The Exchange Control Panel (ECP) is an exciting new
tool in Exchange Server 2010. The ECP is a browser-based Management
client for end users, administrators, and specialists. This provides a
new way to administer a subset of Exchange Server features and is
completely RBAC-integrated.
This new ECP web
utility provides a great self-provisioning portal for administrators and
a simplified user experience for common management tasks. It is
accessible directly via URL and Outlook Web App (OWA). Figure 1 shows the start page of the interface from an administrator role.
The ECP is AJAX-based,
deployed as a part of the Client Access Server role, and shares some
code with OWA. However, the two are separate applications and sites.
The Exchange Control Panel
can be used in a variety of scenarios. Administrators can delegate to
permissions in role to support a variety of administrators, specialists,
and users. These include the following types of scenarios:
The scenarios are configured in the RBAC interface, which is based in the Exchange Control Panel.
Administrators would
launch the ECP tool directly from the ECP link
(https://<servername>/ecp) where <servername> is an Exchange
2010 CAS. End users would access the ECP tool from within OWA, which
launches from the Options link. Although it launches from the OWA web
page (https://<servername>/owa), the link is to the ECP web page
(https://<servername>/ecp). The security is completely integrated,
enabling the end-user experience to be completely seamless.
The browser support for the ECP is the same as for OWA premium. Supported browsers are as follows:
Internet Explorer (IE)
Firefox
Safari
Exchange Best Practices Analyzer
The Exchange Best
Practices Analyzer (ExBPA) is included in Exchange Server 2010 and can
be found in the Exchange Management Console toolbox.
The ExBPA can be used to
run health checks on an Exchange Server environment, and can also run
performance checks, permissions checks, and connectivity tests to assist
when troubleshooting problems.
The ExBPA should be run
whenever a new server is added to an Exchange Server 2010 environment,
or whenever configuration changes are made.
Remote Connectivity Analyzer
The Remote
Connectivity Analyzer is new to Exchange Server 2010 and allows
administrators to test services from outside their organization. The
tool essentially launches a browser to the website https://www.testexchangeconnetivity.com/, shown in Figure 2.
The website is maintained by Microsoft and is not technically a
component of Exchange Server 2010, although the console has a link to
it.
The tests that can be launched from the site include the following:
Microsoft Exchange ActiveSync Connectivity Tests
Microsoft Exchange Web Services Connectivity Tests
Microsoft Office Outlook Connectivity Tests
Internet Email Tests
This site performs a
valuable service by testing actual client access from a third party
(that is, Microsoft). This simulates a client and exposes configuration
or connectivity problems. For example, the Internet Email Tests use SMTP
to send email to a user, verifying the MX record, name resolution,
SMTP, and if the gateway is an open relay. Another example is ActiveSync
Provider AutoDiscover, which tests the notoriously difficult to test
ActiveSync autodiscover services. As shown in Figure 3,
the site prompts for email address, domain credentials, and
verification. On clicking Perform Test, the site tests ActiveSync
autodiscover and presents the results.
The tool does
require domain credentials to test the various services, so security
measures are built into the product. The site uses the HTTPS protocol,
so the confidentiality of the transmissions are protected by SSL
encryption. The site prompts human verification, reading, and entering
distorted text to ensure that the system is not hijacked by bots. And
the site has a privacy statement indicating that the information
collected is not retained after the tool is used. All that said, it is
recommended that dummy test accounts and credentials be used to execute
the tests. And that those accounts be disabled or deleted following the
tests.
Disaster Recovery Tools
Also
included in the Exchange Management Console toolbox are two utilities
designed to analyze and maintain Exchange Server databases. The Database
Troubleshooter can inspect existing databases and available transaction
logs and report on any problems found. The tool also offers recommended
steps that should be taken to ensure the database is healthy.
The Database Recovery
Management utility is intended to assist administrators when a database
is unable to mount. This tool also generates recommended step-by-step
instructions to follow to bring the database back online.
Mail Flow Tools
The Mail Flow
Troubleshooter is a utility that assists with troubleshooting common
mail flow issues in an Exchange Server environment. Administrators can
input the issues they are encountering, and the utility gathers
information, diagnoses the environment, and presents a recommended plan
of action.
The Tracking Log
Explorer utility allows administrators to search for messages and track
them through the Exchange Server environment. Message tracking can be
extremely useful for determining where a message was delayed or “stuck”
in the messaging environment.
The Message Tracking
launches a browser into the Exchange Control Panel message tracking
section, enabling an administrator to search the mail store for messages
that meet a certain criteria.
The Mail Flow
Troubleshooter, the Tracking Log Explorer, and the Message Tracking
utility are all included in the Exchange Server 2010 Exchange Management
Console toolbox.
Exchange Queue Viewer
The Exchange
Queue Viewer is another utility included in the Exchange Management
Console toolbox that is added to an Exchange server when the Hub
Transport or Edge Transport role is installed. The Exchange Queue Viewer
is used to view the contents of the queues for each particular protocol
on a server. Although this tool is more of a troubleshooting tool, it
is important to periodically check protocol queues (for example, SMTP or
X.400 queues) to ensure that no delivery problems exist.
Performance Tools
The Exchange
Management Console toolbox includes two tools that are designed to
monitor and troubleshoot performance issues in an Exchange Server
environment.
The Exchange Server
Performance Monitor is based on the Windows Performance Monitor, but
includes a series of predefined counters that are specifically related
to an Exchange Server environment.
The
Performance Troubleshooter is designed to help administrators identify
and locate performance issues that are impacting the Exchange Server
environment.
Windows Server 2008 Backup
Windows Server 2008
includes a Windows Server Backup feature that allows the native VSS
backup of a local Exchange Server 2010 server and files. The Windows
Server Backup is added via the Add Features Wizard or command-line.
Support for a local Exchange Server backup was absent from Windows
Server 2008 until Exchange Server 2007 Service Pack 2 and now Exchange
Server 2010.
The Windows Server
Backup in Windows Server 2008 provides an important low-cost backup tool
for small organizations or branch office scenarios in which a local
backup is an important part of the organization’s recovery strategy.
Third-party software
vendors, such as EMC Legato and Symantec, produce Exchange Server backup
and restore agents for the purpose of Exchange database backup and
recovery.
Active Directory Database Maintenance Using ntdsutil
Exchange Server 2010
uses Windows Server 2003 or 2008 AD to store all its directory
information. As a result, it is important to keep AD as healthy as
possible to ensure that Exchange Server 2010 remains reliable and
stable.
Windows Server
2003 and Windows Server 2008 automatically perform maintenance on
Active Directory by cleaning up the AD database on a daily basis. The
process occurs on domain controllers approximately every 12 hours. One
example of the results of this process is the removal of tombstones,
which are the “markers” for previously deleted objects. In addition, the
process deletes unnecessary log files and reclaims free space.
The automatic daily
process does not, however, perform all maintenance necessary for a clean
and healthy database. For example, the maintenance process does not
compress and defragment the Active Directory database. To perform this
function, the ntdsutil command-line utility is needed.
Caution
To avoid possible adverse affects with the AD database, run ntdsutil in Directory Service Restore mode. Reboot the server, press the F8 key, and then select this mode of operation.
To use ntdsutil to defragment the Windows Server 2008 AD database, perform the following steps:
1. | Restart the domain controller.
|
2. | When the initial screen appears, press the F8 key.
|
3. | From the Windows Advanced Options menu, select Directory Services Restore Mode.
|
4. | Select the Windows Server 2008 operating system being used.
|
5. | Log on to the Windows Server 2008 system.
|
6. | Click OK when the informational message appears.
|
7. | At a command prompt, create a directory where the utility can store the defragmented file. For example, C:\NTDS.
|
8. | At a command prompt, type ntdsutil files, and then press Enter.
|
9. | At the file maintenance prompt, type compact to <TargetDirectory>, where <TargetDirectory> identifies the empty directory created in step 7. For example:
This invokes the esentutl.exe utility to compact the existing database and write the results to the specified directory.
|
10. | If compaction was successful, copy the new ntds.dit file to %systemroot%\NTDS, and delete the old log files located in that directory.
|
11. | Type quit twice to exit the utility.
|
12. | Restart the domain controller.
|
This typically needs to be
done only following a large migration or reorganization of the Active
Directory forest, rather than on a routine basis.
Integrity Checking with the isinteg Utility
The Information Store Integrity Checker (isinteg.exe)
is a command-based utility that finds and eliminates errors from
mailbox and public folder databases at the application level. Although
this tool is not intended for use as a part of routine Information Store
maintenance, it is mentioned here because it can assist in disaster
recovery situations.
isinteg is most often used in conjunction with the eseutil repair operation, and can recover data that the eseutil tool cannot. The isinteg tool repairs the contents of the mailbox and public folder databases (messages, links, and attachments), whereas the eseutil tool repairs the mailbox and public folder databases (database files, tables, and indexes).
Caution
Using this utility in any mode other than Test mode results in irreversible changes to the database.
It is best to restore a copy of a suspected corrupt database in a lab environment, and then run isinteg against that copy prior to any attempts to use it in a production environment.
Dismount the Exchange
Server databases on which you plan to perform maintenance and stop the
Microsoft Exchange Information Store service prior to running this
utility. Keep in mind that this makes the databases unavailable to users
until after the maintenance has been completed.
Database table
integrity problems are caused by corruption, which can occur if the
server is shut down improperly, if the drive or controller fails, and so
forth.
To view the command-line help about usage of the isinteg utility, type the following command from a command prompt: isinteg /?
Database Maintenance with the eseutil Utility
The eseutil
utility is a database-level utility that is not application-specific. It
can, for example, be used to maintain, test, and repair both AD and
Exchange Server databases. More specifically, eseutil
is used to maintain database-level integrity, perform defragmentation
and compaction, and repair even the most severely corrupt databases. It
is also the utility to use when maintaining Exchange Server 2010
transaction log files to determine which transaction logs need to be
replayed or which log file the Edb.chk file points to.
Caution
Using the eseutil utility on an AD or Exchange Server database can produce irreversible changes.
As with the isinteg utility, it is best to restore a copy of a suspected corrupt database in a lab environment, and then run eseutil against that copy prior to any attempts to use it in a production environment.
Note
eseutil
investigates the data that resides in the database table for any
corruption or errors, which is why it is called a database-level
utility. The eseutil options are shown in Table 1.
Table 1. eseutil Syntax
| Mode of Operation | Syntax |
|---|
| Defragmentation | ESEUTIL /d <database name> [options] |
| Recovery | ESEUTIL /r <logfile base name> [options] |
| Integrity | ESEUTIL /g <database name> [options] |
| Checksum | ESEUTIL /k <filename> [options] |
| Repair | ESEUTIL /p <database name> [options] |
| File dump | ESEUTIL /m[mode-modifier] <filename> |
| Copy file | ESEUTIL /y <source file> [options] |
| Restore | ESEUTIL /c[mode-modifier] <pathname> [options] |
The eseutil tool repairs the mailbox and public folder databases (database files, tables, and indexes), whereas the isinteg tool repairs the contents of the mailbox and public folder databases (messages, links, and attachments).
