Hi All, This thread is a summary of the Frequently Asked Questions on Exchange forums; we consolidate them and post it here for your reference. If you have any further questions, please kindly start a new thread in that other community members and we can easily attend to your question and reply. Thanks for your cooperation. 1. How to recreate the sync relationship with Exchange Server? 2. How to trouble shoot 0x85010004 error while trying to sync with the Exchange server on Mobile device? 3. How to reset OWA related virtual directory? 4. How to troubleshoot password related issues? 5. What are Outlook general troubleshooting steps? 6. How to change the Display Name of Active Directory users? 7. How to troubleshoot NDRs when sending or responding meeting requests?8. How to restrict users from accessing OWA? 9. How to deal with the error code (0X8004010F) when downloading OAB in Exchange 2007? 10. How to troubleshoot Unable to view or publish Free/Busy issue on the exchange 2000 or 2003? 11. How to troubleshoot public folder replication issue? 12. Whats the SCL (Spam Confidence Level) rating meaning? 13. How and when do Exchange Server 2007 Transport servers use an ESE Database? How is this different from Exchange Server 2003? 14. What are the basic steps for Disaster Recovery on Edge Transport server? 15. What are the basic tools for troubleshooting routing problem in Exchange server 2007? 16. What transport logs does Exchange server 2007 have? 17. How to Allow Anonymous Relay on a Receive Connector 18. What is Poison Message Queue? 19. What is P1 Address and P2 Address? 20. What is ResolveP2 function in Exchange? 21. When to enable or disable ResolveP2 function? 22. What is the default setting in ResolveP2 function in Exchange 2003 and 2007 and how to control them? 23. If I receive a Junk email from myself or my colleague email address but he does not send the email, how do we troubleshoot the issue?

1. How to recreate the sync relationship with Exchange Server? Please refer to the following article:http://msexchangeteam.com/archive/2008/01/30/447971.aspx 2. How to trouble shoot 0x85010004 error while trying to sync with the Exchange server on Mobile device? While trying to sync with the Exchange server we receive following error message on the Mobile device: Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings. Contact your Exchange Server administrator. Support Code: 0x85010004 A: For permanent 0x85010004: The error 0x8501004 means HTTP_403 forbidden, it can occur when the following situation is true: 1. The Microsoft-Server-ActiveSync virtual directory on your server is configured to require SSL and you are using a device without SSL. 2. The Exchange virtual directory on your mailbox server is configured to require SSL.3. You have a Firewall and dont allow a Rule on the Firewall for Microsoft-Server-ActiveSync, for more information, please refer to this link. B: For intermittent 0x85010004: The issue can occur if the server hosts multiple IPs, after mobile device connects to /Microsoft-Server-ActiveSync, it is unable to connect to the /exchange directory from /Microsoft-Server-ActiveSync directory on the server to access the mailbox. If you are using multiple IPs for hosting different web sites, we suggest using host headers on NON-DEFAULT Web Sites (additional web sites that have been created). If you are hosing addition sites that require SSL and port 443 that are already in use by Default Web Sites or if we do need to have multiple IPs, we suggest you to put additional IPs on a different NIC and choose the option not to register the IPs to DNS on the network connection properties. Ensure that Default Web Site that has OWA and Active Sync has no IP assignment ( all unassigned ) and also has no host header.Related threads:https://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1075005&SiteID=17 3. How to reset OWA related virtual directory? When we cannot move on troubleshooting OWA related issue, we recommend you to reset OWA related virtual directory. Note: Before that, please backup the IIS settings, internal URL, External URL and some other settings that you have done on Client Access Server/Front-end Server. For Exchange 2007:Reset OWA related Virtual Directoryhttp://support.microsoft.com/kb/941201/en-us Besides, you can try to uninstall CAS and re-install to get back the default settings. For Exchange 2003How to reset the default virtual directories that are required to provide Outlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services in Exchange Server 2003http://support.microsoft.com/kb/883380 How to create and manage configuration backups in Internet Information Services 7.0 http://support.microsoft.com/kb/954872 How To Create a Metabase Backup by Using IIS 6.0 in Windows Server 2003http://support.microsoft.com/kb/324277 4. How to troubleshoot password related issues? Password does not meet the complexity requirement. 1. You may run RSOP.msc from a command prompt and wait for a while.2. In the Result Set of policy, please expand Computer Configuration-Windows Settings-Security Settings-Account Policy.3. In the right result pane, please find Password must meet complexity requirements and check whether it has been enabled. Please note the Source Policy. 4. If it has been enabled, then please right click on Password must meet complexity requirements and select Properties.5. In the properties window, please find Explain This Setting tab and check the requirement for password.6. After that, please try to change the password based on these requirements. If you do not want to deploy this Password must meet complexity requirements setting in your environment, then we need to change this settings. I recommend you to install GPMC on domain controller to edit GPO. Open Active Directory Users and Computers from Administrative Tools. Right click on domain name and select Properties. Find Group Policy, and then find the GPO which we have found in source policy before, then click edit Please expand Computer Configuration-Windows Settings-Security Settings-Account Policy-Password Policy, find Password must meet complexity requirements in the right result pane. Right click on it and select Properties. In the Security Policy Setting, you can specify to enable it or disable it. Users Receive a Password Complexity Requirements Message That Does Not Specify Character Group Requirements for a Passwordhttp://support.microsoft.com/kb/821425 Implementing the Change Password feature 1. With Outlook Web Access for OWA 2003 and OWA 2007, we can run the following command to enable password changing feature for OWA 2007: Set-CASMailbox -identity adam@contoso.com - OWAChangePasswordEnabled:$True Note: After that, please check if other features have been disabled. We may need to enable other features again. If that does not work, then we can follow the article below to implement IISADMPWD virtual directory for OWA 2003 and OWA 2007. Implementing the Change Password feature with Outlook Web Accesshttp://support.microsoft.com/kb/297121/ Besides, please note and select "Active Server Pages" as a web extension. 2. With OWA published via ISA The change password feature is supported when clients input credentials using form-based authentication, and ISA Server validates credentials using Windows (Active Directory) authentication or Lightweight Directory Access Protocol (LDAP) authentication. In the property pages of the Web listener you create for use in the rule that will publish Outlook Web Access, configure the option for users to change their password. Additionally, configure an expiry countdown warning. Configuring and Troubleshooting the Password Change Feature in ISA Server 2006http://technet.microsoft.com/en-us/library/cc514301.aspx Password Change with FBAhttps://blogs.technet.com/isablog/archive/2007/08/23/password-change-with-fba.aspx C. Password Notification 1. In the Security Policy Setting, you can specify to enable it or disable it.2. In Microsoft Internet Information Services 6, the PasswordChangeFlags metabase property contains values that control password expiration and password change processing between the server and a client. By default, the PasswordChangeFlags metabase property may be set to 6. The PasswordChangeFlags metabase property may be set to 6 in IIS 6http://support.microsoft.com/kb/920723 We use useraccountcontrol flag to control user account properties. So please check value on userAccountControl property. How to use the UserAccountControl flags to manipulate user account propertieshttp://support.microsoft.com/kb/305144 5. What are Outlook general troubleshooting steps? Safe ModePlease try to start Outlook in safe mode, thus the below features will not be included. Toolbar customizations are turned off/disabled. Exchange Client Extensions are turned off/disabled. Polling for new mail is turned off/disabled. Preview Pane is turned off/disabled. Wordmail is turned off/disabled.( This is applicable to versions prior to office 2007) No custom dictionaries are used. To start outlook in safe mode: Please start outlook with Ctrl pressed and select safe mode. If the issue disappear when running outlook in safe mode, you can follow the below steps to troubleshoot this issue. Rename the following files: outcmd.dat, views.dat, frmcache.dat and extend.dat Disable any coms addins or items in the addin manager. Start Outlook 2007. On the Tools menu, click Trust Center. In the Trust Center dialog box, click the Add-ins tab. On the Manage list, click COM Add-ins, and then click Go. In the COM Add-Ins dialog box, un-tick all the add-ins. Please re-start outlook and then check the issue. Backup the registry then remove any outlook addin SUBkeys which are at the following locations: HKCU\Software\Microsoft\Office\Outlook\Addins\ HKLM\Software\Microsoft\Office\Outlook\Addins Check task manager (run taskmgr to open) to see if any processes are loading with outlook if so removed related software. Please try to perform a clean boot to disable third party application. Let's perform a Clean Boot. A Clean Boot will allow us to isolate any device drivers or programs that are loading at startup that may be causing a conflict with other device drivers or programs that are installed in your computer. Run MSCONFIG.EXE. (MSCONFIG is a built-in tool for Windows XP\2003 systems.) In the Services tab, click "Hide All Microsoft Services" and click "Disable All". In the Startup tab, click "Disable All". Click OK. (This will temporarily prevent third-party programs from running automatically during start-up.) Restart the computer. Does the problem still persist? If the problem does not occur, it indicates that the problem is related to one application or service we have disabled. You can use the MSCONFIG tool again to re-enable the disabled item one by one to find out the culprit. 6. You can use listdlls to compare the dlls in normal mode and safe mode. Listdllshttp://www.sysinternals.com/utilities/listdlls.html Create a folder Listdlls under c drive. Unzip the utility in this folder 1). Open Outlook a. From command prompt, change directory to c:\listdlls b. Type listdlls.exe Outlook.exe > Outlooknormal.txt. It will create output to Outlooknormal.ext2). Re-run step a,b to get dll list in safe mode.3). Compare to see whether any difference between these txt files. 7. Disable Microsoft Word as the email editor. You may uncheck "Use Microsoft Office Word 2003 to read and edit e-mail messages." please also uncheck "Use Microsoft Office Word 2003 to read Rich Text e-mail messages" Under Mail Format and click OK.(Sometimes, when email format is not normal, you can try to check these items to test the issue.) 8. Try "outlook /nopreview". If this works then may be a corrupted message in the inbox. Data Scanning 1. Please exclude location of *.pst and *.ost (all outlook data file) from the anti-virus application. Also, you can temporally disable anti-virus application or uninstall it. Note: Location is C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Outlook. You may Enable Show Hidden files and folders from Folder Option first. 2. Then you can use SCANOST.EXE or SCANPST.EXE to check error in Outlook data file. It can be found under \Program Files\Microsoft Office\Office11, you can choose folders that in the outlook to scan and fix the problem. Note: Please backup ost and pst before you use tools to perform any action. We cannot rollback if we lose data during the operation. Re-create profiles Please try to re-create an outlook profile. If that doesnt work, then please create a new Windows Profile and then create a new outlook profile to test the issue. 6. How to change the Display Name of Active Directory users? Some companies have requirement to change their users AD display name. In fact, when a new user or contact object is created in Active Directory, the Full Name field is always generated in FirstName LastName format, and this filed sets the Display Name field. The user in the Global Address List also shows as the FirstName LastName format.In Exchange 2003, we can use ADSI Edit tool to modify the way in which the Full Name filed and Display Name field are built. The key point of changing the format is setting the value of the createDialog attribute of the CN=user-Display object under CN=DisplaySpecifiers, CN=409 object. Note: 409 is the Locale ID for U.S. English. If you are in a multi-lingual environment, you may need to make changes to the other codes. For the detailed information, you can refer to the below link to implement it: http://technet.microsoft.com/en-us/library/aa998290.aspx http://support.microsoft.com/default.aspx/kb/250455 But in Exchange 2007, we can create new mailbox in EMC by creating a new user, which allows us to create a new Active Directory user account directly from EMC. However, the format for Display Name and Full Name are not affected by the value of the createDialog attribute. This is not the same while Active Directory user accounts created from Active Directory Users and Computers appear in the expected format for Display Name and Full Name. The Display Name and Full Name are always generated in the default FirstName LastName format no matter what value you set for the createDialog attribute when created user in EMC. That is a by design limitation that Exchange Server 2007 EMC doesnt recognize the value of the createDialog attribute of objects that have a displaySpecifier class. The workaround is to create Active Directory user accounts from ADUC instead of EMC. 7. How to troubleshoot NDRs when sending or responding meeting requests? In the scenario, one user (named test1) had been deleted from the AD, but test2 received NDR when sending or responding the meeting request to test3. In this situation, the most likely cause of the issue is the user who set the test1 as the delegate or the deleted user still exists in the AD. To troubleshoot it, please first verify the non-existent user has been deleted completely by using ADSI Edit tool. If no clue in there, please turn to the delegate issue. Please understand that the delegate is represented by a rule that is hidden in the mailbox. The solution consists of two parts: Deletion of the delegate rules in the "Schedule" folder and secondly, removing the receive folder specification for the IPM.SCHEDULE.MEETING class. 1. Remove the old delegate rules by:=========================a. Launch MFCMapi against the mailbox with an Online mode profileb. Choose Session -> Logon and Display Store tablec. Choose the Profile and choose OKd. Double click the mailbox storee. Expand Root Containerf. Right-click "Schedule" and choose "Open Associated Contents Table"g. Delete any messages in this table. 2. Remove the ReceiveFolder Association by:=============================a. Launch MFCMapi against the mailbox with an Online mode profileb. Choose Session -> Logon and Display Store tablec. Choose the Profile and choose OKd. Double click the mailbox storee. Expand Root containerf. Ensure the Receive Folder association is set by going to MDB -> Display -> Receive Folder Table.f1. If the mapping is set, you should see one object in this list with the Message Class of IPM.SCHEDULE.MEETINGf2. Close the Receive Folder Tableg. Right-click "Schedule" and choose "Set Receive Folder"h. Enter "IPM.SCHEDULE.MEETING" in the box (without the quotes)i. Click "Delete Association"j. Click OK.k. Repeat step "f" above to ensure that the IPM.SCHEDULE.MEETING association is gone. After both of these steps, if you have set new delegate, you may still have to re-establish the new delegation one time to have it take effect. 8. How to restrict users from accessing OWA? Regarding this issue, the best practice is to deploy the ISA Server in the environment. ISA server is capable of publishing a web site with access control rules based on user/group in Active Directory. For ISA server 2004, please view the instruction as the link below:http://technet.microsoft.com/zh-cn/library/cc713316(en-us).aspx Please find the paragraph named Create a mail publishing rule, in the number 11, you will find the description about how to restrict the user access the OWA from external environment. For ISA server 2006, another link is the reference for you.http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-2006-ISA-Firewall-Part6.html Under Figure 10, that is the instruction for how to specify the external user to access the OWA. In addition to this, we can also achieve this goal by configuring the IIS manually, the detailed information you can refer to the below article:http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/130228a0-68a7-440c-9194-5bcee964ffe2.mspx

9. How to deal with the error code (0X8004010F) when downloading OAB in Exchange 2007? The whole process of generating OAB for Outlook 2007 is like below: First Microsoft System Attendant service publishes the OAB data files to file share: C:\Program Files\Microsoft\Exchange Server\ExchangeOAB in <oabguid>subfolders , then FDS service running on CAS server picks up these files from the file share and copy them to the C:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB in <oabguid>subfolders, then make the pointers to all files that belong to OAB in the oab.xml which associates with local OAB web directory and distribute the offline address book from OAB virtual directory. Outlook 2007 obtains the URL that points to oab.xml to contact OAB virtual directory by using Autodiscover service. The detail information you can refer to the below link:http://blogs.msdn.com/dgoldman/archive/2006/08/25/How-Exchange-2007-OAB-Files-are-replicated-to-a-Client-Access-Server-for-download.aspx About troubleshooting steps: A. Please first confirm whether Web Distribution is enabled by running get-offlineaddressbook |fl command in EMS.B. Then check mailbox store your client is residing on does have an OAB associated with it.C. If the issue persists, please locate C:\Program files\Microsoft\Exchange Server\ExchangeOAB and C:\Program files\Microsoft\Exchange Server\Client Access\OAB to delete the subfolder. Then, perform the following steps: 1. Open EMC->Organization Configuration->Mailbox2. Under Offline Address Book tab, right click the Default Offline Address Book and click Update 3. Then, please check whether the subfolder is created under the below location on the OAB generate mailbox server:C:\Program files\Microsoft\Exchange Server\ExchangeOAB\ 4. If the OAB file is generated, please restart the Microsoft Exchange File Distribution service on the Client Access Server and then check whether the OAB file has been replicated to the C:\Program files\Microsoft\Exchange Server\Client Access\OAB on the Client Access Server. 5. If the OAB file has been replicated to the Microsoft\Exchange Server\Client Access\OAB, please logon on Outlook 2007 to check whether the OAB download issue still persists. D. If the issue is still no change, please run test-outlookwebservices |fl command in EMS, through this we can check whether Outlook client contacts the URL of OAB normally. 10. How to troubleshoot Unable to view or publish Free/Busy issue on the exchange 2000 or 2003? 1. Launch outlook with /cleanfreebusy on the problematic users PC. It will remove Free/Busy messages and re-publish the Free/Busydata. Notes: It can especially work for delegator scheduling issueRelated symptom or error: Unable to open the freebusy message 2. Use Internet Explorer (IE) to verify if FB data exists for problematic user in the FB folder. Also, check if there are duplicate FB messages at there, if yes, delete the oldest ones and leave the newest one a. Launch IE http://server.domain.com/public/non_ipm_subtree b. Under the "Schedule+Free/Busy public folder, please expand "/o=OrgName/ou=AGName" folder, find users FB message as the format "/cn=Recipients/cn=AliasOfUser" in the right-pane. Related symptom or error: FB data shows incorrect or no data available 3. Make sure that replication of FB is configured correctly Notes: "Schedule+ Free/Busy" public folder is created on the first exchange server with Read and Write permissions. In order to improve performance, the replication of FB is used in some organizations, which might cause users to receive FB errors that are actually due to replication issues. 4. Obtain an LDP dump of a working user and problematic user, then compare the output5. Review KB958443 to see if it applies to your situation Notes: The solution requires that Outlook runs in Online Mode and not Cached Mode 6. Collect related data for further analysis: a. Find and research the error or warning events specific to this issue in the application and system event logs.b. Run Exchange Best Practices Analyzer More info: If user gets FB error info when he/she connects to exchange server, please review KB286783 If the FB issue is specific to office 2003 SP2 or that has Office 2003 SP 3 installed and security update 949031 (MS08-015) has been installed, please review KB951982. If ones FB info is out of time, please modify the topology and publishing interval. With different topology, users out of sync can be between 15 ~ 105 minutes How to use Updatefb.exe to republish absent FB data How to reset System Folders [For exchange 2000, exchange 2003] 11. How to troubleshoot public folder replication issue? The most influential items to the public folder replication are: Store, AD, Transport, 3rd party software General steps:1. Disable all 3rd-party services on the public folder servers2. Now, we shall rise the diagnose level to maximum in order to monitor the replication process among problematic public server and the normal ones Exchange 2003: Turn on the Replication Incoming and Replication Outgoing to Maximum in the Properties of problematic server via ESM [Procedure] Exchange 2007: Use Set-EventLogLevel to set "MSExchangeIS\9001 Public\Replication Incoming Messages" and "MSExchangeIS\9001 Public\Replication Outgoing Messages" to Expert level in EMS [Notes: Make sure that you set logging back to its original level after troubleshooting]===========================We can base on the event type to identify the different replication logs in the event viewer like below. By that means, to isolate the root cause Hierarchy - 0x2 Content - 0x4 Backfill Request - 0x8 Backfill Response - 0x80000002 (for hierarchy) or 0x80000004 (for content) Status - 0x10 Status Request - 0x20 ========================== 3. After turning on the logging, make the change on the public folder (according to actual issue) and wait for 10-15 mins. Notes: You can confirm if source server has sent the replication messages, or destination server has received the messages simply by using Message Tracking Center. The public store SMTP address is like: Exchange 2003: ServerName-IS@DomainName.com Exchange 2007: PublicFolderName@DomainName.com Various scenarios of public folder replication issues:Ok, now I'd like to picture some scenarios in order to get you familiar with the normal replication process and how to diagnose them if things ever go wrong Scenario 1: The new changes dont replicate from one server to another when folders or messages have been modified============================================================================First, lets take a look at how the normal replication shall behave: New changes are divided into two types: New hierarchy changes or new content changes The replication of new hierarchy changes happens if folders have been created/deleted, or their properties have been modified [E.g. Client Permission]. Source server will send an outgoing replication message of changes [0x2] out every 15 minutes to all other public stores, others should receive an incoming replication message of that changes [0x2] The replication of new content changes happens if messages in the folder are created/deleted, or the properties of messages have been modified. Source server send out the content change [0x4] every 15 minutes same as hierarchy, and each replica of the folder should receive the incoming message of that changes [0x4] Now, troubleshooting start: Did problematic server send its changes with replication mails [0x2/0x4]? If not, use the link below to check if settings are correct. Did replication mails have been generated, and sent to the destination servers? Monitor the replication messages by using Message Tracking Center. Did replication mails reach destination servers? Also use Message Tracking Center to check Note: We can use the steps in this article to check the issue based on different scenarios. Scenario 2: When public store is created & mounted on the new server but hierarchy doesn't replicate with other servers; when a new public store is added to a replica list of a folder but content doesn't replicate with other servers; when an old public store is recovered from backup but the hierarchy/content doesn't replicate, you have a backfill problem.==========================================Lets take a look at how the normal replication of existing data (Backfill) shall behave: Backfill also happens in two scenarios: New public store is created & mounted on the server, or new public store is added to a replica list of a folder In the first scenario, the source server will send an outgoing status request message [0x20] including the hierarchy it has; other existing public store will receive this incoming message [0x20] to require the response. Others will return the message [0x10] which also contains hierarchy they have, the source will compare the two hierarchies. If it finds the changes that it doesnt have yet, hierarchy backfill starts In the second scenario, it would trigger the process & replication messages which are the same with the first one. And if source server finds that it doesnt have the changes in that folder yet, the content backfill starts General Backfill process: a. The source will add the records of missing changes to backfill array, and sets a timeout [The default is 15 minutes]b. Store checks records every 5 minutes. If one record has reached its timeout, source will base on the returned message [0x10] to send backfill request [0x8] directly to the server which has the missing changec. After destination server receives incoming request message [0x8], it will immediately process & response with message [0x80000002: For hierarchy / 0x80000004: For content] which has actual data ind. Record will be removed from array after the source server processes the incoming response properly Now, troubleshooting start: Did problematic server know that it is missing data? It will send request [0x8] if it knows. [The sending interval: 24-48 hrs once] Did problematic server send request [0x8] to ask for missing data? [Interval is same as above] Did up-to-date server receive the request [0x8]? If yes, it shall response immediately Did problematic server get the respond mails [0x80000002/0x80000004]? Monitor the replication message by using Message Tracking Center Note: We can use the steps in this article to check the issue based on different scenarios Additional information: Replication is also related to store and transport, use the methods below to isolate the issue to one of them: Ensure Integrated Windows Authentication is enabled on the SMTP virtual server of destination server If replication mail can be seen in the Message Tracking Center but certain event wasnt logged, see if XEXCH50 verb failed References: To understand more about the common concepts&terms used in the replication, please see the Controlling Public Folder Replication section of this document More detailed public folder troubleshooting [MS Exchange Team Blog] 12. Whats the SCL (Spam Confidence Level) rating meaning? Spam Confidence Level Spam Categorization -1 Reserved by Microsoft Exchange Server for messages submitted internally. A value of -1 should not be overwritten because it is this value that is used to eliminate false positives for internally-submitted e-mail. 0 Assigned to messages that are not spam. 1 Extremely low likelihood that the message is spam. 9 Extremely high likelihood that the message is spam. 13. How and when do Exchange Server 2007 Transport servers use an ESE Database? How is this different from Exchange Server 2003? Exchange Server 2007 Hub Transport and Edge Transport server roles use ESE Storage to store their configuration information, such as Allow Lists and other information used by MEX agents; and to temporarily store messages currently being routed. The main role of ESE storage on a Transport server, either Hub Transport or Edge, is the temporary storage of mail messages. The Active Directory Application Mode (ADAM) is also stored in an ESE database, albeit only on Edge Transport servers. Mailbox servers store mailboxes and public folders in ESE databases as well.

14. What are the basic steps for Disaster Recovery on Edge Transport server? a. Exporting Edge Transport configuration using the ExportEdgeConfig task to generate the proper Clone configuration file.b. Backing up the Clone configuration to appropriate media (SAN, NAS, DAS, Tape, etc.)c. Perform a clean installation of the Edge Transport Server.d. Pausing the Transport Service and exporting any messages that are queued.e. Apply the cloned configuration from the Edge Transport configuration files.f. Re-Instate the Edge Subscription with AD (if used).g. Mount the Mail Queue 15. What are the basic tools for troubleshooting routing problem in Exchange server 2007? Exchange 2007 provides tools and extensive logging resources to help you with mail flow problems. The following diagnostic tools are available in the Toolbox of the Exchange Management Console: Exchange Server Best Practices Analyzer: Use the Best Practices Analyzer to check the configuration and health of the Exchange topology. This tool automatically gathers and examines information about the configuration of the Exchange organization and summarizes the findings in a report. The report lists problems by severity and includes a suggested fix for the issue. Additionally, this tool provides a list of recent changes and a detailed summary of the Exchange organization configuration. Exchange Mail Flow Troubleshooter: Use the Exchange Mail Flow Troubleshooter tool to help diagnose mail flow and transport-related problems. This tool lets you select a mail flow symptom, analyzes your configuration, and outputs findings to a report. Message Tracking: Use the Message Tracking tool to examine the contents of message tracking logs. Queue Viewer: Use the Exchange Queue Viewer to view and manage Exchange mail queues. 16. What transport logs does Exchange server 2007 have? Connectivity log: A connectivity log is a record of the Simple Mail Transfer Protocol (SMTP) connection activity of the outbound message delivery queues to the destination Mailbox server, smart host, or domain. Connectivity logging is available on Hub Transport servers and Edge Transport servers. By default, connectivity logging is disabled. Protocol log: A protocol log is a record of the SMTP activity between messaging servers as part of message delivery. This SMTP activity occurs on Send connectors and Receive connectors that are configured on Hub Transport servers and Edge Transport servers. By default, protocol logging is disabled. Message tracking log: A message tracking log is a detailed log of all message activity as messages are transferred to and from a computer that is running Exchange. Message tracking is available on Hub Transport servers, Edge Transport servers, and Mailbox servers. By default, message tracking is enabled. Agent log: An agent log is a record of the actions that are performed on a message by the Exchange 2007 anti-spam and antivirus agents. Typically, these agents are enabled on Edge Transport servers. However, you can also enable them on Hub Transport servers. By default, agent logging is enabled. Routing table log: A routing table log periodically records a snapshot of the routing table that is used by Hub Transport servers and Edge Transport servers to deliver messages. By default, routing table logging is enabled. 17. How to Allow Anonymous Relay on a Receive Connector Relay is the transfer of messages from one Simple Mail Transfer Protocol (SMTP) messaging server to another when the accepting SMTP messaging server is not the final destination of the message. When unrestricted, anonymous relay on Internet SMTP messaging servers is a serious security deficiency that could be exploited by unsolicited commercial e-mail senders, or spammers, to hide the source of their messages. Therefore, restrictions are placed on Internet-facing messaging servers to prevent relaying to unauthorized destinations. In Exchange 2007, relaying is typically handled by using accepted domains. Accepted domains are configured on the Edge Transport server or Hub Transport server. The accepted domains are additionally classified as internal relay domains or external relay domains. You can also to restrict anonymous relay based on the source of the incoming messages. This method is useful when an unauthenticated application or messaging server must use a Hub Transport server or an Edge Transport server as a relay server, such as MOSS 2007. To perform this procedure, the account you use must be delegated the following: Exchange Server Administrator role and local Administrators group for the target server When you create the Receive connector that is configured to allow anonymous relay, you should place the following restrictions on the Receive connector: Local network settings: Restrict the Receive connector to listen only on the appropriate network adapter on the Hub Transport server or Edge Transport server. Remote network settings: Restrict the Receive connector to accept connections only from the specified server or servers. This restriction is necessary, because this Receive connector is configured to accept relay from anonymous users. Restricting the source servers by IP address is the only measure of protection that is allowed on this Receive connector. To grant the relay permission to anonymous users on the Receive connector, you can use either of the strategies described in the following sections. Each strategy has advantages and disadvantages. Grant the Relay Permission to Anonymous Connections This strategy involves the following tasks: Create a new Receive connector with the usage type set to Custom. Add the Anonymous permission group to the Receive connector. Assign the relay permission to the Anonymous Logon security principal on the Receive connector. The Anonymous permission group grants the following permissions to the Anonymous Logon security principal on the Receive connector: Ms-Exch-Accept-Headers-Routing Ms-Exch-SMTP-Accept-Any-Sender Ms-Exch-SMTP-Accept-Authoritative-Domain-Sender Ms-Exch-SMTP-Submit However, to allow anonymous relay on this Receive connector, you must also grant the following permission to the Anonymous Logon security principal on the Receive connector: Ms-Exchange-SMTP-Accept-Any-Recipient The advantage of this strategy is that it grants the minimum required permissions for relay to the specified remote IP addresses. The disadvantages of this strategy are as follows: You can only assign the relay permission to the Anonymous Logon account on the Receive connector by using the Exchange Management Shell in a separate step after you create the Receive connector. The messages that originate from the specified IP addresses are treated as anonymous messages. Therefore, the messages don't bypass anti-spam checks, don't bypass message size limit checks, and anonymous senders can't be resolved. The process of resolving anonymous senders forces an attempted match between the anonymous sender's e-mail address and the corresponding display name in the global address list. To use the Exchange Management Shell to create a new Receive connector that grants the relay permission to anonymous connections 1. Run the following command: New-ReceiveConnector -Name <Name> -Usage Custom -PermissionGroups AnonymousUsers -Bindings <LocalIPAddress:25> -RemoteIpRanges <SourceServer> For example, to create a new Receive connector named "Anonymous Relay" that listens on local IP address 10.2.3.4 on port 25 from a source server at IP address 192.168.5.77, run the following command: New-ReceiveConnector -Name "Anonymous Relay" -Usage Custom -PermissionGroups AnonymousUsers -Bindings 10.2.3.4:25 -RemoteIpRanges 192.168.5.77 2. Run the following command using the name of the Receive connector that you created in step 1: Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient" Configure the Receive Connector as Externally Secured This strategy involves the following tasks: Create a new Receive connector with the usage type set to Custom. Add the ExchangeServers permission group to the Receive connector. Add the ExternalAuthoritative authentication mechanism to the Receive connector. The ExchangeServers permission group is required when you select the ExternalAuthoritative authentication mechanism. This combination of authentication method and permission group grants the following permissions to any incoming connection that is permitted on the Receive connector: Ms-Exch-Accept-Headers-Routing Ms-Exch-SMTP-Accept-Any-Sender Ms-Exch-SMTP-Accept-Authoritative-Domain-Sender Ms-Exch-SMTP-Submit Ms-Exch-Accept-Exch50 Ms-Exch-Bypass-Anti-Spam Ms-Exch-Bypass-Message-Size-Limit Ms-Exch-SMTP-Accept-Any-Recipient Ms-Exch-SMTP-Accept-Authentication-Flag The advantages of this strategy are as follows: Ease of configuration The messages that originate from the specified IP addresses are treated as authenticated messages. The messages bypass anti-spam checks, bypass message size limit checks, and can resolve anonymous senders. The disadvantage of this strategy is that the remote IP addresses are considered completely trustworthy. The permissions that are granted to the remote IP addresses allow the remote messaging server to submit messages as if they originated from internal senders within your Exchange organization. To use the Exchange Management Console to create a new Receive connector that is configured as externally secured Run the following command: New-ReceiveConnector -Name <Name> -Usage Custom -AuthMechanism ExternalAuthoritative -PermissionGroups ExchangeServers -Bindings <LocalIPAddress:25> -RemoteIpRanges <SourceServer> For example, to create a new Receive connector named "Anonymous Relay" that listens on local IP address 10.2.3.4 on port 25 from a source server at IP address 192.168.5.77, run the following command: New-ReceiveConnector -Name "Anonymous Relay" -Usage Custom -AuthMechanism ExternalAuthoritative -PermissionGroups ExchangeServers -Bindings 10.2.3.4:25 -RemoteIpRanges 192.168.5.77Jeff Feng - MSFT

18. What is Poison Message Queue? In Exchange 2003, messages could cause the Categorizer or another transport component to repeatedly crash the SMTP Service. To resolve this, the message would have to be found and manually extracted from the NTFS partition or the SMTP Mailbox. Exchange Server 2007 introduces a new concept called the Poison Message which helps to identify and remove messages from processing in the event of a crash. When a message causes a crash, the value of the PoisonCount property on the message is incremented. When a messages PoisonCount value reaches the PoisonThreshold associated with the TransportServer settings, that message is removed and placed in the Posion Message Queue. By default, the PoisonThreshold for the Transport Service is set to 2. This threshold can be changed using the Exchange Management Shell. The administrator now has an opportunity to identify the messages that are causing unwanted behavior and can determine evaluate Event Logs and Agent Logs to determine where the crash is occurring. Messages placed in the Poison Message Queue will stay until they exceed the MessageExpirationTimeout value associated with the TransportServer settings (default 2 days). An Export-Message task can be used to export copies of the message. 19. What is P1 Address and P2 Address? P1 = the value on the MAIL FROM command of the SMTP connection (the message envelope) as defined in RFC 2821.P2 = the email address in the message body as defined in RFC 2822. These include the FROM, REPLY TO and SENDER fields For example, the following SMTP command sequence describes where P1 and P2 are used: HELO serverMAIL FROM this_is@my_p1_address.com RCPT TO: recipient@domain.com DATAFROM: this_is@my_p2_address.com TO: recipient@domain.com SUBJECT: This is a description on P1 and P2 The P1 address is used for routing and not display. The P2 address is what is displayed in the email in Outlook (and other clients). 20. What is ResolveP2 function in Exchange? ResolveP2 tells the Exchange server when the server is storing MIME content, and needs to convert it to MAPI properties, does it try to resolve the SMTP addresses in the RFC 822 fields and turn them into Exchange Distinguished Names (DN). A resolved address disabled in Outlook:From: First_nameLast_name An unresolved address is displayed as follows in Outlook: From: First_nameLast_name [first_name.last_name@domain.com] 21. When to enable or disable ResolveP2 function? I would like to describe some situations to enable or disable ResolveP2 function. Enable: Imagine you have an Exchange user who sends mail to an Internet listserv, and the listserv has other Exchange users as members. When that user sends to the listserv, the mail comes in From: this internal user via SMTP. If you want your internal users to see this mail and be able to double-click on the sender and see the normal Exchange properties of this user, then you must be sure to set the ResolveP2 key to resolve From:. Disable: Imagine that you have someone on the Internet sending mail in to your users, pretending to be the CEO of the company. They spoof their From: address to be the CEO's SMTP address. The mail comes in and when the user double clicks on the From: field in Outlook, they see the CEO's details just as though it really came from the CEO. In this case, you would want to set ResolveP2 so that the From: field was not resolved. When it's not resolved, then when they double click on the sender, they will see this three-line dialog that shows the display name, address type, and SMTP address. Outlook 2002 and 2003 do even better because they show this distinction on the From: field without needing to double-click: the name will show up like Bob CEO [bob@company.com], whereas real mail from Bob shows up as Bob CEO. 22. What is the default setting in ResolveP2 function in Exchange 2003 and 2007 and how to control them? By default, the Exchange 2003 and 2007 do not resolve the sender address if the message is submitted through anonymous channel. In Exchange 2003, if you would like to resolve the anonymous sender address into Exchange Distinguished Names, you can simply enable the option Resolve anonymous e-mail option. You also control ResolveP2 function by using ResolveP2 registry key: http://support.microsoft.com/kb/288635 In Exchange 2007, the Resolve anonymous sender option is not available. Instead, you can control it by select externally secured. Please understand that the "Externally secured" mechanism means is that the designated IP addresses will be completely trusted by your organization. Do not use this setting lightly. You will be granting several rights including the ability to send on behalf of users in your organization, the ability to ResolveP2 (that is, make it so that the messages appear to be sent from within the organization rather than anonymously), bypass anti-spam, and bypass size limits. You can refer to the following article for more detailed information: Allowing application servers to relay off Exchange Server 2007http://msexchangeteam.com/archive/2006/12/28/432013.aspx Note: The ResolveP2 registry key does not work in Exchange Server 2007. 23. If I receive a Junk email from myself or my colleague email address but he does not send the email, how do we troubleshoot the issue? Regarding the issue, you firstly need to ensure that the message is not sent by internal user. You can check the message header and the message tracking log for related information. If you have ensured the message is received from Internet. We have several options to identify the issue: A. As the previous description, by default, Exchange does not resolve sender address if the message is submitted anonymously. In addition, the unresolved Sender Name is displayed different from the resolved sender name. Nevertheless, it may be hard for end user to identify the issue.B. You can use Reverse Domain Name System Lookups or Sender ID filter to identify the issue. Nevertheless, some mail senders may not register their Reverse Domain Name System record or SPF record. Therefore, this method may block some other emails incorrectly. C. You can also use the following method to solve the issue: For Exchange 2003:Create a Sender Filter for self SMTP domain such as *@mydomain.com and enable the filter on the SMTP Virtual Server which used to receive external (Anonymous) email. Note: After enable the filter on SMTP virtual server, all the message from mydomain.com will be blocked even if the user is authenticated to submit the message. Therefore, if you have POP3 user needs to submit message, you need to create another SMTP virtual server and disable the Anonymous User for the POP3 users to use. For Exchange 2007:You can simply run the following command to remove the ms-exch-smtp-accept-authoritative-domain-sender right of the Anonymous user on the receive connector which used to receive Internet email: Get-ReceiveConnector "Internet Receive Connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission Jeff Feng - MSFT