Archive for April, 2007

Connecting Microsoft Entourage 2004 to Microsoft Exchange Server 2003

Wednesday, April 18th, 2007

Microsoft Entourage interacts with Microsoft Exchange differently than a typical Microsoft Office client. There are some fundamental concerns that an organization should have when using Entourage with Exchange. One difference that is important to point out early in the process is the fact that Microsoft Entourage can cause Exchange database files to become bloated with streaming information in the *.stm files that is not otherwise needed. There are 3 ways to combat this when/if it occurs:
1) Run a eseutil command while the database is stopped to defrag the database. When using eseutil you will need a minimum amount of freespace available that is equal to the database size.
2) Migrate mailboxes between information stores on the Exchange Server (if Exchange Enterprise) in order to be able to delete the old Exchange database and clear out the fragmentation.
3) Delete the old database and restore from a backup.

Note: Over the course of working with this type of infrastructure for years, it should be noted that using Exchange Enterprise and using multiple message stores is the best way to handle this issue if you have the appropriate licensing and disk space.

Another common issue that is encountered with administering Entourage that is not likely to occur with Exchange is that the change of a users message store to a new server with a new address requires that the client be reconfigured to accommodate for the new address. So if a users mailbox is moved from Exchange23 to Exchange 87 then the client will need to be updated. This is not typically the case with Outlook as it will use x.500 records to update the users client software to reflect the new location of the message store on a per client basis.

To begin to setup the first account, from Entourage select Tools -> Accounts and you will see the accounts window. Entourage can actually log into multiple Exchange accounts concurrently. If the user has POP and IMAP accounts in addition to the Exchange account, the Accounts landing page will be where all accounts are configured. To configure an Exchange account, click on arrow to the right of the New button and click Exchange.

This will bring up the Account Setup Assistant. Here, you will enter the default Email address for the account into the Email Address field and check the box for My account is on an Exchange server. Then you will enter the users login credentials for Active Directory in the User ID field and the Active Directory domain in the Domain field. The password for the user should be entered into the password field and then click on the right arrow to allow the client to attempt to find the appropriate server information automatically. If this fails do not be alarmed, it will typically fail. However, if the DNS information in the users TCP/IP settings is correct then at times it will succeed.

Once you have entered the data, click on the right arrow button. If DNS settings are configured effectively then it may setup the account automatically; however, this is prone to failure.

Click on the Configure account manually button to bring up a screen that will allow you to enter the needed information to configure the account properly. Settings in the Account Settings tab include:
1) The Name is the name that will be placed in the From: field of emails sent through this account.
2) The Email address is the DEFAULT email address for the user.
3) The Account ID is the users login credentials to Active Directory. There are times when the Account ID will also need the NetBIOS domain prepended to it. For example, if the NetBIOS domain name in your environment is Patagonia, then the Account ID might read MyDomain/administrator. The settings used here should be easily mirrored from what is used by Outlook Web Access.
4) The Exchange server address is not automatically detected when performing a manual setup, so if you have multiple Exchange servers in your environment you may have to manually enter the DNS name or IP address of the server in the Exchange server: field.

Once you are satisfied with the settings under the Account Settings screen, click on the Options tab of the Edit Account Window. Options include:
1) Receive complete messages – This is typically the best choice over partially receive messages for most users
2) Partially receive messages over – For larger messages, you can choose to only receive the first 50 (or whatever number you enter into this field) KB of the message. This is often used to make mail appear faster, although for attachments it can cause the user to have to manually retrieve the attachment which can be fairly annoying. This is also helpful in troubleshooting as a large message can clog up the ability to download a mailbox.
3) Default Signature – Choose the signature you would like to use for your Exchange account.
4) Headers – Headers can be used for rule processing. If you are not using this then you likely do not need to use this field.

Once you are satisfied with your settings for the account options page, click on the Advanced screen to configure public folder settings and LDAP settings. Options here include:
1) Public folders server – This is the IP address or DNS name of the Exchange server. If you have Exchange servers dedicated to public folder storage then you would use the address of these in this field, otherwise it should be set to be the same as the Exchange server being used to log in. In Microsoft Exchange, not all servers house public folders. Each folder can be set to replicate amongst specified servers. Outlook enumerates this automatically but Entourage does not.
2) DAV service requires a secure connection (SSL)
3) Override default DAV port – If Outlook Web Access is running on a port other than 80 (or 443 if SSL is being used) then this setting will need to be used.
4) LDAP Server – This is the IP address or DNS name of the LDAP server that you will be accessing. Sometimes this is an Active Directory controller, but other times this is the Exchange server according to how roles have been assigned to computers.
5) This server requires me to log on – unless your Active Directory server allows unauthenticated logons (very rare) this option needs to be checked
6) This LDAP Server requires a secure connection (SSL) – If your LDAP server needs an SSL Cert then you will need to check this box. If this is the case then you will need to install the SSL certificate using Keychain Access.
7) Override default LDAP port – If the LDAP port or you are running for Active Directory has been customized or if you are running a 3rd party LDAP store then this setting will need to be changed.
8) Maximum number of results to return – for companies larger than 1,000 users you may need to increase this to see the entire GAL.
9) Search Base – leaving this field blank is usually fine unless you want users to have access to the GAL. GAL access can be obtained by filling in the appropriate search base.

Once you have set the Advanced Options we can configure Delegate access. To do so, click on the Delegate tab and configure delegation for the specified user. The My Delegates section is where you provide other users with the ability to send on the users behalf. Other users can be added by clicking on the Add… button. To add other users whose mailbox the user has access to you would use the Users I am a delegate for section. Here, you can click on the Add… button to add users whose folders and send on behalf of permissions this mail client should have access to. Just as with Outlook, for specific folder access you would grant this by right-clicking (control-clicking in a Mac environment with a one-button mouse) and clicking on the permissions button. As with Microsoft Outlook, permission must be given at the root folder and then any folders in the folder structure below that folder. Unlike an Outlook environment, occasionally the permissions button will timeout. If this is the case then use the Microsoft Outlook client while logged in as the user to make these types of delegation changes for the user.

Once you have set the Delegate options, click on the Security tab if you need to configure SSL options. Otherwise you can skip this section and click on OK. If you do need to configure SSL, click on the Security tab and use the Select button to choose any certs that are installed on the computer.

Once you have configured all of the settings for the Exchange account, click OK. Now you can go to the Entourage Main Window and verify that your account is online. If the account says (Not connected) then connectivity is not there and you will need to troubleshoot.

Posted in Mac OS X, Windows | Comments Off

Xsan: Sometimes You’re Going to Loose a Drive

Wednesday, April 4th, 2007

Sometimes a drive fails, or a RAID controller goes down on an array with a redundant drive and the parity on a RAID must be rebuilt. In other words, if you loose a drive in a RAID 5, RAID 1, RAID 0+1 or RAID 3 array you will be left with a degraded RAID (also referred to as a critical RAID) unless you have configured your Xserve RAID to use a hot spare. If you are using a hot spare on the channel of the failed drive the RAID will begin to rebuild itself automatically. If you are not using a hot spare, upgrading your degraded RAID back to a healthy state should happen as quickly as possible to avoid data loss. In the event of a second drive failure on the array most of the data could be lost – and Murphy’s Law is evil when it comes to RAIDs. The data should be backed up as quickly as possible if it has not already been backed up.

Once the data is backed up, you should perform a rebuild of the parity for the array. The partiy is rebuilt based on the data that is on the array. This does not fix any issues that may be present with actual data. In other words, if you were using the Xserve RAID as a local volume it would only repair issues with the array and not also perform a repair disk on the drives. In an Xsan any data corruption could force you to rebuild you volume from the LUNs. You would not need to relabel the LUNs, but you may have to rebuild your volume

In many situations you will be able to simply swap the bad drive out with an identical good drive and configure it as a hot spare. Then the Xserve RAID will automatically begin rebuilding the array, moving it from a degraded state into a healthy state.

However, there are often logical issues with drives and arrays. Also, hot spares do not always join the degraded array. In these situations you may need to manually rebuild an array. To do this:
Silence the alarm on the Xserve RAID.
Verify that you have a clean backup of your data.
Verify that you have a clean backup of your data again or better, have someone else check as well.
Open up your trusty Xserve RAID Spare Parts Kit and grab the spare drive module.
Remove the drive module that has gone down (typically the one with the amber light).
Install the new drive in your now empty slot.
Open RAID Admin from the /Applications/Server directory.
Click on the RAID containing the damagemed array.
Click on the Advanced button in the toolbar.
Enter the management password for the Xserve RAID you are rebuilding the parity for.
Click on the button for Verify or Rebuild Parity and click on Continue.
Select the array needing to be rebuilt.
Click Rebuild Array and be prepared to wait for hours during the rebuild process. It is possible to use the array during the rebuild process – although if you don’t have to use the array it is probably best not to as you will see a performance loss. During the rebuild the lights on the drive will flash between an amber and a green state.
Once the rebuild is complete, perform a Verify Array on the RAID.
Verify the data on the volumes using the array.
Order a new drive to replace the broken drive in your Xserve RAID Spare Parts Kit.

If the rebuild of the data does not go well and the array is lost then you will likely need to delete the array and readd it. This will cause you to loose the data that was stored on that array and possibly on the volume, so it can never hurt to call Apple first and see if they have any more steps you can attempt. This is one of the many good reasons for backing data up. Just because you are using a RAID does not mean you should not back your data up.

The Verify Array can also be used to help troubleshoot issues with corrupted arrays.

This process has been tested using firmware 1.5 and below for Xserve RAIDs.

Posted in Xsan | Comments Off