Sunday, July 29, 2007

Defragmentation of Exchange Server Hard Disk

I realized today this is one of the common question Exchange administrators ask and try to understand if it is a good idea or bad idea to perform file level defragmentation on Exchange servers. I don't remember where I got a hold of some nice notes about this topic; anyway I wanted to post here to share with Exchange community .Disk defragmentation involves rearranging data on a server's hard disks to make the files more contiguous for more efficient reads. Defragmenting your hard disks helps increase disk performance and helps ensure that your servers that run Exchange run smoothly and efficiently. Because severe disk fragmentation can cause performance problems, run a disk defragmentation program (such as Disk Defragmenter) on a regular basis or when server performance levels fall below normal. Because more disk reads are necessary when backing up a heavily fragmented file system, make sure that your disks are recently defragmented.

Exchange databases also require defragmentation. However, fragmentation of Exchange data occurs within the Exchange database itself. Specifically, Exchange database defragmentation refers to rearranging mailbox store and public folder store data to fill database pages more efficiently, thereby eliminating unused storage space.

There are two types of Exchange database defragmentation: online and offline.

Online Defragmentation

Online defragmentation is one of several database-related processes that occur during Exchange database maintenance. By default, on servers running Exchange 2000 Server and Exchange Server 2003, Exchange Server database maintenance occurs daily between 01:00 (1:00 A.M.) and 05:00 (5:00 A.M.). Online defragmentation occurs while Exchange Server databases remain online. Therefore, your e-mail users have complete access to mailbox data during the online defragmentation process.

The online defragmentation process involves automatically detecting and deleting objects that are no longer being used. This process provides more database space without actually changing the file size of the databases that are being defragmented.

Note: To increase the efficiency of defragmentation and backup processes, schedule your maintenance processes and backup operations to run at different times.

You can schedule database defragmentation in two ways

To schedule database defragmentation for an individual database, use the Maintenance interval option on the Database tab of a mailbox store or public folder store object.
To schedule database defragmentation for a collection of mailbox stores and public folder stores, use the Maintenance interval option on the Database (Policy) tab of a mailbox store or a public folder store policy. For information about how to create a mailbox store policy or public folder policy, see "Create a Mailbox Store Policy" and "Create a Public Folder Store Policy" in Exchange 2000 Server or Exchange Server 2003 Help.

Offline Defragmentation
Offline defragmentation involves using the Exchange Server Database Utilities (Eseutil.exe). ESEUTIL is an Exchange Server utility that you can use to defragment, repair, and check the integrity of Exchange Server databases. It is available through the following sources:

If you are running Exchange 2000 Server, ESEUTIL is located in the E:\Support\Utils folder of your Exchange 2000 CD (where E:\ is the drive letter of your CD-ROM drive).
If you are running Exchange Server 2003, ESEUTIL is located in the F:\Program Files\exchsrvr\bin directory after running Exchange Server 2003 Setup (where F:\ is the drive letter of the drive to which you installed Exchange Server).
You can only perform offline defragmentation when your Exchange Server databases are offline. Therefore, your e-mail users will not have access to mailbox data during the offline defragmentation processes.

During the offline defragmentation process, Eseutil.exe creates a new database, copies the old database records to the new one, and then discards unused pages, resulting in a new compact database file. To reduce the physical file size of the databases, you must perform an offline defragmentation in the following situations:

After performing a database repair (using Eseutil /p)
After moving a considerable amount of data from an Exchange Server database.
When an Exchange Server database is much larger than it should be.


You should consider an offline defragmentation only if many users are moved from an Exchange Server database or after a database repair. Performing offline defragmentation when it is not needed could result in decreased performance.
When using Eseutil.exe to defragment your Exchange Server databases, consider the following:

To rebuild the new defragmented database on an alternate location, run Eseutil.exe in defragmentation mode (using the command Eseutil /d) and include the /p switch. Including the additional /p switch during a defragmentation operation enables you to preserve your original defragmented database (in case you need to revert to this database). Using this switch also significantly reduces the amount of time it takes to defragment a database.

Because offline defragmentation alters the database pages completely, you should create new backups of Exchange Server 2003 databases immediately after offline defragmentation. If you use the Backup utility to perform your Exchange Server database backups, create new Normal backups of your Exchange Server databases. If you do not create new Normal backups, previous Incremental or Differential backups do not function because they reference database pages that were re-ordered by the defragmentation process.
For more information about defragmenting Exchange 2000 Server and Exchange Server  2003 databases, see the following articles in the Microsoft Knowledge Base:

  • Article 192185: How to Defragment with Eseutil Utility (Eseutil.exe)
  • Article 324672: Offline Defragmentation with Eseutil, webcast
  • Article 328804: How to Defragment Exchange Server Databases



Oz Ozugurlu

You cannot remove Cluster Service

You cannot remove the Cluster service, but you can return it to an unconfigured state. You have evicted a node from your Cluster and you want to create a new cluster add the node as a member of the new cluster; However when you try to do it you are getting error, indicating the node is already a member of another Cluster.

  • Stop Cluster service
  • We need to perform a little clean up before we add the server into the new cluster as a new node
  • My server name is Ex1

I will go to RUN menu and type below command

Cluster node ex1 /forcecleanup

Here is Microsoft KB: 282227

The files for the Cluster service are installed, by default, on computers that run either, Windows Server 2003, Enterprise Edition or Windows Server 2003, Datacenter Edition. In earlier versions of Windows, this feature had been in the Add/Remove Programs tool.

You cannot remove the Cluster service, but you can return it to an unconfigured state:

  • Start Cluster Administrator (CluAdmin.exe).
  • Right-click the node, and then click Stop the Cluster service.
  • Note: Do not perform this step if this server is the last node in the cluster.
  • Right-click the node, and then click Evict Node.

This step returns the cluster to its original unconfigured state. You can re-add it later to the same or to a different cluster. If you cannot start the Cluster service, or if you have trouble removing the node, you can manually unconfigure the Cluster service:

Run the Cmd.exe program to open a command prompt.

At the command prompt, type cluster node nodename /forcecleanup

Note: If the Cluster service does not exist in the registry, the command does not respond. To create a place holder, type the following line at the command line, and then press ENTER:

sc create clussvc

This will perform the clean up and you will be able add this server as new node to the new cluster


Oz Ozugurlu

Monday, July 23, 2007

Do I need /3GB switch on 64Bit Platform?

On 64-bit versions of Windows Server 2003, the system automatically expands the virtual address space available to 32-bit user-mode programs linked with the /LARGEADDRESSAWARE option as needed without the /3GB boot parameter. On Windows Server 2003 RTM (without Service Pack 1), these 32-bit programs can access up to 3 GB of virtual address space. On Windows Server 2003 with Service Pack 1, they can access up to 4 GB of virtual address space. Native 64-bit user-mode programs can access up to 8 TB of virtual address space

Let's refresh our memories about performance tuning switches in 32 Bits Platforms. Below information is directly taken from MSDN.


On 32-bit versions of Windows, the /3GB parameter enables 4 GT RAM Tuning, a feature that enlarges the user-mode virtual address space to 3 GB and restricts the kernel-mode components to the remaining 1 GB.


Specifies an alternate amount of user-mode virtual address space for operating systems booted with the /3GB parameter.


Specifies the amount of memory, in megabytes, for user-mode virtual address space. This variable can have any value between 2048 (2 GB) and 3072 (3 GB) megabytes in decimal notation. Windows uses the remaining address space (4 GB minus the specified amount) as its kernel-mode address space.


The /3GB parameter is supported on Windows Server 2003, Windows XP, Windows 2000, and Windows NT. On Windows Vista and later versions of Windows, use the IncreaseUserVA element in BCDEdit.

On Windows, by default, the lower 2 GB are reserved for user-mode programs and the upper 2 GB are reserved for kernel-mode programs. You can use this parameter to test the performance of your driver when it is running in a 1 GB kernel.The 4 GT RAM Tuning feature is fully functional on Microsoft Windows NT Server 4.0, Enterprise Edition with Service Pack 3, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server, and all editions of Windows XP, Windows Server 2003, Windows Vista, and later versions of Windows.

On other versions of Windows NT and Windows 2000, this feature restricts the kernel to addresses above the 3 GB boundary. However, user-mode applications cannot access more than 2 GB of address space.

The /userva subparameter is designed for computers that need more than 2 GB but less than 3 GB of user-mode address space, particularly those that are running memory-intensive user-mode programs. When used without the /3GB parameter, /userva is ignored.

The /3GB and /userva parameters are valid only on boot entries for 32-bit versions of Windows on computers with x86 or x64-based processors.

To take advantage of the 3 GB available to user-mode programs, the program must be linked with the /LARGEADDRESSAWARE option


Oz Ozugurlu

Sunday, July 22, 2007

Bodog fight and Kelly Kobold

Here is my CHAMP Kelly Kobold. We recently landed in Jersey for a great Bodog fight night. It was great to meet with Kelly. She is incredibly sweet and rough girl. I am one of her big fan and will be. Kelly fought for a Belt.

You are my CHAMP Kelly and you always will be.

Starting her training in June of 2002, Kelly entered the world of Mixed Martial Arts with no fighting or sport experience. She is the only woman on a hardcore team where the average player is over 200 pounds. On Kelly's first day of training she was taken aside and told "if you want to train with us you will have to train like us. That means no one will go easy on you because you are a girl. We will show you respect by beating the hell out of you." Her response was "Good." At first she took to the game like a cat to water. She showed only two traits that spoke well for her: she never complained about hard work, and she never showed any quit. Night after night, teammates would remark on the girl's heart. January 12th, 2003 in the ICC, that heart was on display for all to see


Oz ozugurlu


This article is written for my students mostly. We have recently finished Exchange 2003 Class. All my students become Certified Exchange administrator. I am truly proud of with all of these guys. This is outstanding performance and great achievement. I love to see more people are joining into the Exchange community. Here is out school website I Have promised to my students to have some question posted on my blog. Below are the exchange interview questions for Junior Exchange administration position. Here is my golden advice to you al, please be concise on your answers. When someone ask you in the interview

What is an IP address, do not spent 5 minutes to explain what it is. Your answers should be professional and short such as "It is 32 bits binary number"

Top 10 Tasks for New Exchange Server Administrators

Also expect some basic networking questions as well as Classic ones such as

Tell me about yourself, what you have been doing (Classic one).

  • What is an IP address?
  • What is DNS? (what port)
  • What is DHCP? (what Port)
  • IP address class range
  • Private public IP range?
  • Public IP address range
  • what is subnet mask, why it is important

Port number and Usage Game,

Port 20

Port 21

Port 23

Port 25 Don't Mess with this one !!!!!!!!!

Port 53

Port 110

Port 80

Port 443

Port 3389

Port 3268

Port 3369




  • What is Protocol?
  • Explain UDP
  • Explain TCP
  • How many ports available?

Well Known Ports are those in the range 0–1023

Registered Ports are those in the range 1024–49151

Dynamic and/or Private Ports are those in the range 49152–65535

Ports range 0-65535

  • What is latest service pack Exchange 2003?
  • What is latest service pack Exchange 2000?
  • What is the name of Exchange Databases?
  • How many databases in Standard Exchange version
  • How many databases in Enterprise Exchange version
  • What is Storage Group?
  • What is mail store?
  • Explain Exchange transaction logs
  • What is default size for Transaction logs?
  • Why exchange is using transaction logs? Why not to write to data directly to the Exchange database?
  • How exchange database gets defragmented?
  • What is white space, and how can it be reclaimed?
  • What time online maintenance runs by default in Exchange?
  • What event log exchange logs after online defragmentation



Friday, July 20, 2007

Can you Run a Mail server without MX record

Answer is: YES
is it recommended to Run a mail server without MX record: Answer is no, make sure you have MX record on your PUBLIC DNS Servers.
Do I need MX record internally (Active Directory DNS integration) Answer is: NO There is no need to configure MX Records for internal use, simply because internal e-mail and replication traffic is usually controlled via Active Directory. Here is some clarification for you and all of us t is possible for email to be delivered internally, within your Exchange Organization, without the need for MX records. In your case it works fine, you don't need one, ( INTERNALLY, mean within your mail organization)

The  reason  Internal Exchange servers will resolve all delivers request by looking at, and locating  A (host) records in Internal DNS. Host Records (A Record) IP address is map to a Computer name, every computer registered into DNS will have A record ,Things will Change on out the Internet ( this is outside your internal network)
MX Record , Mail Exchanger record, it specified the Mail server for Authoritative Domain, simply tells who the mail server is for a Domain.
Default priority is Priority=10
Now , when  an Exchange server  outside your company  want to  send your company e-mails
Sender Exchange servers will ask  ( look for )  auhorative  DNS servers for your domain name ( Zone),
Usually request  will go to ISP DNS servers, and ISP DNS server will have an Entry within their Public DNS zone
When ISP DNS server receives the request from let's say    your Exchange server , is asking
Do you know the IP address of  )   mail server, I would like to send some e-mails to this domain.
ISP DNS server will say

No problem let me look it up ( now ISP DNS server will do a look up on his Database, in order to determine the IP address of Mail server)
First think ISP DNS servers will perform  lookup for an MX Record ( This is the difference, internally  this would be A (Host record) Lookup)
When ISP DNS server finds the MX record for requested name space it hands off to the requester
Now if multiple records are found , DNS server hands off all the records to a Requester
Requester Mail Server, accepts the results ( list of MX records) , and  Requester mail server MTA, or server, decided which one to establish session FIRST
Assuming  public DNS handed off   4 records  to you about with same MX  weight (Priority)

MX (10)

MX (10)

MX (10)

MX (10)


Now your Exchange server ( mail server ) will try to establish SMTP connection to all records up here
Before, your Mail server  queuing the mail 
IF there is no MX record exists, on ISP DNS servers, Bases on RFC 2821

ISP DNS server will perform  a second Query if there is no MX record found, which will be an A record of the Domain
Additionally :
When an e-mail message is sent through the Internet, the sending
mail transfer agent makes a DNS query requesting the MX record for the recipient's domain name, which is the portion of the e-mail address following the "@". This query returns a list of host names of mail exchange servers accepting incoming mail for that domain, together with a preference number. The sending agent then attempts to establish an SMTP connection to one of these servers, starting with the one with the smallest preference number, delivering the message to the first server with which a connection can be made. If no MX records were present, a second request is made for the A record of the domain instead.
There is no need to configure MX Records for internal use, simply because internal e-mail and replication traffic is usually controlled via Active Directory.
MX Record is recommended on Public DNS servers, to speed up the DNS query , since based on RFC  2821, External query will do a lookup for MX records FIRST

Tuesday, July 17, 2007

Cluster Exchange 2003 & EXRES.DLL administrator should not stop a service from the command-line

Should we use windows services to manage Exchange related services? This has been asked few times, which made me to research online resources. I have decided to post TechNet post without making many changes I hope below Microsoft article will make all of us understand the key DLL files (EXRES.DLL and some of the internal functions such as IsAlive function, and ExchangeOpen functions)


  • Exchange 2003 is cluster-aware and provides its own cluster resource DLL, named EXRES.DLL, for communication and interaction with the Windows Cluster service. The Windows Cluster service communicates through Resource Monitor to EXRES.DLL, and EXRES.DLL then communicates with the Exchange components. EXRES.DLL translates the cluster actions into actions for Exchange-related services. EXRES.DLL also monitors the stopping of these resources and notifies the Cluster service if the operation is unsuccessful. The following figure illustrates the relationship between EXRES.DLL and the Cluster service
  • In a cluster, the Cluster service is responsible for starting and stopping Exchange services through EXRES.DLL. Because of this, an administrator should not stop a service from the command-line, the Windows Services snap-in, a Resource Kit tool, or a third-party application.
  • When you stop a service outside of the Cluster, the IsAlive call to that service fails, causing the Cluster service to attempt a restart of the stopped service. The IsAlive function returns the last value that was pooled from the resource health-monitoring thread.
  • The LooksAlive function has the same implementation as IsAlive. The Looks Alive function is not called, because the EXRES.DLL provides resource-failure event handles to the cluster Resource Monitor that indicates when a resource fails.
  • The health-monitoring thread checks resources every ten seconds. This resource check cannot be configured. EXCLUADM.DLL provides the interface associated with Exchange and cluster-specific wizards


 ExchangeOpen/ExchangeClose Functions

The ExchangeOpen and ExchangeClose functions are called whenever the Exchange resources are moved to the current node. Inside the ExchangeOpen functions, memory is initialized or allocated for the basic information of the resource. These functions also handle the loading and unloading of DLL files that are used by the Resource DLL. This process is controlled by reference counters.

ExchangeOnline and ExchangeOffline Functions

The ExchangeOnline and ExchangeOffline functions create new OnlineWrapperThread and OfflineWrapperThread worker threads and immediately return an ERROR_IO_PENDING to the cluster Resource Monitor. When the wrapper thread returns a failure to Resource Monitor, Resource Monitor tries to restart the resource two additional times. During these restart attempts, the ExchangeOnline function determines if the previous online/offline thread is returned. If the online/offline thread is not returned, the ExchangeOnline function restarts.

For the OfflineWrapperThread, if the ExchangeOffline thread does not return in the PendingTimeOut limit for the Store, System Attendant, and MTA resources, Resource Monitor ends the corresponding process.

To prevent situations in which RPCs hang, these two worker threads create the real online/offline thread. The wrapper threads act as monitors for the online/offline thread and use timers to monitor the operation of the online/offline thread. If the online/offline thread does not return in the PendingTimeOut value that was set in Cluster Administrator, the wrapper thread determines that the operation is unsuccessful, and sets the resource's state as failed. It then returns an error. The only exceptions to this behavior are for upgrade operations or for store resource online operations. In these two cases, the wrapper thread waits for an upgrade to complete or for a store resource to go online without timing out.


The ExchangeOnlineThread and ExchangeOfflineThread service the following Exchange resources:

  • Micrsoft Exchange System Attendant service, Microsoft Exchange Information Store service, and Routing   Each of these resources starts the service (if it is not already started), and then makes RPC calls to each of the services, instructing them to start or stop the corresponding Exchange Virtual Server.
  • Protocol Resources   Protocol resources set the command bit in the IIS metabase, and then start the service, if it has not already started. The corresponding service picks up the command and starts or stops the virtual server. The only exception to this is the SMTP virtual server. In this case, the whole SMTP service must be stopped when a virtual server instance is taken offline. The IsAlive function checks for other virtual servers running on the same physical computer, detects that the underlying SMTP service is stopped, and then restarts the virtual server.

ExchangeIsAlive and ExchangeLooksAlive

The ExchangeOnline function returns an event handle to Resource Monitor, and Resource Monitor then stops calling the ExchangeLooksAlive function. Instead, the Resource Monitor calls the ExchangeIsAlive function at intervals set in the Cluster Administrator Looks Alive polling interval. Whenever a resource is online, EXRES.DLL creates two threads to monitor the status of that resource. The first thread, named ExchangeIsAliveMonitor, checks the status of the resource every ten seconds by waking the second thread, named ExchangeCheckIsAliveWrapper. ExchangeCheckIsAliveWrapper performs the actual IsAlive checking. If the ExchangeCheckIsAliveWrapper thread does not return in the PendingTimeOut limit, or if the IsAlive check is unsuccessful, the ExchangeIsAliveMonitor thread signals a failure event for the particular resource to Resource Monitor. The ExchangeIsAlive function returns the status of the last IsAlive check.


This function ends the existing ExchangeIsAliveMonitor thread. For the Exchange store, System Attendant, and MTA resources, it also performs the corresponding offline procedure to make sure that the database is dismounted. If the offline procedure does not complete successfully in the PendingTimeOut limit, EXRES.DLL also terminates the corresponding process.

Creating Resources

The user creates a resource first, and then creates a call to EXCLUADM.DLL, prompting for information. EXCLUADM.DLL obtains the required information for the resource and passes it to the Cluster service. Resource Monitor creates a call to the ExchangeResourceControl function in EXRES.DLL. This call contains the information that was passed from EXCLUADM.DLL and Clusctl_Resource_Set_Private_Properties as the control code. ExchangeSetPrivateResProperties is used to handle this control code. It first saves the information to the cluster database under the Parameters registry key for that resource, and then makes a call to EXSETDATA.DLL to have EXSETDATA.DLL create objects in Acitve Directory. In some cases, a problem might occur and some configuration information might be modified in Exchange System Manager, without synchronizing the changes with the cluster database.


Oz Ozugurlu

Friday, July 13, 2007

BlackBerry Unable to save configuration settings or statistic


User mailbox moved from One Exchange server to another one, in this example NHQEX1 (exchange server 1) to NHQEX2 (exchange server 2). User stops receiving mail to his black berry device. In the event log of BES server we located following event log.

Possible Cause

When mailbox got moved, Exchange server was rebooted, If Exchange server gets reboot, BES needs to be rebooted AFTER the exchange server reboot. This causing worker treads to get frozen, only way to get the worker treads to be released, bouncing the BES server.
Remove user from BES server, add user back to the BES server. Restart the BES services in fallowing order.

  • Blackberry Router
  • BlackBerry Dispatcher
  • Controller

The rest of the services would not make any difference at all; they can be restarted in any order

  • Made sure permissions are set correctly on the Exchange server
  • Made sure permissions set properly on the Storage group and mail store
  • Run utility called IEMSTest.exe again this utility is located on the same directory called Utilities


  • In order to alleviate the problem, be certain BB has proper right to log into user mailbox. Use IEMSTest.exe to perform the test, go to below directory
  • |Program Files
  • |Research In Motion
  • |BlackBerry Enterprise Server
  • |Utility|


Run IEMSTest.exe

Leave the default profile on; pick the user you would like to test the permissions

Copyright (c) Research In Motion, Ltd. 1999. All rights reserved.

Opening Default Message Store Mailbox $_bes1.

Opening message store for Ozugurlu, Oz (Consultant) using /O=Smtp25/OU=ARCHQ/cn=Rec

merican Smtp25/OU=ARCHQ/cn=Configuration/cn=Servers/cn=EX2VS/cn=Microsoft Private MDB.

Ozugurlu, Oz (Consultant)'s Mailbox opened successfully.

Root Folder opened successfully.

Folder created successfully.

Test folder deleted successfully.

Test completed successfully for Ozugurlu, Oz (Consultant).


This tool will perform the following steps

Attempted to log into oz Ozugurlu mailbox

Mailbox opened successfully

Opened root Folder

Mailbox opened successfully

Created a folder

Folder created successfully.

Mailbox, create a folder, and it will delete the permissions working properly( we know this point BES has permissions to get to a folder on the next step. This is excellent utility to see if



Oz Ozugurlu


Bad Port# 3101 at

3101 TCP outbound initiates connection to the Blackberry Control Center, which bidirectional traffic, Blackberry Infrastructure. If network drops (network hiccup) 5 times within 1 minute, SRP key will get disable on the BES servers. Softly after you will see your manager is calling your cell phone and asking you what is going on Before initiate the support call make sure Blackberry service is running on each BB server. Please log into BB server with BES account, click on Black Berry manager icon on the desktop

Here you will see each server and Status of it makes sure it is in running stage, make sure SRP status is in running stage as well.

Perform SRP TEST on your BB server, Open CMD windows, drill down to below directory

  • program files
  • Research In Motion
  • BlackBerry Enterprise Server
  • Utility


In this folder there are some handy utilities; one of them is called BBSrpTest.exe

Type BBSrpTest.exe on the command line and Hit enter You will see output similar the picture below, If SRP key is disabled, that particular BB server won't transfer emails. We must call blackberry Support and get them reactivate the If you log into BB server, with Bes account , and go to properties you will see the status of BB server, as an example picture below, NHQBES2 status is running, and SRP number and SRP Authentication key is listed SRP key. This can only be done by RIM Support.


Oz ozugurlu

Directory Services Restore Mode

Today, I am hearing from our AD Engineers, getting involved into failed domain controller due to DIT database reached in size 4GIG, and DC goes down. When you start Windows Server 2003 in Directory Services Restore Mode, the local Administrator account is authenticated by the local Security Accounts Manager (SAM) database. Therefore, logging on requires that you use the local administrator password, not an Active Directory domain password. This password is set during Active Directory installation when you provide the password for Directory Services Restore Mode. Follow the link below to move the DIT database to another location.

Administrative credentials

To perform this procedure, you must provide the Administrator password for Directory Services Restore Mode.

To restart the domain controller in Directory Services Restore Mode locally

  • Restart the domain controller.
  • When the screen for selecting an operating system appears, press F8.
  • On the Windows Advanced Options menu, select Directory Services Restore Mode.
  • When you are prompted, log on as the local administrator

The following conditions require moving database files:

• Hardware maintenance: If the physical disk on which the database or log files are stored requires upgrading or maintenance, the database files must be moved, either temporarily or permanently.

• Low disk space: When free disk space is low on the logical drive that stores the database file (Ntds.dit), the log files, or both, first verify that no other files are causing the problem. If the database file or log files are the cause of the growth, then provide more disk space by taking one of the following actions:

• Expand the partition on the disk that currently stores the database file, the log files, or both. This procedure does not change the path to the files and does not require updating the registry.

• Use Ntdsutil.exe to move the database file, the log files, or both to a larger existing partition. If you are not using Ntdsutil.exe when moving files to a different partition, you will need to manually update the registry.

If the path to the database file or log files will change as a result of moving the files, be sure that you:

• Use Ntdsutil.exe to move the files (rather than copying them) so that the registry is updated with the new path. Even if you are moving the files only temporarily, use Ntdsutil.exe to move files locally so that the registry remains current.

• Perform a system state backup as soon as the move is complete so that the restore procedure uses the correct path.

• Verify that the correct permissions are applied on the destination folder following the move. Revise permissions to those that are required to protect the database files, if needed.


The registry entries that Ntdsutil.exe updates when you move the database file are as follows:



• Database backup path

• Digital Signature Algorithm (DSA) database file

• DSA working directory


Relocating Active Directory Database Files


Oz ozugurlu

Restart the BlackBerry Services in this order below

Worker treats are hung, in which order Black berry services needs to be restarted. If you are moving users within the same Exchange server, you will probably end up breaking the BES connection to the mailbox, Apparently version 4.0 BlackBerry is looking in LDAP server DN (distinguish name) therefore it is not able to locate the user mailbox. Anyway follow the order below when BES services needs to be restarted. This is best practice from RIM support.

Restart the Black Berry Services in this order below

Blackberry Router

Service establishes connections, Manages the connection to the wireless network for the BlackBerry Enterprise Server. Also routes data to handhelds that are connected through the BlackBerry Handheld Manager.

BlackBerry Dispatcher

Establish connection to Exchange, Performs data encryption and compression services for all data that the BlackBerry Enterprise Server sends or receives.


Controls all other services, Monitors key BlackBerry Enterprise Server components and restarts them if they stop responding.

Other services can be started in any order,

BlackBerry Alert

When configured, sends alerts when events at the specified level occur on the BlackBerry Enterprise Server.

BlackBerry attachment

Converts attachments into a format that can be viewed on the handheld.

BlackBerry Database Consistency Service

Synchronizes data between the BlackBerry Manager database and user mailboxes.

Blackberry Mobil data service

Provides secure access to online content and applications on the corporate intranet or Internet through the BlackBerry Enterprise Server.

BlackBerry Policy service

Supports wireless IT Policy, service books, and third-party application delivery for the BlackBerry Enterprise Server.

Blackberry Router

Manages the connection to the wireless network for the BlackBerry Enterprise Server. Also routes data to handhelds that are connected through the BlackBerry Handheld Manager.

BlackBerry Synchronization service

Synchronizes PIM application data wirelessly between the handheld and the mail server.



Oz Ozugurlu

What is really CheckPoint.chk?

Before changes are actually made to an Exchange database file, Exchange writes the changes to a transaction log file. After a change has been safely logged, it can then be written to the database file. It is common for changes to become available to end users just after the changes have been secured to the transaction log, but before they have been written to the database file.

  • Exchange employs a sophisticated internal memory management system that is tuned for high performance. Physically writing out changes to the database file is a low-priority task during normal operation.
  • Exchange can efficiently manage caching of more than a gigabyte of database pages. This cache includes pages read from the database to fulfill client requests, as well as changed pages that will eventually be written back to the database file.
  • If a database suddenly stops, cached changes are not lost just because the memory cache was destroyed. On restart of the database, Exchange scans the log files, and reconstructs and applies any changes not yet written to the database file. This process is called replaying log files. The database is structured so that Exchange can determine whether any operation in any log file has already been applied to the database, needs to be applied to the database, or does not belong to the database.
  • Rather than write all log information to a single large file, Exchange uses a series of log files, each exactly five megabytes in size. When a log file is full, Exchange closes it and renames it with a sequence number.
  • The first log filled ends with the name Enn00001.log. The nn refers to a two-digit number known as the base name or log prefix
  • An Exchange Enterprise 2003 server can have up to four storage groups, and the log files for each storage group are distinguished by file names with numbered prefixes (for example, E00, E01, E02, or E03).
  • The log file currently open for a storage group is simply named Enn.log—it does not have a sequence number until it has been filled and closed
  • The checkpoint file (Enn.chk) tracks how far Exchange has progressed in writing logged information to the database files. Typically, on a busy database, the checkpoint lags three or four log files behind the currently open log.
  • There is a checkpoint file for each log stream and a separate log stream for each storage group. Within a single storage group, all the databases share a single log stream. Thus, a single log file often contains operations for multiple databases
  • The checkpoint wraps three or four log files behind the currently open log, based on this information if you think the log file size is limited to 5meg, Exchange 2003 will write the data on to mail store when it reached 20Meg.


Do not forget the SG (storage Group) has all the logs for all mail stores.Log files are numbered hexadecimally, so the log file after E0000009.log is E000000A.log, not E000010.log. You can convert log file sequence numbers to their decimal values using the Windows Calc.exe application in Scientific mode. To do this, run Calc, and then on the View menu, click Scientific.

You can also see the decimal sequence number for a given log file by examining its header with Eseutil.exe. The first 4-KB page of each log file contains header information that describes and identifies the log file and the databases it belongs to. The command Eseutil /ml [log filename] displays a header like the following:


Base name: e00

Log file: e00.log

lGeneration: 11 (0xB)

Checkpoint: (0xB,7DC,6F)

creation time: 12/30/2002 05:07:12

prev gen time: 12/27/2002 13:38:14

Format LGVersion: (7.3704.5)

Engine LGVersion: (7.3704.5)


Now all you need to do drill down to Bin directory from DOS, and open the logs directory from windows explorer. Place both windows side by side just like I did here.

Now on the Command window type "eseutil /ml"

E:\Program Files\Exchsrvr\bin>eseutil /ml

Drag one of the log file from left window into Command prompt, and hit enter


Oz ozugurlu

Thursday, July 12, 2007

Lost Cluster service account password here how to reset it without downtime

Yes you heard right. I am trying to bring another node into existing cluster and I am at the point where I need to supply the Cluster service account password, I am not able to figured out what the password was set too. Of course the person who set the cluster Exchange did not save or document the password for job security reasons and he is no longer at this place. I desperately go over the entire existing password save programs for this company and the result no luck. This Cluster environment is pretty large and there is no room for mistake, so being cautious we ended up calling PS support for Microsoft.

cluster /cluster:nhqCluster /changepassword /skipdc

My cluster name is nhqCluster so; replace this with your cluster name. This command line works like a charm and replaces the password with the new password you will be supplying beside this method I have also figured out, following way works as well. Stop Cluster services on all nodes, go to services make sure cluster service is stopped. Go to properties and reset the password on all the nodes, go back and restart the services. This is involving stopping the cluster; the command line won't cause any interruption on the cluster


  • First we will change/reset the password for cluster service account in the Active directory.
  • On every cluster node, click Start, click Run, type services.msc, and then click OK.
  • In the Services (Local) list, double-click Cluster Service.
  • Click the Log On tab and then type the Cluster service account in the account box by using the Universal Naming Convention (UNC) format. For example, type an account name that is similar to the following: SMTp25\ clusteraccount
  • Type the correct account password in the Password box and in the Confirm password box, and then click OK.

  • When you receive the following message, click OK: The new logon name will not take effect until you stop and restart the service.
  • Under Cluster Service, click the Restart link.
  • Then follow the article KB305813
  • If it doesn't work the we need to follow the article KB269229 How to manually re-create the Cluster service account

Microsoft Links

Best regards

Oz Ozugurlu

Tuesday, July 10, 2007



Galmode.exe is having intermitting problems; some of the users are not able to update their personal information by using Galmode.exe

Information about Galmode.exe:

Part of the BackOffice Resource Kit, Microsoft has supplied a utility called GALMOD32.EXE which allows users to modify certain attributes of their own. (NT 4.0) Maintaining user attributes may become very difficult in big environment therefore GALMODE32.EXE is very useful tool to let users to perform this task by their own without any administrative afford. Naturally, non-admin users can only change their own details with this utility and since it can be run from a network share, it doesn't even need to be installed on their own computers. It is an Executable read the information from outlook profile and users area blow to change the following fields.

GALMOD32.EXE is supported with NT 4.0 and Exchange server version 5.5


It seems to be missing membership in Active directory is causing problems for users who cannot update their corresponding setting with Gal mode. revamping these membership and establishing  proper rights seems to be fixing the issue

GALMOD32.EXE is supported with NT 4.0 and Exchange server version 5.5. (It works in AD 2X and Exchange 2003) as well.

  • 1.Click to select the Only the following objects in the folder check box, click User objects in the list, and then click Next.
  • 2. Click to select the Property-specific check box, set each attribute that you want your users to modify, and then click Next. Click Finish.

Users can now use Galmod32 or the Windows Search applet to update their information in Active Directory. The permissions on your user account determine the global address list entries that you can modify. If you have Domain Users permissions, you can modify the following fields in your own global address book entry:

  • Address
  • City
  • Business Phone Number
  • State
  • Fax
  • Home Phone Number
  • Mobile Phone Number
  • Notes
  • Office
  • Pager
  • Zip Code


If you have Domain Administrator permissions, you can modify the following fields:

  • Assistant
  • Company
  • Country
  • Department
  • Title


The user account needs to be member of, domain users group. Also self account needs to be present on the security tab of the object. Make sure you assign

  • Read

  • Write

Allow permissions for both of them. Enjoy your GALMode.exe

The utility is small you can zip it and sent it via e-mail or keep it on network share and give your access to get it from there


Oz Ozugurlu