Troubleshooting Microsoft Exchange Server 2003

Troubleshooting
Microsoft Exchange ®
Server 2003
Workbook
Workshop: 2011A
Released: 12/2003
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
 2003 Microsoft Corporation. All rights reserved.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync,
Hotmail, Outlook, PowerPoint, Windows Media, and Windows Mobile are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Workshop: 2011A
Part Number: X10-27595
Released: 12/2003
END-USER LICENSE AGREEMENT FOR MICROSOFT OFFICIAL CURRICULUM (“MOC”)
COURSEWARE –TRAINER EDITION
PLEASE READ THIS END-USER LICENSE AGREEMENT (“EULA”) CAREFULLY. BY USING THE
CONTENT AND/OR USING OR INSTALLING THE SOFTWARE THAT ACCOMPANIES THIS EULA
(COLLECTIVELY, THE “LICENSED CONTENT”), YOU AGREE TO THE TERMS OF THIS EULA. IF
YOU DO NOT AGREE, DO NOT USE THE LICENSED CONTENT.
1. GENERAL. This EULA is a legal agreement between you (either an individual or a single entity)
and Microsoft Corporation (“Microsoft”). This EULA governs the Licensed Content, which include
computer software (including online and electronic documentation), training materials, and any other
associated media and printed materials. This EULA applies to updates, supplements, add-on components,
and Internet-based services components of the Licensed Content that Microsoft may provide or make
available to you unless Microsoft provides other terms with the update, supplement, add-on component, or
Internet-based services component. Microsoft reserves the right to discontinue any Internet-based services
provided to you or made available to you through the use of the Licensed Content. This EULA also governs
any product support services relating to the Licensed Content except as may be included in another
agreement between you and Microsoft. An amendment or addendum to this EULA may accompany the
Licensed Content. The Licensed Content is comprised of, but not limited to, the following: software
components, which may be specific to the trainer (the “Trainer Software”), the student software component
(“Student Software”), and a manual, which includes documents (such as student workbooks, white papers,
press releases, datasheets and FAQs) (the “Documents”).
2. GENERAL GRANT OF LICENSE. Microsoft grants you the following rights, conditioned on your
compliance with all the terms and conditions of this EULA. Microsoft grants you a limited, non-exclusive,
royalty-free license to install and use the Licensed Content solely for the purpose of providing an Authorized
Training Session (as defined below). For the term of any Authorized Training Session, you may: (a) install
individual copies of the Student Software on classroom devices provided that the number of copies in use
does not exceed the number of duly enrolled students for any given Authorized Training Session; OR
(b) you may install one copy of the Student Software and, if applicable, the virtual hard drives on a network
server, provided that the number of devices accessing the Student Software and the virtual hard drives on
the server does not exceed the number of students for any given Authorized Training Session. In addition,
solely for the purposes of providing the Authorized Training Session, the trainer of the Authorized Training
Session may install and use one copy of the Trainer Software, and, if applicable, one copy of the Virtual PC
Software (as defined below) on a portable device for the exclusive use of such trainer. An “Authorized
Training Session” means a training session authorized by Microsoft and conducted at a Microsoft Certified
Technical Education Center, an IT Academy, via a Microsoft Certified Partner, or such other entity or venue
as Microsoft may designate from time to time in writing, by a Microsoft Certified Trainer providing training
solely on Microsoft official courses (for more information on these entities, please visit www.microsoft.com).
WITHOUT LIMITING THE FOREGOING, COPYING OR REPRODUCTION OF THE LICENSED
CONTENT TO ANY SERVER OR LOCATION FOR FURTHER REPRODUCTION OR REDISTRIBUTION IS
EXPRESSLY PROHIBITED.
3. DESCRIPTION OF OTHER RIGHTS AND LICENSE LIMITATIONS
3.1 Time-sensitive Software. The Licensed Content may contain Virtual PC Software, which is
provided as time-sensitive software. The terms of this EULA supercede any other terms you may find in the
Licensed Content. With respect to the Virtual PC Software, you may install and use the Virtual PC Software
solely for the purpose of providing an Authorized Training Session. For the term of any Authorized
Training Session, you may: (a) install individual copies of the Virtual PC Software on classroom devices
provided that the number of copies in use does not exceed the number of duly enrolled students for any
given Authorized Training Session; OR (b) you may install one copy of the Virtual PC Software on a network
server, provided that the number of devices accessing the Virtual PC Software on the server does not exceed
the number of students for any given Authorized Training Session. WITHOUT LIMITING THE
FOREGOING, COPYING OR REPRODUCTION OF THE VIRTUAL PC SOFTWARE TO ANY SERVER OR
LOCATION FOR FURTHER REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY PROHIBITED.
YOUR RIGHT TO USE THE VIRTUAL PC SOFTWARE SHALL BE EFFECTIVE UNTIL August 14, 2004.
THE VIRTUAL PC SOFTWARE IS TIME SENSITIVE AND WILL NOT FUNCTION UPON EXPIRATION
OF THIS DATE. NOTICE OF EXPIRATION WILL NOT ACTIVELY BE GIVEN, SO YOU NEED TO PLAN
FOR THE EXPIRATION DATE AND MAKE A COPY OF AND REMOVE YOUR IMPORTANT DATA
BEFORE EXPIRATION. If you desire to use the Virtual PC Software after this Agreement has expired,
you will need to acquire a validly licensed copy of the commercial release version of the Virtual PC
Software.
3.2 Use of Documentation and Printed Training Content.
3.2.1 The documents and related graphics included in the Licensed Content may include
technical inaccuracies or typographical errors. Changes are periodically made to the content. Microsoft may
make improvements and/or changes in any of the components of the Licensed Content at any time without
notice. The names of companies, products, people, characters and/or data mentioned in the Licensed
Content may be fictitious and are in no way intended to represent any real individual, company, product or
event, unless otherwise noted.
3.2.2 Microsoft grants you the right to reproduce portions of the Documents provided
with the Licensed Content. You may not print any book (either electronic or print version) in its entirety. If
you choose to reproduce Documents, you agree that: (a) use of such printed Documents will be solely in
conjunction with providing an Authorized Training Session; (b) the Documents will not republished or
posted on any network computer or broadcast in any media; (c) any reproduction will include either the
Document’s original copyright notice or a copyright notice to Microsoft’s benefit substantially in the format
provided below; and (d) to comply with all terms and conditions of this EULA. In addition, no
modifications may be made to any Document, except that trainers of an Authorized Training Session may
modify the Instructor Notes and Blended Delivery Guide included in the Trainer’s Edition.
Form of Notice:
© 2003. Reprinted with permission by Microsoft Corporation. All rights
reserved.
Microsoft and Windows are either registered trademarks or trademarks of
Microsoft Corporation in the US and/or other countries. Other product and
company names mentioned herein may be the trademarks of their respective
owners.
3.3 Use of Media Elements. The Licensed Content may include certain photographs, clip art,
animations, sounds, music, and video clips (together "Media Elements"). You may not modify these Media
Elements.
3.4 Use of PowerPoint Slide Deck Templates. The License Content may include Microsoft
PowerPoint slide decks. You may use, copy and modify the PowerPoint slide decks solely in conjunction
with providing an Authorized Training Session; if you elect to exercise the foregoing rights, you agree:
(a) that modification of the slide decks will not constitute creation of obscene or scandalous works, as
defined by federal law at the time the work is created; and (b) to comply with all other terms and conditions
of this EULA, including without limitation Sections 3.7, 3.8 and 6.
3.5 Use of Trainer’s Edition Components. Solely in conjunction with providing an Authorized
Training Session, you may customize portions of the Licensed Content such as labs, simulations, animations,
modules, and assessment items and other components logically associated with the instruction of an
Authorized Training Session.
3.6 Use of Sample Code. In the event that the Licensed Content includes sample code in source or
object code format (“Sample Code”), Microsoft grants you a limited, non-exclusive, royalty-free license to
use, copy and modify the Sample Code; if you elect to exercise the foregoing rights, you agree to comply
with all other terms and conditions of this EULA, including without limitation Sections 3.7, 3.8, and 6.
3.7 Permitted Modifications. In the event that you exercise any rights provided under this EULA
to create modifications of the Licensed Content, you agree that any such modifications: (a) will not be used
for providing training where a fee is charged in public or private classes other than an Authorized Training
Session; (b) indemnify, hold harmless, and defend Microsoft from and against any claims or lawsuits,
including attorneys’ fees, which arise from or result from your use of any modified version of the Licensed
Content; and (c) not to transfer or assign any rights to any modified version of the License Content to any
third party without the express written permission of Microsoft.
3.8 Reproduction/Redistribution Licensed Content. Except as expressly provided in this EULA, you
may not reproduce or distribute the Licensed Content or any portion thereof (including any permitted
modifications) to any third parties without the express written permission of Microsoft.
4. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly
granted to you in this EULA. The Licensed Content is protected by copyright and other intellectual property
laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in
the Licensed Content. You may not remove or obscure any copyright, trademark or patent notices that
appear on the Licensed Content, or any components thereof, as delivered to you. The Licensed Content is
licensed, not sold.
5. LIMITATIONS ON REVERSE ENGINEERING, DECOMPILATION, AND DISASSEMBLY. You
may not reverse engineer, decompile, or disassemble the Software or Media Elements, except and only to the
extent that such activity is expressly permitted by applicable law notwithstanding this limitation.
6. LIMITATIONS ON SALE, RENTAL, ETC. AND CERTAIN ASSIGNMENTS. You may not
provide commercial hosting services with, sell, rent, lease, lend, sublicense, or assign copies of the Licensed
Content, or any portion thereof (including any permitted modifications thereof) on a stand-alone basis or as
part of any collection, product or service.
7. CONSENT TO USE OF DATA. You agree that Microsoft and its affiliates may collect and use
technical information gathered as part of the product support services provided to you, if any, related to the
Licensed Content. Microsoft may use this information solely to improve our products or to provide
customized services or technologies to you and will not disclose this information in a form that personally
identifies you.
8. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the
Licensed Content. The third party sites are not under the control of Microsoft, and Microsoft is not
responsible for the contents of any third party sites, any links contained in third party sites, or any changes
or updates to third party sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any third party sites. Microsoft is providing these links to third party sites to you only as a
convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party
site.
9. ADDITIONAL LICENSED CONTENT/SERVICES. This EULA applies to updates, supplements,
add-on components, or Internet-based services components, of the Licensed Content that Microsoft may
provide to you or make available to you after the date you obtain your initial copy of the Licensed Content,
unless we provide other terms along with the update, supplement, add-on component, or Internet-based
services component. Microsoft reserves the right to discontinue any Internet-based services provided to you
or made available to you through the use of the Licensed Content.
10. U.S. GOVERNMENT LICENSE RIGHTS. All Software provided to the U.S. Government pursuant
to solicitations issued on or after December 1, 1995 is provided with the commercial license rights and
restrictions described elsewhere herein. All software provided to the U.S. Government pursuant to
solicitations issued prior to December 1, 1995 is provided with “Restricted Rights” as provided for in FAR,
48 CFR 52.227-14 (JUNE 1987) or DFAR, 48 CFR 252.227-7013 (OCT 1988), as applicable.
11. EXPORT RESTRICTIONS. You acknowledge that the Licensed Content is subject to U.S. export
jurisdiction. You agree to comply with all applicable international and national laws that apply to the
Licensed Content, including the U.S. Export Administration Regulations, as well as end-user, end-use, and
destination restrictions issued by U.S. and other governments. For additional information see
<http://www.microsoft.com/exporting/>.
12. TRANSFER. The initial user of the Licensed Content may make a one-time permanent transfer of
this EULA and Licensed Content to another end user, provided the initial user retains no copies of the
Licensed Content. The transfer may not be an indirect transfer, such as a consignment. Prior to the transfer,
the end user receiving the Licensed Content must agree to all the EULA terms.
13. “NOT FOR RESALE” LICENSED CONTENT. Licensed Content identified as “Not For Resale” or
“NFR,” may not be sold or otherwise transferred for value, or used for any purpose other than
demonstration, test or evaluation.
14. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this EULA if you
fail to comply with the terms and conditions of this EULA. In such event, you must destroy all copies of the
Licensed Content and all of its component parts.
15. DISCLAIMER OF WARRANTIES. TO THE MAXIMUM EXTENT PERMITTED BY
APPLICABLE LAW, MICROSOFT AND ITS SUPPLIERS PROVIDE THE LICENSED MATERIAL AND
SUPPORT SERVICES (IF ANY) AS IS AND WITH ALL FAULTS, AND MICROSOFT AND ITS
SUPPLIERS HEREBY DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, WHETHER
EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY (IF ANY) IMPLIED
WARRANTIES, DUTIES OR CONDITIONS OF MERCHANTABILITY, OF FITNESS FOR A
PARTICULAR PURPOSE, OF RELIABILITY OR AVAILABILITY, OF ACCURACY OR
COMPLETENESS OF RESPONSES, OF RESULTS, OF WORKMANLIKE EFFORT, OF LACK OF
VIRUSES, AND OF LACK OF NEGLIGENCE, ALL WITH REGARD TO THE LICENSED CONTENT,
AND THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES,
INFORMATION, SOFTWARE, AND RELATED CONTENT THROUGH THE LICENSED CONTENT,
OR OTHERWISE ARISING OUT OF THE USE OF THE LICENSED CONTENT. ALSO, THERE IS NO
WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION,
CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THE
LICENSED CONTENT. THE ENTIRE RISK AS TO THE QUALITY, OR ARISING OUT OF THE USE
OR PERFORMANCE OF THE LICENSED CONTENT, AND ANY SUPPORT SERVICES, REMAINS
WITH YOU.
16. EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES. TO
THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT
OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, INDIRECT, OR
CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES
FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS
INTERRUPTION, FOR PERSONAL INJURY, FOR LOSS OF PRIVACY, FOR FAILURE TO MEET ANY
DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR
ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY
RELATED TO THE USE OF OR INABILITY TO USE THE LICENSED CONTENT, THE PROVISION OF
OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES, INFORMATION, SOFTWARE, AND
RELATED CONTENT THROUGH THE LICENSED CONTENT, OR OTHERWISE ARISING OUT OF
THE USE OF THE LICENSED CONTENT, OR OTHERWISE UNDER OR IN CONNECTION WITH
ANY PROVISION OF THIS EULA, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING
NEGLIGENCE), MISREPRESENTATION, STRICT LIABILITY, BREACH OF CONTRACT OR BREACH
OF WARRANTY OF MICROSOFT OR ANY SUPPLIER, AND EVEN IF MICROSOFT OR ANY
SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME
STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO
YOU.
17. LIMITATION OF LIABILITY AND REMEDIES. NOTWITHSTANDING ANY DAMAGES
THAT YOU MIGHT INCUR FOR ANY REASON WHATSOEVER (INCLUDING, WITHOUT
LIMITATION, ALL DAMAGES REFERENCED HEREIN AND ALL DIRECT OR GENERAL DAMAGES
IN CONTRACT OR ANYTHING ELSE), THE ENTIRE LIABILITY OF MICROSOFT AND ANY OF ITS
SUPPLIERS UNDER ANY PROVISION OF THIS EULA AND YOUR EXCLUSIVE REMEDY
HEREUNDER SHALL BE LIMITED TO THE GREATER OF THE ACTUAL DAMAGES YOU INCUR IN
REASONABLE RELIANCE ON THE LICENSED CONTENT UP TO THE AMOUNT ACTUALLY PAID
BY YOU FOR THE LICENSED CONTENT OR US$5.00. THE FOREGOING LIMITATIONS,
EXCLUSIONS AND DISCLAIMERS SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY
APPLICABLE LAW, EVEN IF ANY REMEDY FAILS ITS ESSENTIAL PURPOSE.
18. APPLICABLE LAW. If you acquired this Licensed Content in the United States, this EULA is
governed by the laws of the State of Washington. If you acquired this Licensed Content in Canada, unless
expressly prohibited by local law, this EULA is governed by the laws in force in the Province of Ontario,
Canada; and, in respect of any dispute which may arise hereunder, you consent to the jurisdiction of the
federal and provincial courts sitting in Toronto, Ontario. If you acquired this Licensed Content in the
European Union, Iceland, Norway, or Switzerland, then local law applies. If you acquired this Licensed
Content in any other country, then local law may apply.
19. ENTIRE AGREEMENT; SEVERABILITY. This EULA (including any addendum or amendment to
this EULA which is included with the Licensed Content) are the entire agreement between you and
Microsoft relating to the Licensed Content and the support services (if any) and they supersede all prior or
contemporaneous oral or written communications, proposals and representations with respect to the
Licensed Content or any other subject matter covered by this EULA. To the extent the terms of any
Microsoft policies or programs for support services conflict with the terms of this EULA, the terms of this
EULA shall control. If any provision of this EULA is held to be void, invalid, unenforceable or illegal, the
other provisions shall continue in full force and effect.
Should you have any questions concerning this EULA, or if you desire to contact Microsoft for any reason,
please use the address information enclosed in this Licensed Content to contact the Microsoft subsidiary
serving your country or visit Microsoft on the World Wide Web at http://www.microsoft.com.
Si vous avez acquis votre Contenu Sous Licence Microsoft au CANADA :
DÉNI DE GARANTIES. Dans la mesure maximale permise par les lois applicables, le Contenu Sous
Licence et les services de soutien technique (le cas échéant) sont fournis TELS QUELS ET AVEC TOUS
LES DÉFAUTS par Microsoft et ses fournisseurs, lesquels par les présentes dénient toutes autres garanties
et conditions expresses, implicites ou en vertu de la loi, notamment, mais sans limitation, (le cas échéant)
les garanties, devoirs ou conditions implicites de qualité marchande, d’adaptation à une fin usage
particulière, de fiabilité ou de disponibilité, d’exactitude ou d’exhaustivité des réponses, des résultats,
des efforts déployés selon les règles de l’art, d’absence de virus et d’absence de négligence, le tout à
l’égard du Contenu Sous Licence et de la prestation des services de soutien technique ou de l’omission de
la ’une telle prestation des services de soutien technique ou à l’égard de la fourniture ou de l’omission de
la fourniture de tous autres services, renseignements, Contenus Sous Licence, et contenu qui s’y rapporte
grâce au Contenu Sous Licence ou provenant autrement de l’utilisation du Contenu Sous Licence. PAR
AILLEURS, IL N’Y A AUCUNE GARANTIE OU CONDITION QUANT AU TITRE DE PROPRIÉTÉ, À
LA JOUISSANCE OU LA POSSESSION PAISIBLE, À LA CONCORDANCE À UNE DESCRIPTION NI
QUANT À UNE ABSENCE DE CONTREFAÇON CONCERNANT LE CONTENU SOUS LICENCE.
EXCLUSION DES DOMMAGES ACCESSOIRES, INDIRECTS ET DE CERTAINS AUTRES

DOMMAGES. DANS LA MESURE MAXIMALE PERMISE PAR LES LOIS APPLICABLES, EN AUCUN
CAS MICROSOFT OU SES FOURNISSEURS NE SERONT RESPONSABLES DES DOMMAGES
SPÉCIAUX, CONSÉCUTIFS, ACCESSOIRES OU INDIRECTS DE QUELQUE NATURE QUE CE SOIT
(NOTAMMENT, LES DOMMAGES À L’ÉGARD DU MANQUE À GAGNER OU DE LA
DIVULGATION DE RENSEIGNEMENTS CONFIDENTIELS OU AUTRES, DE LA PERTE
D’EXPLOITATION, DE BLESSURES CORPORELLES, DE LA VIOLATION DE LA VIE PRIVÉE, DE
L’OMISSION DE REMPLIR TOUT DEVOIR, Y COMPRIS D’AGIR DE BONNE FOI OU D’EXERCER
UN SOIN RAISONNABLE, DE LA NÉGLIGENCE ET DE TOUTE AUTRE PERTE PÉCUNIAIRE OU
AUTRE PERTE DE QUELQUE NATURE QUE CE SOIT) SE RAPPORTANT DE QUELQUE MANIÈRE
QUE CE SOIT À L’UTILISATION DU CONTENU SOUS LICENCE OU À L’INCAPACITÉ DE S’EN
SERVIR, À LA PRESTATION OU À L’OMISSION DE LA ’UNE TELLE PRESTATION DE SERVICES
DE SOUTIEN TECHNIQUE OU À LA FOURNITURE OU À L’OMISSION DE LA FOURNITURE DE
TOUS AUTRES SERVICES, RENSEIGNEMENTS, CONTENUS SOUS LICENCE, ET CONTENU QUI
S’Y RAPPORTE GRÂCE AU CONTENU SOUS LICENCE OU PROVENANT AUTREMENT DE
L’UTILISATION DU CONTENU SOUS LICENCE OU AUTREMENT AUX TERMES DE TOUTE
DISPOSITION DE LA U PRÉSENTE CONVENTION EULA OU RELATIVEMENT À UNE TELLE
DISPOSITION, MÊME EN CAS DE FAUTE, DE DÉLIT CIVIL (Y COMPRIS LA NÉGLIGENCE), DE
RESPONSABILITÉ STRICTE, DE VIOLATION DE CONTRAT OU DE VIOLATION DE GARANTIE DE
MICROSOFT OU DE TOUT FOURNISSEUR ET MÊME SI MICROSOFT OU TOUT FOURNISSEUR A
ÉTÉ AVISÉ DE LA POSSIBILITÉ DE TELS DOMMAGES.
LIMITATION DE RESPONSABILITÉ ET RECOURS. MALGRÉ LES DOMMAGES QUE VOUS

PUISSIEZ SUBIR POUR QUELQUE MOTIF QUE CE SOIT (NOTAMMENT, MAIS SANS
LIMITATION, TOUS LES DOMMAGES SUSMENTIONNÉS ET TOUS LES DOMMAGES DIRECTS
OU GÉNÉRAUX OU AUTRES), LA SEULE RESPONSABILITÉ ’OBLIGATION INTÉGRALE DE
MICROSOFT ET DE L’UN OU L’AUTRE DE SES FOURNISSEURS AUX TERMES DE TOUTE
DISPOSITION DEU LA PRÉSENTE CONVENTION EULA ET VOTRE RECOURS EXCLUSIF À
L’ÉGARD DE TOUT CE QUI PRÉCÈDE SE LIMITE AU PLUS ÉLEVÉ ENTRE LES MONTANTS
SUIVANTS : LE MONTANT QUE VOUS AVEZ RÉELLEMENT PAYÉ POUR LE CONTENU SOUS
LICENCE OU 5,00 $US. LES LIMITES, EXCLUSIONS ET DÉNIS QUI PRÉCÈDENT (Y COMPRIS LES
CLAUSES CI-DESSUS), S’APPLIQUENT DANS LA MESURE MAXIMALE PERMISE PAR LES LOIS
APPLICABLES, MÊME SI TOUT RECOURS N’ATTEINT PAS SON BUT ESSENTIEL.
À moins que cela ne soit prohibé par le droit local applicable, la présente Convention est régie par les lois de
la province d’Ontario, Canada. Vous consentez Chacune des parties à la présente reconnaît irrévocablement
à la compétence des tribunaux fédéraux et provinciaux siégeant à Toronto, dans de la province d’Ontario et
consent à instituer tout litige qui pourrait découler de la présente auprès des tribunaux situés dans le district
judiciaire de York, province d’Ontario.
Au cas où vous auriez des questions concernant cette licence ou que vous désiriez vous mettre en rapport
avec Microsoft pour quelque raison que ce soit, veuillez utiliser l’information contenue dans le Contenu Sous
Licence pour contacter la filiale de succursale Microsoft desservant votre pays, dont l’adresse est fournie
dans ce produit, ou visitez écrivez à : Microsoft sur le World Wide Web à http://www.microsoft.com
Troubleshooting Microsoft® Exchange Server 2003 ix
Contents
Introduction
What Is a Workshop? ..............................................................................................2
Workshop Materials ................................................................................................3
Prerequisites ............................................................................................................4
Workshop Outline ...................................................................................................5
Demonstration: Using Virtual PC............................................................................7
Setup........................................................................................................................8
Microsoft Certified Professional Program.............................................................10
Facilities ................................................................................................................13
Unit 1: Introduction to Troubleshooting Exchange Server 2003
Overview .................................................................................................................1
Understanding Exchange Server 2003.....................................................................2
Troubleshooting Methodology ................................................................................4
Preparing to Troubleshoot Exchange Server 2003 ..................................................6
Pre-Lab Discussion..................................................................................................8
Lab: Exploring the Troubleshooting Environment..................................................9
Lab Discussion ......................................................................................................18
Unit 2: Troubleshooting Network Connectivity
Overview .................................................................................................................1
Tools for Troubleshooting Network Connectivity...................................................2
Common Network Connectivity Problems..............................................................3
Lab: Troubleshooting Connectivity Problems.........................................................5
Lab Discussion ......................................................................................................15
Unit 3: Troubleshooting Public Folders and Mailboxes
Overview .................................................................................................................1
Troubleshooting Client Connectivity to Mailboxes and Public Folders..................2
Troubleshooting Mailbox and Public Folder Properties..........................................5
Troubleshooting Single Server Message Flow ........................................................8
Troubleshooting the Recipient Update Service .....................................................10
Pre-Lab Discussion................................................................................................12
Lab: Troubleshooting Public Folder and Mailbox Problems.................................13
Lab Discussion ......................................................................................................26
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile
Access
Overview .................................................................................................................1
Troubleshooting Outlook Web Access....................................................................2
Troubleshooting Outlook Web Access in a Front-End and Back-End Server
Topology..................................................................................................................5
Troubleshooting Outlook Mobile Access................................................................7
Lab: Troubleshooting Outlook Web Access and Outlook Mobile Access
Problems ................................................................................................................10
Lab Discussion ......................................................................................................22
x Troubleshooting Microsoft® Exchange Server 2003
Unit 5: Troubleshooting Client Connectivity

Overview .................................................................................................................1
Messaging Clients Used to Access Exchange Server 2003 .....................................2
How Messaging Clients Connect to Exchange Server 2003....................................5
Additional Services Required for Connecting to Exchange Server 2003 ...............7
Lab: Troubleshooting Client Connectivity Problems ............................................10
Lab Discussion ......................................................................................................20
Unit 6: Troubleshooting Server Connectivity
Overview .................................................................................................................1
Troubleshooting Intra-Routing Group Connectivity ...............................................2
Troubleshooting Routing Group Connectivity ........................................................5
Troubleshooting Connectivity to Other E-Mail Systems.........................................8
Troubleshooting Connectivity to the Internet........................................................11
Lab: Troubleshooting Server Connectivity Problems............................................15
Lab Discussion ......................................................................................................26
Unit 7: Troubleshooting Server Performance
Overview .................................................................................................................1
System Components That Cause Server-Related Problems ....................................2
Common Server-Related Problems .........................................................................5
Lab: Troubleshooting Server Performance..............................................................8
Lab Discussion ......................................................................................................18
Unit 8: Troubleshooting Security Issues
Overview .................................................................................................................1
PKI Requirements for Secure E-Mail......................................................................2
Troubleshooting S/MIME E-Mail Issues.................................................................5
Troubleshooting SSL Issues ....................................................................................8
Lab: Troubleshooting Exchange Security..............................................................12
Lab Discussion ......................................................................................................23
Workshop Evaluation ............................................................................................24
Unit 9: Troubleshooting the Migration to Exchange 2003
Overview .................................................................................................................1
Standard Migration Overview .................................................................................2
External Migration Overview .................................................................................5
Troubleshooting Migration Issues ...........................................................................7
Lab: Troubleshooting the Migration to Exchange 2003 ........................................12
Lab Discussion ......................................................................................................24
Troubleshooting Microsoft® Exchange Server 2003 xi
Unit 10: Troubleshooting an Exchange Server 2003 Organization

Overview .................................................................................................................1
Approach to Exchange Server 2003 Troubleshooting.............................................2
Challenge Information – Company Background .....................................................5
Challenge Information – Service Request Log........................................................6
Challenge Information – Change Management Log................................................9
Challenge...............................................................................................................11
Workshop Evaluation ............................................................................................13
Appendix A: Lab Guidance
Unit 1: Introduction to Troubleshooting Exchange Server 2003............................1
Unit 2: Troubleshooting Network Connectivity ......................................................2
Unit 3: Troubleshooting Public Folders and Mailboxes..........................................4
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access ..........6
Unit 5: Troubleshooting Client Connectivity ..........................................................8
Unit 6: Troubleshooting Server Connectivity........................................................10
Unit 7: Troubleshooting Server Performance........................................................12
Unit 8: Troubleshooting Security Issues................................................................14
Unit 9: Troubleshooting the Migration to Exchange 2003 ....................................16
Unit 10: Troubleshooting an Exchange Server 2003 Organization .......................18
Troubleshooting Microsoft® Exchange Server 2003 xiii
About This Workshop

This section provides a brief description of this course and its audience,
suggested prerequisites, and objectives.
Description This product is designed as a three-day instructor-led workshop. The workshop
will focus exclusively on the troubleshooting skills/objectives that align with
Exam 70-284: Implementing and Managing Microsoft Exchange Server 2003.
As per the product specification developed by the Business and Product
Strategy team, at least 75% of the workshop will consist of lab-based, hands-on
experience. The labs will be a series of problem-centered scenarios that require
students to use troubleshooting flow charts to identify and resolve problems.
Audience This workshop is targeted at Systems Engineers already skilled in Exchange
Server 2003 support tasks. Students should have a 300 skill level as an
Exchange administrator and one or more years of messaging and network
experience supporting Exchange Server 2003. The workshop format is also
intended for students who learn best by doing.
This workshop is not appropriate for Messaging Administrators with fewer than
six months of experience, or for people who do not learn well through self-
discovery. Given the problem-solving and troubleshooting-based approach of
this workshop, students must have solid knowledge of how Exchange functions.
Student prerequisites This workshop requires that students meet the following prerequisites:
! Complete Course 2400, Implementing and Managing Exchange Server 2003
 or 
! Complete Workshop 2009, Upgrading Your Skills from Exchange Server
5.5 to Exchange Server 2003
! One or more years of messaging and network experience supporting
Exchange Server 2003
xiv Troubleshooting Microsoft® Exchange Server 2003
Workshop objectives After completing this workshop, students will be able to:
! Apply knowledge of a troubleshooting methodology to identify and resolve
a problem.
! Identify and resolve network connectivity problems and problems arising
from host resolution protocols.
! Identify and resolve problems with public folders and mailboxes.
! Identify and resolve front-end server and back-end server issues that cause
problems with Microsoft Outlook® Web Access (OWA).
! Identify and resolve problems with Internet protocol virtual servers such as
Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol
(IMAP), and Post Office Protocol (POP).
! Identify and resolve connectivity problems between servers running
Exchange Server 2003, connectivity problems between Exchange
Server 2003 and other messaging systems, and problems with relay
configurations.
! Identify and resolve problems with bandwidth, services, database
corruption, service failures, disk space, and other server performance issues.
! Identify and resolve encryption and digital signature issues and problems
caused by viruses.
! Identify and resolve problems related to migrating from Exchange 5.5 to
Exchange 2003.
! Apply knowledge of troubleshooting methodology to create a
troubleshooting strategy and identify the appropriate tools, processes, and
procedures for each step of the strategy.
Troubleshooting Microsoft® Exchange Server 2003 xv
Workshop Timing
The following schedule is an estimate of the workshop timing. Timing may
vary.
Day 1
Start End Unit
9:00 9:30 Introduction
9:30 9:45 Unit 1: Introduction to Troubleshooting Exchange Server 2003
9:45 10:45 Lab: Exploring the Troubleshooting Environment
10:45 11:00 Break
11:00 11:15 Unit 2: Troubleshooting Network Connectivity
11:15 12:00 Lab: Troubleshooting Connectivity Problems
12:00 1:00 Lunch
1:00 2:30 Lab: Troubleshooting Connectivity Problems (continued)
2:30 2:45 Break
2:45 3:00 Unit 3: Troubleshooting Public Folders and Mailboxes
3:00 4:15 Lab: Troubleshooting Public Folder and Mailbox Problems
4:15 4:30 Unit 4: Troubleshooting Outlook Web Access and Outlook
Mobile Access
Day 2
Start End Unit
8:30 9:00 Day 1 review
9:00 10:00 Lab: Troubleshooting Outlook Web Access and Outlook Mobile
Access Problems
10:00 10:15 Break
Access Problems (continued)
11:45 12:45 Lunch
12:45 1:00 Unit 5: Troubleshooting Client Connectivity
1:00 2:00 Lab: Troubleshooting Client Connectivity Problems
2:00 2:15 Break
2:15 3:15 Lab: Troubleshooting Client Connectivity Problems (continued)
3:15 3:30 Unit 6: Troubleshooting Server Connectivity
3:30 5:00 Lab: Troubleshooting Server Connectivity Problems
xvi Troubleshooting Microsoft® Exchange Server 2003
Day 3
Start End Unit
9:00 9:15 Unit 7: Troubleshooting Server Performance
9:15 10:15 Lab: Troubleshooting Server Performance
10:15 10:30 Break
10:30 10:45 Unit 8: Troubleshooting Security Issues
10:45 12:00 Lab: Troubleshooting Exchange Security
12:00 1:00 Lunch
1:00 1:45 Lab: Troubleshooting Security Issue Problems (continued)
1:45 2:00 Unit 9 : Troubleshooting the Migration to Exchange 2003
2:00 2:15 Break
2:15 3:45 Lab: Troubleshooting the Migration to Exchange 2003
3:45 4:30 Unit 10: Troubleshooting an Exchange Server 2003 Organization
Troubleshooting Microsoft® Exchange Server 2003 xvii
Trainer Materials Compact Disc Contents

The Trainer Materials compact disc contains the following files and folders:
! Autorun.exe. When the compact disc is inserted into the CD-ROM drive, or
when the user double-clicks the Autorun.exe file, this file starts the disc
and allows the user to browse the contents.
! Autorun.inf. When the compact disc is inserted into the CD-ROM drive, this
file opens Autorun.exe.
! Default.htm. This file opens the Trainer Materials Web page.
! Readme.txt. This file explains how to install the software for viewing the
compact disc and its contents and how to open the Trainer Materials Web
page.
! 2011A_In.doc. This file contains the Instructor Notes for this workshop,
which are provided to assist the instructor in delivering this workshop.
! 2011A_ms.doc. This file is the Manual Classroom Setup Guide. It contains
the steps for manually setting up the classroom computers.
! Powerpnt. This folder contains the Microsoft PowerPoint® slides that are
used in this course.
Important It is recommended that you use PowerPoint 2002 or later to

display the slides for this workshop. If you use PowerPoint Viewer or an
earlier version of PowerPoint, all the features of the slides may not be
displayed correctly.
! Pptview. This folder contains the Microsoft PowerPoint Viewer 97, which
can be used to display the PowerPoint slides if Microsoft PowerPoint 2002
is not available. Do not use this version in the classroom.
! Setup. This folder contains the files that install the course and related
software on classroom computers.
! Student. This folder contains the Web page that provides students with links
to resources pertaining to this course, including additional reading, review
and lab answers, lab files, multimedia presentations, and course-related Web
sites.
! Tprep. This file contains the Trainer Preparation Presentation for this
course. Review these materials before teaching this course.
! Webfiles. This folder contains the files that are required to view the course
Web page. To open the Web page, open Windows Explorer, and in the root
directory of the compact disc, double-click Default.htm or Autorun.exe.
xviii Troubleshooting Microsoft® Exchange Server 2003
Student Materials Compact Disc Contents

The Student Materials compact disc contains the following files and folders:
! Autorun.exe. When the compact disc is inserted into the CD-ROM drive, or
when the user double-clicks the Autorun.exe file, this file starts the disc
and allows the user to browse the contents.
! Autorun.inf. When the compact disc is inserted into the CD-ROM drive, this
file opens Autorun.exe.
! Default.htm. This file opens the Student Materials Web page, which
provides students with resources pertaining to this course, including
additional reading, review and lab answers, lab files, multimedia
presentations, and course-related Web sites.
compact disc and its contents and how to open the Student Materials Web
page.
! Addread. This folder contains additional reading pertaining to this course.
! Appendix. This folder contains appendix files for this course.
! Flash. This folder contains the installer for the Macromedia Flash 5.0
browser plug-in.
! Fonts. This folder contains fonts that may be required to view the Microsoft
Word documents that are included with this course.
! Labfiles. This folder contains files that are used in the hands-on labs. These
files may be used to prepare the student computers for the labs.
! Media. This folder contains files that are used in multimedia presentations
for this course.
! Mplayer. This folder contains the setup file to install Microsoft Windows
Media® Player.
! Toolkit. This folder contains the files that are required to view the Resource
Toolkit.
! Visioview. This folder contains the Microsoft Visio Viewer that is used to
view any Visio document (.vsd) files that are included on the compact disc.
! Webfiles. This folder contains the files that are required to view the course
Web page. To open the Web page, open Windows Explorer, and in the root
directory of the compact disc, double-click Default.htm or Autorun.exe.
! Wordview. This folder contains the Word Viewer that is used to view any
Word document (.doc) files that are included on the compact disc.
Troubleshooting Microsoft® Exchange Server 2003 xix
Document Conventions
The following conventions are used in course materials to distinguish elements
of the text.
Convention Use
Bold Represents commands, command options, and syntax that must

be typed exactly as shown. It also indicates commands on menus
and buttons, dialog box titles and options, and icon and menu
names.
Italic In syntax statements or descriptive text, indicates argument
names or placeholders for variable information. Italic is also
used for introducing new terms, for book titles, and for emphasis
in the text.
Title Capitals Indicate domain names, user names, computer names, directory
names, and folder and file names, except when specifically
referring to case-sensitive names. Unless otherwise indicated,
you can use lowercase letters when you type a directory name or
file name in a dialog box or at a command prompt.
ALL CAPITALS Indicate the names of keys, key sequences, and key
combinations — for example, ALT+SPACEBAR.
monospace Represents code samples or examples of screen text.
[] In syntax statements, enclose optional items. For example,
[filename] in command syntax indicates that you can choose to
type a file name with the command. Type only the information
within the brackets, not the brackets themselves.
{} In syntax statements, enclose required items. Type only the
information within the braces, not the braces themselves.
| In syntax statements, separates an either/or choice.
! Indicates a procedure with sequential steps.
... In syntax statements, specifies that the preceding item may be
repeated.
. Represents an omitted portion of a code sample.
.
.
THIS PAGE INTENTIONALLY LEFT BLANK
Introduction
Contents
Introduction 1
What Is a Workshop? 2
Workshop Materials 3
Prerequisites 4
Workshop Outline 5
Demonstration: Using Virtual PC 7
Setup 8
Microsoft Certified Professional Program 10
Facilities 13
respective owners.
Introduction 1
Introduction
*****************************ILLEGAL FOR NON-TRAINER USE******************************

2 Introduction
What Is a Workshop?

The workshop is a fast-paced learning format that favors labs over lecture. In a
workshop, lecture time is kept to a minimum to give students the opportunity to
focus on hands-on, scenario-based labs. The workshop format enables students
to reinforce learning by doing and by problem solving.
Because lecture will focus only on the important or most difficult elements of a
given topic, labs include Toolkit resources that contain information like
procedures, demonstrations, job aids, and other materials designed to give you
the information you need to complete a lab. Your instructor is also a valuable
resource, and can answer questions you may have as you complete the lab.
Your instructor will also lead discussions after the lab and review best
practices.
Introduction 3
Workshop Materials

The following materials are included with your kit:
! Name card. Write your name on both sides of the name card.
! Student workbook. The student workbook contains the material covered in
class, in addition to the hands-on lab exercises.
! Resource Toolkit. The Resource Toolkit is an online interface that contains
resources you will use in the scenario-based labs in this workshop. It
includes video presentations, lab scenario information, and Toolkit
resources—such as procedures and annotated screenshots—that will help
you complete the labs.
! Student Materials compact disc. The Student Materials compact disc
contains a Student Materials Web page that provides you with links to
resources pertaining to this workshop, including additional readings, lab
files, multimedia presentations, and workshop-related Web sites.
Note To open the Student Materials Web page, insert the Student
Materials compact disc into the CD-ROM drive, and then in the root
directory of the compact disc, double-click Autorun.exe or
Default.htm.
! Workshop evaluation. The evaluation gives you the opportunity to complete

an online evaluation near the end of the workshop to provide feedback on
the workshop, training facility, and instructor.
To provide additional comments or feedback on the workshop, send e-mail
to support@mscourseware.com. To inquire about the Microsoft® Certified
Professional (MPC) program, send e-mail to mcphelp@microsoft.com.
! Evaluation software. An evaluation copy of Microsoft Exchange
Server 2003 is provided for your personal use only.
4 Introduction
Prerequisites

This workshop requires that students meet the following prerequisites:
! Complete Course 2400, Implementing and Managing Exchange Server 2003
 or 
! Complete Course 2009, Upgrading Your Skills from Exchange Server 5.5 to
Microsoft Exchange Server 2003
Introduction 5
Workshop Outline

Unit 1, “Introduction to Troubleshooting Exchange Server 2003,” provides an
overview of Exchange Server 2003, and introduces the troubleshooting
methodology and tools that will be used in the labs for this workshop.
Unit 2, “Troubleshooting Network Connectivity,” identifies underlying network
connectivity issues when messaging clients cannot access Exchange
Server 2003.
Unit 3, “Troubleshooting Public Folders and Mailboxes,” uses the architecture
of public folders and mailboxes to identify underlying issues when a client does
not receive e-mail messages in an Exchange Server 2003 environment.
Unit 4, “Troubleshooting Outlook Web Access and Outlook Mobile Access,”
describes Outlook Web Access (OWA), and Outlook Mobile Access (OMA),
and identifies the issues with front-end and back-end servers that can prevent
users from accessing OWA.
Unit 5, “Troubleshooting Client Connectivity,” describes the client applications
that can connect to an Exchange server and the protocols that these client
applications use. In this context, this unit identifies the underlying issues that
can prevent client connectivity.
Unit 6, “Troubleshooting Server Connectivity,” discusses common connectivity
issues between different Exchange servers. Students will learn about common
issues related to connectivity between Exchange sites, connectivity between an
Exchange site and a third-party messaging system, and connectivity between an
Exchange site and the Internet.
Unit 7, “Troubleshooting Server Performance,” describes common system
problems that affect the performance of computers running Exchange
Server 2003.
6 Introduction
Unit 8, “Troubleshooting Security Issues,” discusses security issues and

potential vulnerabilities caused by improperly configured Exchange
organizations. The unit also introduces students to Secure/Multipurpose Internet
Mail Extensions (S/MIME) and describes how it signs and seals messages.
Unit 9, “Troubleshooting the Migration to Exchange 2003,” discusses problems
that can result during the migration from Exchange 5.5 to Exchange 2003. The
unit describes the different types of migration and provides an overview of the
migration process. The unit also describes common migration issues, such as
the inability to successfully run ForestPrep and DomainPrep, and issues related
to using the Microsoft Active Directory® Migration Tool.
Unit 10, “Troubleshooting an Exchange Server 2003 Organization,” provides a
review of methodology used to troubleshoot Exchange Server 2003. The unit
also discusses high-level troubleshooting guidelines. The unit concludes with an
instructor-facilitated, paper-based “challenge lab,” in which students will work
together to resolve Exchange-related issues in a case study-type format.
Introduction 7
Demonstration: Using Virtual PC

In this demonstration, your instructor will help you familiarize yourself with the
Virtual PC environment that you will work in to complete the practices in this
workshop. You will learn:
! How to open Connectix Virtual PC.
! How to start Virtual PC.
! How to log on to Virtual PC.
! How to switch between full screen and window mode.
! How to tell the difference between the virtual computers that are used in the
practices for this course.
! How the virtual computers can communicate with each other and with the
host, but that they cannot communicate with other computers that are
outside of the virtual environment (for example, no Internet access is
available from the virtual environment).
! How to close Virtual PC.
Note While working in the Virtual PC environment, you may find it

useful to use keyboard shortcuts. All Virtual PC shortcuts include a key
that is referred to as the HOST key. By default, the HOST key is the
ALT key on the right side of your keyboard. Some useful shortcuts
include HOST+DELETE to log on to Virtual PC, HOST+ENTER to
switch between full screen mode and window mode, and HOST+RIGHT
ARROW to display the next virtual computer. For more information
about Virtual PC, see Virtual PC Help.
8 Introduction
Setup

Virtual computers The practices for this workshop are performed on virtual computers. You have
access to four virtual computers that will be used in various combinations
throughout this workshop:
! London is the domain controller for your Microsoft Windows Server™ 2003
domain in the Northwind Traders forest. It is running Exchange Server 2003
and is the primary virtual computer that you will use in this workshop. All
practices in this workshop require that London be available.
! Miami is a Windows Server 2003 member server in the same domain as
London. It is running Exchange 2003 and is used to provide server-to-server
troubleshooting opportunities in this workshop.
! Acapulco is a Microsoft Windows® XP computer in the same domain as
London. It is running Microsoft Office 2003 and is used for the client
activities in several units throughout this workshop.
! Vancouver is a Microsoft Windows NT® 4.0 primary domain controller that
is not part of the Northwind Traders forest. It is running Windows NT 4.0
Service Pack 6, Exchange 5.5 with Service Pack 6, and Microsoft
Office 2000. This virtual computer is used for migration troubleshooting
and to simulate an Internet connection in this workshop.
Course files Practice files associated with the labs in this workshop are located in the folder
C:\Moc\2011\Labfiles\LabXX on the London virtual computer.
Introduction 9
Classroom setup The virtual environment on each computer in the classroom is configured in the
single-domain model, as shown in the following graphic. Vancouver is in a
separate domain with no trust relationships established to NWTraders.
The virtual computers on your host computer can communicate with each other
and with your host computer. They are unable to communicate with any other
computer in the classroom, although your host computer may have network
connectivity to other classroom computers and the Internet.
10 Introduction
Microsoft Certified Professional Program

Introduction Microsoft Training and Certification offers a variety of certification credentials
for developers and IT professionals. The Microsoft Certified Professional
(MCP) program is the leading certification program for validating your
experience and skills, keeping you competitive in the changing business
environment of today.
Related certification This workshop helps students to prepare for Exam 70-284: Implementing and
exams Managing Microsoft Exchange Server 2003. Exam 70-284 is an elective exam
for the MCSE certification.
MCP certifications The Microsoft Certified Professional program includes the following
certifications:
! MCSA on Microsoft Windows Server 2003
The Microsoft Certified Systems Administrator (MCSA) certification is
designed for professionals who implement, manage, and troubleshoot
existing network and system environments based on Microsoft
Windows 2000 platforms, including the Windows Server 2003 family.
Implementation responsibilities include installing and configuring parts of
the systems. Management responsibilities include administering and
supporting the systems.
! MCSE on Microsoft Windows Server 2003
The Microsoft Certified Systems Engineer (MCSE) credential is the premier
certification for professionals who analyze the business requirements and
design and implement the infrastructure for business solutions based on the
Microsoft Windows 2000 platform and Microsoft server software, including
the Windows Server 2003 family. Implementation responsibilities include
installing, configuring, and troubleshooting network systems.
Introduction 11
! MCAD
The Microsoft Certified Application Developer (MCAD) for Microsoft
.NET credential is appropriate for professionals who use Microsoft
technologies to develop and maintain department-level applications,
components, Web or desktop clients, or back-end data services, or who
work in teams developing enterprise applications. The credential covers job
tasks ranging from developing to deploying and maintaining these solutions.
! MCSD
The Microsoft Certified Solution Developer (MCSD) credential is the
premier certification for professionals who design and develop leading-edge
business solutions with Microsoft development tools, technologies,
platforms, and the Microsoft Windows DNA architecture. The types of
applications MCSDs can develop include desktop applications and multi-
user, Web-based, N-tier, and transaction-based applications. The credential
covers job tasks ranging from analyzing business requirements to
maintaining solutions.
! MCDBA on Microsoft SQL Server 2000
The Microsoft Certified Database Administrator (MCDBA) credential is the
premier certification for professionals who implement and administer
Microsoft SQL Server databases. The certification is appropriate for
individuals who derive physical database designs, develop logical data
models, create physical databases, create data services by using Transact-
SQL, manage and maintain databases, configure and manage security,
monitor and optimize databases, and install and configure SQL Server.
! MCP
The Microsoft Certified Professional (MCP) credential is for individuals
who have the skills to successfully implement a Microsoft product or
technology as part of a business solution in an organization. Hands-on
experience with the product is necessary to successfully achieve
certification.
! MCT
Microsoft Certified Trainers (MCTs) demonstrate the instructional and
technical skills that qualify them to deliver Microsoft Official Curriculum
through Microsoft Certified Technical Education Centers (Microsoft
CTECs).
12 Introduction
Certification The certification requirements differ for each certification category and are
requirements specific to the products and job functions addressed by the certification. To
become a Microsoft Certified Professional, you must pass rigorous certification
exams that provide a valid and reliable measure of technical proficiency and
expertise.
For More Information See the Microsoft Training and Certification Web site at
http://www.microsoft.com/traincert/.
You can also e-mail mcphelp@microsoft.com if you have specific certification
questions.
Acquiring the skills Microsoft Official Curriculum (MOC) and MSDN Training can help you
tested by an MCP exam develop the skills that you need to do your job. This training also complements
the experience that you gain while working with Microsoft products and
technologies. However, no one-to-one correlation exists between MOC and
MSDN Training courses and MCP exams. Microsoft does not expect or intend
for the courses to be the sole preparation method for passing MCP exams.
Practical product knowledge and experience are also necessary to pass the MCP
exams.
To help prepare for the MCP exams, use the preparation guides that are
available for each exam. Each Exam Preparation Guide contains exam-specific
information, such as a list of the topics on which you will be tested. These
guides are available on the Microsoft Training and Certification Web site at
http://www.microsoft.com/traincert/.
Introduction 13
Facilities

Unit 1: Introduction to Troubleshooting
Contents
Overview 1
Understanding Exchange Server 2003 2
Troubleshooting Methodology 4
Preparing to Troubleshoot
Exchange Server 2003 6
Pre-Lab Discussion 8
Lab: Exploring the Troubleshooting
Environment 9
Lab Discussion 18
respective owners.
Unit 1: Introduction to Troubleshooting Exchange Server 2003 1
Overview

Before you begin to troubleshoot Microsoft® Exchange Server 2003, you need
to understand the components of Exchange Server 2003 in order to target areas
that are malfunctioning. You also need to understand basic troubleshooting
methodology, including how to use the Open Systems Interconnection (OSI)
model to identify the point at which message flow is failing. Finally, you must
understand the tools and resources that can be used to specifically identify a
problem.
Objectives After completing this unit, you will be able to:
! Configure and prepare servers for basic troubleshooting.
! Analyze process and data flow in a flow chart.
! Access and apply information from a scenario and other workshop
components.
! Identify a problem and recommend a solution.
2 Unit 1: Introduction to Troubleshooting Exchange Server 2003
Understanding Exchange Server 2003

Before you begin troubleshooting, you will need to understand the various
components of an Exchange messaging system, which allows Exchange
Server 2003 to meet the messaging needs of your organization. When
troubleshooting your Exchange messaging systems, you must focus on the
databases, client connectivity, and server connectivity.
Databases Because Exchange Server 2003 supports multiple databases per server, you
must address each database separately in troubleshooting. For example, three
mailbox stores may function normally, allowing users on those stores to access
their e-mail; however, a fourth mailbox store may be corrupted and need to be
repaired or restored. If the databases of Exchange Server 2003 become
corrupted, messaging can fail. Additionally, corruption of the Microsoft Active
Directory® database can cause problems with Exchange.
Client connectivity Client connectivity is another component that should be addressed separately in
most cases. When your users complain that their messaging client is not
functioning, you should determine whether the problem is with the server, the
client, or the network. Also, be aware that a MAPI client such as Microsoft
Outlook® will have different features and requirements than a Post Office
Protocol version 3 (POP3) or Internet Message Access Protocol version
4rev1(IMAP4) client. There are situations where an IMAP4 client, such as
Microsoft Outlook Express, will work while the Outlook MAPI client will not
work.
Microsoft Outlook Web Access (OWA) is extremely helpful in troubleshooting
because it can be used to verify that the network and the messaging servers are
functioning properly. Other clients that you may need to troubleshoot include
Outlook Mobile Access (OMA), Network News Transfer Protocol (NNTP), and
Exchange Server ActiveSync®.
Server connectivity When working with Exchange Server 2003 in a large organization, you will
also need to know how to troubleshoot connectors. In an environment spanning
a WAN, connectors are used to enable Exchange Server 2003 routing groups to
transfer messages to each other, and to allow Exchange Server 2003 routing
groups to transfer messages to other messaging systems.
Troubleshooting Methodology

OSI model Because messaging is a network application, you can use the OSI networking
model to help troubleshoot messaging problems. OSI model layers are
extremely useful during troubleshooting because each layer contains different
components that interact with one another.
The following are the messaging components that function at each OSI model
layer:
! Application and Presentation layers. Exchange server and messaging client
applications function at these layers. The System Manager is an example of
an application layer component.
! Session and Transport layers. TCP/IP connectivity occurs at these layers.
Server session connectivity issues, such as Simple Mail Transfer Protocol
(SMTP) connection over TCP port 25, occur at this layer.
! Network layer. Routing occurs at this layer. Network addressing issues
occur at this layer.
! Data Link layer. Network interface driver issues occur at this layer.
! Physical layer. Physical network issues, such as disconnected cables, occur
at this layer.
You can use the OSI model by starting at the bottom and working your way up
to the top until the problem is resolved. Start at the Physical layer by checking
the network cabling and other physical components, such as routers, bridges,
switches, and other servers that might be the source of the problem. After you
have eliminated the Physical layer problems, troubleshoot the network interface
card driver and then name resolution and routing.
Often, the problem is higher in the OSI model. When you have gained more
experience, you will be able to start troubleshooting at a higher level or at the
top level of the OSI model.
Working system model In any successful troubleshooting scenario, the administrator needs in-depth
knowledge of how the system is supposed to work or must have another
working system available for reference in troubleshooting.
The working system model provides a reference when troubleshooting. In many
cases, you can break down the system into several components and isolate each
component individually to test them. You can refer to your working system
model to see how each setting is configured and then test it to see if it helps
resolve your problem. Of course, each time you make a change, you must
document the original system setting as well as your attempted change.
The working system model is very helpful if you have multiple systems that are
supposed to be configured the same way, or if you have multiple system
components that are supposed to be configured the same way.
Make sure that you document all changes that you make to the environment
while you are troubleshooting. You may have to undo the changes you make if
they cause other problems. Many organizations use a change management log
or similar record to document changes to their environment.
Preparing to Troubleshoot Exchange Server 2003

There are several resources that you can use to identify problems that impact
messaging in an Exchange Server 2003 organization. If Exchange Server 2003
is already deployed in your environment, you probably are following a
preventative maintenance document, which outlines the frequency that you
review and act on information provided by these resources.
The table below lists resources you can use to perform preventative
maintenance and specific troubleshooting.
Resource Usage
Diagnostics You can configure each Exchange Server 2003 object’s Diagnostics
Logging Logging property page to log very specific events to Event Viewer,
which can then be viewed for troubleshooting purposes. For
example, if you are troubleshooting public folder replication, you
may wish to log MSExchangeIS\Public Folder categories that are
related to replication. Because diagnostics logging can cause
performance degradation, you should only enable it when
troubleshooting a specific issue.
Event Viewer Reviewing all logs in Event Viewer on a daily basis will enable you
to identify and respond to server problems proactively. When
troubleshooting, Event Viewer is the first place you should look for
unusual or unexpected activity on your server. For example, if your
online backup is failing due to a corrupt information store, you will
see information logged in the Application log of Event Viewer that
can help you identify and repair the corruption.
Services logs By default, services that log related activity store their logs in the
systemroot\system32\logfiles folder. The Web, SMTP, and NNTP
logs are especially relevant to Exchange troubleshooting. For
example, if your server is unable to transmit messages to a remote
server across the Internet, you may wish to enable SMTP logging so
that you can review the exact SMTP communications between the
two servers noted in the SMTP log file.
(continued)
Resource Usage
Dump files Dump files are required when working with Microsoft Product
Support Services (PSS) to troubleshoot an operating system stop
error (also known as blue screen). The PSS team can evaluate the
dump file to help identify the cause of the stop error. For example,
hard disk controller driver problems can result in corrupt Exchange
information stores, and may cause operating system stop errors. If
you experience a stop error, PSS can use the dump file to identify
the controller driver as the source of the problem, allowing you to
prevent damage to your information stores.
Performance You should be logging Exchange and Microsoft Windows®
Monitor performance counters regularly so that you can anticipate problems
resulting from service growth on your Exchange server. When
troubleshooting, these log files can help you understand the exact
point at which an issue was introduced. For example, if you migrate
several hundred mailboxes to your Exchange server, you may not
incur problems immediately. However, the migration will impact
performance and accelerate your server hardware upgrade schedule.
If you neglect to review the log files regularly, you will eventually
reach thresholds that cause performance alerts to be sent, and find
yourself troubleshooting an issue that you could have anticipated.
For more information on specific performance counters and
thresholds, see Course 2400, Implementing and Managing Microsoft
Exchange Server 2003.
Network To troubleshoot network communication problems among Exchange
Monitor servers, Active Directory servers, and clients attempting to connect
to their Exchange server, you should use the full version of Network
Monitor to capture packets between the impacted computers. These
packets enable you to determine which servers each computer is
attempting to reach, allowing you to troubleshoot global catalog
server communication problems.
Messaging logs You should enable message tracking on the Exchange server
object’s General property page when troubleshooting message flow
problems. Troubleshooting message delivery involves determining
at which point a message failed to be routed within your messaging
system. To track a message, use the Message Tracking Center in
Exchange System Manager.
Note For more information about any of these resources, please refer to
Microsoft Windows Server™ 2003 Help and Exchange Server 2003
Help.
Pre-Lab Discussion

Job aids Each lab in this workshop includes job aids and Lab Toolkit resources to help
you complete the exercises. The labs will progressively become more difficult.
Each lab has one or more flowcharts associated with the troubleshooting tasks.
The flowcharts are visual displays that contain decision points and processes to
guide you through the lab and help you organize your troubleshooting efforts.
Each unit in this workshop has Toolkit resources associated with the lab
exercises to assist you in completing the exercises. The Lab Toolkit resources
are in a separate booklet, entitled Toolkit Resources. The Lab Toolkit resources
are also available in an online format and are located on the student CD in the
toolkit\content\labXX folder, where XX is the number of the relevant unit. You
can use the Toolkit resource document, “Using the Workshop Resources,” to
determine which process and methods you want to use to troubleshoot the
problem presented.
Service requests Every organization has issues with their service requests. Many requests are
very confusing in how they are written. Other requests can be hard to
understand when the initial Help Desk person tries to decipher the issue as
presented by the user.
Often, it can save a great deal of trouble if you contact the user directly and
confirm anything that might be confusing or might be misstated in the service
request. At this time, you might consider:
! Problems that your organization has had with service requests.
! Ways to address service request issues to make it easier to resolve the
problems.
Example Exercise 1 in this lab provides an example of how flowcharts and scenarios will
be used throughout this workshop. This exercise covers troubleshooting of a
mapped network drive, which is intentionally not an Exchange issue. The
purpose of this exercise is to introduce you to the flowcharts and scenarios in
this course before delving into actual Exchange troubleshooting issues.
Lab: Exploring the Troubleshooting Environment

In this lab, you will configure a computer running Exchange Server 2003 in
preparation for troubleshooting. You will configure Diagnostics Logging and
Service logs. You will then work on a basic troubleshooting problem as an
example of how the rest of the workshop will work.
For more information on completing this lab, see Appendix A, “Lab Guidance,”
located at the back of the student workbook.
After completing this lab, you will be able to:
! Analyze process and data flow in a flow chart.
! Assess and apply information from a scenario and other workshop
components.
! Identify problems and recommend solutions.
Important This lab focuses on the concepts in this unit and as a result
may not comply with Microsoft security recommendations. For instance,
this lab does not comply with the recommendation that you should not
log on using an administrative account.
Lab Virtual PC For this lab, you will use the Acapulco and London Virtual PCs. The Acapulco
configuration Virtual PC is used to provide a messaging client for internal users as well as
external users. The London Virtual PC is a domain controller, global catalog
server, DNS server, and is running Exchange Server 2003.
To prepare for this lab:
1. Start the 2011_London Virtual PC, if it is not already started.
2. Log on to 2011_London as NWTraders\Administrator with a password of
P@ssw0rd.
3. Start the 2011_Acapulco Virtual PC, if it is not already started.
4. Log on to 2011_Acapulco as NWTraders\Administrator with a password
of P@ssw0rd.
Navigating the flow In this lab, in Exercise 1, you will use the flow charts and the Lab Toolkit
chart resources to identify and resolve the problems described in the scenario. You
will need to read the scenario and the Level 1 support comments and then use
the flow chart to identify the root cause of the problem. You will then need to
perform the test case presented at each decision point in the flowchart to
determine which path to follow. Use the letters on the flow chart to identify the
Lab Toolkit resources that you can use to help troubleshoot the problem. After
you identify a potential solution, make the configuration change and then test
your solution. When your solution resolves the problem presented in the
scenario, you have successfully completed the lab.
Lab Toolkit resources If necessary, use one or more of the Lab Toolkit resources listed in the
following table to help you complete the exercises in this lab.
Flow chart reference Resources used for this lab
Ex 2 only Help: Exchange: Enabling Diagnostic Logging. To

locate this information, open the Exchange System
Manager help. In this help file, search for Configure
Diagnostic Logging and Set Diagnostic Logging
Properties.
Ex 2 only Help: Windows: Using Netmon to Monitor Network
Traffic. To locate this information, open Windows
help. In this help file, search for Monitor Network
Traffic and Network Monitor.
A Help: Windows: How to check DNS. To locate this
information, open Windows help and then search for
Managing Resource Records: DNS.
A Help: Windows: How to use TCP/IP command-line
utilities. To locate this information, open Windows
help and then search for Command-line utilities:
TCP/IP.
B Help: Windows: How to share files. To locate this
information, open Windows help and then search for
Share permissions: Shared Folders.
A Using the Workshop Resources
Ex 2 only Using Service Logs
Note Access product help files by launching the corresponding product,

right-clicking an object within the product management console, and
then clicking Help. Access the Windows Server 2003, Enterprise Edition
Help and Support Center by using the Start menu on the desktop of a
computer running Windows Server 2003 Enterprise Edition.
Estimated time to complete this lab: 60 minutes

12
Troubleshooting Mapped
Start
Network Drive
Is the
Is the client Is the client Is the server
Is the server server computer
Yes network cable Yes computer link Yes Yes computer link
powered on? network cable
attached? light on? light on?
attached?
No No No No No
1. Check all power 1. Check to make sure 1. Check cable length for 1. Check to make sure 1. Check cable length for
cables the client computer is breaks the server computer is breaks
2. Check power strips attached to the 2. Check network attached to the 2. Check network
3. Check power devices network adapter and switch (or network adapter and switch (or
4. Check power supply in 2. Check cable ends for hub) for bad 2. Check cable ends for hub) for bad
server damage connection damage connection
3. Check cable ends for 3. Check cable ends for
damage damage
Yes
Does the Does the Does the 1. Try to connect to share

server respond to server respond to server advertise from other systems
Yes Yes Yes
ping by net view the proper share 2. Use netmon to verify
hostname? command? name? network traffic
No No No
A B
1. Try ping using IP address 1. Check server service 1. Verify share is in place
2. Check DNS if ping by IP for failure 2. Remove share and End
address works 2. Restart server service recreate share
3. Check data route through and its dependent
network services
4. Check the IP configuration
of client computer
of server computer
Troubleshooting Mapped Network Drive
Start
Is the client Is the

Is the server Is the client server computer Is the Server
powered on? Yes network cable Yes computer link Yes Yes computer link
stacked? network cable
light on? attached? light on?
No No No No No
1. Check all power 1. Check to make sure 1. Check cable length 1. Check to make sure 1. Check cable length
cables the client computer for breaks the server computer for breaks
2. Check power strips is attached to the 2. Check network is attached to the 2. Check network adapter
3. Check power network adapter and switch network and switch (or hub)
devices 2. Check cable ends (or hub) for bad 2. Check cable ends for bad connection
4. Check power for damage connection for damage 3. Check cable ends
3. Check cable ends for damage
for damage
13
14
Troubleshooting Mapped Network Drive
Yes
Does the Does the Does the 1. Try to connect to share

server respond to server respond to server advertise from other systems
Yes net view Yes Yes 2. Use netmon to verify
ping by the proper share
hostname? command? name? network traffic
No No No
A B
1. Try ping using IP address 1. Check server service 1. Verify share is in place End
2. Check DNS if ping by for failure 2. Remove share and
IP address works 2. Restart server service recreate share
3. Check data route through and its dependent
network services
of client computer
of server computer
Exercise 1
Troubleshooting a Mapped Network Drive
In this exercise, you will identify the problem with a mapped network drive that
is reported as nonfunctional.
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab1a.bat
script located in the C:\Moc\2011\Labfiles\Lab01 folder on 2011_London
Virtual PC. There is a shortcut to C:\Moc\2011\Labfiles on your desktop.
Scenario You are a network administrator. Jeff Pike can no longer access his K drive.
The K drive, by company standards, maps to \\London\KDrive, which is a
shared directory on London.
In this exercise, you will need to log on to Acapulco using NWTraders\JeffPike
to troubleshoot and test your solution. All user accounts can be accessed by
using a password of P@ssw0rd.
Level 1 support “Called Operations; they say the London server is up and running. Jeff claims
comments that it was working earlier in the day, then he went to lunch. When he returned
from lunch it no longer worked. Jeff installed new software before lunch—an
upgrade to Microsoft Office System 2003. Jeff states he is unable to access any
share points on the London server.”
Use the flow chart and the Lab Toolkit resources to identify and resolve the
problem with the client connection. Fix all related problems.
What did you determine to be the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
What steps did you take to identify and resolve the problem in this scenario?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Exercise 2
Configuring Common Troubleshooting Components
In this exercise, you will configure Windows Server 2003 and Exchange
Server 2003 for basic troubleshooting. Configure London by performing the
tasks below.
Scenario You are a network administrator. You want to prepare your Exchange
Server 2003 environment for troubleshooting. At this time, your environment is
functioning as expected. Perform the tasks in the following table on London.
Tasks Resources
Enable and configure SMTP and NNTP Search Exchange Server 2003 Help for
logging. Verify configuration of HTTP topics entitled “Enable Logging for
logging. SMTP, NNTP, and HTTP Protocols” and
“Enable Logging for the HTTP Exchange
Virtual Server.”
You need to start the NNTP service.
Configure the Performance snap-in to Search Performance logs and Alerts Help
log the LogicalDisk, Memory, Network for the topic entitled “Create a counter
Interface, PhysicalDisk, and Processor log” and “Troubleshooting.”
objects.
Review the options available for Search Exchange Server 2003 Help for
Exchange Diagnostics Logging. the topic entitled “Configure Diagnostics
Logging.” See note below table.
In Add/Remove Windows Components Search Windows Server 2003 Enterprise
in Add or Remove Programs, install and Edition Help and Support Center for the
then use Network Monitor to capture topic entitled “Monitoring Network
and view network traffic on your local Traffic: Common Administrative Tasks.”
area connection. The location of See note below table.
installation files is c:\moc\2011\labfiles\
Lab01\Netmon.
Verify that Exchange Service Search Exchange Server 2003 Help for
Monitoring is configured to monitor the the topic entitled “Monitor Services Used
Microsoft Exchange System Attendant by Exchange.”
service and its dependent services.
Enable message tracking and subject Search Exchange Server 2003 Help for
logging. the topic entitled “Enable Message
Tracking.”
Note Diagnostics Logging and Network Monitor are two tools that you
will not configure and use until you are actually facing a problem and
need them to help resolve the problem. In this exercise, review the many
options available under Diagnostics Logging and familiarize yourself
with Network Monitor.
Lab Virtual PC For this lab, you used the Acapulco and London Virtual PCs. Please save
clean-up changes that were made during your troubleshooting by closing each image.
Important When you shut down the Virtual PCs using these
instructions, all changes made to the London Virtual PC will be saved.
To clean up after this lab:

1. On Acapulco, on the menu, click PC, click Shutdown, click Turn off PC
and undo changes, and then click OK.
2. On London, on the menu, click PC, click Shutdown, click Save PC state
and keep changes, and then click OK.
Note Start the 2011_London Virtual PC to prepare for the next unit’s
lab. Do not shut it down again until instructed.
Lab Discussion

What steps did you follow in the troubleshooting flow charts?
! What were the root causes of the problems described in the scenario?
! What steps did you use and how did the steps help identify the problem?
! What other steps could you have used to identify the problem faster?
! How did you test your solution?
How will you address this type of problem in the future?

! How is your work environment different than the test environment?
! How would your work environment change the troubleshooting process?
! What steps will you take in the future when troubleshooting similar
problems?
Unit 2: Troubleshooting Network
Connectivity
Contents
Overview 1
Tools for Troubleshooting Network
Connectivity 2
Common Network Connectivity Problems 3
Lab: Troubleshooting Connectivity
Problems 5
Lab Discussion 15
respective owners.
Unit 2: Troubleshooting Network Connectivity 1
Overview

If messaging fails, it is usually because of connectivity issues. Microsoft®
Exchange Server 2003 provides you with various tools to assist you in
troubleshooting network connectivity. In this unit, you will focus on some of
these tools and will then have the opportunity to practice using them.
! Identify the underlying causes when mail from one server is not received by
recipients on another server and resolve the problem.
! Identify the underlying causes when a user cannot connect to an Exchange
Server 2003 server as a remote user and resolve the problem.
! Identify the underlying causes when no one in a company can receive
Internet e-mail and resolve the problem.
2 Unit 2: Troubleshooting Network Connectivity
Tools for Troubleshooting Network Connectivity

Network connectivity problems and issues involving DNS are common reasons
for message failure. Several tools are available to verify that your network is
functioning correctly, that domain name resolution is occurring correctly, and to
identify specific problems in your environment. Using these tools to identify the
source of a problem will greatly improve your troubleshooting efforts. The
following table lists the tools and gives a brief description of when you would
use each one.
Tool Purpose
Telnet Use Telnet to verify that you can connect to a particular TCP/IP port on an Exchange server.
For example, if you cannot send Simple Mail Transfer Protocol (SMTP) messages to a
remote server; use Telnet to verify that SMTP is responding as expected on port 25.
Ping Use Ping to verify that the network between a sending computer and a receiving computer is
transferring data correctly and in a timely manner. For example, if you cannot ping your
Exchange server from your client computer, you will not be able to send or receive e-mail
using that server.
Tracert Use Tracert to trace each hop that a network packet takes when sent from one computer to
another. If you cannot ping a destination computer, you can use Tracert to identify the point
at which the packet is failing to transfer.
Pathping Use Pathping instead of Ping and Tracert when you want to locate information about
network latency and network loss at intermediate hops between a source and destination.
Pathping allows you to determine which routers or subnets are having network problems.
DNS Administrator Use the DNS Administrator program to configure DNS settings, test connectivity between
DNS servers, and verify that host names are registered correctly. Problems with DNS
functionality are frequently a result of network connectivity problems between the DNS
server and the server or client with which you are experiencing a problem. For example, if a
message is not being transmitted to a remote SMTP host, this could be a problem with the
DNS registration for that host.
Common Network Connectivity Problems

As we have discussed, connectivity problems are some of the major issues
when troubleshooting an Exchange Server 2003 messaging environment. Some
of the more common issues and the steps that you can take to resolve them are
listed in the following table.
Problem Troubleshooting tips
DNS resolution of A and MX records • Verify that the DNS service is running
is not correct • Verify that the Exchange A records are present
• Verify that the Exchange mail exchanger (MX) resource records are
present
POP3/IMAP4 protocol permissions • Verify that users have permission to Post Office Protocol version 3
are not configured correctly (POP3) and Internet Message Access Protocol version 4rev1 (IMAP4)
• Verify that the appropriate protocol service startup type is set to
Automatic, and that the service is started on the Exchange server
• Verify that the server’s IP address and host name are resolved
successfully from the client
Firewall blocks transmissions • Verify that the firewall is configured correctly
• Verify that the services on the firewall are running as expected
• Use Telnet to verify that the ports are open and accepting connections
• Use firewall configuration tools to verify port redirection
Virus has infected your network • Verify that the antivirus scanning engines and signature files are current
• Use your disaster recovery documentation to prevent further spreading of
the virus and to clean the virus from the server
Inbound SMTP traffic is not being • Use Telnet to verify that relevant firewalls, routers, and servers are
accepted processing SMTP traffic
• Verify that the Exchange server is not filtering SMTP connections based
on e-mail address, domain name, or IP address
• Verify the MX records in DNS
Pre-Lab Discussion

Network connectivity problems will impact all network-based applications.
Messaging applications can have client-to-server connectivity issues, server-to-
server connectivity issues, and issues with transmitting data through firewalls.
Focusing on connectivity, discuss what problems might cause the following
situations:
! A user cannot receive e-mail from another internal user.
! Users cannot connect to their mailboxes from outside the corporate network.
! A company is unable to receive e-mail from Internet senders.
Lab: Troubleshooting Connectivity Problems

! Identify the underlying causes when e-mail from one server is not received
by recipients on another server and resolve the problem.
! Identify the underlying causes when a user cannot connect to an Exchange
server as a remote user and resolve the problem.
! Identify the underlying causes when no one in a company can receive
Lab Virtual PC For this lab, you will use the Acapulco, Miami, Vancouver, and London Virtual
configuration PCs. The Acapulco Virtual PC is used to provide a messaging client for internal
users as well as external users. London is a domain controller, global catalog
server, DNS server, and Exchange Server 2003 server. Miami is an Exchange
Server 2003 server. Vancouver is an Exchange 5.5 server that is used to
simulate a connection to an Internet host in the last exercise of this lab, and will
be started at that time.
1. Start 2011_London Virtual PC, if it is not already started.
2. Log on as NWTraders\Administrator with a password of P@ssw0rd. For
performance reasons, you should allow London to start completely prior to
starting Acapulco.
3. Start 2011_Acapulco Virtual PC, if it is not already started, but do not log
on. For performance reasons, you should allow Acapulco to start completely
prior to starting Miami.
4. Start 2011_Miami Virtual PC.
5. Log on as NWTraders\Administrator. If any services configured with a
startup type of Automatic fail to start, start them now.
Note All accounts used in this course can be accessed by using the
password P@ssw0rd.
Navigating the flow In this lab, you will use the flow charts and the Lab Toolkit resources to
chart identify and resolve the problems described in the scenarios. You will need to
read the scenario, the support comments, and then use the flow charts to
identify the root cause of the problem. You will then need to perform the test
case presented at each decision point in the flow chart to determine which path
to follow. Use the letters on the flow chart to identify the Toolkit resources that
you can use to help troubleshoot the problem. After you identify a potential
solution, make the configuration change and then test your solution. When your
solution resolves the problem presented in the scenario you have successfully
completed the lab.
following table to help you complete the exercises in this lab.
Flow chart
reference Resources used for this Flow Chart
B C D Help: Exchange: Managing Virtual Servers. To locate this

information, open Exchange System Manager Help, search for
Configure Virtual Servers, and then select the appropriate topic for
the type of virtual server.
A B C Help: Exchange: Tracking Messages. To locate this information,
open Exchange System Manager Help, search for message tracking,
and then select Use the Message Tracking Center.
C Help: Exchange: Verifying the RGC Configuration. To locate this
information, open Exchange System Manager Help and then search
for Install a Routing Group Connector.
B Help: Microsoft Outlook® Express: Verifying Account
Configuration. To locate this information, open Outlook Express
Help and then search for Add a mail or news account.
A Help: Microsoft Outlook: Verifying Account Configuration. To
locate this information, open Outlook Help and then search for View
or change e-mail account settings.
A B C D Help: Microsoft Windows®: Testing DNS. To locate this
information, open Windows Help and then search for Manage
resource records.
A B C D Help: Windows: Using NSLookup. To locate information on using
NSLookup to test DNS, open a command prompt, type NSLookup
to start the NSLookup tool, and then type Help.
C Help: Windows: How to Use TCP/IP Command-Line Utilities. To
locate this information, open Windows Help and then search for
Command-line utilities: TCP/IP.
A B C Impact of Virus and Content Scanners on Messaging Functionality
D Internet E-Mail Testing Methods
A Updating the Global Address List (GAL)
A Using Dcdiag and Netdiag to Verify the Network Infrastructure
B D Using the Telnet Command to Test the TCP Port Restrictions on a
Firewall
A B Verifying that a Server is Online

8
Troubleshooting Network
Connectivity Problems
Can the client send Can the client send

and receive e-mail and recieve e-mail Can the client send
Start between others on the Yes between others on other Yes and receive Internet Yes End
same Exchange server? Exchange servers in the e-mail?
organization?
No
No No
A C D
1. Verify server is online 1. Verify correct address and test if other users 1. Check user for SMTP Deny
2. Verify mailbox and server can send and receive extra-server e-mail 2. Verify SMTP virtual server is
names in Outlook client 2. Check network route functioning
3. Verify DC and GC online 3. Verify IP configuration on all e-mail servers 3. Check firewall configuration
Which messaging
4. Verify user name is in the 4. Check DNS 4. Verify external DNS MX
client application is MAPI GAL, update if necessary 5. Verify SMTP virtual server is running on records
being used?
5. Check DNS resolution remote server 5. Verify that the firewall is not
6. Check virus and content 6. Check message size limits on connectors blocking
scanner quarantine 7. Check virus and content scanner quarantine
7. Track message 8. Track message
Outlook
Express
B
1. Verify server is online
2. Verify account name, password,
and server names in Outlook
Express client
3. Check DNS resolution
4. Verify SMTP, IMAP4/POP3
virtual servers are running
5. Check virus and content scanner
quarantine
6. Track message
If external client
7. Check firewall configuration
Troubleshooting Network Can the client send
Connectivity Problems Start and receive e-mail between
Yes
others on other Exchange
servers in the
organization?
No
A
2. Verify mailbox and server
names in Outlook client
3. Verify DC and GC online
Which messaging 4. Verify user name is in the
client application is MAPI
GAL, update if necessary
being used? 5. Check DNS resolution
6. Check virus and content
scanner quarantine
7. Track message
Outlook Express
B
2. Verify account name, password,
and server names in
Outlook Express client
3. Check DNS resolution
4. Verify SMTP, IMAP4/POP3 virtual
servers are running
5. Check virus and content scanner
quarantine
6. Track message
If external client
9
7. Check firewall configuration

10
Troubleshooting Network
Connectivity Problems
Can the client

send and receive e-mail Can the client send
between others on other Yes and receive Internet Yes End
Exchange servers in the e-mail?
organization?
No No
C D
1. Verify correct address and test if other users 1. Check user for SMTP Deny
can send and receive extra-server e-mail 2. Verify SMTP virtual server is
2. Check network route functioning
3. Verify IP configuration on all e-mail servers 3. Check firewall configuration
5. Check DNS 4. Verify external DNS MX records
6. Verify SMTP virtual server is running on 5. Verify that the firewall is not
remote server blocking
7. Check message size limits on connectors
8. Check virus and content scanner quarantine
9. Track message
Exercise 1
Troubleshooting Internal User E-Mail Failure
In this exercise, you will use the flow chart and the Lab Toolkit resources to
identify and resolve the problem in the scenario.
script located in the c:\MOC\2011\Labfiles\Lab02 folder on 2011_London
Virtual PC. It is important that all Virtual PCs be completely started prior to
running the script.
Scenario Jeff Pike has entered a service request. He states that he is unable to send e-mail
to one of his team members, Mindy Martin. He is able to send and receive
e-mail to and from others in his team, but not Mindy.
In this exercise, you will need to log on to Acapulco using NWTraders\JeffPike
and log on to Microsoft Outlook Web Access (OWA) as
NWTraders\MindyMarti to troubleshoot and test your solution. All user
accounts can be accessed by using a password of P@ssw0rd.
Level 1 support “Sent e-mail to Jeff and he received it fine. Called Mindy; she is able to send
comments and receive e-mail among her co-workers. Jeff and Mindy both use
Outlook 2003.”
You must establish e-mail communication between Jeff Pike and Mindy
Martin.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Exercise 2
Troubleshooting When a Remote User Is Unable to Receive E-Mail
Exercise preparation To create the troubleshooting scenario for this exercise, perform the following
steps:
1. On Miami, on the menu, click PC, click Shut Down, click Turn off PC
2. Run the breaklab2b.bat script located in the c:\MOC\2011\Labfiles\Lab02
folder on 2011_London Virtual PC.
Scenario Brian Clark has entered a service request. He states that he is unable to access
his e-mail from home using Outlook Express. He is trying to configure Outlook
Express as an IMAP4 client. Brian’s mailbox was recently moved from a server
running Exchange 2000 to a different server running Exchange 2003.
Log on to Acapulco as NWTraders\BrianClark using the password P@ssw0rd.
Use Outlook Express to connect to the Exchange Server 2003 server and
troubleshoot the connection.
Level 1 support “Sent e-mail to Brian and it didn’t bounce back. Checked System Manager and
comments saw that the messages in Brian’s mailbox increase when I send him e-mail. I
think the problem might be related to Brian’s mailbox being moved, that it was
corrupted.”
Level 2 support “Called Brian at home and walked through the settings for Outlook Express.
comments Everything seems fine. Maybe it is a corruption problem.”
Read the Level 1 and Level 2 support comments and find a solution to the
problem. You must resolve the problems Brian experiences when accessing his
e-mail using Outlook Express as an IMAP4 client.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Exercise 3
Troubleshooting When a Company is Not Receiving Internet E-Mail
steps:
1. Verify that 2011_London Virtual PC is running.
2. Start 2011_Vancouver Virtual PC. Because Vancouver is in the Microsoft
Windows NT® domain Contoso, which is not part of the same forest as
London, you can use Vancouver to simulate an Internet host. When you
start Vancouver, Vancouver will run Autochk. You should allow Autochk to
complete, at which time Vancouver will start successfully.
3. Log on to Vancouver as Contoso\Administrator.
4. Run the breaklab2c.bat script located in the c:\MOC\2011\Labfiles\Lab02
Scenario Brenda Diaz has entered a service request. She states that she is not receiving
e-mail from the Internet, and she is unable to send e-mail to the Internet.
Log on to Acapulco as NWTraders\BrendaDiaz using the password P@ssw0rd.
Use Outlook 2003 to connect to the Exchange Server 2003 environment and
troubleshoot the connection. You can use the administrator@contoso.msft
account as the test recipient on Vancouver. Outlook 2000 on Vancouver has
already been configured with a profile for the Contoso Administrator mailbox.
Level 1 support “Brenda is using Outlook 2003. Brenda is able to send and receive internal e-
comments mail. She claims she is able to send e-mail to the Internet but is not able to
receive it. Explained to Brenda that it must be a problem at the other end
because nobody else has reported any similar problems. Brenda is confident
that it must be something wrong with our e-mail server.”
Level 2 support “Brenda called the Help Desk manager and was very upset. I called her directly;
comments she is certain that it is a problem with our e-mail server. She says that a friend
of hers at Contoso, Ltd has been trying to send her e-mail all day. I explained to
Brenda that it might be a virus issue and that the other e-mail server is stopping
mail from being sent to our server.”
Read the Level 1 and Level 2 support comments and find a solution to the
problem that is keeping users from receiving e-mail from the Internet.
Warning Virtual PC will capture your mouse while using Vancouver.

To use your mouse to access other windows outside of Vancouver, you
must press the right Alt key while moving your mouse out of the
Vancouver window.

________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
_______________________________________________________________
Lab Virtual PC For this lab, you used the Acapulco, Miami, Vancouver, and London Virtual
clean-up PCs. Please undo any changes that were made during your troubleshooting by
closing each image. The Miami virtual PC should have been closed at the
beginning of Exercise 2.
instructions, all changes made to the Virtual PCs during this lab will be
lost.

1. On Acapulco, on the menu, click PC, click Shut Down, click Turn off PC
2. On London, on the menu, click PC, click Shut Down, click Turn off PC
3. On Vancouver, on the menu, click PC, click Shut Down, click Turn off PC
Lab Discussion

! What were the root causes of the problems described in the scenario?
! What steps did you use and how did the steps help identify the problems?
! What other steps could you have used to identify the problems faster?

problems?
Unit 3: Troubleshooting Public Folders
and Mailboxes
Contents
Overview 1
Troubleshooting Client Connectivity to
Mailboxes and Public Folders 2
Troubleshooting Mailbox and Public Folder
Properties 5
Troubleshooting Single Server Message
Flow 8
Troubleshooting the Recipient Update
Service 10
Lab: Troubleshooting Public Folder and
Mailbox Problems 13
Lab Discussion 26
respective owners.
Unit 3: Troubleshooting Public Folders and Mailboxes 1
Overview

Network connectivity issues prevent users from sending and receiving e-mail in
a Microsoft® Exchange Server 2003 environment. In this unit, you will learn
how to identify the mailbox and public folder problems that prevent users from
sending and receiving e-mail. These issues are indicated when a client is unable
to connect to a server running Exchange Server 2003 to access a mailbox or a
public folder.
! Identify the underlying causes when a user cannot receive Internet e-mail
and resolve the problem.
! Identify the underlying causes when a user cannot send Internet e-mail and
resolve the problem.
! Identify the underlying causes when a user is unable to post a message to a
public folder and resolve the problem.
2 Unit 3: Troubleshooting Public Folders and Mailboxes
Troubleshooting Client Connectivity to Mailboxes and

Public Folders

If a user cannot send and receive e-mail, one reason for this may be that the
user’s e-mail client cannot connect to the user’s Exchange server. There are
many possible reasons why a client cannot connect to an Exchange server. To
troubleshoot client connectivity, you need to understand how a client connects
to an Exchange server and then troubleshoot each step in the process.
Troubleshooting To troubleshoot client connectivity to a mailbox on an Exchange server, you
mailbox connectivity need to examine the following components:
! Name resolution. The e-mail client must be able to resolve the name of the
Exchange server before it can open the mailbox. Microsoft Windows® 2000
Professional and later clients rely on DNS to resolve the host name of the
Exchange server. Earlier clients rely on Windows Internet Name Service
(WINS) to resolve the network basic input/output system (NetBIOS) name
of the Exchange server. To troubleshoot name resolution issues, use tools
such as Ping and NSLookup.
! Protocol connection. If the e-mail client can resolve the name of the
Exchange server, the next step is to attempt an application level protocol
connection to the server.
• For Microsoft Outlook® MAPI clients, the client must be able to create a
remote procedure call (RPC) connection to the Exchange server by using
TCP/IP port 135. The RPC port mapper will dynamically assign a port
after the initial connection unless you have configured your Exchange
server to use static ports. For Outlook 2003 using RPC over HTTP, the
RPC traffic is sent using HTTPS (port 443). On the internal network,
you may need to check options such as packet filtering on network
devices or the Exchange servers, or possibly an Internet Protocol
security (IPSec) policy that is blocking RPC connections.
• Internet Message Access Protocol version 4rev1 (IMAP4), Post Office

Protocol version 3 (POP3), or HTTP clients must be able to connect to
the Exchange server using the appropriate protocols. If the client can
establish a TCP/IP connection to the Exchange server, but it cannot
create a protocol connection, you must identify what is blocking the
connection. The most common problem is firewall settings. In most
cases, protocol resolution issues will impact more than just one client.
For example, if POP3 traffic is being blocked on the network, all POP3
clients will be affected. If only one client is affected, you can limit your
troubleshooting to that particular client.
• Microsoft Active Directory® directory service access. To send and
receive e-mail in an Exchange Server 2003 environment, both the e-mail
client and the Exchange server must be able to connect to Active
Directory global catalog servers. All of the Exchange servers in the
organization must be able to connect to a domain controller in order to
access configuration information. In order to resolve e-mail addresses to
send a message, the Exchange server must be able to locate the recipient
object in the global catalog. To open the global address list, the e-mail
client must be able to connect to a global catalog server. If the e-mail
client is having problems resolving recipient names, test the Active
Directory connections using tools like Netdiag, Netsh, Dcdiag, and
Dsadiag. Also, verify that objects exist in the global catalog, and that, if
needed, an expansion server for each mail-enabled group is identified
and functioning.
Troubleshooting public When an e-mail client attempts to connect to a public folder server, the client
folder connectivity must first establish a connection to the Exchange server that houses the client’s
default public store server using the same process as connecting to a mailbox.
Accessing public folder content adds some extra components that you need to
consider in your troubleshooting:
! Connecting to the default public folder hierarchy. When the e-mail client
tries to access a public folder, it must first access the public folder hierarchy.
The default public folder hierarchy is stored on every server that includes a
public folder store. The e-mail client will try to access the hierarchy from
the default public store defined on the client’s mailbox store properties,
which by default is on the same server as the user’s mailbox. If the e-mail
client cannot see any public folders in the hierarchy, the server that hosts the
user’s default public store is not returning public folder information
properly. In this case, confirm connectivity to the server hosting the default
public store and verify that the public store is mounted. If the client can
view parts of the hierarchy but is unable to view recently created folders,
verify that the hierarchy is replicating correctly. If replication is working,
the user may not have permissions to access portions of the hierarchy; you
should verify that permissions are granted accordingly. You can force an
immediate update of the public folder hierarchy information by right-
clicking a public folder store and clicking Send hierarchy.
! Connecting to public folder contents. After the client has connected to the
public folder hierarchy, it must then retrieve the actual messages from the
public folder. The messages are stored only on those servers that contain a
replica of the public folder. When the client tries to open a message in a
public folder, the server that houses the user’s default public store returns a
list of all servers that contain a replica of the public folder. The client will
then connect to the requested public folder in the following order of
preference:
• Connect to the server housing the default public folder store.
• Connect to an Exchange server in the same routing group as the
Exchange server that houses the user’s mailbox.
• Connect to an Exchange server in a different routing group. If there are
multiple routing groups, the client will connect to an Exchange server
based on the public folder referral configuration on the routing group
connectors and the routing group connector costs.
If the client cannot connect to a public folder replica in its own routing group,
follow the same troubleshooting process that you would use to troubleshoot
connecting to a mailbox. If the public folder replica is located in another routing
group, check whether public folder referrals are enabled across the routing
group connection. In most cases the second routing group is across a WAN
connection, so you may need to troubleshoot the network connectivity. If the
WAN connection has limited available bandwidth, you may need to configure a
replica of the public folder in the local routing group to ensure client
connectivity.
Troubleshooting Mailbox and Public Folder Properties

If an e-mail client can access the appropriate mailbox or public folder but
cannot send and receive e-mail messages, the problem may be a configuration
setting on the mailbox or public folder.
Troubleshooting There are many possible configuration settings on a mailbox that can affect
mailbox configuration e-mail delivery, including the following:
issues
! Mailbox permissions. To send e-mail from a mailbox, the user must have
Send As permission, or be delegated the Send on behalf of permission. To
read the mail in the mailbox, the user must be granted Receive As
permission or be granted the permission to read the mailbox contents. The
primary account associated with a mailbox is granted Full Mailbox Access
in Active Directory. If a client cannot use a mailbox as expected, verify that
permissions are granted correctly.
! E-mail address. Every mailbox on an Exchange Server 2003 server must be
configured with at least a Simple Mail Transfer Protocol (SMTP) address
and a X.400 address. Initially, these addresses are configured by the default
recipient policy. Additional addresses may be configured manually or by
creating additional recipient policies that apply to the user. If a user is
unable to receive e-mail originating from messaging systems across
connectors, verify that the user’s e-mail address is defined correctly for the
affected connector. For example, a user unable to receive Internet e-mail
may have an incorrect SMTP address.
! Default e-mail address. If a mailbox is configured with more than one

address of the same type, one of the addresses is configured as the primary
e-mail address. This is most common for SMTP addresses, when one user
may have more than one SMTP e-mail address. By default, Exchange
Server 2003 adds the primary e-mail address to the FROM field of outbound
messages sent from the user’s mailbox. If the primary e-mail address is not
correct, replies to messages sent from the user may not be delivered. If a
user is not receiving replies to messages they send across connectors to
other messaging systems, verify that the user’s primary e-mail address for
the affected connector is configured correctly. For example, a user that
receives Internet e-mail but does not receive replies to messages that are
sent to Internet users may have an incorrectly defined primary SMTP e-mail
address.
! Message size limits. You can configure both sending and receiving message
size limits at the organization level, connector level, or mailbox level. If a
message exceeds the message size restriction, it will not be delivered. If a
user is unable to send messages with large attachments, check the message
size limits. If the messages are too large, you may need to increase the size
limits or ask the user to decrease the size of the attachments.
! Mailbox size limits. Mailbox size limits can be configured on the mailbox
store or on individual mailboxes. There are three configuration options
available when setting the mailbox size limit: issue warning, prohibit send,
and prohibit send and receive. If the prohibit send is configured, the user
will receive an error message when they send a message and the message
will not be delivered. If the mailbox has reached the prohibit receive level,
any e-mail sent to the mailbox will not be delivered to the mailbox and a
non-delivery report (NDR) will be created. If a user is unable to send or
receive e-mail because they have reached the mailbox size limit, you may
need to show the user how to decrease their mailbox size. In many cases,
deleting the messages in the Deleted Items and Sent Items folders can
significantly reduce the size of the mailbox. If required, you can configure a
larger mailbox size limit for individual mailboxes.
! Delivery restrictions. You can configure delivery restrictions that specify
who can send to a mailbox or distribution list. If a user is prohibited from
sending to a mailbox, their messages will not be delivered. If a user is not
able to send to a mailbox or distribution list, confirm why the delivery
restriction is in place. If the user should not be restricted, change the
delivery restrictions. If the user should be restricted, communicate that to
the user.
! Hide from Exchange Address Lists. You can configure individual mailboxes
so that they are hidden from the Address Book. If this is configured, the
mailbox will not appear in the global address list (GAL), but other users that
know the name or the e-mail address of the mailbox will still be able to send
to the mailbox. If the mailbox is configured incorrectly, correct the
configuration error. If a mailbox is intentionally hidden from the GAL, you
may need to show the user how to send e-mail to a hidden mailbox.
Troubleshooting public There are many possible configuration settings on a public folder that can affect
folder configuration e-mail delivery, including the following:
issues
! Public folder permissions. As with mailboxes, you must have appropriate
permissions granted in order to access public folders. By default, all users
are assigned the Author role on newly created public folders. However, you
can modify user permissions by assigning different roles to a user account
or to mail-enabled groups. The client permissions on a public folder can be
modified using Outlook or using the Exchange System Manager. If users
cannot perform the actions they expect in a public folder, confirm that they
have the business requirement to do so. Once this is confirmed, you can
assign the appropriate permissions to the public folder either by using the
individual mailbox or by adding the mailbox to a mail-enabled group that
has the required permissions.
! Public folder size limits. Like mailboxes, public folders can also be
configured with size limits that restrict the maximum size of the public
folder. When these size limits are reached, users will not be able to post any
messages to the public folder. Public folders can also be configured with
maximum message size limits. If users cannot post to a public folder
because the public folder has reached its maximum size, you can increase
the public folder size or you can remove some messages from the folder. If
this is a regular occurrence, you can configure the public folder so that
messages older than a specified time or date are automatically deleted from
the folder.
! Mail-enabled public folders. Public folders can be configured as mail
enabled. If a public folder is mail enabled, e-mail addresses are created for
the public folder so that users can locate the folder in the GAL and send
mail to the folder. Users outside the organization can send e-mail to the
folder by using the SMTP address for the public folder. If you want users
outside the organization to be able to send mail to a public folder, you must
mail-enable the public folder and then make the SMTP address available to
the outside users. If you do not want to mail-enable the public folder,
instruct internal users to post to the public folder.
! Hide from Exchange Address Lists. By default, public folders that are mail
enabled are displayed in the GAL. If a public folder should not be visible in
the GAL, the option must be modified. If the public folder is configured
incorrectly, correct the configuration error. If a public folder is intentionally
hidden from the GAL, you may need to show users how to send e-mail to a
hidden public folder, or instruct them to post to the public folder.
Troubleshooting Single Server Message Flow

In order to troubleshoot message delivery errors, it is useful to understand how
messages flow through an Exchange server. Exchange Server 2003 provides the
queue viewer and the Message Tracking Center for troubleshooting message
delivery. The queue viewer displays all of the queues on the Exchange server so
that you can clearly see where messages that are not being delivered are
accumulating. By using the Message Tracking Center, you can identify the
server or point within a server at which message delivery is stopped.
Single server message An Exchange server can receive messages from a client or from another server
flow via SMTP or an X.400 connector. Regardless of the source, the flow of a
message through the server is essentially the same. The following steps describe
the message flow when a MAPI client sends a message to a recipient on the
same server:
1. The message is submitted to the store from the e-mail client. The actual
content of the message is stored in the Exchange store.
2. The MailMsg object, which is the header information about the message, is
passed to the advanced queuing engine. The advanced queuing engine,
which is part of the SMTP service, places the MailMsg object in the pre-
categorizer queue. The pre-categorizer queue is one of several queues that
are managed by the advanced queuing engine.
3. The message categorizer, which is also part of the SMTP service, retrieves
the MailMsg object from the pre-categorizer queue and processes the
message. The message categorizer determines the recipients of the e-mail
message and determines the best way to route the message to the recipients.
If the recipient is a mail-enabled group, the message categorizer must
expand the group membership to identify all message recipients. If the mail-
enabled group is configured with a different expansion server, the message
is sent to the expansion server. During the categorizing process, the message
categorizer must connect to a global catalog server that contains information
about all member objects of the group.
4. Because the recipient mailbox is located on the same server as the sender,
the message categorizer sends the message to the routing engine which
places the message in the local delivery queue.
5. The Exchange store extracts the MailMsg information from the local
delivery queue and sends a pointer to the stored message to the appropriate
mailbox.
Using the queue viewer As messages are routed through an Exchange server, they are moved from one
to troubleshoot queue to another. You can monitor the status of these queues by using the
message flow queue viewer. The queue viewer is accessed by expanding the server object in
Exchange System Manager and clicking Queues. The queue viewer shows both
system queues and link queues. System queues are permanent queues on the
Exchange server, such as the local delivery queue or queues for messages
awaiting directory lookup or messages waiting to be routed. Link queues are
temporary queues created only when needed. For example, when a message is
sent to an Internet recipient, a link queue is created for the recipient’s fully
qualified domain name.
When messages are not being delivered on the Exchange server, you can use
the queue viewer to identify which queue is growing in size. If the Messages
awaiting directory lookup queue is growing, you should check global catalog
availability. If the Local delivery queue is growing, you should verify that the
local mailbox and public folder stores are mounted. If you notice a queue is
growing, you can select the queue and then view the additional queue
information to help troubleshoot the cause of the queue growth.
Using message tracking In addition to the queue viewer, you can also use the Message Tracking Center
to troubleshoot to troubleshoot message flow through an Exchange server. When message
message flow tracking is enabled on a server, each step of the message flow is logged in the
message tracking logs. For example, the following information is logged when
a message is sent from one mailbox on an Exchange server to more than one
mailbox on the same server:
SMTP Store Driver: Message Submitted from Store
SMTP: Message Submitted to Advanced Queue
SMTP: Started Message Submission to Advanced Queue
SMTP: Message Submitted to Categorizer
SMTP: Message Categorized and Queued for Routing
SMTP: Message Queued for Local Delivery
SMTP: Message Delivered Locally to multiple recipients
SMTP Store Driver: Message Delivered Locally to Store to
recipient SMTP e-mail address
By viewing the message tracking log, you can identify where an undelivered
message failed and begin troubleshooting the correct component.
Troubleshooting the Recipient Update Service

Recipient policies are used to configure e-mail addresses for recipients in an
Exchange organization. The Recipient Update Service updates recipient e-mail
addresses based on the recipient policies. If recipient policies are not configured
correctly, the e-mail addresses assigned to recipients will be incorrect. If the
Recipient Update Service is not functioning, any new recipient policies
(policies that need to be applied to new recipients) will not be processed. These
problems may prevent users from sending and receiving e-mail.
Troubleshooting If recipients cannot send and receive e-mail because of incorrectly configured e-
recipient policies mail addresses, the following components may assist you in troubleshooting
recipient policies:
! Check for incorrectly configured Lightweight Directory Access Protocol
(LDAP) queries on the policy. Recipient policies are only applied to
recipients that match the LDAP query. If the e-mail address on a mailbox is
not modified as expected, confirm that the LDAP query includes the
recipient. When you create the LDAP query, you can select Find Now to
view the list of recipients included in the LDAP query.
! Check the policy priority settings. A higher priority policy may overwrite
the e-mail addresses configured by a lower priority policy. If you determine
that a required e-mail address is being overwritten by another recipient
policy, you can change the order in which the policies are applied or you
can modify the higher priority policy to include the required e-mail address.
! Apply the policy. When you modify a policy, the policy is applied the next
time the Recipient Update Service is run, which is every 60 seconds by
default. To apply a policy immediately, right-click the policy and click
Apply this policy now. To change the schedule on which the Recipient
Update Service is run, right-click the appropriate recipient update service in
Exchange System Manager and configure the update interval on the
Recipient Update Service Properties General tab. If you apply the policy
and the updates still do not appear, check the LDAP query and verify that
the Recipient Update Service is functioning correctly.
! Check for manually configured e-mail addresses. Recipient policies cannot

remove or modify any e-mail addresses configured directly on the recipient
object in Active Directory. If a user cannot send or receive e-mail because
of an address configuration problem, the problem may be manually
configured addresses. For example, if a user’s SMTP return address is
incorrect, check to see if another address is manually configured as the
primary address on the recipient object.
Recipient Update The Recipient Update Service updates recipient e-mail addresses based on the
Service recipient policies. By default, two Recipient Update Service objects are created:
! Recipient Update Service (Enterprise Configuration). This object updates
the e-mail addresses of the objects that are in the configuration partition of
Active Directory, such as the Exchange store object, the message transfer
agent (MTA) object, and the System Attendant object.
! Recipient Update Service (Active Directory domain). This object is created
for each Active Directory domain that has an installation of Exchange 2000
or later. It updates e-mail addresses for recipient objects in Active Directory,
and it updates address lists based on changes in recipient objects in that
domain.
Troubleshooting the If the e-mail addresses configured by recipient policies are not being applied to
Recipient Update recipients, use the following troubleshooting options:
Service
! Force an immediate update. You can force the Recipient Update Service to
run immediately by right-clicking the Recipient Update Service object and
clicking Update Now.
! Check for Exchange server and Active Directory server availability. The
Recipient Update Service object is configured with a domain controller and
an Exchange server. The Recipient Update Service must be able to connect
to both servers in order to run. If one of the servers is not available, you
need to manually reconfigure the Recipient Update Service to use a different
server.
! Confirm that the System Attendant service is running. The Recipient Update
Service runs within the System Attendant service, so the System Attendant
must be running.
! Enable Diagnostics Logging on the Exchange server that manages the
Recipient Update Service for the MSExchangeSA Proxy Generation
category. After logging is enabled, force the Recipient Update Service to
run and then check the application log for details about what is occurring
when the Recipient Update Service attempts to run.
Pre-Lab Discussion

One of the troubleshooting skills that an Exchange administrator must have is
being able to identify the mailbox and public folder problems that prevent users
from sending and receiving e-mail messages. These issues are indicated when a
client is unable to connect to a server running Exchange Server 2003 to access a
mailbox or a public folder. When users connect to Exchange using Outlook
Web Access (OWA) or Outlook Mobile Access (OMA), a number of issues
may arise that you need to troubleshoot.
In this context, discuss what problems might cause the following symptoms:
! A user cannot receive Internet e-mail sent to his or her e-mail address.
! A user cannot send Internet e-mail.
! A user is unable to post a message to a public folder.
Lab: Troubleshooting Public Folder and Mailbox

Problems

resolve the problem.
! Identify the underlying causes when a user cannot receive Internet e-mail
and resolve the problem.
! Identify the underlying causes when a user is unable to post a message to a
Lab Virtual PC For this lab, you will use the London Virtual PC and the Vancouver Virtual PC.
configuration The Vancouver Virtual PC is used to simulate an external organization on the
Internet for the purpose of testing e-mail flow to and from the Internet.
2. Log on as NWTraders\Administrator with the password P@ssw0rd. You
will use OWA on London to check e-mail for the affected users in the lab
scenarios. Use the URL http://london/exchange to connect to OWA on
London.
3. Start 2011_Vancouver Virtual PC. Because Vancouver is in the Microsoft
Windows NT® domain Contoso, which is not part of the same forest as
4. Log on to Vancouver as Contoso\Administrator. You will use
Outlook 2000 on the Vancouver server to send and receive e-mail to the
user accounts at NWTraders.
Lab preparation To create the troubleshooting scenarios, run the Breaklab3.vbs script from the
c:\moc\2011\Labfiles\Lab03 directory located on 2011_London Virtual PC.
read the scenario, the Level 1 support comments, and then use the flow charts to
to follow. Use the letters on the flow chart to identify the Lab Toolkit resources
that you can use to help troubleshoot the problem. After you identify a potential
completed the lab.
Note that the flow chart for Exercise 3 is located at the end of the lab.
Lab Toolkit resources: If necessary, use one or more of the Lab Toolkit resources listed in the
Exercises 1 and 2 following table to help you complete this lab.
Flow chart resources Resources used for this flow chart
B Configuring the Recipient Update Service

C D F H Help: Exchange: Checking Mailbox Size Limits. To locate this information, open
Exchange System Manager Help and then search for Define mailbox storage
limits.
C Help: Exchange: Checking Message Queues. To locate this information, open
Exchange System Manager Help and then search for queue viewer.
H Help: Exchange: Checking Recipient Filter Settings. To locate this information,
open Exchange System Manager Help and then search for Create a recipient
filter.
F Help: Exchange: Checking Sender Filter Settings. To locate this information,
open Exchange System Manager Help and then search for Create a sender filter.
A C D F H Help: Exchange: Tracking Messages. To locate this information, open Exchange
System Manager Help, select Help, select Help Topics, and then click Search.
Search for message tracking and then click Use the Message Tracking Center.
E Help: Exchange: Verifying the RGC Configuration. To locate this information,
open Exchange System Manager Help and then search for Install a routing
group connector.
B Help: Exchange: Viewing the Global Address List. To locate this information,
open Exchange System Manager Help and then search for Preview search filter
results.
C Help: Windows: Check Global Catalog Availability. To locate this information,
open Windows Help and search for Dcdiag.exe: Domain controller diagnostic
tool.
E G Help: Windows: Testing DNS. To locate information on locating resource records
using DNS administrator snap-in, open Windows Help and then search for
Manage Resource Records.
E G Help: Windows: Using NSLookup. To locate information on using NSLookup to
test DNS, open a command prompt, type NSLookup to start the NSLookup tool,
and then type Help.
B Help: Windows: Verifying Active Directory Replication. To locate this
information, open Windows Help and then search for Troubleshooting
replication: Active Directory.
C D F H Impact of Virus and Content Scanners on Messaging Functionality
A Internet E-Mail Testing Methods
B Using Dcdiag and Netdiag to Verify the Network Infrastructure
C E G Using the Telnet Command to Test Connectivity Between Exchange Servers
G Using the Telnet Command to Test the TCP Port Restrictions on a Firewall
F G H Viewing Delivery Restrictions on SMTP Connectors
B H Viewing Recipient Policies
Lab Toolkit resources: If necessary, use one or more of the Toolkit resources listed in the following
Exercise 3 table to help you complete this lab.
Flow
chart
reference Resources used for this flow chart
A Help: Exchange: Forcing Public Folder Replication. To locate this

information, open Exchange System Manager Help and then search for
Manually Start Replication.
B Help: Exchange: Mail-Enable a Public Folder. To locate this information,
open Exchange System Manager Help and then search for Create a Mail-
Enabled Public Folder.
A Help: Exchange: Verify Exchange Services are Running. To locate this
Monitor Services Used by Exchange. You can use this information to
determine the services that should be running, and then view the Services
console to verify that all required services are running.
B Help: Exchange: Verify a Public Folder Alias. To locate this information,
open Exchange System Manager Help and then search for Set the Alias
Name.
A Help: Exchange: Viewing the Global Address List. To locate this
Preview Search Filter Results.
A Help: Exchange: Viewing Public Folder Permissions in Exchange System
Manager. To locate this information, open the Exchange System Manager
and locate a public folder. Right-click the public folder and click Properties.
Then click the Permissions tab and click Help.

Troubleshooting Mailbox Problems
H
1. Verify sender used correct address and can
send to others
A 2. Check user's SMTP address and update if
Can the user necessary
Is the e-mail Can other users 3. Check recipient filtering setting
send or receive
message sent to or send or receive 4. Check message size limits and address
Start Yes e-mail from other No Yes
received from the e-mail from the restrictions on SMTP connector
Internet
Internet? Internet? 5. Check message size and mailbox size limits
recipients?
6. Check virus scanner and content scanner
7. Track message to see if the message
entered the organization
No.
internal Yes No
e-mail
B F G
1. Check if user appears in the GAL 1. Verify that the sender used the correct 1. Verify availablity of Internet
2. Check user's e-mail addresses address and can send to others in your connection
Is the GAL 3. Check Recipient Update Service organization 2. Verify external DNS MX
information for the No availability 2. Check sender filtering settings records and DNS server
user accurate? 4. Check Active Directory replication 3. Check message size limits and address availability
5. Use dcdiag and netdiag to check restrictions on SMTP Connector 3. Check firewall configuration
network connectivity 4. Check message size and mailbox size limits 4. Check SMTP virtual server
5. Check virus scanner and content scanner availability
6. Track message to see if the message 5. Check message size limits and
entered the organization address restrictions on SMTP
Yes connector
C
1. Check message queues
2. Track message
Are the sender 3. Check SMTP server functionality
and recipient on the 4. Check global catalog availability
Yes
same Exchange 5. Check if users are mailbox enabled
server? 6. Check mailbox size limits
7. Check virus scanner
8. Check content scanner
No
D
Can the
user send and 1. Check mailbox size limits
receive from 2. Check virus scanner
Yes 3. Check content scanner
recipients on other
servers? 4. Track message
No
E
1. Check network connectivity between
servers
2. Check DNS resolution between
servers
3. Check global catalog availability
4. Check SMTP server functionality
5. Check routing group connector

configuration
17
18
A
Is the e-mail
Start message sent to or
Yes
received from
the Internet?
No,
internal
e-mail
B
1. Check if user appears in the GAL
2. Check user’s email addresses
Is the GAL 3. Check Recipient Update Service
information for the No availability
user accurate? 3. Check Active Directory replication
4. Use dcdiag and netdiag to check
network connectivity
Yes
C
2. Track message
Are the sender 3. Check SMTP server functionality
and recipient on the 4. Check global catalog availability
Yes
same Exchange 5. Check if users are mailbox enabled
server? 6. Check mailbox size limits
7. Check virus scanner
8. Check content scanner
No
D
Can the user 1. Check mailbox size limits
send and receive 2. Check virus scanner
Yes
from recipients on 3. Check content scanner
other servers? 4. Track message
No
E
1. Check network connectivity between
servers
2. Check DNS resolution between
servers
3. Check global catalog availability
4. Check SMTP server functionality
5. Check routing group connector
configuration
19
20
H
1. Verify sender used correct address and can
send to others
2. Check user’s SMTP address and update if
Can the necessary
user send or Can other 3. Check recipient filtering settings
Yes receivee-mail from No users send or receive Yes 4. Check message size limits and address
other Internet e-mail from the restrictions on SMTP connector
recipients? Internet? 5. Check message size and mailbox size limits
6. Check virus scanner and content scanner
7. Track message to see if the message
entered the organization.
Yes No
F G
1. Verify that the sender used the correct 1. Verify availability of Internet
address and can send to others in your connection
organization 2. Verify external DNS MX records
2. Check sender filtering settings and DNS server availability
3. Check message size limits and address 3. Check firewall configuration
restrictions on SMTP Connector 4. Check SMTP virtual server
4. Check message size and mailbox size limits availability
5. Check virus scanner and content scanner 5. Check message size limits and
6. Track message to see if the message address restrictions on SMTP
entered the organization connector
Exercise 1
Troubleshooting Solutions When a User Cannot Send Internal
E-Mail
Scenario Bryan Walton has entered a service request. Bryan is a new employee. He states
that he is unable to send e-mail to anyone. Other users on the network can also
not send e-mail messages to him.
In this exercise, you will need to log on to OWA on London using
NWTraders\BryanWalto.
Note If Internet Explorer fails to load all data when connecting to

OWA, close and restart Microsoft Internet Explorer.
Level 1 support “Bryan is a new user who just started working here yesterday. I checked his
comments computer—it is running a standard build with Microsoft Office 2003. He can’t
open Outlook—gets an error message. Checked user account—he is in Active
Directory and it looks like he is configured correctly. I can’t send e-mail to his
account—it says the name doesn’t exist.”
You must resolve the problems so that Bryan can send and receive e-mail from
internal users.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Exercise 2
Troubleshooting Solutions When a User Cannot Receive Internet
E-Mail
Scenario Andy Teal has entered a service request. He states that he is unable to receive
e-mail from the Internet. He can send and receive e-mail internally, but when
Internet e-mail users try to send e-mail to him, they receive NDRs.
In this exercise, you will need to log on to Outlook 2000 on Vancouver using
Contoso\Administrator to send messages to Andy Teal. To confirm the
messages are delivered, you will also need to open Andy Teal’s mailbox by
using his Nwtraders\andyteal Active Directory account.
Level 1 support “Checked Andy’s computer; everything looks like it is properly configured.
comments Outlook client works fine. Can send e-mail to internal users, and receive e-mail
from internal users. Can send e-mail to the Internet – can’t receive. Even when
Internet users reply to his e-mails, they get an NDR.”
You must resolve the problem so that Andy can receive e-mail messages from
the Internet. To simulate the Internet for purposes of this lab, use the Vancouver
server.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Exercise 3
Troubleshooting Solutions When a User Cannot Post to a Public
Folder
In this exercise, you will use the flow chart located at the end of this lab and the
Lab Toolkit resources to identify and resolve the problem in the scenario.
Scenario Ben Smith has entered a service request. He states that he is unable to post
messages to a public folder named SalesReports. He can read the contents of
the messages in the public folder but cannot post messages.
NWTraders\BenSmith.
Level 1 support “Ben can send and receive e-mail without problems. Ben can see the public
comments folder in the public folder list. Checked the public folder—everyone in the
Sales department is supposed to be able to read and write to the public folder.
Permissions on the public folder seem to be set up right.”
You must resolve the problems Ben experiences when trying to post messages
to the public folder.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
24
Troubleshooting Public Folder Problems
A
1. Check folder permissions
(restart Microsoft Exchange
Is the user Is the user System Attendant to clear
Is the user able
Start able to connect to Yes able to open the Yes No server cache immediately)
to post
the public folder public folder? 2. Check public folder replication
messages?
server? 3. Check that the required
services are running
No No Yes
B
1. Check network connectivity 1. Check public folder replication
2. Check DNS configuration 1. Verify that the folder is mail
3. Check default public folder 2. Check public folder referral Is the user able enabled
store setting configuration to post via No 2. Verify that the folder is in GAL
e-mail? 3. Verify that the public folder
e-mail address is correct
Yes End
Lab Virtual PC clean-up For this lab, you used the London and Vancouver Virtual PCs. Please undo any
changes that were made during your troubleshooting by closing each virtual PC.
lost.

Lab Discussion

! What were the root causes of the problems described in the scenarios?
How will you approach these types of troubleshooting issues in your work
environment?
problems?
Unit 4: Troubleshooting Outlook Web
Access and Outlook Mobile Access
Contents
Overview 1
Troubleshooting Outlook Web Access 2
Troubleshooting Outlook Web Access in a
Front-End and Back-End Server Topology 5
Troubleshooting Outlook Mobile Access 7
Lab: Troubleshooting Outlook Web Access
and Outlook Mobile Access Problems 10
Lab Discussion 22
logo, person, place, or event is intended or should be inferred. Complying with all applicable
part of this document may be reproduced, stored in, or introduced into a retrieval system, or
respective owners.
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access 1
Overview

Microsoft® Outlook® Web Access (OWA) and Microsoft Outlook Mobile
Access (OMA) are two of the key Microsoft Exchange Server 2003
components that make e-mail accessible from anywhere and on any device that
can connect to the Internet.
In order to troubleshoot OWA and OMA problems, you need to understand the
architecture used to deploy these services. Both OWA and OMA use Internet
Information Server (IIS) 5.0 or 6.0 to provide access to the Exchange
information to Internet clients, so you may need to troubleshoot IIS issues as
well as Exchange issues. Most companies deploy OWA and OMA in a front-
end and back-end topology, which introduces another layer of complexity to
troubleshooting.
! Identify the underlying causes when a user cannot access OWA because of a
security error.
! Identify the underlying causes when a user cannot access OWA because of
an authentication error and resolve the problem.
! Identify the underlying causes when a user cannot access OMA and resolve
the problem.
2 Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
Troubleshooting Outlook Web Access

OWA in Exchange Server 2003 provides access to messaging information on
the Exchange server to users with an Internet browser client. To provide this
functionality, OWA is tightly integrated with IIS 5.0 or 6.0.
OWA components OWA requires the following components in order to function:
1. Internet Information Services 5.0 or 6.0. The HTTP virtual server on the
Exchange server accepts HTTP requests. If the URL for the requested
information includes the Exchange virtual directory, the HTTP request is
passed to the Exchange Internet Server Application Programming Interface
(ISAPI) application.
2. Exchange Server 2003. The HTTP request is parsed by the ISAPI
application and passed to the Exchange store. The Exchange server verifies
the user has permission to view or modify the requested item. If the user has
the required permissions the item is passed back to the Exchange ISAPI
application, which renders the content into Hypertext Markup Language
(HTML) or Extensible Markup Language (XML) and then passes the data
through IIS to the client.
3. Microsoft Active Directory® domain controllers. The OWA server must be
able to communicate with the domain controller and global catalog server to
determine user permissions and perform address book lookups. The IIS and
Exchange configuration information is also stored in Active Directory.
Troubleshooting OWA Troubleshooting OWA is complicated by the fact that there are several
components involved when the OWA client accesses the Exchange server.
However, the error messages that you receive in your browser when you try to
connect to Exchange by using OWA often provide useful information. The
following table lists some of the common error messages that you may receive
and some options for troubleshooting the errors.
Error Message Troubleshooting the Error Message
401 Access Denied • Confirm that the username and password are correct.
401 Logon Failed • Enter the user name using the domain\username format
rather than a UPN.
• Confirm that the user has permission to use OWA.
403 Access Denied • Confirm that the user has access to the resource they are
trying to access.
• Check the SSL configuration—the user will get this
message if they are using HTTP rather that HTTPS and the
site requires SSL.
404 Not Found • Confirm that the object the user is trying to access exists on
the Exchange server.
• Check the configuration of URLscan in IIS to confirm that
URLscan is not blocking access to the required URL.
• In a front-end and back-end topology, confirm that the
front-end server can communicate with the back-end server.
• Confirm the user is using a server name that is identical to
the host header on the Exchange virtual server.
500 Internal Server • Confirm that the Exchange server can communicate with an
Error Active Directory server.
• If the client is using Kerberos for authentication, confirm
that the time difference between the client computer and the
OWA server are within acceptable limits.
503 Service • Confirm that the Information Store service is running and
Unavailable that the required mailbox store is mounted.
• If you have configured additional virtual servers to support
multiple domain names, confirm that the virtual directories
are configured correctly.
E-mail messages do • Check the firewall or proxy server settings to ensure they
not display in the are not blocking the content.
Contents pane
When troubleshooting OWA, first ask some basic questions:

! Are all users affected or just one individual? If all users are affected, then
the problem is probably a server configuration error. You can begin
troubleshooting by identifying the type of error that is sent to the client, and
then troubleshoot the IIS and Exchange server configuration. If only one
user is affected, the problem is likely a mailbox configuration error or a user
error, so you would start the troubleshooting at the individual user or
mailbox level.
! Are all Web browsers affected or only specific browsers? When a user
connects to the OWA server, the Exchange ISAPI application detects what
Web browser version the client is using, since different Web browsers have
different functionality. For example, Microsoft Internet Explorer 4.0 and
later support Windows® Integrated Authentication, while earlier versions
and non-Microsoft clients do not. Internet Explorer 5.0 and later clients
support the use of XML and WebDAV. If all browsers are affected, then the
problem is likely to be a server configuration problem that is not specific to
the new features supported by newer browsers. However, if the problem is
client specific, you can start your troubleshooting with the client-specific
features. If Internet Explorer 6.0 clients can connect, but Netscape
Navigator clients cannot, check the authentication settings. If the opposite is
true, check the firewall configuration to see if it is blocking the XML or
WebDAV content.
! Is all OWA functionality affected or only some parts? By default, the OWA
server includes several virtual directories under the default Web site to
enable OWA and OMA mailbox and public folder access. In addition, you
may need to configure additional virtual servers and directories on the
server to support additional SMTP domains. When troubleshooting, you
should check if all OWA functionality is affected or only some parts. For
example, if users can access their mailboxes but not the public folders, you
can just troubleshoot the connection to the public folder store. You can
check whether the public folder store is mounted, or check to see if the
public folder server is available. If users can access mailboxes on the default
Web site but cannot access their mailboxes using other virtual Web sites on
the same server, you can focus your troubleshooting only on the Web sites
with problems.
Troubleshooting Outlook Web Access in a Front-End and

Back-End Server Topology

Most companies that deploy OWA use a front-end and back-end server
topology. There are many advantages to using this topology, but it can also
complicate OWA troubleshooting. Troubleshooting is more complicated in a
front-end and back-end server topology because you need to test connections
between multiple servers, as well as possibly troubleshoot network traffic
crossing two firewalls.
Front-end and back-end There are several benefits to deploying OWA in a front-end and back-end
server topology benefits topology. These advantages include:
! Clients use a single namespace. All users can use the front-end server URL
to access their mailbox on any back-end server.
! Offload SSL processing. You can offload the processing required for SSL to
the front-end servers, which can perform all encryption and decryption of
the SSL traffic.
! Enhance security. In most cases, companies deploy the front-end server in a
perimeter network, with the back-end servers located on the corporate
intranet. The screened subnet is protected from the Internet by an external
firewall and a second firewall is placed between the screened subnet and
intranet. You can then limit what traffic can pass through each firewall.
! Scalability. The front-end and back-end topology can be scaled to almost
any size by deploying several front-end servers in a Network Load
Balancing (NLB) cluster.
Troubleshooting OWA in When you are troubleshooting a front-end and back-end configuration, you will
a front-end and back- use many of the same steps that you use when you are troubleshooting a single
end topology OWA server. The one significant additional step that you may need to include
when troubleshooting OWA in a front-end and back-end configuration is
troubleshooting multiple servers. In most cases, users will be accessing OWA
from the Internet. This means that the clients must connect to the front-end
server through the Internet firewall. The front-end server must then connect to a
domain controller and the back-end server. You may need to troubleshoot the
OWA on each server:
! Test functionality on the back-end server. The initial step in troubleshooting
a front-end and back-end topology is to verify that OWA clients can connect
to the back-end server. In order for OWA to work through the front-end
server, it must first work on the back-end server. If you cannot connect to
the back-end server by using OWA, you can use the single server
troubleshooting steps discussed in the previous topic to determine the cause
of the failure. If the OWA works on the back-end server, then move on to
troubleshooting the front-end server.
! Test functionality on the front-end server from the internal network. The
second component to test in this topology is the front-end server. You will
need to connect to the front-end server from the internal network and check
the functionality. If you cannot connect to the front-end server by using
OWA, a problem exists between the front-end server and the back-end
server. You may need to test the internal firewall configuration, or check the
DNS configuration to ensure that the front-end server can locate a domain
controller and the back-end server. If you can connect to the front-end
server from the internal network, then the problem is located between the
front-end server and the Internet, most likely on the external firewall.
! Test all virtual servers on the front-end and back-end servers. Front-end
virtual servers and virtual directories that point to mailbox stores must use
the same domain names as the corresponding back-end virtual servers or
directories. If you can connect to a virtual server on a back-end server, but
cannot connect to the same virtual server from the front-end, then ensure
that the virtual servers on both servers are configured the same way.
Troubleshooting Outlook Mobile Access

Outlook Mobile Access (OMA) enables users to access their Exchange
Server 2003 mailbox by using a browser-enabled mobile device. Users can use
devices such as mobile phones and PDAs that use Extensible Hypertext Markup
Language (XHTML), compact HTML (cHTML), or standard HTML browsers
to connect to their inbox, calendar, contacts, tasks, and perform global address
list (GAL) searches. In addition to mobile phones, Windows Mobile™ devices
using Microsoft Pocket Internet Explorer and desktop personal computers using
Internet Explorer 6.0 or later also support OMA.
OMA architecture The Exchange Server 2003 architecture to support OMA is essentially the same
as is used for OWA. When OMA is enabled on an Exchange server, two
additional virtual directories are created under the default Web site. The OMA
virtual directory is used by OMA clients to connect to the mailboxes on the
server. The Microsoft-Server-ActiveSync® virtual directory is used by
ActiveSync clients to download messages from the Exchange server. When an
OMA client connects to the Exchange server, the client must also be able to
access the Exchange virtual directory.
OMA is also supported in a front-end and back-end topology. To enable OMA
in this topology, both the front-end and back-end servers must be configured for
OMA.
Troubleshooting OMA Because OMA uses the same infrastructure as OWA, much of the
troubleshooting for OMA will be the same as it is for OWA. However, there are
some configurations which are unique to OMA that you may need to
troubleshoot:
! Check the global settings. In order for clients to use OMA, you must enable
OMA on the global settings for the Exchange organization. You do this by
accessing the properties for Mobile Services under the Global Settings and
selecting Enable Outlook Mobile Access. If you want users to be able to
access OMA using unsupported devices such as Internet Explorer 6.0, you
must also select Enable unsupported devices. If these options are not
selected, then the user will receive an error message saying that the account
is not enabled for OMA when they try to connect.
! Check individual mailbox configurations. You must also enable OMA on
each mailbox before a user will be able to access their mailbox using OMA.
You can do this by accessing the user properties in Active Directory Users
and Computers; select the Exchange Features tab and enable OMA. If this
option is not selected, the user will receive an error message saying that the
account is not enabled for OMA when they try to connect.
Note If you are using a front-end and back-end server topology, both
servers must be running Exchange Server 2003 in order to enable OWA.
Pre-Lab Discussion

OWA and OMA are two of the key Exchange Server 2003 components that
make e-mail accessible from anywhere and on any device that can connect to
the Internet. Because users are accessing OWA and OMA from anywhere using
a variety of Web and mobile access devices, troubleshooting these services can
be complicated.
A number of issues that you may need to troubleshoot can arise when users
connect to Exchange using OWA or OMA. In this context, discuss what
problems might cause the following symptoms:
! A user cannot access OWA because of a service not found error.
! A user cannot access OWA on a front-end server and the user receives an
authentication error.
! A user cannot access OMA on a front end server.
Lab: Troubleshooting Outlook Web Access and Outlook

Mobile Access Problems

security error.
! Identify the underlying causes when a user cannot access OMA and resolve
the problem.
! Identify the underlying causes when a user cannot access OWA because of
an authentication error and resolve the problem.
Lab Virtual PC For this lab, you will use the London Virtual PC and the Miami Virtual PC. The
configuration Miami Virtual PC will be configured as a front-end server.
1. Start 2011_London-Virtual PC, if it is not already started.
2. Log on as NWTraders\Administrator with a password of P@ssw0rd. You
may use OWA on London to check e-mail for the affected users in the lab
scenarios.
3. Start 2011_Miami Virtual PC. Log on as NWTraders\Administrator.
4. Use Exchange System Manager to browse to the Miami server object, right-
click the server object, and then click Properties.
5. Select This is a front-end server, and then click OK.
6. Restart Miami by clicking Start, Shut Down, and then Restart. Do not
restart Miami by using Virtual PC, as this will save changes made in the lab.
7. You need to use Internet Explorer on Miami to access OWA and OMA. To
connect to the front-end server for OWA, open Internet Explorer and
connect to http://miami/exchange. To connect to the front-end server for
OMA, open Internet Explorer and connect to http://miami/oma.
read the scenario and the Level 1 support comments and then use the flow
charts to identify the root cause of the problem. You will then need to perform
the test case presented at each decision point in the flow chart to determine
which path to follow. Use the letters on the flow chart to identify the
Toolkit resources that you can use to help troubleshoot the problem. After you
identify a potential solution, make the configuration change and then test your
solution. When your solution resolves the problem presented in the scenario
you have successfully completed the lab.
Lab Toolkit Resources If necessary, use one or more of the following Lab Toolkit resources to help
you complete this lab:
Flow Chart Resources Resources Used for this Flow Chart
A B C D F J Firewall Configuration Required to Support Front-End and Back-

End Servers
E I Help: Exchange: Checking global settings. To locate this
information, open Exchange System Manager help and search for
Enable Outlook Mobile Access for All Users.
D E I J Help: Internet Information Services: Configuring SSL on Servers.
To locate information regarding SSL on virtual directories, search
Internet Information Services help for Configuring SSL on Servers
and then select Configuring SSL on Servers.
B G Help: Windows: How to use TCP/IP command-line utilities. To
locate this information, open Windows help and then search for
Command-line utilities: TCP/IP.
C D E F H I J Help: Windows: Testing DNS. To locate information on locating
resource records using DNS administrator snap-in, search for
Manage Resource Records.
D E I J Help: Windows: Troubleshoot IPSec. To locate information
regarding troubleshooting IPSec, search Windows Server 2003
Online Help for IPSec and then select Troubleshooting: Internet
Protocol Security (IPSec).
C H Help: Windows: Using IPConfig. To locate this information, open
Windows help and search for Ipconfig: Command-line reference.
C D E F H I J Help: Windows: Using NSLookup. To locate information on using
NSLookup to test DNS open a command prompt, type NSLookup to
start the NSLookup tool, and then type Help.
D J Outlook Mobile Access Requirements
D E I J Securing a Front-End and Back-End Server Infrastructure
A D F J Using the Telnet Command to Test the TCP Port Restrictions on a
Firewall
B G Verifying that a Server is Online
E I Verifying the Configuration of the Default Web Site

Troubleshooting OWA and OMA Problems
Start
A
Can you run
OWA/OMA on the 1. Check external firewall
front-end server? configuration
Yes
Yes 2. Check open ports and port
redirection configuration
Is the user on Can the client Can the client 3. Check packet filtering
the internal network Internet ping the server Yes ping the server configuration
or on the Internet? IP address? host name?
No
D
No No 1. Check internal firewall
2. Check open ports and port redirection
B C configuration
Can you run 3. Check packet filtering configuration
OWA/OMA on the Yes 4. Check DNS
1. Check if the client can connect 1. Check DNS
back-end server? 5. Check front-end back-end security
Internal to other Internet sites 2. Check client's DNS server
2. Check if the server is online settings configuration
3. Check firewall configuration 3. Check firewall configuration 6. Check Outlook Mobile Access
4. Check IP routing configuration
No
E
Can you run F
OWA/OMA on the 1. Check global settings
front-end server? 2. Check default Web site
Yes 1. Check internal firewall for
internal network to perimeter configuration
Can the client Can the client 3. Check security configuration
ping the server ping the server network configuration
Yes (SSL, IPSec)
IP address? host name? Yes 2. Check open ports and port
redirection configuration 4. Check Web site availability
No 3. Check packet filtering 5. Check DNS
configuration
4. Check DNS
Can you run

No No
OWA/OMA on the
back-end server?
G H J
1. Check if client can connect to 1. Check DNS 1. Check internal firewall
other internal Web sites 2. Check client DNS server Yes 2. Check open ports and port
2. Check if the server is online settings No redirection configuration
3. Check IP routing 3. Check packet filtering
I configuration
4. Check DNS
5. Check front-end back-end
1. Check global settings security configuration
2. Check default Web site 6. Check Outlook Mobile Access
configuration configuration
3. Check security configuration
(SSL, IPSec)
4. Check Web site availability
5. Check DNS
Unit 4: Troubleshooting Outlook Web Access and Outlook Mobile Access
13
14
Start
Can you run

OWA/OMA on the
front-end server?
Yes
Is the user on Can the client Can the client
the internal network Internet ping the server Yes ping the server
or on the Internet? IP address? host name?
No
Yes
Internal No No
A
1. Check external firewall
configuration
2. Check open ports and port
redirection configuration
3. Check packet filtering
configuration
No D
1. Check internal firewall
2. Check open ports and port redirection
configuration
Can you run 3. Check packet filtering configuration
Internal No No OWA/OMA on the Yes 4. Check DNS
back-end server? 5. Check front-end back-end security
configuration
B C 6. Check Outlook Mobile Access
configuration
1. Check if the client can connect 1. Check DNS
to other Internet sites 2. Check client’s DNS server
2. Check if the server is online settings
3. Check firewall configuration 3. Check firewall configuration
4. Check IP routing E
No 1. Check global settings
2. Check default Web site
configuration
3. Check security configuration
(SSL, IPSec)
Can the client 4. Check Web site availability
ping the server Yes 5. Check DNS
IP address?
No
G
1. Check for open relay
2. Update antivirus signatures
3. Check antivirus and content
scanning quarantine
15
16
Can you run F

OWA/OMA on the
front-end server? 1. Check internal firewall for
Yes internal network to perimeter
Can the client Yes
network configuration
Yes ping the server 2. Check open ports and port
host name? redirection configuration
No
configuration
4. Check DNS
No
Can you run
OWA/OMA on the
back-end server?
H J
1. Check DNS Yes 1. Check internal firewall
2. Check client DNS server 2. Check open ports and port
settings No redirection configuration
I configuration
4. Check DNS
1. Check global settings 5. Check front-end back-end

2. Check default Web site security configuration
configuration 6. Check Outlook Mobile Access
3. Check security configuration configuration
(SSL, IPSec)
4. Check Web site availability
5. Check DNS
Exercise 1
Troubleshooting Solutions When a User Cannot Access Outlook
Web Access
Virtual PC.
Scenario Amy Rusko has entered a service request. She is trying to access her e-mail
from home using OWA. When she tries to connect to OWA, Amy receives an
error indicating that the service is not available.
In this exercise, you will need to log on to Outlook Web Access on Miami
using NWTraders\amyrusko.
Level 1 support “Talked to Amy at home—she is using Internet Explorer 6.0. She had no
comments problem accessing her e-mail when she was in the office during the day. The
problem showed up when she tried to use OWA from home. She gets the logon
screen but when she enters her user name and password, she receives an error
message saying that she needs to use https:// to connect to the server. When she
tries to connect using https://miami.nwtraders.msft, she receives an error
indicating that the page cannot be displayed.”
You must resolve the problems so that Amy can connect to the front-end
Exchange server using OWA.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Exercise 2
Troubleshooting Solutions When a User Cannot Access Outlook
Mobile Access
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab4b.bat
Virtual PC.
In this exercise, you will be using Internet Explorer to simulate a wireless
device. To use Internet Explorer as an OMA device, use the following
procedure:
1. On Miami, click Start, click Run, type http://Miami/oma and then click
OK.
2. If prompted with a Security Alert dialog box, click Add twice and then
click Close. If prompted with a second Security Alert dialog box, click Yes
to proceed.
3. When prompted for your logon credentials, log on with a user account that
has access to OMA. Use the domainname\username format.
4. When prompted that your device type is not supported, click OK.
Scenario Raman Iyer has entered a service request. Raman is trying to access his e-mail
from his Web phone using OMA. When he tries to connect to OMA he receives
an error message.
In this exercise, you will need to log on to OMA on Miami using
NWTraders\ramaniyer.
Level 1 support “Talked to Raman at the airport where he just landed. He is using a supported
comments cell phone – he can browse other sites using his cell phone. His e-mail worked
on his desktop computer in the office when he left this afternoon. He gets the
logon screen, and uses the domain name and his user name to connect, but then
receives an HTTP 404 error indicating that the file or directory is not found. All
servers are working.”
You must resolve the problems so that Raman can connect to the Exchange
server using OMA.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Exercise 3
Troubleshooting Solutions When a User Cannot Log In to Outlook
Web Access
Exercise preparation To create the troubleshooting scenario for this exercise, run the breaklab4c.bat
Virtual PC.
In this exercise, you will need to log in to OWA on Miami using
NWTraders\hanyingfeng.
Scenario Hanying Feng has entered a service request. He is trying to access his e-mail
from a hotel room using OWA. When Hanying tries to connect, he gets an
authentication error.
Level 1 support “Talked to Hanying at the hotel room where he is staying—he is using Internet
comments Explorer 6.0. He has been gone from the office for about a week; this is the first
time he has tried to access his e-mail in the last week. He gets the logon screen,
but when he enters his user name and password he is not authenticated. Instead
he just gets the logon screen again. All servers are working.”
You must resolve the problems so that Hanying can connect to the Exchange
server using OWA.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Lab Virtual PC For this lab, you used the Miami and London Virtual PCs. Please undo any
lost.

1. On Miami, on the menu, click PC, click Shut Down, click Turn off PC
Note Start the 2011_London Virtual PC to prepare for the next unit’s lab.
Do not shut it down again until instructed.
Lab Discussion

What steps did you follow in the troubleshooting flowcharts?
! What were the root causes of the problem described in the scenario?
place?
! What steps would you take in the future when troubleshooting similar
problems?
Unit 5: Troubleshooting Client
Connectivity
Contents
Overview 1
Messaging Clients Used to Access
How Messaging Clients Connect to
Additional Services Required for
Connecting to Exchange Server 2003 7
Lab: Troubleshooting Client Connectivity
Problems 10
Lab Discussion 20
respective owners.
Unit 5: Troubleshooting Client Connectivity 1
Overview

In this unit, you will learn how to troubleshoot the connection between a client
and a Microsoft® Exchange Server server, particularly the messaging client and
its connection to the server. The focus of this unit is on client configuration
issues and those services needed by the client in order to connect to the
computer running Microsoft Exchange Server 2003. Most problems reported by
users who cannot access their e-mail are related to the ability of the messaging
client to access and connect to the e-mail server. These connection problems
can arise whether the user is an internal user on the local area network or a
remote user connecting from the Internet.
! Identify the underlying causes when a user is unable to send e-mail to the
Internet from home using Outlook Express and resolve the problem.
! Identify the underlying causes when a user receives a “The connection to
the server has failed” message from home and resolve the problem.
! Identify the underlying causes when a new user receives an error message
when trying to connect to his or her mailbox and resolve the problem.
2 Unit 5: Troubleshooting Client Connectivity
Messaging Clients Used to Access Exchange Server 2003

How you troubleshoot the connection between a messaging client and an
Exchange server will depend on the messaging client used. Not all messaging
clients use the same protocols and ports. For example, knowing that a Microsoft
Outlook® Web Access (OWA) client uses a different port than the ports used by
an Outlook client will help when it comes to troubleshooting each of these
messaging clients. If one messaging client works while another messaging
client does not work, you can focus your troubleshooting on the differences
between the messaging clients.
Messaging clients The table below identifies various messaging clients, their usage and
troubleshooting solutions.
Messaging clients Messaging client usage and troubleshooting
Microsoft Outlook • The Outlook client is Microsoft’s full-featured, rich mail

client.
• Outlook uses MAPI to make and maintain connections to
the Exchange server environment.
• Outlook 2003 can make remote procedure call (RPC)
connections over HTTP connections.
• You can configure an Exchange Server 2003 front-
end server to accept RPC over HTTP connections and
act as a proxy to connect to the back-end server,
where the user’s mailbox exists.
• By using RPC instead of HTTP, Outlook users can
connect to their mailbox across the Internet, without
using a virtual private network (VPN) connection into
the corporate network.
• Using RPC over HTTP will ease troubleshooting
connections through a firewall.
(continued)
Microsoft Outlook • Troubleshooting the connection between an Outlook

(continued) client and an Exchange server requires:
• Troubleshooting RPC connections.
• Troubleshooting MAPI profiles.
• Troubleshooting router and firewall port mappings.
Microsoft Outlook • Outlook Express is often used by remote users who only
Express need access to e-mail and who do not need all of the
functionality of the Outlook client application.
• Troubleshooting Outlook Express is simply a matter of
verifying that the proper virtual servers are running, and
that the firewall has properly published the ports:
• 25 for outbound and inbound Simple Mail Transfer
Protocol (SMTP) messages to and from Internet
SMTP servers
• 465 for SMTP that is secured using Secure Sockets
Layer (SSL)
• 110 for Post Office Protocol version 3 (POP3) for
Outlook Express clients to pick up e-mail from the
Exchange server environment
• 995 for POP3 that is secured using SSL
• 143 for Internet Message Access Protocol version
4rev1 (IMAP4) for Outlook Express clients to pick up
e-mail from the Exchange server environment
• 993 for IMAP4 that is secured using SSL
• 80 for HTTP for Outlook Express clients to download
e-mail from their Exchange server
• 443 for HTTP that is secured using SSL
OWA • One of the most flexible e-mail clients is OWA. Almost
any Web browser can be used to access e-mail from an
Exchange server using OWA.
• Troubleshooting OWA is much easier than
troubleshooting any other client since OWA is comprised
of Web pages being served from the Exchange server.
• OWA is often used by e-mail administrators to help
troubleshoot other e-mail clients. If OWA is able to send
and receive e-mail internally as well as to and from the
Internet, you can be sure that the Exchange server is up
and running properly.
• Troubleshooting OWA requires:
• Verifying that the proper fully qualified domain name
is being used.
• Verifying that the OWA server can be reached from
the Internet.
• Verifying that the user prefaced the URL with https://
in the event it is secured with SSL.
(continued)
Microsoft Outlook • Outlook Mobile Access is used by mobile devices such

Mobile Access (OMA) as cell phones and wireless PDAs to access Exchange
mailbox and public folder data.
• Increased use of mobile devices requires more
troubleshooting.
• Many mobile devices connect to the Exchange server
using HTTP.
• Troubleshooting mobile devices requires:
• Verifying that port 80 and 443 are available.
• Verifying that the mobile user content is available on
the server.
Other applications • E-mail access is not limited to Microsoft e-mail client
applications only.
• Many e-mail clients function as POP3 or IMAP4 clients.
• Troubleshooting other applications requires the same
process as Outlook Express, which is described earlier in
this table.
How Messaging Clients Connect to Exchange

Server 2003

When troubleshooting messaging clients, you need to understand where each
messaging client is used and what ports the messaging client needs. This is very
important in troubleshooting messaging clients, especially those clients that are
outside the company network.
The messaging client does not connect to Exchange Server 2003 unless the
proper services are running on the server. Messaging clients outside the
company will also have to contend with the firewall. Troubleshooting external
messaging clients will often require verification that the firewall has properly
published the port and mapped it to the Exchange server.
When troubleshooting, remember to check the connections used by different

messaging clients, some of which are listed in the following table.
Messaging clients Protocol and port connections to Exchange
Outlook • Outlook 2003 normally connects using RPC across

a local area network (LAN), a WAN, or a VPN
connection.
• Using RPC over HTTP, however, Outlook 2003
uses:
• 80 for HTTP
Outlook Express • Outlook Express can combine IMAP4 and SMTP
or combine POP3 and SMTP to provide messaging
connectivity to the Exchange server.
• Outlook Express can also use SSL.
• The ports used for messaging in Outlook Express
include:
• 25 for SMTP connections
• 465 for SMTP that is secured using SSL
• 110 for POP3 connections
• 995 for POP3 that is secured using SSL
• 143 for IMAP4 connections
• 993 for IMAP4 that is secured using SSL
• 80 for HTTP
OWA • OWA connections use:
• 80 for HTTP
OMA • OMA connections use:
• 80 for HTTP
Additional Services Required for Connecting to


Several different protocols and services are required in order for a client
application to connect to an Exchange server. You must include these protocols
and services in your troubleshooting processes when troubleshooting client
connectivity. For example, without DNS, the messaging client would not be
able to find the Exchange server and connect to the proper port using its fully
qualified domain name.
The following table lists several protocols and services that will help you in
troubleshooting client connectivity.
Service How it is used by Exchange and messaging client
DNS • DNS is required in three situations:

• DNS is used by the client application to resolve the fully qualified
name of the Exchange server for remote users and to resolve the
simple host name for internal users. Once the name of the server has
been resolved to an IP address, the connection can take place.
• DNS is used by the Exchange server to send SMTP e-mail to an
internal smart host or to send e-mail directly to the receiving
domain by resolving the mail exchanger (MX) record to the proper
IP address and then making the connection over port 25.
• DNS is used by mail servers on the Internet to find the Exchange
server for the company to which they want to send e-mail. If the
sending server cannot find the MX record or cannot properly
resolve the MX record, the connection will not take place and
e-mail will not be received.
(continued)
Service How it is used by Exchange and messaging client
IIS • Internet Information Services (IIS) is required for hosting Web

server content used to generate pages for browser clients.
• OWA requires IIS to host content for users who access their e-mail
using a compliant browser.
• OMA requires IIS to host content for the many different types of
mobile clients who access e-mail via the Web.
NNTP • Network News Transfer Protocol (NNTP) is required to access the
public folders in a company using a news reader like Outlook
Express.
• If individuals are having trouble accessing public folders or posting
to public folders, check permissions after verifying that the NNTP
and Microsoft Exchange Information Store services are running and
that NNTP is available for the client connection.
IMAP4 • IMAP4 is used by Outlook Express and other remote e-mail client
applications to connect to the Exchange server and retrieve e-mail.
• When troubleshooting failing IMAP4 clients, check to make sure
DNS is resolving properly, the firewall is allowing traffic flow
using the IMAP4 port, and the IMAP4 service is running properly.
POP3 • POP3 is often used by Outlook Express and other remote e-mail
client applications to connect to the Exchange server from the
Internet.
• POP3 and IMAP4 are used mostly by remote e-mail users.
• When troubleshooting failing POP3 clients, check to make sure
DNS is resolving properly, the firewall is allowing POP3 traffic
flow, and the POP3 service is running properly.
SMTP • SMTP is used by Outlook Express and other remote e-mail client
applications to send e-mail to the Internet.
• SMTP is used by Exchange Server 2003 to transfer messages
between Exchange servers, depending on the location of the
recipient’s mailbox.
• SMTP troubleshooting is similar to troubleshooting IMAP4 and
POP3 virtual servers.
• When troubleshooting SMTP, check DNS first, verify that the
firewall is not blocking port 25, and verify that the SMTP service is
available and running.
Pre-Lab Discussion

Client connectivity problems will impact all network-based applications. Since
Exchange Server 2003 supports different types of messaging clients, it is
important to know the differences between the client types and how to
troubleshoot each type. It is especially important to note the differences
between the messaging clients when troubleshooting their connectivity to the
Exchange server.
Discuss what problems might cause the following symptoms:
! An Outlook Express user cannot send e-mail to the Internet from home.
! An Outlook Express user cannot access their e-mail from home. The user
receives a “The connection to the server has failed” message.
! A new user running Outlook cannot open their mailbox.
Lab: Troubleshooting Client Connectivity Problems

In this lab, you will troubleshoot problems with messaging client connectivity.
Each exercise can be solved using the Lab Toolkit resources and the processes
provided in the accompanying flow chart.
Internet from home using Outlook Express and resolve the problem.
the server has failed” message from home and resolve the problem.
! Identify the underlying causes when a new user receives an error message
when trying to connect to his or her mailbox and resolve the problem.
Lab Virtual PC For this lab, you will use the Acapulco, London, and Vancouver Virtual PCs.
configuration The Acapulco Virtual PC is used to provide a messaging client for internal
users as well as external users. London is a domain controller, global catalog
server, DNS server, and Exchange Server 2003 server. Vancouver is a
Microsoft Windows NT® 4.0 domain controller that is also running
Exchange 5.5 and Outlook 2000.
To prepare for this practice:
2. Log on as NWTraders\Administrator with the password P@ssw0rd.
3. Start the 2011_Acapulco Virtual PC and log on as nwtraders\chrisgray.
4. Start the 2011_Vancouver Virtual PC.
5. Log on as Contoso\Administrator with the password P@ssw0rd.
read the scenario, the Level 1 support comments, and then use the flow charts to
to follow. Use the letters on the flow chart to identify the Lab Toolkit resources
that you can use to help troubleshoot the problem. After you identify a potential
completed the lab.
following table to help you complete this lab.
Flow chart reference Resources used for this flow chart
F E-Mail Blocked from Subscribers of an Exclusion List (Block List)

A C D F G Help: Exchange: Authentication Methods Used in Exchange Server 2003. To
locate this information, open Exchange System Manager Help and then search for
Edit authentication methods.
E Help: Exchange: Check Mobile Services Permissions. To locate this information,
open Exchange System Manager Help and then search for Set mobile service
settings.
A E Help: Exchange: Check Protocol Permissions. To locate this information, open
Exchange System Manager help and then search for Set protocol settings.
G Help: Exchange: Managing Message Queues. To locate this information, open
Exchange System Manager Help and then search for Manage message queues.
A C D Help: Exchange: Managing Virtual Servers. To locate this information, open
Exchange System Manager Help, search for Configure virtual servers, and click
the appropriate topic for the type of virtual server. Topics of particular interest
include Configure an SMTP Virtual Server and Create Additional SMTP
Virtual Servers.
E Help: Exchange: Verify Mobile Services are Configured on the Server. To locate
this information, open Exchange System Manager Help and then search for
Enable Outlook Mobile Access for all users.
A B Help: Windows: How to Use TCP/IP Command-Line Utilities. To locate this
information, open Windows Help and then search for Command-line utilities:
TCP/IP.
A B C D E F G Help: Windows: Testing DNS. To locate information on locating resource records
using the DNS administrator snap-in, open Windows Help and then search for
Manage resource records.
B Help: Windows: Troubleshooting TCP/IP. To locate this information, open
Windows Help and then search for Troubleshooting: TCP/IP.
B Help: Windows: Using IPConfig. To locate this information, open Windows Help
and then search for Ipconfig: Command-line reference.
B E Help: Windows: Using NSLookup. To locate information on using NSLookup to
test DNS, open a command prompt, type NSLookup to start the NSLookup tool,
and then type Help.
A Help: Windows: Verifying SMTP. To locate this information, open Windows
Help and then search for Managing services: Common administrative tasks.
F G Impact of Virus and Content Scanners on Messaging Functionality
C D E F G Using the Telnet Command to Test the TCP Port Restrictions on a Firewall
B E Verifying that a Server is Online
A Verifying that the Smart Host is Running

Messaging Client Unable to Connect to
Exchange Server 2003 Server
Start
A
1. Verify SMTP is running
2. Verify smart host is running, if
used
3. Verify that virtual servers are Which
configured appropriately including messaging client is
IMAP/POP IMAP
for authentication and for SSL being used, POP
4. Check protocol permissions or IMAP?
5. Verify route to server
What messaging 6. Test DNS
client is being
used?
POP
C D
B 1. Test POP3 virtual server 1. Test IMAP4 virtual server
2. Verify that virtual servers are 2. Verify that virtual servers are
1. Verify IP configuration on client is configured appropriately including configured appropriately including
correct for authentication and for SSL for authentication and for SSL
2. Test DNS from client 3. Verify firewall allows port 110 3. Verify firewall allows port 143
MAPI 3. Verify server is online and 995 and 993
4. Test network route 4. Test DNS 4. Test DNS
5. Check hosts and Imhosts files
OWA/OMA
Can the user

Yes send Internet
E e-mail?
1. Check protocol permissions

2. Check mobile services
premissions on account Can the user
3. Verify mobile services configured End Yes receive Internet No
on server e-mail?
4. Test DNS from client
6. Check firewall publication and G
redirection of OWA and OMA sites
No
1. Test SMTP using Telnet on port
F 25 from Exchange server
2. Verify that appropriate
authentication is enabled
1. Check external DNS (MX
3. Test DNS
Records)
2. Test SMTP virtual servers using
5. Check antivirus and content
Telnet on port 25 from Internet
quarantines
3. Check e-mail block lists
4. Check anti-virus/content scanners

5. Check SMTP authentication
13
14

Start
A
1. Verify SMTP is running
2. Verify smart host is running, if
used
Which
3. Verify that virtual servers are
messaging client is
configured appropriately including IMAP
being used, POP
for authentication and for SSL
IMAP/POP or IMAP?
5. Verify route to server
What messaging
6. Test DNS
client is being
used? POP
C D
B 1. Test POP3 virtual server 1. Test IMAP4 virtual server
2. Verify that virtual servers are 2. Verify that virtual servers are
MAPI 1. Verify IP configuration on client
configured appropriately including configured appropriately including
is correct
for authentication and for SSL for authentication and for SSL
3. Verify firewall allows port 110 3. Verify firewall allows port 143
and 995 and 993
4. Test network route
4. Test DNS 4. Test DNS
5. Check hosts and lmhosts files
Can the user

Yes send Internet
E e-mail?
2. Check mobile services
permissions on account Can the user
3. Verify mobile services configured End Yes receive Internet
on server e-mail? No
6. Check firewall publication and
redirection of OWA and OMA sites G
No
F 1. Test SMTP using Telnet on port

25 from the Exchange server
1. Check external DNS (MX Records) 2. Verify that appropriate
2. Test SMTP virtual servers using authentication is enabled
telnet on port 25 from Internet 3. Test DNS
3. Check e-mail block lists 4. Check message queues
4. Check anti-virus/content scanners 5. Check antivirus and content
5. Check SMTP authentication quarantines
15
Exercise 1
Outlook Express User Unable to Send E-Mail to the Internet
Virtual PC.
Scenario Chris Gray has entered a service request. He states that he is unable to send or
receive e-mail to and from an Internet recipient from his home computer. He
says that he is able to receive e-mail from internal users.
On Acapulco, create an Outlook Express IMAP mail account for
NWTraders\ChrisGray. His account must be configured to use SSL for SMTP
communications and to require authentication for outgoing mail. Use this
Outlook Express account to connect to the London server and troubleshoot the
connection.
Level 1 support “Chris has been able to send and receive e-mail to and from the Internet before
comments today. He says that he has never had this problem before. I verified that the
configuration of Outlook Express on Chris’s computer is set to use the SSL port
for SMTP per company directives. He does not have his Outlook Express client
configured to use SSL with IMAP4, and this needs to be changed. All remote
users are supposed to use SSL when connecting with Outlook Express. I
verified that Chris’ mailbox exists and has messages in it.”
You must establish full e-mail communication for Chris Gray.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Exercise 2
Outlook Express User Unable to Connect to Exchange Server 2003
Server
steps:
1. On the 2011_Acapulco Virtual PC, on the menu, click PC, click Shut
Down, click Turn off PC and undo changes, and then click OK.
2. On the 2011_Vancouver Virtual PC, on the menu, click PC, click Shut
Down, click Turn off PC and undo changes, and then click OK.
3. Run the breaklab5b.bat script located in the c:\MOC\2011\Labfiles\Lab05
4. Start the 2011_Acapulco Virtual PC and then log on as
NWTraders\alexhanki with the password P@ssw0rd.
Scenario Alex Hankin has entered a service request. He states that he is unable to access
his e-mail from home using Outlook Express. He is repeatedly receiving a
message that states “The connection to the server has failed.”
On Acapulco, create an Outlook Express IMAP mail account for
NWTraders\AlexHanki that uses SSL to secure both IMAP and SMTP. Use this
Outlook Express account to connect to the London server and troubleshoot the
connection.
Level 1 support “Talked to Alex on the phone and walked him through configuration of Outlook
comments Express. He has the correct server configured and the rest of his settings appear
to be fine in Outlook Express.”
You must resolve the problems Alex experiences when accessing his e-mail
from home using Outlook Express.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Exercise 3
New Outlook User Unable to Open His Mailbox
Virtual PC.
Scenario Gary Schare was just hired and provided with his computer. Gary reports to the
service department that his computer takes a very long time to start up, and that
after it finally starts, he is unable to access his mailbox using Outlook.
In this exercise, you will need to create a profile for NWTraders\GarySchar on
Acapulco.
Level 1 support “Talked to Gary on the phone and had him reboot his computer – it took 20
comments minutes to log on! After it was up, I walked him through deleting and recreating
his Outlook profile. Gary is a new hire so I checked and verified that his
account was created.
“Ran the Outlook 2003 Wizard to connect to the Exchange Server 2003
mailbox and clicked Next after entering the server name and user name.
Outlook 2003 hung for several minutes and eventually provided an error. The
error states that the connection to the Exchange server is unavailable. Clicked
OK after the error and was asked for the server and user names again. Verified
with Operations—all Exchange servers are running without any reported
problems.”
You must resolve the problems Gary experiences when attempting to access his
mailbox.
Log onto Acapulco as GarySchar using the password P@ssw0rd. Use
Outlook 2003 to connect to the London server and troubleshoot the connection.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Lab Virtual PC For this lab, you used the Acapulco, Vancouver, and London Virtual PCs.
clean-up Please undo any changes that were made during your troubleshooting by
closing each image.
instructions, all changes made to the Virtual PCs will be lost.

2. If you have not yet shut down Vancouver, on Vancouver, on the menu, click
PC, click Shut Down, click Turn off PC and undo changes, and then
click OK.
Lab Discussion


problems?
Unit 6: Troubleshooting Server
Connectivity
Contents
Overview 1
Troubleshooting Intra-Routing Group
Connectivity 2
Troubleshooting Routing Group
Connectivity 5
Troubleshooting Connectivity to Other
E-Mail Systems 8
Troubleshooting Connectivity to the
Internet 11
Lab: Troubleshooting Server Connectivity
Problems 15
Lab Discussion 26
logo, person, place, or event is intended or should be inferred. Complying with all applicable
part of this document may be reproduced, stored in, or introduced into a retrieval system, or
respective owners.
Unit 6: Troubleshooting Server Connectivity 1
Overview

Large companies generally have complicated e-mail infrastructures, a fact
which makes troubleshooting e-mail delivery in those companies complicated
as well. In order to troubleshoot e-mail delivery in this kind of environment,
you may need to troubleshoot message delivery between servers in the same
routing group or in different routing groups. You also may need to troubleshoot
message delivery to other messaging systems, either to other systems in your
own company or to SMTP (Simple Mail Transfer Protocol) servers on the
Internet.
Objective After completing this unit, you will be able to:
! Troubleshoot message delivery between servers in the same routing group.
! Troubleshoot message delivery between servers in different routing groups.
! Troubleshoot message delivery between a Microsoft® Exchange
Server 2003 organization and another e-mail system.
! Troubleshoot message delivery between an Exchange Server 2003
organization and the Internet.
2 Unit 6: Troubleshooting Server Connectivity
Troubleshooting Intra-Routing Group Connectivity

Most companies will deploy more than one server running Exchange
Server 2003 in a central office where each server may contain thousands of
mailboxes. In this environment, you will need to troubleshoot message flow
between two or more Exchange servers in the same routing group.
Intra-routing group Message delivery within a single routing group is an extension of message
message delivery routing within a single server. When a message is submitted to the server by a
client, the SMTP (Simple Mail Transfer Protocol) routing engine on the server
queries the global catalog to determine the recipient’s mailbox server. If the
mailbox is on another server in the same routing group, the message is routed
by the SMTP server to the destination Exchange server. Message delivery
within a single site has the following characteristics:
! All message delivery is point to point. Within a single routing group,
messages are always delivered from the sender’s Exchange server directly
to the recipient’s Exchange server. Messages are never routed between
multiple servers.
! All message delivery between Exchange servers uses the SMTP protocol.
Exchange Server 2003 and Microsoft Exchange Server 2000 use SMTP
protocol to deliver messages within a routing group. If the routing group
also contains a Microsoft Exchange 5.5 server, messages sent to and from
the Exchange 5.5 servers will use the RPC (Remote Procedure Call)
protocol. When messages are sent using the RPC protocol, the message
routing is calculated by the SMTP routing engine; then the message is
forwarded to the Microsoft Exchange MTA (Message Transfer Agent)
Stacks service and sent to the destination server.
! Messages are delivered as soon as the messages are received. Message

delivery within a single routing group cannot be scheduled by the server.
However, the sender can specify a message delivery time by using
Microsoft Outlook®.
! Message delivery is automatically configured between Exchange servers in
the same routing group. You cannot modify the settings for message
delivery within a single routing group.
Troubleshooting intra- When all Exchange servers are in the same routing group, message delivery is
routing group message less complicated. However, message delivery does fail occasionally and you
routing will need to troubleshoot the failed deliveries. Listed below are some
components to check when performing this troubleshooting:
! DNS server availability and zone information. A sending Exchange server
must query DNS to locate the other Exchange servers in the routing group.
If the DNS lookup fails, the message will not be delivered. The Exchange
server also uses DNS to locate domain controllers and global catalog
servers. Use Ping and NSLookup to diagnose DNS lookup issues.
! Microsoft Active Directory® and global catalog availability. In order for the
sending Exchange server to send e-mail to a recipient, the Exchange server
must query the global catalog to determine the destination Exchange server.
If a global catalog server is not available, the messages will remain on the
sending Exchange server in the Messages awaiting directory lookup
queue. If the global catalog server is not available in the Exchange server’s
site, either configure another domain controller as a global catalog server or
configure the Exchange server to use a global catalog server in another site.
If the global catalog server is overloaded, you must configure another
domain controller to operate as global catalog server.
! Message queues. One of the key pieces of information that you can
determine from the message queues is where the message delivery is failing.
For example, if the messages are stuck in a local queue on the sending
server, use the guidelines for troubleshooting message delivery on a single
server. If the messages are stuck in the remote delivery queue on the local
server, troubleshoot the connection between the sending and receiving
servers. If the messages are stuck in a queue on the destination server,
troubleshoot message delivery on the destination server.
! Expansion servers. If a message sent to a mail-enabled group is not
delivered, you should check the expansion server setting on the group
properties. By default, any Exchange server can expand the membership list
of a mail-enabled group, but you can modify this so only a specific server
can act as the expansion server. If no specific expansion server is configured
on the group properties, you should check the group type. If the group is a
global group that is in a different domain than the sending Exchange server,
the Exchange server will not be able to expand the membership list for the
group. In this case, either configure an expansion server for the group that is
in the same domain as the group’s members or change the group to a
universal group. If an expansion server is configured for the mail-enabled
group, confirm that the expansion server is available in the same domain as
the group members and that it can connect to a global catalog server.
! Global settings, virtual server settings, and mailbox settings. If only a few
messages are not being delivered within the routing group, you should
attempt to determine if the messages have any common characteristics. For
example, if messages with large attachments are not being delivered,
determine why this type of message is not being delivered. The maximum
message size can be configured on the global settings, on the virtual server
settings, or on the individual mailbox. If there are any message size limits
set on the mailbox, these settings will override all other settings. If the
message limit is set on the SMTP virtual server and on the global settings,
the virtual server settings will override the global settings.
Troubleshooting Routing Group Connectivity

Many large companies have numerous office locations that contain Exchange
servers. To control the flow of e-mail messages between office locations, you
can create a routing group for each office and then configure routing group
connectors between the routing groups. When you configure the routing group
connectors, you can manage when messages will be delivered, manage the
message sizes that can be delivered between the offices, and configure delivery
restrictions controlling who can send messages between the routing groups.
When you configure a routing group connector, you also configure a
bridgehead server in each routing group. All messages sent between the routing
groups are sent from the sending server to the bridgehead server in its routing
group, transferred to the bridgehead server in the destination routing group, and
then sent to the destination server.
Routing group Exchange Server 2003 supports three connectors between routing groups:
connector options
! The Routing Group connector. This connector uses SMTP to transfer
messages to the destination routing group and can be configured to use zero,
one, or multiple local bridgehead servers. When delivering a message to
another routing group, the sending server must resolve the Internet Protocol
(IP) address of the target bridgehead server by using DNS. In most cases,
the Routing Group connector is the preferred connector because it is the
easiest to configure.
! The SMTP connector. This connector also uses SMTP to route messages
between two routing groups. Although the Routing Group connector and the
SMTP connector both use SMTP as the transport protocol, the SMTP
connector provides additional functionality in that it can be used to send
e-mail to any SMTP host, including hosts in other Exchange organizations
or on the Internet. When configuring an SMTP connector to connect routing
groups, you must configure a smart host that will be the target bridgehead
server as well as an address space that defines which SMTP messages will
be routed across the connector.
! The X.400 connector. This connector is used to establish an X.400

messaging route between two routing groups or between a routing group
and another X.400 system. In order to configure an X.400 connector you
must first create an X.25 X.400 or Transmission Control Protocol/Internet
Protocol (TCP/IP) X.400 Service Transport Stack for X.400. The X.400
connector only supports a single bridgehead server in both routing groups.
When using an X.400 connector, you must configure an address space for
the destination routing group.
Troubleshooting routing Multiple routing groups introduce an additional layer of complexity to your
group connectors Exchange organization and to your troubleshooting. Use the following
guidelines when troubleshooting message delivery between routing groups:
! Determine where message delivery fails. The first step in troubleshooting
message delivery between routing groups is to determine where the message
delivery fails. To identify where a message is stopped, use the Message
Tracking Center to track the message. If the message is not being delivered
to the local bridgehead server, use the single routing group troubleshooting
procedures. If the message is being delivered to the bridgehead server,
confirm that the message is being sent to the destination bridgehead server.
If the message is being delivered to the destination bridgehead server,
determine if the message is being delivered to the destination Exchange
server. Messages sent between routing groups may be sent through multiple
routing groups before reaching the destination routing group, so you may
need to track the message through all the intermediate routing groups. After
determining where the message delivery fails, use the following
troubleshooting suggestions at the point of failure.
! Monitor the SMTP and X.400 link queues. When a computer running
Exchange Server 2003 receives an e-mail that will be sent through a routing
group connector, it creates a SMTP or X.400 queue for that connector. You
can monitor the growth of the queue using the queue viewer. You can also
view the additional queue information, which may explain the reason for
failed delivery.
! Troubleshoot connector availability. If the messages are being delivered to
one bridgehead server, but are not being delivered to the next bridgehead
server, you must troubleshoot the connector status. You can view the
connector status by using the Exchange System Manager Tools container. If
the connector status is unavailable, confirm that the Exchange server can
resolve the name of the destination Exchange server in DNS and that the
other server is available. Also use a tool like Telnet to determine if the
destination server is responding to SMTP commands.
! View link state table using WinRoute. If your company contains multiple
routing groups with several routing group connectors, you can use a tool
like WinRoute to view the link state routing information. WinRoute
provides you with detailed information about all of the connectors in the
Exchange organization, as well as connector status information. By
reviewing the information provided by WinRoute, you may identify
connector configuration errors that provide you with the information that
you need to troubleshoot message delivery.
! Confirm availability of the routing group master. If you have changed the
routing group configuration in your Exchange organization, and the changes
are not being reflected within other Exchange servers in the routing group,
confirm the availability of the routing group master. If the routing group
master is not available, changes to the routing group configuration will not
be sent to the other Exchange servers in the routing group. You should also
check the availability of the routing group master if one routing group
connector fails and messages are not being routed to alternate connectors.
! Check connector configuration settings. Each of the connectors includes
several configuration options, such as message size, time, and delivery
restrictions. If some messages are being sent across the connector while
other messages are not, the most likely cause is a configuration setting on
the connector. In addition, if messages are not being delivered across an
SMTP or X.400 connector, check the address space configuration for the
connector.
Troubleshooting Connectivity to Other E-Mail Systems

Some companies may have e-mail systems in addition to running Exchange.
This is a common scenario when one company merges with or takes over
another company. In many cases, one of the first priorities when companies
merge is to enable messaging between them.
External connector You have a limited number of options when configuring message connectivity
options to an e-mail system other than Exchange. Some options are as follows:
! Configure SMTP connectivity. One of the easiest ways to enable messaging
between the two e-mail systems is to configure SMTP connectivity. If both
companies have Internet e-mail connectivity, you can just use the existing
infrastructure to route messages. You can also configure an SMTP
connector that is dedicated to delivering e-mail between the two companies.
The biggest disadvantage of using SMTP to route messages between
companies is that you can only send and receive messages. When
companies merge, there is usually a requirement for users to also be able to
share calendar information, or to easily maintain a global address list that
includes the recipients in both companies. This is not possible with only
SMTP connectivity.
! Configure X.400 connectivity. You can configure an X.400 connector
between the two messaging systems if the non-Exchange system supports
X.400. X.400 connectors to external organizations only support message
delivery, not directory synchronization or calendar information.
! Install and configure Microsoft Exchange Connector for Lotus Notes. If one
of the companies is running Lotus Notes, you can use Microsoft Exchange
Connector for Lotus Notes to route e-mail messages between the companies.
This connector also supports directory synchronization between Active
Directory and the Lotus Notes Address Book.
! Install and configure Microsoft Exchange Connector for Novell Groupwise.

If one of the companies is running Novell Groupwise, you can use
Microsoft Exchange Connector for Novell Groupwise to route e-mail
messages between the companies. This connector also supports directory
synchronization between Active Directory and the Groupwise Address
Book.
! Install and configure Microsoft Exchange Calendar Connector. If you
install Microsoft Exchange Connector for Lotus Notes or Microsoft
Exchange Connector for Novell Groupwise, the Microsoft Exchange
Calendar Connector can be used to exchange free and busy information
between the messaging organizations.
Exchange 5.5 and Exchange 2000 also support the Microsoft Exchange
Connector for Lotus cc: Mail and the Microsoft Exchange MS Mail Connector.
These connectors are not supported in Exchange Server 2003. If you want to
retain these services in your organization, you should retain an Exchange 2000
server to run such components.
Troubleshooting Many of the same troubleshooting principles apply when troubleshooting the
external connectivity external connectors as apply when troubleshooting routing group connectors.
However, because the external messaging systems have different configuration
options, there are also specific troubleshooting guidelines that you can use:
! Monitor queues. When you install the external connectors on an Exchange
server, a queue is created on that Exchange server for all messages sent to
the external organization. If messages are not being delivered between the
companies, use the queue viewer to determine whether the messages are
stuck in the queue. If the messages are stuck in the external connector
queue, troubleshoot the connection between the Exchange server and the
other messaging server. If messages are stuck in one of the other system
queues on the Exchange server before they even get sent to the connector
queue, troubleshoot message delivery on the Exchange server using the
procedures covered in the earlier sections of this unit.
! Track messages. If you have message tracking enabled, you can track
messages in the Exchange organization as they are sent between the two
messaging systems. By tracking the messages, you can determine whether
message delivery is failing within your organization or during delivery to
the other messaging system. Message tracking will track the messages
through the external connector but cannot track messages once they leave
the connector.
! Enable and check proxy addresses. When you install the external
connectors, the default recipient policy is modified to include proxy
addresses compatible with the external e-mail system. By default, these
proxy addresses are not enabled in the recipient policy, so you must enable
the addresses before they will be applied to recipients in your organization.
If messages are not being delivered from the external messaging system,
check to ensure that the proxy addresses in your organization match the
address space on the connector.
! Check client configuration and connectivity. When you are configuring the
Lotus Notes connector, you must install a Lotus Notes client on the
Exchange server that is running the connector. You must also configure a
Notes user ID for the connector on the Lotus Notes/Domino server and
configure a client .ini file on the Exchange server. The Notes client must be
able to connect to the Lotus Notes/Domino server in order to route messages
between the systems. If messages are not being delivered between the two
messaging systems, check if you can connect to the Lotus Notes/Domino
server using the Notes client. If you can’t connect, troubleshoot the client
connectivity. If you can connect using the client, check the connector
configuration.
! Check address book replication configuration. For both of the external
connectors, you can configure a specific container as the import and export
containers for address book replication. If you do not want all of the
Exchange recipients to be synchronized with the external mail system, you
can move all of the recipients that you want to synchronize into one
container, and then specify that container as the export container. If some
user accounts are not being synchronized, check the export container
configuration and ensure that the user accounts are in the right container.
Troubleshooting Connectivity to the Internet

In addition to routing messages within the company, every company also needs
to be able to send e-mail to the Internet and receive messages from the Internet.
When you configure Internet e-mail, you must configure two separate
components: one for Internet e-mail coming into your company and another for
Internet e-mail going out of your company.
Troubleshooting In order for you to be able to receive e-mail from the Internet, you must
incoming connectivity configure at least one of your SMTP servers so that it is accessible from the
Internet. This requires the configuration of two components:
! Configuring firewall rules to allow SMTP. To receive Internet e-mail, at
least one of your Exchange SMTP virtual servers must be accessible from
the Internet. In most cases, this is enabled by configuring firewall rules that
forward all SMTP traffic to a specific server.
! Configuring mail exchanger (MX) records for your DNS domain. You must
configure MX records pointing to the SMTP server(s) in your company in
order for SMTP servers on the Internet to know which SMTP server to
contact when they have SMTP mail for your company. These MX records
must be available on the DNS servers that contain the zone information for
your company on the Internet. If you have multiple SMTP servers that are
accessible from the Internet, you can use MX records with different
preferences to load balance the SMTP connections from the Internet.
To troubleshoot incoming SMTP e-mail, use the following guidelines:

! Test SMTP server availability. The first step in troubleshooting incoming
SMTP e-mail is to test whether your SMTP server is accessible from the
Internet. You can do this by running Telnet from a computer that is directly
attached to the Internet. Try to connect to the SMTP server’s Internet
accessible IP address using port 25. If you cannot connect to the server
using Telnet, check the firewall configuration to ensure that SMTP traffic is
allowed and is being forwarded to the correct SMTP server. If you can
connect to the server using the IP address, try connecting using the server
FQDN. If this fails, there is a problem with the DNS information on the
Internet DNS servers or the DNS servers are not available. Use Nslookup to
examine the DNS host records.
! Examine the MX records. If you can connect to the SMTP server using
Telnet but messages are still not being delivered, examine the MX records
on the Internet DNS servers using Nslookup. The MX records should refer
the Internet SMTP servers to the host record for your SMTP server. If you
have multiple MX records configured for your domain, ensure that the
preference settings for each record are correct.
! Check SMTP virtual server configuration. If you cannot connect to the
SMTP server from the Internet but all of the firewall settings appear to be
correct, check the SMTP virtual server availability and configuration. The
SMTP virtual server has several configuration options that may affect the
receipt of Internet e-mail. In some cases, all messages may be affected. For
example, if the SMTP virtual server is configured to require authentication
for all inbound connections, SMTP servers on the Internet will not be able
to connect to the server. Other SMTP virtual server connections may affect
only some traffic. For example, message size limits will block only those
messages that exceed the message size limit.
Troubleshooting By default, any computer running Exchange Server 2003 that can access DNS
outgoing connectivity information on the Internet can send messages to SMTP servers on the Internet.
Most companies do not want all of their Exchange servers to send e-mail to the
Internet. To avoid this, you should configure an SMTP connector with one or
more bridgehead servers to send all e-mail to the Internet. This SMTP
connector should be configured with an address space of “*” so that it can send
e-mail to any domain. Also, you must ensure that the server that hosts the
SMTP bridgehead server can resolve host and MX records on the Internet.
To troubleshoot outgoing Internet e-mail, use the following guidelines:
! Confirm SMTP connectivity to the Internet. In order for your Exchange
server to send e-mail to the Internet, the server must be able to establish
SMTP connections to the Internet. To test this, run Telnet on the Exchange
server and try to connect to an SMTP server on the Internet that you know is
online. If the connection fails, check the firewall configuration to ensure that
your server is allowed to make SMTP connections to the Internet.
! Confirm the MX records for the destination domain in DNS. If Internet
e-mail is being delivered to some domains, but not to others, check the MX
records for the domains where delivery is failing. In order for your
Exchange server to send e-mail to an SMTP domain, the server must be able
to locate the MX records for the domain, and the MX records must be
accurate.
! Monitor the SMTP link queues. When a computer running Exchange 2003
receives an e-mail intended for a SMTP domain outside the organization, it
creates a temporary SMTP queue for that domain. If messages are not being
delivered to a specific SMTP domain, use the queue viewer on the SMTP
bridgehead server to check if the messages are stuck in the queue. If there
are several messages in the queue, view the queue information to determine
why messages are not being delivered to the domain. If outgoing messages
are stuck in only one domain queue, you can troubleshoot message delivery
to just that one domain. If messages are stuck in all of the queues for
domains outside the organization, you will need to extend your
troubleshooting to the entire SMTP server.
! Check the global Internet message formats and message delivery
restrictions. You can use Internet message formats to configure the
encoding, format, and type of messages (such as out-of-office or NDRs) that
you send to all SMTP domains or to specific domains. You can also
configure global message delivery settings, such as maximum message size,
for the entire organization. If messages are not being delivered to specific
domains on the Internet, check the message format settings. If needed,
create domain-specific message format settings. For example, if the SMTP
server for a domain can only accept UUENCODE messages, configure a
domain-specific policy.
! Check the SMTP connector information. The SMTP connector contains
many configuration options that may affect message delivery. These
configuration options include message size, delivery restrictions, message
delivery direction, and time restrictions. If messages from users in one
routing group are being delivered using the SMTP connector but messages
from users in other routing groups are not being delivered, check the scope
of the SMTP connector.
! Check the SMTP virtual server configuration. The SMTP virtual server that
is the bridgehead server for the SMTP connector can also be configured in
ways that may affect message delivery. For example, you can configure
authentication and encryption settings for outgoing messages. If the
destination SMTP server settings are not compatible, outbound messages
will not be delivered. You can also configure the SMTP virtual server to use
a specific DNS server for e-mail delivery. If that DNS server is not
available, or if the DNS server does not contain the required information,
the SMTP virtual server will not be able to send any Internet messages.
! Check for SMTP open relaying. In some cases, your servers may still be
able to send Internet e-mail but the message delivery may be very slow. If
you notice that your Exchange server is operating much more slowly than
usual, check the SMTP queues on the server. If the SMTP queues contain
many more messages than you would expect, check whether your server is
configured for open relaying. If your server is being used for open relaying,
it may be delivering thousands of unsolicited commercial e-mails or spam to
recipients around the world. This will significantly decrease your server
performance. (By default, open relaying is blocked on Exchange 2003
servers. For information on how to detect and prevent open relaying, see the
Toolkit resource “Identifying and Closing Open Relays.”)
Pre-Lab Discussion

To troubleshoot e-mail delivery in most large companies, you may need to
troubleshoot message delivery between servers in the same routing group or in
different routing groups. You also may need to troubleshoot message delivery
to other messaging systems, such as other systems in your own company or
SMTP servers on the Internet.
A number of issues can arise when troubleshooting message delivery in a
complex messaging environment. In this context, discuss what problems might
cause the following symptoms:
! A user cannot send e-mail to a recipient in another routing group.
! A user cannot send e-mail to an Internet recipient.
! A user cannot receive e-mail from an Internet recipient.
Lab: Troubleshooting Server Connectivity Problems

! Troubleshoot problems with message delivery between routing groups.
! Troubleshoot problems with message delivery between an Exchange
organization and the Internet.
Lab Virtual PC For the first exercise in this lab, you will use the London Virtual PC and the
configuration Miami Virtual PC. In preparation for the lab, you will configure an additional
routing group and move the Miami Exchange server into the new routing group.
To prepare for this exercise, you need to perform the following configuration
steps:
2. Log on as NWTraders\Administrator with a password of P@ssw0rd.
3. Start 2011_Miami Virtual PC. Log on as NWTraders\Administrator and

then start Exchange System Manager. Configure Exchange System Manager
to display routing groups, and then create a new routing group named
Miami Routing Group. Move the Miami server into the new routing group,
and verify that London continues to be a member of First Routing Group.
Once you have configured the routing groups, restart the default SMTP
virtual server on London. Detailed steps to accomplish this task are as
follows:
a. In the console tree, right-click Northwind Traders (Exchange) and
then click Properties. On the General tab, select the Display routing
groups check box, and then click OK.
b. In the console tree, expand Routing Groups, expand First Routing
Group, and then click Members. Verify that both London and Miami
are members of the First Routing Group.
c. In the console tree, right-click Routing Groups, point to New, and then
click Routing Group.
d. In the Properties dialog box, type Miami Routing Group and then
click OK.
e. In Exchange System Manager, in the console tree, expand Miami
Routing Group.
f. In the console tree, in the First Routing Group container, click
Members, and then in the Details pane click and drag Miami from the
Members container of the First Routing Group to the Members
container of the Miami Routing Group.
g. Click each Members container to verify that the London server remains
a member of First Routing Group and that the Miami server is a member
of the Miami Routing Group.
h. In the console tree, expand Servers\London\Protocols\SMTP.
i. In the console tree, right-click Default SMTP Virtual Server and then
click Stop. After the virtual server is stopped, right-click Default SMTP
Virtual Server and then click Start.
4. You will use Microsoft Internet Explorer on Miami to access OWA to test
e-mail delivery.
Navigating the flow In this lab, you will use flow charts and the Lab Toolkit resources to identify
chart and resolve the problems described in the scenarios. You will need to read the
scenario and the Level 1 support comments and then use the flow charts to
to follow. Use the letters on the flow chart to identify the Toolkit resources that
completed the lab.
Lab Toolkit Resources If necessary, use one or more of the following lab toolkit resources to help you
complete this lab:
B E F Checking Global Settings

B C E Help: Exchange: Configuring Connectors. To locate this information, open Exchange
System Manager, select Help, select Help Topics and select Search. Search for Set
up Connectors and select the topic Set up Connectors.
B Help: Exchange: Configuring messaging recipients. To locate this information, open
Exchange System Manager help and then search for Configure Message Settings for
Mailbox-Enabled Users.
E Help: Exchange: Enabling Diagnostic Logging. To locate this information, open the
Exchange System Manager help. In this help file, search for Configure Diagnostic
Logging and Set Diagnostic Logging Properties.
A C E F Help: Exchange: Managing Message Queues. To locate this information, open
Exchange System Manager, select Help, select Help Topics and then select Search.
Search for Queue Viewer and select the topic Queue Viewer.
A B D E Help: Exchange: Managing Virtual Servers. To locate this information, open
Search for Configure Virtual Servers and select the appropriate topic for the type of
virtual server.
C Help: Exchange: Monitoring Connector Status. To locate this information, open
Search for Connector Status and select the topic Verify Server and Connector
Status.
A F Help: Exchange: Tracking Messages. To locate this information, open the Exchange
System Manager, click Help, then click Help Topics, and then click Search. Search
for message tracking and then select Use the Message Tracking Center.
E Help: Exchange: Verifying the RGC Configuration. To locate this information, open
Exchange System Manager help and then search for Install a Routing Group
Connector.
A B D Help: Windows: How to use TCP/IP command-line utilities. To locate this
information, open Windows help and then search for Command-line utilities:
TCP/IP.
B F Help: Windows: Testing DNS. To locate information on locating resource records
using DNS administrator snap-in, search for Manage Resource Records.
E Identifying and Closing Open Relays
A D Using Dcdiag and Netdiag to Verify the Network Infrastructure
B C E Using WinRoute to Troubleshoot Routing
C D Verifying that a Server is Online
B Viewing Delivery Restrictions on SMTP Connectors

18
Troubleshooting Server Connectivity

Start
Is the message
being sent and
received inside the Yes
Exchange A
No, it is being received organization?
from an external sender
1. Check network
connectivity
2. Check infrastructure
Are the servers (DNS, global catalog,
in the same Yes domain controller)
routing group? 3. Check SMTP virtual
B server functionality
4. Check queues
1. Check recipient properties 5. Track Messages
2. Check network connectivity
3. Check DNS and MX record No, it is being sent to No
information an external recipient
4. Check SMTP virtual server No

availability and configuration
5. Check SMTP connector
configuration
6. Check global settings Track messages
- are the messages F
being delivered to
bridgehead server?
1. Check message delivery in
Yes Yes Can you connect destination routing group
to the servers Yes Are the queues No 2. Check DNS and MX record
using SMTP? backed up? information
Is the message 3. Check global settings
being sent
via SMTP?
No Yes
D E
No, it is being sent via 1. Check that bridgehead or 1. Check for open relay
a supported connector remote servers are running 2. Check SMTP virtual server
2. Check network connectivity configuration
C 3. Check infrastructure (global 3. Check global settings
catalog, domain controller, 4. Check queue information
DNS) 5. Check routing group master
1. Check bridgehead servers
4. Check SMTP virtual server availability
availability
availability 6. Check connector address
2. Check connector configuration
space
3. Check connector address
7. Check routing group
space
connnector availability and
configuration
8. Configure diagnostic logging
on transport protocol
Start
Is the message
being sent and
received inside the Yes
No, it is being received Exchange A
from an external sender organization?
1. Check network
B connectivity
2. Check infrastructure
No, it is being sent to Are the servers (DNS, global catalog,
1. Check recipient properties
an external recipient in the same Yes domain controller)
2. Check network
routing group? 3. Check SMTP virtual
connectivity
3. Check DNS and MX server functionality
record information 4. Check queues
4. Check SMTP virtual 5. Track Messages
server availability and
configuration Is the message No
5. Check SMTP connector being sent
configuration via SMTP?
6. Check global settings
Yes
Track messages
are the messages
No, it is being sent via being delivered to No
a supported connector bridgehead server?
C Yes
1. Check bridgehead servers
availability
2. Check connector configuration
3. Check connector address

space
19
20
F
1. Check message delivery in
Can you connect destination routing group
Are the queues
to the servers Yes No 2. Check DNS and MX record

backed up information
using SMTP?
3. Check global settings
No Yes
D E
1. Check that bridgehead or 1. Check for open relay
remote servers are running 2. Check SMTP virtual
2. Check network connectivity server configuration
3. Check infrastructure (global 3. Check global settings
catalog, domain controller, 4. Check queue information
DNS) 5. Check routing group master
4. Check SMTP virtual availability
server availability 6. Check connector address
space
7. Check routing group
connnector availability and
configuration
7. Configure diagnostic logging
on transport protocol
Exercise 1
Troubleshooting Solutions When Users Cannot Send Messages
Between Routing Groups
Scenario Annette Hill has entered a service request. Annette is unable to send e-mail
messages to Michael Allen in Miami.
In this exercise, you will need to log on to Microsoft Outlook Web Access
(OWA) on London using NWTraders\AnnetteHill. You will need to log on to
OWA on Miami using NWTraders\MichaelAllen.
Level 1 support “Urgent! Talked to Annette and she says she sent some e-mail to Michael Allen
comments in Miami a couple of hours ago, but the messages haven’t been delivered yet.
The messages had Microsoft PowerPoint® attachments; she is not sure how big
the attachments were. Checked if I could send e-mail to the Miami—it is not
being delivered either. I am not getting any NDRs. Immediately escalated this
to second level support.”
You must resolve the problems that Annette has when sending e-mail messages
to the users in Miami.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Exercise 2
Troubleshooting Solutions When Users Cannot Send Messages to
the Internet
For this exercise and the next exercise, you will use the London Virtual PC and
the Vancouver Virtual PC. The Vancouver Virtual PC will be used to simulate
an Internet connection.
To prepare for this exercise, you need to perform the following configuration
steps:
1. Shut down the 2011_Miami Virtual PC. To shut down, on the menu, click
PC, click Shut Down, click Turn off PC and undo changes, and then
click OK.
2. Ensure that you are logged on to the London Virtual PC as
NWTraders\Administrator.
3. Start the 2011_Vancouver Virtual PC. Because Vancouver is in the
Windows NT domain Contoso, which is not part of the same forest as
4. Log on to Vancouver as Contoso\Administrator with a password of
P@ssw0rd.
Virtual PC.
Scenario Gustavo Camargo has entered a service request. Gustavo is trying to send
e-mail to Internet e-mail recipients and the messages are not being delivered.
NWTraders\GustavoCamar, and open the Administrator mailbox on Vancouver
by using Outlook 2000.
Level 1 support “Urgent! Talked to Gustavo and he says he sent an urgent e-mail to a customer
comments first thing this morning and it hasn’t been delivered. Checked if I could send
e-mail to the Internet—it is not being delivered either. I am not getting any
NDRs. Immediately escalated this to second level support.”
You must resolve the problem so that Gustavo can send e-mail to Internet e-
mail recipients.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Exercise 3
Troubleshooting Solutions When Users Cannot Receive Messages
from the Internet
Virtual PC.
Scenario Angela Barbariol has entered a service request. Angela is a sales manager who
is also the manager of a distribution group named
SalesRequests@nwtraders.msft. Messages from the Internet are not being
delivered to the distribution group.
NWTraders\AngelaBarba.
Level 1 support “Talked to Angela, her e-mail is working fine. She can send and receive e-mail,
comments including Internet e-mail. The distribution group is used for clients on the
Internet to send e-mail to a generic sales alias so that all the sales people get the
message. Tried sending e-mail to the alias internally and it worked fine.”
You must resolve the problems so that messages from the Internet are delivered
to the distribution group.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Lab Virtual PC For these exercise, you used the Vancouver and London Virtual PCs. Please
clean-up undo any changes that were made during your troubleshooting by closing each
image.
Important When you shut down the Virtual PCs using these instructions, all
changes made to the Virtual PCs will be lost.

Lab Discussion

place?
problems?
Performance
Contents
Overview 1
System Components That Cause Server-
Related Problems 2
Common Server-Related Problems 5
Lab: Troubleshooting Server Performance 8
Lab Discussion 18
respective owners.
Unit 7: Troubleshooting Server Performance 1
Overview

In this unit, you will learn how to troubleshoot server performance problems as
they relate to Microsoft ®Exchange Server 2003 and Microsoft Active
Directory® domain controllers. You will be able to identify and resolve
problems with bandwidth, services, database corruption, service failures, disk
space, and other server performance issues.
There are different types of behaviors associated with an overloaded Exchange
server as compared to an overloaded domain controller. You need to remember
that without Active Directory, Exchange Server 2003 will not run properly and
messaging clients such as Microsoft Outlook® 2003 will not be able to perform
simple tasks, such as resolving e-mail addresses.
! Identify and resolve messaging problems related to performance problems
in domain controllers and global catalog servers.
! Identify and resolve messaging problems caused by the running of
scheduled applications.
! Troubleshoot messaging problems caused by hardware components in
server systems.
2 Unit 7: Troubleshooting Server Performance
System Components That Cause Server-Related

Problems

Once you have purchased hardware and implemented Exchange Server 2003,
you may find unexpected growth or a change in the expected behaviors of your
messaging users. For example, you may find that they use e-mail much more
than you ever thought they would, and that they do not use public folders nearly
as much as you expected. You may also find that your design did not account
for special messaging users with higher service level agreements that require
different configurations.
Often, troubleshooting poor performance will require determining which
hardware components are creating problems. You can use the System Monitor
to identify problems with the performance objects listed in the following table.
Hardware Performance
component object Performance counter Troubleshooting tip
CPU Processor %Process Time If the processor is consistently running well

The time the CPU spends above baseline, check the process object and
executing threads. monitor the individual processes to see which
are providing too much stress. The problem
could be a scheduled process that needs to be
moved to off-peak hours. Another reason
behind the problem could be that the virus
scanner is utilizing too much processing
power and the system requires an upgraded
or additional CPU to balance the load.
(continued)
Hardware Performance
component object Performance counter Troubleshooting tip
Hard disk Physical disk Disk Transfer/sec If the hard drives of the server are being
The rate of read and write heavily loaded, consider adding faster hard
operations on the disk. drives with higher throughput rates. Another
concern with high hard drive activity is that
%Disk Time combined with high memory usage, it may
The amount of time the disk be causing excessive disk swapping. Adding
spends servicing requests. more system memory will improve disk
performance by reducing disk swapping.
To improve hard disk speed, you can
purchase controllers with larger amounts of
caching. You will need to turn off write
caching, as it can cause problems with log
drives. However, the read caching can be
extremely beneficial for performance since
retrieving data from cache is quicker than
retrieving data from disk.
System Memory Available bytes If memory usage is continually high and
memory The amount of physical memory there are high levels of paging to and from
available for process or system disk, additional memory should be added to
use without having to swap data the system.
to disk for temporary storage. When adding memory over one gigabyte,
Pages/sec remember to add the /3gb switch to the menu
items in the boot.ini file so that your server
The rate at which memory pages will use more than one gigabyte of system
are swapped to and from disk and memory.
memory. When there is excessive
paging, it is often referred to as
disk thrashing because the hard
drives work so hard.
Network Network Bytes Total/sec It is rare that the network interface will be
adapter interface The rate at which bytes of data fully utilized and cause network problems.
are sent or received through the However, you may want to move the
network adapter. network interface of an Exchange
Server 2003 server to a higher performance
network backbone, or add multiple network
adapters and configure load balancing
between the adapters to achieve improved
performance.
In many cases, backups from Exchange to
another server on the network can cause
slow network performance for a large
number of applications. Schedule backups
for off-peak hours, or create a private backup
network used just to offload all backup
network traffic from the public network.
Developing performance You should use the System Monitor tool to log performance over several
baselines months so that you can develop a performance baseline. This baseline will help
you identify growth issues or any abnormalities with the performance of your
Exchange environment. Once you know how your Exchange servers run under
average user stress, you will be able to identify any major peaks in usage and
start looking for causes that might explain the change. Use the counters
presented in the above table as well as several other counters that can be used to
measure the Exchange server services. For example, if you use performance
logging and capture information for the SMTP Server Messages Received/Sec
counter, you will know that 14,000 is a number that is much too high for your
normal processing speed, and you will be able to respond to the problem much
faster.
Some basic questions you should be able to answer based upon performance
baselines include:
! What is the average number of e-mail received per day?
! How often do users open e-mail each day? How often do users open public
folders?
! What are the daily, weekly, and monthly peak delivery rates for e-mail?
! How many more users can your environment support without upgrading?
Note Please refer to Microsoft Official Courseware Course 2400,

Implementing and Managing Exchange Server 2003, Module 13, for
more information on performance monitor objects and processes for
developing performance baselines.
Common Server-Related Problems

Not all performance problems can be fixed by upgrading hardware components.
Many server-related problems are caused by services and applications running
on the Exchange servers or on the domain controllers that impact performance.
If you can identify these different applications and services and change their
schedules so that they only run during off-peak hours, you can minimize the
impact to the Exchange environment.
Anything that can be done to reduce the server and network load during
production hours will help improve performance of the messaging environment
and will improve the productivity of the company.
The table below lists some common server–related problems and recommended
solutions.
Warning When entering times for scheduled applications and

processes, be careful to enter the appropriate A.M. or P.M.
Problem Recommended solution
Scanning software • Perform minimal scanning during the day.

slows performance • Only scan inbound messages during the day and then scan
the entire mailbox store each night after peak hours.
• Offload all scanning to a dedicated server that scans all
inbound and outbound messages.
Backups slow • Perform backups only during off-peak hours.
performance • Back up individual storage groups at different times to
minimize the impact during off-peak hours.
• Spread mailbox stores over additional servers so that the load
on each server is not as high as if all mailboxes were on a
single server.
(continued)
Problem Recommended solution
Restores slow • Perform restores on offline servers and export lost messages
performance to .pst files. Send the .pst files to the proper owner so that
they can import them.
• Keep stores small so that they can be restored quicker.
Broken RAID sets • A broken disk should be replaced immediately. It is a very
slow performance good idea to keep spare disks for important servers, such as
Exchange servers.
• Try not to use RAID 5 implementations since broken disks
require significant CPU cycles to generate the lost data using
existing data and parity information.
• Break any mirrors with defective drives and take the broken
disk sets offline. Replace the defective drives and re-establish
the mirrors after normal business hours to minimize
performance impact.
Network interface • Often, the network switch and the network card will have
and switch problems trouble negotiating speed settings if they are both set to auto-
slow performance negotiate their speed settings. You should force network
adapters to their highest speed settings.
• Clearly mark and deactivate broken switch ports.
Activity spikes slow • Use System Monitor to watch for predictable spikes, such as
performance early morning logon activity that slows domain controller
performance, and Exchange server performance as everyone
reads e-mail to get ready for the day. Also, you may see
spikes right after lunch and right before the close of business
each day.
• Verify that all applications and services that can be turned off
are off or are scheduled for off-peak times, to minimize the
impact of the activity spikes.
• Consider recommending flex hours for employees to ease the
load on the network and improve performance for everyone.
Maintenance slows • Do not take down any servers during business hours. In the
performance event that maintenance is required because of failing
hardware, plan well so that the length of time a server is not
functional will be minimized.
• Schedule and maintenance applications, such as disk defrag,
during off-peak hours.
Note Hard disk arrays that are used to support large Exchange
Server 2003 databases may have their own tools for monitoring disk
performance. Make sure you use these tools and pay special attention to
failed disks, as a broken disk in an array can cause extremely poor
server performance.
Pre-Lab Discussion

Messaging applications can be affected by many different components and
processes that exist in a server. Each component and process needs to be
reviewed and considered when troubleshooting server performance issues.
Focusing on server performance issues, discuss what problems might cause the
following situations:
! Address resolution and address lookup are very slow.
! Outlook is very slow when retrieving a message from the Exchange server.
! Multiple users are unable to open their mailboxes using Outlook.
Lab: Troubleshooting Server Performance

In this lab, you will perform troubleshooting tasks related to server performance
problems. You will use the flow charts, Lab Toolkit resources, and your
personal experiences to find the existing problems and correct them.
! Identify and resolve messaging problems related to server performance
problems in domain controllers and global catalog servers.
! Identify and resolve messaging problems caused by the running of
scheduled applications.
! Troubleshoot messaging problems caused by hardware components in
server systems.
Lab Virtual PC For this lab, you will use the Acapulco and London Virtual PCs. The Acapulco
configuration Virtual PC is used to simulate a messaging client for internal users as well as
external users. London is a domain controller, global catalog server, DNS
server, and Exchange Server 2003 server.
2. Log on as NWTraders\Administrator with the password P@ssw0rd.
3. Start the 2011_Acapulco Virtual PC.
read the scenario, the Level 1 and 2 support comments, and then use the flow
chart to identify the root cause of the problem. You will then need to perform
the test case presented at each decision point in the flow chart to determine
which path to follow. Use the letters on the flow chart to identify the Lab
Toolkit resources that you can use to help troubleshoot the problem. After you
identify a potential solution, make the configuration change and then test your
solution. When your solution resolves the problem presented in the scenario
you have successfully completed the lab.
Lab Toolkit Resources If necessary, use one or more of the following Lab Toolkit resources to help
you complete this lab:
Flow Chart Reference Resources used for this flow chart
A B Help: Exchange: Enabling Diagnostic Logging. To locate this information,

search for Configure Diagnostic Logging and Set Diagnostic Logging
Properties.
C G Help: Exchange: Identifying and Closing Open Relays. To locate this
information, open Exchange System Manager help and then search for Set
Relay Restrictions on a Virtual Server.
C G Help: Exchange: Managing Message Queues. To locate this information,
search for Manage Message Queues.
A B Help: Exchange: Monitoring Connector Status. To locate this information,
search for Connector Status and select the topic Verify Server and
Connector Status.
A B Help: Exchange: Using the Monitoring and Status Tool in Exchange Server
Manager. To locate this information, search for Exchange 2003 Monitors
and Monitor Services Used by Exchange.
F Help: Windows: Checking for Memory Leaks. To locate this information,
search Windows Server 2003 Online Help for Memory Leaks and System
Monitor.
A B E F H Help: Windows: Performance Logs and Alerts – Search for Monitoring
Server Performance and System Monitor.
A B Help: Windows: Using Netmon to Monitor Network Traffic. To locate this
information, search for Monitor Network Traffic and Network Monitor.
E F H Help: Windows: Review Scheduled Tasks. To locate this information,
search for Scheduled Tasks and Task Scheduler Overview.
C G Impact of Virus and Content Scanners on Messaging Functionality
C G Updating Antivirus Signatures
D Using Dcdiag and Netdiag to Verify the Infrastructure
A B Using Service Logs
B H Using the Telnet Command to Test the TCP Port Restrictions on a Firewall

Troubleshooting Server Performance
Start
C
2. Update antivirus
signatures
Spam 3. Check antivirus and
content scanning
quarantine
Are the problems 4. Check message queues
intermittent or
predictable?
Intermittent
A
1. Monitor affected 1. Check for bad port, bad
servers to identify Select issues cable, or bad network
Predictable problem identified by Network adapter
2. Configure logging monitoring and 2. Check Internet
3. Setup Alerts logging connection
B
1. Monitor affected
servers to identify
problem
2. Configure logging D
Check domain controllers
Authentication
E and global catalog servers
1. Check for virus - look for

out of normal performance
counters and unknown 1. Verify enough space for
applications log files and database
2. Check for scheduled 2. Check store size,
applications and services consider whether it
running at inappropriate Disk might be too large
times 3. Check for scheduled
3. Check benchmarks for the CPU applications and
server, may have too services running at
many users Select issues inappropriate times
identified by
monitoring and
logging
System Memory
Network H
Spam/Virus
F G counters and unknown
applications
1. Check for virus - look for 1. Check for Open Relay 2. Check for backups running
out of normal performance 2. Update Anti-virus at inappropriate times
counters and unknown signatures across the network

applications 3. Check antivirus and content
2. Check for scheduled scanning quarantine
applications and services 4. Check message queues
running at inappropriate
times
11
3. Check for memory leaks

12
Start
C
2. Update antivirus
signatures
Spam 3. Check antivirus and
content scanning
Are the problems quarantine
intermittent or
predictable?
Intermittent A
1. Monitor affected 1. Check for bad port, bad
servers to identify Select issues cable, or bad network
Predictable
problem identified by Network adapter
2. Configure logging monitoring and 2. Check Internet
B 3. Setup Alerts logging connection
1. Monitor affected
servers to identify
problem
2. Configure logging Authentication D
Check domain controllers
and global catalog servers
E
counters and unknown 1. Verify enough space for
applications log files and database
2. Check for scheduled 2. Check store size,
applications and services consider whether it
running at inappropriate Disk might be too large
times 3. Check for scheduled
3. Check benchmarks for the CPU applications and
server, may have too many services running at
users Select issues inappropriate times
identified by
monitoring and
logging
Network
System Memory Spam/Virus

H
F G counters and unknown
applications
1. Check for virus - look for 1. Check for Open Relay 2. Check for backups running
out of normal performance 2. Update Anti-virus signatures at inappropriate times
counters and unknown 3. Check antivirus and content across the network
applications scanning quarantine
2. Check for scheduled 4. Check message queues
applications and services
running at inappropriate
times
3. Check for memory leaks
13
Exercise 1
Address Resolution and Address Lookups Are Very Slow
Virtual PC.
Scenario Paul West has entered a service request. He states that it is taking a long time
for his Outlook client to resolve names that he enters manually, and it also takes
a long time when he wants to search for a name. Paul states that before this,
Outlook 2003 was able to resolve names in less than one second. Today, he is
experiencing wait times of approximately five seconds. Other users are also
complaining about poor Exchange server performance.
Log on to London as Nwtraders\Administrator using the password P@ssw0rd.
You should not need to open any user mailboxes when troubleshooting this
problem.
Level 1 support “Paul has been with the company for a month and his computer has the standard
comments build, including Outlook 2003. Checked user account – it is mailbox enabled.
His mailbox is on London. He is able to ping London.”
You must resolve the performance problem with Exchange Server 2003.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Exercise 2
Outlook Is Very Slow When Retrieving a Message from Exchange
Virtual PC.
Scenario Pete Male has entered a service request. He states that it takes several seconds
to send a message using his Outlook messaging client. Other service request
calls have come in complaining of the same problem.
problem.
Level 1 support “Pete is a new Exchange 2003 user and was recently migrated over from
comments Exchange 5.5. His computer has the standard build, including Outlook 2003.
Pete is able to ping London without any problems.”
Level 2 support “We have heard similar reports from other users in London. It is a suspected
comments network link issue and is being reviewed by the Network team as well as the
Server team.”
You must identify and resolve the performance problem with Exchange
Server 2003.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Exercise 3
Multiple Users Are Unable to Open Their Mailboxes Using Outlook
Virtual PC.
Important This script will take approximately ten minutes to complete.

You can start troubleshooting after the script has run for approximately
five minutes.
Scenario Max Benson has entered a service request. He states that he is experiencing
delays when opening his mailbox and also when trying to send messages to
others on the network. You have received a call from the Help Desk indicating
that many users are calling about this problem.
problem.
Level 1 support “Max has a standard desktop system. He has a history of complaining about
comments many issues. We think he is trying to get a new computer. His computer has the
standard build, including Outlook 2003. It has been tested several times in the
past. Max is able to ping London.”
Level 2 support “We have heard similar reports from other users in London. It is a suspected
comments network link issue and is being reviewed by the Network team as well as the
Server team. Escalating to the Exchange team to help, just in case it is related to
the Exchange server.”
You must resolve the performance problem with Exchange Server 2003.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Lab Virtual PC For this lab, you used the Acapulco and London Virtual PCs. Please undo any

Lab Discussion

! What steps did you use and how did the steps help identify the problems?
! What other steps could you have used to identify the problems faster?
! How did you test your solutions?

problems?
Contents
Overview 1
PKI Requirements for Secure E-Mail 2
Troubleshooting S/MIME E-Mail Issues 5
Troubleshooting SSL Issues 8
Lab: Troubleshooting Exchange Security 12
Lab Discussion 23
Workshop Evaluation 24
respective owners.
Unit 8: Troubleshooting Security Issues 1
Overview

Because a great deal of business-related information is sent using e-mail, e-mail
security is a significant issue for most companies. The need for secure e-mail
adds a layer of complexity to your e-mail infrastructure that can result in
additional troubleshooting issues.
This unit addresses issues relating to securing e-mail while it is in transit from
one location to another. To secure the information, digital certificates that
include encryption keys are used to protect the data on the network. To protect
e-mail messages while they are in transit, you will need to:
! Implement a Public Key Infrastructure (PKI) to manage the creation and
distribution of digital certificates.
! Implement Secure Multipurpose Internet Mail Extensions (S/MIME) to
encrypt or digitally sign e-mail messages sent from client to client. The
encryption and digital signatures ensure that a message is secure and cannot
be modified while it is transmitted on the network.
! Implement Secure Sockets Layer (SSL) to encrypt network traffic. With
SSL, the actual network traffic that transmits e-mail messages is encrypted,
so that even if the network packets were captured, they could not be read.

! Identify and resolve problems related to encrypting e-mail using S/MIME.
! Identify and resolve problems related to using remote procedure call (RPC)
over Hypertext Transfer Protocol (HTTP).
! Identify and resolve problems related to Exchange Server 2003 security
configurations.
2 Unit 8: Troubleshooting Security Issues
PKI Requirements for Secure E-Mail

A public key infrastructure includes servers, management tools, and policies
that are used to create, distribute and manage the deployment of digital
certificates To use digital certificates for securing e-mail using SSL or
S/MIME, you must deploy a PKI or use an existing PKI.
PKI components A PKI includes the following components:
! Certificate and Certificate Authority (CA) management tools. Provide both
graphical user interface (GUI) and command-line tools to manage issued
certificates, publish CA certificates and Certificate Revocation Lists
(CRLs), configure CAs, import and export certificates and keys, and recover
archived private keys.
! Certification authorities. Issue certificates to users, computers, and services
and manage the certificates. Each certificate that a CA issues is signed with
the digital certificate of that CA.
! Certificate and CRL distribution points. Provide publication locations at
which certificates and CRLs are publicly available, either within or outside
of an organization. Publishers can use any kind of directory service,
including X.500, Lightweight Directory Access Protocol (LDAP), or
directories in a specific operating system. Publishers can also publish
certificates and CRLs on Web servers.
! Certificate templates. Define the content and purpose of a digital certificate.
A certificate template defines issuance requirements, certificate purpose,
implemented extensions, such as application policy or extended key usage,
and enrollment permissions for certificates that a CA issues.
! Digital certificates. Provide the foundation of a PKI. Digital certificates are
electronic credentials that are associated with a public key and a private key
that an organization uses to authenticate users.
! Certificate revocation lists (CRL). List the certificates that a CA has

revoked before the certificate reaches its scheduled expiration date.
! Public key-enabled applications and services. Support public key
encryption so you can implement public key security. You can only
implement these components after you configure your PKI to issue, publish,
and control certificates.
Implementing a PKI The decision on which PKI option to use will likely be based on which clients
need to use certificates to secure e-mail. If you deploy certificates only to users
within your organization, and the servers that require server certificates will be
accessed only by internal clients, deploying a private CA is a good option. If
users outside the organization will require certificates, or if you deploy servers
that will be accessed by users outside the organization, you should deploy
commercial certificates. You have two options when implementing a PKI:
! Deploy a private PKI using Windows Server 2003 Certificate Authorities.
Windows Server 2003 includes a Certificate Server service that you can use
to deploy a PKI for your company. With this option, you can integrate the
management of certificates with Microsoft® Active Directory®.
! Integrate with a public or commercial PKI. You can also obtain digital
certificates from commercial PKIs such as VeriSign, GTE, Thawte, and
RSA. With this option, you can reduce the amount of effort required to
manage the certificates because the certificate management is done by the
commercial CA.
This choice is critical because PKI is based on trust model. When a client
connects to a server that is using a digital certificate to secure data, the client
checks its list of trusted root certification authorities to see whether it is
configured to trust the digital certificate. If the client is not configured to trust
the certificate, it will warn the user or fail to connect to the server. If you deploy
a private CA, you can configure all your internal clients to trust the CA, but
external clients are not going to be configured to trust your CA. However,
Internet clients such as Web browsers are already configured to trust the well-
known commercial CAs so they will not receive a warning when they connect
to a server using a commercial certificate.
In most cases, you are likely to be most concerned with securing e-mail within
your organization, which means a private CA is a good option. If you need to
secure e-mail to only a few external users, you can exchange certificates with
the external users and ask the external users to configure their clients to trust
your CA. If you need to secure e-mail to more external users, you can configure
each of your clients to use a commercial CA.
Acquiring digital After deploying the CAs, you need to acquire and install certificates on all the
certificates servers and clients that require them. The enrollment process is a matter of
requesting and issuing a certificate. Although the enrollment process varies
with the CA that is used, and its policies, the following steps outline the general
process:
1. Applicant generates a key pair. The applicant generates a public and private
key pair, or he or she is assigned a key pair by some authority in the
company. The applicant stores the key pair locally, either on the disk
subsystem or on a hardware device, such as a smart card.
2. Applicant sends the certificate request to the CA. The applicant provides the
information that is required by the certificate template and sends the
certificate request to the CA. The certificate request includes the public key
that is generated at the requesting computer. This certificate request can be
sent directly to an online CA, or it can be saved as a text file and sent to an
offline CA.
3. Certificate administrator reviews the request. A certificate administrator
reviews the certificate request to verify the applicant’s information. Based
on the information presented, the certificate administrator either issues or
denies the certificate request. In some cases, the CA may be configured to
issue certificates automatically to users who present appropriate credentials.
4. Upon approval, the CA issues the certificate. The CA creates the certificate
and issues the certificate to the requesting applicant. The certificate is
signed by the CA to prevent modification and it includes the applicant’s
identifying information and the submitted public key as an attribute of the
issued certificate.
After you have acquired and installed the certificates, you can start using the
certificates to secure e-mail messages either with SSL or S/MIME.
Troubleshooting S/MIME E-Mail Issues

When using S/MIME you can configure an e-mail client to encrypt an e-mail
message as well as attach a digital signature to an e-mail message. You can use
the digital signatures to ensure the identity of the e-mail sender and to ensure
that the e-mail has not been modified. Encryption ensures that the message
cannot be read or modified while it is transmitted on the network.
Message encryption by You can protect e-mail messages in transit on the network by using encryption.
using S/MIME Exchange uses public key encryption, which uses two keys: a public key, which
is a key that is known to everyone, and a private key, which is a key that is
known only to the recipient of the message.
The public key and private key are used in combination to encrypt and decrypt
data. The following steps explain the process for how public key encryption is
applied to the original plaintext data:
1. The message sender retrieves the recipient’s public key. The public key may
be stored in Active Directory in a Microsoft Windows Server™ 2003
environment, or on an accessible certificate store managed by a CA. The
message sender may also have received the public key from the recipient as
part of a digitally signed message.
2. The sender generates a symmetric key and uses the symmetric key to
encrypt the message data. A symmetric key is a key that can be used to
encrypt and decrypt messages. The symmetric key is encrypted with the
recipient’s public key to prevent the symmetric key from being intercepted
during transmission.
3. The encrypted symmetric key and encrypted data are sent to the recipient.
4. The recipient’s private key is used to decrypt the encrypted symmetric key.
The encrypted data is decrypted with the symmetric key, which yields the
original data to the recipient.
In this process, the public key can be made available to anyone who requests
the key, so that anyone can encrypt a message to send to a user. However, only
the recipient’s private key can decrypt the messages encrypted by the public
key, so only the person holding the private key can decrypt the messages. The
private key is protected in a user or computer profile or on a physical device,
such as a smart card.
Signing messages by You can protect e-mail messages against modification by using a digital
using S/MIME signature. A digital signature is a digital code that can be attached to an e-mail
message that uniquely identifies the sender. A digital signature is a key
component of most authentication methods because the digital signature
verifies the identity of the individual who is sending the message.
The following steps explain the process for how a digital signature is applied to
the original data:
1. When the sender prepares to send the signed message, a hash algorithm is
applied to the message data. A hash algorithm takes any form of data and
produces a mathematical result for the inputted data. This result is the hash
value. If a single character is changed in the message data while it is
transmitted on the network, the hash value will no longer be valid.
2. The resulting hash value is encrypted by using the sender’s private key. The
encryption protects the hash value from modification during the
transmission of the hash value to the recipient.
3. The sender sends the certificate, the encrypted hash value, and the original
data to the recipient. The certificate includes the sender’s public key as one
of the attributes of the certificate.
4. The recipient retrieves the sender’s public key from the received certificate.
The recipient uses the public key to decrypt the encrypted hash value. The
successful decryption and validation of the sender’s certificate proves that
the data originated from the sender.
5. The recipient passes the original data through the same hash algorithm. The
resulting hash value is compared to the hash value received from the sender.
If the two hash values are identical, the original data was not modified
during the transmission.
Troubleshooting S/MIME S/MIME requires that both the sender and recipient have a digital certificate,
issues and that sender and recipient obtain a copy of each other’s digital certificate
with the attached public key. Therefore, much of the troubleshooting for
S/MIME will be client-based certificate troubleshooting. Use the following
guidelines when troubleshooting S/MIME issues.
! Ensure that both sender and recipient have digital certificates. To send
encrypted e-mail, the sender and receiver must have digital certificates. The
easiest way to test whether a user has a certificate is to attempt to send a
signed message. Sending digitally signed messages does not require a user
to have anyone else’s certificate, but the user must have a certificate. If the
user cannot send digitally signed e-mail to anyone, then the user does not
have a certificate, or the private key may not be accessible. For example, the
user may have a private key on one computer, but this would not mean that
the user can send signed e-mail from another computer. If a user must be
able to send encrypted messages from multiple computers, then you can
export the private key from one computer and install it on other computers.
You can also store the private key as part of a roaming user profile.
! Ensure that the sender and recipient have each other’s public keys. To send
encrypted messages to another recipient, the sender must have the
recipient’s public key. If a user can digitally sign messages but cannot
encrypt messages, the problem is likely that the sender does not have the
required public key. The easiest way for the sender to get the public key is
for the recipient to send a digitally signed e-mail. The signed e-mail
includes the certificate and public key. When the signed e-mail arrives, save
the sender information in your address book. The certificate and public key
will be saved with the contact information.
! Ensure that the clients are configured to trust the other certificate. You may
encounter problems if the clients do not trust the CA used by the sender or
recipient. If you receive an encrypted or signed e-mail and your client is not
configured to trust the sender’s CA, you will receive a warning message. If
you are confident of the sender’s identity, you can configure your client to
trust the certificate explicitly. If you must exchange secure e-mail with
several users in the other organization, you may want to configure a trust
chain between a CA that you trust and the sender’s CA.
! Ensure that you can recover lost private keys. In many cases, a user’s
private key is stored on the local computer in a secure part of the user’s
profile. If that private key is lost due to a hard disk failure, you must be able
to recover the private key; if you cannot, the user will not be able to decrypt
messages using the associated public key. As a best practice, you should
export a copy of the private key to a secure location to ensure that you can
restore the key if needed. In most cases, you should also implement
procedures on the CA to provide for private key archival and retrieval.
Troubleshooting SSL Issues

Secure Sockets Layer (SSL) is a flexible security option that can be used to
secure e-mail related traffic from most messaging clients using any of the
Exchange Server 2003 supported protocols. With SSL, you can secure e-mail
whether you are using HTTP (Outlook Web Access or Outlook Mobile Access),
SMTP, IMAP4, POP3, or NNTP. SSL support is also enabled on Microsoft
Outlook Express®, Microsoft Outlook®, Internet Explorer, as well as on most
other Internet browsers and Internet protocol e-mail clients.
SSL is different than S/MIME in that SSL can only be used to authenticate
computers on a network and then to encrypt data in transit on a network. With
S/MIME, you can encrypt and sign e-mail messages and the messages remain
signed or encrypted while in the user’s mailbox. With SSL, you can encrypt all
network traffic as it transverses your network, but data is not encrypted while it
is in storage.
Benefits of using SSL One of the benefits of using SSL is that you can use SSL to encrypt all
messaging-related protocols supported by Exchange Server 2003. Implementing
SSL offers the following advantages:
! You can use Internet protocol applications to transmit confidential data on
the unsecured Internet. All data is encrypted from the client to the server,
including user authentication and messaging data.
! You can validate the identity of the Internet protocol server. The server
provides its certificate as a form of authentication. If the client is configured
to trust the certificate, and if the certificate passes all validity tests, the client
will authenticate and trust the server.
Secure Sockets Layer can also be used to secure RPC over HTTP traffic. To use
RPC over HTTP, you must deploy Exchange Server 2003 on Windows
Server 2003 in a Windows Server 2003 Active Directory environment.
Moreover, only Outlook 2003 clients support RPC over HTTP. If you do
deploy RPC over HTTP, you can configure both the Exchange server and the
client to require SSL, so that all RPC traffic is sent using HTTPS rather than
HTTP.
Implementing SSL Implementing SSL is significantly easier than implementing S/MIME because
you do not need to deploy certificates to the e-mail clients. Instead most
configurations for SSL occur on the Exchange server. Use the following steps
to implement SSL.
1. Configure a server-based certificate. This server-based certificate is used to
authenticate the server’s identity. The public key associated with the
certificate is used to create the encryption keys for encrypting traffic on the
network. In a Windows Server 2003 environment, you can use a commercial
CA certificate or an internal CA to issue the certificate.
2. Configure the protocol virtual servers to require SSL. After installing the
server certificate, configure the protocol virtual servers to require SSL. You
can use the same server certificate for all messaging protocols but you must
enable each protocol virtual server to use the certificate. To enable SSL
support on protocol virtual servers, first add the server certificate to the
server and then configure the protocol virtual server to require SSL.
Note When you configure a protocol virtual server to require SSL, it

will no longer accept any unsecured connections. If you need both
secure and unsecure protocol virtual servers, you must configure two
different virtual servers. If you want to make SSL optional on a
protocol virtual server, you can install the server certificate on the
server, but not require SSL on the virtual server.
3. Configure the network infrastructure to allow SSL ports. SSL uses ports
different from those used by unsecured protocol traffic, so you must open
the SSL ports. The following table shows the ports you must open when
using SSL:
Protocol SSL port
POP3 110 and 995 if using SSL

IMAP4 143 and 993 if using SSL
SMTP 25 with or without SSL
NNTP 119 and 563 if using SSL
HTTP (Outlook Web Access and 80 and 443 if using SSL
Outlook Mobile Access)
4. Configure the e-mail clients to use SSL. Once the server is configured to
support SSL, configure each client to use SSL when connecting to the
server.
5. If required, acquire a client certificate for Outlook Web Access (OWA) or
Outlook Mobile Access (OMA) e-mail clients. In environments that require
very high security, you may configure the HTTP virtual server to require
client certificates. Client certificates enable mutual authentication, ensuring
the identity of both the client and the server. If you require client
certificates, you must acquire and install a client certificate on each client
computer or device.
Troubleshooting SSL In most cases, troubleshooting SSL requires you to troubleshoot the server and
network configuration rather than the client configuration. Use the following
guidelines when troubleshooting SSL issues:
! Check the network configuration. To use SSL, clients must be able to
connect to the Exchange server using the correct port numbers. If clients
within your corporate intranet can use SSL, but cannot connect using SSL
from the Internet, ensure the SSL ports are accessible from the Internet.
! Check the certificate trust path. The server certificate must be trusted by the
e-mail client. If the certificate is not trusted, you may get an error message
on the client computer indicating that the certificate is not trusted. You can
then configure the client computer to trust the server certificate explicitly. If
users frequently access your Exchange server using public computers, you
should use a certificate from a trusted commercial CA.
! SSL is not supported between the front-end and back-end server. If you have
deployed a front-end and back-end server topology, you cannot use SSL to
secure traffic between the two servers. This means that the back-end
protocol virtual servers used by the front-end servers cannot be configured
to require SSL. To secure communication between front-end and back-end
servers, you should configure IPSec.
! Check client configuration. Each e-mail client must be configured to support
SSL. If one client cannot connect to your Exchange servers using SSL while
other users can connect, the problem is almost certainly a client
configuration error. If you have both SSL- and non-SSL-enabled protocol
virtual servers accessible to the client, you can first ensure that the client can
connect to the protocol virtual servers that do not require SSL. If they can
connect to these servers, but not to the servers that require SSL, then check
the client SSL configuration.
Pre-Lab Discussion

E-mail security is a significant issue for most companies and a great deal of
business-related information is sent using e-mail. The need for secure e-mail
adds a layer of complexity to your e-mail infrastructure that can result in
additional troubleshooting issues.
In this context, discuss what problems might cause the following symptoms:
! Users cannot send secure e-mail to each other using S/MIME.
! Users cannot access their mailboxes using RPC over HTTP.
! Users cannot receive Internet e-mail in a secure environment.
Lab: Troubleshooting Exchange Security

! Identify and resolve problems related to using SSL to secure e-mail.
configurations.
Important This lab addresses the concepts in this unit and therefore
may not comply with Microsoft security recommendations. For
example, this lab does not comply with the recommendation that you
should not log on using an administrative account.
Lab Virtual PC For the first two scenarios in the lab, you will use the London Virtual PC and
Configuration the Acapulco Virtual PC.
To prepare for this practice:
1. Start 2011_London Virtual PC if it is not already started.
2. Log on as NWTraders\Administrator with a password of P@ssw0rd.
3. Start the 2011_Acapulco Virtual PC. You will use Outlook 2003 and
Outlook Express on Acapulco to send and receive e-mail.
Certificate Authority London.nwtraders.msft is configured as a CA. To request a user certificate from

this CA, connect to https://london.nwtraders.msft/certsrv and log on with the
user name and password required for the lab. The CA is configured to issue
certificates automatically from authenticated users.
Navigating the flowchart In this lab, you will use the flowcharts and the Lab Toolkit resources to identify
and resolve the problems described in the scenarios. You will need to read the
scenario, the Level 1 support comments, and then use the flowcharts to identify
the cause of the problem. You will then need to perform the test case presented
at each decision point in the flowchart to determine which path to follow. Use
the letters on the flowchart to identify the Toolkit Resources that you can use to
help troubleshoot the problem. After you identify a potential solution, make the
configuration change and test your solution. When your solution resolves the
problem presented in the scenario, you have successfully completed the lab.
complete this lab:
A E F Help: Exchange: Managing Virtual Servers. To locate this information, open

Search for Configure Virtual Servers and select the appropriate topic for the type of
virtual server.
C Help: Outlook: Obtaining a Digital ID. To locate this information, open Outlook help
and then search for Get a digital ID.
C Help: Outlook: Sending Secure Mail. To locate this information, open Outlook help
and then search for Encrypt or digitally sign messages.
B Help: Outlook: Verifying account configuration. To locate this information, open
Outlook help and then search for View or change e-mail account settings.
F Help: Outlook Express: Adding a Contact’s Digital ID to your Address Book. To
locate this information, open Outlook Express help and then search for Add a
contact’s digital ID to your Address Book.
F Help: Outlook Express: Obtaining a Digital ID. To locate this information, open
Outlook Express help and then search for Obtain a digital ID and add it to your
e-mail account.
B Help: Outlook Express: Verifying account configuration. To locate this information,
open Outlook Express help and then search for Add a mail or news account.
A Help: Windows: Testing DNS. To locate information on locating resource records
using DNS administrator snap-in, search for Manage Resource Records.
F Help: Windows: Troubleshoot IPSec. To locate information regarding
troubleshooting IPSec, search Windows Server 2003 Online Help for IPSec and then
select Troubleshooting: Internet Protocol Security (IPSec).
A Impact of Virus and Content Scanners on Messaging Functionality
D Implementing and Testing RPC over HTTP
E F Implementing SSL for Exchange Server 2003
B Verifying that a Server is Online
A Using Dcdiag and Netdiag to Verify the Network Infrastructure
E F Using S/MIME to Sign and Seal E-mail Messages
A F Using the Telnet Command to Test the TCP Port Restrictions on a Firewall

14
Troubleshooting Security Issues

C
1. Check security configuration on
the client
2. Verify installation of secure mail
certificate on client for signing
MAPI messages
3. Verify receipt of secure mail
certificate from recipient for
Is Outlook
encrypting messages
Outlook using MAPI or RPC
over HTTP?
D
1. Check that RPC over HTTP
component is installed on
Can the user Yes, RPC over HTTP front-end server
What is the
Start send unsecure but not secure 2. Check that the RPC virtual
client type?
email? e-mail directory in IIS is configured
3. Check that port numbers are
configured in the registry of

Exchange servers and global
No catalog servers
4. Check that NSPI interface protocol
OWA sequences are configured on the
B global catalog server
POP/IMAP 5. Check that Outlook profile
1. Verify that the server is online configured correctly
Are all 2. Verify that the client can
users affected? No
connect to the Exchange server
3. Check email client configuration E
1. Check that HTTP virtual server
supports SSL
Yes
2. Check HTTP server security
configuration
A F 3. Check client browser type and
version
1. Check firewall to see if it allows 1. Check that required virtual servers 4. Check client security configuration
SMTP traffic into network support secure protocols
2. Check DNS Host and MX records 2. Check that required virtual servers are
3. Check SMTP virtual server to verify accessible from the Internet using secure
it responds on port 25 ports
4. Check security configuration on the 3. Check virtual server security configuration
SMTP virtual server 4. Check security configuration on the client
5. Check SMTP gateway or smart host 5. Check installation of secure e-mail
configuration certificate for signing messages
6. Check anti-virus and content 6. Check receipt of secure mail certificate
scanning solutions from recipient for sealing messages
Troubleshooting Security Issues
Can the user Yes,

Start send unsecure but not secure
email? e-mail
No
B
1. Verify that the server is online
Are all 2. Verify that the client can
users affected? No
connect to the Exchange server
3. Check email client configuration
Yes
A
1. Check firewall to see if it allows
SMTP traffic into network.
2. Check DNS Host and MX records
2. Check SMTP virtual server to verify
it responds on port 25
3. Check security configuration on the
SMTP virtual server
4. Check SMTP gateway or smart host
configuration
5. Check anti-virus and content

scanning solutions
15
16
Troubleshooting Security Issues C

1. Check security configuration on
the client
2. Verify installation of secure mail
certificate on client for signing
MAPI messages
Is Outlook
3. Verify receipt of secure mail
using MAPI or
certificate from recipient for
RPC over HTTP?
encrypting messages
Outlook
D
RPC over HTTP
1. Check that RPC over HTTP
What is the component is installed on
client type? front-end server
2. Check that the RPC virtual

directory in IIS is configured
3. Check that port numbers are
configured in the registry of
Exchange servers and global
catalog servers
OWA 4. Check that NSPI interface protocol
sequences are configured on the
global catalog server.
POP/IMAP 5. Check that Outlook profile
configured correctly
F E
1. Check that required virtual servers 1. Check that HTTP virtual server
support secure protocols. supports SSL.
2. Check that required virtual servers are 2. Check HTTP server security
accessible from the Internet using configuration
secure ports 3. Check client browser type and
3. Check virtual server security configuration version
4. Check security configuration on the client 4. Check client security configuration
5. Check installation of secure e-mail
certificate for signing messages
6. Check receipt of secure mail certificate
from recipient for sealing messages
Exercise 1
Troubleshooting Solutions When Users Cannot Send and Receive
Encrypted E-mail
In this exercise, you will use the flowchart and the Lab Toolkit resources to
Scenario Fernando Caro has entered a service request. The service request states that
Fernando cannot send and receive encrypted e-mail from Eric Parkinson. Both
users work in the accounting department and frequently send highly
confidential documents to each other. Both users’ mailboxes are on London.
You must resolve the problem so that both users can send and receive encrypted
and signed e-mail from each other. Read the Level 1 support comments, and
resolve the problems.
In this exercise, you will need to log on to Outlook 2003 on Acapulco using
NWTraders\EricParki. You will need to use Outlook Express on London using
NWTraders\FernandoCaro for an identity.
Level 1 support “I talked to both Eric and Fernando. Eric Parkinson works in the office and is
comments using Outlook 2003 as his e-mail client. Fernando Caro works from a remote
office that does not have a dedicated connection to the head office, and so he
uses Outlook Express which has an IMAP connection to the Exchange server.
“Eric and Fernando are involved in highly confidential negotiations to buy
another company so they have to be able to send encrypted and signed e-mail to
each other.
“I confirmed that both of them can get access to e-mail on the Exchange server
using their normal clients.
“They both say that they have not sent encrypted e-mail to anyone else in the
company, and do not need to do so.
“I told both of them that I didn’t know if we could set them up to send
encrypted e-mail to each other. They were not impressed by this.”

________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Exercise 2
Troubleshooting Solutions When Users Cannot Connect to
Exchange Using RPC over HTTP
In this scenario, you will test to ensure that RPC over HTTP is working. To
ensure that Outlook is connecting to the Exchange server using RPC over
HTTP rather than RPC over TCP/IP, use the following procedure:
1. Open Outlook using a profile that is configured to use RPC over HTTP.
2. From your desktop, in the Application tray, hold down the CTRL key, right-
click the Outlook icon, and then click Connection Status.
3. In Connection Status, verify that the connection type is HTTPS.
Scenario Judy Lew has entered a service request. Her service request states that she
cannot connect to her mailbox from home. Judy Lew is one of the first users to
be configured to use RPC over HTTP, and her connection is not working.
You must resolve the problem so that Judy Lew can connect to the Exchange
server using RPC over HTTP. Read the Level 1 support comments, and resolve
the problems.
In this exercise, you will need to log on to Outlook 2003 on Acapulco using
NWTraders\JudyLew.
Level 1 support “She picked up the laptop at the office, and her e-mail worked fine in the office.
comments She was told that the laptop was completely configured and ready to go. But
when she connects to the Internet from home, she can’t get access to her e-mail.
She can open Outlook and she gets a logon screen. When she enters her
username and password, the logon screen keeps coming back. I got her to try to
use nwtraders\judylew and judylew@nwtraders.msft and neither name works.
“She says that she can browse the Internet from home.”

________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Exercise 3
Troubleshooting Solutions When Users Cannot Receive Internet
E-mail
For this exercise, you will use the London Virtual PC and the Vancouver
Virtual PC.
3. Log on to Vancouver as Contoso\administrator with a password of
P@ssw0rd. You will use Vancouver to simulate an Internet SMTP server to
troubleshoot Internet e-mail delivery.
4. You will use Outlook Web Access on London to test e-mail functionality on
the London Virtual PC.
5. To create the troubleshooting scenarios, run the Breaklab8c.bat from the
c:\moc\2011\Labfiles\Lab08 directory located on 2011_London Virtual PC.
Scenario Deb Waldal has entered a service request. Her service request states that she
cannot receive Internet e-mail. She is not receiving any messages from the
Internet.
You must resolve the problem so that Deb can receive e-mail from the Internet.
Read the Level 1 support comments, and resolve the problems.
NWTraders\DebWalda.
Level 1 support “Urgent!! Talked to Deb and she says a customer sent her some urgent e-mail
comments first thing this morning and it hasn’t been delivered. Checked if I could receive
e-mail from the Internet, and I cannot receive Internet e-mail either.
“Immediately escalated this to second-level support.”

________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Lab Virtual PC For this lab, you used the Vancouver and London Virtual PCs. Please undo any
Clean-Up changes that were made during your troubleshooting by closing each image.

Lab Discussion

place?
! What is different in your work environment than the test environment?
problems?
Workshop Evaluation

Your evaluation of this workshop will help Microsoft understand the quality of
your learning experience.
At a convenient time before the end of the workshop, please complete a
workshop evaluation, which is available at http://www.CourseSurvey.com.
Microsoft will keep your evaluation strictly confidential and will use your
responses to improve your future learning experience.

Unit 9: Troubleshooting the Migration to
Exchange 2003
Contents
Overview 1
Standard Migration Overview 2
External Migration Overview 5
Troubleshooting Migration Issues 7
Lab: Troubleshooting the Migration to
Exchange 2003 12
Lab Discussion 24
respective owners.
Unit 9: Troubleshooting the Migration to Exchange 2003 1
Overview

Because you cannot migrate from Microsoft® Exchange 5.5 to Microsoft
Exchange Server 2003 without also migrating from a Microsoft Windows NT™
domain infrastructure to Microsoft Active Directory® directory service, the
migration from Exchange 5.5 to Exchange Server 2003 can be complicated.
This unit provides an overview of the two primary strategies for migrating from
Exchange 5.5 to Exchange Server 2003. The standard migration is to upgrade or
migrate the Windows NT domains to Active Directory and then to upgrade the
Exchange 5.5 organization to an Exchange Server 2003 organization. The
external migration strategy is to create a new Microsoft Windows Server™ 2003
Active Directory forest and a new Exchange Server 2003 organization. Once
these have components have been created, you would then migrate the
Windows NT user and computer objects into the forest, establish any
connectivity to other messaging systems, and then migrate the mailboxes and
public folders into the Exchange organization. In most cases, implementing the
standard migration is easier, but the external migration has the advantage that
you can change the domain and Exchange organization structure.
Objectives After completing this unit, students will be able to:
! Identify the underlying causes when a user cannot access their mailbox after
a migration and resolve the problem.
! Identify the underlying causes when a user cannot send e-mail to the
Exchange 5.5 organization during a migration and resolve the problem.
! Identify the underlying causes when a user cannot send e-mail to some users
during a migration and resolve the problem.
2 Unit 9: Troubleshooting the Migration to Exchange 2003
Standard Migration Overview

A standard migration involves upgrading the existing Exchange 5.5
organization to an Exchange Server 2003 organization. This migration path is
the easiest to take, because you can just prepare Active Directory for Exchange
Server 2003, install Exchange Server 2003 servers, and then move mailboxes,
public folders, and connectors from the Exchange 5.5 servers to the Exchange
Server 2003 servers. There are no coexistence issues in a standard migration.
Preparing Active Before you can install Exchange Server 2003, you need to create an Active
Directory Directory Forest and then prepare the forest for a computer running Exchange
Server 2003. A computer running Exchange Server 2003 stores all its
configuration and recipient information in Active Directory, so it cannot install
Exchange 2003 in a Windows NT domain.
Creating and populating The first step in migrating from Exchange 5.5 to Exchange Server 2003 is to
the Active Directory perform a domain migration from Windows NT to Windows Server 2003
forest Active Directory. There are two primary ways to perform this migration:
! Upgrade existing Windows NT 4.0 domain to Active Directory domains.
With this option, you upgrade the domain by upgrading the primary domain
controller from Windows NT 4.0 to Windows Server 2003. After the
operating system upgrade is completed, the domain is also upgraded to
Windows Server 2003 Active Directory. Upgrading the domain in this way
retains the security identifier (SID) for each user and group account, which
means that user access to domain resources is not affected.
! Use Active Directory Migration Tool (ADMT) to migrate users and
computers from a Windows NT 4.0 domain to an Active Directory domain.
With this option, you create a new Active Directory domain and then use
the ADMT to create cloned user accounts from the Windows NT domain in
the Active Directory domain. When you clone the user accounts, you can
retain the SID that the users had in the Windows NT domain by using the
SIDHistory attribute, so that users can log into the Windows Server 2003
domain and retain access to resources in the Windows NT domain.
In some cases, you may use a combination of the two migration options. For
example, you may upgrade one of your Windows NT domains, and then use
ADMT to migrate users and computers from other domains into the upgraded
domain.
Implementing Active After you populate Active Directory with Windows NT 4.0 user and group
Directory Connector accounts, the next step is to connect your Exchange 5.5 directory to Active
Directory. To do this, you must implement the Active Directory Connector
(ADC). The ADC synchronizes mailbox and distribution list information from
the Exchange 5.5 directory to Active Directory user accounts and groups,
thereby eliminating the need for re-entering this data in Active Directory.
One issue that you need to confront before you implement the ADC is that, in
Windows NT 4.0 and Exchange 5.5, you could have a user account that was the
primary NT account for more than one mailbox. Active Directory and
Exchange 2003 no longer allow a user account with more than one mailbox.
You can use the Resource Mailbox Wizard from the ADC Tools to match the
appropriate primary mailbox to the Active Directory account and stamp other
mailboxes with the NTDSNoMatch value, which designates the mailboxes as
resource mailboxes. If you do this, the ADC will create new user accounts for
the resource mailboxes in Active Directory.
Run ForestPrep After you configure the Active Directory Connector, run Exchange 2003 Setup
using the ForestPrep command-line switch. Exchange 2003 ForestPrep extends
the Active Directory schema to include Exchange-specific classes and
attributes. ForestPrep also creates the container object for the
Exchange organization in Active Directory. You need only run ForestPrep once
in a forest.
The account you use to run ForestPrep must be a member of the Enterprise
Admins and the Schema Admins groups. You must also designate an account
that has Exchange Full Administrator permissions to the organization object.
This account will be granted the authority to install and manage Exchange 2003
throughout the forest. This account also will be granted the authority to delegate
additional Exchange Full Administrator permissions after the first server is
installed.
Run DomainPrep After you run ForestPrep and allow time for replication, you must run
Exchange 2003 DomainPrep. DomainPrep creates the groups and permissions
necessary for Exchange servers to read and modify user attributes. The account
you use to run DomainPrep must be a member of the Domain Admins group in
the local domain and must also be a local computer administrator. You must run
DomainPrep in the forest root domain, in all domains that will contain
Exchange 2003 servers, and in all domains that will contain Exchange
Server 2003 recipients.
Installing Exchange After you finish preparing the Active Directory forest, you can begin installing
Server 2003 Exchange 2003 servers. When you install the initial Exchange 2003 server into
an Exchange 5.5 site, Exchange 2003 Setup creates an administrative group that
maps to the Exchange 5.5 site, and also creates a configuration connection
agreement between Active Directory and your Exchange 5.5 site. Configuration
connection agreements replicate Exchange-specific configuration information
between the Exchange 5.5 directory and Active Directory. These agreements
help Exchange 2003 to coexist with previous versions of Exchange. Exchange
Server 2003 automatically manages the configuration connection agreements.
Moving mailboxes, The final migration task is to move your Exchange 5.5 mailbox, public folder
public folders and contents and the messaging connectors to Exchange 2003 servers. To move
connectors mailboxes from an Exchange 5.5 server to an Exchange 2003 server in the same
administrative group, use the Exchange Task Wizard in Active Directory Users
and Computers. With the Exchange Task Wizard, you can select user accounts
with mailboxes on the Exchange 5.5 server and move multiple mailboxes at one
time to the Exchange 2003 servers. When moving mailboxes from an Exchange
5.5 server in one administrative group to an Exchange 2003 server in another
administrative group, you will need to use a tool like Exmerge.
Exchange Server 2003 includes the Microsoft Exchange Public Folder
Migration Tool (pfMigrate) which is used to migrate both system folders and
public folders from Exchange 5.5 servers to Exchange 2003 servers. You can
use pfMigrate to create system folders and public folder replicas on the new
server and, after the folders have been replicated, you can remove the replicas
from the source server. The pfMigrate tool is run from the Exchange Server
Deployment Tools, which are launched automatically when you access the
Exchange Server 2003 installation media.
In order to migrate messaging connectors from Exchange 5.5 servers to
Exchange 2003 servers, you will need to configure new connectors on the
Exchange 2003 servers that provide the same functionality as the connectors on
Exchange 5.5. If you configure the Exchange 2003 connectors with a lower
cost, all messaging traffic will start flowing through the Exchange 2003
connectors. After confirming that all messages are using the Exchange 2003
connectors, you can delete the connectors from the Exchange 5.5 servers.
Note The Exchange Server 2003 compact disk includes the Exchange
Server Deployment Tools which consists of tools and documentation
that help with your migration. You should use the Exchange Server
Deployment Tools to guide you through the migration process.
External Migration Overview

Another option for performing an Exchange migration is to create an
Exchange 2003 organization, and then migrate all Exchange objects such as
mailboxes, public folders and custom recipients from the original Exchange 5.5
organization to the new Exchange 2003 organization. Performing an external
migration can be significantly more complicated than a standard migration,
especially if the migration will take an extended period and you require
coexistence between the two organizations during the migration. The first steps
in an external migration are similar to the standard migration.
Preparing Active To prepare the Active Directory forest for an external migration, you must
Directory install a new Active Directory forest and then use ADMT to migrate user
accounts into the new forest. In most cases, you will migrate the user accounts
from the Windows NT domain before you migrate the mailboxes. This means
that the users may be logging into the Active Directory domain, but still
attempting to access their mailboxes on the Exchange servers in the
Windows NT domain. To allow migrated users to continue to access their
Exchange 5.5 mailboxes, you must choose to migrate the user SIDHistory from
the Windows NT domain.
You also need to run ForestPrep and DomainPrep in the new Active Directory
forest.
You must migrate the Exchange 5.5 mailbox ACLs if you need your migrated
users to continue to have access to their Exchange 5.5 mailbox for any period
after the user account migration is completed. To do this, use ADMT to modify
the primary NT account attribute on the mailboxes on the Exchange 5.5 servers
to use the cloned Active Directory accounts.
You must also install and run the Active Directory Connector as part of an
external migration. Similar to a standard migration, you should use the
Resource Mailbox Wizard to populate the resource mailbox attribute with the
NTDSNoMatch value to ensure that the ADC will create the appropriate user
accounts in Active Directory. If you are performing an external migration,
however, you must configure an interorganization connection agreement when
you configure the connection agreements in the ADC. This connection
agreement synchronizes information between the Exchange 5.5 organization
and the Active Directory forest. You cannot use the Exchange Deployment
tools to create an interorganization connection agreement.
Installing Exchange In an external migration, you can start installing Exchange 2003 servers after
Server 2003 you have run ForestPrep and DomainPrep. Because the servers are in an
organization different from the original Exchange 5.5 organization, you can
deploy the servers early in the migration project and test mail connectivity
without affecting the production environment. You can also configure all the
messaging connectors in the new organization, confirm that messages flow
throughout the organization, and confirm that messages are flowing to and from
the Internet.
Moving mailboxes and The Exchange Server Migration Wizard can be used to migrate mailboxes from
public folders an Exchange 5.5 server in one organization to an Exchange 2003 server in
another organization. The wizard extracts data from other messaging systems
and imports that data into Active Directory and the Exchange store. The wizard
can add new users to Active Directory if you migrate mailboxes that do not
already have a corresponding user account in Active Directory, and it adds new
e-mail and calendar data to the Exchange store for any new user accounts that
are created during migration. You can use the wizard to migrate all the
information in the Exchange 5.5 mailboxes including: inbox, drafts, sent items,
calendar, tasks, custom folders created by the mailbox owner, and contacts.
After you move the mailboxes, you can replicate the public folders. To replicate
public folders between the different Exchange organizations, use the InterOrg
Replication Utility. This utility allows the coordination of meetings,
appointments, contacts, and public folder information between Exchange
organizations.
Coexistence during An external migration is usually much more complicated than a standard
migration migration. The primary reason for this complication is that the migration can
take an extended period in a large corporation. During this migration project,
you not only have to support two Exchange organizations, but you also have to
manage the coexistence between the two organizations. In most cases,
companies cannot afford any extended disruption in messaging services. There
are many issues that you may need to deal with during the period of
coexistence, including:
! Message routing between the two organizations.
! SMTP address sharing between the two organizations.
! Maintaining current global address list information in both organizations.
! Dealing with client configuration issues in both organizations.
Note The lab in this unit deals with several of the coexistence issues
that can arise during an external migration. The toolkit resources in the
lab provide alternatives for dealing with and troubleshooting these
issues.
Troubleshooting Migration Issues

The migration from Exchange 5.5 to Exchange Server 2003 is a complicated
procedure. There are many opportunities for the migration to go wrong and, as a
result, many troubleshooting opportunities.
Troubleshooting Active Preparing the Active Directory forest is the first step in an Exchange migration.
Directory preparation There are several points at which this preparation could fail. One simple way to
minimize problems during migration is to use the Exchange Deployment Tools
whenever possible.
Troubleshooting the Using the following guidelines when troubleshooting Active Directory
Active Directory Migration Tool issues:
Migration Tool
! Check Domain Controller availability. In order to migrate user accounts
from one domain to another, the workstation or server where you run the
ADMT must be able to connect to domain controllers in both domains. Use
the DCDiag command-line tool to test connectivity. If the domain
controllers are not accessible, check DNS or WINS to determine
connectivity issues.
! Verify source domain controllers are NT 4.0 SP4 or higher. The Windows
Server 2003 version of ADMT requires that the NT 4.0 domain controllers
have at least SP4 or higher installed.
! Verify two way trusts between the domains. In order to migrate user
accounts, each of the two domains must be configured with a two-way trust
with the other domain. Use Windows Server 2003 Active Directory
Domains and Trusts to verify the trusts. If the trusts are listed, but cannot be
verified, delete the trusts from both domains and recreate them.
! Verify that you have administrative permissions in both domains. To
migrate the user accounts, you must be a member of the Administrators
group on the Windows NT domain controllers, and a member of the Domain
Admins group in the Windows Server 2003 domain. In most cases, the
easiest way to configure this is to add your user account to both groups. The
trusts between the domains must be in place before you can add your user
account to the Windows NT group.
! Verify that the Windows Server 2003 domain is at Windows 2000 Native
functional level or higher. To populate the SIDHistory attribute, the
destination domain must be at this functional level. If the domain is not at
the required functional level, determine if there is any reason why the
domain functional level has not been raised. If possible, raise the functional
level to at least Windows 2000 Native before running the ADMT.
Troubleshooting Using the following guidelines when troubleshooting ForestPrep and

ForestPrep and DomainPrep issues:
DomainPrep
! Verify that you have the required administrative rights. To run setup with
the ForestPrep command-line option, you must use a user account that is a
member of the Schema Admins and Enterprise Admins group. To run setup
with the DomainPrep command line option, you must be a member of the
Domain Admins group in the domain that you are preparing.
! Verify that the schema master domain controller is available. To run
ForestPrep, the schema master must be accessible on the network. As a best
practice, you should run ForestPrep on the domain controller that holds the
schema master role.
! Verify that the domain naming master is available. In order to run
DomainPrep, the domain naming master must be accessible on the network.
Troubleshooting Active Using the following guidelines when troubleshooting Active Directory
Directory Connector Connector issues:
! Verify correct Active Directory Connector version is installed. To
synchronize Exchange 5.5 information to Windows Server 2003 Active
Directory, you must use the Exchange Server 2003 or the Windows
Server 2003 version of the Active Directory connector. To replicate
configuration information from the Exchange 5.5 organization to Active
Directory, you must use the Exchange Server 2003 version of the ADC. If
you have already implemented Active Directory Connector using the
Exchange 2000 version, you must upgrade the ADC to the Exchange
Server 2003 version throughout your organization.
! Check the Connection Agreement configuration. If the ADC is not
replicating directory information as you expected, there are several
configuration settings on the ADC that you can review:
• Check the replication direction. The connection agreement can be
configured to replicate from Exchange to Active Directory, from Active
Directory to Exchange or both ways. If directory information is only
being replicated in one direction, then check the replication direction.
• Check the user account permissions. To configure a two-way connection
agreement, you must provide a user name and password for user
accounts that have read and write permissions in both Active Directory
and Exchange 5.5. If information is not being replicated in one direction,
check the permissions assigned to the user account.
• Check the source and destination directory containers. If the replicated

objects are not appearing where you expected in either directory, then
check the destination container. If some objects are not being replicated
at all, then check the source directory container.
• Check the primary connection agreement configuration. If you have
more than one Exchange 5.5 site or more than one Active Directory
domain and duplicate objects are being created in either directory, then
check the primary connection agreement configuration. The primary
connection agreement setting specifies where new objects will be
created the other directory, and if you have two connection agreements
that are configured as primary, duplicate objects may be created.
Troubleshooting Using the following guidelines when troubleshooting mailbox migration issues:
mailbox migration
! Verify availability of both servers. If you cannot migrate mailboxes from
one server to another, then verify that both the Exchange servers are
available. If you are using one of the migration tools in Exchange
Server 2003 to move the mailboxes, the tool will tell you which server is not
available. If one server is not available, try opening a mailbox on the server
using an e-mail client from a workstation. If you can connect using the
e-mail client, then check the network configuration of the server where you
are running the migration tool. If you cannot open the mailbox using an
e-mail client, then check the network connectivity to the server, and ensure
that all required Exchange services are running on the server.
! Must have Send As and Receive As permissions when using Exmerge. To
migrate mailboxes to an Exchange 2003 server, you must use a user account
that has Send As and Receive As permissions for every mailbox that you
migrate. In an Exchange 5.5 organization, the Exchange service account has
these permissions.
Troubleshooting client Using the following guidelines when troubleshooting client issues:
issues
! Check the profile configuration. Whenever a user mailbox is moved from
one site to another or from one organization to another, the user profile must
be modified on the user workstation. In some cases, you can just reconfigure
the user profile to use the new Exchange server in the new organization.
However, there are several issues that can complicate the client
reconfiguration. For example, if the client is using an offline folder store
(.ost file), the .ost file must be deleted and recreated after the mailbox is
moved. If the user has problems with their e-mail profile after the migration,
often the easiest solution is to delete the profile and recreate it.
! Troubleshooting mailbox connectivity issues before moving the mailbox. In
some cases, users cannot connect to their mailbox after you run the ADMT.
If the mailboxes are still on the Exchange 5.5 servers, and the users are
logging into the Active Directory domain, verify that the SIDHistory
attribute is populated on the user accounts. If you have run the Exchange
Directory Migration Wizard in ADMT, then verify that the primacy NT
accounts on the Exchange mailboxes have been changed to the Active
Directory accounts.
! Troubleshooting mailbox connectivity issues after moving the mailbox. In

some cases, users cannot connect to their mailboxes after the migration. The
first step in troubleshooting is to verify that the client workstation has
network connectivity to the server, and that the client can resolve the server
name. If the client workstation can connect to the server, then check the
mailbox permissions. If the user account was the primary NT account for
multiple mailboxes on the Exchange 5.5 server and the NTDSNoMatch
attribute was not configured correctly, the user’s account may be linked to a
resource mailbox and a new account created for the user’s personal mailbox.
Note The lab in this module includes a client connectivity issue that you
need to troubleshoot. For additional information on client configuration
issues that you may need to troubleshoot, review the toolkit resources
included in the lab.
Pre-Lab Discussion

The migration from Exchange 5.5 to Exchange Server 2003 is a complicated
process. This unit discussed two options for migrating from Exchange 5.5 to
Exchange Server 2003; either by performing a standard migration or by
performing an external migration.
The lab in this unit assumes that you have started an external migration. The lab
is configured to simulate an environment where you have migrated all the user
accounts to Active Directory and you have moved some mailboxes to Active
Directory. This means that you have two Exchange organizations that must
coexist.
In this scenario, a number of issues could arise that you need to troubleshoot. In
this context, discuss what problems might cause the following symptoms:
! Users cannot access their mailboxes using their Microsoft Outlook® client.
! Internet e-mail is not being delivered to some users while it is being
delivered to other users.
! A user cannot send e-mail to some users, but can send e-mail to other users.
Lab: Troubleshooting the Migration to Exchange 2003

! Identify the underlying causes when users cannot access their mailboxes
after a migration and resolve the problem.
Exchange 5.5 organization during a migration and resolve the problem.
! Identify the underlying causes when a user cannot send e-mail to some users
Lab scenario In this lab, you will troubleshoot errors that may appear during a migration
from Exchange 5.5 to Exchange Server 2003. The lab environment simulates an
external migration in which the Contoso Exchange 5.5 organization is being
migrated to the Northwind Traders Exchange Server 2003 organization. The lab
scenario assumes that the migration is partially completed and the two
Exchange organizations coexist while the migration is completed.
Lab Domain The following diagram illustrates how the relevant domains are configured in
Configuration the scenario.
Important In this scenario, all the user accounts in the Contoso domain
have been migrated to the Nwtraders domain. All users should be
logging into the Nwtraders domain. The only exception is if you need to
log in as Contoso\Administrator.
Internet Message The following diagram illustrates the message-routing design that is being
Routing Design implemented at Northwind Traders. All inbound and outbound Internet e-mail
must be routed through London.nwtraders.msft.
Lab Virtual PC For this lab, you will use the London Virtual PC and the Vancouver Virtual PC.
Configuration
2. Log on as NWTraders\Administrator with a password of P@ssw0rd. You
will use Outlook Web Access (OWA) on London to check e-mail for the
affected users in the lab scenarios.
Navigating the flowchart In this lab, you will use the flowcharts and the Lab Toolkit resources to identify
and resolve the problems described in the scenarios. You will need to read the
scenario, the Level 1 support comments, and then use the flowcharts to identify
the root cause of the problem. You will then need to perform the test case
presented at each decision point in the flowchart to determine which path to
follow. Use the letters on the flowchart to identify the Toolkit Resources that
solution resolves the problem presented in the scenario, you have successfully
completed the lab.
complete this lab:
Flow Chart
Resources Resources Used for this Flow Chart
E Help: Exchange 2003. Configuring an SMTP Connector. To locate this information, open
the Exchange System Manager, click Help, then click Help Topics, and then click Search.
Search for SMTP Connector and then select Install an SMTP Connector.
C D E Help: Exchange 2003. Configuring Diagnostic Logging. To locate this information, open
the Exchange System Manager, click Help, then click Help Topics, and then click Search.
Search for Diagnostic Logging and then select Configure Diagnostic Logging.
C D E Help: Exchange 2003: Tracking Messages. To locate this information, open the Exchange
System Manager, click Help, then click Help Topics, and then click Search. Search for
message tracking and then select Use the Message Tracking Center.
A B Help: Exchange 2003. Viewing and Modifying Mailbox Permissions. To locate this
information, search for Mailbox permissions and click the article named Manage Mailbox
Permissions.
A B Help: Exchange 5.5. Viewing and Modifying Mailbox Permissions. To view this
information, open the Exchange Administrator and click a mailbox in the recipients’
container. Click the Permissions tab and then click Help.
D Help: Windows: Testing DNS. To locate information on locating resource records, open
DNS administrator snap-in and search for Manage Resource Records.
D Help: Windows: Using NSLookup. To locate information on using NSLookup to test DNS,
open a command prompt and type NSLookup to start the NSLookup tool, and then type
Help.
A Help: Windows: Verifying Trusts between NT 4 and Windows Server 2003 domains. To
locate information on verifying trusts search for Verify Trusts click the article entitled
Verify a trust.
C D Configuring a Shared SMTP Address Space
C D E Routing Messages During Migration
B C Troubleshooting Addressing Errors
A C D E Verifying That a Server is Online
A B Verifying That the SIDHistory Attribute Is Populated on Migrated Objects

16
Troubleshooting the Migration to Exchange 2003
End
Start
No
A
1. Verify server is online Did you
Can the user 2. Check client configuration and SID modify Exchange 5.5 Restart Exchange 5.5
access their mailbox? No Yes
3. Check mailbox permissions mailbox configuration directory service
4. Check domain trusts or permissions?
Yes
B
1. Check recipient address
How many users 2. Check client configuration and SID
are experiencing One 3. Check client address book
message delivery configuration for addressing errors
errors? 4. Check mailbox permissions
E
2. Check message routing configuration
Is message Is the message to the Internet
Multiple delivery failing for Yes being sent to the Yes
3. Check SMTP connector configuration
Internet e-mail? Internet? 4. Track messages
5. Enable diagnostic logging on transport
No, between the No, being received

Exchange organizations from the Internet
C D
1. Verify server is online 1. Verify server is online
2. Check addressing configuration in both 2. Check message routing configuration from the
organizations Internet
3. Check if organizations are sharing an SMTP 3. Check DNS MX record configuration
address space 4. Check if organizations are sharing an SMTP
4. Check message routing configuration between address space
the organizations 5. Track messages
5. Track messages 6. Enable diagnostic logging on transport
End
Start
No
A
1. Verify server is online Did you
Can the user 2. Check client configuration and SID modify Exchange 5.5 Restart Exchange 5.5
access their mailbox? No Yes
3. Check mailbox permissions mailbox configuration directory service
4. Check domain trusts or permissions?
Yes
B
1. Check recipient address
How many users 2. Check client configuration and SID
are experiencing One 3. Check client address book
message delivery configuration for addressing errors
errors? 4. Check mailbox permissions
Multiple
17
18
E
2. Check message routing configuration
Is message Is the message
to the Internet
Multiple delivery failing for Yes being sent to the Yes
3. Check SMTP connector configuration
Internet e-mail? Internet?
4. Track messages
No, between the No, being received

Exchange organizations from the Internet
C D
1. Verify server is online 1. Verify server is online
2. Check addressing configuration in both 2. Check message routing configuration from the
organizations Internet
3. Check if organizations are sharing an SMTP 3. Check DNS MX record configuration
address space 4. Check if organizations are sharing an SMTP
4. Check message routing configuration between address space
the organizations 5. Track messages
5. Track messages 6. Enable diagnostic logging on transport
Exercise 1
Troubleshooting Solutions When Users Cannot Access Their
Mailboxes
In this exercise, you will use the flowchart and the Lab Toolkit resources
identified at the beginning of this lab to identify and resolve the problem in the
scenario.
Scenario Salman Mughal has entered a service request. The service request states that
Salman is unable to access his mailbox. When he tries to open his mailbox, he
gets an error message saying that he does not have permission to log on.
Note Although Salman Mughal’s user account has been migrated to

Nwtraders, his computer account is still located in the Contoso domain.
To simulate this, log on to Vancouver as nwtraders\salmanmugha and
then use Outlook 2000 on Vancouver to access Salman’s mailbox.
Level 1 support “Talked to Salman, when he opens Outlook on his computer he gets an error
comments message saying that he does not have permission to log on to the Exchange
server.
“Checked with the migration project. Salman’s user account was migrated on
the weekend to the Nwtraders domain, and his mailbox is still on the Vancouver
Exchange 5.5 server. Salman must log into the Nwtraders domain and access
his mailbox on the Vancouver server.
“His e-mail was working fine on Friday before they migrated his account.”
You must resolve the problems so that Salman Mughal can access his mailbox
on the Exchange servers.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Exercise 2
Troubleshooting Solutions When Users Cannot Receive Internet
E-Mail
scenario.
Lab note: This scenario requires that you send Internet e-mail to the London server to test
whether you can send e-mail to all Northwind Traders and Contoso servers
from the Internet as indicated in the diagram at the beginning of this lab. In
earlier labs, you used the Vancouver to simulate the Internet e-mail server. This
lab however, simulates a migration scenario where the Exchange 5.5
organization is being migrated to the Exchange Server 2003 organization. To
simulate the Internet connection to London in this lab, use the following
procedure:
1. From Vancouver, open a command prompt and type Telnet london 25.
2. Type ehlo. The server will respond with a listing of the functionality
supported by the server.
3. Type mail from: Test@fabrikam.com
4. Type rcpt to: recipientname where recipientname is the full SMTP address
for the recipient to whom you are sending e-mail.
5. If the Exchange server returns an error message indicating that relaying is
not allowed for that domain, then you cannot send e-mail to the recipient. If
the Exchange server returns a message such as 250 2.1.5 recipientname then
the server will accept the message.
6. Type data
7. Type a short message and press ENTER. Type . (a period) and press Enter
again.
8. Type quit to exit the telnet session.
This procedure tests whether you can send an e-mail message from a recipient
that is outside either Exchange organization to a user in the Exchange
organization.
Important When typing these commands in telnet, you must type each
line without an error. If you make an error, press Enter and retype the
line. You may wish to turn on echo to better identify typing errors in the
Telnet window.
Scenario Tawana Nusbaum has entered a service request. Tawana is the purchasing
manager and her service ticket says that she is not receiving e-mail from
Internet users. The Internet users are sending e-mail to Tawana’s
TawanaNusba@Contoso.msft address and the e-mail is not being delivered to
her mailbox on the London Exchange server. Other members of her team,
whose mailboxes are still on the Vancouver Exchange 5.5 server, are also not
receiving Internet e-mail.
Level 1 support “Talked to Tawana. She is not receiving any e-mails from her suppliers on the
comments Internet. She talked to other members of her team, and they are experiencing the
same problem.
“I checked with the migration team, Tawana’s mailbox just got migrated to the
server running Exchange Server 2003 over the weekend. Some members of her
team also had their mailboxes migrated.
“I checked with Rebecca Laszlo, who is a member of Tawana’s team and
whose mailbox is on the Exchange 5.5 server. Rebecca is also not receiving the
e-mail messages from the Internet.
“The suppliers on the Internet are using the address
TawanaNusba@Contoso.msft to send e-mail to Tawana and
RebeccaLaszl@Contoso.msft to send e-mail to Rebecca.
“Tawana is really irritated by this, she says that she and all her team members
rely a great deal on e-mail, and they have to be able to send e-mail to each other
and to and from Internet clients.”
You must resolve the problem so that Tawana Nusbaum and Rebecca Laszlo
can send and receive e-mail from both Exchange organizations as well as
Internet users.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Exercise 3
Troubleshooting Solutions When Users Cannot Send E-Mail to
Some Recipients
scenario.
For this lab, you are resolving a problem for a user with a mailbox on the
Vancouver Exchange 5.5 server. To troubleshoot the problem, log on to
Vancouver using Nwtraders\RichardCarey and use Outlook 2000 to
troubleshoot the e-mail delivery.
Scenario “Richard Carey has entered a service request. His service request states that he
is unable to send e-mail to Jim Kim at jimkim@nwtraders.msft. He can receive
e-mail from everyone and can send e-mail to some people, like his coworker,
Lynn Tsoflias at lynntsofl@nwtraders.msft, but not to another coworker, Jim
Kim.
Level 1 support “I spoke to Richard. Most of the time when he sends e-mail to other users, the
comments e-mail goes through. However, once in a while he can’t send e-mail.
“He says the delivery problems always seem to happen when he tries to send
e-mail to the same people. He said that he can’t send e-mail to Jim Kim, his
assistant. He said that he tried to reply to a message he received from Jim Kim,
and he tried to send a message to Jim by typing Jim’s name in the To: box. In
both cases, the messages are not being delivered.
“I checked with the migration team. Richard’s user account has been migrated
to the Nwtraders domain. Richard’s mailbox is still on the Exchange 5.5 server.
Jim Kim’s mailbox has been migrated to the Exchange Server 2003 server.
“I confirmed that Richard can send to some other user accounts, like Lynn
Tsoflias, that have been moved to the new server.”
You must resolve the problem so that Richard can send e-mail to Jim Kim.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Lab Virtual PC For this lab, you used the Vancouver and London Virtual PCs. Please undo any
Cleanup changes that were made during your troubleshooting by closing each image.

and undo changes, and thne click OK.
Lab Discussion

environment?
! What is different in your work environment than the test environment?
problems?

Unit 10: Troubleshooting an
Exchange Server 2003 Organization
Contents
Overview 1
Approach to Exchange Server 2003
Troubleshooting 2
Challenge Information – Company
Background 5
Challenge Information – Service Request
Log 6
Challenge Information – Change
Management Log 9
Challenge 11
Workshop Evaluation 13
respective owners.
Unit 10: Troubleshooting an Exchange Server 2003 Organization 1
Overview

In the previous units of this course, you have had the opportunity to learn a
great deal about troubleshooting a Microsoft® Exchange Server 2003
environment and about specific tools and processes for troubleshooting.
In this unit, you will learn about using organizational procedures to assist with
troubleshooting. You will also have the opportunity to test your skills with a
Challenge Lab.
! Identify multiple issues affecting the messaging functionality within an
organization.
! Troubleshoot the following:
• Network connectivity
• Public folders and mailboxes
• Microsoft Outlook® Web Access (OWA) and Outlook Mobile Access
(OMA)
• Client connectivity
• Server connectivity
• Server performance
• Security issues
• Migration from Exchange 5.5 to Exchange 2003
2 Unit 10: Troubleshooting an Exchange Server 2003 Organization
Approach to Exchange Server 2003 Troubleshooting

The troubleshooting process requires an organized approach. If you do not use
some type of organized approach, you may find yourself moving from one
component or configuration setting to another, searching for the problem.
Sample troubleshooting In many cases, the approach you take to troubleshoot a problem with the
questions Exchange Server 2003 environment will be based on several questions that you
ask yourself. These questions include:
Questions What you can learn
What changes have been made Review the configuration management log, which
recently, according to the all companies maintain manually, on a system-by-
configuration management log? system basis, or electronically. The log should
track all changes that have been made to the
environment.
For example: You receive a service request stating
that the user is unable to access e-mail using
Internet Message Access Protocol version 4rev1
(IMAP4) through Microsoft Outlook Express. You
review the configuration management log and see
an entry from earlier that day stating that the
IMAP4 virtual server was secured using a new
certificate and is now able to support Secure
Sockets Layer (SSL) connections. Based on these
two circumstances, you might begin
troubleshooting by checking the user’s Outlook
Express configuration and helping him or her
change it to support IMAP4 with SSL.
Keeping the log updated will have significant
value in your approach to troubleshooting.
(continued)
Is the problem predictable or If the problem is predictable, there are tools to

random? monitor computers running Exchange Server 2003
in your environment and other tools to monitor the
services required by Exchange.
For example, if you know that there are
performance problems, and that they usually
happen at 7:00 A.M. each day, use your
troubleshooting tools to identify the component or
components that are causing the poor
performance.
Intermittent, or random, performance problems are
much more difficult to identify because you will
have to log all of these processes continuously
while waiting for the problem to resurface and
expose itself.
Intermittent problems are often related to defective
hardware. For example, the hardware may run
properly until it overheats or until a drive hits a
certain spot on the disk. Sometimes you can force
these problems to surface by using programs that
stress your server components.
On what day and at which time It is very important to note the day and the time at
did the problem occur? which problems occur. If you are monitoring your
servers, you should be able to review the entries in
the logs (including the event logs) around those
times to see if anything unusual is reported.
If you know the business that you support, you
may be able to do some detective work to figure
out the problem. For example, if you know that
Accounting has weekly closings every Wednesday
at about 6:00 P.M., this will help you identify that
the work they are performing might be the cause
for the performance lapses at that time on the
network.
Could the problem be related to Since Exchange Server 2003 is closely tied to
Microsoft Active Directory®? Active Directory, it is important to consider if the
problem might be related to Active Directory
issues.
For example, are users complaining that e-mail
address lookups took too long during the two
hours that you had taken down one of the global
catalog servers to repair a hard drive?
It is important to note that Active Directory will
have capacity issues that can be mitigated by
adding new servers to balance the load. Also, there
may be other applications that use Active
Directory information that are causing
performance problems in your Exchange
Server 2003 environment.
(continued)
What should be the priority of Many administrators believe that first in first out
pending service requests? (FIFO) is the proper way to address all service
requests. However, this might not be reasonable if
one problem is impacting a large number of
people. It might make sense to escalate that
problem and complete it first so that more people
can be productive quicker. For example, fixing a
problem with an external DNS Mail Exchanger
(MX) record and restoring incoming Internet
traffic for the entire company might be placed
higher on the priority list of logged support calls
than an individual user’s connectivity issue.
Challenge Information – Company Background

Company background Contoso, Ltd., is an international organization of approximately 20,000 users.
All users and all computers are members of the same domain: contoso.com. The
data for the company is shown below:
Number Exchange mailbox Exchange public Number of Active Directory
City of users servers folder servers domain controllers
Denver 5,000 4 1 5 (3 Global Catalog Servers)

Vancouver 8,000 6 2 7 (3 Global Catalog Servers)
Miami 3,000 4 1 4 (2 Global Catalog Servers)
London 3,800 3 1 4 (3 Global Catalog Servers)
Paris 200 1 1 2 (1 Global Catalog Server)
The Exchange Server 2003 environment has been running without any major
problems for the last two months.
Network configuration Contoso’s business requirements are dependent on its network and its
messaging environment. The company network design reflects this business
need by:
! Connecting all offices to each other using leased T-3 lines.
! Connecting each office to two other offices so that all offices are connected
redundantly.
! Connecting each physical location using routing group connectors.
! Providing each office with a T-1 connection to the Internet.
! Configuring each office to send outbound Internet e-mail.
! Receiving inbound Internet e-mail in Vancouver and then routing it to the
proper Exchange.
Challenge Information – Service Request Log

Service Request Log Contoso, Ltd. uses three levels of technical support. When a call is made to the
Support Center, all information gathered from the user is entered into the
Service Request Log, as well as all progress and changes to the environment.
As each service request is completed, it is logged and maintained. In the event
that a similar problem presents itself in the future, first-level technical support
personnel can read the log entries and try to fix the problem using the
documented process. The service requests for the last week are listed below:
Problem
User Location description Notes and solution with support personnel initials
Ann Beebe London Unable to connect to ST – Ann is able to connect to Web sites from home,
mailbox using including the company Web server in Vancouver. Ann is not
Outlook Express able to ping any Web sites on the Internet. We tried several
that I know will respond to ping commands.
BD – Talked to Exchange team; there are no problems with
London. They have verified that its Exchange servers are all
working correctly. Ann appears to have full Internet
connectivity but she can’t connect to our Exchange server.
SR – Ann states that when she tries to ping any Internet
address, it does not even resolve the IP address. This sounds
like a DNS issue. Helped Ann create a host file to resolve the
front-end server for IMAP connections and now she can
connect. It appears that Anne has a proxy server configured
for her Web browsing through her ISP; that is why she can
get to Web sites but is not able to ping.
(continued)
Problem
Bryan London Unable to receive BK – Checked to make sure that Bryan’s mailbox is not full.
Baker Internet e-mail He has been able to receive Internet e-mail in the past.
Checked the Change Configuration log; there have not been
any changes in the last two days that would impact Internet
e-mail. Escalating to the network support group.
JJ – The router for the T-1 and T-3 lines was down. The
power circuit overloaded. It should now be fixed. Returning
to Help Desk.
BK – Checked with Bryan—all is OK. Closing request.
Michael Miami Unable to connect to RF – Checked the Outlook Express configuration; everything
Allen Exchange from seems to be configured correctly. Michael is able to ping the
home office firewall and the Exchange server by name and IP.
SR – Walked Michael through using Telnet on port 143 to
test IMAP4 connectivity. Michael is unable to connect to
port 143. Escalating to the network support group.
JJ – After talking to Michael, found that he has a personal
firewall that was configured to block 143. Problem is
resolved. Closing request.
Mike Tiano Miami Unable to connect RF – Mike was using the wrong OWA address for internal
internally using use. Gave him the correct URL and he is able to connect and
Outlook Web run OWA. Request closed.
Access (OWA)
Guy Gilbert Denver Reports poor KR – Verified that the Exchange server in Denver is up and
performance with running. Guy is able to connect to it, but it is slow when he
Outlook while in tries to open e-mail, especially attachments. Referring to the
Paris office network support group.
JJ – The network is not a factor in this issue. None of the
links between Denver and Paris are saturated; all have plenty
of bandwidth available.
KR – Tried to open Guy’s mailbox from here in Paris; can
see that the performance is poor. It does not appear to be his
computer. Forwarding to Exchange team.
SR – Ran system monitor on the Denver server; its hard
drives are running almost constantly. Checked with Denver
operations. They know it is slow; it is currently running its
backup. This is an off-peak time in Denver, even though it is
early morning in Paris. Referred back to Help Desk to
contact Guy.
KR – Explained issue to Guy. He is not happy as he will be
in Paris for next three to four months working on a project.
He has asked that this be escalated to IT management for
resolution since his work is severely slowed. Called SR in
Exchange team and explained that Guy needs some
resolution to the problem, as he will be in Paris for a long-
term project. SR will move his mailbox to Paris.
(continued)
Problem
Mike Tiano Miami Unable to connect RF – Again, Mike was using the wrong OWA address. He
externally using bookmarked the address for internal use and tried to use it
OWA for external use. Helped him configure a new shortcut for
external use and he is able to connect now. Request closed.
Frank Lee Vancouver Unable to open FP – The Exchange server is up. Frank is able to ping his
mailbox using Exchange server. Checked Frank’s Outlook configuration
Outlook 2003 and it is correct. Escalating to the network support group.
JJ – There are no problems with the network connection
between Frank and his Exchange server. Referring to
Exchange team.
SR – Frank’s storage group was offline for some unknown
reason. Brought his storage group back online. Called Frank
and made sure he was able to access his mailbox. He is up
and running again. Closing service request.
Challenge Information – Change Management Log

Change Management As each Exchange administrator makes changes to the environment, the
Log information is logged in a local Change Management Log. All of the Contoso,
Ltd., Exchange administrators work in Vancouver. In the event of a messaging
problem, the Exchange team consults the log and verifies that the changes made
are not the cause of the current problem. Only second-level support and third-
level support members on the Exchange team are authorized to make changes to
the Exchange Server 2003 environment. The change management log for last
week is listed below:
Date Administrator Change(s) made
Last week SR Changed the global settings to enable Outlook

Mobile Access on ExchParis1, ExchDenver1,
ExchLondon1, ExchVancouver1, and ExchMiami1.
Enabled all check boxes for Exchange ActiveSync®.
Last week SR Updated the DNS settings on Miami Exchange
servers to use the same DNS server, DC2, for their
DNS.
Last week SR Shut down and removed ExchParis3. Redeployed
the server for Remote Installation Services (RIS) for
the Paris location; new name is RISParis1.
Two days SV Finished moving the mailboxes on the old
ago Exch55Denver Exchange 5.5 server to their new
locations on the other Exchange servers in the
environment. Removed the Active Directory
Connector (ADC) and removed all Site Replication
Service (SRS) instances.
Two days SV Renewed the certificate used for OWA access in
ago London.
(continued)
Date Administrator Change(s) made
Yesterday SR Added another storage group to ExchLondon3 for

VIPs. Configured the backup software to do brick-
level backups of the new storage group mailbox
stores.
Today SR Moved mailboxes from ExchLondon3 to
ExchLondon1 and ExchLondon2. ExchLondon3
appears to have a corrupt mailbox store. Once all
mailboxes were moved, deleted the store and
created a new mailbox store. Have not moved
mailboxes back yet; will wait a week to make sure
that ExchLondon3 is stable.
Today SV Upgraded the antivirus software on all Denver
Exchange servers. It is now currently running and
appears to be working.
Challenge

Overview Review the information included in the above Challenge Information pages to
become familiar with the company and its current history associated with the
Exchange Server 2003 environment. As a class, prepare any questions that you
may have for your instructor. Be prepared to ask your instructor about any
particular settings and what they would look like, and also be prepared to
explain what you hope to find and how you think it will help your class
troubleshoot the scenario. Your instructor will be able to tell you the results of
your query or test if you can properly explain how you would search for the
setting and how you would test functionality of a service or process.
Your job is to resolve the problems presented in the following scenarios.
After completing this challenge, you will be able to identify multiple issues
affecting the messaging functionality within an organization.
Estimated time to complete this challenge: 60 minutes
Scenario 1 David Campbell has placed a service request. He states that he is unable to
access his e-mail. The Help Desk documentation states that David is based in
Denver and has just received a new laptop. He logged into the laptop and tried
to start Outlook 2003. During the setup wizard, he entered ExchDenver1 for his
Exchange server and DCampbell for his user name. It resolved properly for
him. However, when he tried to take the next step by clicking Next, Outlook
2003 froze for several minutes. David was then able to click Finish and
complete his Outlook profile. His computer again froze for several minutes.
Scenario 2 Ben Smith has called in a service request. Ben states that he is unable to access
his Exchange mailbox this morning. He states that he has never had any
problems before; however, when he brought in his laptop this morning and
plugged it in, he was unable to open his e-mail. Ben is a vice president, so this
has been escalated directly to the Exchange team.
Scenario 3 Janet Sheperdigian has called in a service request. She just had a security team
member audit her work environment at home and he said that he was able to
capture all her e-mail to and from members in the company as well as all her
e-mail to and from the Internet. Janet is based in Vancouver and company
policy says that all international offices must have remote e-mail secured so that
all messaging traffic between remote e-mail users and the company network is
encrypted. Because this is such a high-level security issue, it has been escalated
directly to the Exchange team.
Scenario 4 H. Brian Valentine has called in a service request. He states that he is unable to
access his e-mail using OWA. He is based in London. He says that he was able
to access OWA last week, but today he is no longer able to access it.
Scenario 5 Jeff Hay has called in a service request. He states that he is unable to send
encrypted e-mail to one of the company business partners, Tai Yee. He says that
when he tries to send encrypted e-mail, his Outlook 2003 client indicates that
Outlook has problems encrypting the message because of missing or invalid
certificates. Jeff states that he has a valid certificate and uses it all the time.
Scenario 6 Scott Bishop has entered a service request. He states that his Outlook 2003
client is extremely slow. Every time he clicks on a message, it takes about
15–20 seconds before it will open up. Scott is based in London.
Workshop Evaluation

Your evaluation of this workshop will help Microsoft understand the quality of
your learning experience.
To complete a workshop evaluation, go to http://www.CourseSurvey.com.
Microsoft will keep your evaluation strictly confidential and will use your
responses to improve your future learning experience.
Appendix A: Lab Guidance
Contents
Unit 2: Troubleshooting Network
Connectivity 2
Unit 3: Troubleshooting Public Folders and
Mailboxes 4
Unit 4: Troubleshooting Outlook Web
Access and Outlook Mobile Access 6
Connectivity 10
Performance 12
Unit 9: Troubleshooting the Migration to
Exchange 2003 16
Unit 10: Troubleshooting an Exchange
Server 2003 Organization 18
respective owners.
Appendix A: Lab Guidance 1
Introduction
This document is intended to assist you with the troubleshooting labs in
Workshop 2011A, Troubleshooting Microsoft® Exchange Server 2003. You
should use this document to obtain additional guidance and direction during the
troubleshooting process. Although there are potentially several approaches to
the resolution of the problems presented in the labs, this document describes
only one possible method to identify and resolve each problem. This method is
provided in the section corresponding to each workshop unit and lesson.

Lab: Exploring the Troubleshooting Environment
Exercise 1: There are five goals in this exercise:
Troubleshooting a
Mapped Network Drive 1. Become familiar with the purpose of flow charts in this workshop.
2. Prepare yourself mentally for troubleshooting in general.
3. Resolve the problem identified in the scenario by using the flow chart.
4. Become comfortable documenting problems and solutions.
5. Become comfortable with post-lab discussions.
The problem that you are troubleshooting in this lab is intentionally simple in
order to help you learn how to use the flow chart, and was chosen because most
Microsoft Windows® administrators have a great deal of experience with
mapping network drives and troubleshooting problems with mapped network
drives. You should follow the steps in the flow chart in order to identify the
problem described in the scenario. It is important that you become comfortable
using the flow chart in this exercise, because all subsequent exercises in this
workshop will incorporate flow charts.
Once you identify the problem, you must document your solution. At the end of
each lab in this workshop, you will discuss with the class your approach to
troubleshooting the problem and your findings during troubleshooting.
To resolve the problem in this scenario:
1. Log on to the London Virtual PC and restart the server service on London.
Restart all other failed services that are dependent on the server service.
2. Share the kdrive folder on London.
3. Log on to the Acapulco Virtual PC and map the K drive to \\london\kdrive.
4. Test the connection by opening the test files.
Exercise 2: Configuring In this exercise, you will walk through the process of configuring both logging
Common and monitoring of the various Exchange Server 2003 components. There is no
Troubleshooting goal for this exercise other than to explore these settings. The settings
Components configured in this exercise will be saved for your future use throughout this
workshop.
2 Appendix A: Lab Guidance

Lab: Troubleshooting Connectivity Problems
Exercise 1: In this exercise, Jeff Pike cannot send e-mail to Mindy Martin. Mindy is located
Troubleshooting Internal on the Miami Virtual PC and Jeff is located on London.
User E-Mail Failure
1. Configure Microsoft Outlook® 2003 on Acapulco for Jeff Pike and try
sending e-mail to users with mailboxes on London. Jeff can send and
receive e-mail to and from others on London.
2. Try sending e-mail to Mindy Martin (mindymarti). Mindy has a mailbox on
Miami (as does every user whose name begins with “Mi”). Jeff is unable to
successfully send e-mail to any users on Miami. This can be tested by
accessing Mindy’s mailbox using Outlook Web Access (OWA) on Miami.
3. Check DNS and network routes and the problem should be discovered.
Miami has an incorrect DNS address registered on London’s DNS server.
4. Correct Miami’s DNS A record on London; London users should now be
able to send e-mail to and receive e-mail from Miami users. Miami’s IP
address is 192.168.1.2. You may need to flush the DNS cache on London in
order to force London to recognize the updated IP address in DNS. To flush
the DNS cache, open a command prompt on London and type ipconfig
/flushdns
Exercise 2: In this exercise, Brian Clark is unable to access his e-mail from home using
Troubleshooting when a Outlook Express.
Remote User Is Unable
to Receive E-Mail To resolve the problem in this scenario:
1. Configure an Internet Message Access Protocol version 4rev1 (IMAP4)
mail account in Outlook Express on Acapulco. When prompted to download
folders, you should receive an error that the connection to the server has
failed.
2. Configure Outlook Express or use OWA on Acapulco for another
messaging user on London and try sending e-mail to Brian Clark. Brian’s
mailbox information in Exchange System Manager should increment, but
Brian cannot connect to the server to access the message.
3. Since Brian is using Outlook Express, the next step in the flow chart
includes testing the protocol virtual servers. At this point it should be
discovered that IMAP4 is not running.
4. Start the IMAP4 service and protocol virtual server on London and test e-
mail to and from Brian and another user on London. Brian should now be
able to connect to the server using IMAP4 and send and receive e-mail.
Exercise 3: In this exercise, Brenda Diaz cannot receive or send Internet e-mail. You must
Troubleshooting when a configure a messaging client on the Vancouver Virtual PC to send and receive
Company is Not e-mail from London. Because Vancouver is in Contoso.msft and London is in
Receiving Internet NWTraders.msft, you can use Vancouver to simulate an Internet host.
E-Mail
1. Configure Outlook 2003 on Acapulco for Brenda Diaz and try sending
e-mail to users with mailboxes on London. This should be successful.
2. Use Outlook 2003 on Acapulco and try sending e-mail to users with
mailboxes on Vancouver using their @contoso.msft addresses. The e-mail
should not be delivered.
3. Use Outlook 2000 on Vancouver and try sending e-mail to users with
mailboxes on London using their @nwtraders.msft e-mail addresses. The
e-mail should not be delivered.
4. Testing for Simple Mail Transfer Protocol (SMTP) Deny should not
uncover a problem.
5. Testing for mail exchanger (MX) records should reveal that there are no
MX records for the nwtraders.msft domain or the contoso.msft domain.
6. Edit the existing (same as parent folder) A record for NWTraders.msft to
192.168.1.1. If there is no “same as parent folder” entry, create one using
192.168.1.1. Add an MX record for NWTraders pointing to
london.nwtraders.msft. E-mail should now send properly from Contoso to
NWTraders (Contoso uses London for DNS).
7. Add an A record for Contoso.msft for 192.168.1.3. and then add an MX
record for Vancouver.contoso.msft. E-mail should now send properly from
NWTraders to Contoso. It may take a few minutes for messages to flow
correctly in both directions after DNS is repaired.

Lab: Troubleshooting Public Folder and Mailbox
Problems
Exercise 1: In this exercise, Bryan Walton cannot send or receive any e-mail to or from
Troubleshooting internal or external users.
Solutions When a User
Cannot Send Internal To resolve the problem in this scenario:
E-Mail
1. Attempt to open the mailbox by using OWA from London. You should
receive “The page cannot be found” error message.
2. In Exchange System Manager, verify that Bryan Walton is in the global
address list (GAL). He is in the GAL.
3. Check Bryan’s e-mail addresses on his Microsoft Active Directory® object.
His e-mail addresses are missing and the Recipient Update Service update
box is unchecked. Check the box.
4. Browse to the Default Recipient Policy in Exchange System Manager and
apply the policy.
5. Force an immediate update of the Recipient Update Service.
6. In Active Directory Users and Computers, verify that the correct e-mail
addresses are now listed.
7. To verify that the problem is solved, open Bryan’s mailbox using OWA and
verify that he can send and receive e-mail to and from
nwtraders\administrator and contoso\administrator.
Exercise 2: In this exercise, Andy Teal cannot receive e-mail from the Internet. You must
Troubleshooting use Vancouver to simulate an Internet host.
Cannot Receive Internet To resolve the problem in this scenario:
E-Mail
1. From Vancouver, open the Administrator mailbox using Outlook and send
an e-mail to andyteal@nwtraders.msft. You should receive a non-delivery
report (NDR).
2. On London, look at Andy Teal’s properties in Active Directory Users and
Computers. He has a false e-mail address.
3. Change Andy’s SMTP e-mail address in Active Directory Users and
Computers to andyteal@nwtraders.msft and then check the Policy Update
box.
4. Open the Exchange System Manager on London, browse to the Default
Recipient Policy, and apply the policy.
5. Force an immediate update of the Recipient Update Service.
6. Send another e-mail to andyteal@nwtraders.msft from Contoso\Admin. It
should be delivered correctly.
Exercise 3: In this exercise, Ben Smith cannot post to a public folder.

Troubleshooting
Solutions When a User To resolve the problem in this scenario:
Cannot Post to a Public
Folder 1. Open Ben Smith’s mailbox using OWA.
2. Open Public Folders and open SalesReports. Ben is able to open the folder
but receives an error when attempting to post.
3. Check permissions on SalesReports. Only the SalesGroup and London
Admin have permissions.
4. In Active Directory Users and Computers, check membership of
SalesGroup. Notice that Ben is not a member of the group.
5. Add Ben to the membership of SalesGroup and attempt to post to
SalesReports from Ben’s account by using OWA. Ben should be able to
post to the public folder. (You may need to close OWA and log on again as
Ben. If you add Ben Smith to the SalesGroup, you still may not be able to
post to the public folder because the Exchange server has cached the
directory service lookup. If you restart the Exchange System Attendant, the
server cache will clear and you will be able to post to the folder using Ben’s
account.)
Unit 4: Troubleshooting Outlook Web Access and

Outlook Mobile Access
Lab: Troubleshooting Outlook Web Access and Outlook
Mobile Access Problems
Exercise 1: In this exercise, Amy Rusko is unable to access her mailbox by using Outlook
Troubleshooting Web Access.
Cannot Access Outlook To resolve the problem in this scenario:
Web Access
1. Log on to OWA as Amy Rusko from Miami or from your host computer.
You should get an error.
2. Try to connect using https://miami/exchange. You should get a “Page
cannot be displayed” error.
3. Try to connect to the back-end server (http://london/exchange). You should
get an error indicating that you need to use https://.
4. If you try to connect to https://london/exchange, you will be able to connect
as Amy. This means that the virtual server on London is configured to
require Secure Sockets Layer (SSL).
5. On London, open Internet Information Services (IIS) Manager, browse to
the Exchange virtual directory, and access the properties.
6. On the Directory Security tab, under Secure Communications, click Edit
and clear the check box to require SSL.
7. Attempt to connect to Amy’s mailbox by using OWA against the Miami
front-end server. You should be successful.
Exercise 2: In this exercise, Raman Iyer (nwtraders\ramaniyer) cannot access his mailbox
Troubleshooting using Outlook Mobile Access (OMA).
Cannot Access Outlook To resolve the problem in this scenario:
Mobile Access
1. Try to connect to Raman Iyer’s OMA mailbox using http://miami/oma. You
should receive an HTTP 404 error.
2. Attempt to ping Miami by IP address and host name. Both should work.
3. Try connecting to OMA on the back-end server, London. OMA should not
work on the back-end server. You should receive an error that your user
account has not been enabled for wireless access.
4. In Exchange System Manager, select Mobile Services global settings and
then enable OMA and unsupported devices.
5. On Miami, try connecting to OMA on the back-end server, London, by
using the URL http://london/oma and Raman’s credentials. OMA should
now work on the back-end server.
6. Try connecting to OMA on Miami, the front-end server, by using the URL
http://miami/oma. This still won’t work – you should receive another HTTP
404 error.
7. Check OMA configuration on the front-end server by viewing the Web
Service Extensions in IIS Manager. You will notice that Asp.net is
prohibited on the front-end server.
8. Allow asp.net.
9. Verify that you can now connect to http://miami/oma as
nwtraders\ramaniyer.
Exercise 3: In this exercise, Hanying Feng cannot access his mailbox using OWA.
Troubleshooting
Solutions When a User To resolve the problem in this scenario:
Cannot Log On to
Outlook Web Access 1. On Miami, attempt to connect to Hanying Feng’s mailbox by using OWA
against the front-end server (http://miami/exchange). You should get an
error.
2. On Miami, attempt to ping London by IP address and host name. Neither
works.
3. From Miami, try connecting to OWA on the back-end server, London. In
this case, OWA should not work on the back-end server.
4. Check the security configuration – Internet Protocol Security (IPSec) policy
is configured on London but not on Miami. To access IPSec policy
information on London, open the Default Domain Controller Security
Settings console. To access this information on Miami, open the Local
Security Policy console.
5. Export the policy configuration on London to a location that you can access
from Miami, such as a shared folder on the host computer.
6. On Miami, import the security policy to ensure that Miami has the same
settings as the London policy. This policy includes the need to require
security for all IP traffic, the need to use a pre-shared key P@ssw0rd, and
the need to configure a filter action set to Require Security. Modify the
imported Exchange policy to use a destination address of 192.168.1.1
instead of 192.168.1.2. Apply and then assign the policy.
7. Open Microsoft Internet Explorer on Miami and connect to
http://miami/exchange. Log on as nwtraders\hanyingfeng. If you cannot log
on to OWA on Miami, connect to http://london/exchange and log on as
nwtraders\hanyingfeng. This should be successful. Restart Internet Explorer
and connect to http://miami/exchange again; this should be successful.

Lab: Troubleshooting Client Connectivity Problems
Exercise 1: Outlook In Exercise 1: Chris Gray is unable to use Outlook Express to send or receive
Express User Unable to e-mail from an Internet recipient.
Send E-Mail to the
Internet To resolve the problem in this scenario:
1. Log on to Acapulco as nwtraders\chrisgray and configure Outlook Express
for secure SMTP and secure IMAP4. This includes configuring the account
to require authentication for the outgoing mail server.
2. On London, verify that SMTP is running. If it is not running, start SMTP
service.
3. On London, verify that SMTP virtual server is configured to use SSL. It
should not.
4. Create a new IP address for London’s local area network (LAN) connection,
and then create another SMTP virtual server for SSL that uses the new IP
address. You can create additional IP addresses depending upon the student
configuration used; use any 192.169.1.x address not already in use in the
class. One SMTP virtual server with SSL is needed for client-to-server
communication and another SMTP virtual server (without SSL) is needed
for server-to-Internet communication. Install a new certificate on London to
be used by the new virtual server for SSL communications. Start the new
SMTP virtual server if it does not start automatically.
5. From Acapulco, attempt to ping London to verify DNS resolution and that
the route exists between the client and the server. This should be successful.
6. Verify that Chris Gray has the proper protocol permissions for the user
account.
7. Verify that the IMAP4 virtual server is running. It should not be running, so
start the IMAP4 virtual server.
8. Verify that the IMAP4 virtual server is configured to require SSL. It should
not be configured to require SSL. Configure the IMAP4 virtual server to use
SSL.
9. Verify that Chris can now send and receive messages to and from Internet
recipients by sending e-mail to a mail user on Vancouver using an
@contoso.msft e-mail address. The message should be delivered, as should
a reply to Chris.
Exercise 2: Outlook In this exercise, Alex Hankin is receiving a “The connection to the server has
Express User Unable to failed” error message.
Connect to Exchange
Server 2003 Server To resolve the problem in this scenario:
1. Log on to Acapulco as nwtraders\alexhanki and configure Outlook Express
for secure SMTP and secure IMAP4. This includes configuring the account
to require authentication for the outgoing mail server.
2. Verify that SMTP is running.
3. Attempt to ping London by using the host name. Note that the address
resolved is incorrect and London should not respond.
4. Using the DNS administrator, correct the IP address of London. London’s
correct IP address is 192.168.1.1.
5. Verify that Alex Hankin has the proper protocol permissions for the user
account.
6. Verify that the IMAP4 virtual server is running. It should not be running.
Start the IMAP4 virtual server.
7. Verify that Alex can access his mailbox by using Outlook Express. Send a
test message to another user and then use OWA or Outlook Express to
verify receipt of the e-mail. You may need to use ipconfig/flushdns on
Acapulco to flush the previously cached, incorrect London IP address.
Exercise 3: New Outlook In this exercise, Gary Schare is unable to open his mailbox using Outlook 2003.
User Unable to Open His
Mailbox To resolve the problem in this scenario:
1. Log on to Acapulco as nwtraders\garyschar and configure Outlook 2003. It
can take as long as 20 minutes to log on, and then Outlook 2003 may appear
to hang during configuration.
2. Verify that IP configuration on the client is correct.
resolved is incorrect and London should not respond.
4. Using the DNS administrator, verify that the IP address for London is
correct. The correct address is 192.168.1.1.
resolved is still incorrect and London should not respond.
6. Check the hosts and lmhosts files located in the
C:\Windows\system32\drivers\etc folder on Acapulco. Note that the hosts
file reflects an incorrect address for London. Correct the address in the hosts
file. You should either log on to Acapulco as nwtraders\administrator or use
London to access the C$ share in order to modify the file.
7. Verify that Gary Schare can now open his Outlook 2003 mailbox and that
he can send mail to another user on London. Use OWA or Outlook Express
to verify receipt of the e-mail.

Lab: Troubleshooting Server Connectivity Problems
Before starting this lab, you must create a new routing group and move Miami
into the routing group using the procedure described at the beginning of the lab.
Exercise 1: In this exercise, Annette Hill (annettehill) is unable to send messages from her
Troubleshooting mailbox on London to Michael Allen on the Miami server.
Solutions When Users
Cannot Send Messages To resolve the problem in this scenario:
between Routing
Groups 1. From the London server, connect to Annette Hill’s mailbox on London by
using OWA.
2. From the Miami server, connect to Michael Allen’s mailbox on Miami by
using OWA.
3. Attempt to send a message from Annette to Michael. Verify that no message
is received by Michael.
4. Message tracking was enabled in Unit 1. If you have not already enabled
message tracking, enable it now and then resend a message from Annette to
Michael.
5. In Exchange System Manager, track the message in the Message Tracking
Center. Notice that the message is “routed and queued for remote delivery.”
The server location should indicate that the message is still on London,
which is the bridgehead server.
6. Attempt to Telnet to Miami on port 25. Telnet should be successful.
7. Check the queues on London—one of the SMTP queues should have the
message stuck in it. This means that the queue is backed up.
8. Check routing group connector configuration. Notice that no routing group
connector exists, so you need to create one in each direction.
9. Confirm that you can now send messages from Annette’s account to
Michael.
Exercise 2: In this exercise, Gustavo Camargo (gustavocamar) is unable to send messages

Troubleshooting to an Internet recipient. You must use Vancouver to simulate an Internet host.
Cannot Send Messages To resolve the problem in this scenario:
to the Internet
1. Connect to Gustavo Camargo’s mailbox on London by using OWA and his
nwtraders\gustavocamar Active Directory account.
2. Try sending e-mail from Gustavo to administrator@contoso.msft Use
Outlook 2000 on Vancouver to verify that the message is not delivered.
3. London is both the sender’s mailbox server and the bridgehead server, so
you know that messages are being delivered to the bridgehead server.
4. Attempt to Telnet to Vancouver using port 25. Telnet should be successful.
5. Check SMTP virtual server configuration. Notice that in the Advanced
Delivery settings of the Delivery tab an invalid external DNS address is
configured for the SMTP virtual server.
6. Delete the invalid DNS address and then restart the SMTP virtual server.
7. Confirm that you can now send messages from Gustavo to the Contoso
Administrator.
Exercise 3: In this exercise, Angela Barbariol (angelabarba) is unable to receive messages

Troubleshooting sent from Internet users to the SalesRequests distribution group. You must use
Solutions When Users Vancouver to simulate an Internet host.
Cannot Receive
Messages from the To resolve the problem in this scenario:
Internet
1. Connect to Angela Barbariol’s mailbox on London by using OWA.
2. On Vancouver, open the Administrator’s mailbox by using Outlook 2000
and send a message to the distribution group salesrequests@nwtraders.msft.
Notice that the message is not delivered to Angela’s mailbox; you should
receive an NDR in the Administrator’s mailbox.
3. View SalesRequests’ Active Directory properties and confirm the e-mail
addresses and group membership. The e-mail addresses and membership
should look correct.
4. From Vancouver, attempt to ping London’s IP address and host name.
London should respond to ping.
5. From Vancouver, verify that nslookup indicates an MX record for London
when querying for nwtraders.msft. The MX record should appear to be
configured correctly.
6. From Vancouver, attempt to open a Telnet session to London on port 25.
Telnet should be successful.
7. From London, check the SMTP virtual server properties and the SMTP
Connector properties. The properties should appear to be configured
correctly.
8. On London, check Global Settings. Note that the Recipient filtering tab in
the Message Delivery properties indicates that
salesrequests@nwtraders.msft is a blocked recipient.
9. Remove the distribution group from the recipient list and then restart the
SMTP virtual server on London.
10. Confirm that you can send e-mail to salesrequests@nwtraders.msft from
Vancouver and that Angela receives the message.

Lab: Troubleshooting Server Performance
Exercise 1: Address In this exercise, Paul West reports that address resolution and address lookups
Resolution and Address are very slow using Outlook 2003.
Lookups Are Very Slow
1. Configure the Performance console to monitor London using counters
described in this unit’s text for the processor, memory, physical disk, and
network interface. Start the monitor. Notice the high CPU utilization.
London should be consistently 100% utilized.
2. Check for scheduled applications or services running at inappropriate times.
The strCPU service is running, but it is not set to automatic. You should
note that strCPU is not a service used by the operating system or Exchange.
3. Check the Task Manager. The executable manythreads.exe is consuming
most of the CPU resources. You should note that manythreads.exe is not
part of the operating system or used by Exchange.
4. Stop the strcCPU service or end the manythreads.exe process.
5. Verify that London has returned to normal performance levels by the
Performance console.
Exercise 2: Outlook Is In this exercise, Pete Male is complaining that Outlook is very slow when he
Very Slow When tries to send messages.
Retrieving a Message
from Exchange To resolve the problem in this scenario:
network interface. Start the monitor. Notice the high RAM utilization.
The strRAM service is running, but it is not set to automatic. You should
note that strRAM is not a service used by the operating system or Exchange.
3. Stop the strRAM service.
4. Verify that London has returned to normal performance levels by using the
Performance console.
Exercise 3: Multiple In this exercise, several users, including Max Benson, are experiencing delays
Users are Unable to when trying to open their mailboxes and also when trying to send messages to
Open Their Mailboxes others on the network.
Using Outlook
It is very important that you do not stop the script for this exercise. The
command prompt window will remain open, and it may be 10 minutes or longer
before the script completes. You can minimize the window so that it will not be
in your way while you troubleshoot.
network interface. Start the monitor. Notice the high disk utilization.
There are none.
3. Check for available disk space. The server is running out of disk space.
4. Stop the script. Note that if the script is allowed to run continuously,
London will run out of disk space, causing Exchange services to fail.

Lab: Troubleshooting Exchange Security
When using OWA on London to test messaging functionality, you may
occasionally get a 503 error. In most cases, just refreshing the screen will load
OWA. If this doesn’t work, log on to OWA as Administrator and then log on as
the user.
Exercise 1: In this exercise, Eric Parkinson (ericparki) and Fernando Caro (fernandocaro)
Troubleshooting are unable to send and receive encrypted e-mail.
Cannot Send and To resolve the problem in this scenario:
Receive Encrypted
E-Mail 1. On Acapulco, log on as Eric Parkinson and create an Outlook profile for
Eric. Start Outlook.
2. On London, start Outlook Express and create an IMAP4 account for
Fernando Caro.
3. Send an unsecured message from Fernando to Eric and vice versa. This
should work correctly.
4. Attempt to send an encrypted message from Eric to Fernando. You should
receive an error stating that you cannot send a secure message because you
do not have a certificate.
5. Use the Certificate Authority procedure at the beginning of the lab to
request and install a certificate for Eric.
6. Attempt to send a signed message from Eric to Fernando. The message
should be delivered correctly. In Outlook Express, add Eric to Fernando’s
Contacts list.
7. Attempt to send a signed message from Fernando to Eric. You should
receive an error stating that you cannot send a secure message because you
do not have a certificate.
8. Use the Certificate Authority procedure at the beginning of the lab to
request and install a certificate for Fernando.
9. Attempt to send a signed message from Fernando to Eric. The message
should be delivered correctly. In Outlook, add Fernando to Eric’s Contacts
list.
10. Verify that Eric and Fernando can now exchange secure e-mail by sending
an encrypted and signed message from Eric to Fernando and vice versa. The
messages should be delivered.
Exercise 2: In this exercise, Judy Lew (judylew) is unable to connect to her Exchange
Troubleshooting server using RPC over HTTP.
Cannot Connect to To resolve the problem in this scenario:
Exchange Using RPC
over HTTP 1. On Acapulco, log on as judylew and open Outlook. An Outlook profile for
Judy Lew has already been created. Use the Outlook Connection Status
feature to see that Outlook is connecting to Exchange using TCP/IP.
2. Close Outlook.
3. Use the Lab Toolkit resources for RPC/HTTP to verify that the server is
configured correctly. The server should be configured correctly.
4. Check Judy’s Outlook profile. Notice that the profile is configured to use
NTLM authentication, and to use HTTPS only on slow networks. Modify
the profile to use Basic authentication, and to use HTTPS on fast networks.
5. Open Outlook and use the Outlook Connection Status feature to see that
Outlook is connecting to Exchange by using HTTPS, which verifies
RPC/HTTP.
Exercise 3: In this exercise, Deb Waldal (debwalda) is unable to receive e-mail from the
Troubleshooting Internet.
Cannot Send or Receive To resolve the problem in this scenario:
Internet E-Mail
1. On Vancouver, open the Administrator’s mailbox by using Outlook.
2. On London, open Deb Waldal’s mailbox by using OWA.
3. Send a message from Deb to administrator@contoso.msft and vice versa.
The message to administrator@contoso.msft should be delivered, but the
message to Deb should not be delivered.
4. On Vancouver, the Administrator mailbox should receive an NDR that says
“Unable to deliver message due to a communications failure.” Notice that in
the NDR is an indication that the connection needs Starttls.
5. On London, check the default SMTP virtual server properties. The Access
tab’s Communication properties are set to require SSL. Clear the check box
so that London no longer requires SSL and then restart the SMTP server.
6. Verify that the problem is solved by attempting to send a message from
administrator@contoso.msft to debwalda@nwtraders.msft. The messages
should be delivered.

Lab: Troubleshooting the Migration to Exchange 2003
Exercise 1: In this exercise, Salman Mughal (salmanmugha) is unable to access his
Troubleshooting mailbox.
Cannot Access Their To resolve the problem in this scenario:
Mailboxes
1. On Vancouver, log on as nwtraders\salmanmugha and create an Outlook
profile for Salman Mughal’s mailbox on Vancouver. You should receive an
error saying that the user does not have permission to log on. Log off of
Vancouver.
2. On Vancouver, log on as Contoso\administrator and confirm that the
Exchange services are running.
3. In Exchange Administrator, check the permissions on Salman’s
Exchange 5.5 mailbox. The primary Microsoft Windows NT® account is
contoso\salmanmugha. If the SIDHistory attribute was migrated during the
account migration, Salman should be able to access the mailbox.
4. On London, check Salman’s Active Directory account in NWTraders.msft
to see if the SIDHistory attribute is populated. The attribute is not
populated.
5. On Vancouver, modify Salman’s mailbox properties to use
nwtraders\salmanmugha as the primary NT account. Log off of Vancouver.
6. On Vancouver, log on as nwtraders\salmanmugha and open Outlook. This
should confirm that Salman can access his Exchange 5.5 mailbox using his
Active Directory account.
Note In some cases, you will not be able to access the mailbox until the
Exchange Directory Service updates the permissions on the mailbox.
You can force an immediate update by stopping and restarting the
Directory Service on Vancouver.
Exercise 2: In this exercise, Tawana Nusbaum (tawananusba) and Rebecca Laszlo

Troubleshooting (rebeccalaszl) are not receiving e-mail from the Internet.
Cannot Receive Internet To resolve the problem in this scenario:
E-Mail
1. Use the Telnet commands listed at the beginning of this exercise to confirm
that you cannot send e-mail to tawananusba@contoso.msft. Note that
because Vancouver is no longer considered external to Northwind Traders,
you cannot use Vancouver to verify Internet connectivity.
2. Use the Telnet commands to confirm that you cannot send e-mail to
rebeccalaszl@contoso.msft through London to her mailbox on Vancouver.
3. Check Tawana Nusba’s e-mail addresses in Active Directory Users and
Computers. She should not have a contoso.msft address. Manually add the
contoso.msft address.
4. Attempt to send e-mail to tawananusba@contoso.msft using Telnet
commands. The message should not be delivered.
5. To fix the problem, you must configure Northwind Traders and Contoso to
share the contoso.msft SMTP domain name. These steps are described in the
Lab Toolkit resource “Configuring a Shared SMTP Address Space” and
include creating a recipient policy and configuring an SMTP connector as
described in the following two steps.
6. On London, create a Recipient policy for the contoso.msft domain name.
Ensure that the organization is not authoritative for the domain.
7. On London, configure an SMTP connector with an address space of
Contoso.msft to route messages between the two organizations. Ensure that
the SMTP connector is configured to relay messages for the domain.
8. Attempt to send e-mail to tawananusba@contoso.msft using Telnet
commands against the London server. The message should be delivered
correctly.
9. Attempt to send e-mail to rebeccalaszl@contoso.msft using Telnet
commands against the London server. The message should be delivered
correctly.
10. On London, open Tawana’s mailbox using OWA and confirm that the
e-mail was delivered. Try sending a message to rebeccalazl@contoso.msft.
11. On Vancouver, log on as nwtraders\rebeccalaszl and then open Outlook.
Confirm that Rebecca Laszlo received the e-mail from Tawana and that she
can send to Tawana.
Exercise 3: In this exercise, Richard Carey is unable to send e-mail to his co-worker Jim
Troubleshooting Kim. He can send and receive e-mail to and from other co-workers, including
Solutions When Users his co-worker Lynn Tsoflias.
Cannot Send E-Mail to
Some Recipients To resolve the problem in this scenario:
1. On Vancouver, log on as nwtraders\richardcarey and then open Outlook.
2. Attempt to send e-mail to Lynn Tsoflias. Reply to the e-mail in the Inbox
from Jim Kim. Try to send an e-mail to Jim by typing Jim Kim in the To
box.
3. On London, open Lynn’s mailbox using OWA. Verify that the message is
delivered.
4. On London, open Jim’s mailbox using OWA. Jim should not have received
either message.
5. On Vancouver, log on as contoso\administrator and open Exchange
Administrator. Confirm that both Jim and Lynn are custom recipients and
that they are configured in the same way. Log off of Vancouver.
6. On Vancouver, log on as nwtraders\richardcarey and open Outlook. Check
Richard Carey’s Contacts folder. There should be a contact for Jim that
contains an incorrect e-mail address. Delete the contact for Jim, or modify
the e-mail address.
7. To reply to the message in the Inbox, click Reply, and then search the GAL
for Jim’s account.
8. Attempt to send e-mail to Jim from Richard’s Outlook client. The message
should be delivered correctly.
Unit 10: Troubleshooting an Exchange Server 2003

Organization
There are no hands-on labs for this unit. You will participate as a class in a final
challenge consisting of six scenarios. In each scenario, you will troubleshoot
the virtual environment by asking the trainer questions and explaining what
tasks you would like to perform to try and resolve the scenarios. It is up to you
to request more information and up to your trainer to decide what the response
should be to each of your questions.
Read through all six scenarios before beginning.
Scenario 1: David Campbell is unable to access his e-mail from his new laptop.
The laptop has the lab DNS settings, which have the wrong IP addresses for
production servers. If you try to ping any servers, the trainer will respond that
you received responses, but the IP addresses do not look correct in the return
responses. This happens because the lab has different settings for its
environment that do not map to the production environment. Once you identify
that the DNS settings for TCP/IP are incorrect, David’s Outlook 2003 should
start working, assuming you try it after making the changes.
Scenario 2: Ben Smith is unable to access his mailbox after starting up his
laptop. The problem is that Ben’s laptop cable is loose. He should experience
intermittent connectivity during ping testing and all other student testing. The
trainer should play the part of Ben and often say “No, no response,” and then
say, “Hey, it just worked,” and then, “Nope, it isn’t working again.” This will
be very confusing and frustrating, and it should encourage you to drop back to
the basics and verify that the network cable is plugged in properly. Remember
that Ben is a vice president. He probably should have been bumped ahead of
David Campbell.
Scenario 3: Janet Sheperdigian’s Outlook Express client is not properly
configured to use SSL to protect traffic transmitted between her messaging
client and the Exchange server. Janet is unable to connect to Exchange using
SSL with SMTP because there is only a single SMTP virtual server on the
Exchange server. If you try to reconfigure it, the trainer should respond, “Well,
now the Exchange team is getting flooded with calls about people unable to
send e-mail to the Internet from the Vancouver office.” You must create a new
SMTP virtual server and implement SSL on it. SSL also needs to be
implemented on IMAP4 or POP3, depending on whichever you determine Janet
is using. If you do not ask about IMAP4 or POP3, the trainer should tell you
that the auditor has re-tested and is still able to capture e-mail to Janet.
Scenario 4: H. Brian Valentine is unable to access his e-mail using OWA.
Brian’s statement about being able to use it last week is misleading. The
problem is that Brian is not entering “https” when trying to connect to the OWA
server. If you ask to ping the OWA server, the trainer should respond that the
server gave “Request timed out” messages. Pinging by name should resolve to
the correct IP address. However, there should be no responses from the server.
Pinging by IP should also give a request timed out message. If you ask during
the scenario about firewalls or Internet Security and Administration (ISA)
servers, the trainer should respond that all OWA servers are protected by ISA
servers. By default, ISA does not allow Internet Control Message Protocol
(ICMP) from the Internet to internally published sources.
Scenario 5: Jeff Hay is unable to send encrypted e-mail to Tai Yee. Tai is not a
member of Jeff’s company; Tai is an employee of another company. The
problem is that Tai never sent a digital certificate to Jeff, so Jeff is unable to
send an encrypted message to Tai.
Scenario 6: Scott Bishop is experiencing poor performance when using Outlook
to connect to his mailbox. The problem is that the Exchange server that holds
Scott’s mailbox is overloaded. You may not have noticed that the Change
Management Log states that one of the Exchange servers in London was
shutdown and all mailboxes were moved to other servers. With the additional
load, the Exchange server that Scott is on has become overloaded and is
extremely slow in its responses.
If you have difficulty with these scenarios, feel free to review the flow charts
from the previous units and to ask for help from your classmates. Do not feel
the need to rush. Take time to think for a few minutes.
Instructor Notes for Workshop 2011A:
Troubleshooting Microsoft Exchange
Server 2003
What Is a Workshop?
The workshop is designed as a hands-on learning activity. It addresses a
particular business or technical problem and its solution. As such, a workshop
can be designed to familiarize a beginning audience with the basic
implementation of a new product or an expert audience to optimize their
enterprise network for a robust security infrastructure.
In a workshop, lecture time is kept to a minimum to give students the maximum
opportunity for hands-on, scenario-based labs. The workshop format enables
students to reinforce learning by doing and by problem-solving. Workshop
components include hands-on labs, resources in the Lab Toolkit, slides, and
reference material.
Each unit in a workshop is weighted as follows:
Presentation Lab Review

(introduce) (apply) (synthesize)
10% 75% 15%
These percentages are a guideline. Some variation is expected based on the

content, but students should spend at least 60 percent of each unit concentrating
on the hands-on lab.
2 Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003
Workshop Delivery
The lab is the main focus of the workshop. Each lab presents a problem or
series of problems that students must solve. Use the slides that precede the lab
to orient the student but keep the presentation to a minimum. After you have
taught the workshop a few times, you may identify topics that typically give
students some trouble. If appropriate, present a resource from the Lab Toolkit
before the lab to prepare them for those possible problem areas.
The labs in a workshop are designed to allow students to explore several
options for completing complex tasks. As a result, students may require more
assistance than they do with a prescriptive lab activity. If most of the students
get stuck on a step or procedure, be prepared to pause the lab and demonstrate
the procedure or concept to the entire class. If most of the students are
struggling with the lab, you might find it valuable to perform the steps as a
class, but allow students to continue working on their own if they choose.
Check the students’ progress periodically during the lab. You might find it
useful to establish protocols for students to alert you when they have questions
and when they are finished with the lab. For example, you might create
additional tent cards or adapt existing ones so student can turn to the “need
help” side or the “lab complete” side. You can also give each student different
colored notes to signal that they need help or that they have completed the lab.
Some students may leave the room after they finish the lab while other students
are still working. Therefore, identify a time to reconvene in the room so you can
decide if you need to extend the lab period or move on to the next unit.
After the lab, there is usually a designated time to discuss the results of the lab.
Answer the questions that were posed during the lab. When there are several
ways to complete the lab, ask the students which method they used and why. Be
prepared to discuss the advantages and disadvantages of each decision, both
from a technical and business perspective. If the students do not demonstrate
mastery of the important concepts, review the relevant resources in the Lab
Toolkit until you are satisfied that they understand.
Instructor Notes for Workshop 2011A: Troubleshooting Microsoft Exchange Server 2003 3
Delivery Strategies
One of the biggest challenges with a workshop is that attending students may
have a wide range of skills and learning styles. It is very likely that some
students will complete the labs in minimal time while other students may
struggle with basic concepts and may never actually finish a lab. Some students
will be uncomfortable with labs that do not tell them how to do every step.
This section gives you some suggestions for dealing with various classroom
situations. If you have other techniques and successes, please share them with
other trainers on the Microsoft® Certified Trainer (MCT) forums at
Microsoft.private.mct.trainer.preparation. You can find instructions on how to
access the forums on the MCT private Web site.
Screening student The introductory lab in Unit 1 has several purposes. The obvious objective is to
ability familiarize the students with the Lab Toolkit and the resources in the Lab
Toolkit. Other objectives helping students get into the troubleshooting frame of
mind and to establish a workshop atmosphere where students feel free to
communicate openly with their peers and the instructor. This unit also gives
you a chance to screen the students. If students cannot complete the minimal lab
instruction they are given in Unit 1 on their own, they may have a difficult time
succeeding in the workshop format.
Dealing with advanced In an average class, some students will probably finish the lab long before
students others. Some students will need to use every resource in the Lab Toolkit while
others may only need one or two. You might suggest that the most advanced
students try to complete the lab by just looking at the service request and only
referring to the lab instructions if they get stuck.
In some workshops, there will be additional challenge material and “if time
permits” activities to accommodate students who finish faster. Most workshops
will include additional reading on the Student Materials compact disc that
contains information that is beneficial but too detailed to be placed in the Lab
Toolkit. For students who finish early, suggest that they explore the additional
reading because they will probably be too busy after they return to the office.
Guiding students If most of the students do not meet the prerequisites, they may have a difficult
through the lab time with labs that assume a lot of prior knowledge and do not provide detailed
steps. In this situation, guide them through the entire lab rather than presenting
the introductory slides and having them complete the labs at their own pace.
Read the service request as a group and note the technical issues that may come
up during troubleshooting. Then, discuss strategies to resolve the problem.
Instead of waiting to answer the lab questions at the end of the lab, answer each
question as you complete the steps.
When there are multiple ways of completing a task, you may need to guide the
students to pick the optimal solution. In cases where there is no single best way,
you might decide to split the class into two groups and have half do it one way
and half the other way. If conducting the workshop this way takes too much
time, you may need to incorporate the introductory slides into the lab. For
example, rather than lecture about DNS stub zones before students start the lab,
wait until the group reaches that step and then discuss it just before they work
on that task.
Adapting to different If only some of the students meet the prerequisites, you may have a difficult
skill levels time balancing the needs of all students. You can have more experienced
students sit next to less experienced students and give the more experienced
students a brief tutorial on how to be a good mentor. For example, you can
advise them to:
! Guide their partners, but not do the work for them.
! Let their partners make mistakes because they will learn more.
! Try to summarize the material from the resources in the Lab Toolkit for
their partners without divulging the answers to the questions.
If pairing students with mentors is impractical because of ratios or personalities,

you can group the remedial students together and guide them through the labs
as a group, as described previously. Allow the advanced students to perform the
labs at their own pace and to participate in the remedial discussions as they like.
Adapting to different Some learners enjoy the challenge of starting an activity and learning about it as
learning styles they go. Other learners may be reluctant to begin without knowing all the
necessary information. These learners may be uncomfortable with the basic
workshop format. You can adapt the format to their learning style by suggesting
that they read and perform all the resources in the Lab Toolkit before they begin
the lab. These students may not be able to finish every lab step, but they may
feel that they have acquired the knowledge they need to do the steps in the
future.
About This Workshop

This section provides you with a brief description of the workshop, audience,
suggested prerequisites, objectives, and strategies for delivering this workshop.
Description This workshop is designed as a 300 level, three-day, instructor-led workshop.
This workshop is targeted at current Exchange administrators with one or more
years of messaging and network experience. The workshop will focus
exclusively on the troubleshooting skills and objectives that align with Exam
70-284: Implementing and Managing Microsoft Exchange Server 2003. The
labs are a series of problem-centered scenarios that required students to use
troubleshooting flow charts to identify and resolve problems.
Audience This workshop is targeted to the Systems Engineer already skilled in Microsoft
Exchange Server 2003 support tasks. Students should have a 300 skill level as
an Exchange administrator and have one or more years of messaging and
network experience supporting Exchange Server. The workshop format is also
intended for students who learn best by doing.
Student prerequisites This workshop requires that students meet the following prerequisites:
! Complete Course 2400, Implementing and Managing Exchange
Server 2003.
 or 
! Complete Course 2009, Upgrading Your Skills from Exchange Server 5.5 to
Exchange Server.
Workshop objectives After completing this workshop, the student will be able to:
! Apply knowledge of a troubleshooting methodology to identify and resolve
a problem.
! Identify and resolve network connectivity problems and problems arising
from host resolution protocols.
! Identify and resolve problems with public folders and mailboxes.
Identify and resolve front-end server and back-end server issues that cause
problems with Microsoft Outlook® Web Access (OWA).
! Identify and resolve problems with Internet protocol virtual servers such as
SMTP, IMAP, and POP.
! Identify and resolve connectivity problems between servers running
Exchange Server 2003, between Exchange Server 2003 and other messaging
systems, and problems with relay configurations.
! Identify and resolve problems with bandwidth, services, database
corruption, service failures, disk space, and other server performance
problems.
! Identify and resolve encryption and digital signature issues and problems
caused by viruses.
! Identify and resolve problems related to migrating from Exchange Server

5.5 to Exchange Server 2003.
! Apply knowledge of troubleshooting methodology to create a
troubleshooting strategy and identify the appropriate tools, processes, and
procedures for each step of the strategy.
Required materials To teach this workshop, you need the following materials:
! Student Workbook
! Trainer Materials compact disc
Preparation tasks To prepare for this workshop, you must:

! Complete the Workshop Preparation Checklist that is included with the
trainer materials.
Workshop design The overall strategy for this workshop combines the lab-centric requirement of
workshops with a problem-based learning methodology. Labs will provide
hands-on learning activities guided by scenarios that are relevant to the
Exchange administrator job role. During these labs, students can access a
variety of support resources (such as procedures, annotated screen shots, and
links to Exchange Server 2003 Help documentation) to help them complete the
lab exercises.
The topics that precede the lab will provide information designed to help
prepare students succeed in the lab. A common approach for the design and
selection of these topics is that the key to troubleshooting is understanding how
things should work. As a result, the preparation topics will focus on the process
of how a particular Exchange component or messaging functionality works.
Lab scenarios
The workshop-wide scenario will imitate a fictitious help-desk organization that
has just hired the student (who is currently an experienced Exchange
administrator) to perform Tier-3 help-desk support tasks in a Windows
Server 2003- and Exchange Server 2003-based environment. This approach will
provide the context for the workshop to present troubleshooting scenarios. The
online toolkit resources will be used to implement the workshop-wide scenario
in each learning unit.
To implement a problem-based learning methodology for this workshop, a
service request will provide the information (such as symptoms, configuration
information, and so on) necessary for the student to troubleshoot the problem.
In each lab, students will use the information in the service request and a
troubleshooting flow chart printed in the workshop manual to diagnose and,
whenever possible, fix the problem. Toolkit resources will be mapped and
associated to the relevant step in the troubleshooting flow chart and will provide
students with “just-in-time” help during that specific point in the
troubleshooting process.
Important Because service request information is often misleading or incorrect

in real-world scenarios, there are some places where misleading or incorrect
information is provided to the student.
Pre-lab activity
In the first part of each lab, the instructor reviews the first service request with
students and asks students their approach to identifying the problem. The
instructor should note students’ recommendations on the whiteboard. Then the
students perform the lab. After the lab is complete, the instructor can use the
information generated from the pre-lab activity and the lab results to facilitate
the discussion during the lab review.
Lab reviews
Each lab will be followed by review of the lab exercises, which is facilitated by
the instructor. The instructor can use Appendix A, “Lab Guidance,” to guide
students through the “correct” path through the troubleshooting flow chart.
The lab review should:
! Identify what each step in the flow chart accomplishes during the process
! Generate an understanding for the flow of troubleshooting steps
! Discuss the tools used during the lab
! Compare the pre-lab recommendations with the actual lab to generate
recommendations and student-generated best practices
During this review, the instructor should elicit feedback from students and
generate discussion about the students’ experience during the lab (such as what
they did right and what they did wrong).
The lab review can also contain links or references to additional information
(such as Knowledge Base articles, white papers, Exchange help docs, and so
on) that pertain to the unit objective.
Workshop Timing
The following schedule is an estimate of the workshop timing. Your timing
may vary. Every student may not finish every lab. Use your judgment to set a
reasonable time to move on to the next unit.
Day 1
Start End Unit
9:00 9:30 Introduction
9:30 9:45 Unit 1: Introduction to Troubleshooting Exchange Server 2003
9:45 10:45 Lab: Exploring the Troubleshooting Environment
10:45 11:00 Break
11:00 11:15 Unit 2: Troubleshooting Network Connectivity
11:15 12:00 Lab: Troubleshooting Connectivity Problems
12:00 1:00 Lunch
1:00 2:30 Lab: Troubleshooting Connectivity Problems (continued)
2:30 2:45 Break
2:45 3:00 Unit 3: Troubleshooting Public Folders and Mailboxes
3:00 4:15 Lab: Troubleshooting Public Folder and Mailbox Problems
4:15 4:30 Unit 4: Troubleshooting Outlook Web Access and Outlook
Mobile Access
Day 2
Start End Unit
Access Problems
10;00 10:15 Break
Access Problems (continued)
11:45 12:45 Lunch
12:45 1:00 Unit 5: Troubleshooting Client Connectivity
1:00 2:00 Lab: Troubleshooting Client Connectivity Problems
2:00 2:15 Break
2:15 3:15 Lab: Troubleshooting Client Connectivity Problems (continued)
3:15 3:30 Unit 6: Troubleshooting Server Connectivity
3:30 5:00 Lab: Troubleshooting Server Connectivity Problems
Day 3
Start End Unit
9:00 9:15 Unit 7: Troubleshooting Server Performance
9:15 10:15 Lab: Troubleshooting Server Performance
10:15 10:30 Break
10:30 10:45 Unit 8: Troubleshooting Security Issues
10:45 12:00 Lab: Troubleshooting Exchange Security
12:00 1:00 Lunch
1:00 1:45 Lab: Troubleshooting Security Issue Problems (continued)
1:45 2:00 Unit 9: Troubleshooting the Migration to Exchange 2003
2:00 2:15 Break
2:15 3:45 Lab: Troubleshooting the Migration to Exchange 2003
3:45 4:30 Unit 10: Troubleshooting an Exchange Server 2003 Organization
Trainer Materials Compact Disc Contents

The Trainer Materials compact disc contains the following files and folders:
! Autorun.exe. When the compact disc is inserted into the compact disc drive,
or when you double-click the Autorun.exe file, this file opens the compact
disc and allows you to browse the Student Materials or Trainer Materials
compact disc.
! Autorun.inf. When the compact disc is inserted into the compact disc drive,
this file opens Autorun.exe.
! Default.htm. This file opens the Trainer Materials Web page.
Trainer Materials compact disc and its contents and how to open the Trainer
Materials Web page.
! 2011a_In.doc. This file contains the Instructor Notes for this workshop,
which are provided to assist the instructor in delivering this workshop.
! 2011a_MS.doc. This file is the Manual Classroom Setup Guide. It contains
the steps for manually setting up the classroom computers.
! Powerpnt. This folder contains the PowerPoint slides that are used in this
workshop.
Important It is recommended that you use PowerPoint 2002 or later to

display the slides for this workshop. If you use PowerPoint Viewer or an
earlier version of PowerPoint, all the features of the slides may not be
displayed correctly.
! Pptview. This folder contains the PowerPoint Viewer 97, which can be used
to display the PowerPoint slides if PowerPoint 2002 is not available. Do not
use this version in the classroom.
! Setup. This folder contains the files that install the workshop and related
software to computers in a classroom setting. Setup includes the Virtual PC
differencing drives, which build on base drives provided on the 2400B
Trainer Materials DVD.
! Student. This folder contains the Web page that provides students with links
to resources pertaining to this workshop, including additional reading,
review and lab answers, lab files, multimedia presentations, the Lab Toolkit,
and workshop-related Web sites.
! Tprep. This file contains the Trainer Preparation Presentation for this
course. Review these materials before teaching this course.
! Webfiles. This folder contains the files that are required to view the
workshop Web page. To open the Web page, open Windows Explorer, and
in the root directory of the compact disc, double-click Default.htm or
Autorun.exe.
Instructor Notes for Unit 0: Introduction

Presentation: The Introduction unit provides students with an overview of the workshop
30 minutes content, materials, and logistics for Workshop 2011A: Troubleshooting
Microsoft Exchange Server 2003.
How to Teach This Unit

This section describes the instructional methods for teaching this unit.
Introduction Welcome students to the workshop and introduce yourself. Provide a brief
overview of your background to establish credibility.
Ask students to introduce themselves and provide their background, product
experience, and expectations of the workshop.
Record student expectations on a whiteboard or flip chart for reference later in
class.
What is a workshop? Use the students’ expectations, discussed in the previous slide, as a lead-in to
describe what a workshop is. Emphasize that 75 percent to 80 percent of the
time will focus on hands-on activities during the lab. The rest of the time will
focus on preparing students for the lab and reviewing how students performed
the lab.
Briefly demonstrate the Lab Toolkit, highlighting its components and how they
will be used during the lab. Tell students that the Lab Toolkit is installed on
their student computers in the classroom and is also available on the Student
Materials compact disc for use after the workshop.
Workshop materials Tell students that everything they will need for this workshop is provided at
their desk.
Have students write their names on both sides of the name cards.
Describe the contents of the student workbook and the Student Materials
compact disc.
Tell students where they can send comments and feedback on this workshop.
Demonstrate how to open the Web page that is provided on the Student
Materials compact disc by double-clicking Autorun.exe or Default.htm in the
Student folder on the Trainer Materials compact disc.
Prerequisites Describe the prerequisites for this course. This is an opportunity for you to
identify students who may not have the appropriate background or experience
to attend this course.
Workshop outline Briefly describe each unit and what students will learn. Be careful not to go into
too much detail because the workshop is introduced in detail in Unit 1.
Explain how this workshop will meet students’ expectations by relating the
information that is covered in individual units to their expectations.
Demonstration: Using Prior to performing this demonstration, start 2400_London–Virtual PC.

Virtual PC Because London takes several minutes to start, it should be completely started
before you begin this presentation.
Microsoft now owns Connectix Virtual PC. In this course, students will use
Connectix Virtual PC to perform all the hands-on practices. Demonstrate how
to use Virtual PC by performing the following procedure:
1. On your desktop, tell students that they can use either the Start menu or
their desktop shortcuts to open Connectix Virtual PC.
2. In Connectix Virtual PC, click Miami, and then click Start Up. Mention
that, with 1 GB of memory, the students will be able to run two virtual
computers at a time, and that starting the third virtual computer will cause
performance problems. There are labs in this workshop that require the
simultaneous use of three virtual computers.
3. Show the students that the system tray of the host computer contains an icon
for Virtual PC. If Virtual PC is running but the window becomes hidden,
you can reactivate the window by double-clicking the icon in the system
tray.
4. Show the students that the title bar of each virtual PC indicates which server
is accessed.
5. Switch to 2011_London–Virtual PC and then log on to London by
pressing the ALT key on the right side of the keyboard at the same time you
press the DELETE key. Log on as NWTraders\Administrator with a
password of P@ssw0rd. Point out that the ALT key on the right side of the
keyboard is referred to as both the RIGHT-ALT key and the HOST key in
Connectix Virtual PC Help and menus.
6. Demonstrate Full Screen mode by pressing the ALT key on the right side of
the keyboard at the same time you press ENTER. Repeat this key sequence
to return to a Window view. Tell students that if they have display problems
during class, they can use Full Screen mode to improve performance.
7. Point out that the London desktop indicates the word LONDON, and
mention that each virtual PC indicates the computer name on the desktop.
8. Switch to Miami and then log on to Miami as administrator by pressing
ALT+DELETE. Point out that all accounts in the Microsoft Active
Directory® directory service have been preconfigured with a password of
P@ssw0rd.
9. Point out that the Miami desktop indicates the word MIAMI.
10. Use ipconfig /all at a command prompt at London, Miami, and the host
computer to show the IP addresses configured for each. Use ping to show
that London and Miami can ping each other and the host, but not any other
computer on the host’s network. For your information, the IP address for
London is 192.168.1.1 and the IP address for Miami is 192.168.1.2. The
host computers should be configured with an IP address on the same subnet
as the virtual PCs.
11. From London, show how to map drive Z to drive C of the host computer.
Point out that when the drive is mapped, students can access information
stored on the host computer by using this mapped drive, and that they can
create additional mapped drives by using the Settings option on the Edit
menu of Connectix Virtual PC.
12. Close London and save changes. Close Miami and save changes. Point out
that students can choose to either discard or commit their changes when
closing Virtual PC, and that in general in this course, they should discard
their changes each time they close Virtual PC.
Setup Describe any necessary setup information for the course, including course files
and classroom configuration.
Microsoft Official Explain the Microsoft Official Curriculum (MOC) program and present the list
Curriculum of additional recommended learning products.
Refer students to the Microsoft Official Curriculum Web page at
http://www.microsoft.com/traincert/training/ for information about curriculum
paths.
Microsoft Certified Inform students about the Microsoft Certified Professional (MCP) program, any
Professional program certification exams that are related to this workshop, and the various
certification options.
Facilities Explain the class hours, extended building hours for labs, parking, rest room
location, meals, phones, message posting, and where smoking is and is not
allowed.
Let students know if your facility has Internet access that is available for them
to use during class breaks.
Also, make sure that the students are aware of the recycling program if one is
available.
Instructor Notes for Unit 1: Introduction to

Troubleshooting Exchange Server 2003
Presentation: After completing this unit, students will be able to:
15 minutes
Lab: ! Analyze process and data flow in a flow chart.
60 minutes
! Access and apply information from a service request and other workshop
Review: components.
5 minutes
! Identify a problem and recommend a solution.
Required materials To teach this unit, you need the unit slides, the student workbook, and the Lab
Toolkit.
Important It is recommended that you use Microsoft PowerPoint® 2002 or later

to display the slides for this course. If you use PowerPoint Viewer or an earlier
version of PowerPoint, all the features of the slides may not be displayed
correctly.
Preparation tasks To prepare for this unit, read all the written materials and review the resources
in the Lab Toolkit, practice the labs and guided activities, and prepare to
facilitate the discussion questions.
In addition, you should:
! Review Module 4, “Managing Recipients,” from Course 2400,
Implementing and Managing Microsoft Exchange Server 2003.
! Review Module 7, “Implementing and Managing Client Access with
Internet Protocols,” from Course 2400, Implementing and Managing
! Review Module 11, “Managing Data Storage and Hardware Resources,”
from Course 2400, Implementing and Managing Microsoft Exchange
Server 2003.
! Review the Open Systems Interconnection (OSI) model and be prepared to
discuss how it can be used for troubleshooting client/server applications.
! Prepare to explain to students how to use the toolkit resources.
Classroom setup The information in this section provides setup instructions that are required to
prepare the instructor computer or classroom configuration for a lab.
! Prepare for the lab

• Remind students to run the breaklab1a.bat script in the beginning of the Lab
for Unit 1 in the Lab Virtual PC Configuration section.

Presentation The presentation includes a lot of information. To cover the four presentation
slides, you will need to move quickly. The students should already have some
background information about the topics in the presentation, so focus on how
each of the topics is relevant to troubleshooting. Keep in mind that the slides in
this unit are intended to introduce students to troubleshooting and some of the
processes used in troubleshooting.
Because most Exchange Administrators are not responsible for the network
infrastructure, they may feel some frustration in the first two units. Stress to
them the importance of understanding the basic networking concepts when
troubleshooting an Exchange environment. Point out to the students that even if
they are not directly responsible for the network and its components, knowledge
of these components can help them rule out network problems without the
network team’s assistance in many cases.
“Topic 1: Understanding Exchange Server 2003” discusses the various
components of an Exchange system and that problems can exist at any level in
an Exchange environment. Focus on the troubleshooting aspects for each
component. For example, discuss how one mailbox store can be corrupted and
others in the same storage group not impacted. Make sure to engage students in
the discussion by asking them how they would troubleshoot a problem in each
area if they knew the problem existed in that component. For example, ask
them how they would troubleshoot a MAPI client problem if they knew it was a
client issue and not a server component problem.
“Topic 2: Troubleshooting Methodology” discusses two common
troubleshooting processes that are used in the industry. Explain to students how
vital the process is, and how it can be organized using the OSI model. Walk
them through the OSI model on the whiteboard and stress how the model starts
at the top of the client using Microsoft Outlook at the application, moves down
through the model to the wire (physical layer), across the wire to the server side
and up through the model to the Exchange Server 2003 server as the server
application. Ask students what they think might be some issues that they could
run into at each layer of the OSI model. Also discuss how to use the working
system model when it comes to troubleshooting. Use the example of how
Outlook Web Access (OWA) works. Explain how you might troubleshoot
OWA both at the browser level and at the server level.
“Topic 3: Preparing to Troubleshoot Exchange Server 2003” discusses the
places where logging and monitoring can be used for troubleshooting. The lab
will walk them through most of the processes. However, you might want to
demonstrate how to use Netmon to do a capture to see how an OWA client
connects to the server and then explain what you captured and how students can
replicate it.
“Topic 4: Pre-Lab Discussion” is your opportunity to prepare students for the
lab. Because the purpose of the troubleshooting exercise in this lab is to
introduce students to the service requests, flow charts, and toolkit resources,
you should demonstrate for the students how to use the flow chart and the
toolkit resources to solve the problem describe in the scenario and service
request for the first step or two. Use this page to provide context for the lab and
help students better understand the importance of the concepts in this unit when
it comes to troubleshooting the lab scenarios.
Lab The first exercise is the first of what will be many scenarios that are used in all
the other units in this workshop. Explain to students that the first exercise is not
Exchange related because they are supposed to learn how to use the flow charts
and the toolkit resources in this exercise.
The problem that you are troubleshooting in Exercise 1 is intentionally simple
in order to help students learn how to use the flow chart, and was chosen
because most Windows administrators have a great deal of experience with
mapping network drives and troubleshooting problems with mapped network
drives. Students should follow the steps in the flow chart in order to identify the
problem provided in the scenario. It is important that students become
comfortable using the flow chart in this exercise because all subsequent
exercises in this workshop will incorporate flow charts. Once students identify a
problem, they must document their solution. At the end of each lab in this
workshop, you will discuss with the class their approach to troubleshooting
problems, and their findings during troubleshooting.
In the second exercise, students configure logging and monitoring on the
computer running Exchange Server 2003 to familiarize themselves with all the
logging capabilities they have. Configuration settings will be saved at the end
of the lab so that students can continue to use the items that they configure
during this exercise. You should also mention that although most labs in this
workshop have the students discard changes made to their virtual PC
environment, changes in this lab will be saved so that they can continue to use
the troubleshooting tools that they configured during Exercise 2.
For more information on completing this lab, direct students to Appendix A,
“Lab Guidance,” located at the back of the student workbook. If necessary, be
prepared to provide desk side assistance to each student during the lab phase of
class. You can help students along in their troubleshooting by asking how they
would normally test a process or lookup information. You will want to maintain
a “study hall” atmosphere within the classroom while students complete the lab.
The toolkit resources for this unit include items that are not related specifically
to the flow chart for this unit. These items are referenced in the Lab Toolkit
resources section of the unit by exercise number. For example, if an item is
needed only for Exercise 2, but does not support the flow chart, the Flow Chart
Reference column of the table will indicate “Ex 2 only”.
Review You should review some of the settings and configurations of the different logs
and monitoring tools that the students used during the lab. For example, you
might ask students how they would configure logging and monitoring in their
networks as a standard configuration, and then ask them the same question but
with users reporting that Outlook 2003 access to their mailboxes is slower than
normal. Use the whiteboard to record the information provided by the students
and encourage them to expand on the information that you write.
Discuss how the students used the troubleshooting flow chart to determine the
root cause of the problem. Walk all students through the flow chart for
Exercise 2 in the lab. Ask them to provide feedback on what they found. While
going through the flow chart, have students pull out the Toolkit Resources
booklet and point out the detailed information. Point out how the Toolkit items
are correlated to the flow chart through the reference letters.
Discuss how the students tested their solution to the problem and how they
knew they were successful in resolving the problem.
Make sure students followed the instructions to shut down the Virtual PCs after
the lab.
Instructor Notes for Unit 2: Troubleshooting Network

Connectivity
15 minutes
! Identify the underlying causes when mail from one server is not received by
Lab: recipients on another and resolve the problem.
135 minutes
! Identify the underlying causes when a user cannot connect to a Microsoft
Review: Exchange Server 2003 server as a remote user and resolve the problem.
5 minutes ! Identify the underlying causes when no one in the organization can receive
Toolkit.
Important It is recommended that you use PowerPoint 2002 or later to display

the slides for this course. If you use PowerPoint Viewer or an earlier version of
PowerPoint, all the features of the slides may not be displayed correctly.
! Review Module 8, “Managing Client Configuration and Connectivity,”
Server 2003.

• Make sure to remind all students to run the scripts in the beginning of each
exercise in the Lab for Unit 2. Follow the directions in the Lab Virtual PC
configuration section.

Presentation This is the first unit where you really start to get into troubleshooting Exchange
Server 2003. You need to be very careful and keep the focus on network
configuration and network services in this unit as there is another unit later that
covers client connectivity.
Because most Exchange Administrators are not responsible for the network
infrastructure, they may feel some frustration in the first two units. Stress to
them the importance of understanding the basic networking concepts when
troubleshooting an Exchange environment. Point out to the students that, even
if they are not directly responsible for the network and its components,
knowledge of these components can help them rule out network problems in
many cases and not require the network team’s assistance.
“Topic 1: Tools for Troubleshooting Network Connectivity” discusses the
various tools available to the students when troubleshooting network
connectivity and network services issues. You should explain how these tools
are most often used for troubleshooting and what each tool can tell you about
whether something works properly. For example, you might talk about how
using ping with the host name will tell you that name resolution works if it
responds properly. However, you should also tell students that because there is
no response that does not mean that the target computer is not working. There
might be an intervening firewall or a router that filters out ICMP traffic and
thereby preventing student from seeing the response. Explain how to use telnet
at the command prompt and how to use Hyper Terminal to connect to non-
telnet ports.
“Topic 2: Common Network Connectivity Problems” discusses some of the
common connectivity issues. Explain that these problems are easy to resolve
and provide examples of how you can test for each one. For example, explain
how you can use telnet from a computer outside the firewall to test connections
through the firewall to an internal system. A good example would be to test port
25 connections and see if they are properly redirected to the computer running
Exchange Server 2003 and if a response is provided by the Exchange server.
lab. You should help students begin to think about the underlying problems that
might result in the indicated situations, and document their suggestions on the
whiteboard. Use this page to provide context for the lab and help students better
understand the importance of the concepts in this unit when it comes to
troubleshooting the lab scenarios.
Note When using OWA on London to test messaging functionality, you may
occasionally get a 503 error. In most cases, just refreshing the screen will load
OWA. If this doesn’t work, log on to OWA as Administrator and then log on as
the user. You may wish to remind students of this periodically throughout this
workshop.
In the flow chart, in solution box C, the students are directed to check the
network route. You may wish to remind them that this means to check both the
physical and logical network connectivity between clients and servers, as well
as between servers in the Exchange organization. There is a toolkit resource for
verifying routing group connectivity that can be used for this task.
Lab If students have difficulty with the lab, use the flow charts to focus their
Review troubleshooting efforts. If needed, ask them which steps they have completed. If
they have gone past the step where they fix the problem, ask them to explain
what they found in that step and the step before. This workshop assumes
prerequisite knowledge in managing an Exchange Server 2003 environment. If
students do not meet the prerequisites, you may need to review some
procedures with the students.
class. You will want to maintain a “study hall” atmosphere within the
classroom while students complete the lab.
You should spend some time during the pre-lab discussion, with all student
workbooks closed, going over some ways that students would troubleshoot the
scenarios covered in the lab. Write their ideas on the whiteboard. After
completing the lab, review what they would have done before seeing the lab.
Discuss how the students used the troubleshooting flow charts to determine the
root causes of the problems. Compare the processes of the flow charts to what
the students said they would do before the lab. Record on the whiteboard the
information provided by the students. Discuss how they would troubleshoot the
problem now based on what they learned in the lab.
Discuss how the students tested their solutions to the problems and how they
knew they were successful in resolving the problems.
Make sure students followed the instructions to shut down the Virtual PCs after
the lab.
Note Sometimes Internet Explorer fails to load all data when connecting to
Outlook Web Access. If this happens, remind the students to close and restart
Internet Explorer.
Instructor Notes for Unit 3: Troubleshooting Public

Folders and Mailboxes
15 minutes
Lab: resolve the problem.
75 minutes
! Identify the underlying causes when a user cannot receive Internet e-mail to
Review: his e-mail address and resolve the problem.
5 minutes ! Identify the underlying causes when a user is unable to post a message to a
Required materials To teach this unit, you need the unit slides, the student workbook, which
includes the lab flow charts and service request scenarios, and the Lab Toolkit.

in the Lab Toolkit, practice the labs and guided activities, and prepare to answer
the discussion questions.
! Review Module 4, “Managing Recipients,” from Course 2400,
! Review Module 6, “Managing Address Lists,” from Course 2400,
! Review Module 14, “Performing Preventative Maintenance,” from Course
2400, Implementing and Managing Microsoft Exchange Server 2003.

1. To perform this lab, the students must start the London and Vancouver
Virtual PCs using the procedures described in the lab.
2. To create the troubleshooting scenarios, the students must run the
Breaklab3.vbs script from the c:\moc\2011\Labfiles\Lab03 directory. This
script creates all the error conditions required for the lab.

Presentation To cover the four presentation slides in 15 minutes, you will need to move
quickly. The students should already have some background information on the
topics in the presentations, so focus on how each topic is relevant to
troubleshooting.
“Topic 1: Troubleshooting Client Connectivity to Mailboxes and Public
Folders” discusses the issues that can arise when a user tries to connect to an
Exchange server. Focus on the troubleshooting aspects for each topic. For
example, discuss if the problem is DNS resolution, what symptoms the user
would see, and what you would do to troubleshoot the problem.
“Topic 2: Troubleshooting Mailbox and Public Folder Properties” discusses the
mailbox and public folder configuration issues that can cause e-mail delivery
problems. The students should be familiar with the user interface (UI) where
these settings are configured, so avoid demonstrating the UI. The lab scenarios
focus on mailbox and public-folder configuration issues, so minimize the time
you spend on this topic. Most of your time should be spent addressing the
troubleshooting portions of each bullet on the page, which are typically located
in the last sentence of each bullet.
“Topic 3: Troubleshooting Single Server Message Flow” discusses how e-mail
messages flow through a single server. Review the single server message flow
but then focus on how the Queue Viewer and message tracking can be used to
troubleshoot the message flow.
“Topic 4: Troubleshooting the Recipient Update Service” discusses recipient
policies and the Recipient Update Service. These concepts should be familiar to
the students, so focus on how configuration errors in the recipient policies, and
configuration errors or service failures in the Recipient Update Service may
cause e-mail delivery failures.
troubleshooting efforts. If needed, ask them which steps they have completed. If
Note Sometimes Internet Explorer fails to load all data when connecting to
Outlook Web Access. If this happens, remind the students to close and restart
Internet Explorer.
There are two flow charts for this lab. The first flow chart which is located in
the beginning of the lab is used for exercises 1 and 2. The second flow chart is
for use while completing exercise 3, which is located at the end of the lab. You
may wish to point out the location of the flow chart for your students.
In the flow chart entitled “Troubleshooting Mailbox Problems,” solution boxes
C and D direct the student to “Check content scanner.” Content scanning is a
feature provided by third-party manufacturers. Because no content scanners are
installed as part of this workshop’s setup, the students will be unable to perform
this task. You should mention that students would follow manufacturer’s
instructions for verifying their content scanner configuration in their own
production environments.
Review You should have spent some time during the pre-lab discussion, with all student
books closed, reviewing ways that the students would troubleshoot the
scenarios covered in the lab. Record the students’ ideas on the whiteboard.
After completing the lab, review what they would have done before seeing the
lab.
root cause of the problem. Compare the process of the flow chart to what the
students said they would do before the lab. Make sure you record the
Make sure students shut down the Virtual PCs following the instructions after
the lab.
Instructor Notes for Unit 4: Troubleshooting Outlook Web

Access and Outlook Mobile Access
15 minutes
Lab: security error.
150 minutes
! Identify the underlying causes when a user cannot access Outlook Web
Review: Access because of an authentication error and resolve the problem.
5 minutes ! Identify the underlying causes when a user cannot access Outlook Mobile
Access and resolve the problem.
includes the lab flow charts and the service request forms, and the Lab Toolkit.

! Review Module 10, “Managing Mobile Devices with Exchange
Server 2003,” from Course 2400, Implementing and Managing Microsoft
! Review Module 3, “Securing Exchange Server 2003,” from Course 2400,
prepare the instructor computer or classroom configuration for a lab. This lab
includes three scenarios. Prior to starting each scenario, a script must be run
that will create the problem that the students will be troubleshooting.

1. The students will use the London Virtual PC and the Miami Virtual PC for
this lab. The Miami Virtual PC must be configured as a front-end server
using the procedure in the lab.
2. To create the troubleshooting scenario for Exercise 1, the students must run
the breaklab4a.bat script.
the breaklab4b.bat script.
the breaklab4c.bat script.

Presentation To cover the three presentation slides in 15 minutes, you will need to move
topics in the presentations, so focus on how each of the components is relevant
for troubleshooting.
“Topic 1: Troubleshooting Outlook Web Access” discusses the issues that can
arise when a user tries to connect to an Exchange server using Outlook Web
Access. Focus on the troubleshooting aspects of the topic. The table that lists
the error messages a user may receive are intended for reference, so don’t go
into too much detail. Perhaps review just one row so the students can see the
format. Spend more time on the troubleshooting topics after the table because
these cover how to approach troubleshooting in an OWA environment.
“Topic 2: Troubleshooting a Front-End and Back-End Server Topology with
Outlook Web Access” discusses how adding a front-end and back-end server
configuration can complicate troubleshooting. The section briefly discusses the
front-end, back-end topology, and students should be familiar with the topic.
Spend most of your time on the troubleshooting section, highlighting how you
can test each component within front-end, back-end server topology to isolate
the problem. The lab scenarios focus on front-end, back-end configuration
issues.
“Topic 3: Troubleshooting Outlook Mobile Access” discusses how Outlook
Mobile Access is different than Outlook Web Access. Spend some time
discussing that both services rely on Internet Information Server (IIS) so
troubleshooting may include troubleshooting IIS as well as Exchange.
what they found in that step and the step before. This workshop assumes prior
knowledge in managing an Exchange Server 2003 environment. If students do
not meet this prerequisite, you may need to review some procedures with the
students.
scenarios covered in the lab. Record the students’ ideas on the whiteboard.
After completing the lab, review what they would have done before seeing the
lab.
If students have questions about Exercise 2, you should refer them to the toolkit
resource, “Verifying the Configuration of the Default Web Site.” This resource
describes how to determine whether ASP.NET is allowed or prohibited. This
can happen if a company has deployed OMA much after the initial installation
of Exchange. The company may have decided to disable ASP.NET, and then
not realized that they need to enable it for OMA to function. Another scenario
is that an IIS administrator may notice the setting, believe that it poses a
security risk, and may turn it off.
Make sure students shut down the VPCs following the instructions after the lab.
Instructor Notes for Unit 5: Troubleshooting Client

Connectivity
15 minutes
Lab: Internet from home using Outlook Express and resolve the problem.
120 minutes
Review: the server has failed” message and resolve the problem.
5 minutes ! Identify the underlying causes when a new user receives an error message
when trying to connect to their mailbox and resolve the problem.
Toolkit.

! Review Module 8, “Managing Client Configuration and Connectivity,”
Server 2003.

• Remind Students to follow the directions for the Lab Virtual PC
configuration, and remind all students to run the scripts in the beginning of
each exercise in the Lab for Unit 5.

Presentation This unit covers client connectivity. It is important to keep the focus on
messaging client configuration and client connection issues. The students
should already have some background information on these topics in the
presentation; you will want to focus on how the information presented is critical
to troubleshooting.
“Topic 1: Messaging Clients Used to Access Exchange Server 2003” discusses
the various messaging clients available to messaging users. It is important to
note that different clients have different requirements for connection to an
Exchange Server 2003 server. You should explain, for example, that Outlook
Web Access requires only a compliant browser and connectivity using
Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure
(HTTPS) if Secure Sockets Layer (SSL) is being used. However, Outlook 2003
is a full-featured messaging client that needs additional available ports to
connect to the Exchange Server 2003 server, Active Directory domain
controllers, and Active Directory global catalog servers. Discuss with the
students how they can use different messaging clients to troubleshoot other
messaging clients. For example, using OWA successfully will inform the
student that the Exchange server is running properly and help eliminate the
server as the problem for a MAPI client.
“Topic 2: How Messaging Clients Connect to Exchange Server 2003” focuses
on the network requirements that Exchange services require by each messaging
client to connect to the Exchange Server 2003 environment. Stay focused on the
different communication methods used by each client and the ports that are
needed to be open for each client. It is important to discuss the network services
that are required on the Exchange Server 2003 server so that the messaging
client can properly connect.
“Topic 3: Additional Services Required for Connecting to Exchange
Server 2003” discusses the supporting network services that are required for the
messaging client to connect to the Exchange server. For example, without DNS,
Outlook 2003 would not be able to find the Exchange server on the network.
Without IIS installed and running, Outlook Web Access and Outlook Mobile
Access would not be able to connect to the Exchange Server 2003 environment.
SMTP, POP3, and IMAP4 allow Outlook Express to connect to the Exchange
server internally on the network as well as externally from the Internet if the
ports have been published on the firewall and redirected to the Exchange server.
Focus the discussion on how troubleshooting requires verifying these services
as part of the messaging client connectivity requirements.
One issue may arise in Exercise 1 where students are required to create a
second SMTP virtual server and then configure one of the two SMTP virtual
servers using SSL and the IMAP4 virtual server using SSL. Some students have
never done this work, even though it is covered in the prerequisite courses.
Make sure you can do these tasks and explain them to the students.
In Exercise 2, students need to take several steps to prepare the environment for
troubleshooting. The configuration for this exercise is a little more complex
than others because we need to configure a cached credential for AlexHanki
and then reset the computer so that it does not retained cached DNS
information.
In the third exercise of the lab, on Acapulco, students will need to log off as
Alex Hankin and log back on as Gary Schare. Because of the modifications
made by the script, it can take as long as 20 minutes to log back on to
Acapulco. You should consider directing students to begin the log on process,
and then take a break.
Review You should have spent some time during the pre-lab discussion with all student
books closed; going over some ways that the students would troubleshoot the
scenarios covered in the lab and then record the students’ ideas on the
whiteboard. After completing the lab, review what they would have done before
seeing the lab.
the lab.
Instructor Notes for Unit 6: Troubleshooting Server

Connectivity
15 minutes
! Troubleshoot message delivery between servers in the same routing group.
Lab: ! Troubleshoot message delivery between servers in different routing groups.
90 minutes
! Troubleshoot message delivery between an Exchange organization and
Review: another e-mail system.
5 minutes
! Troubleshoot message delivery between an Exchange organization and the
Internet.
includes the lab flow charts and the lab scenarios, and the Lab Toolkit.

! Review Module 9, “Managing Routing,” from Course 2400, Implementing
and Managing Microsoft Exchange Server 2003.
requires that the students create a new routing group and move Miami into the
routing group using the procedure described at the beginning of the lab.

1. For the first exercise in the lab, the students will use the London Virtual PC
and the Miami Virtual PC. In preparation for the lab, they must configure an
additional routing group and move the Miami Exchange server into the
routing group using the procedures at the beginning of the lab.
2. For the second and third exercises in the lab, the students will use the
London Virtual PC and the Vancouver Virtual PC. The Vancouver Virtual
PC will be used to simulate an Internet connection.
3. To create the troubleshooting problems for Exercise 2 in this lab, the
students must run the breaklab6b.bat script.
students must run the breaklab6c.bat

Presentation To cover the four presentation slides in 15 minutes, you will need to move
topics in the presentations, so focus on how each of the components that are
relevant for troubleshooting.
The four topics in the unit build on the single server message flow information
discussed in Unit 3. Remind the students of that information and discuss the
fact that in some cases the reason why messages are not delivered to other
servers may be a failure on one server.
The four topics in this unit also build from simple to more complex
environments starting with a single site, multiple sites, and external e-mail
systems and finishing with connecting to the Internet. Discuss this progression
with the students as you introduce the topics in this unit.
“Topic 1: Troubleshooting Intra-Routing Group Connectivity” discusses how
messages are routed between severs in a single routing group. Discuss the
characteristics of message routing in a single routing group and ask the students
what could fail in this environment, and what the symptoms would be. You
may wish to use the whiteboard to indicate a geographically disperse routing
group and discuss the fact that there are no logical bridgehead servers even
when there are physical servers providing the connection between locations.
This diagram can then carry forward into the next topic. Then discuss the
troubleshooting steps. This is a good place to review the strong dependency of
Exchange Server 2003 on DNS and Active Directory, in that most message
delivery problems come from DNS or Active Directory resolution problems. As
you discuss ways to resolve DC/GC or DNS issues, ensure that the students
understand how to implement the solutions. If the students do not have the
Active Directory background, refer them to Active Directory courses available
from Microsoft.
“Topic 2: Troubleshooting Routing Group Connectivity” discusses message
routing between routing groups and how to troubleshoot the errors. Students
should be familiar with the routing group connector options in Exchange
Server 2003 so focus on the troubleshooting sections. Point out that the
message flow through bridgehead servers mean that the first step to
troubleshooting message routing in multiple routing groups is to ensure that
messages are flowing in the single routing group to the bridgehead server.
“Topic 3: Troubleshooting Connectivity to Other E-Mail Systems” discusses
connecting the Exchange organization to other e-mail systems such as Lotus
Notes or Novell Groupwise. Many students will not be familiar with this topic
so review the concepts and the connector options briefly, mentioning the
differences between Exchange Server 2003 and Exchange 2000. The lab does
not include any scenarios where students will connect to another e-mail system.
“Topic 4: Troubleshooting Connectivity to the Internet” discusses how to
troubleshoot both incoming and outgoing e-mail. The most significant
component to troubleshooting incoming e-mail is configuring the Mail
Exchanger (MX) records, so make sure that the students understand MX
records and their role. If students are not familiar with MX records then show
the students the MX records on the London virtual hard disk on the instructor
computer. Review the SMTP connector configurations with the students when
discussing outbound e-mail.

scenarios covered in the lab and recording the students’ ideas on the
seeing the lab.
the lab.
Instructor Notes for Unit 7: Troubleshooting Server

Performance
15 minutes
! Identify and resolve message problems related to performance problems in
Lab: domain controllers and global catalog servers.
60 minutes
! Identify and resolve messaging performance problems caused by the
Review: running of scheduled applications.
5 minutes ! Troubleshoot messaging problems caused by hardware components in
server systems.
Toolkit.

! Review Module 13, “Performing Preventative Maintenance,” from Course
2400, Implementing and Managing Microsoft Exchange Server 2003.

• Make sure to remind all students to run the scripts before all exercises.

Presentation This unit covers server performance problems. As servers become
overwhelmed with normal and abnormal network use, the students will need to
troubleshoot the cause of the poor performance and then make
recommendations on how to fix the problems. The students should already have
some background information on the topics in the presentations, so focus on
how the information presented is important for troubleshooting.
“Topic 1: System Components That Cause Server-Related Performance
Problems” discusses the various components of the server that can cause
performance problems for Exchange Server 2003 and messaging clients that
connect to the server. You should discuss the counters used to monitor server
performance whether the server is an Exchange server or any other application
server. Discuss how using System Monitor can help identify the performance
constraint causing the problem and what actions can be taken to alleviate the
performance problem.
“Topic 2: Common Server-Related Problems” focuses on performance

problems that can be mitigated by offloading some services, rescheduling some
activities, and changing maintenance schedules. A chart is provided to
demonstrate examples of how to mitigate performance problems.
Lab It is very important that the students do not stop the script for Exercise 3. The
command prompt window will remain open, so it will probably be a clue for the
students that whatever is running is the problem. It would be a very good time
to give students a break. Let them know that once they start the script, it may
take 10 minutes or more. Let them know that they can minimize the window, so
that it will not be in their way while they start troubleshooting. The script will
cause the students to eventually run out of disk space. Because running the
script can take over thirty minutes (depending on system performance) you may
allow students to start troubleshooting after ten minutes. They will find the
excessive disk activity. As you review the lab with the students, point out all the
extra files created by the script and that if it kept running, it would eventually
fill up the disk. Point out to the students that when the disk fills, the MTA will
stop and eventually all Exchange services will stop once the last of the log files
are filled. The solution is that the drive needs to have the extra files deleted and
Exchange services restarted if necessary.
If students have difficulty with the lab, use the flow charts to focus their
scenarios covered in the lab, recording their ideas on the whiteboard. After
completing the lab, review what they would have done before seeing the lab.
students said they would do before the lab. Record on the whiteboard the
the lab.
Instructor Notes for Unit 8: Troubleshooting Security

Issues
15 minutes
Lab: ! Identify and resolve problems related to using SSL to secure e-mail.
120 minutes
Review: configurations.
5 minutes

! Review Module 3, “Securing Exchange Server 2003,” from Course 2400,
requires that the students create a new routing group and move Miami into the
routing group using the procedure described at the beginning of the lab.

1. For the first two scenarios in the lab, the students will use the London
Virtual PC and the Acapulco Virtual PC.
2. In the troubleshooting Exercise 1, the problem is created by an incomplete
classroom configuration.
3. In the troubleshooting Exercise 2, the problem is created by an incorrectly
configured user profile. The profile has been created as part of the
classroom setup.
4. For the last exercise in the lab, the students will use the London Virtual PC
and the Vancouver Virtual PC.
students must run the Breaklab8c.bat script.

Presentation Not all companies have implemented SSL and S/MIME to secure e-mail. This
means that some students are likely to have limited background understanding
of PKI, SSL and S/MIME. If students do not have the expected background,
then be prepared to spend more time explaining the concepts. An understanding
of the concepts is required to troubleshoot issues with e-mail security.
Before starting the topics, spend some time determining how familiar the
students are with this content. Ask how many have deployed an internal CA,
how many use S/MIME in their company, how many use SSL to secure OWA,
how many use SSL to secure other e-mail protocols.
“Topic 1: PKI Requirements for Secure E-Mail” discuss the concepts of PKI
and the implementation options available when deploying a PKI. Use this slide
to briefly discuss the components that enable digital signature and encryption
capabilities. Use the information listed in the table to explain the role each PKI
component plays in creating an infrastructure that can be used to secure e-mail.
The amount of time you spend on this topic will depend on student familiarity
with the concepts. If students are interested in learning more about using PKI to
improve network security refer them to Course 2821: Designing and Managing
a Microsoft Windows Public Key Infrastructure.
“Topic 2: Troubleshooting S/MIME E-Mail Issues” discuss the concepts,
implementation and troubleshooting of S/MIME. Stress that S/MIME requires
digital certificates for all e-mail clients that want to send secure e-mail, so most
of the S/MIME troubleshooting issues will be client based. Tell the students
that they can implement S/MIME security without modifying any settings on
the Exchange server because the Exchange server will just accept the encrypted
e-mail messages and forward them to other servers.
“Topic 3: Troubleshooting SSL Issues” discusses the concepts, implementation
and troubleshooting of SSL. Tell students that, in contrast to S/MIME, almost
all SSL troubleshooting will be server-based or network based, because all
Internet protocol clients are enabled for SSL. Stress that although SSL is easier
to implement than S/MIME, it is not as easy to use when sending secure e-mail
to external clients. With S/MIME you can send secure e-mail to anyone as long
as you have the required digital certificates. SSL is used only to secure client
connections to Exchange servers and possibly, to secure SMTP e-mail sent
between two Exchange servers.
In the flow chart, solution box A directs the student to “Check SMTP gateway
or smart host configuration”. Because SMTP gateway or smart host is not
installed as part of this workshop’s setup, the students will be unable to perform
this task. You should mention that students would follow manufacturer’s
instructions for verifying their SMTP gateway or smart host configuration in
their own production environments.
books closed, going over some ways that the students would troubleshoot the
seeing the lab.
the lab.
Instructor Notes for Unit 9: Troubleshooting the Migration

to Exchange 2003
15 minutes
! Identify the underlying causes when a user cannot access their mailbox after
Lab: a migration and resolve the problem.
90 minutes
Review: Exchange 5.5 organization during a migration and resolve the problem.
15 minutes ! Identify the underlying causes when a user cannot send e-mail to some users

! Review Module 14, “Migrating User from Exchange 5.5 to Exchange
Server 2003,” from Course 2400, Implementing and Managing Microsoft

1. The students need to start the London and Vancouver Virtual PCs for this
lab.
2. The students do not need to run any scripts to prepare the lab environment.
The environment is preconfigured for the lab.

Presentation This unit discusses a scenario that most companies will go through only once. If
the students have worked with a company that has gone through a migration to
either Exchange 2000 or Exchange Server 2003, they are likely to be quite
familiar with the content. If they have not gone through a migration, they may
have no experience with the content of this unit.
Before starting the topics, spend a short time determining how familiar the
students are with this content. Ask how many have been involved in a migration
project.
The third topic covers the troubleshooting issues that can occur during the
migration. Spend most of your instruction time discussing these issues and their
resolutions.
“Topic 1: Standard Migration Overview” provides a very brief overview of how
to upgrade an existing Exchange 5.5 organization to Exchange Server 2003. If
the students do not have experience with concepts such as SIDHistory and
NTDSNoMatch, you may need to spend some time discussing what these terms
refer to and why they are so important in a migration scenario. If the students
are not familiar with the migration steps, expect to spend some additional time
on this topic.
“Topic 2: External Migration Overview” provides a very brief overview of how
to migrate mailboxes and public folders from an existing Exchange 5.5
organization to a new Exchange Server 2003 organization. Many of the steps in
the migration appear similar to the standard migration, but the procedures may
be quite different. For example, moving a mailbox within the same site or
administrative/routing group is very different from moving the mailbox
between organizations.
“Topic 3: Troubleshooting Migration Issues” discusses the troubleshooting
issues that may arise during a migration and suggests resolutions for the issues.
If you have students that have been part of a migration project, ask them to
highlight the issues they faced during the migration as well as any additional
issues they faced.
Lab The lab includes three exercises. Before starting the lab, the students must start
up the London and Vancouver Virtual PCs.
Before starting the lab, highlight the Lab Scenario information at the beginning
of the lab. Due to time constraints, students will not be able to perform an
actual migration in the lab, but will start the lab with an organization that is
partially migrated and where the two Exchange organizations coexist.
Highlight the Important note at the beginning of the lab. In this simulation of
the migration environment, all the user accounts in the Contoso domain have
been migrated to the Nwtraders.msft domain. The students should always be
logging onto the NWTraders.msft domain when they are working on the lab.
The only exception is if they need to log in as Contoso\Administrator.
If students have difficulty with the lab, use the flow charts to focus their
books closed, going over some ways that the students would troubleshoot the
seeing the lab.
Instructor Notes for Unit 10: Troubleshooting an

Exchange Server 2003 Organization
45 minutes
! Identify multiple issues affecting the messaging functionality within an
Lab: organization.
NA
! Troubleshoot the following:
Review: • Network Connectivity
NA
• Public Folders and Mailboxes
• Outlook Web Access and Outlook Mobile Access
• Client Connectivity
• Server Connectivity
• Server Performance
• Security Issues
• Migration from Exchange 5.5 to Exchange Server 2003
Toolkit.

Prepare for the lab There are no tasks required to prepare for the lab, the entire unit is the lab.

Presentation This unit contains all the information that is normally provided to an
administrator when troubleshooting problems with an Exchange Server 2003
server environment. This lab is for the students to show what they have learned
and to put it all together.
“Topic 1: Approach to Exchange Server 2003 Troubleshooting” discusses how
troubleshooting tasks should be addressed and resolved. This topic provides
several questions that an administrator should ask as part of their
troubleshooting process. For example, when discussing the Time/Date subject,
it is important to note that the time of the day and the day of the week can have
considerable impact on the troubleshooting process. If the problem occurs every
day from 7 A.M. to 8 A.M. that should point to it being a peak time frame and
that the only way to fix the problem would be to encourage users to vary the
time of the day when they log onto their computers and open their messaging
clients. Because this probably isn’t a solution, the student/administrator should
consider ways to improve performance during these specific times or
inexpensive ways to add capacity to the environment. One of the favorites of
the students should be the Prioritization subject. Encourage them to explain
how they prioritize service requests when they have more than one or two
waiting for their attention.
“Topic 2-4: Challenge Information” provides the detail for the students in their
troubleshooting scenario. There is no hands-on lab for this unit. In this unit,
students will use the information provided in the Challenge Information pages
to assist them with troubleshooting the scenarios presented in the Challenge.
The challenge information provides the students with very high level Company
Background, excerpts from the Change Management Log, and excerpts from
the Service Request Log. This information provides the students with some
recent history regarding user problems as well as recent history regarding
changes made to the Exchange Server 2003 environment. Some of the
information is helpful, and some of it is misleading. It is important that students
learn that Service Requests and Help Desk information is not necessarily
trustworthy.
The challenge consists of six scenarios where students troubleshoot the virtual
environment by asking the trainer questions and explaining what tasks that they
would like to perform. The scenarios are very briefly described in the challenge.
It is up to the students to request more information and up to the trainer to
decide what the response should be to each of the student questions.
Have the students read through all six scenarios before beginning and ask them
where they want to start working.
You may want to approach this lab by letting students volunteer their questions
and troubleshooting steps that they would take. You may also want to just start
in one corner and ask each person what they would do next. If a student is lost
for words or just out of ideas, encourage the class to give that student some
ideas. For example:
Trainer: “Student 1, what would you do first in troubleshooting this problem?”
Student 1:”I would like to verify that network connectivity exists between the
messaging client and the Exchange server.”
Trainer: “Student 1, how would you do that?”
Student 1: “I would use the ping command from the client and see if I can ping
the server using the host name and then try the IP address if the host name
doesn’t work.”
Trainer: “Excellent idea, you are able to properly ping the Exchange server by
its host name. Student 2, what would you like to do next?”
Student 2: “I would like to verify that the domain controllers and global
catalog servers are up and running for this network segment. I would do this by
running netdiag from my client machine and also by running dcdiag from one
of the domain controllers.”
Trainer: “Excellent idea, your results show that one domain controller is
down.”
Of course, the trainer is also allowed to provide unimportant information like in
the above example, where a domain controller being down doesn’t necessarily
affect the outcome.
Scenario 1: David Campbell is unable to access his e-mail. His laptop is a new
computer that he was just provided. The laptop has the lab DNS settings which
have the wrong IP addresses for production servers. If students try to ping any
servers you will tell them that you received responses, but it does not look like
the right IP address in the return responses. The reason that this happens is that
the lab has different settings for its environment that do not map to the
production environment. Once students identify that the DNS settings for
TCP/IP are incorrect, then David’s Outlook 2003 will start working, assuming
they try it after making the changes.
Scenario 2: Ben Smith is unable to access his mailbox after starting up his
laptop. The problem is that Ben’s laptop cable is loose and he gets intermittent
connectivity during ping testing and all other testing done by the students. As
the trainer, you should play the part of Ben and often say, “No, no response,”
and then say, “Hey, it just worked,” and then, “No, it isn’t working again.” This
will drive the students crazy, but it should encourage them to drop back to the
basics and verify that the network cable is plugged in properly. Remind them
that Ben is a vice president. He probably should have been bumped ahead of
David Campbell.
Scenario 3: Janet Sheperdigian’s Outlook Express client is not properly

configured to use SSL to protect traffic transmitted between her messaging
client and the Exchange server. Janet is unable to connect to Exchange using
SSL with SMTP because there is only a single SMTP VS on the Exchange
server. If students try to reconfigure it, the trainer will state, “Well, now the
Exchange team is getting flooded with calls about people unable to send e-mail
to the Internet from the Vancouver office.” Students must create a new SMTP
VS and implement SSL on it. SSL also needs to be implemented on IMAP4 or
POP3 depending on whichever they find that Janet is using. If the students do
not ask about IMAP4 or POP3, then tell them that the auditor has re-tested and
is still able to capture e-mail to Janet.
Scenario 4: H. Brian Valentine is unable to access his e-mail using OWA.
Brian’s statement about being able to do it last week is misleading, so students
may jump off track. Be patient. They will return to the basics soon enough. The
problem is that Brian is not entering https when trying to connect to the OWA
server. If anyone asks to ping the OWA server, it will result in “Request timed
out” messages. Pinging by name will resolve to the correct IP address.
However, there will be no responses from the server. Pinging by IP will also
give a request timed out message. This can be explained very easily. If the
students ask during the scenario about firewalls or ISA servers, you should tell
them that all OWA servers are protected by ISA servers. By default, ISA does
not allow Internet Control Message Protocol (ICMP) from the Internet to
internally published sources.
Scenario 5: Jeff Hay is unable to send encrypted e-mail to Tai Yee. Tai Yee is
not a member of Jeff’s company; Tai is an employee of another company. The
problem is that Tai never sent a digital certificate to Jeff, so Jeff is unable to
send an encrypted message to Tai.
Scenario 6: Scott Bishop is experiencing poor performance when using Outlook
to connect to his mailbox. The problem is that the Exchange server that holds
Scott’s mailbox is overloaded. Students may not have noticed that the Change
Management Log states that one of the Exchange servers in London was
shutdown and all mailboxes were moved to other servers. With the additional
load, the Exchange server that Scott is on has become overloaded and is
extremely slow in its response.
If students have difficulty with the scenarios, encourage them to feel free to
review the flow charts from the previous units and to ask for help from their
classmates. Do not feel the need to rush the students; let them think for a few
minutes and make sure to provide positive feedback. This workshop assumes
prior knowledge in managing an Exchange Server 2003 environment; if the
Review There is no review for this unit because the challenge is the review for the
workshop.

Troubleshooting Microsoft Exchange Server 2003

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Troubleshooting Microsoft Exchange Server 2003

Încărcat de

Drepturi de autor:

Formate disponibile

Troubleshooting

 2003 Microsoft Corporation. All rights reserved.

Si vous avez acquis votre Contenu Sous Licence Microsoft au CANADA :

EXCLUSION DES DOMMAGES ACCESSOIRES, INDIRECTS ET DE CERTAINS AUTRES

LIMITATION DE RESPONSABILITÉ ET RECOURS. MALGRÉ LES DOMMAGES QUE VOUS

Unit 5: Troubleshooting Client Connectivity

Unit 10: Troubleshooting an Exchange Server 2003 Organization

About This Workshop

Trainer Materials Compact Disc Contents

Important It is recommended that you use PowerPoint 2002 or later to

Student Materials Compact Disc Contents

Bold Represents commands, command options, and syntax that must

 2003 Microsoft Corporation. All rights reserved.

*****************************ILLEGAL FOR NON-TRAINER USE******************************

*****************************ILLEGAL FOR NON-TRAINER USE******************************

*****************************ILLEGAL FOR NON-TRAINER USE******************************

! Workshop evaluation. The evaluation gives you the opportunity to complete

*****************************ILLEGAL FOR NON-TRAINER USE******************************

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Unit 8, “Troubleshooting Security Issues,” discusses security issues and

Demonstration: Using Virtual PC

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Note While working in the Virtual PC environment, you may find it

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Microsoft Certified Professional Program

*****************************ILLEGAL FOR NON-TRAINER USE******************************

*****************************ILLEGAL FOR NON-TRAINER USE******************************

 2003 Microsoft Corporation. All rights reserved.

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Understanding Exchange Server 2003

*****************************ILLEGAL FOR NON-TRAINER USE******************************

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Preparing to Troubleshoot Exchange Server 2003

*****************************ILLEGAL FOR NON-TRAINER USE******************************

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Lab: Exploring the Troubleshooting Environment

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Ex 2 only Help: Exchange: Enabling Diagnostic Logging. To

Note Access product help files by launching the corresponding product,

Estimated time to complete this lab: 60 minutes

Does the Does the Does the 1. Try to connect to share

Is the client Is the

Troubleshooting Mapped Network Drive

Does the Does the Does the 1. Try to connect to share

To clean up after this lab:

*****************************ILLEGAL FOR NON-TRAINER USE******************************

How will you address this type of problem in the future?

 2003 Microsoft Corporation. All rights reserved.

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Tools for Troubleshooting Network Connectivity

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Common Network Connectivity Problems

*****************************ILLEGAL FOR NON-TRAINER USE******************************

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Lab: Troubleshooting Connectivity Problems

*****************************ILLEGAL FOR NON-TRAINER USE******************************

B C D Help: Exchange: Managing Virtual Servers. To locate this

Estimated time to complete this lab: 135 minutes

Can the client send Can the client send

7. Check firewall configuration

Can the client

Warning Virtual PC will capture your mouse while using Vancouver.

What did you determine to be the problem in this scenario?

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**