Documente Academic
Documente Profesional
Documente Cultură
Microsoft Exchange ®
Server 2003
Workbook
Workshop: 2011A
Released: 12/2003
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Workshop: 2011A
Part Number: X10-27595
Released: 12/2003
END-USER LICENSE AGREEMENT FOR MICROSOFT OFFICIAL CURRICULUM (“MOC”)
COURSEWARE –TRAINER EDITION
PLEASE READ THIS END-USER LICENSE AGREEMENT (“EULA”) CAREFULLY. BY USING THE
CONTENT AND/OR USING OR INSTALLING THE SOFTWARE THAT ACCOMPANIES THIS EULA
(COLLECTIVELY, THE “LICENSED CONTENT”), YOU AGREE TO THE TERMS OF THIS EULA. IF
YOU DO NOT AGREE, DO NOT USE THE LICENSED CONTENT.
1. GENERAL. This EULA is a legal agreement between you (either an individual or a single entity)
and Microsoft Corporation (“Microsoft”). This EULA governs the Licensed Content, which include
computer software (including online and electronic documentation), training materials, and any other
associated media and printed materials. This EULA applies to updates, supplements, add-on components,
and Internet-based services components of the Licensed Content that Microsoft may provide or make
available to you unless Microsoft provides other terms with the update, supplement, add-on component, or
Internet-based services component. Microsoft reserves the right to discontinue any Internet-based services
provided to you or made available to you through the use of the Licensed Content. This EULA also governs
any product support services relating to the Licensed Content except as may be included in another
agreement between you and Microsoft. An amendment or addendum to this EULA may accompany the
Licensed Content. The Licensed Content is comprised of, but not limited to, the following: software
components, which may be specific to the trainer (the “Trainer Software”), the student software component
(“Student Software”), and a manual, which includes documents (such as student workbooks, white papers,
press releases, datasheets and FAQs) (the “Documents”).
2. GENERAL GRANT OF LICENSE. Microsoft grants you the following rights, conditioned on your
compliance with all the terms and conditions of this EULA. Microsoft grants you a limited, non-exclusive,
royalty-free license to install and use the Licensed Content solely for the purpose of providing an Authorized
Training Session (as defined below). For the term of any Authorized Training Session, you may: (a) install
individual copies of the Student Software on classroom devices provided that the number of copies in use
does not exceed the number of duly enrolled students for any given Authorized Training Session; OR
(b) you may install one copy of the Student Software and, if applicable, the virtual hard drives on a network
server, provided that the number of devices accessing the Student Software and the virtual hard drives on
the server does not exceed the number of students for any given Authorized Training Session. In addition,
solely for the purposes of providing the Authorized Training Session, the trainer of the Authorized Training
Session may install and use one copy of the Trainer Software, and, if applicable, one copy of the Virtual PC
Software (as defined below) on a portable device for the exclusive use of such trainer. An “Authorized
Training Session” means a training session authorized by Microsoft and conducted at a Microsoft Certified
Technical Education Center, an IT Academy, via a Microsoft Certified Partner, or such other entity or venue
as Microsoft may designate from time to time in writing, by a Microsoft Certified Trainer providing training
solely on Microsoft official courses (for more information on these entities, please visit www.microsoft.com).
WITHOUT LIMITING THE FOREGOING, COPYING OR REPRODUCTION OF THE LICENSED
CONTENT TO ANY SERVER OR LOCATION FOR FURTHER REPRODUCTION OR REDISTRIBUTION IS
EXPRESSLY PROHIBITED.
3. DESCRIPTION OF OTHER RIGHTS AND LICENSE LIMITATIONS
3.1 Time-sensitive Software. The Licensed Content may contain Virtual PC Software, which is
provided as time-sensitive software. The terms of this EULA supercede any other terms you may find in the
Licensed Content. With respect to the Virtual PC Software, you may install and use the Virtual PC Software
solely for the purpose of providing an Authorized Training Session. For the term of any Authorized
Training Session, you may: (a) install individual copies of the Virtual PC Software on classroom devices
provided that the number of copies in use does not exceed the number of duly enrolled students for any
given Authorized Training Session; OR (b) you may install one copy of the Virtual PC Software on a network
server, provided that the number of devices accessing the Virtual PC Software on the server does not exceed
the number of students for any given Authorized Training Session. WITHOUT LIMITING THE
FOREGOING, COPYING OR REPRODUCTION OF THE VIRTUAL PC SOFTWARE TO ANY SERVER OR
LOCATION FOR FURTHER REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY PROHIBITED.
YOUR RIGHT TO USE THE VIRTUAL PC SOFTWARE SHALL BE EFFECTIVE UNTIL August 14, 2004.
THE VIRTUAL PC SOFTWARE IS TIME SENSITIVE AND WILL NOT FUNCTION UPON EXPIRATION
OF THIS DATE. NOTICE OF EXPIRATION WILL NOT ACTIVELY BE GIVEN, SO YOU NEED TO PLAN
FOR THE EXPIRATION DATE AND MAKE A COPY OF AND REMOVE YOUR IMPORTANT DATA
BEFORE EXPIRATION. If you desire to use the Virtual PC Software after this Agreement has expired,
you will need to acquire a validly licensed copy of the commercial release version of the Virtual PC
Software.
3.2 Use of Documentation and Printed Training Content.
3.2.1 The documents and related graphics included in the Licensed Content may include
technical inaccuracies or typographical errors. Changes are periodically made to the content. Microsoft may
make improvements and/or changes in any of the components of the Licensed Content at any time without
notice. The names of companies, products, people, characters and/or data mentioned in the Licensed
Content may be fictitious and are in no way intended to represent any real individual, company, product or
event, unless otherwise noted.
3.2.2 Microsoft grants you the right to reproduce portions of the Documents provided
with the Licensed Content. You may not print any book (either electronic or print version) in its entirety. If
you choose to reproduce Documents, you agree that: (a) use of such printed Documents will be solely in
conjunction with providing an Authorized Training Session; (b) the Documents will not republished or
posted on any network computer or broadcast in any media; (c) any reproduction will include either the
Document’s original copyright notice or a copyright notice to Microsoft’s benefit substantially in the format
provided below; and (d) to comply with all terms and conditions of this EULA. In addition, no
modifications may be made to any Document, except that trainers of an Authorized Training Session may
modify the Instructor Notes and Blended Delivery Guide included in the Trainer’s Edition.
Form of Notice:
© 2003. Reprinted with permission by Microsoft Corporation. All rights
reserved.
Microsoft and Windows are either registered trademarks or trademarks of
Microsoft Corporation in the US and/or other countries. Other product and
company names mentioned herein may be the trademarks of their respective
owners.
3.3 Use of Media Elements. The Licensed Content may include certain photographs, clip art,
animations, sounds, music, and video clips (together "Media Elements"). You may not modify these Media
Elements.
3.4 Use of PowerPoint Slide Deck Templates. The License Content may include Microsoft
PowerPoint slide decks. You may use, copy and modify the PowerPoint slide decks solely in conjunction
with providing an Authorized Training Session; if you elect to exercise the foregoing rights, you agree:
(a) that modification of the slide decks will not constitute creation of obscene or scandalous works, as
defined by federal law at the time the work is created; and (b) to comply with all other terms and conditions
of this EULA, including without limitation Sections 3.7, 3.8 and 6.
3.5 Use of Trainer’s Edition Components. Solely in conjunction with providing an Authorized
Training Session, you may customize portions of the Licensed Content such as labs, simulations, animations,
modules, and assessment items and other components logically associated with the instruction of an
Authorized Training Session.
3.6 Use of Sample Code. In the event that the Licensed Content includes sample code in source or
object code format (“Sample Code”), Microsoft grants you a limited, non-exclusive, royalty-free license to
use, copy and modify the Sample Code; if you elect to exercise the foregoing rights, you agree to comply
with all other terms and conditions of this EULA, including without limitation Sections 3.7, 3.8, and 6.
3.7 Permitted Modifications. In the event that you exercise any rights provided under this EULA
to create modifications of the Licensed Content, you agree that any such modifications: (a) will not be used
for providing training where a fee is charged in public or private classes other than an Authorized Training
Session; (b) indemnify, hold harmless, and defend Microsoft from and against any claims or lawsuits,
including attorneys’ fees, which arise from or result from your use of any modified version of the Licensed
Content; and (c) not to transfer or assign any rights to any modified version of the License Content to any
third party without the express written permission of Microsoft.
3.8 Reproduction/Redistribution Licensed Content. Except as expressly provided in this EULA, you
may not reproduce or distribute the Licensed Content or any portion thereof (including any permitted
modifications) to any third parties without the express written permission of Microsoft.
4. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly
granted to you in this EULA. The Licensed Content is protected by copyright and other intellectual property
laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in
the Licensed Content. You may not remove or obscure any copyright, trademark or patent notices that
appear on the Licensed Content, or any components thereof, as delivered to you. The Licensed Content is
licensed, not sold.
5. LIMITATIONS ON REVERSE ENGINEERING, DECOMPILATION, AND DISASSEMBLY. You
may not reverse engineer, decompile, or disassemble the Software or Media Elements, except and only to the
extent that such activity is expressly permitted by applicable law notwithstanding this limitation.
6. LIMITATIONS ON SALE, RENTAL, ETC. AND CERTAIN ASSIGNMENTS. You may not
provide commercial hosting services with, sell, rent, lease, lend, sublicense, or assign copies of the Licensed
Content, or any portion thereof (including any permitted modifications thereof) on a stand-alone basis or as
part of any collection, product or service.
7. CONSENT TO USE OF DATA. You agree that Microsoft and its affiliates may collect and use
technical information gathered as part of the product support services provided to you, if any, related to the
Licensed Content. Microsoft may use this information solely to improve our products or to provide
customized services or technologies to you and will not disclose this information in a form that personally
identifies you.
8. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the
Licensed Content. The third party sites are not under the control of Microsoft, and Microsoft is not
responsible for the contents of any third party sites, any links contained in third party sites, or any changes
or updates to third party sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any third party sites. Microsoft is providing these links to third party sites to you only as a
convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party
site.
9. ADDITIONAL LICENSED CONTENT/SERVICES. This EULA applies to updates, supplements,
add-on components, or Internet-based services components, of the Licensed Content that Microsoft may
provide to you or make available to you after the date you obtain your initial copy of the Licensed Content,
unless we provide other terms along with the update, supplement, add-on component, or Internet-based
services component. Microsoft reserves the right to discontinue any Internet-based services provided to you
or made available to you through the use of the Licensed Content.
10. U.S. GOVERNMENT LICENSE RIGHTS. All Software provided to the U.S. Government pursuant
to solicitations issued on or after December 1, 1995 is provided with the commercial license rights and
restrictions described elsewhere herein. All software provided to the U.S. Government pursuant to
solicitations issued prior to December 1, 1995 is provided with “Restricted Rights” as provided for in FAR,
48 CFR 52.227-14 (JUNE 1987) or DFAR, 48 CFR 252.227-7013 (OCT 1988), as applicable.
11. EXPORT RESTRICTIONS. You acknowledge that the Licensed Content is subject to U.S. export
jurisdiction. You agree to comply with all applicable international and national laws that apply to the
Licensed Content, including the U.S. Export Administration Regulations, as well as end-user, end-use, and
destination restrictions issued by U.S. and other governments. For additional information see
<http://www.microsoft.com/exporting/>.
12. TRANSFER. The initial user of the Licensed Content may make a one-time permanent transfer of
this EULA and Licensed Content to another end user, provided the initial user retains no copies of the
Licensed Content. The transfer may not be an indirect transfer, such as a consignment. Prior to the transfer,
the end user receiving the Licensed Content must agree to all the EULA terms.
13. “NOT FOR RESALE” LICENSED CONTENT. Licensed Content identified as “Not For Resale” or
“NFR,” may not be sold or otherwise transferred for value, or used for any purpose other than
demonstration, test or evaluation.
14. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this EULA if you
fail to comply with the terms and conditions of this EULA. In such event, you must destroy all copies of the
Licensed Content and all of its component parts.
15. DISCLAIMER OF WARRANTIES. TO THE MAXIMUM EXTENT PERMITTED BY
APPLICABLE LAW, MICROSOFT AND ITS SUPPLIERS PROVIDE THE LICENSED MATERIAL AND
SUPPORT SERVICES (IF ANY) AS IS AND WITH ALL FAULTS, AND MICROSOFT AND ITS
SUPPLIERS HEREBY DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, WHETHER
EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY (IF ANY) IMPLIED
WARRANTIES, DUTIES OR CONDITIONS OF MERCHANTABILITY, OF FITNESS FOR A
PARTICULAR PURPOSE, OF RELIABILITY OR AVAILABILITY, OF ACCURACY OR
COMPLETENESS OF RESPONSES, OF RESULTS, OF WORKMANLIKE EFFORT, OF LACK OF
VIRUSES, AND OF LACK OF NEGLIGENCE, ALL WITH REGARD TO THE LICENSED CONTENT,
AND THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES,
INFORMATION, SOFTWARE, AND RELATED CONTENT THROUGH THE LICENSED CONTENT,
OR OTHERWISE ARISING OUT OF THE USE OF THE LICENSED CONTENT. ALSO, THERE IS NO
WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION,
CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THE
LICENSED CONTENT. THE ENTIRE RISK AS TO THE QUALITY, OR ARISING OUT OF THE USE
OR PERFORMANCE OF THE LICENSED CONTENT, AND ANY SUPPORT SERVICES, REMAINS
WITH YOU.
16. EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES. TO
THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT
OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, INDIRECT, OR
CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES
FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS
INTERRUPTION, FOR PERSONAL INJURY, FOR LOSS OF PRIVACY, FOR FAILURE TO MEET ANY
DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR
ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY
RELATED TO THE USE OF OR INABILITY TO USE THE LICENSED CONTENT, THE PROVISION OF
OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES, INFORMATION, SOFTWARE, AND
RELATED CONTENT THROUGH THE LICENSED CONTENT, OR OTHERWISE ARISING OUT OF
THE USE OF THE LICENSED CONTENT, OR OTHERWISE UNDER OR IN CONNECTION WITH
ANY PROVISION OF THIS EULA, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING
NEGLIGENCE), MISREPRESENTATION, STRICT LIABILITY, BREACH OF CONTRACT OR BREACH
OF WARRANTY OF MICROSOFT OR ANY SUPPLIER, AND EVEN IF MICROSOFT OR ANY
SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME
STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO
YOU.
17. LIMITATION OF LIABILITY AND REMEDIES. NOTWITHSTANDING ANY DAMAGES
THAT YOU MIGHT INCUR FOR ANY REASON WHATSOEVER (INCLUDING, WITHOUT
LIMITATION, ALL DAMAGES REFERENCED HEREIN AND ALL DIRECT OR GENERAL DAMAGES
IN CONTRACT OR ANYTHING ELSE), THE ENTIRE LIABILITY OF MICROSOFT AND ANY OF ITS
SUPPLIERS UNDER ANY PROVISION OF THIS EULA AND YOUR EXCLUSIVE REMEDY
HEREUNDER SHALL BE LIMITED TO THE GREATER OF THE ACTUAL DAMAGES YOU INCUR IN
REASONABLE RELIANCE ON THE LICENSED CONTENT UP TO THE AMOUNT ACTUALLY PAID
BY YOU FOR THE LICENSED CONTENT OR US$5.00. THE FOREGOING LIMITATIONS,
EXCLUSIONS AND DISCLAIMERS SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY
APPLICABLE LAW, EVEN IF ANY REMEDY FAILS ITS ESSENTIAL PURPOSE.
18. APPLICABLE LAW. If you acquired this Licensed Content in the United States, this EULA is
governed by the laws of the State of Washington. If you acquired this Licensed Content in Canada, unless
expressly prohibited by local law, this EULA is governed by the laws in force in the Province of Ontario,
Canada; and, in respect of any dispute which may arise hereunder, you consent to the jurisdiction of the
federal and provincial courts sitting in Toronto, Ontario. If you acquired this Licensed Content in the
European Union, Iceland, Norway, or Switzerland, then local law applies. If you acquired this Licensed
Content in any other country, then local law may apply.
19. ENTIRE AGREEMENT; SEVERABILITY. This EULA (including any addendum or amendment to
this EULA which is included with the Licensed Content) are the entire agreement between you and
Microsoft relating to the Licensed Content and the support services (if any) and they supersede all prior or
contemporaneous oral or written communications, proposals and representations with respect to the
Licensed Content or any other subject matter covered by this EULA. To the extent the terms of any
Microsoft policies or programs for support services conflict with the terms of this EULA, the terms of this
EULA shall control. If any provision of this EULA is held to be void, invalid, unenforceable or illegal, the
other provisions shall continue in full force and effect.
Should you have any questions concerning this EULA, or if you desire to contact Microsoft for any reason,
please use the address information enclosed in this Licensed Content to contact the Microsoft subsidiary
serving your country or visit Microsoft on the World Wide Web at http://www.microsoft.com.
DÉNI DE GARANTIES. Dans la mesure maximale permise par les lois applicables, le Contenu Sous
Licence et les services de soutien technique (le cas échéant) sont fournis TELS QUELS ET AVEC TOUS
LES DÉFAUTS par Microsoft et ses fournisseurs, lesquels par les présentes dénient toutes autres garanties
et conditions expresses, implicites ou en vertu de la loi, notamment, mais sans limitation, (le cas échéant)
les garanties, devoirs ou conditions implicites de qualité marchande, d’adaptation à une fin usage
particulière, de fiabilité ou de disponibilité, d’exactitude ou d’exhaustivité des réponses, des résultats,
des efforts déployés selon les règles de l’art, d’absence de virus et d’absence de négligence, le tout à
l’égard du Contenu Sous Licence et de la prestation des services de soutien technique ou de l’omission de
la ’une telle prestation des services de soutien technique ou à l’égard de la fourniture ou de l’omission de
la fourniture de tous autres services, renseignements, Contenus Sous Licence, et contenu qui s’y rapporte
grâce au Contenu Sous Licence ou provenant autrement de l’utilisation du Contenu Sous Licence. PAR
AILLEURS, IL N’Y A AUCUNE GARANTIE OU CONDITION QUANT AU TITRE DE PROPRIÉTÉ, À
LA JOUISSANCE OU LA POSSESSION PAISIBLE, À LA CONCORDANCE À UNE DESCRIPTION NI
QUANT À UNE ABSENCE DE CONTREFAÇON CONCERNANT LE CONTENU SOUS LICENCE.
À moins que cela ne soit prohibé par le droit local applicable, la présente Convention est régie par les lois de
la province d’Ontario, Canada. Vous consentez Chacune des parties à la présente reconnaît irrévocablement
à la compétence des tribunaux fédéraux et provinciaux siégeant à Toronto, dans de la province d’Ontario et
consent à instituer tout litige qui pourrait découler de la présente auprès des tribunaux situés dans le district
judiciaire de York, province d’Ontario.
Au cas où vous auriez des questions concernant cette licence ou que vous désiriez vous mettre en rapport
avec Microsoft pour quelque raison que ce soit, veuillez utiliser l’information contenue dans le Contenu Sous
Licence pour contacter la filiale de succursale Microsoft desservant votre pays, dont l’adresse est fournie
dans ce produit, ou visitez écrivez à : Microsoft sur le World Wide Web à http://www.microsoft.com
Troubleshooting Microsoft® Exchange Server 2003 ix
Contents
Introduction
What Is a Workshop? ..............................................................................................2
Workshop Materials ................................................................................................3
Prerequisites ............................................................................................................4
Workshop Outline ...................................................................................................5
Demonstration: Using Virtual PC............................................................................7
Setup........................................................................................................................8
Microsoft Certified Professional Program.............................................................10
Facilities ................................................................................................................13
Unit 1: Introduction to Troubleshooting Exchange Server 2003
Overview .................................................................................................................1
Understanding Exchange Server 2003.....................................................................2
Troubleshooting Methodology ................................................................................4
Preparing to Troubleshoot Exchange Server 2003 ..................................................6
Pre-Lab Discussion..................................................................................................8
Lab: Exploring the Troubleshooting Environment..................................................9
Lab Discussion ......................................................................................................18
Unit 2: Troubleshooting Network Connectivity
Overview .................................................................................................................1
Tools for Troubleshooting Network Connectivity...................................................2
Common Network Connectivity Problems..............................................................3
Pre-Lab Discussion..................................................................................................4
Lab: Troubleshooting Connectivity Problems.........................................................5
Lab Discussion ......................................................................................................15
Unit 3: Troubleshooting Public Folders and Mailboxes
Overview .................................................................................................................1
Troubleshooting Client Connectivity to Mailboxes and Public Folders..................2
Troubleshooting Mailbox and Public Folder Properties..........................................5
Troubleshooting Single Server Message Flow ........................................................8
Troubleshooting the Recipient Update Service .....................................................10
Pre-Lab Discussion................................................................................................12
Lab: Troubleshooting Public Folder and Mailbox Problems.................................13
Lab Discussion ......................................................................................................26
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile
Access
Overview .................................................................................................................1
Troubleshooting Outlook Web Access....................................................................2
Troubleshooting Outlook Web Access in a Front-End and Back-End Server
Topology..................................................................................................................5
Troubleshooting Outlook Mobile Access................................................................7
Pre-Lab Discussion..................................................................................................9
Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access
Problems ................................................................................................................10
Lab Discussion ......................................................................................................22
x Troubleshooting Microsoft® Exchange Server 2003
Workshop objectives After completing this workshop, students will be able to:
! Apply knowledge of a troubleshooting methodology to identify and resolve
a problem.
! Identify and resolve network connectivity problems and problems arising
from host resolution protocols.
! Identify and resolve problems with public folders and mailboxes.
! Identify and resolve front-end server and back-end server issues that cause
problems with Microsoft Outlook® Web Access (OWA).
! Identify and resolve problems with Internet protocol virtual servers such as
Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol
(IMAP), and Post Office Protocol (POP).
! Identify and resolve connectivity problems between servers running
Exchange Server 2003, connectivity problems between Exchange
Server 2003 and other messaging systems, and problems with relay
configurations.
! Identify and resolve problems with bandwidth, services, database
corruption, service failures, disk space, and other server performance issues.
! Identify and resolve encryption and digital signature issues and problems
caused by viruses.
! Identify and resolve problems related to migrating from Exchange 5.5 to
Exchange 2003.
! Apply knowledge of troubleshooting methodology to create a
troubleshooting strategy and identify the appropriate tools, processes, and
procedures for each step of the strategy.
Troubleshooting Microsoft® Exchange Server 2003 xv
Workshop Timing
The following schedule is an estimate of the workshop timing. Timing may
vary.
Day 1
Start End Unit
9:00 9:30 Introduction
9:30 9:45 Unit 1: Introduction to Troubleshooting Exchange Server 2003
9:45 10:45 Lab: Exploring the Troubleshooting Environment
10:45 11:00 Break
11:00 11:15 Unit 2: Troubleshooting Network Connectivity
11:15 12:00 Lab: Troubleshooting Connectivity Problems
12:00 1:00 Lunch
1:00 2:30 Lab: Troubleshooting Connectivity Problems (continued)
2:30 2:45 Break
2:45 3:00 Unit 3: Troubleshooting Public Folders and Mailboxes
3:00 4:15 Lab: Troubleshooting Public Folder and Mailbox Problems
4:15 4:30 Unit 4: Troubleshooting Outlook Web Access and Outlook
Mobile Access
Day 2
Start End Unit
8:30 9:00 Day 1 review
9:00 10:00 Lab: Troubleshooting Outlook Web Access and Outlook Mobile
Access Problems
10:00 10:15 Break
10:15 11:45 Lab: Troubleshooting Outlook Web Access and Outlook Mobile
Access Problems (continued)
11:45 12:45 Lunch
12:45 1:00 Unit 5: Troubleshooting Client Connectivity
1:00 2:00 Lab: Troubleshooting Client Connectivity Problems
2:00 2:15 Break
2:15 3:15 Lab: Troubleshooting Client Connectivity Problems (continued)
3:15 3:30 Unit 6: Troubleshooting Server Connectivity
3:30 5:00 Lab: Troubleshooting Server Connectivity Problems
xvi Troubleshooting Microsoft® Exchange Server 2003
Day 3
Start End Unit
8:30 9:00 Day 2 review
9:00 9:15 Unit 7: Troubleshooting Server Performance
9:15 10:15 Lab: Troubleshooting Server Performance
10:15 10:30 Break
10:30 10:45 Unit 8: Troubleshooting Security Issues
10:45 12:00 Lab: Troubleshooting Exchange Security
12:00 1:00 Lunch
1:00 1:45 Lab: Troubleshooting Security Issue Problems (continued)
1:45 2:00 Unit 9 : Troubleshooting the Migration to Exchange 2003
2:00 2:15 Break
2:15 3:45 Lab: Troubleshooting the Migration to Exchange 2003
3:45 4:30 Unit 10: Troubleshooting an Exchange Server 2003 Organization
Troubleshooting Microsoft® Exchange Server 2003 xvii
! Pptview. This folder contains the Microsoft PowerPoint Viewer 97, which
can be used to display the PowerPoint slides if Microsoft PowerPoint 2002
is not available. Do not use this version in the classroom.
! Setup. This folder contains the files that install the course and related
software on classroom computers.
! Student. This folder contains the Web page that provides students with links
to resources pertaining to this course, including additional reading, review
and lab answers, lab files, multimedia presentations, and course-related Web
sites.
! Tprep. This file contains the Trainer Preparation Presentation for this
course. Review these materials before teaching this course.
! Webfiles. This folder contains the files that are required to view the course
Web page. To open the Web page, open Windows Explorer, and in the root
directory of the compact disc, double-click Default.htm or Autorun.exe.
xviii Troubleshooting Microsoft® Exchange Server 2003
Document Conventions
The following conventions are used in course materials to distinguish elements
of the text.
Convention Use
Contents
Introduction 1
What Is a Workshop? 2
Workshop Materials 3
Prerequisites 4
Workshop Outline 5
Demonstration: Using Virtual PC 7
Setup 8
Microsoft Certified Professional Program 10
Facilities 13
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Introduction 1
Introduction
What Is a Workshop?
Workshop Materials
Note To open the Student Materials Web page, insert the Student
Materials compact disc into the CD-ROM drive, and then in the root
directory of the compact disc, double-click Autorun.exe or
Default.htm.
Prerequisites
Workshop Outline
Setup
Course files Practice files associated with the labs in this workshop are located in the folder
C:\Moc\2011\Labfiles\LabXX on the London virtual computer.
Introduction 9
Classroom setup The virtual environment on each computer in the classroom is configured in the
single-domain model, as shown in the following graphic. Vancouver is in a
separate domain with no trust relationships established to NWTraders.
The virtual computers on your host computer can communicate with each other
and with your host computer. They are unable to communicate with any other
computer in the classroom, although your host computer may have network
connectivity to other classroom computers and the Internet.
10 Introduction
! MCAD
The Microsoft Certified Application Developer (MCAD) for Microsoft
.NET credential is appropriate for professionals who use Microsoft
technologies to develop and maintain department-level applications,
components, Web or desktop clients, or back-end data services, or who
work in teams developing enterprise applications. The credential covers job
tasks ranging from developing to deploying and maintaining these solutions.
! MCSD
The Microsoft Certified Solution Developer (MCSD) credential is the
premier certification for professionals who design and develop leading-edge
business solutions with Microsoft development tools, technologies,
platforms, and the Microsoft Windows DNA architecture. The types of
applications MCSDs can develop include desktop applications and multi-
user, Web-based, N-tier, and transaction-based applications. The credential
covers job tasks ranging from analyzing business requirements to
maintaining solutions.
! MCDBA on Microsoft SQL Server 2000
The Microsoft Certified Database Administrator (MCDBA) credential is the
premier certification for professionals who implement and administer
Microsoft SQL Server databases. The certification is appropriate for
individuals who derive physical database designs, develop logical data
models, create physical databases, create data services by using Transact-
SQL, manage and maintain databases, configure and manage security,
monitor and optimize databases, and install and configure SQL Server.
! MCP
The Microsoft Certified Professional (MCP) credential is for individuals
who have the skills to successfully implement a Microsoft product or
technology as part of a business solution in an organization. Hands-on
experience with the product is necessary to successfully achieve
certification.
! MCT
Microsoft Certified Trainers (MCTs) demonstrate the instructional and
technical skills that qualify them to deliver Microsoft Official Curriculum
through Microsoft Certified Technical Education Centers (Microsoft
CTECs).
12 Introduction
Certification The certification requirements differ for each certification category and are
requirements specific to the products and job functions addressed by the certification. To
become a Microsoft Certified Professional, you must pass rigorous certification
exams that provide a valid and reliable measure of technical proficiency and
expertise.
For More Information See the Microsoft Training and Certification Web site at
http://www.microsoft.com/traincert/.
You can also e-mail mcphelp@microsoft.com if you have specific certification
questions.
Acquiring the skills Microsoft Official Curriculum (MOC) and MSDN Training can help you
tested by an MCP exam develop the skills that you need to do your job. This training also complements
the experience that you gain while working with Microsoft products and
technologies. However, no one-to-one correlation exists between MOC and
MSDN Training courses and MCP exams. Microsoft does not expect or intend
for the courses to be the sole preparation method for passing MCP exams.
Practical product knowledge and experience are also necessary to pass the MCP
exams.
To help prepare for the MCP exams, use the preparation guides that are
available for each exam. Each Exam Preparation Guide contains exam-specific
information, such as a list of the topics on which you will be tested. These
guides are available on the Microsoft Training and Certification Web site at
http://www.microsoft.com/traincert/.
Introduction 13
Facilities
Contents
Overview 1
Understanding Exchange Server 2003 2
Troubleshooting Methodology 4
Preparing to Troubleshoot
Exchange Server 2003 6
Pre-Lab Discussion 8
Lab: Exploring the Troubleshooting
Environment 9
Lab Discussion 18
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Unit 1: Introduction to Troubleshooting Exchange Server 2003 1
Overview
Server connectivity When working with Exchange Server 2003 in a large organization, you will
also need to know how to troubleshoot connectors. In an environment spanning
a WAN, connectors are used to enable Exchange Server 2003 routing groups to
transfer messages to each other, and to allow Exchange Server 2003 routing
groups to transfer messages to other messaging systems.
4 Unit 1: Introduction to Troubleshooting Exchange Server 2003
Troubleshooting Methodology
You can use the OSI model by starting at the bottom and working your way up
to the top until the problem is resolved. Start at the Physical layer by checking
the network cabling and other physical components, such as routers, bridges,
switches, and other servers that might be the source of the problem. After you
have eliminated the Physical layer problems, troubleshoot the network interface
card driver and then name resolution and routing.
Often, the problem is higher in the OSI model. When you have gained more
experience, you will be able to start troubleshooting at a higher level or at the
top level of the OSI model.
Unit 1: Introduction to Troubleshooting Exchange Server 2003 5
Working system model In any successful troubleshooting scenario, the administrator needs in-depth
knowledge of how the system is supposed to work or must have another
working system available for reference in troubleshooting.
The working system model provides a reference when troubleshooting. In many
cases, you can break down the system into several components and isolate each
component individually to test them. You can refer to your working system
model to see how each setting is configured and then test it to see if it helps
resolve your problem. Of course, each time you make a change, you must
document the original system setting as well as your attempted change.
The working system model is very helpful if you have multiple systems that are
supposed to be configured the same way, or if you have multiple system
components that are supposed to be configured the same way.
Make sure that you document all changes that you make to the environment
while you are troubleshooting. You may have to undo the changes you make if
they cause other problems. Many organizations use a change management log
or similar record to document changes to their environment.
6 Unit 1: Introduction to Troubleshooting Exchange Server 2003
Diagnostics You can configure each Exchange Server 2003 object’s Diagnostics
Logging Logging property page to log very specific events to Event Viewer,
which can then be viewed for troubleshooting purposes. For
example, if you are troubleshooting public folder replication, you
may wish to log MSExchangeIS\Public Folder categories that are
related to replication. Because diagnostics logging can cause
performance degradation, you should only enable it when
troubleshooting a specific issue.
Event Viewer Reviewing all logs in Event Viewer on a daily basis will enable you
to identify and respond to server problems proactively. When
troubleshooting, Event Viewer is the first place you should look for
unusual or unexpected activity on your server. For example, if your
online backup is failing due to a corrupt information store, you will
see information logged in the Application log of Event Viewer that
can help you identify and repair the corruption.
Services logs By default, services that log related activity store their logs in the
systemroot\system32\logfiles folder. The Web, SMTP, and NNTP
logs are especially relevant to Exchange troubleshooting. For
example, if your server is unable to transmit messages to a remote
server across the Internet, you may wish to enable SMTP logging so
that you can review the exact SMTP communications between the
two servers noted in the SMTP log file.
Unit 1: Introduction to Troubleshooting Exchange Server 2003 7
(continued)
Resource Usage
Dump files Dump files are required when working with Microsoft Product
Support Services (PSS) to troubleshoot an operating system stop
error (also known as blue screen). The PSS team can evaluate the
dump file to help identify the cause of the stop error. For example,
hard disk controller driver problems can result in corrupt Exchange
information stores, and may cause operating system stop errors. If
you experience a stop error, PSS can use the dump file to identify
the controller driver as the source of the problem, allowing you to
prevent damage to your information stores.
Performance You should be logging Exchange and Microsoft Windows®
Monitor performance counters regularly so that you can anticipate problems
resulting from service growth on your Exchange server. When
troubleshooting, these log files can help you understand the exact
point at which an issue was introduced. For example, if you migrate
several hundred mailboxes to your Exchange server, you may not
incur problems immediately. However, the migration will impact
performance and accelerate your server hardware upgrade schedule.
If you neglect to review the log files regularly, you will eventually
reach thresholds that cause performance alerts to be sent, and find
yourself troubleshooting an issue that you could have anticipated.
For more information on specific performance counters and
thresholds, see Course 2400, Implementing and Managing Microsoft
Exchange Server 2003.
Network To troubleshoot network communication problems among Exchange
Monitor servers, Active Directory servers, and clients attempting to connect
to their Exchange server, you should use the full version of Network
Monitor to capture packets between the impacted computers. These
packets enable you to determine which servers each computer is
attempting to reach, allowing you to troubleshoot global catalog
server communication problems.
Messaging logs You should enable message tracking on the Exchange server
object’s General property page when troubleshooting message flow
problems. Troubleshooting message delivery involves determining
at which point a message failed to be routed within your messaging
system. To track a message, use the Message Tracking Center in
Exchange System Manager.
Note For more information about any of these resources, please refer to
Microsoft Windows Server™ 2003 Help and Exchange Server 2003
Help.
8 Unit 1: Introduction to Troubleshooting Exchange Server 2003
Pre-Lab Discussion
Example Exercise 1 in this lab provides an example of how flowcharts and scenarios will
be used throughout this workshop. This exercise covers troubleshooting of a
mapped network drive, which is intentionally not an Exchange issue. The
purpose of this exercise is to introduce you to the flowcharts and scenarios in
this course before delving into actual Exchange troubleshooting issues.
Unit 1: Introduction to Troubleshooting Exchange Server 2003 9
Important This lab focuses on the concepts in this unit and as a result
may not comply with Microsoft security recommendations. For instance,
this lab does not comply with the recommendation that you should not
log on using an administrative account.
10 Unit 1: Introduction to Troubleshooting Exchange Server 2003
Lab Virtual PC For this lab, you will use the Acapulco and London Virtual PCs. The Acapulco
configuration Virtual PC is used to provide a messaging client for internal users as well as
external users. The London Virtual PC is a domain controller, global catalog
server, DNS server, and is running Exchange Server 2003.
To prepare for this lab:
1. Start the 2011_London Virtual PC, if it is not already started.
2. Log on to 2011_London as NWTraders\Administrator with a password of
P@ssw0rd.
3. Start the 2011_Acapulco Virtual PC, if it is not already started.
4. Log on to 2011_Acapulco as NWTraders\Administrator with a password
of P@ssw0rd.
Navigating the flow In this lab, in Exercise 1, you will use the flow charts and the Lab Toolkit
chart resources to identify and resolve the problems described in the scenario. You
will need to read the scenario and the Level 1 support comments and then use
the flow chart to identify the root cause of the problem. You will then need to
perform the test case presented at each decision point in the flowchart to
determine which path to follow. Use the letters on the flow chart to identify the
Lab Toolkit resources that you can use to help troubleshoot the problem. After
you identify a potential solution, make the configuration change and then test
your solution. When your solution resolves the problem presented in the
scenario, you have successfully completed the lab.
Unit 1: Introduction to Troubleshooting Exchange Server 2003 11
Lab Toolkit resources If necessary, use one or more of the Lab Toolkit resources listed in the
following table to help you complete the exercises in this lab.
Flow chart reference Resources used for this lab
Troubleshooting Mapped
Start
Network Drive
Is the
Is the client Is the client Is the server
Is the server server computer
Yes network cable Yes computer link Yes Yes computer link
powered on? network cable
attached? light on? light on?
attached?
No No No No No
1. Check all power 1. Check to make sure 1. Check cable length for 1. Check to make sure 1. Check cable length for
cables the client computer is breaks the server computer is breaks
2. Check power strips attached to the 2. Check network attached to the 2. Check network
3. Check power devices network adapter and switch (or network adapter and switch (or
4. Check power supply in 2. Check cable ends for hub) for bad 2. Check cable ends for hub) for bad
server damage connection damage connection
3. Check cable ends for 3. Check cable ends for
damage damage
Yes
Unit 1: Introduction to Troubleshooting Exchange Server 2003
No No No
A B
1. Try ping using IP address 1. Check server service 1. Verify share is in place
2. Check DNS if ping by IP for failure 2. Remove share and End
address works 2. Restart server service recreate share
3. Check data route through and its dependent
network services
4. Check the IP configuration
of client computer
5. Check the IP configuration
of server computer
Troubleshooting Mapped Network Drive
Start
No No No No No
1. Check all power 1. Check to make sure 1. Check cable length 1. Check to make sure 1. Check cable length
cables the client computer for breaks the server computer for breaks
2. Check power strips is attached to the 2. Check network is attached to the 2. Check network adapter
3. Check power network adapter and switch network and switch (or hub)
devices 2. Check cable ends (or hub) for bad 2. Check cable ends for bad connection
4. Check power for damage connection for damage 3. Check cable ends
3. Check cable ends for damage
for damage
Unit 1: Introduction to Troubleshooting Exchange Server 2003
13
14
Yes
No No No
Unit 1: Introduction to Troubleshooting Exchange Server 2003
A B
1. Try ping using IP address 1. Check server service 1. Verify share is in place End
2. Check DNS if ping by for failure 2. Remove share and
IP address works 2. Restart server service recreate share
3. Check data route through and its dependent
network services
4. Check the IP configuration
of client computer
5. Check the IP configuration
of server computer
Unit 1: Introduction to Troubleshooting Exchange Server 2003 15
Exercise 1
Troubleshooting a Mapped Network Drive
In this exercise, you will identify the problem with a mapped network drive that
is reported as nonfunctional.
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab1a.bat
script located in the C:\Moc\2011\Labfiles\Lab01 folder on 2011_London
Virtual PC. There is a shortcut to C:\Moc\2011\Labfiles on your desktop.
Scenario You are a network administrator. Jeff Pike can no longer access his K drive.
The K drive, by company standards, maps to \\London\KDrive, which is a
shared directory on London.
In this exercise, you will need to log on to Acapulco using NWTraders\JeffPike
to troubleshoot and test your solution. All user accounts can be accessed by
using a password of P@ssw0rd.
Level 1 support “Called Operations; they say the London server is up and running. Jeff claims
comments that it was working earlier in the day, then he went to lunch. When he returned
from lunch it no longer worked. Jeff installed new software before lunch—an
upgrade to Microsoft Office System 2003. Jeff states he is unable to access any
share points on the London server.”
Use the flow chart and the Lab Toolkit resources to identify and resolve the
problem with the client connection. Fix all related problems.
What did you determine to be the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
16 Unit 1: Introduction to Troubleshooting Exchange Server 2003
Exercise 2
Configuring Common Troubleshooting Components
In this exercise, you will configure Windows Server 2003 and Exchange
Server 2003 for basic troubleshooting. Configure London by performing the
tasks below.
Scenario You are a network administrator. You want to prepare your Exchange
Server 2003 environment for troubleshooting. At this time, your environment is
functioning as expected. Perform the tasks in the following table on London.
Tasks Resources
Enable and configure SMTP and NNTP Search Exchange Server 2003 Help for
logging. Verify configuration of HTTP topics entitled “Enable Logging for
logging. SMTP, NNTP, and HTTP Protocols” and
“Enable Logging for the HTTP Exchange
Virtual Server.”
You need to start the NNTP service.
Configure the Performance snap-in to Search Performance logs and Alerts Help
log the LogicalDisk, Memory, Network for the topic entitled “Create a counter
Interface, PhysicalDisk, and Processor log” and “Troubleshooting.”
objects.
Review the options available for Search Exchange Server 2003 Help for
Exchange Diagnostics Logging. the topic entitled “Configure Diagnostics
Logging.” See note below table.
In Add/Remove Windows Components Search Windows Server 2003 Enterprise
in Add or Remove Programs, install and Edition Help and Support Center for the
then use Network Monitor to capture topic entitled “Monitoring Network
and view network traffic on your local Traffic: Common Administrative Tasks.”
area connection. The location of See note below table.
installation files is c:\moc\2011\labfiles\
Lab01\Netmon.
Verify that Exchange Service Search Exchange Server 2003 Help for
Monitoring is configured to monitor the the topic entitled “Monitor Services Used
Microsoft Exchange System Attendant by Exchange.”
service and its dependent services.
Enable message tracking and subject Search Exchange Server 2003 Help for
logging. the topic entitled “Enable Message
Tracking.”
Note Diagnostics Logging and Network Monitor are two tools that you
will not configure and use until you are actually facing a problem and
need them to help resolve the problem. In this exercise, review the many
options available under Diagnostics Logging and familiarize yourself
with Network Monitor.
Unit 1: Introduction to Troubleshooting Exchange Server 2003 17
Lab Virtual PC For this lab, you used the Acapulco and London Virtual PCs. Please save
clean-up changes that were made during your troubleshooting by closing each image.
Important When you shut down the Virtual PCs using these
instructions, all changes made to the London Virtual PC will be saved.
Note Start the 2011_London Virtual PC to prepare for the next unit’s
lab. Do not shut it down again until instructed.
18 Unit 1: Introduction to Troubleshooting Exchange Server 2003
Lab Discussion
Contents
Overview 1
Tools for Troubleshooting Network
Connectivity 2
Common Network Connectivity Problems 3
Pre-Lab Discussion 4
Lab: Troubleshooting Connectivity
Problems 5
Lab Discussion 15
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Unit 2: Troubleshooting Network Connectivity 1
Overview
Telnet Use Telnet to verify that you can connect to a particular TCP/IP port on an Exchange server.
For example, if you cannot send Simple Mail Transfer Protocol (SMTP) messages to a
remote server; use Telnet to verify that SMTP is responding as expected on port 25.
Ping Use Ping to verify that the network between a sending computer and a receiving computer is
transferring data correctly and in a timely manner. For example, if you cannot ping your
Exchange server from your client computer, you will not be able to send or receive e-mail
using that server.
Tracert Use Tracert to trace each hop that a network packet takes when sent from one computer to
another. If you cannot ping a destination computer, you can use Tracert to identify the point
at which the packet is failing to transfer.
Pathping Use Pathping instead of Ping and Tracert when you want to locate information about
network latency and network loss at intermediate hops between a source and destination.
Pathping allows you to determine which routers or subnets are having network problems.
DNS Administrator Use the DNS Administrator program to configure DNS settings, test connectivity between
DNS servers, and verify that host names are registered correctly. Problems with DNS
functionality are frequently a result of network connectivity problems between the DNS
server and the server or client with which you are experiencing a problem. For example, if a
message is not being transmitted to a remote SMTP host, this could be a problem with the
DNS registration for that host.
Unit 2: Troubleshooting Network Connectivity 3
DNS resolution of A and MX records • Verify that the DNS service is running
is not correct • Verify that the Exchange A records are present
• Verify that the Exchange mail exchanger (MX) resource records are
present
POP3/IMAP4 protocol permissions • Verify that users have permission to Post Office Protocol version 3
are not configured correctly (POP3) and Internet Message Access Protocol version 4rev1 (IMAP4)
• Verify that the appropriate protocol service startup type is set to
Automatic, and that the service is started on the Exchange server
• Verify that the server’s IP address and host name are resolved
successfully from the client
Firewall blocks transmissions • Verify that the firewall is configured correctly
• Verify that the services on the firewall are running as expected
• Use Telnet to verify that the ports are open and accepting connections
• Use firewall configuration tools to verify port redirection
Virus has infected your network • Verify that the antivirus scanning engines and signature files are current
• Use your disaster recovery documentation to prevent further spreading of
the virus and to clean the virus from the server
Inbound SMTP traffic is not being • Use Telnet to verify that relevant firewalls, routers, and servers are
accepted processing SMTP traffic
• Verify that the Exchange server is not filtering SMTP connections based
on e-mail address, domain name, or IP address
• Verify the MX records in DNS
4 Unit 2: Troubleshooting Network Connectivity
Pre-Lab Discussion
Important This lab focuses on the concepts in this unit and as a result
may not comply with Microsoft security recommendations. For instance,
this lab does not comply with the recommendation that you should not
log on using an administrative account.
6 Unit 2: Troubleshooting Network Connectivity
Lab Virtual PC For this lab, you will use the Acapulco, Miami, Vancouver, and London Virtual
configuration PCs. The Acapulco Virtual PC is used to provide a messaging client for internal
users as well as external users. London is a domain controller, global catalog
server, DNS server, and Exchange Server 2003 server. Miami is an Exchange
Server 2003 server. Vancouver is an Exchange 5.5 server that is used to
simulate a connection to an Internet host in the last exercise of this lab, and will
be started at that time.
To prepare for this lab:
1. Start 2011_London Virtual PC, if it is not already started.
2. Log on as NWTraders\Administrator with a password of P@ssw0rd. For
performance reasons, you should allow London to start completely prior to
starting Acapulco.
3. Start 2011_Acapulco Virtual PC, if it is not already started, but do not log
on. For performance reasons, you should allow Acapulco to start completely
prior to starting Miami.
4. Start 2011_Miami Virtual PC.
5. Log on as NWTraders\Administrator. If any services configured with a
startup type of Automatic fail to start, start them now.
Note All accounts used in this course can be accessed by using the
password P@ssw0rd.
Navigating the flow In this lab, you will use the flow charts and the Lab Toolkit resources to
chart identify and resolve the problems described in the scenarios. You will need to
read the scenario, the support comments, and then use the flow charts to
identify the root cause of the problem. You will then need to perform the test
case presented at each decision point in the flow chart to determine which path
to follow. Use the letters on the flow chart to identify the Toolkit resources that
you can use to help troubleshoot the problem. After you identify a potential
solution, make the configuration change and then test your solution. When your
solution resolves the problem presented in the scenario you have successfully
completed the lab.
Unit 2: Troubleshooting Network Connectivity 7
Lab Toolkit resources If necessary, use one or more of the Lab Toolkit resources listed in the
following table to help you complete the exercises in this lab.
Flow chart
reference Resources used for this Flow Chart
Troubleshooting Network
Connectivity Problems
No
No No
A C D
1. Verify server is online 1. Verify correct address and test if other users 1. Check user for SMTP Deny
2. Verify mailbox and server can send and receive extra-server e-mail 2. Verify SMTP virtual server is
names in Outlook client 2. Check network route functioning
Unit 2: Troubleshooting Network Connectivity
3. Verify DC and GC online 3. Verify IP configuration on all e-mail servers 3. Check firewall configuration
Which messaging
4. Verify user name is in the 4. Check DNS 4. Verify external DNS MX
client application is MAPI GAL, update if necessary 5. Verify SMTP virtual server is running on records
being used?
5. Check DNS resolution remote server 5. Verify that the firewall is not
6. Check virus and content 6. Check message size limits on connectors blocking
scanner quarantine 7. Check virus and content scanner quarantine
7. Track message 8. Track message
Outlook
Express
B
1. Verify server is online
2. Verify account name, password,
and server names in Outlook
Express client
3. Check DNS resolution
4. Verify SMTP, IMAP4/POP3
virtual servers are running
5. Check virus and content scanner
quarantine
6. Track message
If external client
7. Check firewall configuration
Troubleshooting Network Can the client send
Connectivity Problems Start and receive e-mail between
Yes
others on other Exchange
servers in the
organization?
No
A
1. Verify server is online
2. Verify mailbox and server
names in Outlook client
3. Verify DC and GC online
Which messaging 4. Verify user name is in the
client application is MAPI
GAL, update if necessary
being used? 5. Check DNS resolution
6. Check virus and content
scanner quarantine
7. Track message
Outlook Express
B
1. Verify server is online
2. Verify account name, password,
and server names in
Outlook Express client
3. Check DNS resolution
4. Verify SMTP, IMAP4/POP3 virtual
servers are running
5. Check virus and content scanner
Unit 2: Troubleshooting Network Connectivity
quarantine
6. Track message
If external client
9
Troubleshooting Network
Connectivity Problems
No No
Unit 2: Troubleshooting Network Connectivity
C D
1. Verify correct address and test if other users 1. Check user for SMTP Deny
can send and receive extra-server e-mail 2. Verify SMTP virtual server is
2. Check network route functioning
3. Verify IP configuration on all e-mail servers 3. Check firewall configuration
5. Check DNS 4. Verify external DNS MX records
6. Verify SMTP virtual server is running on 5. Verify that the firewall is not
remote server blocking
7. Check message size limits on connectors
8. Check virus and content scanner quarantine
9. Track message
Unit 2: Troubleshooting Network Connectivity 11
Exercise 1
Troubleshooting Internal User E-Mail Failure
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab2a.bat
script located in the c:\MOC\2011\Labfiles\Lab02 folder on 2011_London
Virtual PC. It is important that all Virtual PCs be completely started prior to
running the script.
Scenario Jeff Pike has entered a service request. He states that he is unable to send e-mail
to one of his team members, Mindy Martin. He is able to send and receive
e-mail to and from others in his team, but not Mindy.
In this exercise, you will need to log on to Acapulco using NWTraders\JeffPike
and log on to Microsoft Outlook Web Access (OWA) as
NWTraders\MindyMarti to troubleshoot and test your solution. All user
accounts can be accessed by using a password of P@ssw0rd.
Level 1 support “Sent e-mail to Jeff and he received it fine. Called Mindy; she is able to send
comments and receive e-mail among her co-workers. Jeff and Mindy both use
Outlook 2003.”
You must establish e-mail communication between Jeff Pike and Mindy
Martin.
What did you determine to be the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
12 Unit 2: Troubleshooting Network Connectivity
Exercise 2
Troubleshooting When a Remote User Is Unable to Receive E-Mail
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Exercise preparation To create the troubleshooting scenario for this exercise, perform the following
steps:
1. On Miami, on the menu, click PC, click Shut Down, click Turn off PC
and undo changes, and then click OK.
2. Run the breaklab2b.bat script located in the c:\MOC\2011\Labfiles\Lab02
folder on 2011_London Virtual PC.
Scenario Brian Clark has entered a service request. He states that he is unable to access
his e-mail from home using Outlook Express. He is trying to configure Outlook
Express as an IMAP4 client. Brian’s mailbox was recently moved from a server
running Exchange 2000 to a different server running Exchange 2003.
Log on to Acapulco as NWTraders\BrianClark using the password P@ssw0rd.
Use Outlook Express to connect to the Exchange Server 2003 server and
troubleshoot the connection.
Level 1 support “Sent e-mail to Brian and it didn’t bounce back. Checked System Manager and
comments saw that the messages in Brian’s mailbox increase when I send him e-mail. I
think the problem might be related to Brian’s mailbox being moved, that it was
corrupted.”
Level 2 support “Called Brian at home and walked through the settings for Outlook Express.
comments Everything seems fine. Maybe it is a corruption problem.”
Read the Level 1 and Level 2 support comments and find a solution to the
problem. You must resolve the problems Brian experiences when accessing his
e-mail using Outlook Express as an IMAP4 client.
What did you determine to be the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Unit 2: Troubleshooting Network Connectivity 13
Exercise 3
Troubleshooting When a Company is Not Receiving Internet E-Mail
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Exercise preparation To create the troubleshooting scenario for this exercise, perform the following
steps:
1. Verify that 2011_London Virtual PC is running.
2. Start 2011_Vancouver Virtual PC. Because Vancouver is in the Microsoft
Windows NT® domain Contoso, which is not part of the same forest as
London, you can use Vancouver to simulate an Internet host. When you
start Vancouver, Vancouver will run Autochk. You should allow Autochk to
complete, at which time Vancouver will start successfully.
3. Log on to Vancouver as Contoso\Administrator.
4. Run the breaklab2c.bat script located in the c:\MOC\2011\Labfiles\Lab02
folder on 2011_London Virtual PC.
Scenario Brenda Diaz has entered a service request. She states that she is not receiving
e-mail from the Internet, and she is unable to send e-mail to the Internet.
Log on to Acapulco as NWTraders\BrendaDiaz using the password P@ssw0rd.
Use Outlook 2003 to connect to the Exchange Server 2003 environment and
troubleshoot the connection. You can use the administrator@contoso.msft
account as the test recipient on Vancouver. Outlook 2000 on Vancouver has
already been configured with a profile for the Contoso Administrator mailbox.
Level 1 support “Brenda is using Outlook 2003. Brenda is able to send and receive internal e-
comments mail. She claims she is able to send e-mail to the Internet but is not able to
receive it. Explained to Brenda that it must be a problem at the other end
because nobody else has reported any similar problems. Brenda is confident
that it must be something wrong with our e-mail server.”
Level 2 support “Brenda called the Help Desk manager and was very upset. I called her directly;
comments she is certain that it is a problem with our e-mail server. She says that a friend
of hers at Contoso, Ltd has been trying to send her e-mail all day. I explained to
Brenda that it might be a virus issue and that the other e-mail server is stopping
mail from being sent to our server.”
Read the Level 1 and Level 2 support comments and find a solution to the
problem that is keeping users from receiving e-mail from the Internet.
________________________________________________________________
________________________________________________________________
________________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
_______________________________________________________________
Lab Virtual PC For this lab, you used the Acapulco, Miami, Vancouver, and London Virtual
clean-up PCs. Please undo any changes that were made during your troubleshooting by
closing each image. The Miami virtual PC should have been closed at the
beginning of Exercise 2.
Important When you shut down the Virtual PCs using these
instructions, all changes made to the Virtual PCs during this lab will be
lost.
Note Start the 2011_London Virtual PC to prepare for the next unit’s
lab. Do not shut it down again until instructed.
Unit 2: Troubleshooting Network Connectivity 15
Lab Discussion
Contents
Overview 1
Troubleshooting Client Connectivity to
Mailboxes and Public Folders 2
Troubleshooting Mailbox and Public Folder
Properties 5
Troubleshooting Single Server Message
Flow 8
Troubleshooting the Recipient Update
Service 10
Pre-Lab Discussion 12
Lab: Troubleshooting Public Folder and
Mailbox Problems 13
Lab Discussion 26
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Unit 3: Troubleshooting Public Folders and Mailboxes 1
Overview
Troubleshooting public When an e-mail client attempts to connect to a public folder server, the client
folder connectivity must first establish a connection to the Exchange server that houses the client’s
default public store server using the same process as connecting to a mailbox.
Accessing public folder content adds some extra components that you need to
consider in your troubleshooting:
! Connecting to the default public folder hierarchy. When the e-mail client
tries to access a public folder, it must first access the public folder hierarchy.
The default public folder hierarchy is stored on every server that includes a
public folder store. The e-mail client will try to access the hierarchy from
the default public store defined on the client’s mailbox store properties,
which by default is on the same server as the user’s mailbox. If the e-mail
client cannot see any public folders in the hierarchy, the server that hosts the
user’s default public store is not returning public folder information
properly. In this case, confirm connectivity to the server hosting the default
public store and verify that the public store is mounted. If the client can
view parts of the hierarchy but is unable to view recently created folders,
verify that the hierarchy is replicating correctly. If replication is working,
the user may not have permissions to access portions of the hierarchy; you
should verify that permissions are granted accordingly. You can force an
immediate update of the public folder hierarchy information by right-
clicking a public folder store and clicking Send hierarchy.
4 Unit 3: Troubleshooting Public Folders and Mailboxes
! Connecting to public folder contents. After the client has connected to the
public folder hierarchy, it must then retrieve the actual messages from the
public folder. The messages are stored only on those servers that contain a
replica of the public folder. When the client tries to open a message in a
public folder, the server that houses the user’s default public store returns a
list of all servers that contain a replica of the public folder. The client will
then connect to the requested public folder in the following order of
preference:
• Connect to the server housing the default public folder store.
• Connect to an Exchange server in the same routing group as the
Exchange server that houses the user’s mailbox.
• Connect to an Exchange server in a different routing group. If there are
multiple routing groups, the client will connect to an Exchange server
based on the public folder referral configuration on the routing group
connectors and the routing group connector costs.
If the client cannot connect to a public folder replica in its own routing group,
follow the same troubleshooting process that you would use to troubleshoot
connecting to a mailbox. If the public folder replica is located in another routing
group, check whether public folder referrals are enabled across the routing
group connection. In most cases the second routing group is across a WAN
connection, so you may need to troubleshoot the network connectivity. If the
WAN connection has limited available bandwidth, you may need to configure a
replica of the public folder in the local routing group to ensure client
connectivity.
Unit 3: Troubleshooting Public Folders and Mailboxes 5
Troubleshooting public There are many possible configuration settings on a public folder that can affect
folder configuration e-mail delivery, including the following:
issues
! Public folder permissions. As with mailboxes, you must have appropriate
permissions granted in order to access public folders. By default, all users
are assigned the Author role on newly created public folders. However, you
can modify user permissions by assigning different roles to a user account
or to mail-enabled groups. The client permissions on a public folder can be
modified using Outlook or using the Exchange System Manager. If users
cannot perform the actions they expect in a public folder, confirm that they
have the business requirement to do so. Once this is confirmed, you can
assign the appropriate permissions to the public folder either by using the
individual mailbox or by adding the mailbox to a mail-enabled group that
has the required permissions.
! Public folder size limits. Like mailboxes, public folders can also be
configured with size limits that restrict the maximum size of the public
folder. When these size limits are reached, users will not be able to post any
messages to the public folder. Public folders can also be configured with
maximum message size limits. If users cannot post to a public folder
because the public folder has reached its maximum size, you can increase
the public folder size or you can remove some messages from the folder. If
this is a regular occurrence, you can configure the public folder so that
messages older than a specified time or date are automatically deleted from
the folder.
! Mail-enabled public folders. Public folders can be configured as mail
enabled. If a public folder is mail enabled, e-mail addresses are created for
the public folder so that users can locate the folder in the GAL and send
mail to the folder. Users outside the organization can send e-mail to the
folder by using the SMTP address for the public folder. If you want users
outside the organization to be able to send mail to a public folder, you must
mail-enable the public folder and then make the SMTP address available to
the outside users. If you do not want to mail-enable the public folder,
instruct internal users to post to the public folder.
! Hide from Exchange Address Lists. By default, public folders that are mail
enabled are displayed in the GAL. If a public folder should not be visible in
the GAL, the option must be modified. If the public folder is configured
incorrectly, correct the configuration error. If a public folder is intentionally
hidden from the GAL, you may need to show users how to send e-mail to a
hidden public folder, or instruct them to post to the public folder.
8 Unit 3: Troubleshooting Public Folders and Mailboxes
4. Because the recipient mailbox is located on the same server as the sender,
the message categorizer sends the message to the routing engine which
places the message in the local delivery queue.
5. The Exchange store extracts the MailMsg information from the local
delivery queue and sends a pointer to the stored message to the appropriate
mailbox.
Using the queue viewer As messages are routed through an Exchange server, they are moved from one
to troubleshoot queue to another. You can monitor the status of these queues by using the
message flow queue viewer. The queue viewer is accessed by expanding the server object in
Exchange System Manager and clicking Queues. The queue viewer shows both
system queues and link queues. System queues are permanent queues on the
Exchange server, such as the local delivery queue or queues for messages
awaiting directory lookup or messages waiting to be routed. Link queues are
temporary queues created only when needed. For example, when a message is
sent to an Internet recipient, a link queue is created for the recipient’s fully
qualified domain name.
When messages are not being delivered on the Exchange server, you can use
the queue viewer to identify which queue is growing in size. If the Messages
awaiting directory lookup queue is growing, you should check global catalog
availability. If the Local delivery queue is growing, you should verify that the
local mailbox and public folder stores are mounted. If you notice a queue is
growing, you can select the queue and then view the additional queue
information to help troubleshoot the cause of the queue growth.
Using message tracking In addition to the queue viewer, you can also use the Message Tracking Center
to troubleshoot to troubleshoot message flow through an Exchange server. When message
message flow tracking is enabled on a server, each step of the message flow is logged in the
message tracking logs. For example, the following information is logged when
a message is sent from one mailbox on an Exchange server to more than one
mailbox on the same server:
SMTP Store Driver: Message Submitted from Store
SMTP: Message Submitted to Advanced Queue
SMTP: Started Message Submission to Advanced Queue
SMTP: Message Submitted to Categorizer
SMTP: Message Categorized and Queued for Routing
SMTP: Message Queued for Local Delivery
SMTP: Message Delivered Locally to multiple recipients
SMTP Store Driver: Message Delivered Locally to Store to
recipient SMTP e-mail address
By viewing the message tracking log, you can identify where an undelivered
message failed and begin troubleshooting the correct component.
10 Unit 3: Troubleshooting Public Folders and Mailboxes
Recipient Update The Recipient Update Service updates recipient e-mail addresses based on the
Service recipient policies. By default, two Recipient Update Service objects are created:
! Recipient Update Service (Enterprise Configuration). This object updates
the e-mail addresses of the objects that are in the configuration partition of
Active Directory, such as the Exchange store object, the message transfer
agent (MTA) object, and the System Attendant object.
! Recipient Update Service (Active Directory domain). This object is created
for each Active Directory domain that has an installation of Exchange 2000
or later. It updates e-mail addresses for recipient objects in Active Directory,
and it updates address lists based on changes in recipient objects in that
domain.
Troubleshooting the If the e-mail addresses configured by recipient policies are not being applied to
Recipient Update recipients, use the following troubleshooting options:
Service
! Force an immediate update. You can force the Recipient Update Service to
run immediately by right-clicking the Recipient Update Service object and
clicking Update Now.
! Check for Exchange server and Active Directory server availability. The
Recipient Update Service object is configured with a domain controller and
an Exchange server. The Recipient Update Service must be able to connect
to both servers in order to run. If one of the servers is not available, you
need to manually reconfigure the Recipient Update Service to use a different
server.
! Confirm that the System Attendant service is running. The Recipient Update
Service runs within the System Attendant service, so the System Attendant
must be running.
! Enable Diagnostics Logging on the Exchange server that manages the
Recipient Update Service for the MSExchangeSA Proxy Generation
category. After logging is enabled, force the Recipient Update Service to
run and then check the application log for details about what is occurring
when the Recipient Update Service attempts to run.
12 Unit 3: Troubleshooting Public Folders and Mailboxes
Pre-Lab Discussion
Important This lab focuses on the concepts in this unit and as a result
may not comply with Microsoft security recommendations. For instance,
this lab does not comply with the recommendation that you should not
log on using an administrative account.
14 Unit 3: Troubleshooting Public Folders and Mailboxes
Lab Virtual PC For this lab, you will use the London Virtual PC and the Vancouver Virtual PC.
configuration The Vancouver Virtual PC is used to simulate an external organization on the
Internet for the purpose of testing e-mail flow to and from the Internet.
To prepare for this lab:
1. Start 2011_London Virtual PC, if it is not already started.
2. Log on as NWTraders\Administrator with the password P@ssw0rd. You
will use OWA on London to check e-mail for the affected users in the lab
scenarios. Use the URL http://london/exchange to connect to OWA on
London.
3. Start 2011_Vancouver Virtual PC. Because Vancouver is in the Microsoft
Windows NT® domain Contoso, which is not part of the same forest as
London, you can use Vancouver to simulate an Internet host. When you
start Vancouver, Vancouver will run Autochk. You should allow Autochk to
complete, at which time Vancouver will start successfully.
4. Log on to Vancouver as Contoso\Administrator. You will use
Outlook 2000 on the Vancouver server to send and receive e-mail to the
user accounts at NWTraders.
Lab preparation To create the troubleshooting scenarios, run the Breaklab3.vbs script from the
c:\moc\2011\Labfiles\Lab03 directory located on 2011_London Virtual PC.
Navigating the flow In this lab, you will use the flow charts and the Lab Toolkit resources to
chart identify and resolve the problems described in the scenarios. You will need to
read the scenario, the Level 1 support comments, and then use the flow charts to
identify the root cause of the problem. You will then need to perform the test
case presented at each decision point in the flow chart to determine which path
to follow. Use the letters on the flow chart to identify the Lab Toolkit resources
that you can use to help troubleshoot the problem. After you identify a potential
solution, make the configuration change and then test your solution. When your
solution resolves the problem presented in the scenario you have successfully
completed the lab.
Note that the flow chart for Exercise 3 is located at the end of the lab.
Unit 3: Troubleshooting Public Folders and Mailboxes 15
Lab Toolkit resources: If necessary, use one or more of the Lab Toolkit resources listed in the
Exercises 1 and 2 following table to help you complete this lab.
Flow chart resources Resources used for this flow chart
Lab Toolkit resources: If necessary, use one or more of the Toolkit resources listed in the following
Exercise 3 table to help you complete this lab.
Flow
chart
reference Resources used for this flow chart
No.
internal Yes No
e-mail
B F G
1. Check if user appears in the GAL 1. Verify that the sender used the correct 1. Verify availablity of Internet
2. Check user's e-mail addresses address and can send to others in your connection
Is the GAL 3. Check Recipient Update Service organization 2. Verify external DNS MX
information for the No availability 2. Check sender filtering settings records and DNS server
user accurate? 4. Check Active Directory replication 3. Check message size limits and address availability
5. Use dcdiag and netdiag to check restrictions on SMTP Connector 3. Check firewall configuration
network connectivity 4. Check message size and mailbox size limits 4. Check SMTP virtual server
5. Check virus scanner and content scanner availability
6. Track message to see if the message 5. Check message size limits and
entered the organization address restrictions on SMTP
Yes connector
C
1. Check message queues
2. Track message
Are the sender 3. Check SMTP server functionality
and recipient on the 4. Check global catalog availability
Yes
same Exchange 5. Check if users are mailbox enabled
server? 6. Check mailbox size limits
7. Check virus scanner
8. Check content scanner
No
D
Can the
user send and 1. Check mailbox size limits
receive from 2. Check virus scanner
Yes 3. Check content scanner
recipients on other
servers? 4. Track message
No
E
1. Check network connectivity between
servers
2. Check DNS resolution between
servers
3. Check global catalog availability
4. Check SMTP server functionality
Unit 3: Troubleshooting Public Folders and Mailboxes
A
Is the e-mail
Start message sent to or
Yes
received from
the Internet?
No,
internal
e-mail
Unit 3: Troubleshooting Public Folders and Mailboxes
B
1. Check if user appears in the GAL
2. Check user’s email addresses
Is the GAL 3. Check Recipient Update Service
information for the No availability
user accurate? 3. Check Active Directory replication
4. Use dcdiag and netdiag to check
network connectivity
Yes
Troubleshooting Mailbox Problems
C
1. Check message queues
2. Track message
Are the sender 3. Check SMTP server functionality
and recipient on the 4. Check global catalog availability
Yes
same Exchange 5. Check if users are mailbox enabled
server? 6. Check mailbox size limits
7. Check virus scanner
8. Check content scanner
No
D
Can the user 1. Check mailbox size limits
send and receive 2. Check virus scanner
Yes
from recipients on 3. Check content scanner
other servers? 4. Track message
No
E
1. Check network connectivity between
servers
2. Check DNS resolution between
servers
3. Check global catalog availability
4. Check SMTP server functionality
5. Check routing group connector
configuration
Unit 3: Troubleshooting Public Folders and Mailboxes
19
20
H
1. Verify sender used correct address and can
send to others
2. Check user’s SMTP address and update if
Can the necessary
user send or Can other 3. Check recipient filtering settings
Yes receivee-mail from No users send or receive Yes 4. Check message size limits and address
other Internet e-mail from the restrictions on SMTP connector
recipients? Internet? 5. Check message size and mailbox size limits
6. Check virus scanner and content scanner
7. Track message to see if the message
entered the organization.
Yes No
F G
Unit 3: Troubleshooting Public Folders and Mailboxes
1. Verify that the sender used the correct 1. Verify availability of Internet
address and can send to others in your connection
organization 2. Verify external DNS MX records
2. Check sender filtering settings and DNS server availability
3. Check message size limits and address 3. Check firewall configuration
restrictions on SMTP Connector 4. Check SMTP virtual server
4. Check message size and mailbox size limits availability
5. Check virus scanner and content scanner 5. Check message size limits and
6. Track message to see if the message address restrictions on SMTP
entered the organization connector
Unit 3: Troubleshooting Public Folders and Mailboxes 21
Exercise 1
Troubleshooting Solutions When a User Cannot Send Internal
E-Mail
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Scenario Bryan Walton has entered a service request. Bryan is a new employee. He states
that he is unable to send e-mail to anyone. Other users on the network can also
not send e-mail messages to him.
In this exercise, you will need to log on to OWA on London using
NWTraders\BryanWalto.
Level 1 support “Bryan is a new user who just started working here yesterday. I checked his
comments computer—it is running a standard build with Microsoft Office 2003. He can’t
open Outlook—gets an error message. Checked user account—he is in Active
Directory and it looks like he is configured correctly. I can’t send e-mail to his
account—it says the name doesn’t exist.”
You must resolve the problems so that Bryan can send and receive e-mail from
internal users.
What did you determine to be the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
22 Unit 3: Troubleshooting Public Folders and Mailboxes
Exercise 2
Troubleshooting Solutions When a User Cannot Receive Internet
E-Mail
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Scenario Andy Teal has entered a service request. He states that he is unable to receive
e-mail from the Internet. He can send and receive e-mail internally, but when
Internet e-mail users try to send e-mail to him, they receive NDRs.
In this exercise, you will need to log on to Outlook 2000 on Vancouver using
Contoso\Administrator to send messages to Andy Teal. To confirm the
messages are delivered, you will also need to open Andy Teal’s mailbox by
using his Nwtraders\andyteal Active Directory account.
Level 1 support “Checked Andy’s computer; everything looks like it is properly configured.
comments Outlook client works fine. Can send e-mail to internal users, and receive e-mail
from internal users. Can send e-mail to the Internet – can’t receive. Even when
Internet users reply to his e-mails, they get an NDR.”
You must resolve the problem so that Andy can receive e-mail messages from
the Internet. To simulate the Internet for purposes of this lab, use the Vancouver
server.
What did you determine to be the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Unit 3: Troubleshooting Public Folders and Mailboxes 23
Exercise 3
Troubleshooting Solutions When a User Cannot Post to a Public
Folder
In this exercise, you will use the flow chart located at the end of this lab and the
Lab Toolkit resources to identify and resolve the problem in the scenario.
Scenario Ben Smith has entered a service request. He states that he is unable to post
messages to a public folder named SalesReports. He can read the contents of
the messages in the public folder but cannot post messages.
In this exercise, you will need to log on to OWA on London using
NWTraders\BenSmith.
Level 1 support “Ben can send and receive e-mail without problems. Ben can see the public
comments folder in the public folder list. Checked the public folder—everyone in the
Sales department is supposed to be able to read and write to the public folder.
Permissions on the public folder seem to be set up right.”
You must resolve the problems Ben experiences when trying to post messages
to the public folder.
What did you determine to be the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
24
A
1. Check folder permissions
(restart Microsoft Exchange
Is the user Is the user System Attendant to clear
Is the user able
Start able to connect to Yes able to open the Yes No server cache immediately)
to post
the public folder public folder? 2. Check public folder replication
messages?
server? 3. Check that the required
services are running
No No Yes
B
1. Check network connectivity 1. Check public folder replication
2. Check DNS configuration 1. Verify that the folder is mail
3. Check default public folder 2. Check public folder referral Is the user able enabled
store setting configuration to post via No 2. Verify that the folder is in GAL
e-mail? 3. Verify that the public folder
e-mail address is correct
Unit 3: Troubleshooting Public Folders and Mailboxes
Yes End
Unit 3: Troubleshooting Public Folders and Mailboxes 25
Lab Virtual PC clean-up For this lab, you used the London and Vancouver Virtual PCs. Please undo any
changes that were made during your troubleshooting by closing each virtual PC.
Important When you shut down the Virtual PCs using these
instructions, all changes made to the Virtual PCs during this lab will be
lost.
Note Start the 2011_London Virtual PC to prepare for the next unit’s
lab. Do not shut it down again until instructed.
26 Unit 3: Troubleshooting Public Folders and Mailboxes
Lab Discussion
How will you approach these types of troubleshooting issues in your work
environment?
! How is your work environment different than the test environment?
! How would your work environment change the troubleshooting process?
! What steps will you take in the future when troubleshooting similar
problems?
Unit 4: Troubleshooting Outlook Web
Access and Outlook Mobile Access
Contents
Overview 1
Troubleshooting Outlook Web Access 2
Troubleshooting Outlook Web Access in a
Front-End and Back-End Server Topology 5
Troubleshooting Outlook Mobile Access 7
Pre-Lab Discussion 9
Lab: Troubleshooting Outlook Web Access
and Outlook Mobile Access Problems 10
Lab Discussion 22
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place, or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in, or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access 1
Overview
Troubleshooting OWA Troubleshooting OWA is complicated by the fact that there are several
components involved when the OWA client accesses the Exchange server.
However, the error messages that you receive in your browser when you try to
connect to Exchange by using OWA often provide useful information. The
following table lists some of the common error messages that you may receive
and some options for troubleshooting the errors.
Error Message Troubleshooting the Error Message
401 Access Denied • Confirm that the username and password are correct.
401 Logon Failed • Enter the user name using the domain\username format
rather than a UPN.
• Confirm that the user has permission to use OWA.
403 Access Denied • Confirm that the user has access to the resource they are
trying to access.
• Check the SSL configuration—the user will get this
message if they are using HTTP rather that HTTPS and the
site requires SSL.
404 Not Found • Confirm that the object the user is trying to access exists on
the Exchange server.
• Check the configuration of URLscan in IIS to confirm that
URLscan is not blocking access to the required URL.
• In a front-end and back-end topology, confirm that the
front-end server can communicate with the back-end server.
• Confirm the user is using a server name that is identical to
the host header on the Exchange virtual server.
500 Internal Server • Confirm that the Exchange server can communicate with an
Error Active Directory server.
• If the client is using Kerberos for authentication, confirm
that the time difference between the client computer and the
OWA server are within acceptable limits.
503 Service • Confirm that the Information Store service is running and
Unavailable that the required mailbox store is mounted.
• If you have configured additional virtual servers to support
multiple domain names, confirm that the virtual directories
are configured correctly.
E-mail messages do • Check the firewall or proxy server settings to ensure they
not display in the are not blocking the content.
Contents pane
4 Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
Troubleshooting OWA in When you are troubleshooting a front-end and back-end configuration, you will
a front-end and back- use many of the same steps that you use when you are troubleshooting a single
end topology OWA server. The one significant additional step that you may need to include
when troubleshooting OWA in a front-end and back-end configuration is
troubleshooting multiple servers. In most cases, users will be accessing OWA
from the Internet. This means that the clients must connect to the front-end
server through the Internet firewall. The front-end server must then connect to a
domain controller and the back-end server. You may need to troubleshoot the
OWA on each server:
! Test functionality on the back-end server. The initial step in troubleshooting
a front-end and back-end topology is to verify that OWA clients can connect
to the back-end server. In order for OWA to work through the front-end
server, it must first work on the back-end server. If you cannot connect to
the back-end server by using OWA, you can use the single server
troubleshooting steps discussed in the previous topic to determine the cause
of the failure. If the OWA works on the back-end server, then move on to
troubleshooting the front-end server.
! Test functionality on the front-end server from the internal network. The
second component to test in this topology is the front-end server. You will
need to connect to the front-end server from the internal network and check
the functionality. If you cannot connect to the front-end server by using
OWA, a problem exists between the front-end server and the back-end
server. You may need to test the internal firewall configuration, or check the
DNS configuration to ensure that the front-end server can locate a domain
controller and the back-end server. If you can connect to the front-end
server from the internal network, then the problem is located between the
front-end server and the Internet, most likely on the external firewall.
! Test all virtual servers on the front-end and back-end servers. Front-end
virtual servers and virtual directories that point to mailbox stores must use
the same domain names as the corresponding back-end virtual servers or
directories. If you can connect to a virtual server on a back-end server, but
cannot connect to the same virtual server from the front-end, then ensure
that the virtual servers on both servers are configured the same way.
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access 7
Troubleshooting OMA Because OMA uses the same infrastructure as OWA, much of the
troubleshooting for OMA will be the same as it is for OWA. However, there are
some configurations which are unique to OMA that you may need to
troubleshoot:
! Check the global settings. In order for clients to use OMA, you must enable
OMA on the global settings for the Exchange organization. You do this by
accessing the properties for Mobile Services under the Global Settings and
selecting Enable Outlook Mobile Access. If you want users to be able to
access OMA using unsupported devices such as Internet Explorer 6.0, you
must also select Enable unsupported devices. If these options are not
selected, then the user will receive an error message saying that the account
is not enabled for OMA when they try to connect.
! Check individual mailbox configurations. You must also enable OMA on
each mailbox before a user will be able to access their mailbox using OMA.
You can do this by accessing the user properties in Active Directory Users
and Computers; select the Exchange Features tab and enable OMA. If this
option is not selected, the user will receive an error message saying that the
account is not enabled for OMA when they try to connect.
Note If you are using a front-end and back-end server topology, both
servers must be running Exchange Server 2003 in order to enable OWA.
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access 9
Pre-Lab Discussion
Important This lab focuses on the concepts in this unit and as a result
may not comply with Microsoft security recommendations. For instance,
this lab does not comply with the recommendation that you should not
log on using an administrative account.
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access 11
Lab Virtual PC For this lab, you will use the London Virtual PC and the Miami Virtual PC. The
configuration Miami Virtual PC will be configured as a front-end server.
To prepare for this lab:
1. Start 2011_London-Virtual PC, if it is not already started.
2. Log on as NWTraders\Administrator with a password of P@ssw0rd. You
may use OWA on London to check e-mail for the affected users in the lab
scenarios.
3. Start 2011_Miami Virtual PC. Log on as NWTraders\Administrator.
4. Use Exchange System Manager to browse to the Miami server object, right-
click the server object, and then click Properties.
5. Select This is a front-end server, and then click OK.
6. Restart Miami by clicking Start, Shut Down, and then Restart. Do not
restart Miami by using Virtual PC, as this will save changes made in the lab.
7. You need to use Internet Explorer on Miami to access OWA and OMA. To
connect to the front-end server for OWA, open Internet Explorer and
connect to http://miami/exchange. To connect to the front-end server for
OMA, open Internet Explorer and connect to http://miami/oma.
Navigating the flow In this lab, you will use the flow charts and the Lab Toolkit resources to
chart identify and resolve the problems described in the scenarios. You will need to
read the scenario and the Level 1 support comments and then use the flow
charts to identify the root cause of the problem. You will then need to perform
the test case presented at each decision point in the flow chart to determine
which path to follow. Use the letters on the flow chart to identify the
Toolkit resources that you can use to help troubleshoot the problem. After you
identify a potential solution, make the configuration change and then test your
solution. When your solution resolves the problem presented in the scenario
you have successfully completed the lab.
12 Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
Lab Toolkit Resources If necessary, use one or more of the following Lab Toolkit resources to help
you complete this lab:
Flow Chart Resources Resources Used for this Flow Chart
A
Can you run
OWA/OMA on the 1. Check external firewall
front-end server? configuration
Yes
Yes 2. Check open ports and port
redirection configuration
Is the user on Can the client Can the client 3. Check packet filtering
the internal network Internet ping the server Yes ping the server configuration
or on the Internet? IP address? host name?
No
D
No No 1. Check internal firewall
2. Check open ports and port redirection
B C configuration
Can you run 3. Check packet filtering configuration
OWA/OMA on the Yes 4. Check DNS
1. Check if the client can connect 1. Check DNS
back-end server? 5. Check front-end back-end security
Internal to other Internet sites 2. Check client's DNS server
2. Check if the server is online settings configuration
3. Check firewall configuration 3. Check firewall configuration 6. Check Outlook Mobile Access
4. Check IP routing configuration
No
E
Can you run F
OWA/OMA on the 1. Check global settings
front-end server? 2. Check default Web site
Yes 1. Check internal firewall for
internal network to perimeter configuration
Can the client Can the client 3. Check security configuration
ping the server ping the server network configuration
Yes (SSL, IPSec)
IP address? host name? Yes 2. Check open ports and port
redirection configuration 4. Check Web site availability
No 3. Check packet filtering 5. Check DNS
configuration
4. Check DNS
Start
Yes
Internal No No
A
1. Check external firewall
configuration
2. Check open ports and port
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
redirection configuration
3. Check packet filtering
configuration
Troubleshooting OWA and OMA Problems
No D
1. Check internal firewall
2. Check open ports and port redirection
configuration
Can you run 3. Check packet filtering configuration
Internal No No OWA/OMA on the Yes 4. Check DNS
back-end server? 5. Check front-end back-end security
configuration
B C 6. Check Outlook Mobile Access
configuration
1. Check if the client can connect 1. Check DNS
to other Internet sites 2. Check client’s DNS server
2. Check if the server is online settings
3. Check firewall configuration 3. Check firewall configuration
4. Check IP routing E
No 1. Check global settings
2. Check default Web site
configuration
3. Check security configuration
(SSL, IPSec)
Can the client 4. Check Web site availability
ping the server Yes 5. Check DNS
IP address?
No
G
1. Check for open relay
2. Update antivirus signatures
3. Check antivirus and content
scanning quarantine
4. Check message queues
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
15
16
No
Can you run
OWA/OMA on the
back-end server?
H J
1. Check DNS Yes 1. Check internal firewall
2. Check client DNS server 2. Check open ports and port
settings No redirection configuration
3. Check packet filtering
I configuration
4. Check DNS
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
Exercise 1
Troubleshooting Solutions When a User Cannot Access Outlook
Web Access
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab4a.bat
script located in the c:\MOC\2011\Labfiles\Lab04 folder on 2011_London
Virtual PC.
Scenario Amy Rusko has entered a service request. She is trying to access her e-mail
from home using OWA. When she tries to connect to OWA, Amy receives an
error indicating that the service is not available.
In this exercise, you will need to log on to Outlook Web Access on Miami
using NWTraders\amyrusko.
Level 1 support “Talked to Amy at home—she is using Internet Explorer 6.0. She had no
comments problem accessing her e-mail when she was in the office during the day. The
problem showed up when she tried to use OWA from home. She gets the logon
screen but when she enters her user name and password, she receives an error
message saying that she needs to use https:// to connect to the server. When she
tries to connect using https://miami.nwtraders.msft, she receives an error
indicating that the page cannot be displayed.”
You must resolve the problems so that Amy can connect to the front-end
Exchange server using OWA.
What did you determine to be the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
18 Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
Exercise 2
Troubleshooting Solutions When a User Cannot Access Outlook
Mobile Access
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab4b.bat
script located in the c:\MOC\2011\Labfiles\Lab04 folder on 2011_London
Virtual PC.
In this exercise, you will be using Internet Explorer to simulate a wireless
device. To use Internet Explorer as an OMA device, use the following
procedure:
1. On Miami, click Start, click Run, type http://Miami/oma and then click
OK.
2. If prompted with a Security Alert dialog box, click Add twice and then
click Close. If prompted with a second Security Alert dialog box, click Yes
to proceed.
3. When prompted for your logon credentials, log on with a user account that
has access to OMA. Use the domainname\username format.
4. When prompted that your device type is not supported, click OK.
Scenario Raman Iyer has entered a service request. Raman is trying to access his e-mail
from his Web phone using OMA. When he tries to connect to OMA he receives
an error message.
In this exercise, you will need to log on to OMA on Miami using
NWTraders\ramaniyer.
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access 19
Level 1 support “Talked to Raman at the airport where he just landed. He is using a supported
comments cell phone – he can browse other sites using his cell phone. His e-mail worked
on his desktop computer in the office when he left this afternoon. He gets the
logon screen, and uses the domain name and his user name to connect, but then
receives an HTTP 404 error indicating that the file or directory is not found. All
servers are working.”
You must resolve the problems so that Raman can connect to the Exchange
server using OMA.
What did you determine to be the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
20 Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
Exercise 3
Troubleshooting Solutions When a User Cannot Log In to Outlook
Web Access
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab4c.bat
script located in the c:\MOC\2011\Labfiles\Lab04 folder on 2011_London
Virtual PC.
In this exercise, you will need to log in to OWA on Miami using
NWTraders\hanyingfeng.
Scenario Hanying Feng has entered a service request. He is trying to access his e-mail
from a hotel room using OWA. When Hanying tries to connect, he gets an
authentication error.
Level 1 support “Talked to Hanying at the hotel room where he is staying—he is using Internet
comments Explorer 6.0. He has been gone from the office for about a week; this is the first
time he has tried to access his e-mail in the last week. He gets the logon screen,
but when he enters his user name and password he is not authenticated. Instead
he just gets the logon screen again. All servers are working.”
You must resolve the problems so that Hanying can connect to the Exchange
server using OWA.
What did you determine to be the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access 21
Lab Virtual PC For this lab, you used the Miami and London Virtual PCs. Please undo any
clean-up changes that were made during your troubleshooting by closing each image.
Important When you shut down the Virtual PCs using these
instructions, all changes made to the Virtual PCs during this lab will be
lost.
Note Start the 2011_London Virtual PC to prepare for the next unit’s lab.
Do not shut it down again until instructed.
22 Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
Lab Discussion
How will you approach these types of troubleshooting issues in your work
place?
! How is your work environment different than the test environment?
! How would your work environment change the troubleshooting process?
! What steps would you take in the future when troubleshooting similar
problems?
Unit 5: Troubleshooting Client
Connectivity
Contents
Overview 1
Messaging Clients Used to Access
Exchange Server 2003 2
How Messaging Clients Connect to
Exchange Server 2003 5
Additional Services Required for
Connecting to Exchange Server 2003 7
Pre-Lab Discussion 9
Lab: Troubleshooting Client Connectivity
Problems 10
Lab Discussion 20
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Unit 5: Troubleshooting Client Connectivity 1
Overview
(continued)
Messaging clients Messaging client usage and troubleshooting
(continued)
Messaging clients Messaging client usage and troubleshooting
(continued)
Service How it is used by Exchange and messaging client
Pre-Lab Discussion
Important This lab focuses on the concepts in this unit and as a result
may not comply with Microsoft security recommendations. For instance,
this lab does not comply with the recommendation that you should not
log on using an administrative account.
Unit 5: Troubleshooting Client Connectivity 11
Lab Virtual PC For this lab, you will use the Acapulco, London, and Vancouver Virtual PCs.
configuration The Acapulco Virtual PC is used to provide a messaging client for internal
users as well as external users. London is a domain controller, global catalog
server, DNS server, and Exchange Server 2003 server. Vancouver is a
Microsoft Windows NT® 4.0 domain controller that is also running
Exchange 5.5 and Outlook 2000.
To prepare for this practice:
1. Start 2011_London Virtual PC, if it is not already started.
2. Log on as NWTraders\Administrator with the password P@ssw0rd.
3. Start the 2011_Acapulco Virtual PC and log on as nwtraders\chrisgray.
4. Start the 2011_Vancouver Virtual PC.
5. Log on as Contoso\Administrator with the password P@ssw0rd.
Navigating the flow In this lab, you will use the flow charts and the Lab Toolkit resources to
chart identify and resolve the problems described in the scenarios. You will need to
read the scenario, the Level 1 support comments, and then use the flow charts to
identify the root cause of the problem. You will then need to perform the test
case presented at each decision point in the flow chart to determine which path
to follow. Use the letters on the flow chart to identify the Lab Toolkit resources
that you can use to help troubleshoot the problem. After you identify a potential
solution, make the configuration change and then test your solution. When your
solution resolves the problem presented in the scenario you have successfully
completed the lab.
12 Unit 5: Troubleshooting Client Connectivity
Lab Toolkit resources If necessary, use one or more of the Lab Toolkit resources listed in the
following table to help you complete this lab.
Flow chart reference Resources used for this flow chart
Start
A
1. Verify SMTP is running
2. Verify smart host is running, if
used
3. Verify that virtual servers are Which
configured appropriately including messaging client is
IMAP/POP IMAP
for authentication and for SSL being used, POP
4. Check protocol permissions or IMAP?
5. Verify route to server
What messaging 6. Test DNS
client is being
used?
POP
C D
B 1. Test POP3 virtual server 1. Test IMAP4 virtual server
2. Verify that virtual servers are 2. Verify that virtual servers are
1. Verify IP configuration on client is configured appropriately including configured appropriately including
correct for authentication and for SSL for authentication and for SSL
2. Test DNS from client 3. Verify firewall allows port 110 3. Verify firewall allows port 143
MAPI 3. Verify server is online and 995 and 993
4. Test network route 4. Test DNS 4. Test DNS
5. Check hosts and Imhosts files
OWA/OMA
Start
A
1. Verify SMTP is running
2. Verify smart host is running, if
used
Which
3. Verify that virtual servers are
messaging client is
configured appropriately including IMAP
being used, POP
for authentication and for SSL
IMAP/POP or IMAP?
4. Check protocol permissions
5. Verify route to server
What messaging
6. Test DNS
Unit 5: Troubleshooting Client Connectivity
client is being
used? POP
C D
B 1. Test POP3 virtual server 1. Test IMAP4 virtual server
2. Verify that virtual servers are 2. Verify that virtual servers are
MAPI 1. Verify IP configuration on client
configured appropriately including configured appropriately including
is correct
for authentication and for SSL for authentication and for SSL
2. Test DNS from client
3. Verify firewall allows port 110 3. Verify firewall allows port 143
3. Verify server is online
and 995 and 993
4. Test network route
4. Test DNS 4. Test DNS
5. Check hosts and lmhosts files
Messaging Client Unable to Connect to
Exchange Server 2003 Server
Exercise 1
Outlook Express User Unable to Send E-Mail to the Internet
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab5a.bat
script located in the c:\MOC\2011\Labfiles\Lab05 folder on 2011_London
Virtual PC.
Scenario Chris Gray has entered a service request. He states that he is unable to send or
receive e-mail to and from an Internet recipient from his home computer. He
says that he is able to receive e-mail from internal users.
On Acapulco, create an Outlook Express IMAP mail account for
NWTraders\ChrisGray. His account must be configured to use SSL for SMTP
communications and to require authentication for outgoing mail. Use this
Outlook Express account to connect to the London server and troubleshoot the
connection.
Level 1 support “Chris has been able to send and receive e-mail to and from the Internet before
comments today. He says that he has never had this problem before. I verified that the
configuration of Outlook Express on Chris’s computer is set to use the SSL port
for SMTP per company directives. He does not have his Outlook Express client
configured to use SSL with IMAP4, and this needs to be changed. All remote
users are supposed to use SSL when connecting with Outlook Express. I
verified that Chris’ mailbox exists and has messages in it.”
You must establish full e-mail communication for Chris Gray.
What did you determine to be the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Unit 5: Troubleshooting Client Connectivity 17
Exercise 2
Outlook Express User Unable to Connect to Exchange Server 2003
Server
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Exercise preparation To create the troubleshooting scenario for this exercise, perform the following
steps:
1. On the 2011_Acapulco Virtual PC, on the menu, click PC, click Shut
Down, click Turn off PC and undo changes, and then click OK.
2. On the 2011_Vancouver Virtual PC, on the menu, click PC, click Shut
Down, click Turn off PC and undo changes, and then click OK.
3. Run the breaklab5b.bat script located in the c:\MOC\2011\Labfiles\Lab05
folder on 2011_London Virtual PC.
4. Start the 2011_Acapulco Virtual PC and then log on as
NWTraders\alexhanki with the password P@ssw0rd.
Scenario Alex Hankin has entered a service request. He states that he is unable to access
his e-mail from home using Outlook Express. He is repeatedly receiving a
message that states “The connection to the server has failed.”
On Acapulco, create an Outlook Express IMAP mail account for
NWTraders\AlexHanki that uses SSL to secure both IMAP and SMTP. Use this
Outlook Express account to connect to the London server and troubleshoot the
connection.
Level 1 support “Talked to Alex on the phone and walked him through configuration of Outlook
comments Express. He has the correct server configured and the rest of his settings appear
to be fine in Outlook Express.”
You must resolve the problems Alex experiences when accessing his e-mail
from home using Outlook Express.
What did you determine to be the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
18 Unit 5: Troubleshooting Client Connectivity
Exercise 3
New Outlook User Unable to Open His Mailbox
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab5c.bat
script located in the c:\MOC\2011\Labfiles\Lab05 folder on 2011_London
Virtual PC.
Scenario Gary Schare was just hired and provided with his computer. Gary reports to the
service department that his computer takes a very long time to start up, and that
after it finally starts, he is unable to access his mailbox using Outlook.
In this exercise, you will need to create a profile for NWTraders\GarySchar on
Acapulco.
Level 1 support “Talked to Gary on the phone and had him reboot his computer – it took 20
comments minutes to log on! After it was up, I walked him through deleting and recreating
his Outlook profile. Gary is a new hire so I checked and verified that his
account was created.
“Ran the Outlook 2003 Wizard to connect to the Exchange Server 2003
mailbox and clicked Next after entering the server name and user name.
Outlook 2003 hung for several minutes and eventually provided an error. The
error states that the connection to the Exchange server is unavailable. Clicked
OK after the error and was asked for the server and user names again. Verified
with Operations—all Exchange servers are running without any reported
problems.”
You must resolve the problems Gary experiences when attempting to access his
mailbox.
Log onto Acapulco as GarySchar using the password P@ssw0rd. Use
Outlook 2003 to connect to the London server and troubleshoot the connection.
What did you determine to be the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Unit 5: Troubleshooting Client Connectivity 19
Lab Virtual PC For this lab, you used the Acapulco, Vancouver, and London Virtual PCs.
clean-up Please undo any changes that were made during your troubleshooting by
closing each image.
Important When you shut down the Virtual PCs using these
instructions, all changes made to the Virtual PCs will be lost.
Note Start the 2011_London Virtual PC to prepare for the next unit’s
lab. Do not shut it down again until instructed.
20 Unit 5: Troubleshooting Client Connectivity
Lab Discussion
Contents
Overview 1
Troubleshooting Intra-Routing Group
Connectivity 2
Troubleshooting Routing Group
Connectivity 5
Troubleshooting Connectivity to Other
E-Mail Systems 8
Troubleshooting Connectivity to the
Internet 11
Pre-Lab Discussion 14
Lab: Troubleshooting Server Connectivity
Problems 15
Lab Discussion 26
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place, or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in, or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Unit 6: Troubleshooting Server Connectivity 1
Overview
Troubleshooting intra- When all Exchange servers are in the same routing group, message delivery is
routing group message less complicated. However, message delivery does fail occasionally and you
routing will need to troubleshoot the failed deliveries. Listed below are some
components to check when performing this troubleshooting:
! DNS server availability and zone information. A sending Exchange server
must query DNS to locate the other Exchange servers in the routing group.
If the DNS lookup fails, the message will not be delivered. The Exchange
server also uses DNS to locate domain controllers and global catalog
servers. Use Ping and NSLookup to diagnose DNS lookup issues.
! Microsoft Active Directory® and global catalog availability. In order for the
sending Exchange server to send e-mail to a recipient, the Exchange server
must query the global catalog to determine the destination Exchange server.
If a global catalog server is not available, the messages will remain on the
sending Exchange server in the Messages awaiting directory lookup
queue. If the global catalog server is not available in the Exchange server’s
site, either configure another domain controller as a global catalog server or
configure the Exchange server to use a global catalog server in another site.
If the global catalog server is overloaded, you must configure another
domain controller to operate as global catalog server.
! Message queues. One of the key pieces of information that you can
determine from the message queues is where the message delivery is failing.
For example, if the messages are stuck in a local queue on the sending
server, use the guidelines for troubleshooting message delivery on a single
server. If the messages are stuck in the remote delivery queue on the local
server, troubleshoot the connection between the sending and receiving
servers. If the messages are stuck in a queue on the destination server,
troubleshoot message delivery on the destination server.
! Expansion servers. If a message sent to a mail-enabled group is not
delivered, you should check the expansion server setting on the group
properties. By default, any Exchange server can expand the membership list
of a mail-enabled group, but you can modify this so only a specific server
can act as the expansion server. If no specific expansion server is configured
on the group properties, you should check the group type. If the group is a
global group that is in a different domain than the sending Exchange server,
the Exchange server will not be able to expand the membership list for the
group. In this case, either configure an expansion server for the group that is
in the same domain as the group’s members or change the group to a
universal group. If an expansion server is configured for the mail-enabled
group, confirm that the expansion server is available in the same domain as
the group members and that it can connect to a global catalog server.
4 Unit 6: Troubleshooting Server Connectivity
! Global settings, virtual server settings, and mailbox settings. If only a few
messages are not being delivered within the routing group, you should
attempt to determine if the messages have any common characteristics. For
example, if messages with large attachments are not being delivered,
determine why this type of message is not being delivered. The maximum
message size can be configured on the global settings, on the virtual server
settings, or on the individual mailbox. If there are any message size limits
set on the mailbox, these settings will override all other settings. If the
message limit is set on the SMTP virtual server and on the global settings,
the virtual server settings will override the global settings.
Unit 6: Troubleshooting Server Connectivity 5
Troubleshooting routing Multiple routing groups introduce an additional layer of complexity to your
group connectors Exchange organization and to your troubleshooting. Use the following
guidelines when troubleshooting message delivery between routing groups:
! Determine where message delivery fails. The first step in troubleshooting
message delivery between routing groups is to determine where the message
delivery fails. To identify where a message is stopped, use the Message
Tracking Center to track the message. If the message is not being delivered
to the local bridgehead server, use the single routing group troubleshooting
procedures. If the message is being delivered to the bridgehead server,
confirm that the message is being sent to the destination bridgehead server.
If the message is being delivered to the destination bridgehead server,
determine if the message is being delivered to the destination Exchange
server. Messages sent between routing groups may be sent through multiple
routing groups before reaching the destination routing group, so you may
need to track the message through all the intermediate routing groups. After
determining where the message delivery fails, use the following
troubleshooting suggestions at the point of failure.
! Monitor the SMTP and X.400 link queues. When a computer running
Exchange Server 2003 receives an e-mail that will be sent through a routing
group connector, it creates a SMTP or X.400 queue for that connector. You
can monitor the growth of the queue using the queue viewer. You can also
view the additional queue information, which may explain the reason for
failed delivery.
! Troubleshoot connector availability. If the messages are being delivered to
one bridgehead server, but are not being delivered to the next bridgehead
server, you must troubleshoot the connector status. You can view the
connector status by using the Exchange System Manager Tools container. If
the connector status is unavailable, confirm that the Exchange server can
resolve the name of the destination Exchange server in DNS and that the
other server is available. Also use a tool like Telnet to determine if the
destination server is responding to SMTP commands.
! View link state table using WinRoute. If your company contains multiple
routing groups with several routing group connectors, you can use a tool
like WinRoute to view the link state routing information. WinRoute
provides you with detailed information about all of the connectors in the
Exchange organization, as well as connector status information. By
reviewing the information provided by WinRoute, you may identify
connector configuration errors that provide you with the information that
you need to troubleshoot message delivery.
Unit 6: Troubleshooting Server Connectivity 7
! Confirm availability of the routing group master. If you have changed the
routing group configuration in your Exchange organization, and the changes
are not being reflected within other Exchange servers in the routing group,
confirm the availability of the routing group master. If the routing group
master is not available, changes to the routing group configuration will not
be sent to the other Exchange servers in the routing group. You should also
check the availability of the routing group master if one routing group
connector fails and messages are not being routed to alternate connectors.
! Check connector configuration settings. Each of the connectors includes
several configuration options, such as message size, time, and delivery
restrictions. If some messages are being sent across the connector while
other messages are not, the most likely cause is a configuration setting on
the connector. In addition, if messages are not being delivered across an
SMTP or X.400 connector, check the address space configuration for the
connector.
8 Unit 6: Troubleshooting Server Connectivity
Exchange 5.5 and Exchange 2000 also support the Microsoft Exchange
Connector for Lotus cc: Mail and the Microsoft Exchange MS Mail Connector.
These connectors are not supported in Exchange Server 2003. If you want to
retain these services in your organization, you should retain an Exchange 2000
server to run such components.
Troubleshooting Many of the same troubleshooting principles apply when troubleshooting the
external connectivity external connectors as apply when troubleshooting routing group connectors.
However, because the external messaging systems have different configuration
options, there are also specific troubleshooting guidelines that you can use:
! Monitor queues. When you install the external connectors on an Exchange
server, a queue is created on that Exchange server for all messages sent to
the external organization. If messages are not being delivered between the
companies, use the queue viewer to determine whether the messages are
stuck in the queue. If the messages are stuck in the external connector
queue, troubleshoot the connection between the Exchange server and the
other messaging server. If messages are stuck in one of the other system
queues on the Exchange server before they even get sent to the connector
queue, troubleshoot message delivery on the Exchange server using the
procedures covered in the earlier sections of this unit.
! Track messages. If you have message tracking enabled, you can track
messages in the Exchange organization as they are sent between the two
messaging systems. By tracking the messages, you can determine whether
message delivery is failing within your organization or during delivery to
the other messaging system. Message tracking will track the messages
through the external connector but cannot track messages once they leave
the connector.
! Enable and check proxy addresses. When you install the external
connectors, the default recipient policy is modified to include proxy
addresses compatible with the external e-mail system. By default, these
proxy addresses are not enabled in the recipient policy, so you must enable
the addresses before they will be applied to recipients in your organization.
If messages are not being delivered from the external messaging system,
check to ensure that the proxy addresses in your organization match the
address space on the connector.
10 Unit 6: Troubleshooting Server Connectivity
! Check client configuration and connectivity. When you are configuring the
Lotus Notes connector, you must install a Lotus Notes client on the
Exchange server that is running the connector. You must also configure a
Notes user ID for the connector on the Lotus Notes/Domino server and
configure a client .ini file on the Exchange server. The Notes client must be
able to connect to the Lotus Notes/Domino server in order to route messages
between the systems. If messages are not being delivered between the two
messaging systems, check if you can connect to the Lotus Notes/Domino
server using the Notes client. If you can’t connect, troubleshoot the client
connectivity. If you can connect using the client, check the connector
configuration.
! Check address book replication configuration. For both of the external
connectors, you can configure a specific container as the import and export
containers for address book replication. If you do not want all of the
Exchange recipients to be synchronized with the external mail system, you
can move all of the recipients that you want to synchronize into one
container, and then specify that container as the export container. If some
user accounts are not being synchronized, check the export container
configuration and ensure that the user accounts are in the right container.
Unit 6: Troubleshooting Server Connectivity 11
Troubleshooting By default, any computer running Exchange Server 2003 that can access DNS
outgoing connectivity information on the Internet can send messages to SMTP servers on the Internet.
Most companies do not want all of their Exchange servers to send e-mail to the
Internet. To avoid this, you should configure an SMTP connector with one or
more bridgehead servers to send all e-mail to the Internet. This SMTP
connector should be configured with an address space of “*” so that it can send
e-mail to any domain. Also, you must ensure that the server that hosts the
SMTP bridgehead server can resolve host and MX records on the Internet.
To troubleshoot outgoing Internet e-mail, use the following guidelines:
! Confirm SMTP connectivity to the Internet. In order for your Exchange
server to send e-mail to the Internet, the server must be able to establish
SMTP connections to the Internet. To test this, run Telnet on the Exchange
server and try to connect to an SMTP server on the Internet that you know is
online. If the connection fails, check the firewall configuration to ensure that
your server is allowed to make SMTP connections to the Internet.
! Confirm the MX records for the destination domain in DNS. If Internet
e-mail is being delivered to some domains, but not to others, check the MX
records for the domains where delivery is failing. In order for your
Exchange server to send e-mail to an SMTP domain, the server must be able
to locate the MX records for the domain, and the MX records must be
accurate.
Unit 6: Troubleshooting Server Connectivity 13
! Monitor the SMTP link queues. When a computer running Exchange 2003
receives an e-mail intended for a SMTP domain outside the organization, it
creates a temporary SMTP queue for that domain. If messages are not being
delivered to a specific SMTP domain, use the queue viewer on the SMTP
bridgehead server to check if the messages are stuck in the queue. If there
are several messages in the queue, view the queue information to determine
why messages are not being delivered to the domain. If outgoing messages
are stuck in only one domain queue, you can troubleshoot message delivery
to just that one domain. If messages are stuck in all of the queues for
domains outside the organization, you will need to extend your
troubleshooting to the entire SMTP server.
! Check the global Internet message formats and message delivery
restrictions. You can use Internet message formats to configure the
encoding, format, and type of messages (such as out-of-office or NDRs) that
you send to all SMTP domains or to specific domains. You can also
configure global message delivery settings, such as maximum message size,
for the entire organization. If messages are not being delivered to specific
domains on the Internet, check the message format settings. If needed,
create domain-specific message format settings. For example, if the SMTP
server for a domain can only accept UUENCODE messages, configure a
domain-specific policy.
! Check the SMTP connector information. The SMTP connector contains
many configuration options that may affect message delivery. These
configuration options include message size, delivery restrictions, message
delivery direction, and time restrictions. If messages from users in one
routing group are being delivered using the SMTP connector but messages
from users in other routing groups are not being delivered, check the scope
of the SMTP connector.
! Check the SMTP virtual server configuration. The SMTP virtual server that
is the bridgehead server for the SMTP connector can also be configured in
ways that may affect message delivery. For example, you can configure
authentication and encryption settings for outgoing messages. If the
destination SMTP server settings are not compatible, outbound messages
will not be delivered. You can also configure the SMTP virtual server to use
a specific DNS server for e-mail delivery. If that DNS server is not
available, or if the DNS server does not contain the required information,
the SMTP virtual server will not be able to send any Internet messages.
! Check for SMTP open relaying. In some cases, your servers may still be
able to send Internet e-mail but the message delivery may be very slow. If
you notice that your Exchange server is operating much more slowly than
usual, check the SMTP queues on the server. If the SMTP queues contain
many more messages than you would expect, check whether your server is
configured for open relaying. If your server is being used for open relaying,
it may be delivering thousands of unsolicited commercial e-mails or spam to
recipients around the world. This will significantly decrease your server
performance. (By default, open relaying is blocked on Exchange 2003
servers. For information on how to detect and prevent open relaying, see the
Toolkit resource “Identifying and Closing Open Relays.”)
14 Unit 6: Troubleshooting Server Connectivity
Pre-Lab Discussion
Important This lab focuses on the concepts in this unit and as a result
may not comply with Microsoft security recommendations. For instance,
this lab does not comply with the recommendation that you should not
log on using an administrative account.
Lab Virtual PC For the first exercise in this lab, you will use the London Virtual PC and the
configuration Miami Virtual PC. In preparation for the lab, you will configure an additional
routing group and move the Miami Exchange server into the new routing group.
To prepare for this exercise, you need to perform the following configuration
steps:
1. Start 2011_London-Virtual PC, if it is not already started.
2. Log on as NWTraders\Administrator with a password of P@ssw0rd.
16 Unit 6: Troubleshooting Server Connectivity
Navigating the flow In this lab, you will use flow charts and the Lab Toolkit resources to identify
chart and resolve the problems described in the scenarios. You will need to read the
scenario and the Level 1 support comments and then use the flow charts to
identify the root cause of the problem. You will then need to perform the test
case presented at each decision point in the flow chart to determine which path
to follow. Use the letters on the flow chart to identify the Toolkit resources that
you can use to help troubleshoot the problem. After you identify a potential
solution, make the configuration change and then test your solution. When your
solution resolves the problem presented in the scenario you have successfully
completed the lab.
Unit 6: Troubleshooting Server Connectivity 17
Lab Toolkit Resources If necessary, use one or more of the following lab toolkit resources to help you
complete this lab:
Flow Chart Resources Resources Used for this Flow Chart
Is the message
being sent and
received inside the Yes
Exchange A
No, it is being received organization?
from an external sender
1. Check network
connectivity
2. Check infrastructure
Are the servers (DNS, global catalog,
in the same Yes domain controller)
routing group? 3. Check SMTP virtual
B server functionality
4. Check queues
1. Check recipient properties 5. Track Messages
2. Check network connectivity
3. Check DNS and MX record No, it is being sent to No
information an external recipient
Unit 6: Troubleshooting Server Connectivity
No Yes
D E
No, it is being sent via 1. Check that bridgehead or 1. Check for open relay
a supported connector remote servers are running 2. Check SMTP virtual server
2. Check network connectivity configuration
C 3. Check infrastructure (global 3. Check global settings
catalog, domain controller, 4. Check queue information
DNS) 5. Check routing group master
1. Check bridgehead servers
4. Check SMTP virtual server availability
availability
availability 6. Check connector address
2. Check connector configuration
space
3. Check connector address
7. Check routing group
space
connnector availability and
4. Check message queues
configuration
8. Configure diagnostic logging
on transport protocol
Troubleshooting Server Connectivity
Start
Is the message
being sent and
received inside the Yes
No, it is being received Exchange A
from an external sender organization?
1. Check network
B connectivity
2. Check infrastructure
No, it is being sent to Are the servers (DNS, global catalog,
1. Check recipient properties
an external recipient in the same Yes domain controller)
2. Check network
routing group? 3. Check SMTP virtual
connectivity
3. Check DNS and MX server functionality
record information 4. Check queues
4. Check SMTP virtual 5. Track Messages
server availability and
configuration Is the message No
5. Check SMTP connector being sent
configuration via SMTP?
6. Check global settings
Yes
Track messages
are the messages
No, it is being sent via being delivered to No
a supported connector bridgehead server?
C Yes
1. Check bridgehead servers
availability
2. Check connector configuration
Unit 6: Troubleshooting Server Connectivity
F
1. Check message delivery in
Can you connect destination routing group
Are the queues
Unit 6: Troubleshooting Server Connectivity
No Yes
D E
1. Check that bridgehead or 1. Check for open relay
remote servers are running 2. Check SMTP virtual
2. Check network connectivity server configuration
3. Check infrastructure (global 3. Check global settings
catalog, domain controller, 4. Check queue information
DNS) 5. Check routing group master
4. Check SMTP virtual availability
server availability 6. Check connector address
space
7. Check routing group
connnector availability and
configuration
7. Configure diagnostic logging
on transport protocol
Unit 6: Troubleshooting Server Connectivity 21
Exercise 1
Troubleshooting Solutions When Users Cannot Send Messages
Between Routing Groups
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Scenario Annette Hill has entered a service request. Annette is unable to send e-mail
messages to Michael Allen in Miami.
In this exercise, you will need to log on to Microsoft Outlook Web Access
(OWA) on London using NWTraders\AnnetteHill. You will need to log on to
OWA on Miami using NWTraders\MichaelAllen.
Level 1 support “Urgent! Talked to Annette and she says she sent some e-mail to Michael Allen
comments in Miami a couple of hours ago, but the messages haven’t been delivered yet.
The messages had Microsoft PowerPoint® attachments; she is not sure how big
the attachments were. Checked if I could send e-mail to the Miami—it is not
being delivered either. I am not getting any NDRs. Immediately escalated this
to second level support.”
You must resolve the problems that Annette has when sending e-mail messages
to the users in Miami.
What did you determine to be the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
22 Unit 6: Troubleshooting Server Connectivity
Exercise 2
Troubleshooting Solutions When Users Cannot Send Messages to
the Internet
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
For this exercise and the next exercise, you will use the London Virtual PC and
the Vancouver Virtual PC. The Vancouver Virtual PC will be used to simulate
an Internet connection.
To prepare for this exercise, you need to perform the following configuration
steps:
1. Shut down the 2011_Miami Virtual PC. To shut down, on the menu, click
PC, click Shut Down, click Turn off PC and undo changes, and then
click OK.
2. Ensure that you are logged on to the London Virtual PC as
NWTraders\Administrator.
3. Start the 2011_Vancouver Virtual PC. Because Vancouver is in the
Windows NT domain Contoso, which is not part of the same forest as
London, you can use Vancouver to simulate an Internet host. When you
start Vancouver, Vancouver will run Autochk. You should allow Autochk to
complete, at which time Vancouver will start successfully.
4. Log on to Vancouver as Contoso\Administrator with a password of
P@ssw0rd.
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab6b.bat
script located in the c:\MOC\2011\Labfiles\Lab06 folder on 2011_London
Virtual PC.
Scenario Gustavo Camargo has entered a service request. Gustavo is trying to send
e-mail to Internet e-mail recipients and the messages are not being delivered.
In this exercise, you will need to log on to OWA on London using
NWTraders\GustavoCamar, and open the Administrator mailbox on Vancouver
by using Outlook 2000.
Unit 6: Troubleshooting Server Connectivity 23
Level 1 support “Urgent! Talked to Gustavo and he says he sent an urgent e-mail to a customer
comments first thing this morning and it hasn’t been delivered. Checked if I could send
e-mail to the Internet—it is not being delivered either. I am not getting any
NDRs. Immediately escalated this to second level support.”
You must resolve the problem so that Gustavo can send e-mail to Internet e-
mail recipients.
What did you determine to be the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
24 Unit 6: Troubleshooting Server Connectivity
Exercise 3
Troubleshooting Solutions When Users Cannot Receive Messages
from the Internet
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab6c.bat
script located in the c:\MOC\2011\Labfiles\Lab06 folder on 2011_London
Virtual PC.
Scenario Angela Barbariol has entered a service request. Angela is a sales manager who
is also the manager of a distribution group named
SalesRequests@nwtraders.msft. Messages from the Internet are not being
delivered to the distribution group.
In this exercise, you will need to log on to OWA on London using
NWTraders\AngelaBarba.
Level 1 support “Talked to Angela, her e-mail is working fine. She can send and receive e-mail,
comments including Internet e-mail. The distribution group is used for clients on the
Internet to send e-mail to a generic sales alias so that all the sales people get the
message. Tried sending e-mail to the alias internally and it worked fine.”
You must resolve the problems so that messages from the Internet are delivered
to the distribution group.
What did you determine to be the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Unit 6: Troubleshooting Server Connectivity 25
Lab Virtual PC For these exercise, you used the Vancouver and London Virtual PCs. Please
clean-up undo any changes that were made during your troubleshooting by closing each
image.
Important When you shut down the Virtual PCs using these instructions, all
changes made to the Virtual PCs will be lost.
Note Start the 2011_London Virtual PC to prepare for the next unit’s
lab. Do not shut it down again until instructed.
26 Unit 6: Troubleshooting Server Connectivity
Lab Discussion
How will you approach these types of troubleshooting issues in your work
place?
! How is your work environment different than the test environment?
! How would your work environment change the troubleshooting process?
! What steps would you take in the future when troubleshooting similar
problems?
Unit 7: Troubleshooting Server
Performance
Contents
Overview 1
System Components That Cause Server-
Related Problems 2
Common Server-Related Problems 5
Pre-Lab Discussion 7
Lab: Troubleshooting Server Performance 8
Lab Discussion 18
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Unit 7: Troubleshooting Server Performance 1
Overview
(continued)
Hardware Performance
component object Performance counter Troubleshooting tip
Hard disk Physical disk Disk Transfer/sec If the hard drives of the server are being
The rate of read and write heavily loaded, consider adding faster hard
operations on the disk. drives with higher throughput rates. Another
concern with high hard drive activity is that
%Disk Time combined with high memory usage, it may
The amount of time the disk be causing excessive disk swapping. Adding
spends servicing requests. more system memory will improve disk
performance by reducing disk swapping.
To improve hard disk speed, you can
purchase controllers with larger amounts of
caching. You will need to turn off write
caching, as it can cause problems with log
drives. However, the read caching can be
extremely beneficial for performance since
retrieving data from cache is quicker than
retrieving data from disk.
System Memory Available bytes If memory usage is continually high and
memory The amount of physical memory there are high levels of paging to and from
available for process or system disk, additional memory should be added to
use without having to swap data the system.
to disk for temporary storage. When adding memory over one gigabyte,
Pages/sec remember to add the /3gb switch to the menu
items in the boot.ini file so that your server
The rate at which memory pages will use more than one gigabyte of system
are swapped to and from disk and memory.
memory. When there is excessive
paging, it is often referred to as
disk thrashing because the hard
drives work so hard.
Network Network Bytes Total/sec It is rare that the network interface will be
adapter interface The rate at which bytes of data fully utilized and cause network problems.
are sent or received through the However, you may want to move the
network adapter. network interface of an Exchange
Server 2003 server to a higher performance
network backbone, or add multiple network
adapters and configure load balancing
between the adapters to achieve improved
performance.
In many cases, backups from Exchange to
another server on the network can cause
slow network performance for a large
number of applications. Schedule backups
for off-peak hours, or create a private backup
network used just to offload all backup
network traffic from the public network.
4 Unit 7: Troubleshooting Server Performance
Developing performance You should use the System Monitor tool to log performance over several
baselines months so that you can develop a performance baseline. This baseline will help
you identify growth issues or any abnormalities with the performance of your
Exchange environment. Once you know how your Exchange servers run under
average user stress, you will be able to identify any major peaks in usage and
start looking for causes that might explain the change. Use the counters
presented in the above table as well as several other counters that can be used to
measure the Exchange server services. For example, if you use performance
logging and capture information for the SMTP Server Messages Received/Sec
counter, you will know that 14,000 is a number that is much too high for your
normal processing speed, and you will be able to respond to the problem much
faster.
Some basic questions you should be able to answer based upon performance
baselines include:
! What is the average number of e-mail received per day?
! How often do users open e-mail each day? How often do users open public
folders?
! What are the daily, weekly, and monthly peak delivery rates for e-mail?
! How many more users can your environment support without upgrading?
(continued)
Problem Recommended solution
Restores slow • Perform restores on offline servers and export lost messages
performance to .pst files. Send the .pst files to the proper owner so that
they can import them.
• Keep stores small so that they can be restored quicker.
Broken RAID sets • A broken disk should be replaced immediately. It is a very
slow performance good idea to keep spare disks for important servers, such as
Exchange servers.
• Try not to use RAID 5 implementations since broken disks
require significant CPU cycles to generate the lost data using
existing data and parity information.
• Break any mirrors with defective drives and take the broken
disk sets offline. Replace the defective drives and re-establish
the mirrors after normal business hours to minimize
performance impact.
Network interface • Often, the network switch and the network card will have
and switch problems trouble negotiating speed settings if they are both set to auto-
slow performance negotiate their speed settings. You should force network
adapters to their highest speed settings.
• Clearly mark and deactivate broken switch ports.
Activity spikes slow • Use System Monitor to watch for predictable spikes, such as
performance early morning logon activity that slows domain controller
performance, and Exchange server performance as everyone
reads e-mail to get ready for the day. Also, you may see
spikes right after lunch and right before the close of business
each day.
• Verify that all applications and services that can be turned off
are off or are scheduled for off-peak times, to minimize the
impact of the activity spikes.
• Consider recommending flex hours for employees to ease the
load on the network and improve performance for everyone.
Maintenance slows • Do not take down any servers during business hours. In the
performance event that maintenance is required because of failing
hardware, plan well so that the length of time a server is not
functional will be minimized.
• Schedule and maintenance applications, such as disk defrag,
during off-peak hours.
Note Hard disk arrays that are used to support large Exchange
Server 2003 databases may have their own tools for monitoring disk
performance. Make sure you use these tools and pay special attention to
failed disks, as a broken disk in an array can cause extremely poor
server performance.
Unit 7: Troubleshooting Server Performance 7
Pre-Lab Discussion
Important This lab focuses on the concepts in this unit and as a result
may not comply with Microsoft security recommendations. For instance,
this lab does not comply with the recommendation that you should not
log on using an administrative account.
Unit 7: Troubleshooting Server Performance 9
Lab Virtual PC For this lab, you will use the Acapulco and London Virtual PCs. The Acapulco
configuration Virtual PC is used to simulate a messaging client for internal users as well as
external users. London is a domain controller, global catalog server, DNS
server, and Exchange Server 2003 server.
To prepare for this lab:
1. Start 2011_London Virtual PC, if it is not already started.
2. Log on as NWTraders\Administrator with the password P@ssw0rd.
3. Start the 2011_Acapulco Virtual PC.
Navigating the flow In this lab, you will use the flow charts and the Lab Toolkit resources to
chart identify and resolve the problems described in the scenarios. You will need to
read the scenario, the Level 1 and 2 support comments, and then use the flow
chart to identify the root cause of the problem. You will then need to perform
the test case presented at each decision point in the flow chart to determine
which path to follow. Use the letters on the flow chart to identify the Lab
Toolkit resources that you can use to help troubleshoot the problem. After you
identify a potential solution, make the configuration change and then test your
solution. When your solution resolves the problem presented in the scenario
you have successfully completed the lab.
10 Unit 7: Troubleshooting Server Performance
Lab Toolkit Resources If necessary, use one or more of the following Lab Toolkit resources to help
you complete this lab:
Flow Chart Reference Resources used for this flow chart
Start
C
1. Check for open relay
2. Update antivirus
signatures
Spam 3. Check antivirus and
content scanning
quarantine
Are the problems 4. Check message queues
intermittent or
predictable?
Intermittent
A
1. Monitor affected 1. Check for bad port, bad
servers to identify Select issues cable, or bad network
Predictable problem identified by Network adapter
2. Configure logging monitoring and 2. Check Internet
3. Setup Alerts logging connection
B
1. Monitor affected
servers to identify
problem
2. Configure logging D
Check domain controllers
Authentication
E and global catalog servers
System Memory
Network H
Spam/Virus
1. Check for virus - look for
out of normal performance
F G counters and unknown
applications
1. Check for virus - look for 1. Check for Open Relay 2. Check for backups running
out of normal performance 2. Update Anti-virus at inappropriate times
Unit 7: Troubleshooting Server Performance
Start
C
1. Check for open relay
2. Update antivirus
signatures
Spam 3. Check antivirus and
content scanning
Are the problems quarantine
4. Check message queues
Unit 7: Troubleshooting Server Performance
intermittent or
predictable?
Intermittent A
1. Monitor affected 1. Check for bad port, bad
servers to identify Select issues cable, or bad network
Predictable
problem identified by Network adapter
2. Configure logging monitoring and 2. Check Internet
B 3. Setup Alerts logging connection
1. Monitor affected
servers to identify
problem
2. Configure logging Authentication D
Check domain controllers
and global catalog servers
Troubleshooting Server Performance
E
1. Check for virus - look for
out of normal performance
counters and unknown 1. Verify enough space for
applications log files and database
2. Check for scheduled 2. Check store size,
applications and services consider whether it
running at inappropriate Disk might be too large
times 3. Check for scheduled
3. Check benchmarks for the CPU applications and
server, may have too many services running at
users Select issues inappropriate times
identified by
monitoring and
logging
Network
times
3. Check for memory leaks
13
14 Unit 7: Troubleshooting Server Performance
Exercise 1
Address Resolution and Address Lookups Are Very Slow
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab7a.bat
script located in the c:\MOC\2011\Labfiles\Lab07 folder on 2011_London
Virtual PC.
Scenario Paul West has entered a service request. He states that it is taking a long time
for his Outlook client to resolve names that he enters manually, and it also takes
a long time when he wants to search for a name. Paul states that before this,
Outlook 2003 was able to resolve names in less than one second. Today, he is
experiencing wait times of approximately five seconds. Other users are also
complaining about poor Exchange server performance.
Log on to London as Nwtraders\Administrator using the password P@ssw0rd.
You should not need to open any user mailboxes when troubleshooting this
problem.
Level 1 support “Paul has been with the company for a month and his computer has the standard
comments build, including Outlook 2003. Checked user account – it is mailbox enabled.
His mailbox is on London. He is able to ping London.”
You must resolve the performance problem with Exchange Server 2003.
What did you determine to be the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Unit 7: Troubleshooting Server Performance 15
Exercise 2
Outlook Is Very Slow When Retrieving a Message from Exchange
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab7b.bat
script located in the c:\MOC\2011\Labfiles\Lab07 folder on 2011_London
Virtual PC.
Scenario Pete Male has entered a service request. He states that it takes several seconds
to send a message using his Outlook messaging client. Other service request
calls have come in complaining of the same problem.
Log on to London as Nwtraders\Administrator using the password P@ssw0rd.
You should not need to open any user mailboxes when troubleshooting this
problem.
Level 1 support “Pete is a new Exchange 2003 user and was recently migrated over from
comments Exchange 5.5. His computer has the standard build, including Outlook 2003.
Pete is able to ping London without any problems.”
Level 2 support “We have heard similar reports from other users in London. It is a suspected
comments network link issue and is being reviewed by the Network team as well as the
Server team.”
You must identify and resolve the performance problem with Exchange
Server 2003.
What did you determine to be the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
16 Unit 7: Troubleshooting Server Performance
Exercise 3
Multiple Users Are Unable to Open Their Mailboxes Using Outlook
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab7c.bat
script located in the c:\MOC\2011\Labfiles\Lab07 folder on 2011_London
Virtual PC.
Scenario Max Benson has entered a service request. He states that he is experiencing
delays when opening his mailbox and also when trying to send messages to
others on the network. You have received a call from the Help Desk indicating
that many users are calling about this problem.
Log on to London as Nwtraders\Administrator using the password P@ssw0rd.
You should not need to open any user mailboxes when troubleshooting this
problem.
Level 1 support “Max has a standard desktop system. He has a history of complaining about
comments many issues. We think he is trying to get a new computer. His computer has the
standard build, including Outlook 2003. It has been tested several times in the
past. Max is able to ping London.”
Level 2 support “We have heard similar reports from other users in London. It is a suspected
comments network link issue and is being reviewed by the Network team as well as the
Server team. Escalating to the Exchange team to help, just in case it is related to
the Exchange server.”
You must resolve the performance problem with Exchange Server 2003.
What did you determine to be the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Unit 7: Troubleshooting Server Performance 17
Lab Virtual PC For this lab, you used the Acapulco and London Virtual PCs. Please undo any
clean-up changes that were made during your troubleshooting by closing each image.
Important When you shut down the Virtual PCs using these
instructions, all changes made to the Virtual PCs will be lost.
Note Start the 2011_London Virtual PC to prepare for the next unit’s
lab. Do not shut it down again until instructed.
18 Unit 7: Troubleshooting Server Performance
Lab Discussion
Contents
Overview 1
PKI Requirements for Secure E-Mail 2
Troubleshooting S/MIME E-Mail Issues 5
Troubleshooting SSL Issues 8
Pre-Lab Discussion 11
Lab: Troubleshooting Exchange Security 12
Lab Discussion 23
Workshop Evaluation 24
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Unit 8: Troubleshooting Security Issues 1
Overview
Implementing a PKI The decision on which PKI option to use will likely be based on which clients
need to use certificates to secure e-mail. If you deploy certificates only to users
within your organization, and the servers that require server certificates will be
accessed only by internal clients, deploying a private CA is a good option. If
users outside the organization will require certificates, or if you deploy servers
that will be accessed by users outside the organization, you should deploy
commercial certificates. You have two options when implementing a PKI:
! Deploy a private PKI using Windows Server 2003 Certificate Authorities.
Windows Server 2003 includes a Certificate Server service that you can use
to deploy a PKI for your company. With this option, you can integrate the
management of certificates with Microsoft® Active Directory®.
! Integrate with a public or commercial PKI. You can also obtain digital
certificates from commercial PKIs such as VeriSign, GTE, Thawte, and
RSA. With this option, you can reduce the amount of effort required to
manage the certificates because the certificate management is done by the
commercial CA.
This choice is critical because PKI is based on trust model. When a client
connects to a server that is using a digital certificate to secure data, the client
checks its list of trusted root certification authorities to see whether it is
configured to trust the digital certificate. If the client is not configured to trust
the certificate, it will warn the user or fail to connect to the server. If you deploy
a private CA, you can configure all your internal clients to trust the CA, but
external clients are not going to be configured to trust your CA. However,
Internet clients such as Web browsers are already configured to trust the well-
known commercial CAs so they will not receive a warning when they connect
to a server using a commercial certificate.
In most cases, you are likely to be most concerned with securing e-mail within
your organization, which means a private CA is a good option. If you need to
secure e-mail to only a few external users, you can exchange certificates with
the external users and ask the external users to configure their clients to trust
your CA. If you need to secure e-mail to more external users, you can configure
each of your clients to use a commercial CA.
4 Unit 8: Troubleshooting Security Issues
Acquiring digital After deploying the CAs, you need to acquire and install certificates on all the
certificates servers and clients that require them. The enrollment process is a matter of
requesting and issuing a certificate. Although the enrollment process varies
with the CA that is used, and its policies, the following steps outline the general
process:
1. Applicant generates a key pair. The applicant generates a public and private
key pair, or he or she is assigned a key pair by some authority in the
company. The applicant stores the key pair locally, either on the disk
subsystem or on a hardware device, such as a smart card.
2. Applicant sends the certificate request to the CA. The applicant provides the
information that is required by the certificate template and sends the
certificate request to the CA. The certificate request includes the public key
that is generated at the requesting computer. This certificate request can be
sent directly to an online CA, or it can be saved as a text file and sent to an
offline CA.
3. Certificate administrator reviews the request. A certificate administrator
reviews the certificate request to verify the applicant’s information. Based
on the information presented, the certificate administrator either issues or
denies the certificate request. In some cases, the CA may be configured to
issue certificates automatically to users who present appropriate credentials.
4. Upon approval, the CA issues the certificate. The CA creates the certificate
and issues the certificate to the requesting applicant. The certificate is
signed by the CA to prevent modification and it includes the applicant’s
identifying information and the submitted public key as an attribute of the
issued certificate.
After you have acquired and installed the certificates, you can start using the
certificates to secure e-mail messages either with SSL or S/MIME.
Unit 8: Troubleshooting Security Issues 5
In this process, the public key can be made available to anyone who requests
the key, so that anyone can encrypt a message to send to a user. However, only
the recipient’s private key can decrypt the messages encrypted by the public
key, so only the person holding the private key can decrypt the messages. The
private key is protected in a user or computer profile or on a physical device,
such as a smart card.
Signing messages by You can protect e-mail messages against modification by using a digital
using S/MIME signature. A digital signature is a digital code that can be attached to an e-mail
message that uniquely identifies the sender. A digital signature is a key
component of most authentication methods because the digital signature
verifies the identity of the individual who is sending the message.
The following steps explain the process for how a digital signature is applied to
the original data:
1. When the sender prepares to send the signed message, a hash algorithm is
applied to the message data. A hash algorithm takes any form of data and
produces a mathematical result for the inputted data. This result is the hash
value. If a single character is changed in the message data while it is
transmitted on the network, the hash value will no longer be valid.
2. The resulting hash value is encrypted by using the sender’s private key. The
encryption protects the hash value from modification during the
transmission of the hash value to the recipient.
3. The sender sends the certificate, the encrypted hash value, and the original
data to the recipient. The certificate includes the sender’s public key as one
of the attributes of the certificate.
4. The recipient retrieves the sender’s public key from the received certificate.
The recipient uses the public key to decrypt the encrypted hash value. The
successful decryption and validation of the sender’s certificate proves that
the data originated from the sender.
5. The recipient passes the original data through the same hash algorithm. The
resulting hash value is compared to the hash value received from the sender.
If the two hash values are identical, the original data was not modified
during the transmission.
Unit 8: Troubleshooting Security Issues 7
Troubleshooting S/MIME S/MIME requires that both the sender and recipient have a digital certificate,
issues and that sender and recipient obtain a copy of each other’s digital certificate
with the attached public key. Therefore, much of the troubleshooting for
S/MIME will be client-based certificate troubleshooting. Use the following
guidelines when troubleshooting S/MIME issues.
! Ensure that both sender and recipient have digital certificates. To send
encrypted e-mail, the sender and receiver must have digital certificates. The
easiest way to test whether a user has a certificate is to attempt to send a
signed message. Sending digitally signed messages does not require a user
to have anyone else’s certificate, but the user must have a certificate. If the
user cannot send digitally signed e-mail to anyone, then the user does not
have a certificate, or the private key may not be accessible. For example, the
user may have a private key on one computer, but this would not mean that
the user can send signed e-mail from another computer. If a user must be
able to send encrypted messages from multiple computers, then you can
export the private key from one computer and install it on other computers.
You can also store the private key as part of a roaming user profile.
! Ensure that the sender and recipient have each other’s public keys. To send
encrypted messages to another recipient, the sender must have the
recipient’s public key. If a user can digitally sign messages but cannot
encrypt messages, the problem is likely that the sender does not have the
required public key. The easiest way for the sender to get the public key is
for the recipient to send a digitally signed e-mail. The signed e-mail
includes the certificate and public key. When the signed e-mail arrives, save
the sender information in your address book. The certificate and public key
will be saved with the contact information.
! Ensure that the clients are configured to trust the other certificate. You may
encounter problems if the clients do not trust the CA used by the sender or
recipient. If you receive an encrypted or signed e-mail and your client is not
configured to trust the sender’s CA, you will receive a warning message. If
you are confident of the sender’s identity, you can configure your client to
trust the certificate explicitly. If you must exchange secure e-mail with
several users in the other organization, you may want to configure a trust
chain between a CA that you trust and the sender’s CA.
! Ensure that you can recover lost private keys. In many cases, a user’s
private key is stored on the local computer in a secure part of the user’s
profile. If that private key is lost due to a hard disk failure, you must be able
to recover the private key; if you cannot, the user will not be able to decrypt
messages using the associated public key. As a best practice, you should
export a copy of the private key to a secure location to ensure that you can
restore the key if needed. In most cases, you should also implement
procedures on the CA to provide for private key archival and retrieval.
8 Unit 8: Troubleshooting Security Issues
Secure Sockets Layer can also be used to secure RPC over HTTP traffic. To use
RPC over HTTP, you must deploy Exchange Server 2003 on Windows
Server 2003 in a Windows Server 2003 Active Directory environment.
Moreover, only Outlook 2003 clients support RPC over HTTP. If you do
deploy RPC over HTTP, you can configure both the Exchange server and the
client to require SSL, so that all RPC traffic is sent using HTTPS rather than
HTTP.
Unit 8: Troubleshooting Security Issues 9
Implementing SSL Implementing SSL is significantly easier than implementing S/MIME because
you do not need to deploy certificates to the e-mail clients. Instead most
configurations for SSL occur on the Exchange server. Use the following steps
to implement SSL.
1. Configure a server-based certificate. This server-based certificate is used to
authenticate the server’s identity. The public key associated with the
certificate is used to create the encryption keys for encrypting traffic on the
network. In a Windows Server 2003 environment, you can use a commercial
CA certificate or an internal CA to issue the certificate.
2. Configure the protocol virtual servers to require SSL. After installing the
server certificate, configure the protocol virtual servers to require SSL. You
can use the same server certificate for all messaging protocols but you must
enable each protocol virtual server to use the certificate. To enable SSL
support on protocol virtual servers, first add the server certificate to the
server and then configure the protocol virtual server to require SSL.
3. Configure the network infrastructure to allow SSL ports. SSL uses ports
different from those used by unsecured protocol traffic, so you must open
the SSL ports. The following table shows the ports you must open when
using SSL:
Protocol SSL port
4. Configure the e-mail clients to use SSL. Once the server is configured to
support SSL, configure each client to use SSL when connecting to the
server.
5. If required, acquire a client certificate for Outlook Web Access (OWA) or
Outlook Mobile Access (OMA) e-mail clients. In environments that require
very high security, you may configure the HTTP virtual server to require
client certificates. Client certificates enable mutual authentication, ensuring
the identity of both the client and the server. If you require client
certificates, you must acquire and install a client certificate on each client
computer or device.
10 Unit 8: Troubleshooting Security Issues
Troubleshooting SSL In most cases, troubleshooting SSL requires you to troubleshoot the server and
network configuration rather than the client configuration. Use the following
guidelines when troubleshooting SSL issues:
! Check the network configuration. To use SSL, clients must be able to
connect to the Exchange server using the correct port numbers. If clients
within your corporate intranet can use SSL, but cannot connect using SSL
from the Internet, ensure the SSL ports are accessible from the Internet.
! Check the certificate trust path. The server certificate must be trusted by the
e-mail client. If the certificate is not trusted, you may get an error message
on the client computer indicating that the certificate is not trusted. You can
then configure the client computer to trust the server certificate explicitly. If
users frequently access your Exchange server using public computers, you
should use a certificate from a trusted commercial CA.
! SSL is not supported between the front-end and back-end server. If you have
deployed a front-end and back-end server topology, you cannot use SSL to
secure traffic between the two servers. This means that the back-end
protocol virtual servers used by the front-end servers cannot be configured
to require SSL. To secure communication between front-end and back-end
servers, you should configure IPSec.
! Check client configuration. Each e-mail client must be configured to support
SSL. If one client cannot connect to your Exchange servers using SSL while
other users can connect, the problem is almost certainly a client
configuration error. If you have both SSL- and non-SSL-enabled protocol
virtual servers accessible to the client, you can first ensure that the client can
connect to the protocol virtual servers that do not require SSL. If they can
connect to these servers, but not to the servers that require SSL, then check
the client SSL configuration.
Unit 8: Troubleshooting Security Issues 11
Pre-Lab Discussion
Important This lab addresses the concepts in this unit and therefore
may not comply with Microsoft security recommendations. For
example, this lab does not comply with the recommendation that you
should not log on using an administrative account.
Lab Virtual PC For the first two scenarios in the lab, you will use the London Virtual PC and
Configuration the Acapulco Virtual PC.
To prepare for this practice:
1. Start 2011_London Virtual PC if it is not already started.
2. Log on as NWTraders\Administrator with a password of P@ssw0rd.
3. Start the 2011_Acapulco Virtual PC. You will use Outlook 2003 and
Outlook Express on Acapulco to send and receive e-mail.
Navigating the flowchart In this lab, you will use the flowcharts and the Lab Toolkit resources to identify
and resolve the problems described in the scenarios. You will need to read the
scenario, the Level 1 support comments, and then use the flowcharts to identify
the cause of the problem. You will then need to perform the test case presented
at each decision point in the flowchart to determine which path to follow. Use
the letters on the flowchart to identify the Toolkit Resources that you can use to
help troubleshoot the problem. After you identify a potential solution, make the
configuration change and test your solution. When your solution resolves the
problem presented in the scenario, you have successfully completed the lab.
Lab Toolkit Resources If necessary, use one or more of the following lab toolkit resources to help you
complete this lab:
Flow Chart Resources Resources Used for this Flow Chart
D
1. Check that RPC over HTTP
component is installed on
Can the user Yes, RPC over HTTP front-end server
What is the
Start send unsecure but not secure 2. Check that the RPC virtual
client type?
email? e-mail directory in IIS is configured
3. Check that port numbers are
Unit 8: Troubleshooting Security Issues
No
B
1. Verify that the server is online
Are all 2. Verify that the client can
users affected? No
connect to the Exchange server
3. Check email client configuration
Yes
A
1. Check firewall to see if it allows
SMTP traffic into network.
2. Check DNS Host and MX records
2. Check SMTP virtual server to verify
it responds on port 25
3. Check security configuration on the
SMTP virtual server
4. Check SMTP gateway or smart host
configuration
Unit 8: Troubleshooting Security Issues
D
RPC over HTTP
1. Check that RPC over HTTP
What is the component is installed on
client type? front-end server
Unit 8: Troubleshooting Security Issues
F E
1. Check that required virtual servers 1. Check that HTTP virtual server
support secure protocols. supports SSL.
2. Check that required virtual servers are 2. Check HTTP server security
accessible from the Internet using configuration
secure ports 3. Check client browser type and
3. Check virtual server security configuration version
4. Check security configuration on the client 4. Check client security configuration
5. Check installation of secure e-mail
certificate for signing messages
6. Check receipt of secure mail certificate
from recipient for sealing messages
Unit 8: Troubleshooting Security Issues 17
Exercise 1
Troubleshooting Solutions When Users Cannot Send and Receive
Encrypted E-mail
In this exercise, you will use the flowchart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
Scenario Fernando Caro has entered a service request. The service request states that
Fernando cannot send and receive encrypted e-mail from Eric Parkinson. Both
users work in the accounting department and frequently send highly
confidential documents to each other. Both users’ mailboxes are on London.
You must resolve the problem so that both users can send and receive encrypted
and signed e-mail from each other. Read the Level 1 support comments, and
resolve the problems.
In this exercise, you will need to log on to Outlook 2003 on Acapulco using
NWTraders\EricParki. You will need to use Outlook Express on London using
NWTraders\FernandoCaro for an identity.
Level 1 support “I talked to both Eric and Fernando. Eric Parkinson works in the office and is
comments using Outlook 2003 as his e-mail client. Fernando Caro works from a remote
office that does not have a dedicated connection to the head office, and so he
uses Outlook Express which has an IMAP connection to the Exchange server.
“Eric and Fernando are involved in highly confidential negotiations to buy
another company so they have to be able to send encrypted and signed e-mail to
each other.
“I confirmed that both of them can get access to e-mail on the Exchange server
using their normal clients.
“They both say that they have not sent encrypted e-mail to anyone else in the
company, and do not need to do so.
“I told both of them that I didn’t know if we could set them up to send
encrypted e-mail to each other. They were not impressed by this.”
18 Unit 8: Troubleshooting Security Issues
________________________________________________________________
________________________________________________________________
________________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Unit 8: Troubleshooting Security Issues 19
Exercise 2
Troubleshooting Solutions When Users Cannot Connect to
Exchange Using RPC over HTTP
In this exercise, you will use the flowchart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
In this scenario, you will test to ensure that RPC over HTTP is working. To
ensure that Outlook is connecting to the Exchange server using RPC over
HTTP rather than RPC over TCP/IP, use the following procedure:
1. Open Outlook using a profile that is configured to use RPC over HTTP.
2. From your desktop, in the Application tray, hold down the CTRL key, right-
click the Outlook icon, and then click Connection Status.
3. In Connection Status, verify that the connection type is HTTPS.
Scenario Judy Lew has entered a service request. Her service request states that she
cannot connect to her mailbox from home. Judy Lew is one of the first users to
be configured to use RPC over HTTP, and her connection is not working.
You must resolve the problem so that Judy Lew can connect to the Exchange
server using RPC over HTTP. Read the Level 1 support comments, and resolve
the problems.
In this exercise, you will need to log on to Outlook 2003 on Acapulco using
NWTraders\JudyLew.
Level 1 support “She picked up the laptop at the office, and her e-mail worked fine in the office.
comments She was told that the laptop was completely configured and ready to go. But
when she connects to the Internet from home, she can’t get access to her e-mail.
She can open Outlook and she gets a logon screen. When she enters her
username and password, the logon screen keeps coming back. I got her to try to
use nwtraders\judylew and judylew@nwtraders.msft and neither name works.
“She says that she can browse the Internet from home.”
20 Unit 8: Troubleshooting Security Issues
________________________________________________________________
________________________________________________________________
________________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Unit 8: Troubleshooting Security Issues 21
Exercise 3
Troubleshooting Solutions When Users Cannot Receive Internet
E-mail
In this exercise, you will use the flowchart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
For this exercise, you will use the London Virtual PC and the Vancouver
Virtual PC.
1. On Acapulco, on the menu, click PC, click Shut Down, click Turn off PC
and undo changes, and then click OK.
2. Start the 2011_Vancouver Virtual PC.
3. Log on to Vancouver as Contoso\administrator with a password of
P@ssw0rd. You will use Vancouver to simulate an Internet SMTP server to
troubleshoot Internet e-mail delivery.
4. You will use Outlook Web Access on London to test e-mail functionality on
the London Virtual PC.
5. To create the troubleshooting scenarios, run the Breaklab8c.bat from the
c:\moc\2011\Labfiles\Lab08 directory located on 2011_London Virtual PC.
Scenario Deb Waldal has entered a service request. Her service request states that she
cannot receive Internet e-mail. She is not receiving any messages from the
Internet.
You must resolve the problem so that Deb can receive e-mail from the Internet.
Read the Level 1 support comments, and resolve the problems.
In this exercise, you will need to log on to OWA on London using
NWTraders\DebWalda.
Level 1 support “Urgent!! Talked to Deb and she says a customer sent her some urgent e-mail
comments first thing this morning and it hasn’t been delivered. Checked if I could receive
e-mail from the Internet, and I cannot receive Internet e-mail either.
“Immediately escalated this to second-level support.”
22 Unit 8: Troubleshooting Security Issues
________________________________________________________________
________________________________________________________________
________________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Lab Virtual PC For this lab, you used the Vancouver and London Virtual PCs. Please undo any
Clean-Up changes that were made during your troubleshooting by closing each image.
Important When you shut down the Virtual PCs using these
instructions, all changes made to the Virtual PCs will be lost.
Note Start the 2011_London Virtual PC to prepare for the next unit’s
lab. Do not shut it down again until instructed.
Unit 8: Troubleshooting Security Issues 23
Lab Discussion
How will you approach these types of troubleshooting issues in your work
place?
! What is different in your work environment than the test environment?
! How would your work environment change the troubleshooting process?
! What steps would you take in the future when troubleshooting similar
problems?
24 Unit 8: Troubleshooting Security Issues
Workshop Evaluation
Contents
Overview 1
Standard Migration Overview 2
External Migration Overview 5
Troubleshooting Migration Issues 7
Pre-Lab Discussion 11
Lab: Troubleshooting the Migration to
Exchange 2003 12
Lab Discussion 24
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Unit 9: Troubleshooting the Migration to Exchange 2003 1
Overview
In some cases, you may use a combination of the two migration options. For
example, you may upgrade one of your Windows NT domains, and then use
ADMT to migrate users and computers from other domains into the upgraded
domain.
Implementing Active After you populate Active Directory with Windows NT 4.0 user and group
Directory Connector accounts, the next step is to connect your Exchange 5.5 directory to Active
Directory. To do this, you must implement the Active Directory Connector
(ADC). The ADC synchronizes mailbox and distribution list information from
the Exchange 5.5 directory to Active Directory user accounts and groups,
thereby eliminating the need for re-entering this data in Active Directory.
One issue that you need to confront before you implement the ADC is that, in
Windows NT 4.0 and Exchange 5.5, you could have a user account that was the
primary NT account for more than one mailbox. Active Directory and
Exchange 2003 no longer allow a user account with more than one mailbox.
You can use the Resource Mailbox Wizard from the ADC Tools to match the
appropriate primary mailbox to the Active Directory account and stamp other
mailboxes with the NTDSNoMatch value, which designates the mailboxes as
resource mailboxes. If you do this, the ADC will create new user accounts for
the resource mailboxes in Active Directory.
Run ForestPrep After you configure the Active Directory Connector, run Exchange 2003 Setup
using the ForestPrep command-line switch. Exchange 2003 ForestPrep extends
the Active Directory schema to include Exchange-specific classes and
attributes. ForestPrep also creates the container object for the
Exchange organization in Active Directory. You need only run ForestPrep once
in a forest.
The account you use to run ForestPrep must be a member of the Enterprise
Admins and the Schema Admins groups. You must also designate an account
that has Exchange Full Administrator permissions to the organization object.
This account will be granted the authority to install and manage Exchange 2003
throughout the forest. This account also will be granted the authority to delegate
additional Exchange Full Administrator permissions after the first server is
installed.
Run DomainPrep After you run ForestPrep and allow time for replication, you must run
Exchange 2003 DomainPrep. DomainPrep creates the groups and permissions
necessary for Exchange servers to read and modify user attributes. The account
you use to run DomainPrep must be a member of the Domain Admins group in
the local domain and must also be a local computer administrator. You must run
DomainPrep in the forest root domain, in all domains that will contain
Exchange 2003 servers, and in all domains that will contain Exchange
Server 2003 recipients.
Installing Exchange After you finish preparing the Active Directory forest, you can begin installing
Server 2003 Exchange 2003 servers. When you install the initial Exchange 2003 server into
an Exchange 5.5 site, Exchange 2003 Setup creates an administrative group that
maps to the Exchange 5.5 site, and also creates a configuration connection
agreement between Active Directory and your Exchange 5.5 site. Configuration
connection agreements replicate Exchange-specific configuration information
between the Exchange 5.5 directory and Active Directory. These agreements
help Exchange 2003 to coexist with previous versions of Exchange. Exchange
Server 2003 automatically manages the configuration connection agreements.
4 Unit 9: Troubleshooting the Migration to Exchange 2003
Moving mailboxes, The final migration task is to move your Exchange 5.5 mailbox, public folder
public folders and contents and the messaging connectors to Exchange 2003 servers. To move
connectors mailboxes from an Exchange 5.5 server to an Exchange 2003 server in the same
administrative group, use the Exchange Task Wizard in Active Directory Users
and Computers. With the Exchange Task Wizard, you can select user accounts
with mailboxes on the Exchange 5.5 server and move multiple mailboxes at one
time to the Exchange 2003 servers. When moving mailboxes from an Exchange
5.5 server in one administrative group to an Exchange 2003 server in another
administrative group, you will need to use a tool like Exmerge.
Exchange Server 2003 includes the Microsoft Exchange Public Folder
Migration Tool (pfMigrate) which is used to migrate both system folders and
public folders from Exchange 5.5 servers to Exchange 2003 servers. You can
use pfMigrate to create system folders and public folder replicas on the new
server and, after the folders have been replicated, you can remove the replicas
from the source server. The pfMigrate tool is run from the Exchange Server
Deployment Tools, which are launched automatically when you access the
Exchange Server 2003 installation media.
In order to migrate messaging connectors from Exchange 5.5 servers to
Exchange 2003 servers, you will need to configure new connectors on the
Exchange 2003 servers that provide the same functionality as the connectors on
Exchange 5.5. If you configure the Exchange 2003 connectors with a lower
cost, all messaging traffic will start flowing through the Exchange 2003
connectors. After confirming that all messages are using the Exchange 2003
connectors, you can delete the connectors from the Exchange 5.5 servers.
Note The Exchange Server 2003 compact disk includes the Exchange
Server Deployment Tools which consists of tools and documentation
that help with your migration. You should use the Exchange Server
Deployment Tools to guide you through the migration process.
Unit 9: Troubleshooting the Migration to Exchange 2003 5
You must also install and run the Active Directory Connector as part of an
external migration. Similar to a standard migration, you should use the
Resource Mailbox Wizard to populate the resource mailbox attribute with the
NTDSNoMatch value to ensure that the ADC will create the appropriate user
accounts in Active Directory. If you are performing an external migration,
however, you must configure an interorganization connection agreement when
you configure the connection agreements in the ADC. This connection
agreement synchronizes information between the Exchange 5.5 organization
and the Active Directory forest. You cannot use the Exchange Deployment
tools to create an interorganization connection agreement.
Installing Exchange In an external migration, you can start installing Exchange 2003 servers after
Server 2003 you have run ForestPrep and DomainPrep. Because the servers are in an
organization different from the original Exchange 5.5 organization, you can
deploy the servers early in the migration project and test mail connectivity
without affecting the production environment. You can also configure all the
messaging connectors in the new organization, confirm that messages flow
throughout the organization, and confirm that messages are flowing to and from
the Internet.
Moving mailboxes and The Exchange Server Migration Wizard can be used to migrate mailboxes from
public folders an Exchange 5.5 server in one organization to an Exchange 2003 server in
another organization. The wizard extracts data from other messaging systems
and imports that data into Active Directory and the Exchange store. The wizard
can add new users to Active Directory if you migrate mailboxes that do not
already have a corresponding user account in Active Directory, and it adds new
e-mail and calendar data to the Exchange store for any new user accounts that
are created during migration. You can use the wizard to migrate all the
information in the Exchange 5.5 mailboxes including: inbox, drafts, sent items,
calendar, tasks, custom folders created by the mailbox owner, and contacts.
After you move the mailboxes, you can replicate the public folders. To replicate
public folders between the different Exchange organizations, use the InterOrg
Replication Utility. This utility allows the coordination of meetings,
appointments, contacts, and public folder information between Exchange
organizations.
Coexistence during An external migration is usually much more complicated than a standard
migration migration. The primary reason for this complication is that the migration can
take an extended period in a large corporation. During this migration project,
you not only have to support two Exchange organizations, but you also have to
manage the coexistence between the two organizations. In most cases,
companies cannot afford any extended disruption in messaging services. There
are many issues that you may need to deal with during the period of
coexistence, including:
! Message routing between the two organizations.
! SMTP address sharing between the two organizations.
! Maintaining current global address list information in both organizations.
! Dealing with client configuration issues in both organizations.
Note The lab in this unit deals with several of the coexistence issues
that can arise during an external migration. The toolkit resources in the
lab provide alternatives for dealing with and troubleshooting these
issues.
Unit 9: Troubleshooting the Migration to Exchange 2003 7
! Verify that the Windows Server 2003 domain is at Windows 2000 Native
functional level or higher. To populate the SIDHistory attribute, the
destination domain must be at this functional level. If the domain is not at
the required functional level, determine if there is any reason why the
domain functional level has not been raised. If possible, raise the functional
level to at least Windows 2000 Native before running the ADMT.
Troubleshooting Active Using the following guidelines when troubleshooting Active Directory
Directory Connector Connector issues:
! Verify correct Active Directory Connector version is installed. To
synchronize Exchange 5.5 information to Windows Server 2003 Active
Directory, you must use the Exchange Server 2003 or the Windows
Server 2003 version of the Active Directory connector. To replicate
configuration information from the Exchange 5.5 organization to Active
Directory, you must use the Exchange Server 2003 version of the ADC. If
you have already implemented Active Directory Connector using the
Exchange 2000 version, you must upgrade the ADC to the Exchange
Server 2003 version throughout your organization.
! Check the Connection Agreement configuration. If the ADC is not
replicating directory information as you expected, there are several
configuration settings on the ADC that you can review:
• Check the replication direction. The connection agreement can be
configured to replicate from Exchange to Active Directory, from Active
Directory to Exchange or both ways. If directory information is only
being replicated in one direction, then check the replication direction.
• Check the user account permissions. To configure a two-way connection
agreement, you must provide a user name and password for user
accounts that have read and write permissions in both Active Directory
and Exchange 5.5. If information is not being replicated in one direction,
check the permissions assigned to the user account.
Unit 9: Troubleshooting the Migration to Exchange 2003 9
Troubleshooting Using the following guidelines when troubleshooting mailbox migration issues:
mailbox migration
! Verify availability of both servers. If you cannot migrate mailboxes from
one server to another, then verify that both the Exchange servers are
available. If you are using one of the migration tools in Exchange
Server 2003 to move the mailboxes, the tool will tell you which server is not
available. If one server is not available, try opening a mailbox on the server
using an e-mail client from a workstation. If you can connect using the
e-mail client, then check the network configuration of the server where you
are running the migration tool. If you cannot open the mailbox using an
e-mail client, then check the network connectivity to the server, and ensure
that all required Exchange services are running on the server.
! Must have Send As and Receive As permissions when using Exmerge. To
migrate mailboxes to an Exchange 2003 server, you must use a user account
that has Send As and Receive As permissions for every mailbox that you
migrate. In an Exchange 5.5 organization, the Exchange service account has
these permissions.
Troubleshooting client Using the following guidelines when troubleshooting client issues:
issues
! Check the profile configuration. Whenever a user mailbox is moved from
one site to another or from one organization to another, the user profile must
be modified on the user workstation. In some cases, you can just reconfigure
the user profile to use the new Exchange server in the new organization.
However, there are several issues that can complicate the client
reconfiguration. For example, if the client is using an offline folder store
(.ost file), the .ost file must be deleted and recreated after the mailbox is
moved. If the user has problems with their e-mail profile after the migration,
often the easiest solution is to delete the profile and recreate it.
! Troubleshooting mailbox connectivity issues before moving the mailbox. In
some cases, users cannot connect to their mailbox after you run the ADMT.
If the mailboxes are still on the Exchange 5.5 servers, and the users are
logging into the Active Directory domain, verify that the SIDHistory
attribute is populated on the user accounts. If you have run the Exchange
Directory Migration Wizard in ADMT, then verify that the primacy NT
accounts on the Exchange mailboxes have been changed to the Active
Directory accounts.
10 Unit 9: Troubleshooting the Migration to Exchange 2003
Note The lab in this module includes a client connectivity issue that you
need to troubleshoot. For additional information on client configuration
issues that you may need to troubleshoot, review the toolkit resources
included in the lab.
Unit 9: Troubleshooting the Migration to Exchange 2003 11
Pre-Lab Discussion
Important This lab focuses on the concepts in this unit and as a result
may not comply with Microsoft security recommendations. For instance,
this lab does not comply with the recommendation that you should not
log on using an administrative account.
Lab scenario In this lab, you will troubleshoot errors that may appear during a migration
from Exchange 5.5 to Exchange Server 2003. The lab environment simulates an
external migration in which the Contoso Exchange 5.5 organization is being
migrated to the Northwind Traders Exchange Server 2003 organization. The lab
scenario assumes that the migration is partially completed and the two
Exchange organizations coexist while the migration is completed.
Unit 9: Troubleshooting the Migration to Exchange 2003 13
Lab Domain The following diagram illustrates how the relevant domains are configured in
Configuration the scenario.
Important In this scenario, all the user accounts in the Contoso domain
have been migrated to the Nwtraders domain. All users should be
logging into the Nwtraders domain. The only exception is if you need to
log in as Contoso\Administrator.
Internet Message The following diagram illustrates the message-routing design that is being
Routing Design implemented at Northwind Traders. All inbound and outbound Internet e-mail
must be routed through London.nwtraders.msft.
14 Unit 9: Troubleshooting the Migration to Exchange 2003
Lab Virtual PC For this lab, you will use the London Virtual PC and the Vancouver Virtual PC.
Configuration
To prepare for this lab:
1. Start 2011_London-Virtual PC, if it is not already started.
2. Log on as NWTraders\Administrator with a password of P@ssw0rd. You
will use Outlook Web Access (OWA) on London to check e-mail for the
affected users in the lab scenarios.
3. Start the 2011_Vancouver Virtual PC.
Navigating the flowchart In this lab, you will use the flowcharts and the Lab Toolkit resources to identify
and resolve the problems described in the scenarios. You will need to read the
scenario, the Level 1 support comments, and then use the flowcharts to identify
the root cause of the problem. You will then need to perform the test case
presented at each decision point in the flowchart to determine which path to
follow. Use the letters on the flowchart to identify the Toolkit Resources that
you can use to help troubleshoot the problem. After you identify a potential
solution, make the configuration change and then test your solution. When your
solution resolves the problem presented in the scenario, you have successfully
completed the lab.
Unit 9: Troubleshooting the Migration to Exchange 2003 15
Lab Toolkit Resources If necessary, use one or more of the following lab toolkit resources to help you
complete this lab:
Flow Chart
Resources Resources Used for this Flow Chart
E Help: Exchange 2003. Configuring an SMTP Connector. To locate this information, open
the Exchange System Manager, click Help, then click Help Topics, and then click Search.
Search for SMTP Connector and then select Install an SMTP Connector.
C D E Help: Exchange 2003. Configuring Diagnostic Logging. To locate this information, open
the Exchange System Manager, click Help, then click Help Topics, and then click Search.
Search for Diagnostic Logging and then select Configure Diagnostic Logging.
C D E Help: Exchange 2003: Tracking Messages. To locate this information, open the Exchange
System Manager, click Help, then click Help Topics, and then click Search. Search for
message tracking and then select Use the Message Tracking Center.
A B Help: Exchange 2003. Viewing and Modifying Mailbox Permissions. To locate this
information, search for Mailbox permissions and click the article named Manage Mailbox
Permissions.
A B Help: Exchange 5.5. Viewing and Modifying Mailbox Permissions. To view this
information, open the Exchange Administrator and click a mailbox in the recipients’
container. Click the Permissions tab and then click Help.
D Help: Windows: Testing DNS. To locate information on locating resource records, open
DNS administrator snap-in and search for Manage Resource Records.
D Help: Windows: Using NSLookup. To locate information on using NSLookup to test DNS,
open a command prompt and type NSLookup to start the NSLookup tool, and then type
Help.
A Help: Windows: Verifying Trusts between NT 4 and Windows Server 2003 domains. To
locate information on verifying trusts search for Verify Trusts click the article entitled
Verify a trust.
C D Configuring a Shared SMTP Address Space
C D E Routing Messages During Migration
B C Troubleshooting Addressing Errors
A C D E Verifying That a Server is Online
A B Verifying That the SIDHistory Attribute Is Populated on Migrated Objects
End
Start
No
A
1. Verify server is online Did you
Can the user 2. Check client configuration and SID modify Exchange 5.5 Restart Exchange 5.5
access their mailbox? No Yes
3. Check mailbox permissions mailbox configuration directory service
4. Check domain trusts or permissions?
Yes
B
1. Check recipient address
How many users 2. Check client configuration and SID
are experiencing One 3. Check client address book
message delivery configuration for addressing errors
errors? 4. Check mailbox permissions
Unit 9: Troubleshooting the Migration to Exchange 2003
E
1. Verify server is online
2. Check message routing configuration
Is message Is the message to the Internet
Multiple delivery failing for Yes being sent to the Yes
3. Check SMTP connector configuration
Internet e-mail? Internet? 4. Track messages
5. Enable diagnostic logging on transport
C D
1. Verify server is online 1. Verify server is online
2. Check addressing configuration in both 2. Check message routing configuration from the
organizations Internet
3. Check if organizations are sharing an SMTP 3. Check DNS MX record configuration
address space 4. Check if organizations are sharing an SMTP
4. Check message routing configuration between address space
the organizations 5. Track messages
5. Track messages 6. Enable diagnostic logging on transport
6. Enable diagnostic logging on transport
Troubleshooting the Migration to Exchange 2003
End
Start
No
A
1. Verify server is online Did you
Can the user 2. Check client configuration and SID modify Exchange 5.5 Restart Exchange 5.5
access their mailbox? No Yes
3. Check mailbox permissions mailbox configuration directory service
4. Check domain trusts or permissions?
Yes
B
1. Check recipient address
How many users 2. Check client configuration and SID
are experiencing One 3. Check client address book
message delivery configuration for addressing errors
errors? 4. Check mailbox permissions
Multiple
Unit 9: Troubleshooting the Migration to Exchange 2003
17
18
E
1. Verify server is online
2. Check message routing configuration
Is message Is the message
to the Internet
Multiple delivery failing for Yes being sent to the Yes
3. Check SMTP connector configuration
Internet e-mail? Internet?
4. Track messages
5. Enable diagnostic logging on transport
Unit 9: Troubleshooting the Migration to Exchange 2003
C D
1. Verify server is online 1. Verify server is online
2. Check addressing configuration in both 2. Check message routing configuration from the
organizations Internet
3. Check if organizations are sharing an SMTP 3. Check DNS MX record configuration
address space 4. Check if organizations are sharing an SMTP
4. Check message routing configuration between address space
the organizations 5. Track messages
5. Track messages 6. Enable diagnostic logging on transport
6. Enable diagnostic logging on transport
Unit 9: Troubleshooting the Migration to Exchange 2003 19
Exercise 1
Troubleshooting Solutions When Users Cannot Access Their
Mailboxes
In this exercise, you will use the flowchart and the Lab Toolkit resources
identified at the beginning of this lab to identify and resolve the problem in the
scenario.
Scenario Salman Mughal has entered a service request. The service request states that
Salman is unable to access his mailbox. When he tries to open his mailbox, he
gets an error message saying that he does not have permission to log on.
Level 1 support “Talked to Salman, when he opens Outlook on his computer he gets an error
comments message saying that he does not have permission to log on to the Exchange
server.
“Checked with the migration project. Salman’s user account was migrated on
the weekend to the Nwtraders domain, and his mailbox is still on the Vancouver
Exchange 5.5 server. Salman must log into the Nwtraders domain and access
his mailbox on the Vancouver server.
“His e-mail was working fine on Friday before they migrated his account.”
You must resolve the problems so that Salman Mughal can access his mailbox
on the Exchange servers.
What did you determine to be the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
20 Unit 9: Troubleshooting the Migration to Exchange 2003
Exercise 2
Troubleshooting Solutions When Users Cannot Receive Internet
E-Mail
In this exercise, you will use the flowchart and the Lab Toolkit resources
identified at the beginning of this lab to identify and resolve the problem in the
scenario.
Lab note: This scenario requires that you send Internet e-mail to the London server to test
whether you can send e-mail to all Northwind Traders and Contoso servers
from the Internet as indicated in the diagram at the beginning of this lab. In
earlier labs, you used the Vancouver to simulate the Internet e-mail server. This
lab however, simulates a migration scenario where the Exchange 5.5
organization is being migrated to the Exchange Server 2003 organization. To
simulate the Internet connection to London in this lab, use the following
procedure:
1. From Vancouver, open a command prompt and type Telnet london 25.
2. Type ehlo. The server will respond with a listing of the functionality
supported by the server.
3. Type mail from: Test@fabrikam.com
4. Type rcpt to: recipientname where recipientname is the full SMTP address
for the recipient to whom you are sending e-mail.
5. If the Exchange server returns an error message indicating that relaying is
not allowed for that domain, then you cannot send e-mail to the recipient. If
the Exchange server returns a message such as 250 2.1.5 recipientname then
the server will accept the message.
6. Type data
7. Type a short message and press ENTER. Type . (a period) and press Enter
again.
8. Type quit to exit the telnet session.
This procedure tests whether you can send an e-mail message from a recipient
that is outside either Exchange organization to a user in the Exchange
organization.
Important When typing these commands in telnet, you must type each
line without an error. If you make an error, press Enter and retype the
line. You may wish to turn on echo to better identify typing errors in the
Telnet window.
Scenario Tawana Nusbaum has entered a service request. Tawana is the purchasing
manager and her service ticket says that she is not receiving e-mail from
Internet users. The Internet users are sending e-mail to Tawana’s
TawanaNusba@Contoso.msft address and the e-mail is not being delivered to
her mailbox on the London Exchange server. Other members of her team,
whose mailboxes are still on the Vancouver Exchange 5.5 server, are also not
receiving Internet e-mail.
Unit 9: Troubleshooting the Migration to Exchange 2003 21
Level 1 support “Talked to Tawana. She is not receiving any e-mails from her suppliers on the
comments Internet. She talked to other members of her team, and they are experiencing the
same problem.
“I checked with the migration team, Tawana’s mailbox just got migrated to the
server running Exchange Server 2003 over the weekend. Some members of her
team also had their mailboxes migrated.
“I checked with Rebecca Laszlo, who is a member of Tawana’s team and
whose mailbox is on the Exchange 5.5 server. Rebecca is also not receiving the
e-mail messages from the Internet.
“The suppliers on the Internet are using the address
TawanaNusba@Contoso.msft to send e-mail to Tawana and
RebeccaLaszl@Contoso.msft to send e-mail to Rebecca.
“Tawana is really irritated by this, she says that she and all her team members
rely a great deal on e-mail, and they have to be able to send e-mail to each other
and to and from Internet clients.”
You must resolve the problem so that Tawana Nusbaum and Rebecca Laszlo
can send and receive e-mail from both Exchange organizations as well as
Internet users.
What did you determine to be the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
22 Unit 9: Troubleshooting the Migration to Exchange 2003
Exercise 3
Troubleshooting Solutions When Users Cannot Send E-Mail to
Some Recipients
In this exercise, you will use the flowchart and the Lab Toolkit resources
identified at the beginning of this lab to identify and resolve the problem in the
scenario.
For this lab, you are resolving a problem for a user with a mailbox on the
Vancouver Exchange 5.5 server. To troubleshoot the problem, log on to
Vancouver using Nwtraders\RichardCarey and use Outlook 2000 to
troubleshoot the e-mail delivery.
Scenario “Richard Carey has entered a service request. His service request states that he
is unable to send e-mail to Jim Kim at jimkim@nwtraders.msft. He can receive
e-mail from everyone and can send e-mail to some people, like his coworker,
Lynn Tsoflias at lynntsofl@nwtraders.msft, but not to another coworker, Jim
Kim.
Level 1 support “I spoke to Richard. Most of the time when he sends e-mail to other users, the
comments e-mail goes through. However, once in a while he can’t send e-mail.
“He says the delivery problems always seem to happen when he tries to send
e-mail to the same people. He said that he can’t send e-mail to Jim Kim, his
assistant. He said that he tried to reply to a message he received from Jim Kim,
and he tried to send a message to Jim by typing Jim’s name in the To: box. In
both cases, the messages are not being delivered.
“I checked with the migration team. Richard’s user account has been migrated
to the Nwtraders domain. Richard’s mailbox is still on the Exchange 5.5 server.
Jim Kim’s mailbox has been migrated to the Exchange Server 2003 server.
“I confirmed that Richard can send to some other user accounts, like Lynn
Tsoflias, that have been moved to the new server.”
You must resolve the problem so that Richard can send e-mail to Jim Kim.
What did you determine to be the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Unit 9: Troubleshooting the Migration to Exchange 2003 23
Lab Virtual PC For this lab, you used the Vancouver and London Virtual PCs. Please undo any
Cleanup changes that were made during your troubleshooting by closing each image.
Important When you shut down the Virtual PCs using these
instructions, all changes made to the Virtual PCs will be lost.
Lab Discussion
How will you approach these types of troubleshooting issues in your work
environment?
! What is different in your work environment than the test environment?
! How would your work environment change the troubleshooting process?
! What steps would you take in the future when troubleshooting similar
problems?
Contents
Overview 1
Approach to Exchange Server 2003
Troubleshooting 2
Challenge Information – Company
Background 5
Challenge Information – Service Request
Log 6
Challenge Information – Change
Management Log 9
Challenge 11
Workshop Evaluation 13
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Unit 10: Troubleshooting an Exchange Server 2003 Organization 1
Overview
What changes have been made Review the configuration management log, which
recently, according to the all companies maintain manually, on a system-by-
configuration management log? system basis, or electronically. The log should
track all changes that have been made to the
environment.
For example: You receive a service request stating
that the user is unable to access e-mail using
Internet Message Access Protocol version 4rev1
(IMAP4) through Microsoft Outlook Express. You
review the configuration management log and see
an entry from earlier that day stating that the
IMAP4 virtual server was secured using a new
certificate and is now able to support Secure
Sockets Layer (SSL) connections. Based on these
two circumstances, you might begin
troubleshooting by checking the user’s Outlook
Express configuration and helping him or her
change it to support IMAP4 with SSL.
Keeping the log updated will have significant
value in your approach to troubleshooting.
Unit 10: Troubleshooting an Exchange Server 2003 Organization 3
(continued)
Questions What you can learn
(continued)
Questions What you can learn
What should be the priority of Many administrators believe that first in first out
pending service requests? (FIFO) is the proper way to address all service
requests. However, this might not be reasonable if
one problem is impacting a large number of
people. It might make sense to escalate that
problem and complete it first so that more people
can be productive quicker. For example, fixing a
problem with an external DNS Mail Exchanger
(MX) record and restoring incoming Internet
traffic for the entire company might be placed
higher on the priority list of logged support calls
than an individual user’s connectivity issue.
Unit 10: Troubleshooting an Exchange Server 2003 Organization 5
The Exchange Server 2003 environment has been running without any major
problems for the last two months.
Network configuration Contoso’s business requirements are dependent on its network and its
messaging environment. The company network design reflects this business
need by:
! Connecting all offices to each other using leased T-3 lines.
! Connecting each office to two other offices so that all offices are connected
redundantly.
! Connecting each physical location using routing group connectors.
! Providing each office with a T-1 connection to the Internet.
! Configuring each office to send outbound Internet e-mail.
! Receiving inbound Internet e-mail in Vancouver and then routing it to the
proper Exchange.
6 Unit 10: Troubleshooting an Exchange Server 2003 Organization
Ann Beebe London Unable to connect to ST – Ann is able to connect to Web sites from home,
mailbox using including the company Web server in Vancouver. Ann is not
Outlook Express able to ping any Web sites on the Internet. We tried several
that I know will respond to ping commands.
BD – Talked to Exchange team; there are no problems with
London. They have verified that its Exchange servers are all
working correctly. Ann appears to have full Internet
connectivity but she can’t connect to our Exchange server.
SR – Ann states that when she tries to ping any Internet
address, it does not even resolve the IP address. This sounds
like a DNS issue. Helped Ann create a host file to resolve the
front-end server for IMAP connections and now she can
connect. It appears that Anne has a proxy server configured
for her Web browsing through her ISP; that is why she can
get to Web sites but is not able to ping.
Unit 10: Troubleshooting an Exchange Server 2003 Organization 7
(continued)
Problem
User Location description Notes and solution with support personnel initials
Bryan London Unable to receive BK – Checked to make sure that Bryan’s mailbox is not full.
Baker Internet e-mail He has been able to receive Internet e-mail in the past.
Checked the Change Configuration log; there have not been
any changes in the last two days that would impact Internet
e-mail. Escalating to the network support group.
JJ – The router for the T-1 and T-3 lines was down. The
power circuit overloaded. It should now be fixed. Returning
to Help Desk.
BK – Checked with Bryan—all is OK. Closing request.
Michael Miami Unable to connect to RF – Checked the Outlook Express configuration; everything
Allen Exchange from seems to be configured correctly. Michael is able to ping the
home office firewall and the Exchange server by name and IP.
SR – Walked Michael through using Telnet on port 143 to
test IMAP4 connectivity. Michael is unable to connect to
port 143. Escalating to the network support group.
JJ – After talking to Michael, found that he has a personal
firewall that was configured to block 143. Problem is
resolved. Closing request.
Mike Tiano Miami Unable to connect RF – Mike was using the wrong OWA address for internal
internally using use. Gave him the correct URL and he is able to connect and
Outlook Web run OWA. Request closed.
Access (OWA)
Guy Gilbert Denver Reports poor KR – Verified that the Exchange server in Denver is up and
performance with running. Guy is able to connect to it, but it is slow when he
Outlook while in tries to open e-mail, especially attachments. Referring to the
Paris office network support group.
JJ – The network is not a factor in this issue. None of the
links between Denver and Paris are saturated; all have plenty
of bandwidth available.
KR – Tried to open Guy’s mailbox from here in Paris; can
see that the performance is poor. It does not appear to be his
computer. Forwarding to Exchange team.
SR – Ran system monitor on the Denver server; its hard
drives are running almost constantly. Checked with Denver
operations. They know it is slow; it is currently running its
backup. This is an off-peak time in Denver, even though it is
early morning in Paris. Referred back to Help Desk to
contact Guy.
KR – Explained issue to Guy. He is not happy as he will be
in Paris for next three to four months working on a project.
He has asked that this be escalated to IT management for
resolution since his work is severely slowed. Called SR in
Exchange team and explained that Guy needs some
resolution to the problem, as he will be in Paris for a long-
term project. SR will move his mailbox to Paris.
8 Unit 10: Troubleshooting an Exchange Server 2003 Organization
(continued)
Problem
User Location description Notes and solution with support personnel initials
Mike Tiano Miami Unable to connect RF – Again, Mike was using the wrong OWA address. He
externally using bookmarked the address for internal use and tried to use it
OWA for external use. Helped him configure a new shortcut for
external use and he is able to connect now. Request closed.
Frank Lee Vancouver Unable to open FP – The Exchange server is up. Frank is able to ping his
mailbox using Exchange server. Checked Frank’s Outlook configuration
Outlook 2003 and it is correct. Escalating to the network support group.
JJ – There are no problems with the network connection
between Frank and his Exchange server. Referring to
Exchange team.
SR – Frank’s storage group was offline for some unknown
reason. Brought his storage group back online. Called Frank
and made sure he was able to access his mailbox. He is up
and running again. Closing service request.
Unit 10: Troubleshooting an Exchange Server 2003 Organization 9
(continued)
Date Administrator Change(s) made
Challenge
Scenario 2 Ben Smith has called in a service request. Ben states that he is unable to access
his Exchange mailbox this morning. He states that he has never had any
problems before; however, when he brought in his laptop this morning and
plugged it in, he was unable to open his e-mail. Ben is a vice president, so this
has been escalated directly to the Exchange team.
Scenario 3 Janet Sheperdigian has called in a service request. She just had a security team
member audit her work environment at home and he said that he was able to
capture all her e-mail to and from members in the company as well as all her
e-mail to and from the Internet. Janet is based in Vancouver and company
policy says that all international offices must have remote e-mail secured so that
all messaging traffic between remote e-mail users and the company network is
encrypted. Because this is such a high-level security issue, it has been escalated
directly to the Exchange team.
Scenario 4 H. Brian Valentine has called in a service request. He states that he is unable to
access his e-mail using OWA. He is based in London. He says that he was able
to access OWA last week, but today he is no longer able to access it.
Scenario 5 Jeff Hay has called in a service request. He states that he is unable to send
encrypted e-mail to one of the company business partners, Tai Yee. He says that
when he tries to send encrypted e-mail, his Outlook 2003 client indicates that
Outlook has problems encrypting the message because of missing or invalid
certificates. Jeff states that he has a valid certificate and uses it all the time.
Scenario 6 Scott Bishop has entered a service request. He states that his Outlook 2003
client is extremely slow. Every time he clicks on a message, it takes about
15–20 seconds before it will open up. Scott is based in London.
Unit 10: Troubleshooting an Exchange Server 2003 Organization 13
Workshop Evaluation
Contents
Unit 1: Introduction to Troubleshooting
Exchange Server 2003 1
Unit 2: Troubleshooting Network
Connectivity 2
Unit 3: Troubleshooting Public Folders and
Mailboxes 4
Unit 4: Troubleshooting Outlook Web
Access and Outlook Mobile Access 6
Unit 5: Troubleshooting Client Connectivity 8
Unit 6: Troubleshooting Server
Connectivity 10
Unit 7: Troubleshooting Server
Performance 12
Unit 8: Troubleshooting Security Issues 14
Unit 9: Troubleshooting the Migration to
Exchange 2003 16
Unit 10: Troubleshooting an Exchange
Server 2003 Organization 18
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Appendix A: Lab Guidance 1
Introduction
This document is intended to assist you with the troubleshooting labs in
Workshop 2011A, Troubleshooting Microsoft® Exchange Server 2003. You
should use this document to obtain additional guidance and direction during the
troubleshooting process. Although there are potentially several approaches to
the resolution of the problems presented in the labs, this document describes
only one possible method to identify and resolve each problem. This method is
provided in the section corresponding to each workshop unit and lesson.
The problem that you are troubleshooting in this lab is intentionally simple in
order to help you learn how to use the flow chart, and was chosen because most
Microsoft Windows® administrators have a great deal of experience with
mapping network drives and troubleshooting problems with mapped network
drives. You should follow the steps in the flow chart in order to identify the
problem described in the scenario. It is important that you become comfortable
using the flow chart in this exercise, because all subsequent exercises in this
workshop will incorporate flow charts.
Once you identify the problem, you must document your solution. At the end of
each lab in this workshop, you will discuss with the class your approach to
troubleshooting the problem and your findings during troubleshooting.
To resolve the problem in this scenario:
1. Log on to the London Virtual PC and restart the server service on London.
Restart all other failed services that are dependent on the server service.
2. Share the kdrive folder on London.
3. Log on to the Acapulco Virtual PC and map the K drive to \\london\kdrive.
4. Test the connection by opening the test files.
Exercise 2: Configuring In this exercise, you will walk through the process of configuring both logging
Common and monitoring of the various Exchange Server 2003 components. There is no
Troubleshooting goal for this exercise other than to explore these settings. The settings
Components configured in this exercise will be saved for your future use throughout this
workshop.
2 Appendix A: Lab Guidance
Exercise 2: In this exercise, Brian Clark is unable to access his e-mail from home using
Troubleshooting when a Outlook Express.
Remote User Is Unable
to Receive E-Mail To resolve the problem in this scenario:
1. Configure an Internet Message Access Protocol version 4rev1 (IMAP4)
mail account in Outlook Express on Acapulco. When prompted to download
folders, you should receive an error that the connection to the server has
failed.
2. Configure Outlook Express or use OWA on Acapulco for another
messaging user on London and try sending e-mail to Brian Clark. Brian’s
mailbox information in Exchange System Manager should increment, but
Brian cannot connect to the server to access the message.
3. Since Brian is using Outlook Express, the next step in the flow chart
includes testing the protocol virtual servers. At this point it should be
discovered that IMAP4 is not running.
4. Start the IMAP4 service and protocol virtual server on London and test e-
mail to and from Brian and another user on London. Brian should now be
able to connect to the server using IMAP4 and send and receive e-mail.
Appendix A: Lab Guidance 3
Exercise 3: In this exercise, Brenda Diaz cannot receive or send Internet e-mail. You must
Troubleshooting when a configure a messaging client on the Vancouver Virtual PC to send and receive
Company is Not e-mail from London. Because Vancouver is in Contoso.msft and London is in
Receiving Internet NWTraders.msft, you can use Vancouver to simulate an Internet host.
E-Mail
To resolve the problem in this scenario:
1. Configure Outlook 2003 on Acapulco for Brenda Diaz and try sending
e-mail to users with mailboxes on London. This should be successful.
2. Use Outlook 2003 on Acapulco and try sending e-mail to users with
mailboxes on Vancouver using their @contoso.msft addresses. The e-mail
should not be delivered.
3. Use Outlook 2000 on Vancouver and try sending e-mail to users with
mailboxes on London using their @nwtraders.msft e-mail addresses. The
e-mail should not be delivered.
4. Testing for Simple Mail Transfer Protocol (SMTP) Deny should not
uncover a problem.
5. Testing for mail exchanger (MX) records should reveal that there are no
MX records for the nwtraders.msft domain or the contoso.msft domain.
6. Edit the existing (same as parent folder) A record for NWTraders.msft to
192.168.1.1. If there is no “same as parent folder” entry, create one using
192.168.1.1. Add an MX record for NWTraders pointing to
london.nwtraders.msft. E-mail should now send properly from Contoso to
NWTraders (Contoso uses London for DNS).
7. Add an A record for Contoso.msft for 192.168.1.3. and then add an MX
record for Vancouver.contoso.msft. E-mail should now send properly from
NWTraders to Contoso. It may take a few minutes for messages to flow
correctly in both directions after DNS is repaired.
4 Appendix A: Lab Guidance
Exercise 2: In this exercise, Andy Teal cannot receive e-mail from the Internet. You must
Troubleshooting use Vancouver to simulate an Internet host.
Solutions When a User
Cannot Receive Internet To resolve the problem in this scenario:
E-Mail
1. From Vancouver, open the Administrator mailbox using Outlook and send
an e-mail to andyteal@nwtraders.msft. You should receive a non-delivery
report (NDR).
2. On London, look at Andy Teal’s properties in Active Directory Users and
Computers. He has a false e-mail address.
3. Change Andy’s SMTP e-mail address in Active Directory Users and
Computers to andyteal@nwtraders.msft and then check the Policy Update
box.
4. Open the Exchange System Manager on London, browse to the Default
Recipient Policy, and apply the policy.
5. Force an immediate update of the Recipient Update Service.
6. Send another e-mail to andyteal@nwtraders.msft from Contoso\Admin. It
should be delivered correctly.
Appendix A: Lab Guidance 5
Exercise 2: In this exercise, Raman Iyer (nwtraders\ramaniyer) cannot access his mailbox
Troubleshooting using Outlook Mobile Access (OMA).
Solutions When a User
Cannot Access Outlook To resolve the problem in this scenario:
Mobile Access
1. Try to connect to Raman Iyer’s OMA mailbox using http://miami/oma. You
should receive an HTTP 404 error.
2. Attempt to ping Miami by IP address and host name. Both should work.
3. Try connecting to OMA on the back-end server, London. OMA should not
work on the back-end server. You should receive an error that your user
account has not been enabled for wireless access.
4. In Exchange System Manager, select Mobile Services global settings and
then enable OMA and unsupported devices.
5. On Miami, try connecting to OMA on the back-end server, London, by
using the URL http://london/oma and Raman’s credentials. OMA should
now work on the back-end server.
6. Try connecting to OMA on Miami, the front-end server, by using the URL
http://miami/oma. This still won’t work – you should receive another HTTP
404 error.
7. Check OMA configuration on the front-end server by viewing the Web
Service Extensions in IIS Manager. You will notice that Asp.net is
prohibited on the front-end server.
Appendix A: Lab Guidance 7
8. Allow asp.net.
9. Verify that you can now connect to http://miami/oma as
nwtraders\ramaniyer.
Exercise 3: In this exercise, Hanying Feng cannot access his mailbox using OWA.
Troubleshooting
Solutions When a User To resolve the problem in this scenario:
Cannot Log On to
Outlook Web Access 1. On Miami, attempt to connect to Hanying Feng’s mailbox by using OWA
against the front-end server (http://miami/exchange). You should get an
error.
2. On Miami, attempt to ping London by IP address and host name. Neither
works.
3. From Miami, try connecting to OWA on the back-end server, London. In
this case, OWA should not work on the back-end server.
4. Check the security configuration – Internet Protocol Security (IPSec) policy
is configured on London but not on Miami. To access IPSec policy
information on London, open the Default Domain Controller Security
Settings console. To access this information on Miami, open the Local
Security Policy console.
5. Export the policy configuration on London to a location that you can access
from Miami, such as a shared folder on the host computer.
6. On Miami, import the security policy to ensure that Miami has the same
settings as the London policy. This policy includes the need to require
security for all IP traffic, the need to use a pre-shared key P@ssw0rd, and
the need to configure a filter action set to Require Security. Modify the
imported Exchange policy to use a destination address of 192.168.1.1
instead of 192.168.1.2. Apply and then assign the policy.
7. Open Microsoft Internet Explorer on Miami and connect to
http://miami/exchange. Log on as nwtraders\hanyingfeng. If you cannot log
on to OWA on Miami, connect to http://london/exchange and log on as
nwtraders\hanyingfeng. This should be successful. Restart Internet Explorer
and connect to http://miami/exchange again; this should be successful.
8 Appendix A: Lab Guidance
Exercise 2: Outlook In this exercise, Alex Hankin is receiving a “The connection to the server has
Express User Unable to failed” error message.
Connect to Exchange
Server 2003 Server To resolve the problem in this scenario:
1. Log on to Acapulco as nwtraders\alexhanki and configure Outlook Express
for secure SMTP and secure IMAP4. This includes configuring the account
to require authentication for the outgoing mail server.
2. Verify that SMTP is running.
3. Attempt to ping London by using the host name. Note that the address
resolved is incorrect and London should not respond.
4. Using the DNS administrator, correct the IP address of London. London’s
correct IP address is 192.168.1.1.
5. Verify that Alex Hankin has the proper protocol permissions for the user
account.
6. Verify that the IMAP4 virtual server is running. It should not be running.
Start the IMAP4 virtual server.
7. Verify that Alex can access his mailbox by using Outlook Express. Send a
test message to another user and then use OWA or Outlook Express to
verify receipt of the e-mail. You may need to use ipconfig/flushdns on
Acapulco to flush the previously cached, incorrect London IP address.
Exercise 3: New Outlook In this exercise, Gary Schare is unable to open his mailbox using Outlook 2003.
User Unable to Open His
Mailbox To resolve the problem in this scenario:
1. Log on to Acapulco as nwtraders\garyschar and configure Outlook 2003. It
can take as long as 20 minutes to log on, and then Outlook 2003 may appear
to hang during configuration.
2. Verify that IP configuration on the client is correct.
3. Attempt to ping London by using the host name. Note that the address
resolved is incorrect and London should not respond.
4. Using the DNS administrator, verify that the IP address for London is
correct. The correct address is 192.168.1.1.
5. Attempt to ping London by using the host name. Note that the address
resolved is still incorrect and London should not respond.
6. Check the hosts and lmhosts files located in the
C:\Windows\system32\drivers\etc folder on Acapulco. Note that the hosts
file reflects an incorrect address for London. Correct the address in the hosts
file. You should either log on to Acapulco as nwtraders\administrator or use
London to access the C$ share in order to modify the file.
7. Verify that Gary Schare can now open his Outlook 2003 mailbox and that
he can send mail to another user on London. Use OWA or Outlook Express
to verify receipt of the e-mail.
10 Appendix A: Lab Guidance
Exercise 2: Outlook Is In this exercise, Pete Male is complaining that Outlook is very slow when he
Very Slow When tries to send messages.
Retrieving a Message
from Exchange To resolve the problem in this scenario:
1. Configure the Performance console to monitor London using counters
described in this unit’s text for the processor, memory, physical disk, and
network interface. Start the monitor. Notice the high RAM utilization.
2. Check for scheduled applications or services running at inappropriate times.
The strRAM service is running, but it is not set to automatic. You should
note that strRAM is not a service used by the operating system or Exchange.
3. Stop the strRAM service.
4. Verify that London has returned to normal performance levels by using the
Performance console.
Appendix A: Lab Guidance 13
Exercise 3: Multiple In this exercise, several users, including Max Benson, are experiencing delays
Users are Unable to when trying to open their mailboxes and also when trying to send messages to
Open Their Mailboxes others on the network.
Using Outlook
It is very important that you do not stop the script for this exercise. The
command prompt window will remain open, and it may be 10 minutes or longer
before the script completes. You can minimize the window so that it will not be
in your way while you troubleshoot.
To resolve the problem in this scenario:
1. Configure the Performance console to monitor London using counters
described in this unit’s text for the processor, memory, physical disk, and
network interface. Start the monitor. Notice the high disk utilization.
2. Check for scheduled applications or services running at inappropriate times.
There are none.
3. Check for available disk space. The server is running out of disk space.
4. Stop the script. Note that if the script is allowed to run continuously,
London will run out of disk space, causing Exchange services to fail.
14 Appendix A: Lab Guidance
Exercise 2: In this exercise, Judy Lew (judylew) is unable to connect to her Exchange
Troubleshooting server using RPC over HTTP.
Solutions When Users
Cannot Connect to To resolve the problem in this scenario:
Exchange Using RPC
over HTTP 1. On Acapulco, log on as judylew and open Outlook. An Outlook profile for
Judy Lew has already been created. Use the Outlook Connection Status
feature to see that Outlook is connecting to Exchange using TCP/IP.
2. Close Outlook.
3. Use the Lab Toolkit resources for RPC/HTTP to verify that the server is
configured correctly. The server should be configured correctly.
4. Check Judy’s Outlook profile. Notice that the profile is configured to use
NTLM authentication, and to use HTTPS only on slow networks. Modify
the profile to use Basic authentication, and to use HTTPS on fast networks.
5. Open Outlook and use the Outlook Connection Status feature to see that
Outlook is connecting to Exchange by using HTTPS, which verifies
RPC/HTTP.
Exercise 3: In this exercise, Deb Waldal (debwalda) is unable to receive e-mail from the
Troubleshooting Internet.
Solutions When Users
Cannot Send or Receive To resolve the problem in this scenario:
Internet E-Mail
1. On Vancouver, open the Administrator’s mailbox by using Outlook.
2. On London, open Deb Waldal’s mailbox by using OWA.
3. Send a message from Deb to administrator@contoso.msft and vice versa.
The message to administrator@contoso.msft should be delivered, but the
message to Deb should not be delivered.
4. On Vancouver, the Administrator mailbox should receive an NDR that says
“Unable to deliver message due to a communications failure.” Notice that in
the NDR is an indication that the connection needs Starttls.
5. On London, check the default SMTP virtual server properties. The Access
tab’s Communication properties are set to require SSL. Clear the check box
so that London no longer requires SSL and then restart the SMTP server.
6. Verify that the problem is solved by attempting to send a message from
administrator@contoso.msft to debwalda@nwtraders.msft. The messages
should be delivered.
16 Appendix A: Lab Guidance
Note In some cases, you will not be able to access the mailbox until the
Exchange Directory Service updates the permissions on the mailbox.
You can force an immediate update by stopping and restarting the
Directory Service on Vancouver.
5. To fix the problem, you must configure Northwind Traders and Contoso to
share the contoso.msft SMTP domain name. These steps are described in the
Lab Toolkit resource “Configuring a Shared SMTP Address Space” and
include creating a recipient policy and configuring an SMTP connector as
described in the following two steps.
6. On London, create a Recipient policy for the contoso.msft domain name.
Ensure that the organization is not authoritative for the domain.
7. On London, configure an SMTP connector with an address space of
Contoso.msft to route messages between the two organizations. Ensure that
the SMTP connector is configured to relay messages for the domain.
8. Attempt to send e-mail to tawananusba@contoso.msft using Telnet
commands against the London server. The message should be delivered
correctly.
9. Attempt to send e-mail to rebeccalaszl@contoso.msft using Telnet
commands against the London server. The message should be delivered
correctly.
10. On London, open Tawana’s mailbox using OWA and confirm that the
e-mail was delivered. Try sending a message to rebeccalazl@contoso.msft.
11. On Vancouver, log on as nwtraders\rebeccalaszl and then open Outlook.
Confirm that Rebecca Laszlo received the e-mail from Tawana and that she
can send to Tawana.
Exercise 3: In this exercise, Richard Carey is unable to send e-mail to his co-worker Jim
Troubleshooting Kim. He can send and receive e-mail to and from other co-workers, including
Solutions When Users his co-worker Lynn Tsoflias.
Cannot Send E-Mail to
Some Recipients To resolve the problem in this scenario:
1. On Vancouver, log on as nwtraders\richardcarey and then open Outlook.
2. Attempt to send e-mail to Lynn Tsoflias. Reply to the e-mail in the Inbox
from Jim Kim. Try to send an e-mail to Jim by typing Jim Kim in the To
box.
3. On London, open Lynn’s mailbox using OWA. Verify that the message is
delivered.
4. On London, open Jim’s mailbox using OWA. Jim should not have received
either message.
5. On Vancouver, log on as contoso\administrator and open Exchange
Administrator. Confirm that both Jim and Lynn are custom recipients and
that they are configured in the same way. Log off of Vancouver.
6. On Vancouver, log on as nwtraders\richardcarey and open Outlook. Check
Richard Carey’s Contacts folder. There should be a contact for Jim that
contains an incorrect e-mail address. Delete the contact for Jim, or modify
the e-mail address.
7. To reply to the message in the Inbox, click Reply, and then search the GAL
for Jim’s account.
8. Attempt to send e-mail to Jim from Richard’s Outlook client. The message
should be delivered correctly.
18 Appendix A: Lab Guidance
Scenario 5: Jeff Hay is unable to send encrypted e-mail to Tai Yee. Tai is not a
member of Jeff’s company; Tai is an employee of another company. The
problem is that Tai never sent a digital certificate to Jeff, so Jeff is unable to
send an encrypted message to Tai.
Scenario 6: Scott Bishop is experiencing poor performance when using Outlook
to connect to his mailbox. The problem is that the Exchange server that holds
Scott’s mailbox is overloaded. You may not have noticed that the Change
Management Log states that one of the Exchange servers in London was
shutdown and all mailboxes were moved to other servers. With the additional
load, the Exchange server that Scott is on has become overloaded and is
extremely slow in its responses.
If you have difficulty with these scenarios, feel free to review the flow charts
from the previous units and to ask for help from your classmates. Do not feel
the need to rush. Take time to think for a few minutes.
THIS PAGE INTENTIONALLY LEFT BLANK
Instructor Notes for Workshop 2011A:
Troubleshooting Microsoft Exchange
Server 2003
What Is a Workshop?
The workshop is designed as a hands-on learning activity. It addresses a
particular business or technical problem and its solution. As such, a workshop
can be designed to familiarize a beginning audience with the basic
implementation of a new product or an expert audience to optimize their
enterprise network for a robust security infrastructure.
In a workshop, lecture time is kept to a minimum to give students the maximum
opportunity for hands-on, scenario-based labs. The workshop format enables
students to reinforce learning by doing and by problem-solving. Workshop
components include hands-on labs, resources in the Lab Toolkit, slides, and
reference material.
Each unit in a workshop is weighted as follows:
Workshop Delivery
The lab is the main focus of the workshop. Each lab presents a problem or
series of problems that students must solve. Use the slides that precede the lab
to orient the student but keep the presentation to a minimum. After you have
taught the workshop a few times, you may identify topics that typically give
students some trouble. If appropriate, present a resource from the Lab Toolkit
before the lab to prepare them for those possible problem areas.
The labs in a workshop are designed to allow students to explore several
options for completing complex tasks. As a result, students may require more
assistance than they do with a prescriptive lab activity. If most of the students
get stuck on a step or procedure, be prepared to pause the lab and demonstrate
the procedure or concept to the entire class. If most of the students are
struggling with the lab, you might find it valuable to perform the steps as a
class, but allow students to continue working on their own if they choose.
Check the students’ progress periodically during the lab. You might find it
useful to establish protocols for students to alert you when they have questions
and when they are finished with the lab. For example, you might create
additional tent cards or adapt existing ones so student can turn to the “need
help” side or the “lab complete” side. You can also give each student different
colored notes to signal that they need help or that they have completed the lab.
Some students may leave the room after they finish the lab while other students
are still working. Therefore, identify a time to reconvene in the room so you can
decide if you need to extend the lab period or move on to the next unit.
After the lab, there is usually a designated time to discuss the results of the lab.
Answer the questions that were posed during the lab. When there are several
ways to complete the lab, ask the students which method they used and why. Be
prepared to discuss the advantages and disadvantages of each decision, both
from a technical and business perspective. If the students do not demonstrate
mastery of the important concepts, review the relevant resources in the Lab
Toolkit until you are satisfied that they understand.
Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003 3
Delivery Strategies
One of the biggest challenges with a workshop is that attending students may
have a wide range of skills and learning styles. It is very likely that some
students will complete the labs in minimal time while other students may
struggle with basic concepts and may never actually finish a lab. Some students
will be uncomfortable with labs that do not tell them how to do every step.
This section gives you some suggestions for dealing with various classroom
situations. If you have other techniques and successes, please share them with
other trainers on the Microsoft® Certified Trainer (MCT) forums at
Microsoft.private.mct.trainer.preparation. You can find instructions on how to
access the forums on the MCT private Web site.
Screening student The introductory lab in Unit 1 has several purposes. The obvious objective is to
ability familiarize the students with the Lab Toolkit and the resources in the Lab
Toolkit. Other objectives helping students get into the troubleshooting frame of
mind and to establish a workshop atmosphere where students feel free to
communicate openly with their peers and the instructor. This unit also gives
you a chance to screen the students. If students cannot complete the minimal lab
instruction they are given in Unit 1 on their own, they may have a difficult time
succeeding in the workshop format.
Dealing with advanced In an average class, some students will probably finish the lab long before
students others. Some students will need to use every resource in the Lab Toolkit while
others may only need one or two. You might suggest that the most advanced
students try to complete the lab by just looking at the service request and only
referring to the lab instructions if they get stuck.
In some workshops, there will be additional challenge material and “if time
permits” activities to accommodate students who finish faster. Most workshops
will include additional reading on the Student Materials compact disc that
contains information that is beneficial but too detailed to be placed in the Lab
Toolkit. For students who finish early, suggest that they explore the additional
reading because they will probably be too busy after they return to the office.
Guiding students If most of the students do not meet the prerequisites, they may have a difficult
through the lab time with labs that assume a lot of prior knowledge and do not provide detailed
steps. In this situation, guide them through the entire lab rather than presenting
the introductory slides and having them complete the labs at their own pace.
Read the service request as a group and note the technical issues that may come
up during troubleshooting. Then, discuss strategies to resolve the problem.
Instead of waiting to answer the lab questions at the end of the lab, answer each
question as you complete the steps.
When there are multiple ways of completing a task, you may need to guide the
students to pick the optimal solution. In cases where there is no single best way,
you might decide to split the class into two groups and have half do it one way
and half the other way. If conducting the workshop this way takes too much
time, you may need to incorporate the introductory slides into the lab. For
example, rather than lecture about DNS stub zones before students start the lab,
wait until the group reaches that step and then discuss it just before they work
on that task.
4 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
Adapting to different If only some of the students meet the prerequisites, you may have a difficult
skill levels time balancing the needs of all students. You can have more experienced
students sit next to less experienced students and give the more experienced
students a brief tutorial on how to be a good mentor. For example, you can
advise them to:
! Guide their partners, but not do the work for them.
! Let their partners make mistakes because they will learn more.
! Try to summarize the material from the resources in the Lab Toolkit for
their partners without divulging the answers to the questions.
Workshop objectives After completing this workshop, the student will be able to:
! Apply knowledge of a troubleshooting methodology to identify and resolve
a problem.
! Identify and resolve network connectivity problems and problems arising
from host resolution protocols.
! Identify and resolve problems with public folders and mailboxes.
Identify and resolve front-end server and back-end server issues that cause
problems with Microsoft Outlook® Web Access (OWA).
! Identify and resolve problems with Internet protocol virtual servers such as
SMTP, IMAP, and POP.
! Identify and resolve connectivity problems between servers running
Exchange Server 2003, between Exchange Server 2003 and other messaging
systems, and problems with relay configurations.
! Identify and resolve problems with bandwidth, services, database
corruption, service failures, disk space, and other server performance
problems.
! Identify and resolve encryption and digital signature issues and problems
caused by viruses.
6 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
Required materials To teach this workshop, you need the following materials:
! Student Workbook
! Trainer Materials compact disc
Workshop design The overall strategy for this workshop combines the lab-centric requirement of
workshops with a problem-based learning methodology. Labs will provide
hands-on learning activities guided by scenarios that are relevant to the
Exchange administrator job role. During these labs, students can access a
variety of support resources (such as procedures, annotated screen shots, and
links to Exchange Server 2003 Help documentation) to help them complete the
lab exercises.
The topics that precede the lab will provide information designed to help
prepare students succeed in the lab. A common approach for the design and
selection of these topics is that the key to troubleshooting is understanding how
things should work. As a result, the preparation topics will focus on the process
of how a particular Exchange component or messaging functionality works.
Lab scenarios
The workshop-wide scenario will imitate a fictitious help-desk organization that
has just hired the student (who is currently an experienced Exchange
administrator) to perform Tier-3 help-desk support tasks in a Windows
Server 2003- and Exchange Server 2003-based environment. This approach will
provide the context for the workshop to present troubleshooting scenarios. The
online toolkit resources will be used to implement the workshop-wide scenario
in each learning unit.
To implement a problem-based learning methodology for this workshop, a
service request will provide the information (such as symptoms, configuration
information, and so on) necessary for the student to troubleshoot the problem.
In each lab, students will use the information in the service request and a
troubleshooting flow chart printed in the workshop manual to diagnose and,
whenever possible, fix the problem. Toolkit resources will be mapped and
associated to the relevant step in the troubleshooting flow chart and will provide
students with “just-in-time” help during that specific point in the
troubleshooting process.
Pre-lab activity
In the first part of each lab, the instructor reviews the first service request with
students and asks students their approach to identifying the problem. The
instructor should note students’ recommendations on the whiteboard. Then the
students perform the lab. After the lab is complete, the instructor can use the
information generated from the pre-lab activity and the lab results to facilitate
the discussion during the lab review.
Lab reviews
Each lab will be followed by review of the lab exercises, which is facilitated by
the instructor. The instructor can use Appendix A, “Lab Guidance,” to guide
students through the “correct” path through the troubleshooting flow chart.
The lab review should:
! Identify what each step in the flow chart accomplishes during the process
! Generate an understanding for the flow of troubleshooting steps
! Discuss the tools used during the lab
! Compare the pre-lab recommendations with the actual lab to generate
recommendations and student-generated best practices
During this review, the instructor should elicit feedback from students and
generate discussion about the students’ experience during the lab (such as what
they did right and what they did wrong).
The lab review can also contain links or references to additional information
(such as Knowledge Base articles, white papers, Exchange help docs, and so
on) that pertain to the unit objective.
8 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
Workshop Timing
The following schedule is an estimate of the workshop timing. Your timing
may vary. Every student may not finish every lab. Use your judgment to set a
reasonable time to move on to the next unit.
Day 1
Start End Unit
9:00 9:30 Introduction
9:30 9:45 Unit 1: Introduction to Troubleshooting Exchange Server 2003
9:45 10:45 Lab: Exploring the Troubleshooting Environment
10:45 11:00 Break
11:00 11:15 Unit 2: Troubleshooting Network Connectivity
11:15 12:00 Lab: Troubleshooting Connectivity Problems
12:00 1:00 Lunch
1:00 2:30 Lab: Troubleshooting Connectivity Problems (continued)
2:30 2:45 Break
2:45 3:00 Unit 3: Troubleshooting Public Folders and Mailboxes
3:00 4:15 Lab: Troubleshooting Public Folder and Mailbox Problems
4:15 4:30 Unit 4: Troubleshooting Outlook Web Access and Outlook
Mobile Access
Day 2
Start End Unit
8:30 9:00 Day 1 review
9:00 10:00 Lab: Troubleshooting Outlook Web Access and Outlook Mobile
Access Problems
10;00 10:15 Break
10:15 11:45 Lab: Troubleshooting Outlook Web Access and Outlook Mobile
Access Problems (continued)
11:45 12:45 Lunch
12:45 1:00 Unit 5: Troubleshooting Client Connectivity
1:00 2:00 Lab: Troubleshooting Client Connectivity Problems
2:00 2:15 Break
2:15 3:15 Lab: Troubleshooting Client Connectivity Problems (continued)
3:15 3:30 Unit 6: Troubleshooting Server Connectivity
3:30 5:00 Lab: Troubleshooting Server Connectivity Problems
Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003 9
Day 3
Start End Unit
8:30 9:00 Day 2 review
9:00 9:15 Unit 7: Troubleshooting Server Performance
9:15 10:15 Lab: Troubleshooting Server Performance
10:15 10:30 Break
10:30 10:45 Unit 8: Troubleshooting Security Issues
10:45 12:00 Lab: Troubleshooting Exchange Security
12:00 1:00 Lunch
1:00 1:45 Lab: Troubleshooting Security Issue Problems (continued)
1:45 2:00 Unit 9: Troubleshooting the Migration to Exchange 2003
2:00 2:15 Break
2:15 3:45 Lab: Troubleshooting the Migration to Exchange 2003
3:45 4:30 Unit 10: Troubleshooting an Exchange Server 2003 Organization
10 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
! Pptview. This folder contains the PowerPoint Viewer 97, which can be used
to display the PowerPoint slides if PowerPoint 2002 is not available. Do not
use this version in the classroom.
! Setup. This folder contains the files that install the workshop and related
software to computers in a classroom setting. Setup includes the Virtual PC
differencing drives, which build on base drives provided on the 2400B
Trainer Materials DVD.
! Student. This folder contains the Web page that provides students with links
to resources pertaining to this workshop, including additional reading,
review and lab answers, lab files, multimedia presentations, the Lab Toolkit,
and workshop-related Web sites.
! Tprep. This file contains the Trainer Preparation Presentation for this
course. Review these materials before teaching this course.
! Webfiles. This folder contains the files that are required to view the
workshop Web page. To open the Web page, open Windows Explorer, and
in the root directory of the compact disc, double-click Default.htm or
Autorun.exe.
Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003 11
11. From London, show how to map drive Z to drive C of the host computer.
Point out that when the drive is mapped, students can access information
stored on the host computer by using this mapped drive, and that they can
create additional mapped drives by using the Settings option on the Edit
menu of Connectix Virtual PC.
12. Close London and save changes. Close Miami and save changes. Point out
that students can choose to either discard or commit their changes when
closing Virtual PC, and that in general in this course, they should discard
their changes each time they close Virtual PC.
Setup Describe any necessary setup information for the course, including course files
and classroom configuration.
Microsoft Official Explain the Microsoft Official Curriculum (MOC) program and present the list
Curriculum of additional recommended learning products.
Refer students to the Microsoft Official Curriculum Web page at
http://www.microsoft.com/traincert/training/ for information about curriculum
paths.
Microsoft Certified Inform students about the Microsoft Certified Professional (MCP) program, any
Professional program certification exams that are related to this workshop, and the various
certification options.
Facilities Explain the class hours, extended building hours for labs, parking, rest room
location, meals, phones, message posting, and where smoking is and is not
allowed.
Let students know if your facility has Internet access that is available for them
to use during class breaks.
Also, make sure that the students are aware of the recycling program if one is
available.
14 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
Required materials To teach this unit, you need the unit slides, the student workbook, and the Lab
Toolkit.
Preparation tasks To prepare for this unit, read all the written materials and review the resources
in the Lab Toolkit, practice the labs and guided activities, and prepare to
facilitate the discussion questions.
In addition, you should:
! Review Module 4, “Managing Recipients,” from Course 2400,
Implementing and Managing Microsoft Exchange Server 2003.
! Review Module 7, “Implementing and Managing Client Access with
Internet Protocols,” from Course 2400, Implementing and Managing
Microsoft Exchange Server 2003.
! Review Module 11, “Managing Data Storage and Hardware Resources,”
from Course 2400, Implementing and Managing Microsoft Exchange
Server 2003.
! Review the Open Systems Interconnection (OSI) model and be prepared to
discuss how it can be used for troubleshooting client/server applications.
! Prepare to explain to students how to use the toolkit resources.
Classroom setup The information in this section provides setup instructions that are required to
prepare the instructor computer or classroom configuration for a lab.
Lab The first exercise is the first of what will be many scenarios that are used in all
the other units in this workshop. Explain to students that the first exercise is not
Exchange related because they are supposed to learn how to use the flow charts
and the toolkit resources in this exercise.
The problem that you are troubleshooting in Exercise 1 is intentionally simple
in order to help students learn how to use the flow chart, and was chosen
because most Windows administrators have a great deal of experience with
mapping network drives and troubleshooting problems with mapped network
drives. Students should follow the steps in the flow chart in order to identify the
problem provided in the scenario. It is important that students become
comfortable using the flow chart in this exercise because all subsequent
exercises in this workshop will incorporate flow charts. Once students identify a
problem, they must document their solution. At the end of each lab in this
workshop, you will discuss with the class their approach to troubleshooting
problems, and their findings during troubleshooting.
In the second exercise, students configure logging and monitoring on the
computer running Exchange Server 2003 to familiarize themselves with all the
logging capabilities they have. Configuration settings will be saved at the end
of the lab so that students can continue to use the items that they configure
during this exercise. You should also mention that although most labs in this
workshop have the students discard changes made to their virtual PC
environment, changes in this lab will be saved so that they can continue to use
the troubleshooting tools that they configured during Exercise 2.
For more information on completing this lab, direct students to Appendix A,
“Lab Guidance,” located at the back of the student workbook. If necessary, be
prepared to provide desk side assistance to each student during the lab phase of
class. You can help students along in their troubleshooting by asking how they
would normally test a process or lookup information. You will want to maintain
a “study hall” atmosphere within the classroom while students complete the lab.
The toolkit resources for this unit include items that are not related specifically
to the flow chart for this unit. These items are referenced in the Lab Toolkit
resources section of the unit by exercise number. For example, if an item is
needed only for Exercise 2, but does not support the flow chart, the Flow Chart
Reference column of the table will indicate “Ex 2 only”.
Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003 17
Review You should review some of the settings and configurations of the different logs
and monitoring tools that the students used during the lab. For example, you
might ask students how they would configure logging and monitoring in their
networks as a standard configuration, and then ask them the same question but
with users reporting that Outlook 2003 access to their mailboxes is slower than
normal. Use the whiteboard to record the information provided by the students
and encourage them to expand on the information that you write.
Discuss how the students used the troubleshooting flow chart to determine the
root cause of the problem. Walk all students through the flow chart for
Exercise 2 in the lab. Ask them to provide feedback on what they found. While
going through the flow chart, have students pull out the Toolkit Resources
booklet and point out the detailed information. Point out how the Toolkit items
are correlated to the flow chart through the reference letters.
Discuss how the students tested their solution to the problem and how they
knew they were successful in resolving the problem.
Make sure students followed the instructions to shut down the Virtual PCs after
the lab.
18 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
Required materials To teach this unit, you need the unit slides, the student workbook, and the Lab
Toolkit.
Preparation tasks To prepare for this unit, read all the written materials and review the resources
in the Lab Toolkit, practice the labs and guided activities, and prepare to
facilitate the discussion questions.
In addition, you should:
! Review Module 7, “Implementing and Managing Client Access with
Internet Protocols,” from Course 2400, Implementing and Managing
Microsoft Exchange Server 2003.
! Review Module 8, “Managing Client Configuration and Connectivity,”
from Course 2400, Implementing and Managing Microsoft Exchange
Server 2003.
Classroom setup The information in this section provides setup instructions that are required to
prepare the instructor computer or classroom configuration for a lab.
Note When using OWA on London to test messaging functionality, you may
occasionally get a 503 error. In most cases, just refreshing the screen will load
OWA. If this doesn’t work, log on to OWA as Administrator and then log on as
the user. You may wish to remind students of this periodically throughout this
workshop.
In the flow chart, in solution box C, the students are directed to check the
network route. You may wish to remind them that this means to check both the
physical and logical network connectivity between clients and servers, as well
as between servers in the Exchange organization. There is a toolkit resource for
verifying routing group connectivity that can be used for this task.
20 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
Lab If students have difficulty with the lab, use the flow charts to focus their
Review troubleshooting efforts. If needed, ask them which steps they have completed. If
they have gone past the step where they fix the problem, ask them to explain
what they found in that step and the step before. This workshop assumes
prerequisite knowledge in managing an Exchange Server 2003 environment. If
students do not meet the prerequisites, you may need to review some
procedures with the students.
For more information on completing this lab, direct students to Appendix A,
“Lab Guidance,” located at the back of the student workbook. If necessary, be
prepared to provide desk side assistance to each student during the lab phase of
class. You will want to maintain a “study hall” atmosphere within the
classroom while students complete the lab.
You should spend some time during the pre-lab discussion, with all student
workbooks closed, going over some ways that students would troubleshoot the
scenarios covered in the lab. Write their ideas on the whiteboard. After
completing the lab, review what they would have done before seeing the lab.
Discuss how the students used the troubleshooting flow charts to determine the
root causes of the problems. Compare the processes of the flow charts to what
the students said they would do before the lab. Record on the whiteboard the
information provided by the students. Discuss how they would troubleshoot the
problem now based on what they learned in the lab.
Discuss how the students tested their solutions to the problems and how they
knew they were successful in resolving the problems.
Make sure students followed the instructions to shut down the Virtual PCs after
the lab.
Note Sometimes Internet Explorer fails to load all data when connecting to
Outlook Web Access. If this happens, remind the students to close and restart
Internet Explorer.
Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003 21
Required materials To teach this unit, you need the unit slides, the student workbook, which
includes the lab flow charts and service request scenarios, and the Lab Toolkit.
Preparation tasks To prepare for this unit, read all the written materials and review the resources
in the Lab Toolkit, practice the labs and guided activities, and prepare to answer
the discussion questions.
In addition, you should:
! Review Module 4, “Managing Recipients,” from Course 2400,
Implementing and Managing Microsoft Exchange Server 2003.
! Review Module 6, “Managing Address Lists,” from Course 2400,
Implementing and Managing Microsoft Exchange Server 2003.
! Review Module 14, “Performing Preventative Maintenance,” from Course
2400, Implementing and Managing Microsoft Exchange Server 2003.
Classroom setup The information in this section provides setup instructions that are required to
prepare the instructor computer or classroom configuration for a lab.
Note Sometimes Internet Explorer fails to load all data when connecting to
Outlook Web Access. If this happens, remind the students to close and restart
Internet Explorer.
There are two flow charts for this lab. The first flow chart which is located in
the beginning of the lab is used for exercises 1 and 2. The second flow chart is
for use while completing exercise 3, which is located at the end of the lab. You
may wish to point out the location of the flow chart for your students.
In the flow chart entitled “Troubleshooting Mailbox Problems,” solution boxes
C and D direct the student to “Check content scanner.” Content scanning is a
feature provided by third-party manufacturers. Because no content scanners are
installed as part of this workshop’s setup, the students will be unable to perform
this task. You should mention that students would follow manufacturer’s
instructions for verifying their content scanner configuration in their own
production environments.
Review You should have spent some time during the pre-lab discussion, with all student
books closed, reviewing ways that the students would troubleshoot the
scenarios covered in the lab. Record the students’ ideas on the whiteboard.
After completing the lab, review what they would have done before seeing the
lab.
Discuss how the students used the troubleshooting flow chart to determine the
root cause of the problem. Compare the process of the flow chart to what the
students said they would do before the lab. Make sure you record the
information provided by the students. Discuss how they would troubleshoot the
problem now based on what they learned in the lab.
Discuss how the students tested their solution to the problem and how they
knew they were successful in resolving the problem.
Make sure students shut down the Virtual PCs following the instructions after
the lab.
24 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
Required materials To teach this unit, you need the unit slides, the student workbook, which
includes the lab flow charts and the service request forms, and the Lab Toolkit.
Preparation tasks To prepare for this unit, read all the written materials and review the resources
in the Lab Toolkit, practice the labs and guided activities, and prepare to answer
the discussion questions.
In addition, you should:
! Review Module 7, “Implementing and Managing Client Access with
Internet Protocols,” from Course 2400, Implementing and Managing
Microsoft Exchange Server 2003.
! Review Module 10, “Managing Mobile Devices with Exchange
Server 2003,” from Course 2400, Implementing and Managing Microsoft
Exchange Server 2003.
! Review Module 3, “Securing Exchange Server 2003,” from Course 2400,
Implementing and Managing Microsoft Exchange Server 2003.
Classroom setup The information in this section provides setup instructions that are required to
prepare the instructor computer or classroom configuration for a lab. This lab
includes three scenarios. Prior to starting each scenario, a script must be run
that will create the problem that the students will be troubleshooting.
Review You should have spent some time during the pre-lab discussion, with all student
books closed, reviewing ways that the students would troubleshoot the
scenarios covered in the lab. Record the students’ ideas on the whiteboard.
After completing the lab, review what they would have done before seeing the
lab.
If students have questions about Exercise 2, you should refer them to the toolkit
resource, “Verifying the Configuration of the Default Web Site.” This resource
describes how to determine whether ASP.NET is allowed or prohibited. This
can happen if a company has deployed OMA much after the initial installation
of Exchange. The company may have decided to disable ASP.NET, and then
not realized that they need to enable it for OMA to function. Another scenario
is that an IIS administrator may notice the setting, believe that it poses a
security risk, and may turn it off.
Discuss how the students used the troubleshooting flow chart to determine the
root cause of the problem. Compare the process of the flow chart to what the
students said they would do before the lab. Make sure you record the
information provided by the students. Discuss how they would troubleshoot the
problem now based on what they learned in the lab.
Discuss how the students tested their solution to the problem and how they
knew they were successful in resolving the problem.
Make sure students shut down the VPCs following the instructions after the lab.
Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003 27
Required materials To teach this unit, you need the unit slides, the student workbook, and the Lab
Toolkit.
Preparation tasks To prepare for this unit, read all the written materials and review the resources
in the Lab Toolkit, practice the labs and guided activities, and prepare to
facilitate the discussion questions.
In addition, you should:
! Review Module 7, “Implementing and Managing Client Access with
Internet Protocols,” from Course 2400, Implementing and Managing
Microsoft Exchange Server 2003.
! Review Module 8, “Managing Client Configuration and Connectivity,”
from Course 2400, Implementing and Managing Microsoft Exchange
Server 2003.
Classroom setup The information in this section provides setup instructions that are required to
prepare the instructor computer or classroom configuration for a lab.
Lab If students have difficulty with the lab, use the flow charts to focus their
troubleshooting efforts. If needed, ask them which steps they have completed. If
they have gone past the step where they fix the problem, ask them to explain
what they found in that step and the step before. This workshop assumes
prerequisite knowledge in managing an Exchange Server 2003 environment. If
students do not meet the prerequisites, you may need to review some
procedures with the students.
One issue may arise in Exercise 1 where students are required to create a
second SMTP virtual server and then configure one of the two SMTP virtual
servers using SSL and the IMAP4 virtual server using SSL. Some students have
never done this work, even though it is covered in the prerequisite courses.
Make sure you can do these tasks and explain them to the students.
In Exercise 2, students need to take several steps to prepare the environment for
troubleshooting. The configuration for this exercise is a little more complex
than others because we need to configure a cached credential for AlexHanki
and then reset the computer so that it does not retained cached DNS
information.
For more information on completing this lab, direct students to Appendix A,
“Lab Guidance,” located at the back of the student workbook. If necessary, be
prepared to provide desk side assistance to each student during the lab phase of
class. You will want to maintain a “study hall” atmosphere within the
classroom while students complete the lab.
In the third exercise of the lab, on Acapulco, students will need to log off as
Alex Hankin and log back on as Gary Schare. Because of the modifications
made by the script, it can take as long as 20 minutes to log back on to
Acapulco. You should consider directing students to begin the log on process,
and then take a break.
Review You should have spent some time during the pre-lab discussion with all student
books closed; going over some ways that the students would troubleshoot the
scenarios covered in the lab and then record the students’ ideas on the
whiteboard. After completing the lab, review what they would have done before
seeing the lab.
Discuss how the students used the troubleshooting flow chart to determine the
root cause of the problem. Compare the process of the flow chart to what the
students said they would do before the lab. Make sure you record the
information provided by the students. Discuss how they would troubleshoot the
problem now based on what they learned in the lab.
Discuss how the students tested their solution to the problem and how they
knew they were successful in resolving the problem.
Make sure students shut down the Virtual PCs following the instructions after
the lab.
30 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
Required materials To teach this unit, you need the unit slides, the student workbook, which
includes the lab flow charts and the lab scenarios, and the Lab Toolkit.
Preparation tasks To prepare for this unit, read all the written materials and review the resources
in the Lab Toolkit, practice the labs and guided activities, and prepare to answer
the discussion questions.
In addition, you should:
! Review Module 9, “Managing Routing,” from Course 2400, Implementing
and Managing Microsoft Exchange Server 2003.
Classroom setup The information in this section provides setup instructions that are required to
prepare the instructor computer or classroom configuration for a lab. This lab
requires that the students create a new routing group and move Miami into the
routing group using the procedure described at the beginning of the lab.
Required materials To teach this unit, you need the unit slides, the student workbook, and the Lab
Toolkit.
Preparation tasks To prepare for this unit, read all the written materials and review the resources
in the Lab Toolkit, practice the labs and guided activities, and prepare to
facilitate the discussion questions.
In addition, you should:
! Review Module 13, “Performing Preventative Maintenance,” from Course
2400, Implementing and Managing Microsoft Exchange Server 2003.
Classroom setup The information in this section provides setup instructions that are required to
prepare the instructor computer or classroom configuration for a lab.
Required materials To teach this unit, you need the unit slides, the student workbook, which
includes the lab flow charts and the service request forms, and the Lab Toolkit.
Preparation tasks To prepare for this unit, read all the written materials and review the resources
in the Lab Toolkit, practice the labs and guided activities, and prepare to answer
the discussion questions.
In addition, you should:
! Review Module 3, “Securing Exchange Server 2003,” from Course 2400,
Implementing and Managing Microsoft Exchange Server 2003.
! Review Module 7, “Implementing and Managing Client Access with
Internet Protocols,” from Course 2400, Implementing and Managing
Microsoft Exchange Server 2003.
Classroom setup The information in this section provides setup instructions that are required to
prepare the instructor computer or classroom configuration for a lab. This lab
requires that the students create a new routing group and move Miami into the
routing group using the procedure described at the beginning of the lab.
Lab If students have difficulty with the lab, use the flow charts to focus their
troubleshooting efforts. If needed, ask them which steps they have completed. If
they have gone past the step where they fix the problem, ask them to explain
what they found in that step and the step before. This workshop assumes
prerequisite knowledge in managing an Exchange Server 2003 environment. If
students do not meet the prerequisites, you may need to review some
procedures with the students.
For more information on completing this lab, direct students to Appendix A,
“Lab Guidance,” located at the back of the student workbook. If necessary, be
prepared to provide desk side assistance to each student during the lab phase of
class. You will want to maintain a “study hall” atmosphere within the
classroom while students complete the lab.
In the flow chart, solution box A directs the student to “Check SMTP gateway
or smart host configuration”. Because SMTP gateway or smart host is not
installed as part of this workshop’s setup, the students will be unable to perform
this task. You should mention that students would follow manufacturer’s
instructions for verifying their SMTP gateway or smart host configuration in
their own production environments.
Review You should have spent some time during the pre-lab discussion, with all student
books closed, going over some ways that the students would troubleshoot the
scenarios covered in the lab and recording the students’ ideas on the
whiteboard. After completing the lab, review what they would have done before
seeing the lab.
Discuss how the students used the troubleshooting flow chart to determine the
root cause of the problem. Compare the process of the flow chart to what the
students said they would do before the lab. Make sure you record the
information provided by the students. Discuss how they would troubleshoot the
problem now based on what they learned in the lab.
Discuss how the students tested their solution to the problem and how they
knew they were successful in resolving the problem.
Make sure students shut down the Virtual PCs following the instructions after
the lab.
38 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
Required materials To teach this unit, you need the unit slides, the student workbook, which
includes the lab flow charts and the service request forms, and the Lab Toolkit.
Preparation tasks To prepare for this unit, read all the written materials and review the resources
in the Lab Toolkit, practice the labs and guided activities, and prepare to answer
the discussion questions.
In addition, you should:
! Review Module 14, “Migrating User from Exchange 5.5 to Exchange
Server 2003,” from Course 2400, Implementing and Managing Microsoft
Exchange Server 2003.
Classroom setup The information in this section provides setup instructions that are required to
prepare the instructor computer or classroom configuration for a lab.
Lab The lab includes three exercises. Before starting the lab, the students must start
up the London and Vancouver Virtual PCs.
Before starting the lab, highlight the Lab Scenario information at the beginning
of the lab. Due to time constraints, students will not be able to perform an
actual migration in the lab, but will start the lab with an organization that is
partially migrated and where the two Exchange organizations coexist.
Highlight the Important note at the beginning of the lab. In this simulation of
the migration environment, all the user accounts in the Contoso domain have
been migrated to the Nwtraders.msft domain. The students should always be
logging onto the NWTraders.msft domain when they are working on the lab.
The only exception is if they need to log in as Contoso\Administrator.
If students have difficulty with the lab, use the flow charts to focus their
troubleshooting efforts. If needed, ask them which steps they have completed. If
they have gone past the step where they fix the problem, ask them to explain
what they found in that step and the step before. This workshop assumes
prerequisite knowledge in managing an Exchange Server 2003 environment. If
students do not meet the prerequisites, you may need to review some
procedures with the students.
For more information on completing this lab, direct students to Appendix A,
“Lab Guidance,” located at the back of the student workbook. If necessary, be
prepared to provide desk side assistance to each student during the lab phase of
class. You will want to maintain a “study hall” atmosphere within the
classroom while students complete the lab.
Review You should have spent some time during the pre-lab discussion, with all student
books closed, going over some ways that the students would troubleshoot the
scenarios covered in the lab and recording the students’ ideas on the
whiteboard. After completing the lab, review what they would have done before
seeing the lab.
Discuss how the students used the troubleshooting flow chart to determine the
root cause of the problem. Compare the process of the flow chart to what the
students said they would do before the lab. Make sure you record the
information provided by the students. Discuss how they would troubleshoot the
problem now based on what they learned in the lab.
Discuss how the students tested their solution to the problem and how they
knew they were successful in resolving the problem.
Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003 41
Required materials To teach this unit, you need the unit slides, the student workbook, and the Lab
Toolkit.
Preparation tasks To prepare for this unit, read all the written materials and review the resources
in the Lab Toolkit, practice the labs and guided activities, and prepare to
facilitate the discussion questions.
Prepare for the lab There are no tasks required to prepare for the lab, the entire unit is the lab.
42 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
Have the students read through all six scenarios before beginning and ask them
where they want to start working.
You may want to approach this lab by letting students volunteer their questions
and troubleshooting steps that they would take. You may also want to just start
in one corner and ask each person what they would do next. If a student is lost
for words or just out of ideas, encourage the class to give that student some
ideas. For example:
Trainer: “Student 1, what would you do first in troubleshooting this problem?”
Student 1:”I would like to verify that network connectivity exists between the
messaging client and the Exchange server.”
Trainer: “Student 1, how would you do that?”
Student 1: “I would use the ping command from the client and see if I can ping
the server using the host name and then try the IP address if the host name
doesn’t work.”
Trainer: “Excellent idea, you are able to properly ping the Exchange server by
its host name. Student 2, what would you like to do next?”
Student 2: “I would like to verify that the domain controllers and global
catalog servers are up and running for this network segment. I would do this by
running netdiag from my client machine and also by running dcdiag from one
of the domain controllers.”
Trainer: “Excellent idea, your results show that one domain controller is
down.”
Of course, the trainer is also allowed to provide unimportant information like in
the above example, where a domain controller being down doesn’t necessarily
affect the outcome.
Scenario 1: David Campbell is unable to access his e-mail. His laptop is a new
computer that he was just provided. The laptop has the lab DNS settings which
have the wrong IP addresses for production servers. If students try to ping any
servers you will tell them that you received responses, but it does not look like
the right IP address in the return responses. The reason that this happens is that
the lab has different settings for its environment that do not map to the
production environment. Once students identify that the DNS settings for
TCP/IP are incorrect, then David’s Outlook 2003 will start working, assuming
they try it after making the changes.
Scenario 2: Ben Smith is unable to access his mailbox after starting up his
laptop. The problem is that Ben’s laptop cable is loose and he gets intermittent
connectivity during ping testing and all other testing done by the students. As
the trainer, you should play the part of Ben and often say, “No, no response,”
and then say, “Hey, it just worked,” and then, “No, it isn’t working again.” This
will drive the students crazy, but it should encourage them to drop back to the
basics and verify that the network cable is plugged in properly. Remind them
that Ben is a vice president. He probably should have been bumped ahead of
David Campbell.
44 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003