Configuring Exchange Server Settings

Configuring Exchange Server Settings

Chapter 2, 'Managing an Exchange Organization,' focused on how to apply settings globally within your organization, how to use and manage administrative groups, and how to use system policies to administer groups of servers consistently.

This chapter shifts the focus from the organization-specific settings to server-specific settings. It provides you with information about how to configure settings on individual Exchange servers in your organization. Individual server settings that you can configure include enabling message tracking, configuring language support for clients, scheduling Mailbox Management processes, troubleshooting specific issues with diagnostic logging, using public folder referrals and Directory Access options, and other settings that are important to managing your Exchange server.

Although this chapter does not cover them, you can also manage protocol settings, services, and backup and restore processes on an individual server basis. For more information about:

Configuring protocols, see Chapter 5, 'Understanding and Configuring Message Routing and Transport,' and Chapter 6, 'Managing Client Access to Exchange.'

Exchange services, see Appendix B, 'Services Used by Exchange.'

Backup and restore practices, see Chapter 7, 'Managing Mailbox Stores and Public Folder Stores.'

Configuring Server-Specific Settings

When you configure server-specific settings, you use the Properties dialog box (see Figure 3.1) that is associated with each server.

To open a server's Properties dialog box

In Exchange System Manager, right-click an Exchange server, and then select Properties.

Figure 3.1   The Properties dialog box for SERVER01

Of the eleven tabs in the Properties dialog box, this chapter focuses on those tasks associated with the following tabs: General, Locales, Mailbox Management, Directory Access, Policies, Security, Full-Text Indexing, Diagnostic Logging, and Public Folder Referrals.

Viewing Messages in Message Tracking Center

Message Tracking Center tracks messages across servers in both mixed- and native-mode Exchange organizations. Message Tracking Center can also track messages that are destined to or arriving from another messaging system, such as Lotus Notes. Through Message Tracking Center, you can search for all types of messages, including system messages (alerts that are displayed when problems occur), public folder messages, and e-mail messages.

Before enabling a server's messages to appear in Message Tracking Center, you must enable subject logging on the Exchange server. However, enabling this type of logging results in the subject lines of messages in Simple Mail Transfer Protocol (SMTP) and MAPI queues to be displayed in the Subject column of Queue Viewer. By default, the Subject column is left empty to preserve confidentiality. (For example, some Exchange organizations prefer to keep low-level administrators from viewing message subjects.) Therefore, verify your organization's policy about revealing subject line information prior to enabling subject logging.

To enable a server's messages to appear in Message Tracking Center

On the General tab in the server's Properties dialog box, select the Enable subject logging and display check box.

You can create a server policy to control the message tracking options of a group of servers in an administrative group. However, you can also enable message tracking on an individual server basis. For example, if you do not track messages on all of your servers, but users on a specific Exchange server are experiencing mail flow problems, you may want to enable message tracking on the server that is experiencing mail flow problems. Alternatively, you may want to track messages only on your Internet gateway servers.

When you enable message tracking on an individual server, messages routed through the server are added to the message tracking logs. These logs are text files that you can review to monitor and troubleshoot message flow. The Exchange System Attendant service on each server maintains these log files.

To enable message tracking

On the General tab in the server's Properties dialog box, select the Enable message tracking check box.

If you enable message tracking, you may want to customize how Exchange manages the resulting log files. By default, Exchange stores the message tracking log files in the C:Program FilesExchsrvr folder and removes these log files on a seven-day interval. These default settings may or may not fit the needs of your Exchange environment.

Selecting a Location for the Log Files

To specify a path and folder for message tracking log files, you use the Log file directory text box on the General tab of the server's Properties dialog box. When you change the path of the log file directory, Exchange saves future log files to the new path. However, Exchange does not move existing log files to the new location. You must do this manually.

Removing Log Files

If you allow log files to accumulate on the server, they can consume a large portion of disk space and may affect performance. You should review and remove log files periodically. However, make sure to leave log files on the server long enough for you to review files if a problem occurs with the message flow. As an additional step, you can move log files to another disk that has the bandwidth to accommodate larger log files.

To specify how often log files are removed

On the General tab in the server's Properties dialog box, select Remove log files.

In the Remove files older than (days) text box, type the number of days that you want the files to remain on the server before being deleted.

Designating a Front-End Server

When you configure a server to be a front-end server, you are usually dedicating the server to receive requests from messaging clients, such as HTTP, Internet Message Access Protocol version 4 (IMAP4), and Post Office Protocol version 3 (POP3), and to relay client requests to the appropriate back-end server.

The services that an Exchange front-end server requires depend on the protocols that you use on the server, and whether you will be making configuration changes after the initial setup. Table 3.1 lists which Exchange services are required for each protocol or tool that an Exchange front-end server uses.

Table 3.1   Services required on an Exchange front-end server

To designate a front-end server

On the General tab in the server's Properties dialog box, select the This is a front-end server check box.

After designating a server as a front-end server, you should remove any unnecessary components or disable any unnecessary services on the server. Removing these components or disabling these services allows the front-end server to relay client requests more efficiently and improves security by reducing the number of services or components that are vulnerable to attack. In particular, you can remove public folder stores and storage groups from an Exchange front-end server. Also, if your front-end users are not sending mail using SMTP, you can remove mailbox stores from the front-end server.

For more information about using a front-end and back-end topology, see Chapter 6, 'Managing Client Access to Exchange.'

Microsoft personnel monitor error reports to identify and correct common problems that customers encounter. If you do not enable the automatic error reporting option, a dialog box appears that prompts you to manually send the fatal error report.

To send error information to Microsoft

On the General tab in the server's Properties dialog box, select the Automatically send fatal service error information to Microsoft check box.

When you send error reports to Microsoft, they are sent over Secure HTTP (HTTPS), which is a more secure connection than HTTP.

For more information about automatic error reporting, see the 'Microsoft Online Crash Analysis' Web site ( https://go.microsoft.com/fwlink/?LinkId=18428

Configuring Language Settings

Different countries and regions have differing conventions regarding the formatting and presentation of information such as date, time, and currency. To accommodate these differences, you use the Locales tab to define how to display date, currency, and time values, and to define how to control other international settings, such as sorting order.

For each locale listed on the Locales tab, the server is able to supply clients with data sorted and formatted according to the conventions used in that locale. For example, if Hindi appears in the list, Hindi language clients that connect to the server see information sorted and formatted in Hindi.

To add a locale to the server

On the Locales tab in the server's Properties dialog box, click Add (see Figure 3.2).

Figure 3.2   Locales tab

In the Add Locale dialog box (see Figure 3.3), select a language, and then click OK.

Figure 3.3   Add Locale dialog box

Exchange Mailbox Manager policies set age and size limits for messages. After you create and configure a recipient policy for Mailbox Manager settings, you must schedule when the Mailbox Manager process runs on a server and whether the process generates a report. When a policy runs, the policy processes messages that exceed its defined limits. For more information about Mailbox Manager and recipient policies, see Chapter 4, 'Managing Recipients and Recipient Policies.'

To schedule when the Mailbox Manager process runs and whether the process generates a report, you use the Mailbox Management tab (see Figure 3.4) in the server's Properties dialog box.

Figure 3.4   Mailbox Management tab

Defining a Schedule

In the Start mailbox management process drop-down list, you select when you want the Mailbox Management process to start (on that particular server) according to the rules defined by associated recipient policies. The recipient policies that are associated with the server determine which mailbox or mailboxes that Mailbox Manager cleans.

To define a schedule

On the Mailbox Management tab in the server's Properties dialog box, in the Start mailbox management process list, select a schedule, and then click OK.

You can also customize the mailbox management schedule to suit your organizational needs. For example, you could create a custom schedule that runs Mailbox Manager on Saturday at midnight.

To define a custom schedule

On the Mailbox Management tab in the server's Properties dialog box, in the Start mailbox management process list, select Use custom schedule, click Customize, and then enter the schedule information.

When you schedule Mailbox Manager, you can designate a mailbox that receives Mailbox Manager reports. You can also select the type of report to be generated. The report can include different types of information, such as when Mailbox Manager ran, which mailbox recipient policies were applied, which mailboxes were processed, which folders were processed, the number of messages that were moved or deleted, and the size of messages that were moved or deleted.

To set reporting options

On the Mailbox Management tab in the server's Properties dialog box, in the Reporting drop-down list, select the type of report that you want created whenever mailboxes are processed:

A summary report that contains basic information, including the total size of all messages that Mailbox Manager moved or deleted.

A detailed report that includes the specific policies that Mailbox Manager ran, the specific mailboxes that were processed, and the specific folders within each mailbox that were processed each time Mailbox Manager runs.

In the Administrator text box, click Browse, and then select a mailbox in your organization to receive these reports.

Diagnostics logging levels determine which additional Exchange events are written to the Application event log in Event Viewer, a Microsoft Windows ServerT 2003 component that you can use to monitor hardware and software activities. You can use diagnostics logging to record significant events that are related to authentication, connections, and user actions.

The first step in configuring diagnostics logging is to decide which services on an Exchange server should be enabled for diagnostics logging (see Table 3.2).

Table 3.2   Diagnostics logging services

After selecting a service, the next step is to set the logging levels for those services. There are four logging levels of detail (see Table 3.3). When Exchange generates an event less than or equal to the logging level, the event is logged. Events range from significant events (such as application failures) to moderately important events (such as the receipt of messages across a gateway) to events that are relevant only to debugging. Usually, you log only critical events. However, when problems occur, diagnostics logging enables you to change the logging levels to capture more events in greater detail.

Table 3.3   Logging levels

After selecting a logging level, logging begins automatically whenever you start Exchange. You can view the log entries in Event Viewer.

To configure diagnostics logging

On the Diagnostics Logging tab in the server's Properties dialog box, in the Services list, select an Exchange 2003 service (see Table 3.2) on which you want to set category logging levels.

In the Categories list, select the categories and logging levels (see Table 3.3) that you want to configure.

Customizing Public Folder Referrals

When a user connects to a public folder store that does not contain a copy of the public folder content that the user is looking for, Exchange redirects or refers the user to another public folder store that does have a copy of the content. By default, Exchange attempts to redirect the user to a server within the local routing group. If those servers do not have the required content, Exchange follows the organization's routing group topology to find an appropriate server. Exchange finds an appropriate server based on the most efficient routing path, using costs of connectors between routing groups.

Because Exchange keeps track of available connections between routing groups and uses the most efficient route possible, it is recommended that you use routing groups (the default) to determine how Exchange refers a user to another public folder. However, if you need to troubleshoot a specific server, or if you are performing maintenance on part of your network and want to designate specific servers that are available during this maintenance, you can create a custom list of servers for public folder referrals.

To create a custom list of servers for public folder referrals, you use the Public Folder Referrals tab (see Figure 3.5). When you create a custom list of servers, you also assign costs to prioritize the servers in your referral list.

To specify a custom list for public folder referrals

On the Public Folder Referrals tab in the server's Properties dialog box (see Figure 3.5), in the Public folder referral options list, select Use Custom List.

Figure 3.5   Public Folder Referrals tab

Click Add to add the appropriate servers.

Assigning Costs on the Public Folder Referrals List

Costs are a method of prioritizing servers in the public folder referral list. You define costs for each connector within your organization using network connectivity and available bandwidth as criteria. You then assign the lowest cost to the connectors that have the best network connectivity and the most available bandwidth. Exchange uses higher-cost servers only if lower-cost servers are not available.

When you select the Use Custom List option and create a list of servers that are available for referrals, the Public Folder Referrals tab displays both the name of each server in the list and any costs that are associated with those servers. If you want to prioritize the order in which Exchange uses the listed servers, you need to change the costs associated with each server, assigning lower costs to those servers that you want Exchange to use first.

To change a server's priority in a custom public folder referrals list

On the Public Folder Referrals tab in the server's Properties dialog box, select a server in the list, and then click Modify.

In the Modify Referral Cost dialog box (see Figure 3.6), specify a cost for that server.

Figure 3.6   Modify Referral Cost dialog box

Understanding Directory Access Options

As discussed in Chapter 1, 'Preparing to Administer Exchange Server 2003,' and Chapter 2, 'Managing an Exchange Organization,' Exchange is tightly integrated with Active Directory. This integration requires that the core components of Exchange 2003 access directory information in Active Directory. The shared component called Directory Access (DSAccess) controls how most components (see Table 3.4) in Exchange interact with Active Directory.

Table 3.4   Exchange components dependent on DSAccess

In Exchange 2003, DSAccess is the centralized mechanism that determines the Active Directory topology, opens the appropriate Lightweight Directory Access Protocol (LDAP) connections, and works around server failures. DSAccess is responsible for the following functions:

Retrieving and writing information from Active Directory, such as configuration data and recipients.

Caching information from Active Directory for better performance when querying Active Directory. DSAccess caches configuration and recipient data locally so that this information is available for subsequent queries from other Exchange servers. Caching information locally has the additional benefit of preventing the network traffic that is caused by additional queries to Active Directory.

Constructing a list of available domain controllers and global catalog servers that other Exchange components can query. For example:

The MTA routes LDAP queries through the DSAccess layer to Active Directory.

To connect to databases, the store process uses DSAccess to obtain configuration information from Active Directory.

To route messages, the transport process uses DSAccess to obtain information about the connector arrangement.

Of the previously listed functions, the only function that you can control on a server is the one that deals with constructing a list of available domain controllers and global catalog servers. You can have this list constructed automatically by DSAccess, or you can manually create this list for DSAccess to use.

Automatically Constructing a Topology for Directory Access

By default, on each Exchange server, DSAccess automatically detects the appropriate domain controllers and global catalog servers in Active Directory for the Exchange server to query. The setting that controls this default behavior is the Automatically discover servers check box near the bottom of the Directory Access tab in the server's Properties dialog box (see Figure 3.7).

Figure 3.7   Directory Access tab

Selecting the Automatically discover servers check box enables DSAccess components to automatically discover the following servers in an Exchange organization:

Configuration domain controller   The single domain controller that reads and writes information in the configuration naming context in Active Directory. DSAccess chooses a domain controller or global catalog server to act as the configuration domain controller. All configuration data is written and read by this configuration domain controller.

Working domain controllers   As many as ten domain controllers that perform Active Directory lookups for objects in the local domain. These domain controllers are primarily used to update objects within the local domain or read non-configuration data that is not replicated to global catalog servers.

Working global catalog servers   As many as ten global catalog servers that perform forest-wide queries. All user data is looked up on the global catalog servers.

To discover these servers, Directory Access locates domain controllers and global catalog servers that run Microsoft Windows Server 2003, or Microsoft Windows 2000 Server Service Pack 3 (SP3) or higher. Directory Access then tests these servers and chooses suitable servers for Exchange services to use to perform Active Directory queries.

To troubleshoot problems with a specific global catalog server or domain controller, you may want to override the automatic discovery of servers by clearing the Automatically discover servers check box. For example, to determine whether queries to a global catalog server are working correctly, you can manually set this server as the only available global catalog server.

When you manually create a topology for DSAccess, you no longer have the advantages of automatic failover and load balancing that you have when DSAccess automatically discovers the topology. If a server that you set manually becomes unavailable, the list does not update and Exchange still attempts to use the unavailable server, thereby causing Exchange to fail.

If you manually set a domain controller or global catalog server on the Directory Access tab in the Properties dialog box of a server that is not running Windows 2000 Server SP3 or later, Exchange will not use the domain controller or global catalog server, and Exchange logs an Event 2116.

To manually create a topology for Directory Access

On the Directory Access tab in the server's Properties dialog box, in the Show list, select the type of servers that you want to view.

Clear the Automatically discover servers check box.

This clears the current list of servers.

Click Add to add servers to or click Remove to remove servers from the topology.

System policies facilitate flexible administration of large numbers of Exchange services. A system policy defines settings that you apply to one or more Exchange servers. For example, you can use a system policy to create a consistent method of tracking messages across a group of servers.

Because policies affect a group of servers, you can only view the policies that have been applied to a server on the Policies tab (see Figure 3.8) in the server's Properties dialog box. You cannot modify or remove those policies using this tab. To modify or remove a system policy that has been applied to a particular server, you must change the policy itself. For more information about system policies, see Chapter 2, 'Managing an Exchange Organization.'

Figure 3.8   Policies tab

Setting Server-Specific Permissions

Permissions control access to Exchange objects. You can set permissions on some Exchange objects individually. These objects include public folder trees, address lists, mailbox stores, protocols, and servers. For these objects, Exchange uses and extends Active Directory permissions. Examples of Active Directory permissions are Read, Write, and List contents. Examples of extended Exchange permissions are Create public folder and View Information Store status. When you look at an object's permissions, Active Directory permissions appear first in the list, followed by Exchange extended permissions.

Permissions in Exchange are inherited by default. For example, the permissions that you apply to a particular server are inherited by the objects that the server contains, such as the public folder and mailbox stores on that server. Inherited permissions are convenient because you do not have to set the permissions for every object in your Exchange organization manually.

You can set permissions using the Exchange Delegation Wizard and apply these settings to an entire Exchange organization or to a specific administrative group. Because permissions are inherited, these permissions control who can view or modify settings at the server level. By default, these permissions are configured to support the standard Exchange administrator types (Exchange View Only Administrator, Exchange Administrator, and Exchange Full Administrator). You are strongly advised to use the standard Exchange administrator types and only change the settings if more granular settings are required by your organization's security policy.

To modify permissions on a specific server

On the Security tab (see Figure 3.9) in the server's Properties dialog box, in the Group or user names list, select the group or user name for which you want to modify permissions.

Figure 3.9   Security tab

In the Permissions for <selected entry> list, select the appropriate permissions.

Exchange can create and manage indexes for fast searches and lookups. With full-text indexing, Exchange indexes every word in a database, making faster searching possible. Full-text indexing is a feature that you can configure for individual stores on a server, and optimize on a server-by-server basis across your Exchange organization. For more information about how to configure full-text indexing to support your Exchange organization, see Chapter 4, 'Managing Recipients and Recipient Policies' and Appendix F, 'Using Full-Text Indexing.'

Full-text indexing allows IMAP4 clients and MAPI clients, such as Microsoft Office Outlook, to conduct full-text searches. For Outlook users, the version of Outlook determines what search options the user has:

In Outlook 2002, both the Find and Advanced Find options on the Tools menu initiate a full-text search.

In Outlook 2000, only the Advanced Find option initiates a full-text search. The Find option initiates a character-based search.

Indexing is a resource-intensive feature that requires considerable CPU cycles. Indexing gigabytes of data can take hours or days. You should schedule indexing at times when the server is not under usage load.

To control server performance during indexing

On the Full-Text Indexing tab (see Figure 3.10) in the server's Properties dialog box, in the System resource usage list, select a usage level: Minimum, Low, High, or Maximum.

Figure 3.10   Full-Text Indexing tab