Wednesday, January 7, 2009

Common Mail Server Configuration Mistakes

1. Installation on Unsupported Hardware

Unless there is a very good reason not to, always install Exchange on hardware supported by Microsoft.  Consult Microsoft’s Windows Server Catalog (formerly the “Hardware Compatibility List,” or HCL) for a complete list of compatible, supported hardware.  In order for a system to be considered supported, it must be listed in the Windows Server Catalog.  Systems containing some supported and some unsuported software are considered unsupported by Microsoft.  In addition to ensuring a smoother installation or upgrade, using supported hardware also means you will receive better technical support from Microsoft or other vendors should the need arise in the future.  Using unsupported hardware can cause problems ranging from intermittent mail outages to total and complete loss of data.

2. Misconfigured DNS

Because Exchange relies heavily on both Active Directory and DNS, a simple configuration problem in either one will cause major headaches for your new or upgraded Exchange environment.  Here are a few of the common configuration mistakes when it comes to DNS and your Exchange environment:

3. Misconfigured Active Directory

Active Directory (AD) plays a crucial role in the configuration, performance, administration, and security of Exchange Server 2003 and Exchange Server 2008.  There are several “gotchas” to watch out for when configuring Active Directory for use with Exchange.
  • Be certain that Active Directory Connector (ADC) is installed, and that you are using the version appropriate to your installation or upgrade.  The ADC is responsible for replicating Exchange information to and from AD, and must be upgraded to the version included in Exchange 2003 prior to upgrading Exchange itself.
  • Check your domain level(s).  Exchange Server 2003 is supported in 5 AD domain levels which basically break down into 2000/2003 mixed or native and mixed 2000 and 2003 domains.
  • See “Overview of operating system and Active Directory requirements for Exchange Server 2003(KB822179) for a complete list of requirements.

4. Disabled Message Tracking

Message Tracking is one of Exchange’s best features for troubleshooting mail delivery problems.  Microsoft describes Message Tracking as follows: “Message Tracking Center, when it is enabled, logs information about the sender, the mail message, and the message recipients. Specifically, you can review statistics such as the time the message was sent or received, the message size and priority, and the list of message recipients. You can also log the subject line of e-mail messages. The Message Tracking Center searches for messages such as system messages, public folder messages, and e-mail messages.” ¹  Unfortunately, Message Tracking is not enabled by default on Exchange 2000 or Exchange 2003.  If you are running Exchange Server 2007, and the system has the Hub Transport server role, the Mailbox server role, or the Edge Transport server role Message Tracking is enabled by default.

5. Misconfigured Anti-Virus Software

It should go without saying that any Windows mail server should have a properly configured and up-to-date anti-virus solution.  One has only to look at the abundance of viruses to be convinced the effort of maintaining anti-virus software is well worth the time, effort, and expense.  Misconfigured anti-virus software, however, especially on such highly-visible and highly-used systems as mail servers, can affect problems from minor performance issues to major catastrophic failures.  Properly configuring the parameters of your anti-virus software can be an art as much as a science.  On the one hand, if your anti-virus configuration is too inclusive, or too stringent, it may cause a severe performance penalty on the system.  If, on the other hand, the configuration excludes too many processes, services, directories or files, or its policies are too lax, it may be vulnerable to attack.  In many cases, this second case is the worse possible scenario a system can be in, simply because an anti-virus solution is installed and configured, therefore it is assumed that the sysem is safeguarded against such attacks.

0 Responses to “Common Mail Server Configuration Mistakes”