
242
Comments (RFC) 822 headers. For details about extending the SMTP service through a
CDO sink, see Microsoft Knowledge Base article 837851, "How to configure an Internet
Information Services SMTP virtual server to archive or to remove messages in an
Exchange Server 2003 test environment."
The major drawback of CDO-based event sinks is that the CDO interface adds overhead.
VBScript-based event sinks do not perform as fast as sinks written in C, C++, or Visual
C#. It should also be noted that CDO-based event sinks operate synchronously, and
there is a time limit of 60 seconds to process the message. After 60 seconds, the
advanced queuing engine assumes that the script is not responding and stops the
processing. The 60 second limit is hard coded and cannot be changed. Moreover, the
CDO interface does not support changing the content of store-submitted messages. This
is a limitation that CDO_OnArrival event sinks share with all other event sinks. This
limitation exists because Exchange converts a store-submitted message to a temporary
SMTP version for the event sink to handle, and then discards the temporary version after
the sink finishes processing. For more information about this issue, see Microsoft
Knowledge Base article 273233, "PRB: CDOEX: Cannot Change MAPI Message
Contents in a CDO SMTP Event Sink."
as an expansion server) have been expanded, and the actual recipients are listed in
the message transfer envelope. By default, no sink is registered for this event.
Note:
It is possible for Exchange Categorizer to split a message into multiple, separate
copies, with different content or envelopes, during a process named bifurcation
(explained later in this section). After categorization, the SMTP Transport
OnPostCategorize event is triggered separately in an uncorrelated manner for
each copy of the message. The message recipients might be distributed across
several different message copies.
Note:
The base SMTP service of Windows Server 2003 does not implement a router
sink and sends messages point-to-point to the final recipient destination.
Note:
By default, message tracking is disabled.
• SMTP StoreDriver This event occurs when a message must be saved to disk
or to the Exchange store. This is not a single event, but an event category. There are
multiple events that can be triggered for a sink that binds to this category. For
example, the advanced queuing engine triggers numerous StoreDriver events as a
message passes through the transport subsystem. You can read more about
StoreDriver event sinks later in this section.
Note:
SMTP StoreDriver events can be triggered by the advanced queuing engine or
the protocol engine.
• Messages Awaiting Directory Lookup This queue is also named the pre-
categorization queue. It is a throttling queue for the categorizer. This queue contains
messages before they reach the categorizer. The categorizer resolves the sender
and recipient information against Active Directory, expands distribution lists, checks
restrictions, applies per-sender and per-recipient limits, and more. The categorizer is
discussed in more detail in the section, "Exchange Categorizer," in SMTP Transport
Components.
246
Messages are not in any queue during message categorization. A message that is being
categorized is actually in the categorizer and is not listed in any queue. Thus, Queue
Viewer might show an empty pre-categorization queue, while the Performance monitoring
tool might show a positive count for the performance counter called Categorizations in
progress. By default, the advanced queuing engine allows a maximum of 1,000 pending
categorizations before retaining messages in the pre-categorization queue. This
threshold can be changed using the following registry key.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\SMTPSVC\Queuing
Value MaxPendingCat
Type REG_DWORD
• Dynamic Delivery These queues are domain queues with names that match
the remote domain or next hop address on the link. The queue name identifies the
destination.
247
A special case is message transfer through Exchange MTA, which is often referred to as
gateway delivery, because the MTA is also responsible for all MAPI-based connectors to
non-Exchange messaging systems, as explained in more detail in X.400 Transport
Architecture and Gateway Messaging Connectors Architecture. The SMTP transport
subsystem uses the Exchange store driver to move messages to and from the MTA
through the Exchange store. However, the advanced queuing engine does not know
whether a message must be transferred through SMTP or the MTA until the routing
engine returns this information. If the next hop of the recipient is over a non-SMTP
connector (Routing Group Connectors are considered SMTP connectors unless the
Routing Group Connector instance has an Exchange 5.5 bridgehead), the message is
sent to the Exchange MTA delivery queue and then to the local delivery queue. From
there the Exchange store driver sends it to the Exchange store. The recipient properties
that the categorizer sets in the message transfer envelope are used to distinguish which
recipients must be delivered to a local mailbox and which must be delivered to the
Exchange MTA.
Queue Description
Queue Description
Messages Queued for Deferred Delivery This queue contains messages that are
queued for later delivery. This queue might
contain messages that were sent by earlier
versions of Microsoft Outlook, such as
Microsoft Outlook 2000. Newer versions of
Outlook store these types of messages in
the Exchange store. Messages remain in
the Messages Queued for Deferred
Delivery queue until their scheduled
delivery time.
Note:
This queue might also contain
messages sent to a mailbox that
was recently moved to another
mailbox store or Exchange server,
while waiting for directory
replication to update the mailbox
location.
Queue Description
Caution:
Using Registry Editor incorrectly can cause serious problems that may require you to
reinstall your operating system. Microsoft cannot guarantee that problems resulting
from the incorrect use of Registry Editor can be solved. Use Registry Editor at your
own risk.
Location HKEY_LOCAL_MACHINE\Software\Microsoft\Ex
change\Mailmsg
Value MaxMessageObjects
Type REG_DWORD
Location HKey_Local_Machine\Software\Microsoft\Ex
change\TransportAVAPI
Value Enabled
Type REG_DWORD
Note:
Transport-scanning functionality is available only with Exchange virus scanners
that are based on Virus Scanning Application Programming Interface
(VSAPI) 2.5.
Note:
Up-to-date notifications are available only on devices that run the Microsoft
Windows Mobile 2003 operating system.
servers specified for a routing group connector. For more information about load
balancing message transfer between routing groups, see Message Routing
Architecture.
Exchange Categorizer
The Exchange message categorization system is made up of two components, a base
categorizer and the Exchange categorizer. The base categorizer is made up of code originally
implemented in Aqueue.dll. Exchange Server 2003 replaces Aqueue.dll by registering a DLL
called Phatq.dll. Phatq.dll includes all the features available in Aqueue.dll, plus Exchange-
specific features. The Exchange categorizer is implemented in PhatCat.dll. PhatCat.dll is
registered for the events in the OnCategorize event category. The advanced queuing engine
triggers these events through the base categorizer. The base categorizer and Exchange
categorizer jointly process the message in ten categorizer events.
Note:
The base categorizer triggers the events that drive the message categorization
process.
The advanced queuing engine triggers the following ten categorizer events:
• Register The base categorizer and the Exchange categorizer use this event to
initialize their interfaces. For example, the Exchange categorizer initializes its
interfaces to Directory Service Access (DSAccess), routing engine, and store driver. If
any one of these interfaces fail, then the Exchange categorizer fails to initialize itself.
All categorizers require interfaces to these components for the following reasons:
The Exchange categorizer also determines the list of global catalog servers that
DSAccess is using and provides this list to the base categorizer to use for its
Lightweight Directory Access Protocol (LDAP) lookups. By default, the base
categorizer uses the Active Directory domain topology to determine the global catalog
servers for LDAP lookups. However, on a server running Exchange Server 2003, the
categorizer should use the global catalog servers that DSAccess determined
dynamically, based on the Active Directory site topology, or statically, if you hard
coded global catalog servers in a DSAccess profile in the registry. For more
information about the DSAccess discovery process, see Exchange Server 2003 and
Active Directory.
Note:
The MailMsg object is an in-memory structure that contains a message
transfer envelope, plus a pointer to the actual message in either the NTFS
store or the Exchange store. The message transfer envelope has all
message header properties and recipient user information that the
categorizer needs to process the message.
• BuildQuery This event is called once for each recipient and the sender that
must be determined. However, query-based distribution group members are not
determined, because their attributes are already determined when processing the
query-based distribution group. For all recipients that must be determined, the
Exchange categorizer verifies whether the recipient resides in the DSAccess cache.
If this is true, the Exchange categorizer returns an ICategorizerItemAttributes object
to bypass the base categorizer directory service lookup code. Processing continues
with the ProcessItem event for this recipient. If the recipient is not in the DSAccess
cache, the LDAP-lookup code of the base categorizer creates an LDAP-compliant
search filter for the user, which is typically based on the proxyAddresses attribute and
the input address, for example:
(proxyAddresses=smtp:ted@fabrikam.com)
Tip:
To illustrate how an LDAP filter, based on proxyAddresses, can be used to find a
particular recipient object in Active Directory, you can use the LDIFDE tool
(Ldifde.exe) included in Windows Server 2003. The LDIFDE command-line
parameter "r" allows you to specify an LDAP search filter. For example, you can
use the following command to find Ted in the global catalog on Server01 in a
domain called fabrikam.com: ldifde -f c:\Ted.ldf -s Server01 -t 3268 -d
"dc=fabrikam,dc=com" -p subtree -r
"(proxyAddresses=smtp:ted@fabrikam.com)". If Ted has an SMTP address of
Ted@fabrikam.com, LDIFDE finds the recipient object in Active Directory and
writes all of its attributes to a plain-text file called Ted.ldf. The Exchange
categorizer uses exactly the same principle to find recipient objects, retrieve
default SMTP, X.400, and legacyExchangeDN attributes from the recipient, and
set them as properties on the MailMsg object. Later, the Exchange categorizer
uses this information in message processing.
The Exchange categorizer uses the proxyAddresses attribute for almost all address types
(except legacy Exchange distinguished names and X.500 distinguished names, because
this address information is not stored in the proxyAddresses attribute). For example,
when an Outlook user sends a message to another user in the Exchange organization or
an external user that has a mail-enabled recipient object in Active Directory, the Outlook
client specifies the legacyExchangeDN address of the recipient in the outgoing message
for backward compatibility with Exchange Server 5.5. The Exchange categorizer then
uses the legacyExchangeDN attribute in the search filter to find the recipient object in
Active Directory.
The Exchange categorizer must handle X.500 distinguished names when resolving the
members of a distribution group, because the group members are listed with their
distinguished names in the member attribute. In this situation, the Exchange categorizer
parses the distinguished name to determine the relative distinguished name (RDN) of the
recipient, which is the recipient's common name (CN) in Active Directory. The Exchange
categorizer then uses the cn attribute in the search filter with the remainder of the
distinguished name (which points to the recipient object's parent container in
Active Directory) as the root of the LDAP search to find the recipient object. By default,
the cn attribute is indexed in Active Directory, which results in an efficient directory
lookup.
• BuildQueries This event is called once for each batched lookup. The base
categorizer uses this event to combine in a single query the individual searches for
up to 20 recipients. Then SendQuery can issue a single search that returns a batch
of recipients. It is usually more efficient to issue a single search for multiple recipients
than to issue multiple searches for multiple recipients. This is true even though extra
processing is required to handle a SortQueryResults event when performing
searches in batches and matching the returned results with the individual recipients
of the message. The matching required on results fewer than 20 is more efficient
255
than requiring multiple round trip LDAP queries to Active Directory. The following is
an example of an LDAP-compliant search filter that can be used to find multiple users
at once:
(|(proxyAddresses=smtp:Ted@fabrikam.com)
(proxyAddresses=smtp:Birgit@fabrikam.com))
Tip:
To illustrate how an LDAP filter for multiple users works, you can use the
following command to find Ted and Birgit in the global catalog on Server01 in a
domain called fabrikam.com: ldifde -f c:\TedandBirgit.ldf -s Server01 -t 3268 -d
"dc=fabrikam,dc=com" -p subtree -r "(|
(proxyAddresses=smtp:Ted@fabrikam.com)
(proxyAddresses=smtp:Birgit@fabrikam.com))". If Ted has an SMTP address
of Ted@fabrikam.com and Birgit has an SMTP address of Birgit@fabrikam.com,
LDIFDE finds both recipient objects in Active Directory and writes all of their
attributes in separate sections to a plain-text file called TedandBirgit.ldf. The
categorizer uses exactly the same principle to find multiple recipient objects.
• SendQuery The categorizer triggers this event once for each batched lookup
and then performs the directory search asynchronously.
• SortQueryResult The categorizer calls this event once for each batched lookup
and then determines which users belong to which directory object (the LDAP results
returned for the query). The proxyAddresses attribute is used for matching results
from lookups, based on an SMTP address, an X.400 address, or a non-Exchange
address. The legacyExchangeDN attribute is used to match legacyExchangeDN
lookups, and the distinguishedName attribute is used to match X.500 distinguished
name lookups. The address information must uniquely identify each recipient for this
to work. If values are not distinguishing, a 5.1.4 NDR results. The following table
provides the details for the 5.1.4 NDR.
• ProcessItem The base categorizer triggers this event to add the default SMTP,
X.400, X.500, and legacyExchangeDN addresses for each recipient to the MailMsg
object. The addresses that the Exchange categorizer sets on the recipient are based
on the attributes returned for the recipient from Active Directory. The mail attribute
contains the SMTP address, the textEncodedORAddress attribute contains the X.400
address, the distinguishedName contains the X.500 address, and the
legacyExchangeDN attribute contains the legacy Exchange address.
Note:
The addresses used for the recipient after this point do not necessarily match the
address used to look up the recipient in Active Directory. For example, a non-
Exchange user might send a message to the secondary proxy address of an
Exchange user. During the ProcessItem event, the Exchange categorizer
replaces the secondary proxy address with the primary address of the Exchange
user.
The Exchange categorizer also has special code to handle contacts and one-off
addresses. Contacts are non-Exchange recipients, but they reside in Active Directory.
One-off addresses do not exist in Active Directory. The sender might have typed the
recipient address directly in the To line or might have specified a contact object from his
or her personal Contacts folder in Outlook. In either scenario, only the target address of
the recipient is known and added to the MailMsg object. If a contact address or a one-off
SMTP address matches an address space of the local Exchange organization, a conflict
occurs, because contacts and one-off addresses must refer to recipients outside of the
local Exchange organization.
The categorizer enforces its authority for addresses that match address spaces specified
in recipient policies when you select the This Exchange Organization is responsible
for all mail delivery to this address check box. If a user sends a message to an
address that is not in Active Directory but matches an address space in an authoritative
recipient policy, the Exchange categorizer sets an error status on the recipient that later
causes the advanced queuing engine to generate a 5.1.1 non-delivery report, which
signifies an unknown address. The Exchange categorizer also considers itself
authoritative for legacyExchangeDN and X.400 addresses that match the site address
space of the local administrative group.
257
Note:
If you have an alternate server configured on an SMTP virtual server (the
Forward all mail with unresolved recipients to host setting), the categorizer
reroutes messages to non-existent addresses in its authoritative address spaces
to the alternate server, instead of generating a 5.1.1 non-delivery report for the
recipients. This action is taken during the CompleteItem event.
The following table provides the details for the 5.1.1 non-delivery report.
For addresses that are not in Active Directory and do not match an authoritative recipient
policy or local site address space, the categorizer does not register an error. Instead, it
registers a relay to a remote destination.
• ExpandItem The categorizer triggers this event to handle the following tasks:
The Exchange categorizer also checks for loop conditions (for example, Ted forwards
to Birgit and then Birgit forwards to Ted). If a loop is detected, the categorizer informs
the advanced queuing engine to generate a 5.4.6 NDR for the first user in the loop.
• CompleteItem The base categorizer calls this event to perform final processing
when the work of all other categorizer event sinks is complete. Final processing
includes the following tasks:
current server is the first server to handle a sender or recipient for which
journaling must occur (for example, because message journaling is enabled
for the sender's or a recipient's local mailbox store), the Exchange
categorizer adds the mailbox store's journaling address to the message
transport envelope and transfers the message.
Note:
Message journaling might not reliably account for blind carbon-copy
recipients, recipients from transport forwarding rules, or recipients from
distribution group expansions. If you must record the message transport
envelope data, in addition to the message data, you must enable Envelope
Journaling. This is accomplished using the E-Mail Journaling Advanced
Configuration tool, available for download at the Exchange Server Email
Journaling Advanced Configuration Web site.
Note:
The Exchange categorizer determines the FQDN of each recipient's home
server through a component called MDAccess. MDAccess uses the
configuration information in Active Directory to determine the network
address of the server hosting a recipient's mailbox store. The Exchange
categorizer sets the recipient's homeMDB attribute as a property on the
recipient in the message transfer envelope, if the recipient's mailbox resides
on the local Exchange server. With this information the Exchange store driver
later determines the mailbox store to which it delivers the recipient's
message.
Criteria Action
Distribution group has an owner, and Redirect non-delivery reports to notify the
delivery reports are configured to be sent to configured owner of the group when an
this owner error occurs during the delivery of a
message to the group or to one of its
members. The categorizer redirects any
non-delivery reports for group members that
would usually return to the message
sender.
Delivery reports are configured to be sent Send delivery status notification to the
to message originator sender of the message. The categorizer
suppresses out-of-office notifications and
auto replies if the Send out-of-office
messages to originator check box, on the
Exchange-Advanced tab, is not selected
for the group. By default, this check box is
not selected.
263
Criteria Action
Note:
By default, the categorizer suppresses out-of-office notifications, auto replies,
and delivery status notifications when a user sends a message to a
distribution list. You can configure this by selecting the Send out-of-office
messages to originator check box, on the Exchange-Advanced tab, in the
distribution group properties. For more information, see Microsoft Knowledge
Base article 325469, "Automatic replies from distribution group do not work in
Exchange Server 2003 or Exchange 2000 Server."
• Status code mapping The Exchange categorizer also maps the status
codes that previous categorizer sinks have returned to the recipients in the e-
mail message. Error codes then cause the advanced queuing engine to
generate NDRs for affected recipients.
Message Bifurcation
As mentioned previously, the categorizer might create multiple copies of a message during
the categorization process. This process is called bifurcation and is performed any time
264
different recipients must receive different copies of the same message. Bifurcation is
performed for the following reasons:
Bifurcation occurs on the server running Exchange Server when the message is submitted by
the client. You can check the number of new messages created by the categorizer using the
Performance tool. The following figure illustrates the relevant performance counter.
265
Content Conversion
Users of MAPI clients, such as Outlook, can specify on a per-message or per-recipient basis
whether to send the message in rich-text, HTML, or plain text format. The categorizer must
convert the message accordingly. Administrators can also specify preferred formats in the
properties of mail-enabled recipient objects in Active Directory or define Internet mail formats
on an address space basis (for example, per Internet domain, in Exchange System Manager,
under Global Settings). Thus, messages sent to users in an Internet domain can be
formatted in rich-text, Multipurpose Internet Mail Extensions (MIME), or Unix-to-Unix encoded
(UUEncoded). The categorizer uses specific logic to coalesce these various format settings
for each recipient. When the categorizer resolves the message recipients, it might discover
that different message formats are required for subsets of recipients or individual recipients.
The categorizer must then bifurcate the message to have the correct message format, such
as rich-text, HTML, or plain text, for each recipient.
Content conversion is also required for MAPI messages to Exchange recipients inside the
local Exchange organization, if the messages are transferred over SMTP. Servers running
Exchange Server 2003 in the local routing group always communicate with each other over
SMTP. Servers running Exchange Server 2003 in different routing groups communicate over
SMTP when the Routing Group connector or SMTP connectors are deployed. To support
SMTP, the MAPI format must be converted to RFC 822 format so that the message can be
transferred.
266
Note:
Content conversion is done on the server where the user submits the message. This
allows the message to move from server to server by means of SMTP, without further
conversion. Content conversion is performed for MAPI messages only.
IMAIL
The message conversion process in Exchange Server 2003 is called IMAIL. IMAIL is an
internal component of the Exchange store. The Exchange categorizer does not perform the
actual message conversion. The Exchange categorizer creates copies of the message using
the Exchange store driver only and sets some properties in the message transfer envelope of
each copy. The store driver then uses these property settings as parameters to specify which
format to request when requesting the RFC 822 content from the Exchange store. The
Exchange store uses IMAIL to convert the MAPI message to RFC 822 format, using the
requested formatting parameters. When producing the RFC 822 content of a message, IMAIL
produces a rendering of the MAPI message only. The actual message in the Exchange store
is not changed. Changes to the rendered RFC 822 content are not dynamically correlated
back to the MAPI message that was used to produce the RFC 822 content.
TNEF
Exchange Server 2003 uses transport neutral encapsulation format (TNEF) to convert MAPI
messages to RFC 822 format. TNEF appears on a message as a MIME attachment of type
application/ms-tnef. The attachment is called Winmail.dat. It contains the full message
content and any attached files. Only MAPI clients, such as Outlook, are able to decode the
Winmail.dat attachment. Non-MAPI clients are unable to decode TNEF and might show
Winmail.dat as a typical, but useless file.
Note:
Recipients with mailboxes on an Exchange server, who use Internet clients to access
their messages, are not considered non-MAPI recipients. This is because the
Exchange store that hosts the mailboxes can produce the necessary RFC 822
content in non-MAPI format when users download MAPI messages from their
Inboxes using a POP3 or an IMAP4 client.
There are several possible Exchange-to-Exchange transfer scenarios that require MAPI to
RFC 822 conversion:
Note:
Within a routing group, Exchange Server 2003 always uses S/TNEF, because in
all remote delivery cases, the message is guaranteed to take either an SMTP
hop directly to a server running Exchange 2000 Server or Exchange Server 2003
or go to the Exchange MTA. Exchange 2000 Server and Exchange Server 2003
support binary MIME. On the other hand, if the message is passed to the
Exchange MTA for delivery to a server running Exchange Server 5.5 through
RPCs, message conversion is not required, because the RFC 822 format is not
used.
Note:
Non-MAPI recipients typically prefer to receive a message in plain text or HTML
without TNEF, because their clients cannot decode the Winmail.dat file that
includes the message and all attachments. TNEF encapsulation prevents non-
MAPI clients from accessing attachments. Non-Microsoft tools, such as EPOC
WMDecode for Windows, might be able to extract attachments from Winmail.dat
files.
268
• MAPI messages sent to public folders Messages sent to public folders are
always relayed in legacy TNEF format. You can read more about public folder
message handling later in this section.
You can control the TNEF format behavior for sending messages by adding the following
registry key. The number nn represents the virtual server instance for this machine.
Location HKey_Local_Machine\Software\Microsoft\Ex
change\StoreDriver\Exchange\nn\EnableTne
f
Value Disabled
Type REG_DWORD
associated with the public folder's top-level hierarchy. Therefore, it is difficult to determine the
delivery location for messages sent to the public folder.
To perform message delivery, the Exchange categorizer must deliver the message to a public
folder store that knows where the replicas of the public folder reside. This information is
contained in the Exchange store in the PTagReplicaList attribute. Only the Exchange store
with a public folder store that is associated with the public folder's top-level hierarchy has this
PTagReplicaList information.
To find a public folder store that is associated with the public folder's top-level hierarchy, the
Exchange categorizer reads the public folder's homeMDB attribute. The homeMDB attribute
contains the distinguished name (DN) of the top-level hierarchy object in Active Directory.
This object, in turn, has an msExchOwningPFTreeBL attribute that lists the public folder
stores associated with the top-level hierarchy. The Exchange categorizer then chooses a
public folder store from that list and directs the message to that public folder store. The public
folder store determines the PTagReplicaList entry for that folder, readdresses the message to
a public folder store that holds a replica of the public folder, and resubmits the message. The
message again goes through the advanced queuing engine, including categorization. When
the Exchange categorizer locates the updated folder location in the public folder store, it sets
the updated folder location as the destination of the message and re-routes the message.
The Exchange categorizer uses the following prioritization, from top to bottom, to select the
public folder store for the message:
1. Public folder stores on the local server running Exchange Server have the
highest priority
Note:
If multiple public folder stores exist in the local routing group, the Exchange
categorizer chooses the first from the list.
By default, DSAccess determines the list of global catalog servers dynamically, which
enables global catalog servers to be excluded from the list, if they become unavailable for
any reason. The connection retry period for an unavailable global catalog server is five
minutes. By default, DSAccess recalculates its list at least every 15 minutes. The Exchange
categorizer calls DSAccess once every hour to update the list of global catalog servers.
The Exchange categorizer also updates the list of global catalog servers if there are more
than 100 connection failures per global catalog server. A global catalog server might be down
for maintenance or other reasons, or there might be a network communication problem
causing an LDAP connection to fail. You can use the following registry parameters to specify
the timeout values that the categorizer uses to classify LDAP connections as not operational.
Caution:
Using Registry Editor incorrectly can cause serious problems that may require you to
reinstall your operating system. Microsoft cannot guarantee that problems resulting
from the incorrect use of Registry Editor can be solved. Use Registry Editor at your
own risk.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\SMTPSVC\Parameters
Value LdapResultTimeout
Type REG_DWORD
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\SMTPSVC\Parameters
Value LdapRequestTimeLimit
271
Type REG_DWORD
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\SMTPSVC\Parameters
Value MaxConnectionRetries
Type REG_DWORD
Location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl
Set\Services\SMTPSVC\Queuing
Value CatRetryMinutes
Type REG_DWORD
By default, the base categorizer can open up to eight (depending on the workload)
concurrent LDAP connections per global catalog server to perform directory lookups. You
can adjust the number of connections using the following registry key.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\SMTPSVC\Parameters
Value MaxLdapConnections
Type REG_DWORD
Note:
This value applies individually to
each process in the categorizer that
performs LDAP lookups: one
resolves recipients on submitted
messages during categorization
and one checks message
restrictions per recipient. Each of
these processes can have eight
connections, thus the maximum
total is 16 connections to global
catalog servers.
The Exchange categorizer selects the global catalog server with the lowest cost. If multiple
global catalog servers have the same cost value, the categorizer performs load balancing
across all available LDAP connections in a round robin fashion. The Exchange categorizer
selects a connection as follows:
1. The Exchange categorizer iterates through the list of existing LDAP connections
and automatically selects the first connection that has no pending searches.
LDAP OR filter can result in a performance gain, even though some extra processing is
required to match the results to the recipients in the message. Batched LDAP searches work
well for individual recipient objects that can be grouped together into a single query to a
global catalog. Most Exchange categorizer operations are in this category, but there are
exceptions.
• The categorizer must request paged attributes. For example, this is the case for
distribution groups with more than 1,000 members.
Note:
The Exchange categorizer checks with DSAccess to determine if a recipient object is
in the DSAccess cache. For cached objects, directory lookups are not performed.
You can manage the performance of the Exchange categorizer using the following registry
keys. For example, you can increase the maximum number of recipients in a batched search.
However, dramatically increasing this number might actually have a negative impact on
performance, because the overhead for matching results to recipients also increases. In
general, the default values are sufficient for most situations. Therefore, it is not a good idea to
change these values without the assistance of a Microsoft Product Support specialist.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\SMTPSVC\Parameters
Value MaxSearchBlockSize
Type REG_DWORD
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\SMTPSVC\Parameters
Value MaxPendingSearches
Type REG_DWORD
Message Re-Categorization
Messages are categorized only once. For messages in the \Queue folder on the file system,
the categorizer uses alternate data streams, a little known NTFS feature, to persist the
MailMsg property stream, which includes message envelope and categorization information.
Alternate data streams enable data storage in hidden files, which are linked to a visible file on
an NTFS partition. When the SMTP service cannot transfer a message immediately and must
retry at a later time, the message is saved and closed. Part of that operation involves saving
the existing MailMsg property stream, so that it can be reloaded and used when the message
transfer is retried. However, if you must categorize a message again (for example, if it is
queued for a destination server that no longer exists) you will notice that categorization is not
performed a second time.
The advanced queuing engine stores messages either as .eml files in the SMTP virtual
server's \Queue directory or as Exchange installable file system (ExIFS) files in the Exchange
store. For .eml files, the categorizer uses two NTFS alternate data streams, named
PROPERTIES and PROPERTIES-LIVE, during the categorization process to persist the
properties of the MailMsg object and categorization information. The PROPERTIES data
stream provides a copy of the original message. The PROPERTIES-LIVE data stream
provides a copy of the current message. The alternate data streams are removed when the
SMTP service moves a message to the \Badmail folder. In this situation, the message is
saved with a .bad file name extension, and the property stream is saved in a separate file
with a matching file name, but with a .bdp file name extension.
Note:
The way that the property stream is saved depends on the store driver that is used.
The NTFS store driver saves property streams using alternate data streams. The
Exchange store driver saves property streams by copying the data to a special binary
MAPI property of the message (if the property stream is small) or to a separate ExIFS
file (if the property stream is large), in which case a link to the ExIFS file is saved in
the binary MAPI property.
The following figure shows sample content from the parent file (on the left), together with
MailMsg property information in the alternate data stream (on the right). Note that the
PROPERTIES-LIVE stream in the top window contains detailed recipient information
obtained for sender and recipient from Active Directory.
Note:
If you move an NTFS file with an alternate data stream to a File Allocation Table
(FAT) partition, the alternate data stream is lost, because FAT does not support this
feature. This loss includes categorization information and message transfer
envelope. Later, if you move this file to the pickup directory, the P2 (RFC 822)
recipient list is used to deliver the message, unless x-sender and x-receiver headers
are specified. This list might differ from the P1 (RFC 821) recipient list that was used
277
to send the message originally, so some recipients might receive the message twice,
Bcc'ed recipients might not receive the message at all, or unintended recipients might
receive a copy of the message. These outcomes occur because the original P1
recipient list was lost with the MailMsg property stream, leaving the SMTP service
with no information other than the P2 recipient list. The P2 recipient list, however, is
not designed to maintain a list of recipients for the purpose of transport and delivery.
Forcing Re-Categorization
The previous discussion demonstrates that it is not a good idea to move files to a FAT
partition to drop the MailMsg property stream, thus forcing the transport subsystem to re-
categorize a message.
In these situations, you must re-categorize the messages. However, server restarts do not
affect alternate data streams. For this reason, restating the server running Exchange Server
does not result in the re-categorization of messages. To trigger a re-categorization without
moving files to a FAT partition, you must reset the message status using the following registry
key:
278
Caution:
Using Registry Editor incorrectly can cause serious problems that may require you to
reinstall your operating system. Microsoft cannot guarantee that problems resulting
from the incorrect use of Registry Editor can be solved. Use Registry Editor at your
own risk.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\SMTPSVC\Queuing\
Value ResetMessageStatus
Type REG_DWORD
Note:
The MailMsg property stream is the primary mechanism that transport components
use to make permanent changes to a message. The MailMsg property stream is
persisted across service restarts.
To create the MailMsg object in memory for a received message and to work with the actual
message, the advanced queuing engine uses the following store drivers:
Note:
Changes written to the content of the message are not always permanent. In the
case of messages backed up by the Exchange store driver, changes are lost
because the Exchange store works only with a temporary message copy.
Note:
The Exchange Server 2003 Setup program moves the \Mailroot directory of the
SMTP service from \Inetpub\Mailroot to \Program Files\Exchsrvr\Mailroot. The
previous folder structure is not deleted. However, any messages in the former
\Pickup and \Queue folders are not delivered. To send these messages, you must
manually move them to the current \Pickup folder of the SMTP virtual server.
Each \Vsx folder has three or four subfolders for the following purposes:
280
The file name of the message item is not important. The SMTP service uses its own logic
to name the message file in the \Queue directory and append an .eml file name
extension, for example NTFS_7224ae2001c4125c0000001b.eml.
x-sender: Ted@contoso.com
x-receiver: Birgit@fabrikam.com
From: Ted@contoso.com
To: Birgit@fabrikam.com
This message is passed to the SMTP service through the \Pickup directory.
Note:
You should create the text messages in another folder on the file system and
then move the messages to the \Pickup folder. To avoid conflicts with the
monitoring SMTP service, do not create the files directly in the \Pickup folder.
• \Queue This folder holds all messages received through SMTP that are
currently waiting for transfer to a remote destination through SMTP. However,
messages received through the Exchange store are not in this directory during
processing in the SMTP transport subsystem. Messages might accumulate in this
folder if a connection is busy or currently unavailable.
281
Note:
The advanced queuing engine attempts to resend messages in the \Queue folder
at designated intervals. You can configure these intervals in Exchange System
Manager, in the SMTP virtual server properties, on the Deliver tab. However, the
content of the \Queue folder is not scanned at intervals. The content of the
\Queue folder is scanned only when you start a service or when you restart an
SMTP virtual server.
• \Filter By default, this folder is not present. It is created automatically when the
first message is filtered, after you enable message filtering for a particular virtual
server. To enable message filtering, from Exchange System Manager, select the
SMTP virtual server properties, select the General tab, and then click Advanced.
Note:
In addition, there is a \Windows\NTDS\Drop folder that the SMTP service uses on
domain controllers to deliver inter-site directory replication messages to Active
Directory. The \Drop folder is not used to deliver Exchange messages.
Do not place the \Mailroot directory on a FAT partition, because FAT partitions do not support
alternate data streams to a file object, and they have other restrictions. For example, FAT16
partitions support a maximum of 65,535 files. This can be a problem on a busy bridgehead
server. If a queue begins to fill, it is possible to deplete entries to create new files. However,
this process is complicated by the fact that each message requires three files. Because
alternate data streams are unavailable on a FAT partition, the NTFS store driver must create
three different files for each message, instead of one file with two alternate data streams. FAT
does not perform well on large volumes, because it provides minimal fault tolerance and no
recoverability after an unexpected system halt. A positive performance impact may occur if
you place the \Mailroot directory on a high-performance disk subsystem, such as a redundant
array of independent disks (RAID). A RAID 0+1 with eight to ten disks is a good start for high-
volume message delivery. A RAID controller with a cache larger than 64 megabytes (MB) also
helps performance.
282
Note:
Every message that is processed by the SMTP protocol engine is committed to disk
and then read to a MailMsg object.
In addition, messages might not leave a server running Exchange Server 2003 through the
SMTP protocol engine. A message might be addressed to a recipient with a mailbox in the
local Exchange store, in which case the message is delivered through the Exchange store
driver. Messages for remote recipients that are reached through the Exchange MTA must also
be transferred to the Exchange store, because the Exchange MTA has its outbound message
queue in the Exchange store. The Exchange MTA controls message transfer to servers
running Exchange 5.5 in the local routing group, to remote Exchange MTAs and non-
Exchange X.400 MTAs using an X.400 connector, or to a non-Exchange messaging system
using a MAPI-based messaging connector. For more information about the Exchange MTA,
see X.400 Transport Architecture.
283
engine, the Exchange store driver must pass a function call from the virtual address space of
Store.exe to the virtual address space of the Inetinfo process. The Exchange store driver
must also pass a function call in the other direction, from the IIS Inetinfo process to the
Exchange store, for local delivery to a recipient mailbox or to the Exchange MTA message
queue.
The Exchange Store Driver event sink uses the following three key components to enable
inter-process communication between the Exchange store and Inetinfo. Together these
components form the Exchange store driver.
• Drviis.dll This DLL runs in the Inetinfo process and communicates with the
advanced queuing engine through SMTP StoreDriver COM events.
The shared-memory model of Epoxy.dll is based on the Shared Memory Circular Queue
(SMQ) model. This means that within the Epoxy.dll layer, individual circular queues of a
fixed size are used for data transfer in either direction. The Epoxy.dll layer includes a
binding facility that enables the store driver to create and connect an arbitrary number of
circular queues between IIS and the Exchange store. This binding facility includes a
central queue manager that monitors the queues that communicate through this process.
This binding facility is also used for queue unbinding and cleanup.
285
Note:
Epoxy.dll uses local remote procedure calls (LRPCs) and a shared-memory heap
to pass data between IIS and the Exchange store. Shared memory works only for
processes running on the same computer. Communication between remote
processes, as in a full remote procedure call (RPC) scenario, is not possible
using Epoxy.dll.
• ExSMTP.dll This DLL runs in the Exchange store process and implements the
protocol stub to communicate with the Exchange store through EPOXY and the
Inetinfo interface of Dviis.dll.
The Exchange installable file system is made up of the following main components (shown in
the following figure):
• Exifs.sys This is a kernel-mode driver that the Exchange store driver can use
to read and write items from and to messaging databases. This driver provides the
Win32 file API for the Exchange store.
• Win32 This mode is based on file names and is used to make the Exchange
store visible through the file system similar to a disk drive. The operating system
maps the file namespace \\.\backofficestorage to the Exchange installable file
286
system. This namespace provides access to all private and public databases. The
format is file://./backofficestorage/DomainName, such as
file://./backofficestorage/fabrikam.com.
Note:
Win32 files are used primarily by the HTTP-DAV protocol and EXOLEDB and
CDOEX APIs.
Note:
The components in the SMTP transport subsystem exclusively use extended
attributes to open files in ExIFS.
1. When an Outlook user sends a message, the message is placed in the Outbox of
the user's mailbox and marked for delivery.
2. The Exchange store places the message to its internal SendQ folder and calls
the Exchange store driver to transfer the message to IIS.
3. ExSMTP.dll determines the folder identifier (FID) and message identifier (MID) of
the message and reads transport-relevant message properties (such as sender and
recipient addresses, and whether delivery reports are requested). ExSMTP.dll
reformats these properties into a property stream for MailMsg object. ExSMTP.dll
includes the FID and MID of the message, so that Drviis.dll can later fetch the
message content on the side of Inetinfo if necessary. The FID uniquely identifies the
message folder in the Exchange store that contains the message. The MID uniquely
identifies the message.
Note:
The message envelope does not contain the message content. Epoxy.dll is used
to pass message envelope information to Inetinfo. ExIFS.sys is used to marshal
the message content, if necessary. It might never be necessary to access the
content of a message if it is a "local to local" or "local to Exchange MTA" delivery.
The RFC 822 content only needs to be produced for delivery to recipients in
other mailbox stores, for outbound SMTP delivery, or for sinks that request the
content during a transport event.
Note:
A heap is used for allocating and freeing memory dynamically in addition to what
the operating system allocates for the code and stack during run time.
5. Drviis.dll de-queues the pointer on the Inetinfo side (that is, removes the pointer
from the circular memory queue). The pointer references the shared memory that
holds the envelope property stream, folder ID, and message ID.
6. Drviis.dll uses the memory pointer to read the property stream from shared
memory to a MailMsg object. As mentioned earlier in this section, the MailMsg object
is made up of a message transfer envelope that provides the information required to
route the message to the next hop, plus a pointer to the actual physical message. At
this point, the MailMsg object has the message transfer envelope information
because the properties for the MailMsg object are all in the shared memory block that
was prepared by ExSMTP.dll.
7. Drviis.dll places the MailMsg object in the pre-submission queue. The transport
subsystem can now process the message.
8. The advanced queuing engine triggers its transport and system events to invoke
the base and Exchange categorizers and the routing engine, and other registered
event sinks to process the message. Most transport processing is performed using
the message transfer envelope. The message content is not opened until it is
explicitly required. For example, the Exchange categorizer might have to perform a
content conversion. If the message must be transferred to the next hop over SMTP,
the SMTP protocol engine must access the message content in RFC 822 format.
Note:
For local delivery of MAPI messages (sent and received on the same server
without content conversion), the content is never opened by the SMTP transport
components (if you have not installed any custom event sinks that attempt to
read the RFC 822 message content, such as an archive sink).
10. For messages in the Exchange store, MailMsg call Drviis.dll to open an ordinary
file handle. The message content is requested in RFC 822 format. For messages that
are categorized, the property stream might also contain some additional outbound
conversion values that can be used to request a specific format when retrieving the
content.
289
11. As mentioned earlier in this section, Drviis.dll saves a pointer to the physical
message in the MailMsg object. This pointer is made up of the folder ID and message
ID for the message. Drviis.dll uses this pointer and any additional content formatting
parameters to pass a message request packet through Epoxy.dll to Exsmtp.dll inside
the Store.exe process.
12. Exsmtp.dll calls an internal Exchange store method named EcGetMime with the
folder ID and message ID to request the content of the message in RFC 822 format,
specifying any additional parameters that Drviis.dll might have passed.
Note:
You might notice the EcGetMime call in application event log entries with an
event source of MSExchangeTransport and an event category of Exchange Store
Driver. For an example, see Microsoft Knowledge Base article 319682, "XGEN:
The Exchange 2000 Information Store Reports an Event ID327 Warning
Message and Virtual Memory May Be Fragmented."
13. Because the message was submitted through Outlook, the message is not in
RFC 822 format. The message is in MAPI format, stored in the .edb file. Therefore,
the content that Exsmtp.dll is requesting does not exist in the streaming database
(that ExIFS is using) when the message is opened by a transport component or
Internet client.
Note:
Exchange Server 2003 stores messages received from MAPI clients, X.400
connectors, or Exchange Development Kit (EDK)-based connectors in MAPI
format in the .edb database.
14. If the message does not exist in the streaming database, it must be created using
the various properties and tables in the .edb database that describe the message.
Accordingly, the Exchange store uses IMAIL to create a temporary ExIFS file and to
render the message from the database to that file in RFC 822 format, according to
the requested formatting parameters that are passed.
Note:
The Exchange categorizer uses the IMAIL mechanism to apply message formats
to the content, as defined for Internet domains in Exchange System Manager or
as specified by the user per recipient in Outlook. If no formatting parameters are
passed to IMAIL, IMAIL formats MAPI messages in Summary TNEF (S/TNEF)
format.
15. In Exchange Server 2003, ExIFS.sys creates a temporary ExIFS file so that a
malfunctioning event sink that attempts to modify the RFC 822 content cannot corrupt
the committed pages in the streaming database. Instead of writing to actual content
pages, the event sink is writing to a copy only.
290
16. Once the temporary ExIFS file is generated, the file handle is passed back to
Exsmtp.dll. Exsmtp.dll calls to ExIFS to retrieve a pointer to the pages that the file
occupies in the streaming database (that is, to the extended attributes which ExIFS
copies to an in-memory structure called a scatter list).
17. Exsmtp.dll copies the scatter list to shared memory and passes the list back to
Drviis.dll through Epoxy.dll.
18. Drviis.dll uses this scatter list to open the ExIFS file in the form of an extended
attributes (EA) file. Now that Drviis.dll has the open ExIFS file handle, it returns the
file handle to MailMsg, which can then process ReadContent or WriteContent
requests to the RFC 822 message content.
19. The SMTP protocol engine can now read the message content and transfer the
data to a remote host or Exchange server through SMTP.
20. After successful message transfer, the advanced queuing engine deletes the
MailMsg object, because it is no longer needed. Accordingly, the advanced queuing
engine calls to the Exchange store driver (drviis.dll) to delete the message. Drviis.dll
creates a request to delete the message in shared memory and transfers the request
through EPOXY to Exsmtp.dll. Then Exsmtp.dll either moves the message from the
sender's Outbox to the Sent Items folder or deletes the message.
Note:
The content is re-rendered every time it is requested. Each time the content is
requested, it is returned in a temporary ExIFS file. As long as that file remains open, it
can be used. After the file is closed, it is automatically discarded, because it is only a
temporary copy of the message. To minimize the number of rendering cycles, the
advanced queuing engine keeps the content file open until the message is
transferred or delivered. The content file is closed only when messages are ready to
be deleted or are scheduled to be retried at a later time. A message might be retried
at a later time either because the remote server is unavailable, or because more than
10,000 content files are open and actively processed in the queue. If more than
10,000 content files are open and actively processed, some files must be closed to
make room for other messages. When a message is opened again at a later time (for
example, because message transfer is retried), the content must be re-rendered. It is
important to understand that IMAIL renders a new temporary ExIFS file when the file
is opened. Any changes to this ExIFS file are lost when the file is closed.
Note:
If messages are sent from and received in the same mailbox store, the content is
not copied to the store. If messages are sent from and received in different
mailbox stores on the same server, the message is copied using RFC 822
S/TNEF as the intermediate format. No content marshaling from the Exchange
store to the Inetinfo process occurs. The processing is done in the Exchange
store. IMAIL renders the content in S/TNEF format to an ExIFS file at the request
of Exsmtp.dll. The Exchange store uses this ExIFS file to construct a new
message for delivery to the mailbox store that contains the recipient's mailbox.
4. In the SMTP/Pickup case, ExIFS returns the scatter list that indicates the location
of the new item's data in the streaming database.
5. Drviis.dll allocates memory from the shared-memory heap and places the scatter
list into the allocated memory block. A pointer to that portion of allocated shared
memory is then placed in the queue in the direction of the Store.exe process.
6. ExSMTP.dll obtains the pointer from the queue on the Exchange store side. The
pointer references the shared memory that holds the scatter list for the inbound
message.
7. ExSMTP.dll calls into Ifsproxy.dll with the scatter list to receive a file handle back
from ExIFS. To commit the item to the database, a message must be created, so
ExSMTP.dll calls to the Exchange store kernel (Store.exe) through the messaging
database external interface (MDBEIF) to create a message object. ExSMTP.dll then
explicitly passes the file handle of the content to the Exchange store kernel and the
Exchange store kernel passes the file handle to ESE to commit the data when
ExSMTP.dll commits the message object.
Note:
Page checksums are stored in the MAPI-based database file (.edb). The
streaming database file (.stm) does not contain page checksums.
292
8. The Exchange store informs Outlook when a new message arrives and Outlook
lists the message in the Inbox folder.
9. ExSMTP.dll notifies Drviis.dll through EPOXY that delivery is complete, and then
Drviis.dll returns a positive result to the advanced queuing engine. The advanced
queuing engine can then delete the message, as follows:
Note:
Messages for remote recipients that arrive through \Pickup directory or SMTP
protocol engine do not reach the Exchange store. They remain in the \Queue folder
on the file system until they are successfully transferred to the next hop on route to
their destination. However, the categorizer might use the Exchange store for
messages that are not delivered through the Exchange store driver. The categorizer
might need to generate delivery status notifications, which are created in the
Exchange store.
Transfer Retries
Note that messages that enter the advanced queuing engine through the Exchange store
driver remain in the Exchange store during the categorization and routing process, as well as
during the actual transfer process. The message is not copied to the SMTP virtual server's
\Queue folder. These types of messages also remain in the Exchange store if a connection
failed and must be retried. If a message cannot be transferred immediately, it is moved to a
temporary table. Therefore, the message disappears from the sender's Outbox folder and is
copied to the Sent Items folder (if Outlook is configured to keep a copy of all messages in the
Sent Items folder). The message remains in the temporary table until it is transferred
successfully or expires. You can view these messages in the Failed Message Retry queue
using the Queue Viewer snap-in in Exchange System Manager.
293
You can verify that the extended SMTP commands for Exchange Server 2003 are loaded
when you connect to the TCP port of your SMTP virtual server using telnet. As shown in the
following figure, the server response indicates the features that the SMTP virtual server
supports when you submit the EHLO command to initiate an ESMTP connection. The
standard commands are listed when you submit a HELP command.
The following table explains the SMTP features that the Exchange-extended SMTP service
supports.
294
AUTH, AUTH GSSAPI NTLM LOGIN, and Signals that the local SMTP virtual server
AUTH=LOGIN supports the SMTP authentication service
extension. The additional information after
the AUTH key word identifies the supported
authentication mechanisms.
Note:
All Exchange-specific SMTP commands start with "X-" (without the quotation marks).
If these commands are not listed in the EHLO response of your SMTP virtual server,
then the server is running the Windows Server 2003 base version of the SMTP
service. In this case, you must reinstall Exchange Server 2003 and any Service
Packs.
• The SMTP service receives an SMTP command These events occur when a
remote SMTP host or client connects to the local SMTP service and establishes a
session by sending the HELO or EHLO command. Events in this category are SMTP
Protocol OnInboundCommand events on incoming connections.
• The SMTP service receives an SMTP response These events occur when the
local SMTP service receives responses from a remote SMTP host or client to
outbound SMTP commands. Events in this category are SMTP protocol
OnServerResponse events on outbound connections.
• The SMTP service sends an SMTP command These events occur when the
local SMTP service connects to a remote SMTP host and establishes a session to
transfer messages. Events in this category are SMTP protocol OnSessionBegin,
OnMessageStart, OnPerRecipient, OnBeforeData, and OnSessionEnd events on
outbound connections.
The following table summarizes the purpose of each SMTP protocol event.
299
Event Comments
• XEXCH50 This feature is implemented using nine event sinks to support a full
communication between two servers running Exchange Server. The following table
maps the protocol events to their XEXCH50 event sinks. All XEXCH50 sinks are
implemented in peexch50.dll, which resides in the \Program Files\Exchsrvr\bin
directory.
300
• X-EXPS These features are implemented using five event sinks, as listed in the
following table. All protocol security extensions are implemented in Exps.dll in the
\Program Files\Exchsrvr\bin directory.
304
• SPAM Control This feature is implemented using three event sinks that process
sender and recipient information on incoming SMTP connections, as listed in the
following table. The spam control event sinks are implemented in Turflist.dll in the
\Program Files\Exchsrvr\bin directory.
305
Protocol Logging
When you keep a history of all SMTP protocol activities, you can prove whether a particular
message left your server, verify whether the SMTP virtual server is performing its work as
expected or is experiencing communication problems, and identify attacks from the Internet.
The following protocol logging can be configured for an SMTP virtual server in Exchange
System Manager, on the General tab, in the virtual server's properties:
• No Logging The event sink does not track SMTP protocol activities.
• Microsoft IIS Log File Format The event sink keeps track of SMTP protocol
activities in a comma-separated plain-text file. This format includes the remote host's
IP address, the host name if specified, the date and time of the request, the status
code, the number of bytes received, the elapsed time of the request, the number of
bytes sent, and the action taken. The items are separated by commas and the list
cannot be customized. You can configure the path to the log files in Exchange
System Manager. The default path to the log file directory is
Windows\System32\LogFiles.
Note:
For most detailed logging in text files, select Microsoft IIS Log File Format.
• NCSA Common Log File Format The event sink keeps track of SMTP protocol
activities in a comma-separated plain-text file. This is a fixed, non-customizable
ASCII format that includes basic information, such as the remote host name, user
name, date, time, command type, status code, and the number of bytes received.
The items are separated by spaces.
• ODBC Logging The event sink keeps track of SMTP protocol activities in an
open database connectivity (ODBC)-compliant database, such as Microsoft Access
or Microsoft SQL Server. For troubleshooting purposes, you might find it sufficient to
log protocol activities in an ASCII text file instead of an ODBC-compliant database.
Note:
IIS includes an SQL template file, which can be run in an SQL database to create
a table that accepts log entries from IIS.
• W3C Extended Log File Format The event sink keeps track of SMTP protocol
activities in a customizable plain-text file. When you choose this format, you can
exclude all those fields from the log file that do not have meaningful information for
SMTP protocol activities, such as user name in anonymous SMTP communications.
This can help to limit log size by omitting unwanted fields. Fields are separated by
spaces.
307
Event Logging
Exchange Server 2003 uses the SMTP Eventlog Sink to record events for internal SMTP
service components in the application event log. An event in this sense is any significant
occurrence in the system that might require administrator attention. Event logs can help you
identify and diagnose the source of current system problems, or help you predict potential
issues. By default, only minimum information is written to the event log. However, you can
increase the amount of information using the diagnostics logging settings available in
Exchange System Manager.
Note:
To reduce the amount of information written to the application event log during typical
operation, Exchange Server 2003 might only log a single event hourly for events that
occur multiple times per hour.
For detailed instructions about how to enable diagnostic logging, see How to Enable
Diagnostics Logging for the SMTP Service in Exchange System Manager.
For detailed instructions about how to set the diagnostics logging level for
MSExchangeTransport categories to Field Engineering, see How to Set the Diagnostics
Logging Level for MSExchangeTransport Categories to Field Engineering.
For more information about Field Engineering logging, see Microsoft Knowledge Base article
262308, "XCON: How to Generate Application Log Events for Non-Delivery Report Failures."
Message Tracking
Message tracking is a feature that you can use to track messages across an Exchange
organization. You can track all types of messages, including system messages and regular e-
mail messages that are going to or coming from a non-Exchange messaging system. An
example of system messages are public folder replication messages that the Exchange
stores on multiple servers exchange with each other to keep public folder instances on
separate servers synchronized. You can use Message Tracking Center to locate messages
308
that failed to arrive in your users' mailboxes, such as messages that are stuck in a
connector's message queue.
By default, message tracking is not enabled. You must enable this feature on each server for
which you want to track messages. When enabled, Exchange Server 2003 uses
MsgTrackLog Sink in the SMTP service to add tracking information about messages routed
through the server to the message tracking logs. To enable message tracking for multiple
servers, you can use a server policy.
For detailed instructions about how to enable message tracking, see How to Enable Message
Tracking in Exchange System Manager. You can also configure how Exchange Server 2003
maintains message tracking log files. For example, you can prevent the removal of log files or
modify the length of time the log files are kept. The default period that tracking logs are kept
is seven days. For more information about how to use message tracking, see Microsoft
Knowledge Base article 262162, "XADM: Using the Message Tracking Center to Track a
Message."
Note:
Message tracking logs can grow quickly on bridgehead servers that process many
inbound and outbound messages. Make sure that you have adequate disk space for
tracking log files.
Setting the diagnostics logging level to Maximum can cause many events to be written to the
application event log. As a best practice, set the size of the application and system event log
to 30 MB, and enable the option to overwrite events as needed. Remember to reapply the
default setting of None after you solve the problem.
309
Procedure
Enable diagnostics logging for the SMTP service in Exchange System Manager
1. Display the properties of the Exchange Server object that hosts the SMTP
virtual servers.
4. Under Categories, select all the categories that the SMTP service provides,
including Routing Engine/Service, Categorizer, Queuing Engine, Exchange
Store Driver, NTFS Store Driver, SMTP Protocol, and Connection Manager.
Caution:
Incorrectly editing the registry can cause serious problems that may require you
to reinstall your operating system. Problems resulting from editing the registry
310
incorrectly may not be able to be resolved. Before editing the registry, back up
any valuable data.
Procedure
Set the diagnostics logging level for MSExchangeTransport categories to Field
Engineering
1. Start Registry Editor, and open the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeTransport\Diag
nostics.
By default, message tracking is not enabled. You must enable this feature on each server for
which you want to track messages. To enable message tracking for multiple servers, you can
use a server policy.
Note:
Message tracking logs can grow quickly on bridgehead servers that process many
inbound and outbound messages. Make sure that you have adequate disk space for
tracking log files.
Procedure
Enable message tracking
1. Start Exchange System Manager and display the properties of the server on
which you want to enable message tracking.
2. On the General tab, select the Enable message tracking check box.
Reference
For more information about how to use message tracking, see Microsoft Knowledge Base
article 262162, "XADM: Using the Message Tracking Center to Track a Message."
The X.400 standard was originally developed in the 1980s by telecom companies, under the
umbrella of Consultative Committee for International Telephone and Telegraph (CCITT),
which later became the Telecommunications Standardization Sector of the International
Telecommunication Union (ITU-T). ITU-T publishes updated X.400 recommendations every
four years. Each update introduces new features but remains compatible with previous
versions. The first official X.400 recommendation was published in 1984 and is referred to as
the Red Book because of the color of its cover. The 1984 X.400 recommendation had several
weaknesses in the area of message handling. The 1988 X.400 recommendation introduces
additional X.400 message bodyparts and envelope properties. Object identifiers describe
message attachments precisely, so that attachment names and other object properties are
preserved. The 1988 X.400 standard is referred to as the Blue Book.
Note:
The ITU-T uses the letters from the English alphabet to categorize their standards:
The "X" in X.400 indicates that the standard is for data networks and open system
communications. For details about "X" standards, see the ITU-T Web site
(http://www.itu.int/).
This section assumes that you are familiar with the design of message routing topologies and
the configuration of X.400 connectors. For more information on X.400 connector
configuration, see the Exchange Server 2003 Administration Guide.
313
Caution:
Using Registry Editor incorrectly can cause serious problems that may require
you to reinstall your operating system. Microsoft cannot guarantee that problems
resulting from the incorrect use of Registry Editor can be solved. Use Registry
Editor at your own risk.
315
• SMTP service In Exchange Server 2003, the Exchange MTA does not perform
message routing. Message routing is the task of the routing engine, which is part of
the SMTP service. The Exchange MTA communicates with the routing engine
through Mtaroute.dll to make its routing decisions.
Note that the communication with the SMTP service is bi-directional. The MTA
communicates with the SMTP service for message routing purposes. The SMTP service
initiates communication when the routing topology changes, to inform the MTA that all
messages must be rerouted. For more information about the interaction between the MTA
and the SMTP service, see Connecting Routing Groups Using X.400 Connectors.
• Exchange store As illustrated in the following figure, the SMTP service passes
outbound messages to the Exchange MTA through the MTA's message queue in the
Exchange store. The Exchange MTA also passes inbound messages to the SMTP
service through the Exchange store. Communication with the Exchange store is
required if messages must be transferred over MAPI-based messaging connectors
for which the Exchange MTA is responsible. MAPI-based messaging connectors,
similar to the SMTP service, maintain message queues in the Exchange store, as
explained in Gateway Messaging Connectors Architecture.
To communicate with the Exchange store, the MTA uses an internal API named XAPI,
which is a wrapper around MAPI. To start the Microsoft Exchange MTA Stacks service
successfully, the Exchange store must have at least one mailbox store to host the
message queues. You can read more about outbound and inbound message handling
later in this section.
Note:
If your bridgehead server running Exchange Server 2003 hosts many X.400
connectors or connects to non-Exchange messaging systems, such as Lotus
Notes and Novell GroupWise, you should consider placing the transaction logs
and database files of the Exchange store on separate disks, even if the
Exchange store does not contain user mailboxes. By spreading the database
files across multiple physical drives, you can improve system performance.
• File system The Exchange MTA uses two important directories on the file
system. These directories are named the MTA database directory and the MTA run
directory. The database directory contains queue files and messages during transfer
in the form of .dat files. This collection of .dat files is named the MTA database. The
run directory contains template files (named run files). Run files determine how the
MTA formats data using Abstract Syntax Notation One (ASN.1). By default, both the
database directory and run directory point to the same physical directory on the file
system. As indicated in Figure 7.2, this is the \Program Files\Exchsrvr\Mtadata
directory. It is best to split the database and the run directory, as explained later in
this section.
Note:
The run directory does not contain the actual executable file (Emsmta.exe) and
dynamic link libraries (DLLs) of the Microsoft Exchange MTA Stacks service.
Emsmta.exe and DLLs, such as Mtaroute.dll, are stored in the \Program
Files\Exchsrvr\bin directory.
• Remote X.400 MTA The Exchange MTA communicates with remote X.400
MTAs through X.400 connectors. An X.400 connector is a configuration object in
Active Directory that describes the communication parameters and message formats
that the Exchange MTA must use for message transfer. A remote X.400 MTA can be
a non-Exchange MTA or an Exchange MTA connected through an X.400 connector.
For more information about X.400 communication, see MTA Transport Stacks and
X.400 Connectors.
• Exchange 5.5 servers in the same routing group X.400 connector objects
are not required for the Exchange MTA to communicate with servers running
Exchange Server 5.5 in the local routing group. These types of MTAs are also named
LAN-MTAs to emphasize the fact that an explicit X.400 connector is not involved in
their communication. LAN-MTAs use RPCs to communicate with each other. For
317
The location of the MTA configuration object is slightly different in Exchange System
Manager. You can find the MTA configuration object in the Protocols container under the
server object, as shown in the following figure. The object is named X.400, although you are
actually configuring the MTA and not just X.400 settings. You can use the X.400 configuration
object to define the name of the MTA and its local password. You can also specify the MTA
database directory in which the message queues reside. On the Messaging Defaults tab,
you can configure general communication parameters, such as retry values, which the MTA
uses for communication with LAN-MTAs. You can override these settings when you configure
X.400 connectors.
318
MTA configuration objects are instances of the MTA object class. For example, you can use
this information in a Lightweight Directory Access Protocol (LDAP) filter to export all settings
from all MTAs in an Exchange organization to a text file. The following LDAP Data
Interchange Format Directory Exchange (LDFIDE) command demonstrates how to perform
this step: ldifde -f c:\AllMTAs.ldf -s localhost -d "CN=First Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com" -p subtree -r
"(objectClass=mTA)". You must have read permissions on all administrative groups in the
organization.
The following table lists the important attributes of the MTA directory object and their
purposes.
319
Note:
The MTA password is stored in
encrypted form in Active Directory,
but this does not mean that MTA
names and passwords are secure.
X.400 MTAs exchange their names
and passwords in clear text when
establishing connections.
• XFER IN and XFER OUT threads These threads handle the actual message
transfer in and out of the MTA process. This communication takes place through the
following mechanisms:
You can control the number of transfer threads using the following registry parameter.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\
MSExchangeMTA\Parameters
Type REG_DWORD
• Work Queue The Exchange MTA writes all messages to .dat files in the MTA
database directory on the file system. It then creates a pointer for each .dat file in the
work queue. The work queue maintains a reference to each message for which the
MTA is responsible. The MTA database and .dat files are discussed later in this
section.
• Dispatcher The dispatcher is at the core of the MTA process and is responsible
for message routing and results processing. The dispatcher uses router, fan-out, and
result threads for message processing. The dispatcher performs the following key
tasks:
Note:
The process of creating multiple message copies in the MTA is named fan-
out. This is in contrast to bifurcation, which refers to the process of creating
multiple message copies in the categorizer of the SMTP transport
subsystem. The categorizer is covered in detail in SMTP Transport
Architecture.
Each message in the work queue has a bitmap that is made up of one bit per
recipient. Initially, the MTA sets the bits for all recipients to indicate that the message
325
You can control the number of dispatcher threads using the following registry parameter.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\
MSExchangeMTA\Parameters
Type REG_DWORD
• Submit and deliver threads These thread pools are a legacy from Exchange
Server 5.5. They are not used in Exchange 2000 Server and Exchange Server 2003
under typical circumstances, because in Exchange 2000 Server and Exchange
Server 2003, there is no direct submit or delivery. All messages must pass through
the SMTP service. The SMTP service delivers messages to local recipients through
the Exchange store driver, as explained in SMTP Transport Architecture.
The Exchange MTA treats the SMTP service similar to a MAPI-based connector with
message queues in the Exchange store. XAPI gateways handle the message transfer in
and out of the message queues in the Exchange store. XAPI gateways are threads in the
Exchange store that interface with the XFER IN and XFER OUT MTA threads.
The Exchange MTA uses the following threads for inter-process communication and to
perform system functions, such as updating configuration information when changes occur.
• OSI stack The Exchange MTA uses a number of thread pools to handle
communication tasks between the various layers of the Open Systems
Interconnection (OSI) stack. These thread pools include reliable transfer service
326
(RTS) threads, kernel threads, RPC threads, transport threads, and TCP/IP or X.25
threads. For more information about the purpose of these threads, see MTA
Transport Stacks and X.400 Connectors.
• Timers The Exchange MTA runs timer threads in various situations; for
example, to wait after a message transfer fails before re-sending a message across
an open connection.
• Threads not owned by the MTA The routing engine and the DSAccess module
own threads that run in the MTA process, to inform the Exchange MTA when changes
occur. For example, the routing engine calls the RoutingReset () function of the MTA
if the routing topology changes to trigger message rerouting for all queued
messages. DSAccess communicates with the Exchange MTA to provide cached
directory information.
It is difficult to distinguish between the various .dat file types in an active MTA database. The
Exchange 2000 Server Resource Kit (available at bookstores) includes a tool named
MTAView. You can use MTAView to view the contents of the MTA's queues and the headers
of the messages in these queues. The following figure illustrates the MTAView tool with an
active MTA database open. The foreground window shows the .dat files in the MTA message
queue directory.
327
• Core .dat files The core .dat files act as the reference rows and columns of the
MTA database. There are 38 core .dat files in the message queue directory
(\Program Files\Exchsrvr\Mtadata), and all are required for the Exchange MTA to run.
Most core .dat files ship with Exchange Server 2003. You can find these files on the
product CD in the \Setup\i386\Exchange\Bootenv directory. The Exchange
Server 2003 Setup program copies these files to the \Program
Files\Exchsrvr\Mtadata directory during installation. The core .dat files that ship with
Exchange Server 2003 are numbered DB000001.dat through DB000026.dat (in hex
numbers).
328
The Exchange MTA dynamically creates additional .dat files for important database
queues. For example, the MTA rebuilds the MTA work queue each time the MTA is
restarted. During this rebuild, no messages are delivered, because the MTA must first
account for all .dat files. When all files are accounted for, message transfer begins.
The most important core .dat files on an active MTA database are:
• Message and placeholder .dat files The remaining .dat files in the database
directory are message and placeholder files. The MTA creates a message .dat file for
each message it must transfer. Because the number portion of the file name is
assigned at random (DB######.dat), duplicate file names are possible. To avoid
overwriting an existing file, the Exchange MTA creates a placeholder .dat file together
with each message .dat file. The placeholder .dat file is one byte in size and is used if
a message .dat file cannot be created because of a duplicate file name. The figure
above illustrates a message .dat file of two megabytes (DB00002D.dat) and a
placeholder .dat file of zero kilobytes (DB00002E.dat). The MTA creates two .dat files
for each message.
After a message is transferred, the Exchange MTA erases the data from the .dat files and
resets the files to one byte (instead of deleting the .dat files). The Exchange MTA can
then reuse the .dat files for future messages. This mechanism enhances the performance
of the MTA, because creating and deleting files is time consuming. The number of .dat
files that you find in the message queue directory reflects the maximum number of
messages in the queue at any one time. On a busy bridgehead server running Exchange
Server 2003, you might find hundreds of .dat files in the MTA database directory.
329
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\
MSExchangeMTA\Parameters
Type REG_SZ
You should not place the MTA database directory on a file allocation table (FAT) partition.
FAT16 partitions support a maximum of 65,535 files. This size limitation can be an issue on a
busy bridgehead server. When a queue starts to fill, available entries with which to create
new files can become depleted in only a single day. This problem is compounded because
each message requires two .dat files. Moreover, FAT does not perform well on large volumes,
provides only minimal fault tolerance, and has no recoverability after an unexpected system
halt.
On a busy X.400 bridgehead server running Exchange Server 2003, you can optimize
performance by placing the MTA database directory on a high-performance disk subsystem,
such as a redundant array of independent disks (RAID). A RAID 0+1 with eight to ten disks is
a good starting point for high-volume message transfer. A RAID controller with a cache larger
than 64 megabytes (MB) also helps performance.
Note:
Under the MTA database path registry key, you can find a registry key called MTA
Run Directory. This registry key points to the directory where the run files for the
330
Exchange MTA are located. It is best to place the database and run directory on
different disks.
Messages on link queues are represented as reference pointers to message objects and not
as the objects themselves. Secured messages are available in .dat files, but this is not
necessarily true for unsecured copies. Unsecured copies are kept in memory primarily to
increase MTA performance. The dispatcher saves unsecured copies in .dat files only if there
is not enough cache space available to hold the objects in memory. The cache is a fixed pool
of 4k buffers and per-object structures, based on thread pool sizes. You can adjust the
number of data buffers per object in memory using the following registry parameter.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\
MSExchangeMTA\Parameters
Type REG_DWORD
Note:
You should not delete .dat files directly from the MTA database directory, because
accidentally deleting a core .dat file can corrupt the entire database.
You can also increase the number of gateway in-and-out threads in the Exchange store
process for each mailbox store by using the following registry parameters. If the Exchange
store communicates with the Exchange MTA using multiple threads, a corrupt message might
block one thread, but another thread might still be able to process further messages. If all
332
gateways are blocked by multiple corrupted messages, this might indicate a serious problem
(for example, a hard disk controller malfunction).
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services
\MSExchangeIS\<server_name>\Private-
<database_guid>
Type REG_DWORD
documentation. The MTA Check tool and its documentation are available from the Downloads
for Exchange Server 2003 Web site.
To restart the Microsoft Exchange MTA Stacks service, you must make sure that more than
ten megabytes of disk space are available. This might require that you temporarily move all of
the .dat files out of the MTA database directory to another drive or a network share. The
process of moving files to create an empty database directory is known as an MTA wipe. An
MTA wipe is helpful when troubleshooting MTA database problems, such as numerous
corrupted messages stuck in database queues.
For detailed instructions about how to wipe the MTA Metabase, see How to Wipe the MTA
Database.
Caution:
If you need to wipe an MTA database, you should contact Microsoft Product Support
Services for assistance to ensure that the steps are performed correctly. If you apply
the steps incorrectly, you might loose e-mail messages that are currently present in
the MTA message queues.
• You can perform a complete replay The easiest way to replay the .dat files is
to replay them all at one time on the server where they originally resided. To do this,
the MTA on the Exchange server of origin should have nothing in its queues. If there
are messages in the MTA queues, the MTA should be allowed to finish sending the
messages until all of the queues are empty.
• You can perform a remote replay The .dat files do not have to be replayed on
the Exchange server where they originally resided. If, for example, the original
Exchange server is a busy bridgehead server that continuously transfers large
quantities of e-mail messages and does not reach an empty MTA work queue, you
can choose to replay the messages on another server running Exchange Server.
334
For detailed instructions about how to perform each of these procedures, see How to Replay
DAT Files After an MTA Database Wipe.
To add performance counters to System Monitor, start the Performance monitor tool and then,
in the toolbar, click Add, indicated by a plus sign (+). You can then select the
MSExchangeMTA object from the Performance object drop-down list in the Add Counters
dialog box. According to your selection, appropriate performance counters are listed in the
Select counters list.
The following table lists the performance counters available for the MSExchangeMTA
performance object.
335
Disk file syncs The number of disk file sync operations per
second.
Disk file opens The number of disk file open operations per
second.
336
Disk file reads The number of disk file read operations per
second.
Disk file writes The number of disk file write operations per
second.
XAPI Receive Bytes/sec The rate at which bytes are received over a
XAPI connection.
XAPI Transmit Bytes/sec The rate at which bytes are transmitted over
a XAPI connection.
Admin Interface Receive Bytes/sec The rate at which bytes are received over
an admin connection.
Admin Interface Transmit Bytes/sec The rate at which bytes are transmitted over
an admin connection.
LAN Transmit Bytes/sec The rate at which bytes are transmitted over
a LAN to MTAs.
LAN Receive Bytes/sec The rate at which bytes are received over a
LAN from MTAs.
RAS Receive Bytes/sec The rate at which bytes are received over a
RAS connection. RAS-based X.400
connectors are not available in Exchange
Server 2003.
RAS Transmit Bytes/sec The rate at which bytes are transmitted over
a RAS connection. RAS-based X.400
connectors are not available in Exchange
Server 2003.
TCP/IP Receive Bytes/sec The rate at which bytes are received over a
TCP/IP connection.
TCP/IP Transmit Bytes/sec The rate at which bytes are transmitted over
a TCP/IP connection.
TP4 Receive Bytes/sec The rate at which bytes are received over a
TP4 connection. TP4-based X.400
connectors are not available in Exchange
Server 2003.
337
TP4 Transmit Bytes/sec The rate at which bytes are transmitted over
a TP4 connection. TP4-based X.400
connectors are not available in Exchange
Server 2003.
X.25 Receive Bytes/sec The rate at which bytes are received over
an X.25 connection.
X.25 Transmit Bytes/sec The rate at which bytes are transmitted over
an X.25 connection.
The Exchange MTA also provides a performance object for each connection established by
the MTA. In the Add Counters dialog box, select the MSExchangeMTA Connections object
from the Performance object drop-down list. You can then find the individual connection
instances under Select instances from list. Each MSExchangeMTA Connections instance
describes a single connection, but you can also choose to monitor all instances together.
The following table lists the performance counters that are available for MSExchangeMTA
Connections performance objects.
338
Note:
When sending many messages to the Exchange MTA, the Send Messages/sec value
displayed in MSExchangeMTA Connections - SMTP Server <GUID> goes up and
down while messages flow. However, MSExchangeMTA - Work Queue Length is
always at zero. When sending messages from Exchange to a remote MTA, using an
X.400 Connector, both MS Exchange MTA - Work Queue Length and MS Exchange
MTA Connections - X.400 Connector show activity. This is a result of the different
mechanism that is used by the MTA for inbound and outbound XAPI message
handling. For inbound messages to the SMTP mailbox (an XAPI gateway), the MTA
immediately transfers the messages to the XAPI work queue (DB000020.dat). This is
not the MTA work queue (DB000028.dat). However, for X.400 MTAs or LAN-MTAs,
the MTA places the message in the MTA work queue and does not complete the
transfer until the remote MTA confirms that the message is received. In this way,
System Monitor can be used to determine details of the internal MTA processing.
significance number less than or equal to the logging level, the event is recorded in the Event
Log. If the significance number of the event is greater than the logging level, it is not logged.
The following table lists the Exchange MTA categories that can be enabled for diagnostics
logging.
During normal operation, all categories of the Exchange MTA should have a logging level of
None. At this level, only error events and critical messages are written to the event log. When
increasing the logging level, select only those categories relevant to the issue. Setting logging
levels too high, for too many categories, can quickly fill the event log with irrelevant
information. Do not forget to reset the logging level on all categories to None when you are
done examining the MTA.
Tip:
It is also possible to filter events according to event sources and categories. In Event
Viewer, select the Application log, click View, and then click Filter. Under Event
source, select MSExchangeMTA. To display all events of the Exchange MTA in
Event Viewer, ensure that Category is set to All. Event logs can be viewed locally or
remotely, and they can be saved to *.EVT files.
Category Description
Category Description
Category Description
Note:
AP*.log files can grow very quickly
and have a performance impact on
the Exchange MTA.
342
Category Description
APDU (Application Protocol Data Unit) This category does not cause the MTA to
write information to the Application Event
Log. Instead, it tracks the message
envelope content (the P1) for messages the
MTA sends and receives, as well as the
fully-encoded application protocol data units
(APDUs) that are transmitted between the
MTAs.
Note:
BF*.log files can grow very quickly
and have a performance impact on
the Exchange MTA.
levels of events written to the log files are controlled, as described in Table 7.4. EV*.log files
are easier to read, search, and copy when troubleshooting MTA issues than the
corresponding Application Event Log.
Location HKEY_LOCAL_MACHINE\CurrentControlSet\Ser
vices\MSExchangeMTA\Parameters
Value TextEventLogging
Type REG_DWORD
For more information about the various logs that the Exchange MTA can create, see Microsoft
Knowledge Base article 153188, "XCON: Description of MTA Diagnostics Logging Options."
Note:
Trace level logging degrades server performance measurably. Use trace level logging
under the guidance of Microsoft Product Support Services when troubleshooting
complex Exchange MTA issues.
Caution:
Using Registry Editor incorrectly can cause serious problems that may require you to
reinstall your operating system. Microsoft cannot guarantee that problems resulting
from the incorrect use of Registry Editor can be solved. Use Registry Editor at your
own risk.
To set the diagnostics logging level for MSExchangeMTA categories to trace level, use the
following steps:
2. Double-click each entry for the individual MSExchangeMTA categories and set
the values to 0x7. For example, double-click the 1 X.400 Service entry in the right
pane, and then change the value to 0x7.
3. Restart the Microsoft Exchange MTA Stacks service. Services typically do not
have to be restarted in order for the change to take effect. However, when editing the
registry manually, you might have to perform this step.
• Obtain a quick list of all the secured queues and their associated object IDs.
• Associate data and reference objects with each other that are in the work queue
at startup.
For more information about the Mtacheck.log file, see Microsoft Knowledge Base article
163323, "XCON: Mtacheck.log."
Source: MSExchangeMTA
Type: Information
and content length is 1719. The number of objects sent so far = 1. External trace
information (first 100 bytes) =
3080638061801302555300006280130120000013104669727374204F7267616E697A61746900003180800D
3034303530333136303234315A8201008302060000000000. (10)
Note:
Not all objects that the MTA handles are written to disk. Unsecured objects might
exist only in memory.
Each message also has an associated ID. This is referred to as either the message ID or
Message Transfer Service (MTS) identifier. Unlike object IDs, which are used only by the
local Exchange MTA, the message ID is part of the message itself and can be tracked across
MTAs.
A typical message ID generated by an Exchange MTA has the following format:
C=<country>;A= ;P=<organization>;L=<server>-<date><greenich mean time>-<message
number>. An example is in boldface in event 272, as just shown. There are several variations
of the L= value, depending on the message source. Message IDs from outside Exchange
might differ, but their purpose is the same. MTS identifiers help to associate message copies
with a particular message source. For example, if one message is sent to a distribution group
with hundreds of recipients, each generated fan-out copy of the message has the same
message ID, even after the messages leave the MTA.
If you need to wipe an MTA database, you should contact Microsoft Product Support Services
for assistance to ensure that the steps are performed correctly. If you apply the steps
incorrectly, you may lose e-mail messages that are present in the MTA message queues.
Procedure
Wipe the MTA database
1. Use the Services tool (Administrative Tools program group in the Start menu)
to ensure that the Microsoft Exchange MTA Stacks service is stopped.
346
2. Copy the entire contents of the MTA database directory (by default, this is the
\Program Files\Exchsrvr\Mtadata directory) to a different location. This is
preferable to moving only the .dat files, because Microsoft Product Support
Services might require the entire contents of the Mtadata directory to determine
what caused the problem.
Note:
Do not delete the original .dat files until the messages have been recovered.
3. Verify that the copy process completes successfully, and then delete the .dat
files from the MTA database directory.
5. Remove the read-only file attribute from the copied files. There should be no
read-only files in the MTA database directory.
6. Restart the Microsoft Exchange MTA Stacks service. If the MTA had
problems from corrupted messages in the .dat files, the MTA can now resume
operation and message transfer.
• A complete replay (in which the .dat files are replayed all at once, and on the
Exchange server where they originally resided).
• A remote replay (in which the .dat files are replayed on an Exchange server other
than the one on they originally resided)
347
• An incremental replay (in which the .dat files are divided into several smaller
groups, which are replayed one at a time).
Procedure
To replay .DAT files after an MTA database wipe
• Select from the three following methods:
• How to Replay DAT Files After an MTA Database Wipe via a Remote
Replay
Reference
For general information about wiping the MTA database and replaying DAT files, see the
sections "Wiping the MTA Database" and "Replaying DAT Files" in Exchange MTA in
Exchange Server 2003 Architecture.
When you prepare to perform the replay, be sure that the MTA on the Exchange server of
origin has nothing in its queues. If there are no messages currently residing in the MTA
queues, the MTA can be stopped. The current .dat files can be safely moved and eventually
deleted, because there are no messages pending delivery. If there are messages in the MTA
queues, the MTA should be allowed to finish sending the messages until all of the queues are
empty. After all queues are empty, the MTA must be stopped immediately. After the MTA is
stopped, move the current .dat files to a different location. Do not leave any earlier .dat files in
the MTA database directory. Copy the .dat files that must be replayed to the MTA database
directory.
Procedure
To perform a complete replay of .dat files after an MTA database wipe
1. Verify that all the MTA queues on the server running Exchange Server are empty.
If the queues are not empty, allow the MTA to finish delivering any messages that are
in the queues.
Note:
You can use the Performance Monitor tool (Perfmon.msc) to verify that no
messages are in the MTA queues. For example, to check the work queue, select
the MSExchangeMTA performance object, and then select the Work Queue
Length performance counter, as illustrated in the following figure.
2. When the MTA work queue is empty, stop the Microsoft Exchange MTA Stacks
service.
3. Copy the entire contents of the MTA database directory to a different location.
These files are eventually discarded, if the MTA queues were at zero prior to stopping
the MTA.
5. Copy the .dat files from the directory that contains the original set of .dat files that
you want to replay in the MTA database directory.
7. Monitor the MTA queues and event logs to make sure that all messages are
delivered successfully and that the MTA continues to function typically.
• For information about how to replay .dat files after an MTA database wipe via an
incremental replay, see How to Replay DAT Files After an MTA Database Wipe via an
Incremental Replay.
• The steps for replaying the .dat files remotely are almost the same as the steps
for performing a complete replay, which replays the .dat files on the original server.
However, before you perform the remote replay you must set a special registry key
on the server running Exchange Server where you want to replay the .dat files
• Just as you would do in preparing for a complete replay, before you perform a
remote replay, make sure that the MTA on the Exchange server of origin has nothing
in its queues. If there are no messages currently residing in the MTA queues, the
MTA can be stopped. The current .dat files can be safely moved and eventually
deleted, because there are no messages pending delivery. If there are messages in
the MTA queues, the MTA should be allowed to finish sending the messages until all
of the queues are empty. After all queues are empty, the MTA must be stopped
immediately. After the MTA is stopped, move the current .dat files to a different
location. Do not leave any earlier .dat files in the MTA database directory. Copy the
.dat files that must be replayed to the MTA database directory.
Caution:
Incorrectly editing the registry can cause serious problems that may require you
to reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up
any valuable data.
351
Procedure
Replay the .dat files following an MTA database wipe via a remote replay
1. Set the following registry key on the server running Exchange Server where
you want to replay the .dat files.
Location HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
MSExchangeMTA\Parameters
Type REG_DWORD
2. Follow the steps in this procedure: How to Replay DAT Files After an MTA
Database Wipe via a Complete Replay
3. When the MTA successfully finishes delivering all of the replayed messages,
the registry key you set up for remote replay should be removed.
• For information about how to replay DAT files after an MTA database wipe via an
incremental replay, see How to Replay DAT Files After an MTA Database Wipe via an
Incremental Replay.
352
Caution:
Incorrectly editing the registry can cause serious problems that may require you
to reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up
any valuable data.
Procedure
To replay DAT files after an MTA database wipe via an incremental replay
1. Create a second copy of the complete set of .dat files. Keep one set as a
backup while the other set is used during the incremental replay. Ideally, the set
to be replayed is located on the same drive as the MTA database directory.
Note:
It is a good idea to keep a complete set of the .dat files in a separate location
so that a full backup is still available if the incremental replay fails.
3. If no messages are residing in the MTA work queue, stop the Microsoft
Exchange MTA Stacks service and copy the current .dat files to another location.
Eventually, these .dat files can be deleted, because there are no messages
pending transfer.
5. Copy all files that can be found on the Exchange 2003 product CD in the
\Setup\i386\Exchange\Bootenv directory to the active MTA database directory.
7. Move a portion of the .dat files to be replayed to the MTA database directory.
For example, if you must replay 30,000 .dat files, you might want to replay the
messages in chunks of 5,000 or 10,000 .dat files.
Note:
Ensure that you move the files. If you copy the files instead, it becomes
difficult to distinguish between files that you already replayed and files that
you must replay. Replaying a message multiple times leads to multiple
message deliveries. When the working copy of the .dat files is on the same
directory as the MTA database directory, moving the files to the MTA
database directory is simplified.
9. Start the Microsoft Exchange MTA Stacks service and monitor the MTA work
queue and event logs to ensure that all messages are processed successfully
and that the MTA is functioning normally.
10. Repeat the steps until all of the .dat files are replayed.
11. If you are performing an incremental remote replay, do not forget to remove
the Dispatch remote MTA messages registry key, or set it to 0x0 when you are
finished.
• For information about how to replay DAT files after an MTA database wipe via a
remote replay, see How to Replay DAT Files After an MTA Database Wipe via a
Remote Replay.
354
The OSI reference model is made up of seven layers, as illustrated in the following figure.
As indicated in this figure, the TCP/IP protocol does not fit exactly into the OSI stack. This is
because the TCP/IP protocol, although a layered protocol stack, is not OSI- compliant
(although most elements of TCP/IP can be mapped to OSI). TCP/IP was originally developed
by the Advanced Research Projects Agency (ARPA), based on a four-layer model, called the
TCP/IP model (sometimes called the Internet model). To support X.400 communication over
TCP/IP according to the OSI standard, the Exchange MTA implements a Transport Protocol
Class 0 (TP0) interface on top of TCP/IP, as defined in RFC 1006.
The Exchange MTA can also use RPCs as a transport mechanism to communicate with LAN-
MTAs and XAPI gateways. RPCs represent a communication mechanism at the application
layer, because the RPC runtime library includes presentation and session services. However,
in the context of the MTA stack, RPCs implement an interface under the session layer. The
internal services of the RPC runtime are transparent to the MTA.
The X.25 protocol is an OSI-compliant protocol designed specifically for wide area network
(WAN) connections on packet-switching networks (such as a public X.400 provider). The MTA
355
transport interfaces directly with the X.25 protocol, because X.25 has a Transport Class 0
(TP0) protocol interface to the transport layer. On the OSI side of the data link layer, X.25
relies on the High-level Data Link Control - Link Access Procedure Balanced (HDLC - LAPB)
protocol. HDLC - LAPB is the protocol that the EICON X.25 card uses to communicate with
the synchronous modem that connects the server to the public X.25 network. X.25 is the
network protocol that operates on top of HDLC so that the local system can communicate
with the next node in the X.25 network. Exchange supports EICON X.25 cards only.
Note:
The OSI reference model defines five protocols in the transport layer, TP0 through
TP4. The protocols increase in complexity from 0 through 4. TP0 performs
segmentation and reassembly tasks without any error recovery. TP1 performs
segmentation and reassembly and error recovery. TP2 has multiplexing and de-
multiplexing capabilities. TP3 combines all the features of TP0, TP1, and TP2. TP4
adds reliable transport services to TP3. TP4 is basically the OSI equivalent of TCP
and is most often used by X.400 MTAs that are unable to use the TCP/IP protocol
(such as the earlier Microsoft Mail Gateway to X.400). Exchange Server 2003 does
not support TP4, because a TP4 protocol stack is not available for Windows
Server 2003. Registry parameters, such as TP4 control blocks and TP4 threads
that you can find under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeMT
A\Parameters, are legacy parameters for Exchange Server 5.5 running on Microsoft
Windows NT (where a TP4 protocol was available). These settings have no relevancy
for Exchange Server 2003.
The messages that MTSEs exchange with each other are named P1 messages to indicate
their format. The P1 protocol defines the format of a message transfer envelope. The
envelope contains the actual message, plus routing and control fields, so that the MTSEs can
route and trace a message, and track message contents. The following figure illustrates an
example of a P1 message transfer envelope in the Aspirin tool. Aspirin is an ASN.1 parser
that you can find in the Exchange 2000 Server Resource Kit (available in bookstores). In
X.400, data is formatted using ASN.1 syntax.
356
The actual message is in the X400COM_Content part of the P1 envelope. The message is
usually formatted according to the P2/P22 protocol, which describes the format for
interpersonal messages. Exchange MTAs support other message formats, such as P772 and
P42 for military messages. The following table lists the message formats that the Exchange
MTA supports. However, it should be noted that not all of these formats conform to the X.400
standard. Some message formats are Exchange Server-specific.
357
• Microsoft-
defined and
registered content
type.
• Also referred to
as "MS Exchange
Contents."
• Does not
conform to X.400.
Can only be used
between Exchange
MTAs in the same
organization.
• Does not
conform to X.400.
Can only be used
between Exchange
MTAs in the same
organization.
P2 • Defined in 56010A00
X.400 of the 1984
conformance year.
• Defines the
format of an
interpersonal
message (IPM).
358
• Extends the
format of an
interpersonal
message (IPM), as
defined in X.400-84.
• Extends the
P22 protocol with
extensions defined
for Defense
Message System
(DMS) in "Allied
Communication
Publication (ACP)
123."
• These
extensions
(additional
properties) are
allowed by the
X.400 standard and
are typically only
exposed by DMS-
capable clients, and
STANAG 4406 v1.7
and v3 clients.
359
• Military
message that has
been digitally
signed, encrypted,
or signed and
encrypted using
Message Security
Protocol version 3
(MSP3) (encryption
only is not allowed
within DMS).
• Certificates are
X.509 and
analogous to an
S/MIME V1.
• Also referred to
as "MSP3."
360
• Used within
DMS to define a
secure military
message.
• Military
message that has
been digitally
signed, or signed
and encrypted using
Message Security
Protocol version 4
(MSP4).
• Certificates are
X.509 and
analogous to an
S/MIME V3.
• Microsoft-
defined and
registered content
type.
• Also referred to
as "MAPI."
• Conforms to
X.400 because the
message and all its
attachments are
encapsulated and
attached to the
message itself as a
binary attachment.
• The receiving
client must be able
to decode TNEF,
otherwise the client
displays a useless
attachment called
Winmail.dat. For a
detailed discussion
of TNEF, see SMTP
Transport
Architecture.
The following figure illustrates how the P1 and P2 protocols map to the architecture of
Exchange Server 2003.
362
Note:
The X.400 standard defines protocols for clients to interact with an MTA (P3) and a
message store (P7). However, these protocols are not used in Exchange
Server 2003. In Exchange Server 2003, clients do not communicate directly with the
MTA or use RPCs (such as the Queue Viewer snap-in). Client communication with
the Exchange store is based on MAPI or Internet protocols.
The RTSE provides reliable data transfer by transforming the data into a string of octets. It
then breaks the string into segments named application protocol data units (APDUs), and
then hands each APDU to the presentation layer for delivery. The RTSE ensures that APDUs
arrive intact, without duplication, when they are transferred between MTAs. When a
connection is interrupted for any reason, the RTSE is responsible for retrying data transfer.
The RTSE supports smart recovery between APDUs by establishing checkpoints.
Checkpoints enable the RTSE to resume the APDU transfer at the point where the disruption
occurred, rather than retransmitting the entire APDU. Activity and minor synchronization
facilities of the session layer support interruption and possible resumption of data transfer, if
the underlying network connection is lost.
363
Note:
You can configure checkpoint size, window size, and recovery timeouts in the RTS
values of an X.400 connector or the MTA directory object.
The services offered by RTSE fall into the following three categories:
• Data transfer The RTSE uses RT-TRANSFER APDUs for data transfer. The
dialog may be one-way or two-way alternate, depending on whether data is
transferred only from one MTA or in both directions by turns. Each association, over a
two-way alternate link, has a turn token that only one MTA can possess at a time.
When an MTA must send a message, but does not have the turn on an open
association, it must determine how many open associations are on the link. If there
are fewer than eight associations, the MTA attempts to open a new association on
which it has the turn. If there are already eight associations open, the MTA sends an
RT_TURN_PLEASE request over one of the associations. If the receiving MTA can
release the turn, it sends back an RT_TURN_GIVE response and the requesting
MTA is allowed to transfer the message. If the receiving MTA cannot release the turn,
it simply does not respond until it is ready to release the turn. In a two-way alternate
communication, the RTSE can use RT-TURN-PLEASE and RT-TURN-GIVE APDUs
to switch data transfer directions, as follows:
Caution:
Using Registry Editor incorrectly can cause serious problems that may require you to
reinstall your operating system. Microsoft cannot guarantee that problems resulting
from the incorrect use of Registry Editor can be solved. Use Registry Editor at your
own risk.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\
MSExchangeMTA\Parameters
Type REG_DWORD
Note:
If the RTS threads setting is too
high, RTS threads might overload
other threads in the OSI stack, thus
causing a message transfer
slowdown.
365
Each connection between two MTAs can have up to ten associations, and because each
association is effectively a conversation, up to ten messages can be sent simultaneously over
a single X.400 connector. Two of the ten associations are reserved for sending urgent
messages. Each MTA holds the turn on one of the two associations and never releases the
turn. If a remote MTA attempts to establish more than eight concurrent associations for
messages with normal priority, the Exchange MTA refuses the additional associations and
logs an event with the event ID 58 in the application event log. The following is an example of
this event:
Event ID: 58
Date: 04/01/2004
Time: 4:27:34 AM
User: N/A
Computer: SERVER01
366
Description:
SERVER01/CN=MICROSOFT MTA entity has reached the per-entity receive association limit
of 8, equal to 80 percent of the total 10. [MTA XFER-IN 36 34] (12)
Note:
The Exchange MTA has a total limit of 2,050 associations over all connections
(including X.400 connectors, RPC connections to LAN-MTAs, and XAPI sessions).
This limit is hard coded and cannot be changed.
The first information sent over the presentation layer is a P-ACTIVITY-START indication. If
the message is large, the MTA might have to send more than one P-DATA packet. P-DATA
packets are not confirmed by the receiving MTA, so the sending MTA also sends P-MINOR-
SYNCHRONIZE indications between the P-DATA packets. The receiving MTA confirms the
minor sync points using P-MINOR-SYNCHRONIZE confirm primitives. However, minor sync
points do not have to be confirmed immediately. There is a window size that sets how many
minor sync points can be outstanding at any time. After the entire message has been
transferred, a P-ACTIVITY-END request is sent. When the receiving MTA confirms the P-
ACTIVITY-END, the RTSE passes a RT_TRANSFER_CONFIRMED primitive back to the
MTA, and the MTA marks the recipients as processed.
This transfer procedure is driven by the following events in the presentation layer:
1. RT-TRANSFER request.
3. P-MINOR-SYNCHRONIZE confirmation.
4. P-ACTIVITY-END indication.
5. P-ACTIVITY-END confirmation.
The RTSE also requires synchronization services provided by the session layer for protection
against data loss. Specifically, the RTSE must distinguish between data that was delivered
successfully to the receiving MTA and data that failed to reach its intended destination, in
which case the RTSE might request the retransmission of the data.
367
To handle the presentation and session services in the OSI stack, the Exchange MTA uses a
pool of kernel threads. You can control the number of kernel threads through the following
registry parameter:
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\
MSExchangeMTA\Parameters
Type REG_DWORD
Recommended setting:
is, a host name, IP address, or X.121 address), Transport Service Access Point (TSAP),
Session Service Access Point (SSAP), and Presentation Service Access Point (PSAP). Enter
the TSAP, SSAP, and PSAP in the T Selector, S Selector, and P Selector boxes,
respectively.
TSAP, SSAP, and PSAP are optional parameters on an Exchange server, because the
Microsoft Exchange MTA Stacks service does not share the OSI stack with other MTAs. If,
however, the remote MTA uses OSI address information to connect to the local MTA, you
must define these parameters for the local MTA. Otherwise, communication cannot take
place. It is possible to overwrite the OSI address information per X.400 connector. X.400
connector configuration parameters are discussed later in this section.
Note:
X.400 MTAs that operate according to the 1984 conformance year support only
TSAPs. SSAPs and PSAPs should not be specified.
To support X.400 connectors, you must install one of the following two MTA transport stacks:
• TCP/IP Transport Stack TCP/IP is a good choice for X.400 message transfer
over the Internet and over intranets. The TCP/IP transport stack implements ISO
transport services on top of TCP/IP, as defined in Request for Comments (RFC)
1006. When you install and configure a TCP/IP transport stack, you create a
configuration object in Active Directory that defines the service access points and
other settings that the MTA uses. Transport stack objects are located in the
configuration directory partition under the MTA directory object. You can use the
following LDIFDE command to export all TCP/IP transport stacks configured on all
servers in an Exchange organization to a file named Stacklist.ldf: ldifde -f
c:\Stacklist.ldf -s localhost -d "CN=First Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com" -p subtree -r
"(objectClass= rFC1006Stack)"
The following table describes the important attributes of the TCP/IP transport stack.
Attribute Description
Attribute Description
• X.25 Transport Stack You must install an EICON X.25 card on the server
running Exchange Server 2003 and the EICON WAN drivers in Windows
Server 2003 to support X.400 connectors over X.25. The X.25 configuration is very
complex and can be completed only by using the configuration utilities that come with
the EICON X.25 card. The X.121 address (comparable to a telephone number) is the
most important information that must be configured. X.121 address data, call user
data, and facilities data that you specify in the X.25 transport stack must match the
EICON card configuration, as specified by your X.25 provider.
You can use the following LDIFDE command to export all X.25 transport stack objects
configured on all servers in an Exchange organization from Active Directory to a file
called Stacklist.ldf: ldifde -f c:\Stacklist.ldf -s localhost -d "CN=First
Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com"
-p subtree -r "(objectClass= x25Stack)"
The following table describes the important attributes of the X.25 transport stack.
Attribute Description
Attribute Description
To handle the communication at the transport layer in the OSI stack, the Exchange MTA uses
transport threads. You can configure the number of transport threads that the MTA uses
through the following registry parameter.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\
MSExchangeMTA\Parameters
Type REG_DWORD
X.400 Connectors
In a distributed environment, communication conflicts can occur if the communicating MTA
processes are not carefully coordinated. For example, the Exchange MTA is a 1988 X.400
MTA, and must scale back its features when communicating with a 1984 MTA.
Note:
All Exchange versions include 1988 X.400 MTAs. The Microsoft Mail for PC Networks
Gateway to X.400 is an example of a 1984 X.400 MTA.
The following figure shows the Properties dialog box for a sample X.400 connector.
373
You will see a dialog box, as shown in Figure 7.12, which has the following tabs:
• General This tab is used to define a name, the remote X.400 MTA and
password, and the transport stack. You can also use this tab to specify whether
remote clients support MAPI and whether to allow public folder referrals.
• Schedule This tab is used to set the communication schedule. Never, Always
(communication occurs constantly), Selected Times (up to 15-minute intervals), and
Remote Initiated may be configured.
• Stack This tab is used to specify required address information, such as remote
host name or IP Address (or X.121 address), and service access points for the
remote system.
• Override This tab is used to override default X.400 attributes of the local MTA.
• Address Space This tab is used to define the type and format of routing
addresses. Cost values are associated with address spaces to optimize routing. In
374
addition, you can specify whether this connector is available to the entire organization
or restricted to the local routing group.
• Advanced This tab is used to specify X.400 message formats and transfer
procedures when sending messages to a remote X.400 system or server running
Exchange.
• Content Restrictions This tab is used to specify which message types can
traverse the connector according to priority (High, Normal, or Low), message type
(System Messages or Non-System Messages), and message size (Allowed Sizes).
• Delivery Restrictions This tab is used to specify who can send messages over
this connector. By default, messages are accepted from everyone.
You can specify the name and password of the local MTA, from the server's Protocols
container, in the X.400 object's Properties. The administrator of the remote MTA must ensure
that this information is also specified correctly on the remote MTA. Also, to configure your
local MTA correctly, you must get the name and password of the remote MTA from the remote
administrator. To specify the name and password of the remote MTA, from the General tab,
click Modify.
Note:
The MTA password is case-sensitive. If it is misspelled, connections cannot be
established.
Especially when connecting to a public X.400 network, you might be forced to override the
name and password of the local MTA on a per-connector basis. Public X.400 carriers usually
provide the required information that you must use. To adjust the configuration on a per-
connector basis, use the Override tab. Also, you can adjust the various X.400 protocol
parameters from this tab, such as Maximum Open Retries and Maximum Transfer Retries,
which are discussed earlier in this section.
375
X.400 Addresses
X.400 systems use a complex addressing scheme for message routing and delivery. The
most important X.400 address type is called a mnemonic originator/recipient (O/R) name or
O/R address. A mnemonic O/R address identifies a recipient based on country, administration
management domains (ADMD), and private management domain (PRMD). Further address
information, such as surname and given name, is required to form a complete address.
Every X.400 address must contain management domain information. A management domain
is basically a messaging network that is maintained by a single organization. This
organization can be a public operating agency (such as a telecommunications company) or a
private organization. As recommended by ITU-T, PRMDs handle internal messages, and
external messages destined to other PRMDs are always handled by public ADMDs (telecom
companies). In theory, PRMDs are supposed to communicate with each other through
ADMDs. However, in practice, PRMDs often bypass telecom-ADMDs to communicate directly
with each other (for example, using TCP/IP over the Internet), which lowers costs.
Note:
The fields for country, ADMD, and PRMD are mandatory. If a messaging network
does not have an ADMD, specify a single space character in the ADMD portion of
your X.400 addresses. A space in the ADMD part is synonymous for "any ADMD."
The following table lists the fields that can be used in an O/R name.
Note:
With the exception of the DDA field, O/R names are not case sensitive.
shown in the following figure. A message sent to a matching SMTP recipient (such as
Ted@tailspintoys.com) is then routed through the X.400 connector. The Exchange MTA
converts the address information to an X.400 address using domain defined attributes (DDA),
as listed earlier in the table above.
When specifying non-X.400 address spaces, you must make sure that the receiving MTA can
handle the non-X.400 address information. For example, if the target X.400 system cannot
handle SMTP DDA information, assigning an SMTP address space to a X.400 connector that
points to this system is not a good idea. Messages are not transferred successfully in the
remote system. Some X.400 systems expect encapsulated SMTP address information, as
defined in RFC 2156 "MIXER (Mime Internet X.400 Enhanced Relay)," which describes a
method for mapping message formats and address information between RFC 822/MIME and
X.400. A corresponding DDA address portion looks like this: DDA:rfc-
822=Ted@tailspintoys.com. Exchange Server 2003 uses SMTP DDAs instead of RFC822
DDA and does not support MIXER.
378
Note:
Exchange Server 5.5 supports MIXER functionality. If you require this feature, you
should maintain an Exchange 5.5 bridgehead in your organization.
Using the X.400 bodypart for message text list, you can also select a bodypart for the
message text as it will appear in the message body. A message can consist of several
bodyparts, which allows for e-mail attachments. The following table lists the bodyparts that
Exchange Server 2003 supports.
0 IA5 text
2 Voice
3 G3 facsimile
5 Telex (T.61)
6 Videotex
7 Nationally defined
8 Encrypted
9 Forwarded IP message
12 Octet string
13 ISO6937 text
14 Bilaterally-defined (binary)
When connecting to a remote Exchange MTA in the same organization, you can select the
Allow Exchange Contents check box. The native Exchange format is not X.400 conforming,
but between Exchange MTAs this is not an issue. However, you must clear this check box
when communicating with an Exchange MTA that is external to the local Exchange
organization, because native Exchange content includes legacyExchangeDN address
information, which is only valid in the local organization. The recipients specified through
legacyExchangeDN addresses do not exist in the directory of the external Exchange MTA.
To send messages in Exchange format to Exchange users in external organizations, from the
General tab of the connector, select the Remote Client Supports MAPI check box. When
you select this check box, the Exchange MTA encapsulates the messages using Transport
Neutral Encapsulation Format (TNEF). The MTA converts the message to a plain text part
380
and an attachment in legacy TNEF. To learn more about TNEF, see SMTP Transport
Architecture.
An MTA can add the following two types of trace information to the P1 message transfer
envelope:
The MTA adds external trace information to a message when the message reaches the
organization; for example, when the Exchange store submits a message to the MTA or
when the MTA receives a message from an MTA in another organization. If an MTA
receives a message from an external organization and encounters its own local global
381
domain identifier in the external trace information, a message loop between the
organizations is detected. The presence of the local global domain identifier indicates that
the local X.400 domain already handled the message and routed it to the other domain. If
the MTA accepts the message again, the message routes again to the other domain,
where it is routed back again to the local domain. This represents a message loop, and
the MTA must drop the message with an NDR.
Note:
The Exchange MTA does not remove external trace information from messages.
• Internal trace information Internal trace information identifies each MTA that
transferred the message within an organizational boundary. Internal trace information
is made up of the MTA name and information about routing actions (such as whether
the message was relayed or rerouted, or caused a distribution list (DL) expansion by
that MTA). If a message enters the same MTA twice, it might be dropped with an
NDR.
To detect message loops based on internal trace information, the MTA performs the
following steps:
b. The MTA determines if the global domain identifier matches the local
global domain identifier. If this is the case, the MTA compares the local MTA
name with the names in the internal trace information.
c. If the local MTA name is not present, no message loop is detected. The
MTA stops checking at this point.
d. If the local MTA name is present, the MTA checks the routing action
information in the internal trace information. If no routing action is present,
the message was not transferred across the local domain and no message
loop is detected. The MTA stops checking at this point.
e. If the routing action indicates that the message was relayed, a message
loop is possible. The MTA then checks the other actions field to determine if
the message was rerouted or the distribution-list was expanded. If either
condition exists, the message might legitimately revisit an MTA, so it is not
dropped with an NDR. The remote replay scenario is another scenario in
which a message might legitimately revisit an MTA. This scenario is
explained in the section "Replaying DAT Files" in Exchange MTA in
Exchange Server 2003 Architecture.
f. However, if the message was relayed and no other actions are specified,
the MTA marks the message as looping and drops it with an NDR to inform
the message sender that the message did not arrive at its final destination.
382
The MTA adds internal trace information to the P1 message transfer envelope of all
messages it processes. However, when the MTA detects that the message is transferred to
an external X.400 domain, it must remove all internal trace information from the message
envelope, because between X.400 domains, only external trace information is used for loop
detection. To determine when to remove the internal trace information, the MTA compares its
local global domain identifier to the global domain identifier of the target MTA.
To determine its local global domain identifier, the Exchange MTA reads the default recipient
policy. Specifically, the Exchange MTA reads the country, ADMD, and PRMD information from
the primary X.400 address space defined in the default recipient policy to create the local
global domain identifier. You can configure the default global domain identifier for the
Exchange MTA in Exchange System Manager. Under Recipient Policies, display the
properties of the Default Policy, and then edit the X.400 e-mail address entry. By default, the
global domain identifier is c=US;a= ;p=<first 16 letters of the name of the Exchange
organization>.
Note:
The Exchange MTA determines the local global domain identifier when the MTA is
initializing, that is, when you start the Microsoft Exchange MTA Stacks service.
To determine the global domain identifier of the remote MTA, the local MTA reads the country,
ADMD, and PRMD information from the address space assigned to the X.400 connector on
the Address Space tab, but you can overwrite this information on the Advanced tab if you
click Global Domain Identifier. Click Specified Global Domain Identifier, and then define
the global domain identifier in terms of country, ADMD, and PRMD. Under ADMD (a), select
Any, if you want to allow the X.400 connector to use any ADMD, which corresponds to a
blank ADMD field. If you select Specific, you must type a value for the ADMD.
Note:
If, on the Advanced tab, you choose 1984 as the conformance for the X.400
connector, you must configure the global domain identifier explicitly.
You can use the following LDIFDE command to export all X.400 connectors in an Exchange
organization named First Organization to a file called X400Connectors.ldf: ldifde -f
c:\X400Connectors.ldf -s localhost -d "CN=First Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com" -p subtree -r
"(objectClass=x400Link)"
383
The following table describes the important attributes of X.400 connector objects.
Attribute Description
Attribute Description
Note:
The password is protected in Active
Directory, but X.400 MTAs transmit
MTA names and passwords in clear
text.
Note:
The password is protected in Active
Directory, but X.400 MTAs transmit
MTA names and passwords in clear
text.
Attribute Description
• rFC1006X400Link TCP/IP
X.400 connectors
Attribute Description
Attribute Description
Source: MSExchangeMTA
Type: Warning
Category: Resource
To support more than two X.400 connectors on a bridgehead server, you should increase the
number of control blocks by using the following registry parameter.
388
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\
MSExchangeMTA\Parameters
Type REG_DWORD
To handle the communication load at the TCP/IP layer, you might also have to increase the
number of TCP/IP threads that the MTA uses, through the following registry parameter.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\
MSExchangeMTA\Parameters
Type REG_DWORD
The actual maximum number of control blocks that the Exchange MTA can use is 1,250, but
this number is taken from a pool of control blocks for the TCP/IP, TP4, and X.25 transport
389
stacks. The registry values indicated correspond to TCP/IP control blocks, TP4 control blocks,
and X.25 control blocks, respectively. By default, all of these values are set to 20 decimal, so
the TCP/IP control blocks value can be increased up to 1,210 decimal without creating a
problem. This permits a maximum of 121 TCP/IP X.400 connectors on a single server, each
using the maximum number of allowable associations. This number is theoretical. The
capacities of the bridgehead server might limit the actual number of X.400 connectors.
It is unlikely that each X.400 connector will process enough mail to require the maximum
number of associations for each connector. Furthermore, if the X.25 transport stack is not in
use, you can reduce the Eicon X.25 connections parameter to a value of zero, thus
increasing the available control blocks for the TCP/IP stack by 20. However, TP4-based
X.400 connectors are not supported in Exchange Server 2003, and reducing the TP4 control
blocks does not allocate additional control blocks for TCP/IP.
If you set the maximum number of pooled control blocks too high, the Microsoft Exchange
MTA Stacks service cannot start, and the following event is logged in the application event
log:
Source: MSExchangeMTA
Type: ERROR
Category: Configuration
Multiple bridgehead servers and X.400 connectors between two routing groups
Note, however, that Exchange Server 2003 does not perform true load balancing over
multiple connector instances. As explained in Message Routing Architecture, the advanced
queuing engine calls the routing engine to determine a message route one time, caches this
information, and then transfers all messages of the same type over the same connector.
Additional connectors are used only if the first connector fails. However, a second server
might select the second connector and in this way balance the load to some degree.
Note:
Because the routing engine cannot differentiate between local and remote
connectors, it is possible for the advanced queuing engine on one bridgehead server
in the local routing group to transfer all messages for the target routing group to
another bridgehead server in the same local routing group, even if the local server is
also a bridgehead server that could transfer the message.
391
Source: MSExchangeMTA
Type: Information
The following table describes the important attributes of the SMTP XAPI gateway object.
Attribute Description
Attribute Description
After receiving a message from the SMTP XAPI gateway, the MTA must determine a suitable
connector to transfer the message to the next hop. In Exchange 2000 Server and Exchange
Server 2003, the MTA no longer performs actual message routing, but contacts the routing
395
engine through MTARoute.dll, which then routes the message. However, the MTA might
change the O/R recipient names to a form that can pass to the routing engine.
The MTA does not call the routing engine for messages it receives from LAN-MTAs, X.400
MTAs, or MAPI connectors. It passes these messages straight to the MTS-OUT folder of the
SMTP XAPI gateway. The advanced queuing engine, in turn, then handles the messages and
calls the routing engine if a message is not directed to local recipients. In fact, a message
might transfer back to the Exchange MTA through the Exchange store and SMTP XAPI
gateway, if it must transfer to another LAN-MTA, X.400 MTA, or non-Exchange messaging
system. The SMTP service sets a flag on all messages that it transfers to the Exchange MTA,
to indicate that the MTA should call the routing engine. For detailed information about the
message routing process, see Message Routing Architecture.
If the routing engine can determine a next hop for a message, the MTA determines whether
the next hop is reached through the local SMTP service. It is possible, for example, that an
X.400 connector and a routing group connector both point to the same routing group. If this
occurs, the advanced queuing engine might pass the message to the MTA for transfer over
the X.400 connector, and the MTA might then pass the message back to the SMTP service
for transfer over the routing group connector, and so forth. To avoid this situation, the MTA
calls the routing engine a second time if the initial routing suggests that the MTA should send
the message back to the SMTP service. The MTA passes the recipient's X.400 proxy address
in the initial routing call and the legacyExchangeDN in the second routing call, with the
expectation that this will yield a different route than the route through the SMTP service.
If the routing engine cannot determine a next hop due to a temporary link failure, the routing
engine flags the message to inform the MTA that it must reroute the message the next time
link state information changes. As explained in Message Routing Architecture, link state
information changes when you change the connector configuration in your organization or
when the advanced queuing engine or MTA marks a connector as down or up. The link state
algorithm ensures that updates to link state information are propagated to all servers in the
organization that are running Exchange Server 2003.
When the routing engine on the local server discovers that link state information is changed, it
calls the RoutingReset() function of the MTA. The MTA then calls the routing engine on all
messages that are routed but not yet sent, to perform rerouting. Until the routing engine
receives updated link state information from its routing group master, routing calls result in a
temporary error, and the MTA places the messages in a Pending Reroute queue. The
396
rerouting succeeds when the link state information is synchronized across the entire routing
group.
Note:
Frequent changes to link state information can cause message transfer problems in
the Exchange MTA. For example, messages might be dropped with non-delivery
reports (NDRs) indicating unrecognized O/R names. In an environment with
unreliable network connections, you might have to disable the propagation of link
state information, as discussed in Message Routing Architecture.
Before sending messages, the local MTA sends the GUID attribute of the Exchange
organization and the current MD5 digest in a DIGEST_QUERY packet to the remote MTA.
When the remote MTA recognizes the DIGEST_QUERY packet, it passes the information to
its routing engine. The routing engine compares the digest with its own digest copy, and
passes the comparison results back to its MTA. The remote MTA then sends the response
back to the local MTA.
397
If the MD5 digests on the servers running Exchange Server differ, then a more detailed
conversation follows between the MTAs to exchange OrgInfo packets. The OrgInfo packet
contains the link state table, with all details and states of the routing topology. The MTAs pass
the OrgInfo packets to their local routing engines, and the routing engines determine which
server has the most up-to-date information. The server with the most up-to-date information
discards the received OrgInfo packet. The other server passes the updated link state
information to its routing group master, and the routing group master updates the link state
information on all servers in its local routing group.
Exchange MTAs transfer digest queries even if they connect to MTAs outside the local
Exchange organization. The receiving routing engine checks the organization GUID in the
DIGEST_QUERY packet to determine if the link state information is from the local
organization and ignores the MD5 digest if it is from a different organization. The query
response indicates that no OrgInfo packets must be exchanged.
and Exchange Server 2003 must use the same mechanisms. MTAs and RPCs are also used
over routing group connectors that have a server running Exchange Server 5.5 as a remote
bridgehead (that is, a routing group connector operates as a site connector in Exchange 5.5).
The Exchange MTA uses an RPC thread pool to support communication with LAN-MTAs, the
Exchange store, and administrative tools. You can control the minimum and maximum
number of RPC threads by using the following registry parameters.
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\
MSExchangeMTA\Parameters
Type REG_DWORD
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\
MSExchangeMTA\Parameters
Type REG_DWORD
Location HKEY_LOCAL_MACHINE\System\CurrentControl
Set\Services\
MSExchangeMTA\Parameters
Note:
The MTA uses RPCs to transfer messages in and out of the Exchange store.
However, this RPC communication should not encounter any problems during normal
server operation and should not affect server performance.
Source: MSExchangeMTA
Description: An interface error has occurred. An MtaBindBack over RPC has failed.
Locality Table (LTAB) index: %1, NT/MTA error code:1722. Comms error %3, Bind error
%4,Remote Server Name %5, Protocol String IP Address of Server.
When the bindback fails, the binding server does not receive a response from the remote
system. Eventually, the RPC run-time library encounters a timeout and logs the following
error in the event log:
Description: An RPC communications error occurred. Unable to bind over RPC. Locality
Table (LTAB) index: 151, NT/MTA error code: 1722. Comms error 1722, Bind error 1722,
Remote Server Name SERVERNAME [MAIN BASE 1 500 %10] (14)
To resolve this issue, you must make sure that the two MTAs both can resolve each other's
FQDNs to IP addresses.
state table. This gives Exchange Server 2003 users the ability to use connectors that are not
available in Exchange Server 2003, such as Connector for Lotus cc:Mail, Connector for
Professional Office System (PROFS), or Connector for SNA Distribution System (SNADS).
To enable servers running Exchange Server 5.5 to use connectors on Exchange Server 2003,
a GWART is generated that includes all connector information. Exchange Server 5.5 users
can then send messages to Internet users through SMTP connectors installed on Exchange
Server 2003. This is advantageous because all Exchange users can benefit from the spam
and connection filtering capabilities of Exchange Server 2003.
For backward compatibility, an Exchange Server 2003 MTA generates the GWART and
communicates with Active Directory through Active Directory Services Interface (ADSI) to
write the GWART object. The MTA writes the routing information in binary form to the
gatewayRoutingTree attribute and updates the gWARTLastModified attribute of the directory
object to indicate when the GWART was last updated. The GWART object resides in the
administrative group of the server running Exchange Server. The Site Replication Service
(SRS) replicates the GWART object to the Exchange Server 5.5 directory, and Exchange
Server 5.5 replicates the GWART to all servers running Exchange Server 5.5, so that these
servers can include Exchange Server 2003 connectors in their routing decisions.
You can use the following command line to export all GWART objects from an Exchange
organization: ldifde -f c:\GWART.ldf -s localhost -d " CN=Administrative
Groups,CN=First Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com" -p subtree -r
"(objectClass=siteAddressing)".
The following table describes the important attributes of the GWART directory object.
Attribute Description
On the non-Exchange side of a message transfer, message delivery and retrieval depend
on the features and programming interfaces that the non-Exchange messaging system
provides. Typically, only a single point of contact is used on this side of a message
transfer also. For example, Connector for Lotus Notes connects to only one Lotus
Domino server. It is up to the non-Exchange messaging system server to route messages
to their final destinations.
The following figure illustrates the typical steps that a MAPI-based connector must
perform to accomplish outbound and inbound message transfer.
Message transfer to and from a non-Exchange messaging system includes the following
steps:
Connector Components
MAPI-based connectors consist of a variety of components that enable seamless integration
with Exchange Server 2003. These include configuration objects in Active Directory that hold
connector-specific settings and the actual connector applications that perform message
conversion and transfer. MAPI-based connectors also come with Microsoft Management
Console (MMC) snap-ins, which integrate with Exchange System Manager so that you can
perform system configuration tasks using a unified user interface.
Note:
Connector components can run directly on a server running Exchange
Server 2003 or on a separate computer that communicates with Exchange
Server 2003 over the network. The non-Exchange messaging system is usually
accessed over the computer network, although it might improve connector
performance if the non-Exchange messaging system is local to the connector
server. For example, it is possible to run both Exchange Server 2003 and Lotus
Domino on the same server.
Note:
Conversion DLLs are optional components. The code to perform message
conversions can also be embedded directly in a MAPI-based connector, in which
case conversion DLLs are not used. For example, Connector for Lotus Notes and
Connector for Novell GroupWise do not rely on conversion DLLs. The
mechanisms that these connectors rely on to perform message conversions are
covered in later sections.
407
Note:
Exchange users typically appear in non-Exchange messaging systems as regular
recipients who exist in the non-Exchange messaging systems.
To enable recipient update service to generate proxy addresses in the correct format,
MAPI-based connectors must install an appropriate proxy address generation DLL on the
server running Exchange Server 2003. Proxy address DLLs reside in subdirectories that
correspond to address types and computer processor types, under \Program
Files\Exchsrvr\Address. This subdirectory is shared for network access (share name:
\\<server name>\Address), so that the recipient update service can access the DLLs,
even if the messaging connector is installed on another server running Exchange Server.
You can read more about the recipient update service in Exchange Server 2003 and
Active Directory.
The following figure illustrates an example of proxy addresses that the recipient update
service assigned to an Exchange user.
408
Users can have primary and secondary proxy addresses. For example, Figure 8.2 shows
a secondary Lotus Notes proxy address for Ted. The primary proxy address is used as
the sender address in all outbound messages to the non-Exchange messaging system.
Secondary proxy addresses are used to deliver inbound messages to the proper recipient
in Exchange Server 2003, when these messages are not addressed to the primary proxy
address. To continue the example, Ted can also receive Lotus Notes messages
addressed to Ted@Contoso, because this is Ted's secondary NOTES proxy address.
Note:
You can define proxy addresses for Exchange users in recipient policies in
Exchange System Manager. An Exchange user has only one primary proxy
address per address type but might have multiple secondary addresses. All proxy
addresses (primary and secondary) must be unique in the Exchange
409
Attributes Description
Note:
Address templates and address syntax programs are optional connector
components. Connector for Lotus Notes and Connector for Novell GroupWise do
not install these components.
Connector objects reside in the Connectors container under their routing groups in
Exchange System Manager. A corresponding administrative snap-in is required to
configure the settings of the msExchConnector object. Settings include connector type-
specific attributes, in addition to general attributes.
Note:
In addition to the msExchConnector object in Active Directory, configuration
information can also be stored in the registry database on the bridgehead server.
The following table lists important general attributes that all MAPI-based connectors have
in common.
Attributes Description
Attributes Description
Attributes Description
Note:
To support connector-specific
attributes, MAPI-based connectors
from non-Microsoft vendors must
extend the schema of Active
Directory to create a new object
class. You should represent MAPI-
based connectors in Active
Directory by objects of a class that
inherits from the mailGateway
class. The mailGateway object, in
turn, is a sub-class of
msExchConnector.
Note:
At a minimum, a connector mailbox must have an MTS-IN and an MTS-OUT
folder.
Note:
Because the connector message queues are always available, MAPI-based
connectors are always marked as STATE_UP in the link state table and the
Exchange MTA continues to deliver messages to a MAPI-based connector even if the
connector service is not running. This can cause numerous messages to collect in
the MTS-OUT message queue.
414
3. The SMTP service passes the message to the Exchange MTA through the
Exchange store. The Exchange MTA places the message in an internal message
queue, which the MTA maintains separately from the Exchange store on the file
system (\Program Files\Exchsrvr\Mtadata).
4. The Exchange MTA communicates with the routing engine in the SMTP transport
subsystem through MTARoute.dll to determine the target MAPI-based connector.
415
5. The routing engine identifies, by address spaces, the MAPI-based connector that
handles the recipient and returns this information to the Exchange MTA.
6. The Exchange MTA wraps the message in a message transfer envelope (MTE)
and places it in the target MAPI-based connector's MTS-OUT folder. The message
transfer envelope contains a list of recipients to whom the MAPI-based connector
must deliver the message, plus the original message in the form of an attachment.
Note:
A MAPI-based connector can determine when an outgoing message arrives in its
MTS-OUT folder by polling the connector mailbox periodically or by waiting for an
Advise event from the Exchange store that signals a new outbound message.
2. The Exchange MTA analyzes a special message property that is set only when
the message comes from the SMTP service. Because this flag is missing, the MTA
recognizes that the message is not from the local SMTP service, which indicates that
it is an inbound message for which the Exchange MTA does not need to perform
message routing. The MTA passes the message straight to the SMTP service's MTS-
OUT folder.
3. The Exchange store driver places the message into the pre-submission queue
and the SMTP transport subsystem categorizes, routes, and delivers the message,
as discussed in Message Routing Architecture and SMTP Transport Architecture.
and without the need for a MAPI client on the server. For detailed information how to create
MAPI profiles dynamically, see Microsoft Knowledge Base article 306962, "How to Create
MAPI Profiles Without Installing Outlook."
MAPI profiles are stored in the registry under the HKEY_USERS hive. Several subkeys exist
on a bridgehead server, according to the security identifiers (SIDs) of system accounts and
user accounts that the active server processes and administrators use to log on to the
system. In Exchange Server 2003, MAPI-based connectors should run in the context of the
LocalSystem account, which has an SID of S-1-5-18. Accordingly, you can find the MAPI
profile of a MAPI-based connector at the following location: HKEY_USERS\S-1-5-
18\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging
Subsystem\Profiles. For example, if you installed and started Connector for Novell
GroupWise on a bridgehead server named Server01, you can find a subkey named
SERVER01-LME-GWISE V5.5 under the Profiles key.
It is possible to copy the connector profile to the subkey of the administrator who is currently
logged on and then use a low-level MAPI tool to open the connector mailbox. Mdbvu32.exe is
such a low-level MAPI tool, available for download from the Downloads for Exchange
Server 2003 Web site.
The Information Store Viewer.doc file that comes with the tool contains detailed information
about how to use the Mdbvu32.exe tool. The following figure shows the Mdbvu32.exe tool in
action. You can see all the system folders in the connector mailbox.
417
For detailed instructions about how to open a connector mailbox using Mdbvu32.exe, see
How to Open a Connector Mailbox Using Mdbvu32.exe.
Message Conversion
When a MAPI-connector retrieves a message from the connector mailbox, it must convert the
message from MAPI format to the format of the target messaging system before it transfers
the message. Similarly, the connector must convert inbound messages from the format of the
non-Exchange messaging system to MAPI format before placing the message in its MTS-IN
folder. Message conversion includes the following two separate processes:
Address Translation
A MAPI-based connector must perform address translation for all inbound and outbound
messages. The following t three recipient lists are associated with each message that a
MAPI-based connector handles:
• The original list of recipients The list of recipients on the message itself
contains all the recipients to whom the message is addressed. Some of these
recipients might have their mailboxes on the local Exchange server, on another
server in the Exchange organization, or on a messaging system not associated with
the connector. In Exchange Server 2003, the original list of recipients is processed by
the SMTP transport subsystem. The same principle applies to inbound messages. A
message might be addressed to recipients on other servers in the non-Exchange
messaging system, in addition to Exchange users.
• The list of recipients sent to the MTA The SMTP transport subsystem passes
a message only to the MTA, if the message contains recipients to whom the MTA
must deliver the message either directly through remote procedure calls (RPCs),
through an X.400 connector, or through a MAPI-based connector. The recipient list
that the SMTP transport subsystem passes to the MTA might include all recipients or
only a subset of the original list. For example, if a user sends a message to another
user on the same Exchange server and a Lotus Notes user, the SMTP transport
subsystem will deliver the message to the Exchange user directly, but pass another
instance of the message for the Lotus Notes user to the Exchange MTA.
• The list of recipients on the message transfer envelope The Exchange MTA
only passes those messages to a MAPI-based connector that the connector must
transfer. When the Exchange MTA passes a message to a MAPI-based connector, it
creates a message transfer envelope (MTE) to which the MTA adds the original
message as an attachment. The MTA contains information about the recipients to
whom the connector must deliver the message. The Exchange MTA might deliver a
message using several connectors. In this case, a particular connector is not
responsible for all recipients in the list that the SMTP transport subsystem passed to
the MTA.
Properties Description
address in the message envelope of the outbound message. For inbound messages, the
translation is performed in the opposite direction.
One-off addresses can also be used to encapsulate non-Exchange addresses. For example,
if a user sends a message to a Lotus Notes user and a user on the Internet, the user on the
Internet might not have a recipient object in Active Directory with a NOTES proxy address, in
which case Connector for Lotus Notes cannot map the Internet user directly and must
encapsulate the SMTP address in a one-off NOTES address to ensure that all recipients
specified in the outbound Lotus Notes message appear in the non-Exchange system in a
supported format.
Message Conversion
Exchange Server 2003 uses message classes to define which properties a message
contains, the type of information the message conveys, and how the message can be
handled. Each message class has an associated set of properties, and because different
MAPI message classes support different sets of properties, multiple algorithms must be used
to convert a MAPI message to the message format of the non-Exchange messaging system.
Similarly, if the message format of the non-Exchange messaging system supports its own
message classes, separate translation algorithms are necessary to handle these message
classes.
The following table lists the message classes that MAPI-based connectors must handle.
Note:
In addition to the ENVELOPE
message class, MAPI-based
connectors must handle the
standard message classes, such as
IPM.NOTE, which are enclosed in
the MTE to perform message
conversions.
422
Directory Synchronization
MAPI-based connectors, such as Connector for Lotus Notes and Connector for Novell
GroupWise, support directory synchronization, which establishes a consistent global address
list across all messaging systems. MAPI-based connectors must also ensure that directory
information stays current in both directories. For example, if you change or delete a user in
the non-Exchange messaging system, the corresponding recipient object must also be
changed or deleted in Active Directory. Therefore, the MAPI-based connector uses MAPI to
interact with the Exchange store, but it uses ADSI to interact with Active Directory.
Note:
The computer account of the Exchange Server 2003 bridgehead server running
the MAPI-based connector requires permissions to create and modify recipients
in the selected import container.
The following figure illustrates the general process for transferring directory information from
a non-Exchange messaging system to an Exchange organization.
425
Note:
The computer account of the Exchange Server 2003 bridgehead server running the
MAPI-based connector requires permissions to access and read recipient information
in the selected export container.
The following figure illustrates the general process for transferring directory information from
Active Directory to a non-Exchange messaging system, based on ADSI and non-Microsoft
APIs or import tools, which place the recipient objects in the non-Exchange directory. The
APIs and tools that a MAPI-based connector uses to import directory information to a non-
Exchange directory depend on the non-Exchange messaging system. For example,
Connector for Lotus Notes accomplishes directory imports into Lotus Notes using the Lotus
Notes Client API, while Connector for Novell GroupWise uses administrator messages, which
it passes to Novell GroupWise API Gateway.
Caution:
Incorrectly editing the registry can cause serious problems that may require you
to reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up
any valuable data.
Procedure
To open a connector mailbox using Mdbvu32.exe
1. Ensure that the MAPI-based connector is started.
3. Right-click the key that represents the connector's MAPI profile and select
Export. For example, export the SERVER01-LME-GWISE V5.5 key if you want
to examine the message queues of Connector for Novell GroupWise.
4. Export the key to a .reg file, and then close the registry editor.
5. Open the exported .reg file in Notepad and replace all occurrences of
HKEY_USERS\S-1-5-18 with HKEY_CURRENT_USER.
7. Double-click the .reg file and in the dialog box that informs you that you are
about to import settings into the registry, click Yes. In the dialog box that informs
428
8. Ensure that the administrator account with which you are working is not a
member of the Enterprise Admins or Domain Admins group. Temporarily, add
your account to the Exchange Domain Servers group to gain access permissions
for the connector mailbox.
10. In the Choose Profile dialog box, select the MAPI profile of the connector,
such as SERVER01-LME-GWISE V5.5, and then click OK.
11. From the MDB menu, select OpenMessageStore. In the Select Message
Store To Open dialog box, verify that the MAPI-based connector is selected, and
then click Open.
12. From the MDB menu, select Open Root Folder, and in the MAPI_FOLDER
- Root dialog box, double-click on the system folder that you want to examine,
such as MTS-IN.
13. Close Mdbvu32.exe and remove your account from the Exchange Domain
Servers group.
Note:
Because Connector for Lotus Notes uses the Lotus Notes Client API to communicate
with a Lotus Notes or Lotus Domino server, the connector requires a dedicated Notes
ID that has permissions to access Lotus Notes databases.
The following table lists the important components of Connector for Lotus Notes.
429
Component Description
Component Description
• Lsmexnts.exe This
431
Component Description
Component Description
• MAPMEX.TBLin the
\Dxanotes
subdirectory Determines the
attribute mapping from Exchange
Server 2003 to Lotus Notes.
• MAPNOTES.TBLin the
\Dxamex
subdirectory Determines the
attribute mapping from Lotus Notes
to Exchange Server 2003.
Component Description
Component Description
• exportCustomRecipients Sp
ecifies whether mail-enabled
contacts are propagated to Lotus
Notes through directory
synchronization.
msExchServer1AlwaysCreateAs
Specifies how X.500 objects are
synchronized.
• msExchDeliveryOrder Specif
ies the processing order of
messages in the connector's
queue. The options are FIFO,
Priority (default), and Size.
• msExchExportDLs Specifies
whether mail-enabled distribution
groups are propagated to Lotus
Notes through directory
synchronization.
• msExchPartnerLanguage Sp
ecifies the language (code page) of
the connected Lotus Notes and
Domino server.
• msExchDirsyncSchedule Sp
ecifies the times at which directory
synchronization is performed
automatically.
• msExchDirsyncStyle Specifi
es whether full or incremental
directory synchronization is
435
Component Description
Message Transfer
The following figure illustrates the process for sending messages from Exchange Server 2003
to Lotus Domino.
The process for message transfer between Exchange Server 2003 and Lotus Domino is
made up of the following three steps:
1. Exchange 2003 determines that the recipient is a Lotus Domino user (based on
the target address of the user) and sends the message to the message transfer
agent (MTA).
2. The MTA delivers the message to the MTS-OUT directory, from which the
LSMEXOUT process retrieves it, converts the address from an X.400-based address
to a Lotus Domino address, and then delivers it to the READYOUT directory.
436
3. The LSMEXNTS process converts the message to Lotus Domino format and
delivers it for routing to the mail.box file on the Lotus Domino server.
The following figure illustrates the process for sending messages from Lotus Domino to
Exchange Server 2003.
The process for message transfer between Lotus Domino and Exchange Server 2003 is
made up of the following three steps:
1. Lotus Domino receives a message sent to an Exchange Server 2003 user from a
Lotus Notes user and places it in the mail router's mail.box database. The mail router
identifies the message sent to Exchange Server 2003 and then deposits it in the
exchange.box file.
2. Connector for Lotus Notes retrieves the message from the exchange.box
database, converts the message to Exchange Server 2003 format using the
LSNTSMEX process, and then delivers it to the READYIN folder on the server
running Exchange Server 2003.
3. The LSMEXIN process receives the message, converts the address from a Lotus
Domino address to an X.400 address, and places it in the MTS-IN folder. The
Exchange MTA then processes the message from the MTS-IN folder and places it in
the Simple Mail Transfer Protocol (SMTP) service's MTS-OUT folder, from which it is
then routed.
437
Message Conversion
Exchange Server 2003 and Lotus Domino support several message types, including meeting
requests, tasks, task requests, and e-mail. Connector for Lotus Notes supports the mapping
of different message types between Exchange Server 2003 and Lotus Domino. However, the
conversion from one format to another might cause some changes in message
characteristics. For example, certain features of a Lotus Domino message, such as the
expiration date, are lost when the message is converted to the Exchange format. Messages
that cannot be mapped to a corresponding message type in the target domain are converted
to e-mail messages.
Note:
Connector for Lotus Notes is not designed to convert HTML-formatted messages. If
you plan to route messages in HTML format between Exchange Server 2003 and
Lotus Notes (for example, because you want to route all messages to and from
Internet recipients through Exchange Server 2003), consider deploying an SMTP
connector instead of Connector for Lotus Notes.
The following table illustrates how different message types are converted between Exchange
Server 2003 and Lotus Domino.
No feature Reply By No No
438
Note:
Connector for Lotus Notes does not support signed or encrypted messages.
439
Connector for Lotus Notes handles meeting requests and phone messages as follows:
The following table illustrates which Lotus Notes e-mail message features convert correctly to
Microsoft Outlook.
Embedded OLE objects, including graphics Convert correctly and can be edited.
Superscript Ignored.
Subscript Ignored.
Shadow Ignored.
Emboss Ignored.
Engrave Ignored.
Bullets Ignored.
Directory Synchronization
The following figure depicts the directory connection between Exchange Server 2003 and
Lotus Domino. As mentioned in the table above, the Lsdxa.exe process is responsible for
controlling the actual directory synchronization processes Dxamex.dll and Dxanotes.dll.
Lsdxa.exe is started automatically when the Microsoft Exchange Connector for Lotus Notes
service starts. For more information about how to configure directory synchronization, see the
Exchange Server 2003 Interoperability and Migration Guide.
Note:
Connector for Lotus Notes creates mail-enabled contacts in Active Directory for
recipients in the Lotus Notes messaging system. The legacyExchangeDN address
(that is, the X.500 address of the Exchange user in Exchange 5.5 format) matches in
441
its first part the legacyExchangeDN of the connector. The first part is that portion of
the X.500 address that identifies the connector's administrative group (that is,
/O=<name of organization>/OU=<name of administrative group>).
On the Exchange side, Dxamex.dll communicates with Active Directory through ADSI to
extract the recipient information from the export containers specified in the connector
configuration. Dxamex.dll maps the recipient attributes as defined in Amap.tbl and
Mapmex.tbl, and places the results in a temporary file named Dxanotes.text in message
interchange format (MIF) in the \Program Files\Exchsrvr\Conndata\Temp directory.
Dxanotes.dll then parses the Dxanotes.txt file, processes the addresses, and places them in
the target directory on the Lotus Domino server. To communicate with Lotus Domino,
Dxanotes.dll uses the Lotus Notes Client API.
EndOfBuffer
Dxanotes.dll also performs directory synchronization from Lotus Notes to Active Directory.
The process uses the Lotus Notes Client API to read the Lotus Domino directory.
Dxanotes.dll maps the recipient attributes as defined in Amap.tbl and Mapnotes.tbl, and
writes the recipient information to the Dxamex.txt file in the \Program
Files\Exchsrvr\Conndata\Temp directory. Dxamex.dll processes the Dxamex.txt file and
places the recipient information in the import container specified in the connector
configuration.
EndOfBuffer
Note:
Microsoft does not officially support Novell GroupWise6.0 or later. However, because
the underlying technologies remain the same as in previous versions, Microsoft
Product Support Services offers "commercially reasonable effort" support. An
alternative to using Connector for Novell GroupWise for interoperability and directory
synchronization is to use the Novell GroupWise Gateway for Microsoft Exchange. If
you plan to migrate from Novell GroupWise6.0 or later to Exchange Server 2003, you
might want to use this connector from Novell.
The following table lists the important components of Connector for Novell GroupWise.
Component Description
Component Description
Component Description
Exchange Router for Novell GroupWise Connector for Novell GroupWise uses a
service Microsoft Exchange Router for Novell
GroupWise service (Gwrouter.exe), which
transfers messages in the form of header
and body files between the connector store
and a Novell GroupWise API Gateway.
446
Component Description
Component Description
Component Description
Component Description
• exportCustomRecipients Sp
ecifies whether mail-enabled
contacts are propagated to Novell
GroupWise through directory
synchronization.
msExchServer1AlwaysCreateAs
Specifies how X.500 objects are
synchronized.
• msExchDeliveryOrder Specif
ies the order of message
processing in the connector's
queue. Options are FIFO, Priority
(default), and Size.
• msExchExportDLs Specifies
whether mail-enabled distribution
groups are propagated to Novell
GroupWise through directory
synchronization.
• msExchPartnerLanguage Sp
ecifies the language (code page) of
the connected Novell GroupWise
post office.
• msExchDirsyncSchedule Sp
ecifies the times at which directory
synchronization is performed
automatically.
• msExchDirsyncStyle Specifi
es whether full or incremental
directory synchronization is
450
Component Description
Message Transfer
The following figure illustrates the process for sending messages from Exchange Server 2003
to Novell GroupWise.
451
The message transfer process between Exchange Server 2003 and Novell GroupWise is
made up of the following four steps:
1. Exchange Server 2003 determines that the recipient is a Novell GroupWise user
(based on the target address of the user) and sends the message to the Exchange
MTA.
2. The MTA delivers the message to the MTS-OUT directory, from which the
Lsmexout.exe process retrieves it, checks Active Directory, replaces target recipient
information with corresponding GroupWise addresses, and then delivers the
message to the READYOUT folder.
Note:
Header and body files are keyword-based text files that the GroupWise API
Gateway uses to communicate with Connector for Novell GroupWise. You can
use a text editor, such as Microsoft Notepad, to read and write keyword-based
text files in the API Gateway directory structure.
4. The Exchange Router for Novell GroupWise service (Gwrouter.exe) places the
message in the API_IN and ATT_IN directories of Novell GroupWise API Gateway.
The gateway works in conjunction with a Novell GroupWise MTA for delivery in the
GroupWise organization.
The following figure illustrates the process for sending messages from Novell GroupWise to
Exchange Server 2003.
The process for message transfer from Novell GroupWise to Exchange Server 2003 is made
up of the following four steps:
453
1. The Router for Novell GroupWise service obtains the message from the
API_OUT and ATT_OUT directories of Novell GroupWise API Gateway in the form of
header and body files and places them in the connector store.
2. The Gw2mex.exe process converts the header and body files to a message in
Exchange Server 2003 format, before it places the message in the READYIN folder.
3. The Lsmexin.exe process obtains the converted message from the READYIN
folder, verifies the validity of the recipient (converting the address to Exchange
format, if necessary), and delivers the message to the MTS-IN folder.
4. The Exchange MTA then processes the message from the MTS-IN folder and
places it in the SMTP service's MTS-OUT folder, from which it is then routed to its
destination in the Exchange organization.
Message Conversion
Novell GroupWise supports several specific message types, such as e-mail messages,
appointments, notes, tasks, forms, presentations, and documents. MAPI message types are
mapped to corresponding message types in Novell GroupWise, when possible. In other
words, e-mail messages appear as e-mail messages, meeting requests as appointments,
and so on. Message types that are not supported in Exchange Server 2003, such as Novell
GroupWise phone messages, are converted to regular e-mail messages. Connector for
Novell GroupWise can track delivery confirmation reports, read receipts, and non-delivery
reports.
Note:
Connector for Novell GroupWise does not support signed or encrypted messages.
455
Connector for Novell GroupWise handles meeting requests and phone messages as follows:
Note:
The API Gateway does not support recurring meeting requests from GroupWise
that use the AutoDate feature. These recurring meeting requests are not
transferred to Exchange Server 2003. Recurring meetings transferred from
Exchange Server 2003 to Novell GroupWise are added to the Novell GroupWise
calendar once, and recurring information is then displayed at the top of the
message body. It is the user's responsibility to remember when the meetings take
place or to enter multiple meeting occurrences individually in the calendar.
Color Ignored.
Bold Ignored.
Underline Ignored.
Italic Ignored.
Embedded OLE objects, including graphics Convert correctly and can be edited.
Superscript Ignored.
Subscript Ignored.
Shadow Ignored.
Emboss Ignored.
Engrave Ignored.
Bullets Ignored.
Note:
If an Exchange user specifies a GroupWise user multiple times in an e-mail message
(if recipient is listed more than once in the To, Cc, or Bcc line, or is in more than one
specified distribution group) the GroupWise user receives duplicate e-mail messages.
457
Directory Synchronization
Directory synchronization with Novell GroupWise follows a pattern similar to directory
synchronization with Lotus Notes. The Lsdxa.exe process is responsible for controlling the
actual directory synchronization processes. However, instead of Dxanotes.dll, the LSDXA
process uses Dxagwise.dll (that is, the Novell GroupWise DX Agent) for directory
synchronization with Novell GroupWise. Dxagwise.dll communicates with Novell GroupWise
by means of Novell GroupWise API Gateway, the Exchange Router for Novell GroupWise
service, and GroupWise administrator messages (Msg-Type= Admin). For more information
about how to configure directory synchronization, see the Exchange Server 2003
Interoperability and Migration Guide.
Note:
Connector for Novell GroupWise creates mail-enabled contacts in Active Directory for
recipients in the Novell GroupWise messaging system. The legacyExchangeDN
address (that is, the X.500 address of the Exchange user in Exchange 5.5 format)
matches in its first part the legacyExchangeDN of the connector. The first part is that
portion of the X.500 address that identifies the connector's administrative group (that
is, /O=<name of organization>/OU=<name of administrative group>).
Connector for Novell GroupWise performs the following steps to synchronize directories with
Novell GroupWise:
EndOfBuffer
458
3. Dxagwise.dll parses the Dxagwise.txt file, processes the addresses, and places
an administrator message to perform the update operation (add, modify, or delete
recipient objects) in the Novell GroupWise directory in the \Program
Files\Exchsrvr\Conndata\Gwrouter\Togwise directory. The following is an example of
an administrator message to update recipient objects in the Novell GroupWise
directory:
WPC-API= 1.2;
Msg-Type= Admin;
DS-External-Post-Office=
Operation= Add;
Domain= EXCHANGE;
Post-Office= FIRST ADMINISTRATIVE GROUP;
Time-Zone= gmt;
;
DS-User=
Operation= Modify;
Visibility= System;
Domain= Exchange;
Post-Office= First Administrative Group;
Object= Administrator;
Last-Name= \\;
First-Name= Administrator;
Description= Administrator;
Account-ID= \\;
Title= \\;
Department= \\;
Phone= \\;
Fax= \\;
Network-ID= \\;
User-Def-5= Microsoft Exchange Connector for Novell GroupWise;
;
-END-
4. The Exchange Router for Novell GroupWise service transfers the administrator
message to the Novell GroupWise API Gateway's API_IN directory.
5. Novell GroupWise API Gateway parses the administrator message and performs
the specified action.
7. The Exchange Router for Novell GroupWise service retrieves the .api file and
places it in the \Program Files\Exchsrvr\Conndata\Gwrouter\Dirsync directory.
8. Dxagwise.dll parses the .api file, extracts the recipient information, and writes
updates or the complete list (Full Load) to Dxamex.txt.
9. Dxamex.dll processes the Dxamex.txt file and places the recipient information in
the import container specified in the connector configuration.
Note:
Calendar Connector cannot reside in an administrative group with no servers (that is,
an administrative group that contains a routing group to define specific
administrators), because there is no server to contain free/busy information. Calendar
Connector must be installed on a server that is running Exchange Server 2003 with
an instance of the Free/Busy public folder for the local administrative group.
Free/Busy Information
Free/busy refers to certain information published by a messaging client for a user. This
information consists of the user's personal availability data determined by the contents of the
Calendar folder in their mailbox. As expected, free/busy data is used extensively when
scheduling meetings. Free/busy data is stored as messages in a dedicated system public
folder. Each administrative group in the Exchange organization includes a Free/Busy folder.
You must install Calendar Connector on a server that is running Exchange Server that
contains a replica of the free/busy system folder for the administrative group. Free/busy data
can be replicated within the Exchange organization to any one of the public folder servers, or
it can reside on a single server that runs Exchange Server. Within the organization, the
free/busy data is replicated using standard public folder replication.
You can check whether a server that runs Exchange Server contains a replica of the
free/busy system folder for the administrative group. For detailed instructions, see How to
460
Check Whether a Server Running Exchange Server Contains a Replica of the Free/Busy
System Folder for the Administrative Group.
Note:
Calendar Connector requires permissions to read and create items in the Free/Busy
system folder. In the properties of the Free/Busy folder for your local administrative
group, select the Permissions tab, and then click Client Permissions. In the Client
Permissions dialog box, verify that the Default account is assigned the Editor role.
Note:
To replicate free/busy data between Exchange organizations, the Exchsync tool is
used together with some additional settings.
Outlook first gets a referral from the mailbox server for the associated Free/Busy public folder.
After the server is located, properties on the user object in Active Directory are used to find
the free/busy message in the public folder.
Free/Busy Messages
Each free/busy message is a representation of the days and times that are busy and the days
and times that are not busy for a single person or resource. This is represented by a stream
of numbers on the Free/Busy server (a public folder server with public folders containing
replicas of one or more of the Free/Busy site folders).
Free/busy messages
Number Meaning
0 Free
1 Tentative
2 Busy
When there are multiple appointments in a single timeslot, the appointment with the highest
status number is selected. For example, a slot that contains both an OOF (3) appointment
and a tentative (1) appointment is coded as OOF (3).
More specifically, free/busy data is stored in multiple groups of multi-valued integer arrays.
Each group represents one of the busy classifications (busy, tentative, or OOF), and each
item in the group represents one month of data. The array itself is a group of pairs, in which
each pair is the number of minutes into the month the busy period starts and ends, time-
zone-adjusted to the International Date Line. Therefore, no data is stored for free time,
because free time is implicitly computed as being all of the time that is not marked as busy.
The appointment also stores the start month and month count, so that clients can compute
appropriately.
When Outlook must publish, it first determines the folder to which to publish free/busy data,
based on the legacyExchangeDN of the user. The legacyExchangeDN consists of two parts.
The first part determines the path of the free/busy folder (also the administrative group in
which the user was created, because the legacyExchangeDN does not change when moving
user mailboxes between administrative groups), and the second part is the subject of the
free/busy message. For example, the free/busy data location for a user who has the
legacyExchangeDN of /o=Contoso/ou=CorpUsers/cn=Recipients/cn=UserName is the folder
"EX:/o=Constso/ou=CorpUsers," and the message has a subject of "User-
/cn=Recipients/cn=UserName."
The free/busy folder is a subdirectory of the Schedule+ Free Busy folder, under the
NON_IPM_SUBTREE. The message subject is USER-/cn=RECIPIENTS/cn=UserName. If a
duplicate free/busy message is created, the information store automatically appends the
462
After Outlook determines where to publish the message in the public folder store, it chooses a
free/busy server. The steps are as follows:
1. Upon first logon, the server indicates to the client which default hierarchy server
to contact. This information is stored in the user's profile. If the administrator changes
the setting in Exchange System Manager, the user must log out and log back in to
get the new value. The client then makes an initial connection to this server and
maintains the connection for the duration of the user's logon session.
2. The MAPI client requests a "hierarchy" table for the root of the public folder store.
This request is sent to the configured default public folder store, and folders stored at
the root level of the public folder store are returned to the client.
3. The client enumerates the folder entries in this table, looking for the folder of
interest. If it is required, the client subsequently opens subfolders, opens their table of
sub-subfolders, and enumerates the subfolders again.
4. After the MAPI client identifies the folder of interest, it requests the table of
contents for that folder.
5. The service provider queries the server for the list of content replicas for the
folder.
6. The server obtains the replica list for the folder from the database and sorts it
based on routing group connector costs from that server. Other content replicas in
the same routing group as the requested server have a connector cost of zero.
7. The sorted list is returned to the client, together with the number of items in the
group of lowest-cost servers.
8. If the server to which the client is already connected is in the replica set (its cost
is also zero), the content replica search is finished. Go to Step 10.
9. The user's legacyDN is hashed, and the hash result is then divided by the count
of the lowest-cost servers. The rest of the division is used to index the list of servers
returned and to pick a server to which to connect.
10. The service provider tries a connection to the chosen server. If the connection
succeeds, the entire process is finished, and the server returns the contents table to
the MAPI client.
11. If the connection fails or the server reports "I'm not a replica" (the replica set
might have changed, and that change might not yet have replicated to the server
463
from which the replica list came), the service provider removes this server from the
list, decrements the count of "lowest-cost" servers, and if that count is not at zero,
returns to Step 9.
12. If the list of lowest-cost servers is exhausted, the count is reset to the size of the
remaining servers in the list, and the process returns to Step 9. If the entire list is
exhausted, an error is returned to the MAPI client.
Note:
These steps are identical, regardless of which folder the client wants (Offline Address
Book, Free/Busy, or another folder) or for what reason it wants the content in that
folder.
• Publishing free/busy messages for Outlook Web Access and Outlook Mobile
Access
As part of the transaction involved in the creation, deletion, or update of an appointment that
affects the start or end time, a server-side call sends a free/busy update message to the
System Attendant's mailbox. MadFB, which resides inside System Attendant, processes
these messages and updates the free/busy data in the MAPI public folder. Depending on
System Attendant's message polling interval, there can be up to a 15-minute delay before the
updated free/busy data is published.
MadFB's publishing process is identical to the Outlook publishing process described earlier.
Therefore, if duplicate messages are present, they are appended by a number. Although
Outlook Web Access and Outlook Mobile Access follow a process that is similar to the
process that Outlook follows, the Outlook Web Access and Outlook Mobile Access processes
are generally more reliable, because all the processing occurs between servers that are
running Exchange Server.
process involves first locating the free/busy public folder, and then accessing a particular
user's free/busy data in the folder.
• Outlook Before Outlook locates the free/busy public folder, it first receives a
referral from the mailbox server for the associated public folder store, which the
free/busy server then queries against (the referral and querying process is similar to
the publishing process). The free/busy data is stored as messages in the site folder
that is located in the main free/busy folder. Outlook, using Active Directory and
Exchange Server, determines a user's legacyExchangeDN and parses it into two
parts. The first part is the site folder name. The second part is the subject of the
message.
• Outlook Web Access and Outlook Mobile Access These clients perform a
DAV query for the other user, obtain the free/busy information, and then display it to
the user. The DAV query is initiated from the server that hosts the Outlook Web
Access or Outlook Mobile Access service (frequently the front-end server) against the
user's mailbox server (back-end server), where the actual free/busy lookup occurs.
Note:
For free/busy lookups to work, recipient information must be available in Active
Directory, so that the target free/busy system folder can be determined.
Therefore, you must enable directory synchronization with Lotus Notes or Novell
GroupWise, if you want to synchronize free/busy information using Calendar
Connector. As mentioned earlier in this section, Connector for Lotus Notes and
Connector for Novell GroupWise create mail-enabled contacts with a
legacyExchangeDN address that corresponds to the connector's local
administrative group. Because of this dependency, Calendar Connector must be
installed in the same administrative group as Connector for Lotus Notes or
Connector for Novell GroupWise. You should install Calendar Connector on the
same server as Connector for Lotus Notes or Connector for Novell GroupWise.
because of duplicates. For example, one of the URLs might have a tie-breaking "-x"
added, or one of the URLs might point to an item that was upgraded or replicated
from Exchange Server 5.5, in which case, the URL includes a GUID. The normalized
subject is determined by the last part of the legacyDN (for example,
CN=RECIPIENT,CN=TED).
MadFB keeps the earliest dated message and deletes the remaining messages, which
ensures deterministic replication, in which duplicate entries are always deleted. For example,
if MadFB keeps the newest message and deletes the remaining messages, the conflicting
message [X-2] is persisted through replication. This occurs because X on PF1 and X-2 on
PF2 are first deleted, and the newer versions of X-2 on PF1 and X from PF2 are replicated.
Therefore, these become the newest entries, and the cycle then is repeated.
Note:
MadFB is the same as MSExchangeFBPublish, the event log record Source name
that is used to log events in the event log.
If delegates receive an error message when attempting to modify the manager's calendar,
running /cleanfreebusy on the manager's calendar while the delegates have Outlook shut
down resets particular properties on the manager's public folder store. The next time that
delegates start Outlook, they retrieve the new free/busy data from the manager's
LocalFreeBusy item, thereby solving most delegate errors.
This delegate meeting scheduling problem originally occurs because the delegate client (for
various reasons) re-creates the free/busy message, which results in pointers pointing to the
deleted message. When the manager runs Outlook /cleanfreebusy in this state, the
manager's client re-creates the local free/busy message and stamps the root folders with the
new entry ID, which allows everyone to access the local free/busy message again.
Component Description
Note:
It is best to schedule Calendar
Connector to run after each
directory synchronization cycle,
so that Calsync.dll can create
469
Component Description
Component Description
• msExchCalConQueryWindow
Specifies the time that
Calendar Connector waits for the
non-Exchange messaging system
to return a response for a free/busy
request. If this time is exceeded,
Calendar Connector returns the
information that is currently
available in the free/busy record to
the Exchange user.
msExchCalConRefreshInterval
Specifies the time frame within
which Calendar Connector
considers the free/busy records for
471
Component Description
In Calendar Connector, Notescal.dll communicates with Lotus Notes and Domino through the
Lotus Notes Client API to transfer requests for Lotus Notes free/busy information to the Lotus
Notes Schedule Manager task. Schedule Manager is a task that runs on a Lotus Domino
server, which manages a Lotus Notes database named Busytime.nsf. The Busytime.nsf
database holds free/busy information for all the users on the server and for resources, such
as conference rooms, identified in the server's public address book.
Note:
Calendar Connector can connect to one Lotus Notes environment only. Integrating
multiple disparate Lotus Notes messaging systems with Exchange Server 2003 using
Calendar Connector is not supported.
473
1. Mapical.dll intercepts the free/busy request and checks for existing free/busy
records in the free/busy system folder. If the record has been updated within the time
frame specified under Maximum age in minutes of foreign free/busy data in
Exchange that can be used without querying the foreign calendar in the
Calendar Connector configuration, Mapical.dll returns this data immediately.
Note:
This mechanism only works if Calendar Connector is running on the server
where the free/busy folder resides. It is possible, for example, to replicate the
free/busy folder to other servers in remote administrative groups, in which case
the users who query these public folder instances might receive outdated
information. Exchange Server 2003 only returns the information currently
available in the requested free/busy messages. To avoid this problem, you must
install separate Calendar Connector instances for each replica of the free/busy
folder.
2. If a free/busy record does not exist or is beyond the maximum time limit,
Mapical.dll passes the free/busy query to Notescal.dll to update the target user's
free/busy record in the Exchange free/busy folder.
3. Notescal.dll receives the free/busy query from Mapical.dll and passes it to the
Lotus Notes Schedule Manager task.
4. The Schedule Manager task retrieves the information for local users from the
Busytime.nsf database. For users on downstream Lotus Domino servers, Schedule
Manager communicates with the Lotus Notes Calendar Connector task that is also
running on the Lotus Domino server to locate the free/busy information.
5. The Lotus Notes Calendar Connector task determines the domain of the target
user and reads the Calendar Server Name field from the domain document.
Calendar Connector then communicates with the remote calendar server to perform
the free/busy query.
6. The Lotus Notes Calendar Connector task returns the information to the
Schedule Manager task.
8. Notescal.dll passes the information to Mapical.dll, which updates the Lotus Notes
user's free/busy record in the system folder.
Note:
If the non-Exchange system responds within the period of time specified under
Maximum number of seconds to wait for response from foreign calendars
in the Calendar Connector configuration, the data is written to the target user's
free/busy record in the Exchange free/busy folder and returned to the client. If the
non-Exchange system does not respond within the allowed time frame (or if
Calendar Connector is not running), Exchange Server 2003 returns the existing
data from the free/busy record to the client, without first updating the target user's
free/busy record.
1. The Lotus Notes client passes the free/busy query to the Schedule Manager
task.
2. The Schedule Manager task determines that the request is for a non-local user
and passes it to the Calendar Connector task.
3. The Calendar Connector task reads the Person document for the Exchange user
and determines that the user is in a foreign domain. The Calendar Connector task
checks the Calendar System field in the Foreign Domain document for the
Exchange Server 2003 organization. The Calendar System field identifies the name
of the add-in program that handles the free/busy lookups on the Lotus Domino
server, which is the Exchange Calendar Connector add-in (ExCalCon.exe).
8. Schedule Manager delivers the free/busy information to the Lotus Notes user.
Note:
Because Lotus Notes identifies all Exchange users as belonging to a non-Lotus
Notes domain, all requests for Exchange free/busy information are received from the
Lotus Notes Calendar Connector task.
475
Calendar Connector performs the following steps for free/busy lookups for Novell GroupWise
users from Exchange Server 2003:
1. Mapical.dll intercepts the free/busy request and checks for existing free/busy
records in the free/busy system folder. If the record is updated within the time frame
476
2. If a free/busy record does not exist for the Novell GroupWise user or exceeds the
maximum time limit, Mapical.dll passes the free/busy query to Gwisecal.dll to update
the target user's free/busy record in the Exchange free/busy folder.
WPC-API= 1.2;
MSG-TYPE= Search;
Msg-ID= AAIMIDMI:2003.12.2.21.28:2004.1.31.21.28:2003.12.3.5.28.51;
From=
WPD= CONTOSO_DOM;
To=
WPD= CONTOSO_DOM;
WPPO= CONTOSO_PO;
WPU= FrankM;
CDBA= CONTOSO_DOM.CONTOSO_PO.FrankM; ;
-END-
4. The Router for Novell GroupWise obtains the message from the \Togwise
directory and puts it in the API_IN directory of Novell GroupWise API Gateway.
5. The API gateway processes the message according to the MSG-TYPE keyword
and puts it in the WPCSIN directory for the Novell GroupWise MTA.
477
6. The Novell GroupWise MTA routes the message to the home post office of the
GroupWise user and passes it to the appropriate Novell GroupWise Post Office
Agent (POA).
7. The Novell GroupWise POA processes the request and returns the resulting
free/busy information to the GroupWise MTA in the form of a SEARCH message.
8. The GroupWise MTA transfers the message to the WPCSOUT directory in the
API gateway directory and the API gateway transfers the message to the API_OUT
directory.
9. Router for Novell GroupWise obtains the SEARCH message from the API_OUT
directory and places it according to the MSG-TYPE keyword in the \Program
Files\Exchsrvr\Conndata\GWRouter\freebusy directory. The following is an example
of a response to a free/busy query:
WPC-API= 1.2;
Header-Char= T50;
Msg-Type= SEARCH;
Orig-Msg-ID= AAIMIDMI:2003.12.2.21.28:2004.1.31.21.28:2003.12.3.5.28.51;
To=
Busy-For=
CDBA= CONTOSO_DOM.CONTOSO_PO.FrankM;
Busy-Report=
Send-Options= None;
-END-
11. Mapical.dll updates the free/busy record for the Novell GroupWise user in the
free/busy system folder.
12. Exchange Server 2003 returns the free/busy information to the requesting
Outlook user.
1. A Novell GroupWise user performs a free/busy search for an Exchange user. The
Novell GroupWise client generates a SEARCH message, which the Novell
GroupWise system transfers to the API gateway.
2. The API gateway transfers the SEARCH message from the WPCSOUT directory
to the API_OUT directory, where Router for Novell GroupWise picks it up and places
it according to the MSG-TYPE keyword in the \Program
Files\Exchsrvr\Conndata\GWRouter\FreeBusy directory. The message is addressed
to the Exchange user for whom the Novell GroupWise user requests free/busy
information. The structure of the message is similar to the one generated by
Gwisecal.dll for queries from Exchange Server users.
4. Mapical.dll processes the free/busy query and returns the requested information
to Gwisecal.dll.
6. Router for Novell GroupWise obtains the message from the \Togwise directory
and puts it in the API_IN directory of the API gateway.
7. The Novell GroupWise system routes the response to the user who issued the
free/busy query.
479
Note:
GroupWise users must have a visibility setting of System or higher to receive
calendar information from Exchange.
Procedure
To check whether a server running Exchange Server contains a replica of the
free/busy system folder for the administrative group
1. In Exchange System Manager, click the Folders container.
4. Display the properties of the system folder for your local administrative
group, and select the Replication tab. Make sure that the public folder store of
the server running Exchange Server that is running Calendar Connector is
included in the list of public folder stores..
480
• IMAP4 Virtual Server Disabled by default, this virtual server provides IMAP4
client access to Exchange mailbox and public folder data.
• NNTP Virtual Server Disabled by default, this virtual server provides NNTP
client access to Exchange public folder data.
• POP3 Virtual Server Disabled by default, this virtual server provides POP3
client access to Exchange mailbox data.
• SMTP Virtual Server Enabled by default, this virtual server provides SMTP
messaging services.
Exchange Server 2003 installs and manages the POP3 and Internet Message Access
Protocol version 4rev1 (IMAP4) client access protocols, but uses the SMTP and NNTP
protocol stacks provided by IIS. SMTP is discussed in detail in SMTP Transport Architecture.
This section focuses on the other Internet client access protocols: HTTP, IMAP4, POP3, and
NNTP.
• How Exchange 2003 Integrates with IIS IIS and Exchange 2003 are tightly
integrated through the use of protocol stubs and a shared memory queue. The
implications of this integration, as they relate to deploying, managing, and
troubleshooting messaging services are discussed throughout this section.
• The Architecture of RPC over HTTP Remote procedure call (RPC) over HTTP
enables Microsoft Office Outlook 2003 clients to securely connect to an Exchange
server over the Internet using Microsoft Exchange MAPI transport services. This
section discusses how RPC over HTTP works and how to implement it in your
organization.
481
IIS Integration
In Exchange Server 2003, all Internet-based client access protocols run as part of IIS. When
you install Exchange Server 2003, it extends, rather than replaces, the SMTP and NNTP
protocol stacks in IIS, using additional command verbs and advanced routing components.
The Exchange Server 2003 Internet protocol stacks are as follows:
• POP3 POP3 is the most basic message retrieval protocol. POP3 can access
only the user's Inbox folder. Exchange 2003 supports POP3 for access by POP3
clients.
• SMTP SMTP is the primary messaging protocol for Exchange Server 2003.
SMTP is used to move messages between servers in the same routing group and is
the preferred protocol for moving messages between routing groups. The
enhancements made by Exchange Server 2003 to the IIS SMTP stack include:
• NNTP The Exchange Server 2003 implementation of NNTP adds the following
functionality to NNTP:
As illustrated in the following figure, ExIPC works in tandem with Exchange Installable File
System (ExIFS) to move messages between IIS and Exchange Server 2003.
ExIFS architecture
A message then becomes a list of pages (with the page numbers held in the .edb file) in the
streaming file. Any required properties are promoted from the .stm file to the .edb file.
This figure illustrates file streaming between IIS and ExIFS. ExIFS represents streaming files
to IIS as smaller virtual files. Data, such as checksum data and promotion of properties data,
moves first from ExIFS to Extensible Storage Engine, and then to the Exchange information
store. IIS and the Exchange information store also exchange information, such as the page
numbers on which ExIFS placed a message, so that the page numbers are recorded and
stored on the record representing the message in the Exchange information store.
Inbound Messages
When a message enters the system, IIS creates a new file in ExIFS. The data is written to the
new file on reserved pages. ExIFS then returns the list of pages to the Exchange store. The
Exchange information store processes the pages and stores them in a record representing
the message. Extensible Storage Engine then commits the data on the reserved pages by
logging the information to the storage group's transaction log files. At this point the pages
change from a reserved state to a committed state.
Note:
If the storage group has circular logging turned on, Extensible Storage Engine does
not write data that comes in through the streaming file data to the transaction log
files. In this instance, streaming file data is first placed in the streaming file. The data
is only required in the transaction logs for recovery and log roll forward after a
restore. Because log roll forward can only occur when circular logging is turned off,
the streaming file data is only useful in the transaction logs when circular logging is
turned off.
485
Outbound Messages
When a message is retrieved from the system, the Exchange store process receives the list
of pages referenced by the message. This list of pages is passed to IIS. IIS then opens a file
in ExIFS using the list of pages. The message is quickly streamed out of the Exchange
information store, without conversion.
ExIFS interaction with Microsoft Windows Explorer and the Exchange store
This figure illustrates that the interaction with the store achieved through ExWin32.dll.
ExIFS.sys also supports all the file system-related functions that are exported from
kernel32.dll, in addition to the interaction with the Exchange store achieved through
ExWin32.dll.
Each protocol queue is circular and fixed in size. During interprocess communications, data is
stored in the shared memory heap and referenced by a data handle. The data handle is
enqueued and dequeued. The IIS or the Exchange store then references a part of shared
memory from the handle.
486
The RPC Proxy runs on an IIS computer. It accepts RPC requests coming from the Internet,
efficiently connects across the Internet to RPC server programs, and runs remote procedure
calls without first requiring a VPN connection. It also performs authentication, validation, and
access checks on those requests without opening multiple ports on your firewall. This is done
with the help of an intermediary referred to as RPC-over-HTTP Proxy, or RPC Proxy.
If the request passes all tests, RPC Proxy forwards the request to the RPC server that
performs the actual processing. With RPC over HTTP, the RPC client and server do not
communicate directly. Instead, they use RPC Proxy as an intermediary.
RPC over HTTP has both server-side and client-side requirements, which are detailed in the
following table.
487
When the client program issues an RPC, using HTTP as the transport, the RPC run-time
library on the client contacts RPC Proxy. Depending on whether the RPC client was asked to
use HTTP or HTTPS, either TCP port 80 or TCP port 443 is used, respectively. RPC Proxy
contacts the RPC server program and establishes a TCP/IP connection. The client and RPC
Proxy maintain their HTTP or HTTPS connection across the Internet.
The client's HTTP or HTTPS connection to RPC Proxy can pass through a firewall (subject to
appropriate access permissions) if a firewall is present. The server can then run the RPC and
use the connection through RPC Proxy to reply to the client.
If either the client or the server disconnects for any reason, RPC Proxy detects that the
connection has been severed, and ends the RPC session. As long as the session continues,
RPC Proxy maintains its connections to the client and the server. It forwards RPCs from the
client to the server, and sends replies from the server to the client.
The RPC client program can route its RPC calls over the Internet by creating a string binding
of the following form:
[object_uuid@]ncacn_http:rpc_server[endpoint,HttpProxy=proxy_server:http_port,'rpcprox
y'=rpc_proxy:rpc_port]
Where:
• ncacn_http selects the protocol sequence specification for RPC over HTTP.
• rpc_server is the network address of the computer that is running the RPC server
process. The server address must be specified in a form visible and understandable
488
by RPC Proxy computer, rather than by the client. Because the client does not
connect directly to the server, it does not resolve the name of the server or establish
a connection to it. RPC Proxy establishes the connection on the client's behalf.
Therefore, rpc_server must be a name recognizable by RPC Proxy.
• endpoint specifies the TCP/IP port that the RPC server process listens to for
RPCs.
• HttpProxy optionally specifies an HTTP proxy server on the RPC client's network,
such as Microsoft Proxy Server. If a proxy server is selected, no port number is
specified, the RPC stub uses port 80 by default if SSL is not requested, and port 443
if SSL is specified.
• RPCProxy specifies the address and port number of the IIS computer that acts as
a proxy to the RPC server. You need to specify this only if the RPC server process
resides on a different computer than RPC Proxy. If you do not specify a port number,
by default the RPC client stub uses port 80 if SSL is not specified and port 443 if SSL
(HTTPS) is specified.
HTTP
The Microsoft Exchange Information Store service includes native HTTP access to data.
Every object in the Microsoft Exchange Information Store service is URL–accessible with
short, easily understood names. Because every object in the Microsoft Exchange information
store is URL–accessible, users have several different ways to access objects in mailboxes or
public folder hierarchies. The URL for an object is based on its location in the hierarchy and
usually contains the subject of the item.
When a user opens a message through Microsoft Outlook Web Access, the IIS request
processor calls the Exchange HTTP ISAPI application that parses the information in the
request and determines the following:
The server then determines whether the user has permissions to access the item. If the user
has access rights, the object state (read, unread), object type (folder, message, and others),
and item type (message, appointment, contact) are determined.
The Exchange HTTP ISAPI extension then matches the object attribute to its corresponding
form definition. If a form definition does not exist for a particular object attribute, the default
form is used, (the one used to read an e-mail item). The Exchange HTTP ISAPI extension
then parses the form and queries the information store to bind to the data. After receiving the
data from the Microsoft Exchange Information Store service, the Exchange HTTP ISAPI
extension renders the data in HTML or XML, based on the browser type and version, and the
client displays the message.
4. When IIS receives the request, it is passed to the Exchange ISAPI component
Davex.dll. This component parses the request for the following information and then
sends the request to the Exchange store. The following table illustrates the passed
item and its purpose.
5. The Microsoft Exchange Information store service then determines the item type.
490
6. The server verifies that the user has access to the item, determines the type of
object (folder, message, task, and more), and returns the item type and its state
(read, unread, and more) to the ISAPI application.
8. The ISAPI program takes the object attributes and looks for a form definition in
the forms registry that matches the object's type. If a matching form definition is not
found, a default form stored in Wmtemplates.dll is used. If the browser language is
not English, language specific strings are loaded from other template libraries in the
\Exchsrvr\Res\Directory.
9. The Microsoft Exchange Information Store service retrieves data for the form.
10. After a form definition is found, the ISAPI program parses the form, calling the
Microsoft Exchange Information Store service, to retrieve the data it references.
12. When the data is returned from the Microsoft Exchange Information Store
service, the form is rendered in the appropriate HTML and XML, and then goes to the
client.
WebDAV creates improved performance and user experience over the basic Microsoft
Outlook Web Access client by exploiting client-side data binding and rendering. For example,
when you click the column header, you can sort the Inbox in several different ways, enabling
views based on the sender's name, the message subject line, or received date. The browser
caches the user interface elements, such as Internet Explorer HTML components, Microsoft
Jscript libraries, XSL, and Graphics Interchange Format (GIF) files. When the user changes
the sort criteria, the browser can reformat the user interface elements locally and query the
server for the view data.
The following process shows how clients access items in their Inbox using WebDAV:
• The client issues an HTTP GET request for the client's Inbox.
• IIS receives the request on port 80 (unless you change this configuration) and
sends the request to Davex.dll for processing using ExIPC.
• The request is forwarded using ExIPC to the Exchange Store OLE DB driver,
Exoledb.dll.
• Exoledb.dll renders the request in a format that the Exchange store can process,
sends the request to the Exchange store, and then retrieves the client's Inbox
properties from the Exchange store.
• After the clients Inbox properties are retrieved, Exchange 2003 routes the
information back to the client using the same components that it used to process the
client request.
POP3
Exchange Server 2003 implements a POP3 protocol stack that is compliant with RFC 1725,
RFC 1734, and RFC 1939. Exchange 2003 supports the ten POP3 commands listed in the
following table.
Command Description
Command Description
Command Description
POP3 is considered a read only protocol. It only includes messages for requesting, reading,
and deleting messages. To send messages, POP3 clients use the SMTP protocol.
The following steps illustrate the interprocess communication steps that ExIPC goes through
when a client such as Microsoft Outlook accesses a mailbox on the Exchange server using
the POP3 protocol.
494
1. The client logs on to the server and gives the command to check e-mail.
3. IIS allocates shared memory from the shared memory heap for the request. A
corresponding handle is assigned to part of the shared memory. The handle, which
functions as a placeholder or pointer to a referenced part of memory, is then placed
in the circular memory queue (enqueued) in the direction of the Exchange information
store.
4. On the Exchange store side, the ExIPC.DLL for POP3 checks for incoming POP3
requests. The DLL receives the Request Mail Message and removes the handle from
the circular memory queue. The Exchange store-side POP3 stub references the
handle to the data in the shared memory heap.
5. If there are no failures or performance problems on the Exchange store side, the
ExIPC process is complete and the data is successfully communicated from the IIS to
the Exchange store. If a queue is full or the Exchange store has stopped, an error
message is returned.
6. A response (the mail message) is generated on the Exchange store side. The
Exchange information store allocates the appropriate shared memory for the
response from the shared memory heap. A corresponding handle is assigned to that
shared memory. The handle is then enqueued in the direction of IIS.
7. IIS removes the handle from the circular queue, references the shared memory,
and binds them together.
If there are no failures or performance problems on the IIS side, the response is complete
and the data is successfully communicated from the Exchange store to IIS.
495
IMAP4
Exchange 2003 is IMAP4 rev 1 compliant, in accordance with RFC 2060, RFC 2088 and
RFC 1731. IMAP is comprised of over 30 commands, through which messages can be
searched, fetched, and expunged from the Exchange server. IMAP is well suited for online
and offline use. IMAP can connect to multiple mailboxes (if permissions are in place) and
public folders and can be used for non e-mail purposes, such as news services.
IMAP4 goes beyond the functionality available by using POP3. IMAP4 allows users to access
any one of their folders, not just their Inbox. Because of this, it is more complex than POP3.
However, it still adheres to the same standard of being a read-only protocol. Like POP3,
IMAP4 also uses SMTP for sending e-mail.
Exchange 2003 supports the IMAP4 commands listed in the following table.
Command Description
Command Description
Command Description
Command Description
NNTP
Network News Transfer Protocol (NNTP) is a TCP/IP protocol based on text strings that are
sent bi-directionally over seven-bit ASCII TCP channels. The IETF owns the NNTP protocol,
which is defined in RFC 977. NNTP is commonly referred to as the Internet News Protocol,
because it contains the rules for transporting news articles from one computer to another.
NNTP is discussed here as a client/server protocol. It also encompasses server-to-server
based news transfer.
The NNTP service in Windows is designed to support a stand-alone newsgroup server that
can easily create group discussions. When Exchange 2003 is installed, the NNTP service is
enhanced with the ability to interface with other news servers through news feeds. The NNTP
service can communicate with external NNTP servers to make popular USENET groups
available to users.
The standard storage location for the NNTP service is in one or more directories in the file
system. With Exchange Server 2003, the NNTP service can also store newsgroups in the
public folders of any available public folder tree. Internet Newsgroups folder is the default
location for newsgroups. The NNTP service uses virtual directories to reference these
locations.
You can arrange multiple news servers in a master server/subordinate server layout. This
enables clients to connect to a large group of servers and still maintain accurate views of
newsgroup content. A bank or group of servers provides additional scalability for many clients
and provides fault tolerance if a subordinate server goes offline.
The Exchange Server 2003 implementation of NNTP provides the following additional
features for this protocol:
• MAPI or NNTP clients can read or post to newsgroups that are supported by the
Exchange information store.
499
Note:
You can view a semi-graphical representation of Exchange 2003 configuration
information stored in Active Directory in Microsoft Knowledge Base article 252370,
"Layout of Exchange Configuration in Active Directory."
Note:
On computers running Windows 2000 Server, the IIS metabase is located at
System32\Inetsrv\Metabase.bin. On computers running Windows Server 2003, the
IIS metabase is located at metabase.xml. The IIS metabase can be manipulated
through a variety of tools. On computers running Windows Server 2003, the built-in
IISCNFG tool can be used. On computers running Windows 2000 Server, the
MetaEdit 2.2 or later tool from the IIS Resource Kit is a good option. You can
download the IIS 6.0 Resource Kit from the Internet Information Services (IIS) 6.0
Resource Kit Tools Web site.
Paths in the metabase are named keys. Properties can be set at each key, and each property
can have attributes that customize that property. All identifiers that are present in the directory
service image of the subtree are required in the metabase, including identifiers such as
KeyType. Additionally, the Relative Distinguished Name of the object in the directory is
mapped directly to the key name in the metabase.
500
Note:
The DS2MB process overwrites changes that are made to Exchange virtual servers
and directories using the IIS snap-in with information that is contained in Active
Directory.
The operation of SMTP, POP3, IMAP4, and HTTP depends on the replication by DS2MB. Not
all settings are synchronized from Active Directory, some are written to the metabase directly
during the installation of Exchange.
Upon instantiation, DS2MB registers with the configuration domain controller. The
configuration domain controller notifies DS2MB, within 15 seconds, of any changes that are
made to the Exchange configuration . As soon as the change is replicated to the configuration
domain controller, it must be replicated to the metabase by DS2MB.
Because DS2MB handles the entry and synchronization of high water marks in the metabase,
there is usually no reason to adjust or manage this information. However, there are known
scenarios in which the resolution includes deleting the high water mark entries from the
metabase to reset them.
Protocol (LDAP) to query Active Directory to determine which back-end server hosts the
user's mailbox. A back-end server is a server running Exchange Server 2003 that maintains
at least one database.
This architecture is available only for RPC over HTTP, HTTP/WebDAV, POP3, and IMAP4
clients. It is not intended for MAPI or NNTP clients. Clients that are supported connect to a
front-end server that proxies client commands to the user's back-end server, which hosts an
Exchange information store.
This functional division between a front-end server and a back-end server provides several
benefits. For example:
• Offload SSL Encrypting and decrypting message traffic uses many CPU cycles.
A front-end server can perform encryption work, giving the back-end server more
cycles to manage the mailbox and public folder information stores.
• Public Folder Referrals for IMAP4 Clients Many IMAP4 clients do not support
referrals. With this architecture, the front-end server can retrieve public folders that
exist on a server other than the user's e-mail server.
• Server Location You can put the back-end servers that contain the databases
behind a firewall for increased protection. You can configure the firewall to allow
traffic only from the front-end server. Additionally, you can put a reverse proxy (such
as ISA Server) in front of a front-end server and only publish the front-end server. It is
not necessary to publish the back-end mailbox servers to the Internet. Therefore, you
can configure your firewalls and reverse proxies to allow traffic only to the front-end
server.
• If the front-end server accepts SMTP mail from the Internet, you must start the
Microsoft Exchange Information Store service and mount at least one mailbox store.
502
In certain situations (most notably in the generation of non delivery reports), the
SMTP service requires a mailbox store to perform a conversion.
• If the mailbox store is not mounted, messages that must be converted are stuck
in the local delivery queue. For security reasons, make sure that user mailboxes are
not homed on the mailbox store of a front-end server. If there are servers that are
running Exchange Server 5.5 in the same site (routing group), you must configure the
Microsoft Exchange MTA Stacks service to run on the front-end server. In this
configuration, the MTAs can bind and transfer mail by using RPCs.
• If you must change the configuration by using Internet Services Manager, for
example when you change an SSL encryption configuration, make sure that you
either complete the procedures that this guide describes before you remove the
stores, or leave the private information store intact on the front-end server.
• When you create a front-end server, do not delete the First Storage Group object
in Exchange System Manager. The Microsoft Exchange Information Store service
(and its related services) depends on the First Storage Group object.
With Exchange ActiveSync, devices that are running Pocket PC 2002, Pocket PC 2002
Phone Edition, and Smartphone are still supported. Additionally, Microsoft Windows Powered
Pocket PC 2003 devices are supported. Pocket PC 2003 devices enable greater granularity
in scheduling synchronization and also support the Always Up To Date functionality that is
introduced in Exchange Server 2003.
The client initiates communication by posting a request. When the server receives the
request, it parses the request and then sends an HTTP POST response that contains the
requested data in its body.
The sync protocol requires a TCP/IP connection between the client and server. However, the
underlying network layers are implementation-specific. Three common transport layers that
support the protocol are GPRS, CDMA 1xRTT, and IEEE 802.11. The sync protocol requires
that any transmission errors are handled by the networking software, and that the protocol
messages sent between the client and server are complete and error-free.
The sync protocol is designed to enable any mobile client to efficiently synchronize PIM data
with data stored on an Exchange server. To do this, the client uses the sync protocol to talk to
the Exchange front-end server component, which provides the synchronization as the means
to retrieve data from the Exchange store.
The following figure shows the functional components of the client and server
communications model that is used by the sync protocol.
504
The following steps occur for all commands that the client sends to the server:
1. The client creates a request and sends it to the sync server as an HTTPS POST.
2. The sync server processes the request, communicating with the Exchange back-
end server to access the user's PIM data.
3. The sync server creates a response and sends it to the client as an HTTPS
POST response.
4. The client processes the response and, if necessary, updates the local PIM data.
The following steps occur when the client sends a Sync command:
1. The client identifies any changes made to local PIM data since the last sync.
3. The client sends the command to the sync server as an HTTPS POST.
4. The sync server identifies changes made to data on the server since the last
sync, communicating with the Exchange back-end server to access the user's data.
5. The sync server resolves any conflicts between changes made to items on the
client and on the server.
8. The client processes the response and updates the local PIM data.
505
The Pocket PC 2002 client uses ActiveSync protocol v1.0 for Exchange ActiveSync. It can be
used against Mobile Information Server and Exchange Server 2003 using v1.0. The
Pocket PC 2003 client supports v1.0 and v2.0 protocols. It can negotiate the protocol to be
used.
Table 9.6 ActiveSync protocols supported by Pocket PC 2002 and Pocket PC 2003
devices
Therefore, Pocket PC 2002 and Pocket PC 2003 devices can be used against Mobile
Information Server and Exchange 2003.
• Sync This command is used to initiate a sync. The Sync command also has
other commands embedded in it (such as Add and Change).
506
ActiveSync protocol version 2.0 adds support for two additional commands: Folder sync and
AUTD (Always Up-To-Date):
• Folder Sync This command is used instead of the GetHierarchy command. The
FolderSync command synchronizes the collection hierarchy just like individual folders
are synchronized.
• AUTD This command enables the user to automatically synchronize the mobile
device with the server as new items are received on the server. For more information,
see the section "Up-to-Date Notifications" later in this topic.
A sync session is often made up multiple commands. In this case, the session will consist of
multiple pairs of command requests and responses sent back and forth between the client
and server.
• URI This part includes the server address and several parameters, including the
command name.
• HTTP Header This part includes additional parameters that are used by the
server and are transmitted in standard HTTP format.
• HTTP Body This part includes data required by the command. The format
varies by command, and some commands have no body.
URI
The following example shows a typical sync request URI:
POST /Microsoft-Server-ActiveSync?User=johndoe&
DeviceId=789123456789012345&DeviceType=PocketPC&Cmd=Sync
The parameters such as Cmd, User, and DeviceId are sent by the client with each request. The
most important parameter is the Cmd parameter. The Cmd parameter indicates to the server
what operation it must perform. In this example, the Sync argument passed in the Cmd
parameter indicates to the server that a sync operation must be performed. Additional data is
contained in the HTTP POST body.
507
HTTP Header
In addition to the URI, the client also sends some general information in the HTTP header.
The following example shows the entire HTTP POST request header, together with the URI:
POST Microsoft-Server-ActiveSync?User=johndoe&
DeviceId=789123456789012345&DeviceType=PocketPC&Cmd=Sync
Accept-Language: en-us
MS-ASProtocolVersion: 2.0
Content-Type: application/vnd.ms-sync.wbxml
The server responds with some general information in the header. The following entry
contains the HTTP POST response header:
HTTP/1.1 200 OK
Content-Length: 114
Date: Mon, 15 Mar 2004 11:07:44 GMT
Content-Type: application/vnd.ms-sync.wbxml
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Pragma: no-cache
MS-Server-ActiveSync: 2.0.3273.0
HTTP Body
The request body contains data sent to the server. The type and format of the data varies by
command. The most common format is XML, and the details depend on the command.
Commands that send e-mail messages use RFC 822 format, instead of XML. Some
commands do not require extra data. In that case, the body is empty.
The response body contains data returned from the server. As with the request body, the
format varies by command. Typically, it is in WbXML format. When the body contains an e-
mail attachment, the format depends on the type of the attachment file. Some commands do
not use the body.
The client sends the SyncKey to the server with each synchronization request. Each object
that is synchronized—whether a message, contact, or calendar item—has a unique identifier
assigned by the server. This ServerId is a 48-character string that is stored by the client. The
identifier is used during synchronization to identify objects that are stored on both the client
and server.
Up-to-Date Notification
Exchange ActiveSync is configured on the device to synchronize with the server at intervals,
as frequently as every five minutes. However, ActiveSync does not provide up-to-date
information about the device. The user can also incur additional charges because of the
frequent sync sessions.
Up-to-Date Notification is a new feature in Exchange Server 2003 that enables the user to
automatically synchronize a pocket PC 2003 or a Microsoft Windows Mobile 2003 device with
the server when new items are received on the server. Up-to-date notification is a feature of
Exchange ActiveSync that is installed with Exchange Server 2003.
An event is generated in a user's Exchange account when a new message arrives. This event
causes a Short Message Service (SMS) notification to be sent to the user's device. The
device synchronizes in the background. The user data is updated to the most current
information, with no intervention on the part of the user.
The notification is sent as an SMS control message to the device. It is different from a regular
SMS notification, because it does not appear as an SMS message in the Inbox. The SMS
router and Exchange ActiveSync on the device process the notification. The notification itself
does not carry any sensitive data.
Notifications can be sent from Exchange Server 2003 directly to the SMS address of the
device, or through an aggregator (for example, a corporate service provider) configured by
the Exchange administrator. For notifications to be sent to the SMS address of the device, the
administrator must create an SMTP carrier in Exchange System Manager.
509
Aggregators
Organizations can choose to send notifications to devices through an aggregator. The only
aggregator currently available is MSN Internet Access. To establish an aggregator, the
organization must log on to a secure Web site using a Passport account and select the
carriers it wants to use through MSN. The organization can then obtain credentials from MSN
for secure notification delivery.
Next, the MSN carrier must be created in Active Directory. A separate file,
MSNCarrierConfigurator.zip is provided. The zip file contains CreateMSNCarrier.cmd and
CarrierConfig.LDF, which are used to set up the MSN carrier.
After the MSN carrier is created in Active Directory, the administrator creates an SMTP
connector for secure notification delivery to MSN, using the credentials received when a user
signs up. When an administrator configures an SMTP carrier to send notifications directly to
the SMS address of the device, the notification goes through the SMTP gateway at the
mobile operator and then to the operator's SMS Center (SMS-C). Operator SMTP gateways
are frequently associated with high message latencies and SMS delivery times are
sometimes greater than an hour. This negates the advantages of up-to-date notifications and
does not provide an up-to-date experience for the user.
There are also security issues with forwarding messages through an SMTP gateway
operator. You can use an aggregator to connect through Transport Layer Security to Microsoft
Mobile Services. This enables an enterprise to connect to one or more of the operators with
which Microsoft Mobile Services has created up-to-date partnerships.
Outlook Mobile Access is installed by default but disabled globally (although all users are
enabled for mobile access). The user experience is similar to Microsoft Outlook Web Access.
Connection with Outlook Mobile Access is through a URL, typically, http://server-name/oma.
Unlike Microsoft Outlook Web Access, however, you cannot specify a specific user account in
the URL. This is because Outlook Mobile Access adds a unique identifier to the URL as part
of session state management.
Outlook Mobile Access supports the following messaging and collaboration features:
• Contacts View, Create, Edit personal contacts, search personal and global
address list (GAL) contacts, save GAL contacts to personal contacts, and e-mail and
call contacts.
aspx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEB
UG.
.NET Framework
.NET Framework has two main components: the common language runtime and the .NET
Framework class library. The common language runtime is the foundation of .NET
Framework. The runtime is an agent that manages code at run time. It provides core
services, such as memory management and thread management, while it enforces strict type
safety and other forms of code accuracy that assist with security and robustness issues. In
fact, the concept of code management is a fundamental principle of the runtime. Code that
targets the runtime is named managed code, while code that does not target the runtime is
named unmanaged code.
The class library is a comprehensive, object-oriented collection of reusable types that are
used to develop applications ranging from conventional command-line or graphical user
511
ASP.NET
ASP.NET enables developers to use the .NET Framework to target Web-based applications.
ASP.NET is more than a runtime host. ASP.NET is a complete architecture for developing
Web sites and Internet-distributed objects using managed code. Both Web Forms and XML
Web services use IIS and ASP.NET as the publishing mechanism for applications. Both have
a collection of supporting classes in the .NET Framework.
The .NET Framework also provides a collection of classes and tools to assist in development
of mobile controls. Mobile controls are used to develop applications for handheld devices and
are device-specific. Mobile controls reduce development time and make sure that the correct
markup is returned to the client device.
ASP.NET Framework 1.1 provides an abstraction of a user interface with objects representing
the fundamental components of a visual display, such as text labels and input boxes. It is the
runtime's task to convert this abstract representation to device-specific markup.
ASP.NET provides mobile Web Form controls that represent individual components of the
user interface. These components are used to define a user interface in a Web page.
ASP.NET delivers the content in the markup language appropriate to the requesting device.
There are two major client protocols that are used by browsers to date: cHTML and xHTML.
ASP.NET automatically renders the correct elements for the specified wireless device.
Session Management
As mentioned at the beginning of this section, Outlook Mobile Access requires Session State
management to operate correctly. The HTTP protocol is effectively stateless, as it provides no
mechanism for identifying or maintaining sessions between a Web server and a client. This
problem is addressed in ASP by providing a Session object that enables you to uniquely
identify a user and store information specific to his or her interactions with a Web server.
ASP.NET offers an updated and improved version of the Session object. This object enables
you to perform the following tasks:
Outlook Mobile Access uses ASP.NET default, in-process session state handling, and the
modified URL method of session management.
512
Note:
There is a potential problem with mobile devices that do not support modified URLs
for session ID. Some wireless browsers experience difficulties dealing with relative
URLs after they have been redirected to a modified URL. The problem occurs
because they support URL lengths much shorter than those supported by desktop
browsers. An application in a deeply nested hierarchy might require URLs with
lengths that exceed what is supported by some browsers.
Administrators and developers are discouraged from modifying web.config settings for a
device Microsoft has not tested. In many cases, there will be no interoperability problems
between the mobile device and Exchange. However, there is no support for such
modifications, and the end result may remove the ability to debug Outlook Mobile Access.
Outlook Mobile Access must receive the user credentials in clear text through Basic
authentication. Outlook Mobile Access does not support or work with Windows Integrated
Authentication even if the device/browser supports it.
513
ASP.NET works in conjunction with IIS, the .NET Framework, and the underlying security
services provided by the operating system, to provide a range of authentication and
authorization mechanisms.
The format of the response page is determined by templates. Outlook Mobile Access
leverages Microsoft Outlook Web Access functionality. Outlook Mobile Access uses custom
templates to control the information and the format of the information returned from the
Microsoft Outlook Web Access functions. These templates return data in a format that is
similar to a WebDAV response. This provides unification of the data format returned by
functions using Microsoft Outlook Web Access for data retrieval and those using WebDAV.
WebDAV is the foundation for most operations in the Outlook Mobile Access Exchange Data
Provider. The WebDAV protocol, designed for general data access, extends HTTP to
HTTP 1.1. This enables data storage on the server and retrieval by the HTTP client. The
fundamental operations are:
• Navigate folder
The Exchange Data Provider classes provide the interface with Exchange Server for those
functions not obtained from Microsoft Outlook Web Access.
Determining the correct <mailbox> is more complex. The only way to determine a user
mailbox name is to find the user's SMTP address for the mailbox. You can find this value from
the User object. However, there is a problem with this method. The attribute might contain
more than one SMTP address for the user.
The correct SMTP address is determined by the SMTP Domain of the mailbox in question.
The SMTP Domain is configured through Exchange System Manager per virtual directory for
Microsoft Outlook Web Access, Outlook Mobile Access and Exchange ActiveSync. This
facilitates hosting as the same front-end server can have multiple Outlook Mobile Access
virtual directories and each virtual directory represents a unique SMTP Domain. This setting
is stored in the directory with one SMTP Domain per virtual directory per Exchange server.
Outlook Mobile Access, in addition to Exchange ActiveSync and Microsoft Outlook Web
Access, do not have read access to this attribute. Access rights are restrictive because it is
an administrator setting. The DS2MB process does have read access. The mailbox resolution
process is as follows:
1. Exchange System Manager writes an SMTP Domain value to Active Directory for
a certain virtual directory on a certain server.
2. DS2MB on that server picks the setting up and replicates it to the IIS metabase
on the computer.
3. Outlook Mobile Access reads the SMTP Domain for the virtual directory in which
they are running.
4. Outlook Mobile Access looks up the SMTP addresses on the Active Directory
User object (in cross-forest topologies, this information is read from the disabled user
account in the Exchange resource forest).
5. Outlook Mobile Access picks out the SMTP address using the SMTP Domain in
the list.
The <servername>, <virtualDirectoryName>, and <mailbox> values are then linked together
to provide the DAV/OWA URL that the back-end server requires.
describe the forest-wide and user-specific Outlook Mobile Access configuration settings in
Active Directory.
0 = Enabled. 1 = Disabled.
The attributes on the User object inherit three access control lists (ACLs) from the User object
container: Domain Admins, Local System on Domain Controllers, and Account Operators.
516
Each of these security principals have full read/write permissions to the user's settings.
Additionally, the two attributes listed in Table 9.8 are part of the Public-Information property
set, which gives Authenticated Users read access. The attributes in the Outlook Mobile
Access Configuration Container are inherited from the Organization Node, and then read
access for Authenticated Users is added.
Because these directory settings are only read at the beginning of a new session, changing
the settings does not affect sessions in progress. For example, disabling a user for Outlook
Mobile Access does not immediately block that user from an ongoing session. A user won't
notice that access is disabled until the next time that user tries to establish a new Outlook
Mobile Access session.
IIS obtains the correct configuration from the local metabase. IIS related information is stored
in Active Directory and replicated in one direction from the directory to the metabase by the
DS2MB process. DS2MB runs as part of System Attendant on each computer running
Exchange 2000 or later. DS2MB receives notifications of changes in the directory and directs
DS2MB to do the work.
If you discover that the local metabase is not synchronized with the directory, you can force a
manual update of the directory by manipulating the metabase key below.
LM\DS2MB\HighWaterMarks\{056BE186-E73F-4EBD-A92D-2D985BC97C63}\61472
Changing the data for this value to 0 (zero) or deleting the key and then restarting System
Attendant causes a full replication of the directory information to the metabase. When System
Attendant starts, the key is added to the metabase with the default value. The metabase can
be manipulated through a variety of tools. If Exchange 2003 is running on Windows
Server 2003, the built-in IISCNFG tool can be used. If Exchange is running on
Windows 2000, MetaEdit 2.2 or later can be used.
There are some user configurable settings in web.config file, which are described in the
following table.
preferredResponseCodePa Sets
ge Response.ContentEncoding
to the specified integer. Set
at the same time as
Response.Charset.
520
preferredRequestCodePage Sets
Request.ContentEncoding
to the specified integer.
Should be set at the same
time as Response.Charset.
1. The HTTP(S) Web request is received from the network. SSL can be used to
verify the server identity. SSL also provides a security channel to help protect
sensitive data passed between client and server.
2. IIS authenticates the caller by using Basic authentication. IIS creates a Windows
access token for the authenticated user.
3. IIS authorizes the caller to access the requested resource. NTFS file system
permissions defined by access control lists (ACLs) attached to the requested
resource are used to authorize access.
4. IIS passes the authenticated caller's Windows Server access token to ASP.NET.
This section explains the role of the Microsoft Exchange Information Store service in the
Exchange Server 2003 messaging system. The Microsoft Exchange Information Store
service, as its name implies, implements the Exchange store. The Exchange store hosts
mailbox and public folders. The responsibilities of the Exchange store also include public
folder replication, which is covered in a separate section because of its complexity.
Replicated public folders can also increase fault tolerance for workgroup solutions.
You should know how the Exchange store replicates public folder data across an
Exchange organization.
For information about managing the Exchange store and about backup and disaster recovery,
see the Exchange Server 2003 Administration Guide.
Note:
You can rename the .edb and .stm databases and move them to different directories
in Exchange System Manager. Because the .edb and .stm files together create a
complete Exchange store repository, you should keep them together and assign them
a common name with different extensions (that is, .edb and .stm).
Exchange Server 2003 uses transactions to control changes in storage groups. These
transactions are recorded in a transaction log, similar to the way transactions are stored in
traditional databases. Changes are committed or rolled back based on the success of the
transaction. If there is a failure, you use transaction logs (together with the database files and,
in some cases, the checkpoint file) to restore a database. The facility that manages
transactions is the Microsoft Exchange Information Store service (Store.exe). Any
uncommitted transaction log entries are also considered part of a current Exchange
database, as illustrated in the following figure.
523
The following two types of databases are available in Exchange Server 2003:
• Public store databases These databases store public folder hierarchies and
public folder contents.
The following figure illustrates the internal Exchange store architecture. The Microsoft
Exchange Information Store service (Store.exe) uses Extensible Storage Engine (ESE) to
access the database files in the file system, and provides access to the data through various
interfaces, such as MAPIsvr, ExPOP, ExIMAP, ExSMTP, and ExOLEDB. Client application
and application programming interfaces, such as Collaboration Data Objects for Exchange
(CDOEX), can use these interfaces or communicate with the messaging database (MDB)
module.
Storage Groups
Each storage group is made up of a set of log files and auxiliary files (internal temporary
databases, the checkpoint file, and reserve logs) for all the databases (.edb files, .stm files) in
the storage group. Exchange Server 2003 supports multiple storage groups and multiple
databases in each storage group. In Exchange Server 2003, a single server supports up to
four storage groups and a single storage group supports up to five databases. Support for
multiple databases enables you to distribute numerous mailboxes and public folders across
524
numerous, smaller databases, thus making database management easier. Exchange 2000
Server and Exchange Server 2003 can support up to 20 mailbox and public folder databases
on a single server.
Within each storage group, each .edb and .stm database pair represents a mailbox store or a
public folder store. As shown in Figure 10.3, all mailbox and public folder stores in a particular
storage group share a common set of log files and other system files. These files enable
transaction-oriented processing.
The log files and other system files in each storage group have the following purposes:
• <Log Prefix>xxx.chk This is the checkpoint file (for example, E00.chk) that
determines which transactions require processing to move them from the transaction
log files to the databases. Checkpoint files are updated when ESE writes a particular
transaction to a database file on a disk. This update always points the checkpoint file
to the last transaction that was transferred successfully to the database. This update
provides a fast recovery mechanism. However, checkpoint files are not required to
commit transactions to databases. ESE has the ability to process transaction log files
directly and to determine for itself which transactions have not yet been transferred.
This process takes significantly more time than using checkpoints.
Note:
Extensible Storage Engine guarantees that transactions are not written to a
database multiple times.
525
• Exx.log This is the current transaction log file for the storage group. Transaction
log files give ESE the ability to manage data storage with high speed efficiency. ESE
stores new transactions, such as the delivery of a message, in a memory cache and
in the transaction log concurrently. The data is written sequentially. New data is
appended to existing data without the need for complex database operations. At a
later time, the transactions are transferred in a group from the memory cache to the
actual databases, which update them.
By default, the default storage group, named First Storage Group, uses the prefix E00,
which results in a transaction log file name of E00.log. The E00.log is used for all mailbox
and public stores in this storage group. If you create additional storage groups, the prefix
number is incremented to E01, E02, and E03.
• <Log Prefix>XXXXX.log These are transaction log files that have no room
remaining for further data. By default, transaction log files are always exactly
5.242.880 bytes (five megabytes) in size. It is theoretically possible to change the log
file size, but this is not recommended. When a log is full, it is renamed to allow the
creation of a new, empty transaction log file. Renamed transaction log files are
named previous log files. The naming format of previous log files is <Log
Prefix>XXXXX.log (such as E00XXXXX.log), where XXXXX represents a five-digit
hexadecimal number from 00000 to FFFFF. Previous log files reside in the same
directories as the current transaction log file.
• Res1.log and Res2.log These are reserved transaction log files for the storage
group. Reserved log files are an emergency repository for transactions. They provide
enough disk space to write a transaction from memory to the hard disk, even if a
server's disk is too full to admit new transactions to a log file. The reserved log files
can be found in the transaction log directory. They are created automatically when
the databases are initialized. They cannot be created later.
ESE uses reserved transaction log files only to complete a current transaction process. It
then sends an error notification to Store.exe to dismount the Exchange store safely. In the
application event log, there is an entry that indicates the issue. In this situation, you
should create additional free hard disk space (for example, add a new hard disk) before
you mount the database again.
Note:
Tmp.edb is not included in online backups.
• <file name>.edb These are the rich-text database files for individual private or
public stores. The rich-text database file for the default private store is named
Priv1.edb. The file for the default public store is named Pub1.edb.
526
• <file name>.stm These are the streaming Internet content files for individual
databases. The streaming database file for the default private store is named
Priv1.stm. The file for the default public store is named Pub1.stm.
The configuration settings for a storage group are stored in Active Directory. If you want to
use ADSI Edit to locate the directory object for a storage group, you must open the
configuration naming contacts, expand the services node, then CN=Microsoft Exchange, and
then expand the Exchange organization object, administrative group, and server container.
Underneath it, you can find a container named CN=InformationStore, which contains the
storage groups, such as CN=First Storage Group. The object class for storage group objects
is msExchStorageGroup. If you plan to use custom scripts to manage Exchange store
resources, you can access msExchStorageGroup objects by using Active Directory Service
Interfaces (ADSI).
The following code example demonstrates how to access the default storage group on a
server called SERVER01 in an Exchange organization called Contoso. It displays the current
path to the transaction log files of that storage group.
strStorageGroupDN = "CN=First Storage Group," _
& "CN=InformationStore," _
& "CN=SERVER01,CN=Servers," _
& "CN=First Administrative Group," _
& "CN=Administrative Groups," _
& "CN=Contoso,CN=Microsoft Exchange," _
& "CN=Services,CN=Configuration," _
& "DC=Contoso,DC=com"
Set oStorageGroup = GetObject("LDAP://" & strStorageGroupDN)
MsgBox oStorageGroup.Get("msExchESEParamLogFilePath")
The following are important Exchange attributes of msExchStorageGroup objects that you
can use in custom scripts based on ADSI:
Circular logging causes ESE to discard transactions when the committed changes are
transmitted to the database file on disk. The checkpoint file indicates which log files and
transaction entries are successfully committed to the database. Any existing previous
logs are deleted, while transactions in the current transaction log file are marked as
527
obsolete. New transactions eventually overwrite the obsolete entries in the current
transaction log before a new log file is created.
Note:
Through purging of transactions, circular logging reduces consumption of disk
space. However, circular logging is not compatible with sophisticated fault-
tolerant configurations and several online backup types that rely on the existence
of transaction logs. When circular logging is enabled, you can only perform full
backups. You cannot perform backups that rely on transaction log files, such as
differential or incremental backups. When you recover data, you cannot replay
transaction log files, thus you cannot restore data beyond the most recent
backup. In contrast, if transactions are not automatically deleted through circular
logging, you might be able to recover beyond the most recent backup by
replaying transactions that still exist on a hard disk. Although circular logging is
enabled by default in Exchange Server 5.5, it is disabled by default in
Exchange 2000 Server and Exchange Server 2003.
Note:
Online defragmentation frees space in the databases but does not reduce the
size of the database files. Database inconsistencies are corrected during every
start and shutdown of the server in a process referred to as soft recovery.
528
• A server running Exchange Server 2003 can have up to five storage groups.
Because one of the storage groups is reserved for database recovery operations,
only four storage groups can be used to hold databases that are accessible by
clients. Attempts to create more than four storage groups result in an error message.
• You can create only five databases in a storage group. Attempts to create more
databases result in an error message.
come to the system, the database engine can buffer data in memory, so that it does not have
to access the disk constantly. This makes the system more efficient, because writing to
memory is approximately 200,000 times faster than writing to disk. When users make
requests, the database engine starts loading the requests to memory and marks the pages as
dirty. A dirty page is a page in memory that contains data. These dirty pages are later written
to the Microsoft Exchange Information Store service databases on disk.
Although caching data in memory is the fastest and most efficient way to process data, it
means that while Exchange is running, the information on disk is never completely up-to-date.
The latest version of the database is in memory, and because many changes in memory are
not on disk yet, the database and memory are not synchronized. If there are any dirty pages
in memory that have not been transferred and written to disk, the databases are flagged as
inconsistent. Exchange databases are synchronized only when all dirty pages in memory are
transferred to disk. This happens when you properly shut down the Microsoft Exchange
Information Store service. During the shutdown process, the Microsoft Exchange Information
Store service flushes all pages to disk.
Messages from MAPI clients, such as Outlook, are stored in the MAPI database, just as they
were stored in previous versions of Exchange Server. MAPI-based clients can then access
these messages without conversion. However, if an Internet protocol-based client attempts to
read a message in this database, the message is converted to the requested format.
The traditional .edb file and its accompanying .stm file are a single unit. One of these files is
of little use without the other file. It is important to understand that a single database in the
Microsoft Exchange Server Information Store service contains two files, the .edb file and the
.stm file.
A record in the .edb file contains a column (of data type JET_coltypSLV) that references a list
of pages in the streaming file that contains the raw data. Space usage (maximum of four
kilobytes of page numbers) and checksum data for the data in the streaming file is stored in
the .edb file.
MDBEF to the appropriate format, based on what the client requests. This conversion
consumes processor bandwidth and slows server performance.
Later versions of ESE enable Internet messaging clients to store raw data in native format.
The repository for this raw data is referred to as the streaming database, or simply the
streaming file. The streaming file has no balanced tree (B-tree) overhead. Instead, it contains
two four-kilobyte pages of header information and then raw data in four-kilobyte pages. This
flat data structure is designed for binary large objects (BLOBs) of data that are unlikely to
need content conversion and that can be received and transmitted very quickly.
Property Promotion
Property promotion determines where data is stored in an ESE database and is therefore an
important concept to understand. The Microsoft Exchange Information Store service supports
the property promotion of data held in the .stm file to the .edb file. Property promotion enables
folder views and indexes to be maintained efficiently. For example, a message streamed to
the .stm file has its properties, such as sender, subject, and date sent and received, promoted
to the records representing the message in the .edb file.
When a MAPI client, such as Microsoft Outlook, submits a message to the Microsoft
Exchange Information Store service, the contents of that message are stored in the .edb file.
If a non-MAPI client opens the message, the Microsoft Exchange Information Store service
does an immediate conversion of the MAPI content to Internet format by performing some of
the conversion and calling IMAIL, which in turn calls RTFHTML, to complete the conversion.
None of this conversion is persistent, meaning that data is not moved out of the .edb file and
written to the .stm file.
If an Internet client submits a message to the Microsoft Exchange Information Store service,
the contents of that message are stored in the .stm file. Certain headers from the Internet
message are duplicated to the .edb file, so the Microsoft Exchange Information Store service
can find the message. This is referred to as a state 0 conversion.
If any client asks for a property, such as PR_Subject, or one of its many aliases, then the
Microsoft Exchange Information Store service promotes all of the Internet message's header
information to Properties. This is referred to as a state 1 conversion.
If any client asks for attachment information, then the Microsoft Exchange Information Store
service creates a near duplicate (in MAPI form) of the Internet message. At first, the message
is still in the .stm file. However, much of the data needed for MAPI access is in the .edb file. If
a client alters the message in a way that changes the Multipurpose Internet Mail Extensions
(MIME), then the .stm file version of the message is discarded and the .edb file of the
message is preserved. This is referred to as a state 2 conversion.
moved to the .edb file. The same applies to messages with a winmail.dat attachment,
encoded using UUEncode. Transport neutral encapsulation format (TNEF) and Winmail.dat
are encapsulation methods for MAPI messages to preserve MAPI properties on transports
that do not support MAPI. Therefore, the general principal that MAPI messages reside in the
.edb file and Internet messages reside in the .stm file is correct. The current functionality has
the TNEF decoded before any one of the MAPI properties are read.
• For the Standard Edition, the default configured database size limit will now be
18 GB, a 2 GB addition to the previous limit, with a new maximum size of 75 GB.
• For the Enterprise Edition, there is no default configured database size limit, and
no software set maximum size.
• Both versions of Exchange Server 2003 with SP2 have the ability to configure a
limit, a warning threshold, and a warning interval set through registry keys.
• Size check done against the database now uses logical database size. Empty or
white space in the database does not count against the configured database size
limit; therefore, no offline defragmenting is required for recovery exceeding the
configured or licensed database limits.
• Limit checks, done at regular intervals, are now controlled by the store process
instead of JET. The default time interval is 24 hours and this interval is configurable
through the registry.
Registry Settings
• The database size limit registry keys are read when the database mounts (not
when the service starts up), and when each limit check task runs.
You must set registry parameters for each database targeted for size limit modification. The
registry entries should be located under each database entry in the local server registry.
Accordingly, you must reset the registry keys manually if the server has to be rebuilt using the
/disasterecovery setup switch.
532
Note:
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.
All registry settings discussed in this topic are created in the following registry location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<SERV
ER NAME>\Private-013e2e46-2cd7-4a8e-bfec-0e4652b94b00
Note:
By default, registry entries mentioned in this article are not present; when you create
the entry, you override the default value set in code.
Note:
All of registry values mentioned in this article are in decimal, not hexadecimal.
The following registry value controls the Configurable Database Size Limit:
The following registry value controls the Database Size Buffer Warning:
First database size check will not take the database offline if the size limit has been
exceeded. Because the database does not go offline, you are ensured at least 24 hour of
availability after the limit is exceeded for default settings.
If the Database Size Warning Buffer in Percentage is reached or exceeded, an error event,
event ID 9688, is logged in the Application event log.
With Exchange Server 2003 SP2 or later, the server performs the following tasks when the
configurable (or default configured) database size limit is reached:
• If the first check after a database mount finds the database size above the limit,
the database will not be taken offline but an error event (ID 9689) will be logged in
the Application event log.
• If it is the second check, an error event will be logged in the Application event log
and the database will be taken offline.
After the administrator remounts the database, he or she has 24 hours (or until the next
database size check or 05:00 if the default is set) to take corrective actions.
Note:
The current hard coded limit of the JET database is 8,192 GB, or 8 terabytes (TB).
For information about service level agreements, see "Establishing a Service Level
Agreement" in "Setting Availability Goals" in the Exchange 2003 High Availability Guide.
For information about how to configure database size limit options, see "Configure Database
Size Limits" in the Exchange Server 2003 SP2 online Help.
• ESENT The database engine for Active Directory and many Microsoft Windows
components. Unlike other versions of ESE (which use five MB log files and four KB
536
page sizes), the Active Directory implementation of ESENT uses ten MB log files and
eight KB pages.
Note:
ESE was previously referred as Joint Engine Technology (JET) Blue. JET Blue is not
the same as the version of JET found in Access (referred to as JET Red).
Transactions
ESE is a sophisticated, transaction-based database engine. A transaction is a series of
operations that are treated as an atomic (indivisible) unit. All operations in a transaction are
either completed and permanently saved, or no operations are performed. Consider, for
example, the operations involved when moving a message from the Inbox to your Deleted
Items folder. The message is deleted from one folder, added to another folder, and the folder
properties are updated. If a failure occurs, you do not want two copies of the message, no
copies at all, or folder property values (such as item count) that are inconsistent with the
actual folder contents.
To prevent problems such as this, ESE bundles operations inside a transaction. ESE makes
sure that none of the operations are permanently applied until the transaction is committed to
the database file. When the transaction is committed to the database file, all the operations
are permanently applied.
If there is a crash, ESE also handles automatic recovery at start and rolls back any
uncommitted transactions. If ESE fails before a transaction is committed, the entire
transaction is rolled back, and it is as if the transaction never occurred. If ESE crashes after
the transaction is committed, the entire transaction is persisted, and the changes are visible
to clients.
ACID Transactions
Transactions that are this reliable are generally referred to as ACID transactions. ACID
transactions can be identified by the following attributes:
• Atomic This term indicates that a transaction state change is all or none.
Atomic state changes include database changes, and messages and actions on
transducers.
• Isolated This term indicates that even though transactions run at the same
time, it appears to each transaction (T) that others executed either before T or after T,
but not both.
• Rollback If a transaction must roll back, it examines the version store to get the
list of operations it performed. By performing the inverse of all the operations, the
transaction can be rolled back.
• Write-conflict detection If two different sessions try to modify the same record,
the version store notices and rejects the second modification.
Snapshot Isolation
After a transaction starts, ESE guarantees that the session views a single, consistent image
of the database, as it exists at the start of its transaction, plus its own changes. Because
other sessions can also modify the data and commit their transactions, these changes are
invisible to any transaction that started before the commit. A user can modify a record only if
that user is viewing the latest version. Otherwise, the update fails with JET_errWriteConflict.
Versions earlier than the latest transaction are automatically discarded.
ESE features a transaction isolation level called Snapshot Isolation. Snapshot Isolation level
allows users to access the last committed row using a transitionally consistent view of the
538
database. Snapshot Isolation is a concurrency control algorithm that was first described in A
Critique of ANSI SQL Isolation Levels. Snapshot Isolation is implemented by ESE by using
repeatable reads.
Database Pages
The page size in ESE is defined by the application that uses it. For example, ESE97
(Exchange Server 5.5) and ESE98 (Exchange 2000 Server and Exchange Server 2003) use
four KB pages, whereas ESENT (Active Directory) uses eight KB pages. Each of these
four KB or eight KB pages contains pointers to other pages or to the actual data that is being
stored in the B-tree. The pointer and data pages are intermixed in the file.
To increase performance wherever possible, pages are cached in a memory buffer for as long
as possible. This reduces the need to go to disk. Each page starts with a 40-byte page
header, which includes the following values:
• DbtimeDirtied This value indicates the Dbtime the page was last modified.
• pgnoPrev This value indicates the page number of the adjacent left page on
the leaf.
• pgnoNext This value indicates the page number of the adjacent right page on
the leaf.
• ObjidFDP This value indicates the Object ID of a special page in the database,
referred to as Father of the Data Page (FDP), which indicates which B-tree this page
belongs to. The FDP page is used during repair.
• cbFree This value indicates the number of bytes available on the page.
• ibMicFree This value indicates the page offset for the next available byte at the
top of the page.
ECC Checksum
Exchange Server 2003 Service Pack 1 (SP1) introduces a new feature named Error
Correcting Code (ECC) Checksum. ECC Checksum is a new checksum format that enables
the correction of single-bit errors in database pages (in the .edb file, .stm file, and transaction
log files). This new checksum format uses 64 bits, whereas the earlier checksum format uses
32 bits. Earlier format databases can be used with the new code, but current format
databases cannot be used with earlier versions of ESE. After the database engine is updated,
all pages that are written to the database have the new checksum format. Pages that are
read and not modified do not have their checksum format upgraded.
Note:
After the newer ESE.dll is deployed, any offline defragmentation that you do causes
all pages in the database to have their checksum format upgraded. This could greatly
increase the length of time it takes to defragment the database, and therefore it is not
recommended. Additionally, running eseutil with the /k switch, which also checksums
all pages in the database, is not recommended.
Database pages with the earlier-format checksum start with a four-byte checksum, followed
by a four-byte page number, which is used to verify that the requested page is actually read
off disk.
The new checksum format removes the four-byte page number and instead starts with an
eight-byte checksum. The page number is used as an input parameter in calculating the
checksum. Therefore, if the wrong page is read off disk, there will be a checksum mismatch.
The current checksum format actually consists of two 32-bit checksums. The first is an XOR
checksum, calculated much like the earlier format checksum. The page number is used as a
seed in the calculation of this checksum. The second 32-bit checksum is an ECC checksum,
which allows for the correction of single-bit errors on the page.
The Exchange store might be responsible for self-generating a -1018 error, if the Exchange
store does one of the following:
540
• Constructs a page correctly, but tells the operating system to write the page in
the wrong location.
If a system administrator encounters a -1018 error or runs diagnostic hardware tests against
the server and these tests report no issues, the administrator might conclude that Exchange
Server must be responsible for the issue, because the hardware passed the initial analysis.
Ordinary diagnostic tests might not detect all the transient faults for several reasons. Issues in
firmware or driver software might fall outside the capabilities of diagnostic programs.
Diagnostic tests might be unable to adequately simulate long run times or complex loads.
Also, the addition of diagnostic monitoring or debug logging might change the system enough
to prevent the issue from appearing again.
The simplicity and stability of the Exchange Server mechanisms that generate checksums
and write pages to the database file suggest that a -1018 error is probably caused by
something other than Exchange Server. The checksum and incorrect page detection
mechanisms are simple and reliable, and have remained fundamentally the same since the
first Exchange release, except for minor changes to adapt to database page format changes
between database versions.
A checksum is generated for a page that is about to be written to disk, after all other data is
written to the page, including the page number itself. After Exchange Server adds the
checksum to the page, Exchange Server instructs the Microsoft Windows Server operating
system to write the page to disk by using standard, published Windows Server APIs.
The checksum might be generated correctly for a page, but the page might be written to the
wrong location on the hard disk. This can be caused by a transient memory error, such as a
"bit flip." For example, suppose Exchange constructs a new version of page 70. The page
itself does not experience an error, but the copy of the page number that is used by the disk
controller or by the operating system is randomly changed. This problem can occur if 70
(binary 1000110) has been changed to 6 (binary 000110) by an unstable memory cell. The
page's checksum is still correct, but the location of the page in the database is now wrong.
Exchange Server reports a -1018 error for the page when it detects that the logical page
number does not match the physical location of the page.
Another kind of page numbering error (caused by Exchange Server) might occur if Exchange
Server writes the wrong page number on the page itself. But this causes other errors, not the
-1018 error. If Exchange Server writes 71 on page 70, and then does the checksum on the
page correctly, the page is written to location 71 and passes both the page number and
checksum tests.
541
Frequently, a single -1018 error that is reported in an Exchange Server database does not
cause the database to stop or result in a symptom other than the presence of the -1018 error
itself. The page might be in a folder that is infrequently accessed (for example, the Sent or
Deleted Items folders), or in an attachment that is seldom opened, or even empty.
Even though a single -1018 error is unlikely to cause extensive data loss, -1018 errors are
still cause for concern because a -1018 error is proof that your storage system did not reliably
store or retrieve data at least one time. Although the -1018 error might be a transient issue
that never occurs again, it is more likely that this error is an early warning of an issue that will
become progressively worse. Even if the first -1018 error is on an empty page in the
database, you cannot know which page might be damaged next. If a critical global table is
damaged, the database might not start, and database repair might be partly or completely
unsuccessful.
After a -1018 error is logged, you must consider and plan for the possibility of imminent failure
or additional random damage to the database, until you find and eliminate the root cause.
Balanced tree
Note:
Although the trees inside an ESE database are generally referred to as B-trees, they
are actually B+ trees. B+ trees include all the characteristics of B-trees, but
additionally each data page in the B+ tree has page pointers to its previous and next
adjacent page on the leaf. Although there is an overhead during insertion or split and
542
merge operations to keep these pointers up-to-date, the pointers allow for faster
sequential seeking through the data in the B+ tree structure.
From an ESE perspective, a database table is a collection of B-trees. Each table consists of
one B-tree that contains the data, although there can be many secondary index B-trees used
to provide different views of the data. If a column or field in a table becomes too wide to store
in the B-tree, it is divided to a separate B-tree, named the long-value tree.
The definition of these tables and their associated B-trees is stored in another B-tree, named
the system catalog. Loss of the system catalog is a serious problem. Therefore, ESE keeps
two identical copies of this B-tree in each database, one starting at page four and the other
starting at page 24.
Split
When a page becomes almost full, about half the data is put on a secondary page and an
extra key is put in the secondary page's parent page. This process is performed unless the
parent page is also full. In this event, the parent page is split, and a pointer is added to this
page's parent page. Ultimately, every pointer page up to the root block might need to be split.
If the root block needs to be split, an additional level of pages is inserted into the tree.
Figuratively speaking, the tree grows in height.
Merge
When a page is almost empty, it is merged with an adjacent page, the pointers in the parent
page are updated, and if it is required, the page is merged. Ultimately, if every pointer page
up to the root block is merged, the tree shrinks in height. To obtain to a leaf (data), ESE starts
at the root node and follows the page pointers until it gets to the desired leaf node.
Fan-Out
The tree structure of an ESE B-tree has very high fan-out. High fan-out means ESE can
reach any piece of data in a 50 GB table with no more than four disk reads (three pointer
pages and the data page itself). ESE stores over 200 page pointers per four KB page,
enabling ESE to use trees with a minimal number of parent/child levels (also called shallow
trees). ESE also stores a key of the current tree, which enables ESE to quickly search down
the current tree. The preceding diagram is a tree with three parent/child levels; a tree with
four parent/child levels can store many gigabytes of data.
Indexes
A traditional B-tree is indexed in only one particular way. It uses one key, and the data must
be retrieved using that key. For example, the records in the messages table are indexed on a
543
message's unique identifier, called the message transfer service (MTS)-ID. However, a user
probably wants to view the data in the messages table ordered in a more user friendly format.
Indexes, or more specifically, secondary indexes, are used to retrieve the data. Each
secondary index is another B-tree that maps the chosen secondary key to the primary key.
This makes B-trees small compared to the data they index.
To understand how a secondary index is used, consider what occurs when a user changes
the way messages are presented in a messaging folder. If you change your folder view in
Outlook so that subject, instead of received time, orders the view, Outlook causes the store
and ESE to build a new, secondary index on your message folder table.
When you change views on a large folder for the first time, you will experience a delay. If you
look closely at the server, you see a small spike in disk activity. When you switch to that view
again, the index is already built, and the response is much quicker.
The Microsoft Exchange Information Store services' secondary index B-trees live for eight
days. If they are not used, the Microsoft Exchange Information Store service deletes them as
a background operation.
Long-Values
A column or a record in ESE cannot span pages in the data B-tree. There are values (such as
PR_BODY, which is the message body of a message) that break the 4KB boundary of a
page. These are referred to as long-values (LV). A table's long-value B-tree is used to store
these large values.
If a piece of data is entered in an ESE table, and it is too large to go into the data B-tree, it is
divided into four KB sized pages and stored in the table's separate long-value B-tree. The
record in the data B-tree contains a pointer to the long-value. This pointer is called the long-
value ID (LID) and means that the record has a pointer to LID 256.
Record Format
A collection of B-trees represents a table, and a table is a collection of rows. A row is also
called a record. A record consists of many columns. The maximum size of a record, and
therefore the number of columns that appear in a single record, is governed by the database
page size, minus the size of the header. ESE has a four KB-page size. Therefore, the
maximum record size is approximately 4050 bytes (4096 bytes, minus the size of the page
header).
The column data types fall into two categories. The first category is fixed and variable
columns. The second category is tagged columns. Each column is defined as a 16-byte
FIELD structure, plus the size of the column name.
When a table is created in an ESE database, the table is defined by using an array of FIELD
structures. This array identifies the individual columns in the table. Within this array, each
column is represented through an index value, called the column ID. This is similar to an
ordinary array in which you can reference array members by ID, such as array[0], array[1],
and so on. Columns are quickly accessed by ID, but a search by column name requires a
linear scan through the array of FIELD structures.
545
Variable columns can contain up to 256 bytes of data. An offset array is stored in the record
with the highest variable column set. Each column requires two bytes. Data type Ids 10
and 11 can be defined as variable columns. Each table can define up to 127 variable columns
(column ID 128 to 256).
Tagged Columns
ESE defines columns that occur rarely or have multiple occurrences in a single record as
tagged columns. An undefined tagged column incurs no space overhead. A tagged column
can have repeated occurrences in the same record. If a tagged column is represented in a
secondary index, each distinct occurrence of the column is referenced by the index.
Tagged columns can contain an unlimited, variable length of data. The column ID and length
are stored with the data. All data types can be defined as tagged columns. Each table can
define up to 64,993 tagged columns.
World Wide Web Publishing Service Provides HTTP services for Exchange
Server (Microsoft Outlook Web Access,
Microsoft Outlook Mobile Access, and
Microsoft Exchange ActiveSync), as well as
Internet Information Services (IIS).
547
Space Management
The two types of space in a database file are owned space and available space. Every table,
index, and long-value B-tree has its own list of owned and available pages. Available space is
a list of pages that can be used to store new data. Available space is always a subset of
owned space.
Database Defragmentation
Defragmentation is the process whereby ESE traverses the pages at the bottom (the leaf
pages) of each B-tree database. ESE determines whether it can merge strings of adjacent
pages to a single page. This frees up pages and returns them to the table's available space.
The locality and contiguity of related pages inside the database file is maximized where
possible.
• Free space inside the database file (.edb) is not returned to the file
system. Instead, after online defragmentation completes, the Microsoft
Exchange Information Store service logs an event in the application event log
(Event ID 1221) that indicates the amount of available free database space.
This free space is used if needed, before the physical database file grows.
• Secondary indexes are rearranged but not rebuilt (if there is index
corruption, it is not repaired).
• Vertical merge is not supported in the database file (.edb) (tree levels are
not collapsed).
Note:
If a mailbox or public folder store is mounted while you try to use ESEUTIL.exe to
compact its databases, the error code -1032 (JET_errFileAccessDenied) is
returned. Remember to perform a full backup both before and after
defragmenting databases offline.
Buffer Management
A fundamental design goal of ESE is to avoid disk access. To do this, ESE uses a
comprehensive buffer manager. The buffer manager performs the following two jobs:
• It decides how much memory the buffer cache should use. This is accomplished
using an internal feature called Dynamic Buffer Allocation (DBA).
• It decides which pages should remain in the buffer cache. An algorithm named
LRU-K makes this decision.
Dynamic buffer allocation uses four rules to govern how large or small the cache should be:
• The more memory available, the faster the Exchange store's working set grows.
• The more cache memory, the faster the Exchange store's working set shrinks.
• The higher the memory load, the faster the Exchange store's working set grows.
• The higher the available memory load, the faster the Exchange store's working
set shrinks.
549
DBA uses a patented formula to determine how the buffer cache size should grow or shrink
over time.
However, the LRU algorithm has a flaw. It decides what page to drop from memory based
only on the time of last reference. Specifically, LRU is unable to differentiate between pages
that have relatively frequent references and pages that have very infrequent references. For
example, a page may have been accessed 100 times, followed by another page, accessed
only a single time. According to LRU, the page accessed 100 times would be dropped,
regardless of the fact that this page is more popular than the other page that was only
accessed once.
To optimize database disk buffering, the LRU-K algorithm was introduced in 1993 (Elizabeth
J. O'Neil, Patrick E. O'Neil, Gerhard Weikum, The LRU-K Page Replacement Algorithm For
Database Disk Buffering. SIGMOD Conference 1993). This algorithm surpasses conventional
buffering algorithms by discriminating between frequently and infrequently referenced pages.
Exchange Server 2003 uses the LRU-K algorithm.
The LRU-K algorithm keeps track of the times of the last K references to memory pages (ESE
sets the default value of K to 2) and uses this statistical information to rank-order the pages
according to their expected future behavior. Based on this statistical information, ESE can
decide which memory-resident page to drop in order to make room for a newly accessed
page that must be read into memory. Because statistical information about referenced pages
is constantly collected, the LRU-K algorithm adapts in real time to changing patterns of
access. This algorithm is fairly simple and incurs little bookkeeping overhead. It uses the last
two or more references, generally the last K references, (where K is greater than or equal to
2) for each page to decide which page should be dropped.
the same tasks that it performed in previous versions of Exchange and also replicates an
Exchange 2000 or Exchange 5.5 public folder tree. Exchange Server 2003 also supports
additional trees, commonly referred to as application top level hierarchies. Each top level
hierarchy has a directory entry. The entry contains a back link to the distinguished names of
all the public stores in the top level hierarchy. The MAPI top level hierarchy is secured in the
directory under the First Administrative Group in the Exchange organization.
A single server can host only one public folder store database in a top level hierarchy. For
active/active clusters, this means that only a single instance of a top level hierarchy database
can exist across both Exchange virtual servers (EVSs) due to the possibility of both EVSs
running on the same physical node. Exchange Server 2003 Service Pack 1 now supports
hosting more than one instance of a public folder tree in an active/passive cluster, because a
single physical node cannot host more than one EVS.
• Site Folders These are folders, such as SCHEDULE+ FREE BUSY, Events
registry, MAPI Forms, and Offline Address List.
Site folders are visible when viewing system folders in Exchange System Manager. Site
folders replicate in the same way as ordinary folders, and their replication lists can be
modified in the same way as ordinary public folders. The first server running Exchange
Server 2003 in an administrative group holds copies of offline address lists, free/busy data,
and replicas of other site folders. The location of these folders (that is, the public folder store
that hosts these folders) can be changed through Exchange System Manager. Each
administrative group has a site folder server (the first server in the site), which is stored as an
attribute of the administrative group's directory entry. This determines which server is
responsible for making sure that site folders exist.
551
Replication Overview
Public folder replication is the transfer of public folder data between public folder stores in the
same top level hierarchy, using an e-mail-based replication engine. The process is the same
for MAPI top level hierarchies and application top level hierarchies. The folder hierarchy is
replicated through hierarchy replication messages and the content of folders is replicated
through content replication messages between replicas of individual folders. In addition, there
are backfill requests and response messages, and status messages and status request
messages, which keep replication between stores synchronized.
Note:
Internally the store addresses folders by a Folder ID (FID), which is a hex ID; for
example, 1-2A45. An FID is a row in the folders table in the public folder store.
Similarly, messages are referenced by a Message ID (MID), which is a row in the
MsgFolder table. Hierarchy replication messages, for example, are a special type of
content replication message for a folder with the ID 1-1.
Replication uses standard transports to send replication messages to other public folder
stores. If an update must go to multiple public folder stores, then a single replication message
is generated, addressed to the multiple public folder stores (in other words, to the replica list
for the folder, because for a hierarchy, this is all that the public folder stores in the top level).
The SMTP transport engine must categorize and bifurcate the message to deliver it to each
individual public folder store. For more information about message categorization and
bifurcation, see SMTP Transport Architecture.
Public Folder replication is e-mail based. Replication messages are e-mail messages sent
between the public folder stores in each top level hierarchy. Therefore, there must be an e-
mail path between the public folder stores to enable replication.
Folders replicate by sending e-mail between public folder stores. Therefore, public folder
stores require e-mail addresses (added by the recipient update service).
Change Numbers
All updates (create, delete, and modify) are assigned change numbers. Change numbers are
used by the replication engine to track updates. Every modification to a folder is given a
change number. When updates are replicated to another server, the change numbers for the
specific changes are included with the update. The change numbers are then used by the
receiving server to determine whether this is a new change. The replication message also
carries a copy of the complete set of change numbers that exist in the folder on the sending
server, so that the receiving server can determine whether it is missing any data. A set of
change numbers is referred to as a change numbers set (CNset).
Status messages (0x10) A status message is sent in Sends the current CNSets of
response to a status a folder to another replica of
request. It contains the that folder. Used for
complete CNSet of owned hierarchy (replicas of folder
changes on this server. This 1-1) and content (specific
set does not necessarily content replicas).
represent all the changes
that actually occurred,
because all changes might
not have replicated to this
specific public folder store.
Status request messages Sends the folder's current The Exchange store sends a
(0x20) CNSet to all other replicas. status request message in
It simultaneously requests the following situations:
that some subset of those
• An existing
replicas return their own
replica of a public
CNSet. This response
folder might have
comes as a status
missed replication
message. The requested
messages or might
server does not respond if
have been restored
the requesting server's
from an outdated
CNSet is not a strict subset
backup. A status
of the requested server's
request message is
set.
sent by one public
folder store to
another public folder
store to determine if
any changes are
missing locally.
• A new replica of
a public folder was
added to a public
folder store. A new
replica of a folder
generates a status
request for the
content.
• A new public
folder store was
created and
associated with a
particular public
folder hierarchy. A
new public folder
store generates a
status request for
the hierarchy,
because a new
hierarchy folder (FID
1-1) was created.
• An existing
replica of a public
556
Replication Process
Public folder stores send replication messages to each other through e-mail. Therefore, there
must be an e-mail path between the public folder stores for replication messages to be
received. A thread runs continually in the Store.exe process, which polls for replication
events. Replication events occur at specific time intervals. When this timed event occurs, the
replication thread generates a new thread, which performs the specified replication task. The
following are the default replication time intervals:
Hierarchy Replication
A hierarchy replication message is generated whenever the hierarchy is modified. The
following are examples of hierarchy modification:
In this illustration, Folder 1, Folder 2, and Folder 3 are added to Server A. Server A then
replicates the hierarchy changes to Server B, so that Server B knows about these public
folders in the hierarchy. Users on Server B can now navigate through the hierarchy and select
any one of these folders, but only Server A has the contents of the public folders. When a
client attempts to access Folder 1, Folder 2, or Folder 3, Server B redirects the client to
Server A. Server A returns the content to the client, and the client can display the content.
The redirection process is transparent to the user.
Content Replication
Folder content replicates between individual replicas of folders. When folder content is
modified, the change is tracked with change numbers. When the replication interval is
reached, the changes are replicated to all other public folder stores that have a replica of the
folder.
In this illustration, Item 1 is posted to a folder on Server A, which has a replica on Server B.
The public folder store on Server A replicates the change to the public folder store on
Server B. Similarly, Items 2 and 3 are posted and replicated.
Backfilling
Folders remain synchronized throughout the backfill process. Folders backfill only when they
are missing content. Therefore, for a folder to issue a backfill request, it must first determine
that it missed an update. This is accomplished by determining a missing sequence in the
folder CNSets for individual folders.
Content backfill and hierarchy backfill both work in the same way. A hierarchy backfill is
issued when there is a gap in the CNSets for folder 1-1. A content backfill is requested for
gaps in any other folder.
558
The backfill process can take a long time, especially if a public folder store is down and
missed the original replication update and the subsequent status message. It might not
realize that it is missing content until further replication messages arrive.
Backfill Array
The backfill array is used to store pending backfill requests. When the public folder store
determines that a folder is out of sync, it writes an entry to the backfill array. This entry is a
pending request for the missing data from another replica of the folder. The entry stays in the
backfill array until it times out, at which point a backfill request is issued. The default backfill
timeouts are listed in the following table.
If the first backfill attempt is unanswered, subsequent backfill attempts wait longer before they
are sent. These times are extended to prevent unnecessary backfilling. The replication
message might be in transit, delayed, or waiting for a connector's schedule. If the backfill
timeout is too short, public folder stores start issuing backfill requests for messages already in
transit.
Replication Status
There are two categories of status messages: status requests, and status messages. A status
request message is sent from one public folder store to another to request the other public
folder store's current state of a particular folder. A status message is sent from one public
folder store to another to indicate the current state of a particular folder on the sending server.
If the status message indicates that the sending public folder store has more up-to-date
information about the folder, then the receiving store writes an entry to its backfill array to
request a backfill. If the CNSets are shown to be equal (or the receiving server is more
recent) no action is taken.
A public folder store generates a status message under the following two circumstances:
• 24 hours after the last local change to a folder This is a significant change
from previous versions of Exchange. When a change is made to a folder, an expiry
time for a status message is set on that folder. If another change is made to that
folder, the expiry time is reset to 24 hours.
After the expiry time is reached, a status message is generated for that folder. After this
occurs, the expiry time is cleared and no other status messages are generated for that folder
unless another change is made, which resets the expiry time to 24 hours.
The replication status thread timing can be altered with the following registry settings:
With the reduced number of status messages sent by Exchange Server 2003, it should not be
necessary to modify the default values. For more information on these settings, see Microsoft
Knowledge Base article 203170, "XADM: Controlling Public Folder Hierarchy Status
Messages."
• When a new public store is mounted for the first time When a public folder
store is mounted for the first time, it generates a hierarchy status request for folder 1-
1. (No content replicas can be assigned to this public folder store, so the only thing
that it is missing is the hierarchy). This triggers another public folder store to send a
status message for the hierarchy, which results in the addition of several entries in
the new server's backfill array. Shortly thereafter, backfill requests for the missing
changes are sent, causing other servers to send replication messages containing the
missing updates.
560
• When the replica list of a folder is changed When the replica list of a folder
changes, a status request message is generated. Adding a new replica, deleting a
replica, or a temporary replica re-home all generate status requests.
Adding a Replica
When a new replica is added to a folder, the following steps occur:
2. The server that was newly added as a replica sends a status request message to
all other content replica servers.
3. Because the newly added server has an empty CNSet, it is a strict subset of all
other content replica's CNSets, so they all respond with a status message.
4. Backfill entries are filed, backfill requests are sent to appropriate servers, and the
servers respond with content.
5. At any point after Step 1, other content replicas might send regular content
replication broadcasts to the new replica server.
Steps 1 and 2 might not always occur in the same order, depending in which public folder
store the original change was made. If the administrator makes the change on a server that
has a content replica, then the steps occur in the above order. If the administrator makes the
change on the server that hosts the new replica, Steps 1 and 2 might occur in the reverse
order.
561
Deleting a Replica
When a replica is removed from a server, the folder is not deleted immediately. Instead, the
folder is put in a delete pending state. When a folder is in a delete pending state, it cannot be
viewed by a client or administered. (Exchange System Manager does not show the folder on
the list of folders hosted on the public folder store.)
The delete pending state exists so that other replicas can replicate any missing data from it.
After the delete pending folder receives status messages from all other replicas, indicating
that the folders are synchronized, the deleted replica is removed. This process ensures that if
you change the sole replica of a folder from one server to another server, no content is lost.
2. A hierarchy message is replicated indicating the change in the folder's status (for
example, Active -> Delete Pending).
3. The server that hosts the Delete Pending folder sends a status request, which
requires a response.
4. A server with a replica responds to the status request with a status message. If
the status message indicates that CNSets are at least as current as the replica being
deleted, the public folder store proceeds to Step 5. Otherwise, it continues to send
status requests until it receives the correct response.
5. The folder being deleted has its state changed from delete pending to delete
now, and the folder is deleted.
Every time a replication message is sent, the CNSet from the replication state table for the
local replica of the folder is included with the message.
The replication state tables themselves do not replicate. Replication is generated by the data
from the CNSets. This is how public folder stores determine what data other replicas of a
folder contain.
562
Note:
Each server tracks updates from other servers using a replication ID (ReplID).
ReplIDs are calculated locally. Therefore, public folder stores do not have the same
ReplIDs across multiple servers.
system downtime. Second, server clusters simplify hardware and software maintenance. You
can perform a rolling upgrade by moving cluster resources, often referred to as virtual
servers, to alternate nodes and then performing hardware or software upgrades on the
original node. You can prevent downtime and simplify system maintenance by deploying
Microsoft Exchange Server 2003 in a Windows Server 2003 server cluster.
Note:
To install Exchange 2003 in a server cluster with up to eight nodes, you must use
Windows Server 2003 Enterprise Edition or Datacenter Edition, and Exchange
Server 2003 Enterprise Edition. You can find a feature comparison of the Windows
Server 2003 family of products at http://go.microsoft.com/fwlink/?LinkId=33135.
This section discusses the Windows Cluster service architecture, and the interaction between
Exchange Server 2003 Enterprise Edition and the Windows Cluster service. It includes
information on tasks that need to be performed on Exchange servers running in a server
cluster. The following topics are discussed in detail:
For more information about Windows clustering technologies, see Clustering Technologies.
566
Cluster resources may include physical hardware devices, such as disk drives and network
cards, and logical items such as IP addresses, network names, and application components.
Clusters also include common resources, such as external data storage arrays and private
cluster networks. Common resources are accessible by each node in the cluster. One
common resource is the quorum resource, which plays a critical role in cluster operations.
The quorum resource must be accessible for all node operations, including forming, joining or
modifying a cluster.
Server Clusters
Windows Server 2003 Enterprise Edition provides two types of cluster technologies for use
with Exchange Server 2003 Enterprise Edition. The first is Cluster services, which provide
failover support for back-end mailbox servers that require a high level of availability. The
second is Network Load Balancing (NLB), which complements server clusters by supporting
highly available and scalable clusters of front-end Exchange protocol virtual servers (for
example, HTTP, IMAP4, and POP3).
567
Server clusters use a shared-nothing model. Model types define how servers in a cluster
manage and use local and common cluster devices and resources. In the shared-nothing
cluster, each server owns and manages its local devices. Devices common to the cluster,
such as common disk arrays and connection media, are selectively owned and managed by
only one node at a time.
Server clusters use standard Windows drivers to connect to local storage devices and media.
Server clusters support multiple connection media for the external common devices, which
must be accessible by all servers in the cluster. External storage devices support standard
PCI–based SCSI connections, SCSI over Fibre Channel, and SCSI bus with multiple
initiators. Fibre connections are SCSI devices that are hosted on a Fibre Channel bus,
instead of on a SCSI bus.
The following figure illustrates components of a two-node server cluster, which is comprised
of servers running Windows Server 2003 Enterprise Edition, with shared storage device
connections using SCSI or SCSI over Fibre Channel.
• Support for dynamic creation and deletion of network names and addresses
• Modifications to the file system, to enable closing open files during disk drive
dismounts
Apart from these and other minor modifications, a server running the Windows Cluster
service runs identically to a server that is not running the Windows Cluster service.
Cluster service is at the core of server clusters. Cluster service is comprised of multiple
functional units, including Node Manager, Failover Manager, Database Manager, Global
Update Manager, Checkpoint Manager, Log Manager, Event Log Replication Manager, and
Backup/Restore Manager.
Persistent and volatile information stored in the configuration database tracks the current
and desired state of a cluster. Each instance of Database Manager running on each node
in the cluster cooperates to maintain consistent configuration information across the
cluster and to ensure consistency of the configuration database copies on all nodes.
Database Manager also provides an interface for use by other Cluster components, such
as Failover Manager and Node Manager. This interface is similar to the registry interface
of Microsoft Win32 APIs. However, the Database Manager interface writes changes
made to cluster entities in both the registry and in the quorum resource.
Database Manager supports transactional updates of the cluster registry hive and only
presents interfaces to internal Cluster service components. Failover Manager and Node
569
Manager typically use this transactional support to get replicated transactions. The
Cluster API presents all Database Manager functions to clients, with the exception of
transactional support functions. For additional information on the Cluster API, see Cluster
API on MSDN.
Note:
The application registry key data and changes are recorded by Checkpoint
Manager in quorum log files, in the quorum resource.
After the Cluster service receives batched events from the Event Log service, it drops the
events into a local outgoing queue and returns from the RPC. The event broadcaster
thread, in the Cluster service, then processes this queue and sends the events, using the
intra-cluster RPC, to all active cluster nodes. The server side API then drops the events
into an incoming queue. An event log writer thread then processes this queue and
requests, through a private RPC, that the local Event Log service write the events locally.
The Cluster service uses lightweight remote procedure call (LRPC) to invoke the Event
Log service's private RPC interfaces. The Event Log service also uses LRPCs to invoke
the Cluster API interface and then request that the Cluster service replicate events.
resource groups. To perform these actions, Failover Manager receives resource and
system state information from Resource Monitors and cluster nodes.
Failover Manager also decides which nodes in the cluster should own which resource
group. When resource group arbitration finishes, nodes that own an individual resource
group return control of the resources in the resource group to Node Manager. If a node
cannot handle a failure of one of its resource groups, Failover Managers on each node
work together to reassign ownership of the resource group.
If a resource fails, Failover Manager restarts the resource or takes the resource offline
together with its dependent resources. If Failover Manager takes the resource offline, it
indicates that the ownership of the resource will be moved to another node. The resource
is then restarted, under the ownership of the new node. This is referred to as failover, as
explained in the section "Cluster Failover" later in this topic.
• Global Update Manager Global Update Manager provides the global update
service that is used by cluster components. Global Update Manager is used by
internal cluster components, such as Failover Manager, Node Manager, and
Database Manager, to replicate changes to the cluster database across nodes.
Global Update Manager updates are typically initiated as a result of a Cluster API
call. When a Global Update Manager update is initiated at a client node, it first
requests a locker node to obtain a global lock. If the lock is not available, the client
waits for one to become available.
When the lock is available, the locker grants the lock to the client, and issues the update
locally (on the locker node). The client then issues the update to all other healthy nodes,
including itself. If an update succeeds on the locker, but fails on some other node, that
node will be removed from the current cluster membership. If the update fails on the
locker node itself, the locker merely returns the failure to the client.
• Log Manager Log Manager writes changes to recovery logs that are stored on
the quorum resource. Log Manager, together with Checkpoint Manager, ensures that
the recovery log on the quorum resource contains the most recent configuration data
and change checkpoints. If one or more cluster nodes are down, configuration
changes can still be made to the remaining nodes. While these nodes are down,
Database Manager uses Log Manager to log configuration changes to the quorum
resource.
When failed nodes return to service, they read the location of the quorum resource from
their local cluster registry hives. Because the hive data could be stale, mechanisms are in
place to detect invalid quorum resources read from a stale cluster configuration
database. Database Manager then requests that Log Manager update the local copy of
the cluster hive, using the checkpoint file in the quorum resource. The log file is then
replayed in the quorum disk, starting from the checkpoint log sequence number. The
result is a completely updated cluster hive. Cluster hive snapshots are taken whenever
the quorum log is reset and once every four hours.
571
If a cluster node detects a communication failure with another cluster node, it transmits a
multicast message to the entire cluster. This regroup event causes all members to verify
their view of the current cluster membership. During the regroup event, the Cluster
service prevents write operations to any disk devices common to all nodes in the cluster,
until the membership stabilizes. If an instance of Node Manager on an individual node
does not respond, the node is removed from the cluster, and its active resource groups
are moved to another active node. To make this change, Node Manager identifies
possible owners (nodes) that may own individual resources and the node on which a
resource group prefers to run. Node Manager then selects the node and moves the
resource group. In a two-node cluster, Node Manager simply moves resource groups
from a failed node to the remaining node. In a cluster comprised of three or more nodes,
Node Manager selectively distributes resource groups among the remaining nodes.
Node Manager also acts as a gatekeeper, allowing joiner nodes into the cluster and
processing requests to add or evict a node.
Resource Monitors provide the communication interface between resource DLLs and the
Cluster service. When the Cluster service must obtain data from a resource, Resource
Monitor receives the request and forwards it to the appropriate resource DLL. Conversely,
when a resource DLL must report its status or notify the Cluster service of an event,
Resource Monitor forwards the information from the resource to the Cluster service.
Each Resource Monitor functions as an LRPC server for the Cluster service process.
When the Cluster service receives a Cluster API call that requires talking to a resource
DLL, it uses the LRPC interface to invoke the Resource Monitor RPC. To receive
responses from Resource Monitor, the Cluster service creates one notification thread per
Resource Monitor process. This notification thread invokes an RPC that is located
permanently in Resource Monitor. The thread acquires notifications when they are
generated. The thread is released only when Resource Monitor fails or when the thread is
manually stopped by a shutdown command from the Cluster service.
Resource Monitor does not maintain a persistent state on its own. It retains a limited, in-
memory state of the resources, but all of its initial state information is supplied by the
Cluster service. Resource Monitor communicates with the resource DLLs through well-
defined entry points that the DLLs must present. Resource Monitor completes the
following operations on its own:
• It polls resource DLLs through the IsAlive and LooksAlive entry points,
alternately checking failure events signaled by resource DLLs.
• It detects crashes of the Cluster service and shuts down the resources.
Its other actions occur as a result of operations requested by the Cluster service through
the RPC interface. No hang detection is perfomed by the Cluster service. The Cluster
service does, however, monitor crashes, and it restarts a monitor if it detects a process
crash.
The Cluster service and Resource Monitor process share a memory-mapped section
backed by the paging file. The handle to the section is passed to Resource Monitor at
Resource Monitor startup. Resource Monitor then duplicates the handle and records the
entry point number and resource name into this section immediately before calling a
resource DLL entry point. If Resource Monitor crashes, the Cluster service reads the
shared section to detect the resource and the entry point that caused the crash.
The Cluster service also registers itself at startup as a backup writer with Volume Shadow
Copy service. When a backup client invokes the Volume Shadow Copy service to
perform a system state backup, it also invokes the Cluster service, through a series of
entry point calls, to perform the cluster database backup. The server code in the Cluster
573
service invokes the Failover Manager to perform the backup, and the rest of the
operation occurs via the BackupClusterDatabase API.
The Cluster service uses the RestoreClusterDatabase API to restore the cluster database
from a backup path. This API can only be invoked locally from one of the cluster nodes.
When the RestoreClusterDatabase API is invoked, it stops the Cluster service, restores
the cluster database from the backup, sets a registry value that contains the backup path,
and then re-starts the Cluster service. On startup, the Cluster service detects that a
restore is requested and restores the cluster database from the backup path to the
quorum resource.
Cluster Failover
Failover can occur automatically because of an unplanned hardware or software failure, or it
can occur as the result of manual initiation by an administrator. The algorithm and behavior in
both situations is almost identical. However, in a manually initiated failover, resources are
shut down in an orderly way; whereas in unplanned failovers, resources are shut down in a
sudden and disruptive way (for example, the power goes out, or a crucial hardware
component fails).
When an entire node in a cluster fails, its resource groups transfer to one or more available
nodes in the cluster. Automatic failover is similar to planned administrative reassignment of
resource ownership. However, it is more complicated, because the orderly steps of a planned
shutdown might be interrupted or might not have occurred at all. Therefore, extra steps are
required to evaluate the state of the cluster at the time of failure.
In clusters with more than two nodes, the node preference list for each resource group can
specify a preferred server, plus one or more prioritized alternatives. This enables cascading
failover, in which a resource group can survive multiple server failures, each time cascading,
or failing over to the next server on its node preference list.
An alternative to automatic failover, is commonly called N+I failover. This method establishes
the node preference lists for all cluster groups. The node preference list identifies the standby
cluster nodes, to which resources are moved at the first failover. The standby nodes are
servers in the cluster that are mostly idle or that have workloads that can be easily pre-
empted if a failed server's workload must be moved to the standby node.
574
Cascading failover assumes that every other server in the cluster has some excess capacity
and can absorb a portion of any other failed server's workload. N+I failover assumes, that the
+I standby servers are the primary recipients of excess capacity.
Cluster Failback
When a node comes back online, Failover Manager can decide to move one or more
resource groups back to the recovered node. This is referred to as failback. The properties of
a resource group must have a preferred owner defined to fail back to a recovered or restarted
node. Resource groups for which the recovered or restarted node is the preferred owner are
moved from the current owner to the recovered or restarted node.
Failback properties of a resource group can include the hours of the day during which failback
is allowed and a limit on the number of times failback is attempted. This enables the Cluster
service to prevent failback of resource groups during peak processing times or to nodes that
have not been correctly recovered or restarted.
Cluster Quorum
Each cluster has a special resource referred to as the quorum resource. A quorum resource
can be any resource that does the following:
A quorum log is a configuration database for the entire server cluster. The quorum log
contains cluster configuration information, such as the servers that are part of the cluster, the
resources that are installed in the cluster, and the state of those resources (for example,
online or offline).
allowing the partition that owns the quorum to continue, while the other partitions are
evicted from the cluster.
Standard Quorum
As mentioned earlier in this section, the quorum is a configuration database for the Cluster
service that is stored in the quorum log file. A standard quorum uses a quorum log file,
located on a disk hosted in the shared storage array, which is accessible by all members of
the cluster.
Each member connects to the shared storage using SCSI or Fibre Channel. Storage is made
up of external hard disks (usually configured as RAID disks) or a SAN, in which logical slices
of the SAN are presented as physical disks.
Note:
It is important that the quorum uses a physical disk resource, rather than a disk
partition, because the entire physical disk resource is moved during failover.
Furthermore, it is possible to configure server clusters to use the local hard disk on a
server to store the quorum. This type of implementation, referred to as a lone wolf
cluster, is supported only for testing and development purposes. Lone wolf clusters
should not be used to cluster Exchange 2003 in a production environment because,
being singular, they are incapable of providing failover.
The MNS quorum makes sure that most nodes have an up-to-date copy of the data. The
Cluster service starts up and brings resources online only if a majority of the nodes that are
configured as part of the cluster are up and are running the Cluster service. If the MNS
quorum determines that a majority does not exist, the cluster is considered not to have
quorum, and the Cluster service waits in a restart loop until more nodes try to join. When a
majority or quorum of nodes is available, the Cluster service starts and brings the resources
online. Because the up-to-date configuration is written to a majority of the nodes, regardless
of node failures, the cluster always guarantees that it has the most current configuration at
startup.
576
If a cluster failure occurs, or if the cluster somehow enters a split-cluster scenario, all
partitions that do not contain a majority of nodes are taken offline. This ensures that if there is
a partition running that contains a majority of the nodes, it can safely start any resources that
are not running on that partition, because it is the only partition in the cluster that is running
resources.
Because of the differences in the way the shared disk quorum clusters behave compared to
MNS quorum clusters, you must consider carefully when deciding which model to use. For
example, if you have only two nodes in your cluster, the MNS model is not recommended. In
this instance, failure of one node leads to failure of the entire cluster, because a majority of
nodes is impossible.
Majority node set (MNS) quorums are available in Windows Server 2003 Enterprise Edition
and Windows Server 2003 Datacenter Edition clusters. The only benefit that MNS clusters
provide for Exchange clusters is to eliminate the need for a dedicated disk in the shared
storage array on which to store the quorum resource.
Cluster Resources
The Cluster service manages all resource objects using Resource Monitors and resource
DLLs. The Resource Monitor interface provides a standard communication interface that
enables the Cluster service to initiate resource management commands and obtain resource
status data. The Resource Monitor obtains actual command functions and data through
resource DLLs. The cluster Service uses resource DLLs to bring resources online, manage
their interaction with other resources in the cluster, and monitor their health.
To enable resource management, a resource DLL uses a few simple resource interfaces and
properties. Resource Monitor loads a particular resource DLL in its address space, as
privileged code running under the SYSTEM account. The SYSTEM account (that is,
LocalSystem), is a security principal account that represents the operating system. The
Cluster service, which runs under a user security context, uses the SYSTEM account to
perform security functions within the operating system.
Resources are taken offline in a similar manner. The Cluster service takes resources offline
only after any dependent resources are taken offline. This prevents introducing circular
dependencies when loading resources.
Each resource DLL can also define the type of computer and device connection required by
the resource. For example, a disk resource may require ownership only by a node that is
physically connected to the disk device. Local restart policies and desired actions during
failover events can also be defined in the resource DLL.
577
Cluster Administration
Clusters are managed using Cluster Administrator. Cluster Administrator is a graphical
administrator's tool that enables the Cluster.exe command line tool to perform maintenance,
monitoring, and failover administration. Server clusters also provide an automation interface.
This interface can be used to create custom scripting tools for administering cluster
resources, nodes, and the cluster itself. Applications and administration tools, such as Cluster
Administrator, can access this interface using RPCs, whether the tool is running on a node in
the cluster or on an external computer.
Creating a Cluster
Server clusters include a cluster installation utility that is used to install the cluster software on
a server and create a new cluster. To create a new cluster, the utility is run on the computer
selected as the first member of the cluster. This first step defines the new cluster by
establishing a cluster name, and creating the cluster database and initial cluster membership
list.
The next step in creating a cluster is to add the common data storage devices that will be
available to all members of the cluster. This establishes the new cluster with a single node
and its own local data storage devices and cluster common resources (generally disk or data
storage and connection media resources).
The final step in creating a cluster is to run the installation utility on each additional computer
that will be a member of the cluster. As each new node is added to the cluster, it automatically
receives a copy of the existing cluster database from the original member of the cluster.
When a node joins or forms a cluster, the Cluster service updates the node's private copy of
the configuration database.
Forming a Cluster
A server can form a cluster if it is running the Cluster service and cannot locate other nodes in
the cluster. To form the cluster, a node must be able to acquire exclusive ownership of the
quorum resource.
When a cluster is formed, the first node in the cluster contains the cluster configuration
database. As each additional node joins the cluster, it receives and maintains its own local
578
copy of the cluster configuration database. The quorum resource stores the most current
version of the configuration database as recovery logs. The logs contain node-independent
cluster configuration and state data.
During cluster operations, the Cluster service uses the quorum recovery logs to do the
following:
• Guarantee that only one set of active nodes is allowed to form a cluster
• Enable a node to form a cluster only if it can gain control of the quorum resource
When a cluster is formed, each node in the cluster can be in one of three distinct states.
These states are recorded by Event Processor (described below) and replicated by Event
Log Manager to other nodes in the cluster. The three Cluster service states are as follows:
• Offline The node is not an active member of the cluster. The node and its
Cluster service might or might not be running.
• Paused The node is an active member of the cluster. The node adheres to
cluster database updates, contributes input into the quorum algorithm, and maintains
network and storage heartbeats, but it cannot accept resource groups. It can support
only those resource groups that it currently owns. The paused state enables
maintenance to be performed. Online and paused states are treated as equivalent
states by the majority of the server cluster components.
Joining a Cluster
To join an existing cluster, a server must be running the Cluster service, and it must
successfully locate another node in the cluster. After finding another node in the cluster, the
joining server must be authenticated for membership in the cluster and must receive a
replicated copy of the cluster configuration database.
The process of joining an existing cluster begins when Windows Service Control Manager
starts the Cluster service on the node. During the startup process, the Cluster service
configures and mounts the node's local data devices. It does not attempt to bring the
common cluster data devices online as nodes, because the existing cluster might be using
the devices.
To locate other nodes, a discovery process is started. When the node discovers any member
of the cluster, it performs an authentication sequence. The first cluster member authenticates
the new node and returns a status of success if the new node is successfully authenticated. If
579
After successful authentication, the first node online in the cluster checks the copy of the
configuration database of the joining node. If it is out-of-date, the cluster node sends the
joining server an updated copy of the database. After receiving the replicated database, the
node joining the cluster can use it to find shared resources and bring them online as needed.
Leaving a Cluster
A node can leave a cluster when it shuts down or when the Cluster service is stopped.
However, a node can also be evicted from a cluster when the node fails to perform cluster
operations (such as failure to commit an update to the cluster configuration database).
Failure Detection
Failure detection and prevention are key benefits provided by server clusters. When a node
or application in a cluster fails, server clusters can respond by restarting the failed application
or distributing the work from the failed system to remaining nodes in the cluster. Server
cluster failure detection and prevention include bi-directional failover, application failover,
parallel recovery, and automatic failback.
When the Cluster service detects failures of individual resources or an entire node, it
dynamically moves and restarts application, data, and file resources on an available, healthy
server in the cluster. This allows resources such as database, file shares, and applications to
remain highly available to users and to client applications.
Server clusters are designed with two different failure detection mechanisms:
communicate with the surviving nodes. If the node is unable to respond, it is removed
from the cluster.
The failure detection algorithm is very conservative. If the cause of the heartbeat
response failure is temporary, it is best to avoid the potential disruption a failover might
cause. However, there is no way to know whether the node will respond in another
millisecond, or if it suffered a catastrophic failure. Therefore, a failover is initiated after a
timeout period.
Failover Manager maintains resources and resource group status. It also performs
recovery when a resource fails and invokes Resource Monitors in response to user
actions or failures.
After a resource failure is detected, Failover Manager performs recovery actions that
include restarting a resource and its dependent resources, or moving the entire resource
group to another node. The recovery action that is taken is determined by resource and
resource group properties, in addition to node availability.
During failover, the resource group is treated as the unit of failover. This ensures that
resource dependencies are correctly recovered. When a resource recovers from a failure,
Resource Monitor notifies Failover Manager. Failover Manager then performs automatic
failback of the resource group, based on the configuration of the resource group failback
properties.
When you install Exchange on a cluster node, the Exchange Setup program copies the
program files to the local disk of the cluster node. In a cluster with two nodes, such as Node A
and Node B, Setup copies the Exchange program files to the hard disk of Node A. You then
run Setup a second time to install the Exchange program files on the local hard disk of the
second node.
After the Exchange program files are copied to the hard disks of each node, you then
configure a resource group for the Exchange resources. As mentioned earlier, a resource
group is defined as a logical container that holds resources for an instance of Exchange
Virtual Server. This Exchange Virtual Server instance has many of the same resources that
physical Exchange servers have, such as:
• A network name
• An IP address
After you create a minimum of the above Exchange Virtual Server resources, you must create
a System Attendant resource. System Attendant creates the additional resources that
compose an Exchange Virtual Server. These resources can be taken offline, which mimics
the stopping of the service, or brought online, which mimics the starting of the service. You
can also change the current resource owner (the cluster node). For example, you can
configure Node B to own and run this resource instead of Node A.
The System Attendant resource is always created manually. Other Exchange service-related
resources are automatically created after you create the System Attendant resource. On
completion, these changes are written to the Microsoft Active Directory® directory service
and an object for this Exchange-based server is listed in the Servers container of your
administrative group.
Note:
Exchange Server 2003 introduced several security-related changes that harden the
security model compared to that of Exchange 2000 Server. For example, when you
create an Exchange Server 2003 virtual server in a cluster environment, IMAP4 and
the POP3 cluster resources are not created by default. If you want to use these
services on a cluster, you must start the appropriate service on the cluster node, and
then manually create the resource. For more information, see Microsoft Knowledge
Base article 824127, "HOW TO: Create an IMAP4 or a POP3 Cluster Resource on an
Exchange Server 2003 Virtual Server."
Active/Active Clusters
Exchange 2003 supports active/active clustering for two-node clusters. Clusters with more
than two nodes must use active/passive clustering. In an active/active Exchange cluster,
there are multiple Exchange Virtual Servers that can be moved, with certain restrictions,
between the different nodes that belong to the cluster and can simultaneously run on one
node.
In most cases, each Exchange Virtual Server in the cluster runs on a separate node. If
hardware fails or a node is taken offline, the other node detects the change and takes actions
according to configured failover policies. Generally, this means that the remaining node
assumes ownership of the Exchange Virtual Server that was running on the first node. In a
two-node cluster (for example, Node A and Node B), when Node A is offline, Node B
assumes ownership of the Exchange Virtual Server. Node B then has ownership of both
shared disk systems, both IP addresses, both network names, and all other Exchange
resources in the cluster. When Node A is back online, failback action might or might not be
taken, depending on the configured failback policies.
Although active/active clusters are supported, you should use active/passive Exchange
clusters for the following reasons:
For more information about clustering with Windows Server 2003 and Exchange 2003, see
Using Clustering with Exchange 2003: An Example.
Active/Passive Clusters
In an active/passive cluster, clients connect to an Exchange Virtual Server that is currently
owned by one node of the cluster (for example, Node A). The node has control over the
shared disk system that contains the Exchange databases. If Node A experiences a hardware
failure or otherwise goes offline, Node B detects this failure and takes ownership of Exchange
Virtual Server and all its associated resources.
In the active/passive cluster model, applications run as a single instance in a cluster. This
means that one node typically sits idle (passive) until a failover occurs. In the context of
Exchange 2003 clusters, active/passive clustering indicates that the number of Exchange
Virtual Servers in the cluster is fewer than the number of physical nodes in the cluster. An
example of the active/passive cluster model is shown in the following figure.
Active/passive is the strongly preferred clustering model for Exchange 2003. Active/passive
cluster configurations are highly scaleable and have less administrative overhead than
active/active clusters for several reasons:
Resource Dependencies
As shown in the figure below, Exchange-related resources are directly dependant on the
System Attendant resource. The System Attendant resource is in turn dependent on the
Physical Disk, and Network Name resources, and the Network Name resource is dependent
on the IP Address resource. In the case where an Exchange Virtual Server includes multiple
Physical Disk resources, the System Attendant resource must have a dependency on all of
them.
These resources are created when you create the System Attendant resource. To delete the
server and its object from Active Directory, you remove Exchange Virtual Server using Cluster
Administrator. The IsAlive call to System Attendant checks Service Control Manager to obtain
the immediate state of System Attendant.
Although the MTA is an active/passive resource, it serves all virtual servers in the cluster
while it is online. The IsAlive call to the message transfer agent checks Service Control
Manager to obtain the immediate state of the MTA.
587
Protocols
The IsAlive call acts the same way for all protocols. EXRES.DLL opens a TCP port to the
protocol by using the bindings that are provided from the Internet Information Service (IIS)
metabase. It waits for a response in the form of a banner. If the start of the banner matches
the expected value, the resource is considered to be online. If the banner is not returned
before the time-out period, the Cluster service determines that the protocol virtual server is
unavailable, and the IsAlive call is unsuccessful.
None of the protocols may be set to reject all connections from all servers, or the protocol
virtual server will reject IsAlive calls from itself. Because of this, each protocol virtual server
must accept connections from its own IP address. For the HTTP protocol, EXRES.DLL sends
a WebDAV Track command to obtain a response.
When an Exchange Virtual Server is taken offline, all instances of the SMTP protocol virtual
server on the node are briefly stopped and restarted to make sure that the store driver is
correctly registered. This means that the SMTP resources of all Exchange Virtual Servers on
the node quickly go offline and restart. The SMTP resource does not restart automatically if
the do not restart option is selected in its properties.
Microsoft Search
The MSSearch resource provides content indexing for Exchange Virtual Server. The IsAlive
call to the MSSearch process returns a pointer to the data structure for the database that is
being indexed. If the pointer is valid, the resource is determined to be working correctly.
To re-create the MSSearch resource after it is deleted, you must delete and then re-create
the Microsoft Exchange Information Store service resource for that Exchange Virtual Server.
For more information, see Microsoft Knowledge Base article 830189, "Exchange Server 2003
computer cannot bring the Microsoft Search resource online."
In a cluster, the Cluster service is responsible for starting and stopping Exchange services
through EXRES.DLL. Because of this, an administrator should not stop a service from the
command-line, the Windows Services snap-in, a Resource Kit tool, or a third-party
application. When you stop a service outside of the Cluster, the IsAlive call to that service
fails, causing the Cluster service to attempt a restart of the stopped service. The IsAlive
function returns the last value that was pooled from the resource health-monitoring thread.
The LooksAlive function has the same implementation as IsAlive. The LooksAlive function is
not called, because the EXRES.DLL provides resource-failure event handles to the cluster
Resource Monitor that indicates when a resource fails. The health-monitoring thread checks
resources every ten seconds. This resource check cannot be configured. EXCLUADM.DLL
provides the interface associated with Exchange and cluster-specific wizards.
ExchangeOpen/ExchangeClose Functions
The ExchangeOpen and ExchangeClose functions are called whenever the Exchange
resources are moved to the current node. Inside the ExchangeOpen functions, memory is
initialized or allocated for the basic information of the resource. These functions also handle
the loading and unloading of DLL files that are used by the Resource DLL. This process is
controlled by reference counters.
589
For the OfflineWrapperThread, if the ExchangeOffline thread does not return in the
PendingTimeOut limit for the Store, System Attendant, and MTA resources, Resource Monitor
ends the corresponding process.
To prevent situations in which RPCs hang, these two worker threads create the real
online/offline thread. The wrapper threads act as monitors for the online/offline thread and
use timers to monitor the operation of the online/offline thread. If the online/offline thread
does not return in the PendingTimeOut value that was set in Cluster Administrator, the
wrapper thread determines that the operation is unsuccessful, and sets the resource's state
as failed. It then returns an error. The only exceptions to this behavior are for upgrade
operations or for store resource online operations. In these two cases, the wrapper thread
waits for an upgrade to complete or for a store resource to go online without timing out.
• Protocol Resources Protocol resources set the command bit in the IIS
metabase, and then start the service, if it has not already started. The corresponding
service picks up the command and starts or stops the virtual server. The only
exception to this is the SMTP virtual server. In this case, the whole SMTP service
must be stopped when a virtual server instance is taken offline. The IsAlive function
checks for other virtual servers running on the same physical computer, detects that
the underlying SMTP service is stopped, and then restarts the virtual server.
the status of that resource. The first thread, named ExchangeIsAliveMonitor, checks the
status of the resource every ten seconds by waking the second thread, named
ExchangeCheckIsAliveWrapper. ExchangeCheckIsAliveWrapper performs the actual IsAlive
checking. If the ExchangeCheckIsAliveWrapper thread does not return in the
PendingTimeOut limit, or if the IsAlive check is unsuccessful, the ExchangeIsAliveMonitor
thread signals a failure event for the particular resource to Resource Monitor. The
ExchangeIsAlive function returns the status of the last IsAlive check.
ExchangeTerminate
This function ends the existing ExchangeIsAliveMonitor thread. For the Exchange store,
System Attendant, and MTA resources, it also performs the corresponding offline procedure
to make sure that the database is dismounted. If the offline procedure does not complete
successfully in the PendingTimeOut limit, EXRES.DLL also terminates the corresponding
process.
Creating Resources
The user creates a resource first, and then creates a call to EXCLUADM.DLL, prompting for
information. EXCLUADM.DLL obtains the required information for the resource and passes it
to the Cluster service. Resource Monitor creates a call to the ExchangeResourceControl
function in EXRES.DLL. This call contains the information that was passed from
EXCLUADM.DLL and Clusctl_Resource_Set_Private_Properties as the control code.
ExchangeSetPrivateResProperties is used to handle this control code. It first saves the
information to the cluster database under the Parameters registry key for that resource, and
then makes a call to EXSETDATA.DLL to have EXSETDATA.DLL create objects in
Acitve Directory. In some cases, a problem might occur and some configuration information
might be modified in Exchange System Manager, without synchronizing the changes with the
cluster database.
Cluster-Specific Configurations
The following sections describe configuration changes that must be made to support
operations of certain components when running in an Exchange cluster. When Exchange is
installed in a clustered environment, you must perform some common Exchange tasks
differently than you would for an Exchange server that is installed in a non-clustered
environment.
591
Exchange MTA
By default, an Exchange 2003 server monitors the MTA service. In a cluster environment,
MTA runs only on one of the physical nodes (computers). As a result, the monitoring process
will report that any nodes not running the MTA service are in an error state. This, in turn, can
cause problems if Exchange 2003 is installed in a cluster with two or more Exchange Virtual
Servers.
To prevent the monitoring process from incorrectly reporting that Exchange Virtual Servers
that are not running the MTA service are in an error state, you should disable MTA monitoring
on the second Exchange Virtual Server (and if applicable, any other additional Exchange
Virtual Servers) of a cluster. For detailed steps, see How to Disable MTA Monitoring on an
Exchange Virtual Server.
Note:
You do not need to disable MTA monitoring on the first Exchange Virtual Server of a
cluster.
To reliably configure IIS SMTP logging, you must specify a folder on a shared disk. For
detailed instructions, see How to Enable SMTP Logging and Log the Files to a Shared Disk.
AntiAffinityClassNames
One of the limitations of Windows 2000-based server clusters is that they have no
mechanism for a conditional failover. For example, you cannot configure an Exchange Virtual
Server to move to one node when one failure occurs and to a different node when another
failure occurs. Nor can you configure an Exchange Virtual Server to fail over to a second
node in the event that the first node is too busy. In Windows Server 2003 clusters, this
limitation is addressed with a new cluster group property named AntiAffinityClassNames. The
value for this property is any arbitrary string. However, this string is often program-specific.
For example, Exchange 2003 sets this value to Microsoft Exchange Virtual Server.
resource fails, the cluster failover manager determines if resource groups on any one of the
other nodes, designated as possible owners of the Exchange Virtual Server, have Microsoft
Exchange Virtual Server set as the value for the AntiAffinityClassNames property. Only
nodes that currently contain an Exchange Virtual Server have this value set. Therefore, a
node without this value is the best possible destination for the group with the failed resource.
The following scenarios demonstrate how the AntiAffinityClassNames property can be used:
• The property can be used in an N+1 Exchange server cluster. In this case,
Exchange should set up each group that supports a partition with the
AntiAffinityClassNames property set to an Exchange-specific value (the same value
for each group). If there is a failure, the failover manager can attempt to keep the
partitions apart by selecting nodes that do not contain groups with the same
AntiAffinityClassNames value of Exchange Virtual Server.
• The property can be used in a server consolidation in which there are multiple
programs that should be kept apart. In these cases, the groups that represent the
various programs should be manually modified with the same value in the
AntiAffinityClassNames property.
This property can only be configured using the CLUSTER.EXE command-line tool. An
example of the proper syntax for the example that is listed in the first preceding scenario is:
Location HKLM\Cluster\Groups\<Guid>\
Value AntiAffinityClassNames
Type REG_MULTI_SZ
After this property is set, failover and failback policies are configured using the Best Possible
option in Cluster Administrator, instead of specifying specific nodes for a policy. For more
information, see Microsoft Knowledge Base article 299631, "Failover Behavior on Clusters of
Three or More Nodes."
more than two nodes present in the cluster, you cannot encounter a scenario in which a
single Store.exe process must cope with multiple public MAPI information stores from the
same TLH. Therefore, with Exchange 2003 Service Pack 1, the existing public MAPI
information store limitation in the cluster is removed. Installations running SP1 or later are
restricted to one public MAPI information store per Exchange Virtual Server (the same
restriction that is imposed on stand-alone Exchange 2003 servers).
Eseutil
You must give special consideration when you run the Eseutil database integrity utility with
the /CC switch. This switch is used to perform a hard recovery of an Exchange information
store. Hard recovery is the process through which you apply transaction logs and database
patch files to a database that has been restored from online backup. For more information,
see Microsoft Knowledge Base article 266689, "XADM: The 'ESEUTIL /CC' Command Does
Not Work on Cluster Server."
Installing Updates
Before installing any updates on your Exchange cluster nodes, read the README file that is
included with the service pack, hotfix, or update. In most cases, the passive node of the
cluster is updated first. Exchange Virtual Servers are then moved to the passive node, and
then the other node is updated. You should never install any update on more than one node
at a time.
become more familiar with Cluster Administrator—the primary tool used to configure and
manage clusters.
Note:
Before performing the cluster administration tasks outlined in this chapter, you must
be familiar with the clustering concepts described in "Checklist: Preparation for
installing a cluster" in the Microsoft Windows Server™ 2003 Enterprise Edition Online
Help and in the Windows Server 2003 Technical Reference.
Also, make sure that you are familiar with "Using Server Clustering" in Planning an Exchange
Server 2003 Messaging System and with "Deploying Exchange 2003 in a Cluster" in the
Exchange Server 2003 Deployment Guide.
Procedure
To disable MTA monitoring on an Exchange Virtual Server
1. In Exchange System Manager, in the console tree, expand Servers, right-
click the appropriate Exchange Virtual Server, and then click Properties.
2. In the <Server Name> Properties dialog box, click the Monitoring tab.
Procedure
To enable SMTP logging and log the files to a shared disk
1. In Exchange System Manager, in the console tree, expand Servers, and then
expand the server on which you want to enable IIS logging for SMTP.
3. In the console tree, right-click Default SMTP Virtual Server, and then click
Properties.
4. In the Default SMTP Virtual Server Properties dialog box, on the General
tab, click Enable logging, and then click Properties.
This topic explains how to use Exchange System Manager to create an HTTP virtual server.
Procedure
To create an HTTP virtual server in Exchange System Manager
1. Open Exchange System Manager.
2. In the console tree, expand Servers, expand the server that you want to
configure as a back-end server, and then expand Protocols.
3. Right-click HTTP, point to New, and then click HTTP Virtual Server.
4. In Properties, in the Name box, type the name of your front-end server.
6. In Advanced, under Identities, select the default entry, and then click
Modify.
8. In the Host name box, type the host header of the front-end server. This is
the name by which the clients access the front-end server. The host header for
the Exchange Virtual Server must map to the host header on the front-end
server.
Note:
Client requests to the front-end server use a specific host, such as
http://mail.contoso.com. A virtual server on the front-end must have the
"mail.contoso.com" host header configured. The front-end server then
proxies the request to the back-end server, which must also have the host
header configured on a virtual server.
597
9. Verify that TCP port is set to 80, and then click OK.
10. In Advanced, if you want to add an additional identity, click Add, and
perform Steps 6 through 8 again.
Note:
Consider adding several identities to the virtual server that list all the ways
that a user might access the front-end server. For example, if a front-end
server is used both internally and externally, consider listing both a host
name and a fully qualified domain name, such as "mail" for internal access
and "mail.contoso.com" for external access.
11. In Advanced, click OK twice to create the new HTTP virtual server.
Before you can create a virtual directory, you must create an HTTP virtual server in Exchange
System Manager. For detailed instructions, see How to Create an HTTP Virtual Server in
Exchange System Manager. After you create the HTTP virtual server, you must add virtual
directories to the back-end server(s) that match the virtual directories configured on the front-
end server. A typical Exchange installation contains virtual directories called Exchange and
Public. In Exchange System Manager, virtual directories of HTTP virtual servers appear as
child objects of the HTTP virtual server.
Procedure
To create virtual directories for an Exchange Virtual Server in a Windows Server
cluster
1. Open Exchange System Manager
2. In the console tree, expand Servers, expand the server that you want to
configure as a back-end server, expand Protocols, and then expand HTTP.
3. Right-click <HTTP Virtual Server Name>, point to New, and then click
Virtual Directory.
5. Under Exchange Path, the Mailboxes for SMTP domain option is selected
by default. Keep this setting, because users use the Exchange virtual directory
to access their Exchange mailboxes. Click OK to create the first virtual directory.
6. In the console tree, right-click <HTTP Virtual Server Name> again, point to
New, and then click Virtual Directory.
8. Under Exchange Path, click Public folder, and then click Modify.
12. If there are additional virtual directories configured on your front-end server,
you must also create those virtual directories. To create additional virtual
directories, repeat Steps 5 through 10 for each virtual directory.
Procedure
To create an HTTP virtual server resource for an Exchange Virtual Server in a
Windows Server cluster
1. Open Cluster Administrator.
2. Right-click the Exchange Virtual Server, point to New, and then click
Resource.
3. The New Resource Wizard starts. In the Name box, type Exchange HTTP
Virtual Server - (<EVSName>), where EVSName is the name of the front-end
server.
5. In Possible Owners, under Possible owners, verify that all nodes are
displayed, and then click Next.
7. In Virtual Server Instance, in the Server Instance list, select the newly
created HTTP virtual server for the resource, and then click Finish.
8. In Cluster Administrator, right-click the HTTP virtual server instances you just
created, and then click Bring Online.
Copyright
The information contained in this document represents the current view of Microsoft
Corporation on the issues discussed as of the date of publication. Because Microsoft must
respond to changing market conditions, it should not be interpreted to be a commitment on
the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information
presented after the date of publication.
601
Complying with all applicable copyright laws is the responsibility of the user. Without limiting
the rights under copyright, no part of this document may be reproduced, stored in or
introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express
written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you
any license to these patents, trademarks, copyrights, or other intellectual property.
Unless otherwise noted, the companies, organizations, products, domain names, e-mail
addresses, logos, people, places, and events depicted in examples herein are fictitious. No
association with any real company, organization, product, domain name, e-mail address,
logo, person, place, or event is intended or should be inferred.
Microsoft, MS-DOS, Windows, Windows Server, Windows Vista, Active Directory, ActiveSync,
ActiveX, Entourage, Excel, FrontPage, Hotmail, JScript, Microsoft Press, MSDN, MSN,
Outlook, SharePoint, Visual Basic, Visual C++, Visual Studio, Win32, Windows Mobile,
Windows NT, and Windows Server System are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries.