Tuesday, November 28, 2006

Reverse NDR Attack - Outbound Email Not Being Delivered

Here is an article about problems with Outgoing Mail on Exchange 5.5. this is a solution I found while on the phone with a support call. This is a composite of a TekTips article and a Microsoft KB article.

What is a reverse NDR attack?

Spammers have a new means to avoid filters built into many systems. They take advantage of a mail systems sending of a non-delivery report (NDR) when a message cannot be delivered as addressed and returns the original contents.

How do I know that my server is suffering from a Reverse NDR attack?

There are several symptoms that you may see within the Microsoft Exchange Server Admin:- Outbound email is not being delivered (To view your outbound queue go to the properties of your Internet Mail Service connection, then click on the Queues tab and switch to outbound messages awaiting delivery)- Take note of the originator in the outbound queue, if you see <> under originator 99% of the time it will be a spam mail that has generated an NDR. If you see hundreds/thousands of these then you are most likely suffering a RNDR attack on your exchange server.

How do I clear the outbound queue?

I will explain how you can clear the outbound queue, but this will by no means resolve your issue as soon as the Internet Mail Service is started you will continue to resolve spam emails that generate NDRs on your system
(1) Stop the Internet Mail Service
(2) Go to the following directory path: (ie c:\exchsrvr\imcdata\out)
(3) Delete all files in this directory (each file is an email to be sent out, if you have users that are trying to send out there emails are in here also. You may need to advise them to resend emails that they just recently tried to send out, since they will most likely be deleted.)
(4) Delete the queue.dat file in the imcdata directory.
(5) Restart the Internet Mail Service

Here is Microsoft's KB article on how to resolve this issue:

Update available in Exchange Server 5.5 to control whether the Internet Mail Service suppresses or delivers NDRs

function loadTOCNode(){}
Article ID
Last Review
October 26, 2006

This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986

Description of the Microsoft Windows registry
var sectionFilter = "type != 'notice' && type != 'securedata' && type != 'querywords'";
var tocArrow = "/library/images/support/kbgraphics/public/en-us/downarrow.gif";
var depthLimit = 10;
var depth3Limit = 10;
var depth4Limit = 5;
var depth5Limit = 3;
var tocEntryMinimum = 1;

loadTOCNode(1, 'summary');
An update to Microsoft Exchange Server 5.5 is available that introduces a new feature that you can use to control how non-delivery reports (NDR) are processed by the Internet Mail Service. After you apply the hotfix that is described in this article, add the SuppressNDROptions registry entry to the following registry subkey. Then, set the SuppressNDROptions registry entry to the appropriate value, depending on whether you want the Internet Mail Service to suppress or deliver NDRs:

loadTOCNode(1, 'resolution');
Hotfix information
loadTOCNode(2, 'resolution');
A supported feature that modifies the default behavior of the product is now available from Microsoft, but it is only intended to modify the behavior that this article describes. Apply it only to systems that specifically need it. This feature may receive additional testing. Therefore, if you are not severely affected by the lack of this feature, we recommend that you wait for the next update that contains this feature.

loadTOCNode(3, 'resolution');
This hotfix requires Microsoft Exchange Server 5.5 Service Pack 4 (SP4).
Restart requirement
loadTOCNode(3, 'resolution');
You do not have to restart your computer after you apply this hotfix.
Hotfix replacement information
loadTOCNode(3, 'resolution');
This hotfix does not replace any other hotfixes.
File information
loadTOCNode(3, 'resolution');
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.Date Time Version Size File name

loadTOCNode(1, 'moreinformation');
After you apply the hotfix that is described in this article, add the SuppressNDROptions registry entry to the following registry subkey and then set the registry entry to the appropriate value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIMC\Parameters To configure the way that the Internet Mail Service processes NDRs: Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
1.Click Start, and then click Run.
2.In the Open box, type regedit, and then click OK.
3.Locate and then click the following registry subkey:
4.On the Edit menu, point to New, and then click DWORD Value.
5.Type SuppressNDROptions, and then press ENTER.
6.On the Edit menu, click Modify, and then follow these steps:
•Set the Base type to hexadecimal.
•To enable this feature so that the Internet Mail Service does not deliver NDRs, type 1 in the
Value data box.
•To enable this feature so that the Internet Mail Service does not generate NDRs, type 10 in the Value data box.
•To enable this feature so that the Internet Mail Service does not deliver any NDRs if an SMTP address is missing in the return address field, type 100 in the Value data box.Note If the SuppressNDROptions registry entry is either not present or if the registry entry is set to 0 (zero), the feature is not used.
7.Quit Registry Editor.
8.Restart the Internet Mail Service.For more information about how hotfix packages are named, click the following article number to view the article in the Microsoft Knowledge Base:

For Exchange 5.5 Server Support Click Here.

Monday, November 20, 2006

Exchange Server Backup: Using Windows Native Backup

Here is the first of John Best's Exchange Server tutorials. John is DTI's Exchange Data Recovery Chief Engineer. Learn more about John and DTI at our Data Recovery Software Blog.
This first post is on how to use Native Windows backup to backup your Exchange Server.


This article describes how to back up your Microsoft Exchange 2000 or later database using Microsoft Windows Backup Utility. In my line of work, I see far too many exchange servers that have absolutely no back up strategy in place. Out of all the corrupt databases I recover, virtually every recovery could have been avoided if the administrator would have set up an automated backup that ran nightly

Windows 2000 and 2003 Server include a backup utility that becomes updated and capable of performing an online exchange backup after Exchange 2000 has been installed. Backing up your exchange database also flushes transaction logs that have been committed to the database, freeing up disk space. Each transaction log is 5 megabytes and exchange can generate a lot of them depending on how many transactions are taking place. I have seen exchange servers with thousands of unneeded log files. It is extremely important that these log files are not deleted manually. Allow the backup program to flush them.

To backup your exchange server:

1. Click Start > Programs > Accessories > System Tools > and click Backup
2. If backup starts in wizard mode, select advanced.
3. Click on the Tools tab and select “Backup Wizard”
4. On the Welcome screen, click Next
5. Choose Back up selected files, drives, or network data

exchange backup

6. On the Items to Back Up screen, click the plus sign next to Microsoft Exchange Server, then on the name of your server, and then click your storage group (which is named First Storage Group by default).

exchange server backup wizard1

7. Here you should see the Mailbox store and Public Folder Store are both selected.

exchange server backup wizard 1

8. After clicking next, you will see the Backup Type, Destination, and Name screen. Here you can choose to backup to a device such as a tape drive or to a file as I have chosen here:

exchange server backup wizard 2

9. Click Next.

10. On the Competing the Backup Wizard window, you could click finish to start the job right away. But for this guide we will choose the Advanced button.

exchange server backup wizard 3

11. Be sure the type of backup is set to Normal. Click Next.

exchange server backup wizard 4

12. On the next window you will choose to either append or replace. Keep in mind that if you choose append, the file may grow very large on an automated schedule. If you choose replace, the file will be completely overwritten. I normally choose replace and then setup two alternating backup jobs. This way, I always have a backup file if the server crashes during a backup.

exchange server backup wizard 5

13. Click Next.

14. On the next screen we can choose to run the backup now or schedule it for later. Choose Later.

exchange server backup wizard 6

15. Give the backup job a name. Then click the Set Schedule button. The schedule job settings window appears. You could set your backup to run every weekday at night or whenever works best for you.

16. Click OK.

exchange server backup wizard 7

17. We should be back to the When to Back Up window. Verify the correct start date and click Next.

exchange server backup wizard 8

18. It will then ask you for the proper credentials that this job will run under. Be sure to use an account that has administrative permissions.

19. Click OK.

exchange server backup wizard 9

20. On the Completing the Backup Wizard screen, click Finish to schedule the backup job.

21. Verify the job has been set to run by clicking Start > Programs > Accessories > System Tools > and Scheduled Tasks.

22. You should see your task scheduled with the dates and time to run.

23. You can check on your backup jobs by opening the Backup Utility and going to Tools > Report to view the details of each job. Also check your backup directory to make sure the backup file has been created and the modified date is set to the last backup day.

It is not enough to just create the backup job and trust it will run forever. You need to constantly check that your backup is running. You should also check your event viewer logs to make sure there are no problems occurring during the backup.

exchange server backup wizard 10

This guide is a very simple backup strategy intended for administrators that currently have NO backup strategy in place. Any backup is better than NO backup. I highly recommend that in a mission critical environment, better backup software be purchased and a better backup strategy using both tapes as well as backup files be put into place.

Thursday, September 21, 2006

Windows IT Pro's Exchange Availability Guide

The Microsoft MVP Guide
to Exchange Availability
10 Essential Rules that Will Save Your Job
Paul Robichaux, Microsoft Exchange MVP
Chris Scharff, Microsoft Exchange MVP
Ben Winzenz, Microsoft Exchange MVP
MessageOne’s Emergency Mail System™(EMS™) provides
guaranteed email continuity. When your Exchange servers
become unavailable, EMS allows users to continue to send
and receive email through a web browser or via a BlackBerry®
wireless device without interruption. Today, more than 700 CIOs at
companies including DaimlerChrysler, Time Warner, and Marriott
depend on MessageOne to ensure that email is always available
– no matter what. Learn more at www.messageone.com/mvp.
Brought to you by MessageOne™
© Copyright 2005 MessageOne, Inc. All Rights Reserved.
It’s a very bad day when Microsoft Exchange goes down.
Unfortunately, achieving high availability with Exchange can be
a daunting task: a wide variety of software, hardware, directory,
storage, network, and datacenter problems are always lurking.
Each one has the potential to bring email down.
MessageOne has seen many causes of downtime: an idiot with
a backhoe cutting the fi ber line, an executive emailing his
7 GB ripped video of a Grateful Dead DVD, termites in the data
center, a night visitor accidentally shutting down power – not to
mention the mundane failures caused by human error, technical
problems, and natural disasters.
This pocket guide provides 10 essential rules that will help
you ensure that email is always available, no matter what. It
was written by three Microsoft Exchange MVP’s to help Exchange
Administrators avoid many of the pitfalls that can lead to
painful downtime.
01 Simplify,
Rule No.
Highly complex availability solutions create new risks that
increase their cost and value. Aircraft engineers have known this
rule for a long time: extra bells and whistles add weight and cost
and sap agility, performance, and maneuverability.
The same is true for your availability solution design.
Instead of larding up your infrastructure with complexity, search
for solutions that reduce the number of failure points by removing
unnecessary components, consolidating functions where it
makes sense to do so, eliminating processes that you don’t
need, and streamlining whatever you keep.
The Zen masters teach that you can only reach Nirvana by letting
go of your possessions; to reach high availability nirvana, you
must simplify in exactly the same way.
01 Simplify, Simplify, Simplify.
02 Know Thy
Rule No.
GI Joe’s motto is "Knowing is half the battle."
That’s as true for Exchange availability as it is for plastic
action fi gures.
Your efforts to build a highly available Exchange system depend
on knowing what failure points exist in your design and what you
can do about them. Some of these failure points will be outside
your control, like security fl aws in the software you run or the
quality of your local utility company’s electrical service. Most of
these lurking enemies, though, are yours to command –
and destroy!
First, you have to know where your infrastructure is vulnerable;
then you have to have the training and knowledge to know how
to best fi x those vulnerabilities without violating Rule #1. For
example, understand the history of your failures and what caused
them – were they SAN-related, related to a specifi c upgrade
process, or something else?
02 Know Thy Enemies
03 Is that a Tool
or a Weapon?
Rule No.
George Washington said that government, "like fi re, is a
dangerous servant and a terrible master."
So it is with the Exchange maintenance tools we depend on to fi x
things when they go wrong. Eseutil and isinteg (and lesser-known
tools available from Microsoft support that you may have heard
of) are wonderfully useful in the right circumstances – but in
untrained hands, or when used for the wrong reasons, they can
irreparably damage your data.
Know what these tools are for, how to use them, and when not to
use them. Don’t experiment with these tools on your production
servers (that’s what Virtual PC is for), and don’t plan on running
them as part of your normal maintenance routines. If you get into
a situation where running these tools seems like a good idea,
stop and think – and consider calling Microsoft’s PSS if you’re
not 100% sure that you’re choosing the right tool for the job.
03 Is that a Tool or a Weapon?
04 Clusters, Not
Cluster Bombs
Rule No.
Clusters are like nuclear weapons: they’re expensive, they
require lots of maintenance, and they don’t solve the problems
most people think that they do. They’re both devastating if
improperly used or secured. Despite this, they are much
If you’re considering using clusters, or if you’ve already got them
deployed, ask yourself whether your cluster implementation
actually delivers the benefi ts you want. Clusters are great at
protecting against single points of hardware failure, and they
make rolling upgrades of the operating system easy. They can
also be used to provide higher availability than standalone
systems when properly designed and used with appropriate
storage systems.
To get the most out of your clusters, carefully study Microsoft’s
recommendations for cluster design and sizing; buy only
hardware that appears as "cluster-certifi ed" on Microsoft’s
hardware compatibility list, and gain experience with cluster
management and setup by using Virtual PC or VMware before
you take the big plunge.
04 Clusters, Not Cluster Bombs
05 Take Care of
Your Spare to
Avoid a Scare
Rule No.
You probably wouldn’t drive your car across the country
without a spare tire.
Likewise, you probably shouldn’t operate your Exchange servers
without a good backup and recovery plan. Backups are your
last-ditch safety net; they can save your data when the protective
mechanisms built into Exchange and your server hardware
have failed you. However, it pays to be sure that your safety net
doesn’t have any holes in it. You, and everyone else on your
messaging team, should be intimately familiar with how your
backup procedures work. Everyone on the team should be able
to do a restore, on demand, of anything from a single mailbox
up to an entire server (including the operating system). The best
way to develop this level of skill is to practice—a lot. Doing so will
build your confi dence level and your skill.
Apart from the question of whether your backups and restores
work is the question of whether they meet your business needs.
Be sure that your restore processes—including media retrieval,
the actual restore, and any post-restore operations—can be
completed during the amount of time you’ve specifi ed as your
recovery time objective (RTO). Also, you need to ensure that
your backup captures all the data you need for a complete
restoration—don’t forget Active Directory, the Windows Certifi cate
Services certifi cate authority, your anti-spam fi lters, and any
other data that you’d need to completely reconstitute your
Exchange operations.
05 Take Care of Your Spare
to Avoid a Scare
06 Know the
between HA,
DR and BC
Rule No.
Modern messaging operations impose two requirements: protect
your data (and be able to recover it) and minimize downtime.
They’re related, but not identical, and they have different
requirements that you must know and meet:
• Disaster Recovery (DR) is being able to come back from
a failure, whether large or small. DR may involve restoring
from conventional backups, moving work to another node in
a cluster, or shifting operations to an alternate location. For
example, if your server explodes because someone spilled a
diet Coke in it, and you restore it, that’s DR.
• High availability (HA) is being able to avoid failures in the
fi rst place. RAID, clustering, and redundant power supplies
all provide elements of HA capability. If your server explodes,
and no one notices because its work automatically moves to
another cluster node, that’s HA.
• Business continuity (BC) is being able to keep with some
(possibly degraded) degree of functionality while a disaster
recovery is taking place. If your server explodes and you
switch messaging operations over to your remote data center
or a hosted service while you’re repairing it, that’s BC.
DR is something basic that every organization must implement
to some degree, even if it’s only the "spare tire" level. HA is
something that most organizations choose to implement at some
level; BC is usually what those organizations are trying
to achieve.
06 Know the Difference
between HA, DR and BC
07 Monitor,
Rule No.
If a tree falls in the forest, does anyone hear it? I don’t know.
I do know that if your server falls over, you’re going to hear
about it when users start calling your help desk—or you—to
complain. Before that happens, you should take advantage of the
monitoring tools built into Windows and Exchange to keep tabs
on your servers’ performance, health, and behavior.
Windows’ basic performance monitoring tools will tell you
when resource usage goes outside of preset limits, and these
indications can give you valuable advance warning of problems.
If you can’t measure your systems’ performance or availability,
you can’t manage to improve it. Watch message fl ow, resource
usage, and uptime to fi gure out where potential weak spots are.
If you depend on non-Exchange servers for message hygiene
or fi ltering, keep an eye on them, too, to make sure that you
get early warning of problems with inbound or outbound
message fl ow.
For large or complex networks, the money you spend on a solid
monitoring package like Microsoft Operations Manager or HP
OpenView will be money well-spent because you’ll be able to
get timely notifi cations of queue buildups, unexpected changes
in disk space usage, and other conditions that can lead to
Exchange problems if not corrected in a timely manner.
07 Monitor, Monitor, Monitor.
08 Ruthlessly
Drive Out
Rule No.
Writer and explorer Antoine de Saint-Exupery nailed this rule:
"You know you’ve achieved perfection in design, not when you
have nothing more to add, but when you have nothing more to
take away."
As you design your Exchange system, you should ruthlessly
identify and remove every individual single point of failure
(SPOF) that you can fi nd. You may fi nd SPOFs in your physical
infrastructure, your Exchange design, your DNS or Active
Directory confi guration, your processes, or even your people.
(after all, if you have even one irreplaceable person on your team,
what happens when they’re not available?)
The fi rst step to implementing this rule is to identify any area
where you have potential SPOFs (which we defi ne loosely as any
single service, server, or component whose failure can interrupt
your messaging operations). Next, rank the SPOFs twice: once
according to their potential for failure and once according to
the cost of fi xing them. Use these rankings to decide what to
fi x fi rst according to your operational requirements and budget
requirements. Finally, fi x things (at all times being sure to
remember Rule #1!).
08 Ruthlessly Drive Out SPOFs
09 D2D N-O-W
Rule No.
It’s cheap and easy. No, not vending-machine dinners—
disk-to-disk backup.
The fastest way to back up Exchange data is to use a disk as the
target medium; this gives you much faster backups—and thus
quicker recoveries—than using tapes, at a per-gigabyte cost that
compares favorably with many tape-based solutions. You can
take one (or more, space permitting) disk-to-disk backups, then
selectively write them to tape when it’s convenient. This hybrid
approach gives you fast backups, low overhead, and quick
recoverability, plus long-term archival and storage.
You don’t need any additional software to do this, because
Windows’ built-in ntbackup utility can make disk-to-disk backups
of Exchange right out of the box. Third-party backup utilities
add more fl exible scheduling and a wider range of backup
options, but because the bundled tools give you a cheap way
to get started, you should start investigating how disk-to-disk
technology can improve your backup and recovery processes.
09 D2D N-O-W
10Don’t Trade
for Availability
Rule No.
Life is all about tradeoffs; the more successful you are at
making the right tradeoffs, the better off you’re likely to be.
This is true for your Exchange design too—picking the right
combination of hardware, software, and design elements makes
it possible for you to have your cake and eat it too.
The type of RAID system you use, the number of physical disks
you use, and the number and size of your database and storage
groups—these factors have a huge infl uence on the balance
between performance and availability in your system. For the
best mix, choose a RAID level that’s appropriate for your recovery
needs (RAID-1+0 is generally best, but RAID-5 is workable in
many environments) and back it with the right number of physical
disks to give you an adequate number of I/O operations per
second (IOPS).
When you combine the right design principles with good
monitoring and solid backup, you’ll fi nd that your performance
and availability both rise to meet your expectations.
10 Don’t Trade
Performance for Availability
MessageOne’s Emergency Mail System provides guaranteed
email continuity. When your Exchange servers become
unavailable, EMS allows users to continue to send and receive
email through a web browser or via a Blackberry wireless device
without interruption.
No matter what may happen to your physical facilities, data
centers, servers, software, network connectivity, or IT staff,
MessageOne’s Emergency Mail System (EMS) guarantees that
email will always be up and running.
EMS is a Linux-based standby email system that is automatically
synchronized with your primary email environment. In the
event of an emergency or planned outage, EMS can quickly
be activated over the Web or by phone. In less than minute,
selected email users will have direct access to a fully functional
Web-based email account that allows users to send and receive
email from their standard email address. The standby account
includes all of the key features of the primary email system
including contact lists, calendar appointments, distribution lists,
and important historical email.
Today, millions of users depend on EMS at more than 700
companies to ensure that email is always available. EMS is the
only affordable solution to address the shortfalls of tape backup
and traditional mirroring and replication solutions. It is easy to
use, inexpensive, and can be installed in a few hours.
The bottom line: EMS provides guaranteed email continuity – no
matter what.
EMS includes the following features:
• Guaranteed 60-Second Email Continuity – Activate in less
than 60 seconds to provide any employee with full email &
BlackBerry access during an email outage. EMS ensures that
email never bounces and that email system outages are never
evident to the outside world.
MessageOne EMS:
Guaranteed Exchange Availability
• Emergency Access to Historical Email – EMS intelligently
synchronizes historical email to your standby email system
based on your organization’s needs. For example, you can
provide executives with a full email history, managers with
the last fi ve days of email, and other employees with no email
history at all in their EMS inbox.
• Automated Synchronization – Automatically synchronizes
corporate directories, user accounts, contacts, calendars, and
distribution lists to secure SunGard & IBM data centers.
• Designed for Immunity – Linux-based system provides
immunity from viruses and database corruption that may cause
downtime in the primary Exchange environment.
• Quick Recovery – After an outage, EMS automatically moves
all sent and received email back to the primary system in one
step, with all forensic information intact.
Learn More
Learn why leading companies depend on MessageOne’s
Emergency Mail System to ensure that email is always available.
Visit www.messageone.com/mvp or call 888-367-0777 for white
papers, product information, or to request a web-based demo.
Paul Robichaux
Paul Robichaux is a principal engineer for 3sharp. A well-known
corporate messaging expert, Paul is an MCSE and a Microsoft
Exchange MVP. He is the author of several books, including
The Exchange Server Cookbook (O’Reilly and Associates), and
creator of the http://www.exchangefaq.org Web site.
Chris Scharff
Chris Scharff is a Senior Systems and Sales Engineer at
MessageOne. Chris, a MCSE and a Microsoft Exchange MVP,
serves as the technical/reviews Editor and Columnist at Microsoft
Exchange & Outlook Magazine and has contributed to a number
of best-selling reference titles on Microsoft Exchange including
the ever popular Nutshell and Pocket Consultant Guides. Chris
holds a Bachelor’s degree from Iowa State University.
Ben Winzenz
Ben Winzenz is a Senior Systems and Sales Engineer at
MessageOne and a Microsoft Exchange MVP. Ben holds a
Bachelor’s degree from Brigham Young University.
About the Authors
Visit www.messageone.com/mvp for direct access to our
Microsoft MVP product resources including:
• "Avoid Exchange Availability Pitfalls" – A whitepaper
by WindowsITPro author Ed Roth that describes the most
common Exchange problems and pitfalls.
• "Why Email Fails" – A whitepaper analyzing real world
Microsoft Exchange failure data.
• "Building the Business Case for High Availability Email" – A
thorough analysis of the economic and business drivers for
high availability exchange architectures.
• "The Paradox of High Availability" – A webinar featuring
Gartner, Inc. analyst Donna Scott discussing the pros and cons
of various approaches to high availability for Exchange and
other Windows applications.
• Direct access to EMS product information.
Visit www.messageone.com/mvp today!
For Further Reading...
MessageOne, Inc.
11044 Research Blvd.
Building C, Fifth Floor,
Austin, TX 78759

Thursday, April 27, 2006

Exchange Disaster: Be Prepared

I get a lot of calls from people in the hurricane zone about what they can do to be prepared for the new season. Since it is only a couple of months away and forecasters are predicting another active year, DTI Data is getting in gear.

I just received the Exchange Newsletter from Windows It Pro and Paul Robichaux had some great insights I thought I would share with you on Exchange Disaster planning:

"1. Have a bug-out plan. If a disaster hit your business, how would
you get away from the area? How would you decide when it was time to
go? How would you tell your employees not to come to work? In fact, how
would you make the decision to shut down or relocate operations?
2. Keep communicating. How would management and employees
communicate until your email service could be reestablished? Who's in
charge of establishing and maintaining disaster communications?
3. Grab your gear and go. One of my customers implemented its
disaster recovery plan for Hurricane Katrina by shutting down the
Exchange server, pulling all the disks from the storage enclosure, and
taking them by car to Houston. This was an ingenious and effective
solution, given the circumstances. What would you do under similar
4. Now is always better than later. It's better to have a fair
solution now than a perfect solution later. Of course, this doesn't
mean that you should rush out and slap together a disaster-preparedness
strategy out of whatever random products and technologies you can find.
It does, however, mean that you should push disaster recovery and
preparedness planning to the forefront of your list of operational
It's not possible to anticipate every possible disaster, but you don't
have to. The responses to many disasters will be the same; you can make
plans based on the expected duration of recovery, the impact of the
disaster on your facilities and the surrounding area, and other
factors. Even if you don't live in a disaster-prone area (I don't; the
biggest threat in northwest Ohio is apparently highway construction),
you should still be prepared for things such as structure fires, major
traffic accidents (what if a gasoline tanker blew up nearby? That
happened at my wedding!), and so on.
The Boy Scouts say "Be prepared," but I like the US Coast Guard's motto
better: "Semper Paratus," which is Latin for "always ready."

For more info on Hurricane Data Recovery Services.

DTI DATA Hurricane Disaster Recovery Relief Efforts

Wednesday, April 19, 2006

Exchange Disaster Recovery Action Plan

Microsoft Exchange Action Plan

Below is an actual email from a client. The inherent problem with this plan is the fact that there is no mention of te importance to back up your mdbdata folder and it really tells you to delete the log files! This is crazy. Any email activity happening from the time the priv was synched to the crash is in the logs. Many times we have to recover data out of the log files.PLEASE back up all your priv, priv1, stm, pub and LOG files prior to implementing the "action plan"

Michael,This was sent to, and is being forwarded to you via my personal email as our company server was DOWN!!!! Your discretion is appreciated. Quoting Microsoft:
Action Plan:-
1) ESEUTIL /P E:\EXCHSRVR\MDBDATA\PRIV.EDB (After you finish this command please delete all the log (EDB.LOG, EDBXXX.LOG) files from E:\EXCHSRVR\MDBDATA Folder)
After Finishing the above command please type the below command.
5) Go to C:\EXCHSRVR\BIN folder and run the next command.
6) ISINTEG -PRI -FIX -TEST ALLTESTS (Run this command maximum three (3) time to get Error=0, Warning=0, Fixes=0)
7) ISINTEG -PUB -FIX -TEST ALLTESTS(Run this command maximum three (3) time to get Error=0, Warning=0, Fixes=0)

This client lost all data, hundreds of mailboxes and public contacts and calanders! We recovered the data in 2 days! How? he read our home page and backed up his databases prior to running Microsoft Utilities!

Call Michael Stankard at 727-251-2058 for 24 hour Exchange support.

Exchange Data Recovery

Sunday, April 09, 2006

Using ex merge

If a mailbox store becomes corrupted, you can use the Exchange 2000 Server Mailbox
Merge (ExMerge.exe) tool to recover all uncorrupted data. If you can start the
Information Store service, you can run ExMerge.exe against the corrupted mailbox store.
ExMerge copies and transfers uncorrupted data for all users on the corrupted mailbox
store to personal folder (.pst) files. After you run ExMerge, you can reset the Information
Store service and then import the .pst files into an undamaged mailbox store.

ExMerge uses a process that helps you recover all uncorrupted data even if individual
mailbox folders contain corrupted messages. Usually, ExMerge extracts all messages in a
mailbox folder collectively to minimize remote procedure call (RPC) traffic. However, if
a particular message causes an error, ExMerge automatically skips that message and then
begins individually copying the messages that remain in the folder. While copying
messages individually does increase network traffic, it also allows the tool to bypass the
corrupted data. After ExMerge finishes copying each message individually in the mailbox
folder containing the corrupted message, the tool then resumes copying messages
collectively in other mailbox folders until another error occurs.

The ExMerge tool and its documentation are available on the Exchange 2000 compact
disc in the following folder: SUPPORT\UTILS\I386\EXMERGE.

Call our Exchange Hotline 727-251-2058 24/7 - Initial Exchange Support Call Are No Charge. You Only Pay If An Engineer Must Remote In To Solve Your Exchange Issue.

Friday, April 07, 2006

Exchange Server 5.5 Support

dtidata.com is happy to announce it is now offering free phone support for Exchange 5.5. Since Microsoft no longer supports 5.5 we have gotten in so many corrupt 5.5 edb files, that we started phone support just for 5.5.

If anyone needs more info on Exchange Server 5.5 support give me a call: 727-251-2058.

We still offer the best in RAID Data Recovery as well as data recovery software. We also have free data recovery software.

We are offering our Professional Power Pack at reduced rates. Call Michael at 727-251-2058, mention my blog and I will cut you 50% off the list price on data recovery tools. Data Recovery Software

Monday, February 06, 2006

How To Get Exchange Back Up Without Re-Install

Just got this letter from Jerry in San Francisco, CA.


My Exchange server (2000 running on an IBM Netfinity Server) is reporting inconsistencies within the database. It is running, but I am afraid to stop it and run ESEUTIL. Your company restored our files a couple years ago and one of your engineers helped me get up and running with a fresh database without reinstalling Exchange. I have ex-merged all the mailboxes out to pst's, what is next?

My response:

Hey Jerry, the first thing is you need to stop the information stores service. This will allow you to make changes to the MDBDATA folder.

Rename the mdbdata folder to mdbdata_old.

Create a blank mdbdata folder.

Restart the Information Stores Service.

Go to the private mail store within the Exchange Administrator snap in.

Right click on your private store and click "mount". A warning is going to come up: one or more files are missing do you want to create a database? (Or something like that). Hit yes.

Repeat for the public stores even if you don't use public folders you have to re-create the public store as well or Outlook might hang.

Now you are ready to test the sending and receiving.

Always keep in mind that if you need Exchange Recovery call 727-723-3840 for 24 hour support.
Hard Drive Recovery

Hard Drive Recovery