I'm doing the Real Man Cycling Challenge in London on the 14th September. It's a 34km ride through london in aid of The Prostate Cancer Charity, which is a really worthwile cause. If you'd like to sponsor me, head on over to http://www.justgiving.com/sammcgeown and you can sponsor me there - you can even gift aid it if you pay tax!

 Thanks,

 Sam

http://www.therealmancyclingchallenge.com

http://www.justgiving.com/sammcgeown

http://www.prostate-cancer.org.uk/

I thought this would be fairly common knowledge by now, Exchange 2003 being quite mature in it's 5th year, but it's not something I've had a problem with before and therefore I'm going to write about it!

So a big email comes in; lets say it's 8MB. Your Exchange 2003 server, set to it's defaults for size restrictions, rejects the email. Why? Take a look at this Exchange TechNet article:

When the 8MB message crossed the routing group boundary through SMTP and arrived at the destination server, it was approximately 33 percent larger than the original message because of the inter-routing group SMTP increase...The final message had a content size equal to 11,594,558 (11 MB), and the message exceeded the 10-MB Global Limit, thus returning the 5.2.3 delivery status notification.

Petri.co.il elaborates:

Please keep in mind that message send [sic] through SMTP could grow about 10-20 percent because of format conversion (MIME and UUEncode)

For a standard Exchange Server installation, this is how the process of checking the email size goes (see the diagram below for full details):

1. Does the email exceed Global Max submission content length?
2. Does the email exceed the per-user Max Delivery Length for the recipient?
3. If the email is not delivered locally, does the email exceed the Virtual Server SMTP limit?
4. If the email is not delivered locally, does the email exceed the Connector limit?

I won't elaborate on the places you can set the size restrictions, other than to reprint Petri.co.il's list and point you to the full article.

You can set message limits at the following objects:

• Global settings
• System Policy
• Individual mailbox
• Individual message limit
• Distribution list
• Public folder
• Connector
• Virtual SMTP Server

We have a Bonded ADSL solution for our servers to provide the necessary upstream transfer speeds for the applications we host. We have bonded ADSL because our exchange still doesn't support SDSL, and a leased line is overkill. Theoretically, we should have 28.1 Mbps download and 3.2Mbps upload - what I am actually seeing is about 1.7Mbps down and 1.9Mbps up. I have tested this on various servers, over various times and file sizes, there is no doubt that the performance is POOR.

Anyway, on to my point. I wanted to create a file that was exactly 100MB to test transfer speeds. Windows XP, Vista, 2003 and 2008 all have a command line utility called FSUTIL.exe which has a subset of commands to manipulate files, with which you can create a file that is exactly 100MB...like so:

FSUTIL FILE CREATENEW 100MBTest.mdb 1048576

Usage: FSUTIL FILE CREATENEW [Filename] [Size in bytes]

 Nice!

Outlook Web access is a fantastic tool for our company, providing on-the-go access to people's mailboxes - which is of course secured by SSL and uses Forms Based Authentication. Internally, we have an intranet portal that allows us to access the various systems - one of which is OWA. One of the stipulations for this internal portal is that it is all Single Sign On using NTLM authentication - integrated authentication. This is where the problem lies because enabling OWA with Forms Based Authentication over SSL disables Integrated Authentication. So our choice is to have users enter their credentials twice (not acceptable) or to disable FBA and have external users log on with the annoying pop-up.

OR...

You can create a copy of the /Exchange and /Public Virtual Directories and configure them to use Integrated Authentication. You can also restrict access to them by IP...here's how:

 I'm assuming you've already set up OWA with SSL on your Exchange server. If you need to do that, try How do I configure OWA to use SSL? at Daniel Petri's site

1. Log onto your Exchange Server, and open up the IIS control panel. Locate your /Exchange and /Public virtual directories.
2. Right click /Exchange, select "All Tasks" and then "Save Configuration to a File..."
   
3. Go through the dialogue, save to a file and if you're worried about security, add a password.
4. Once you're done, right click any white space in the root web site (or the exchange web site) and select "New", then select "Virtual Directory (from file)..."
   
5. You will be presented with the "Import Configuratio" dialogue, click "Browse..." and select the file you've just created. Click "Read File" and select the Exchange location underneath
   
6. Click "OK" and you'll be asked to provide a new name, or replace the existing Virtual Directory - select create a new one and put an appropriate name (I uses ExchangeIA)
   
7. Now, this step is optional, but read on anyway because you might want to think about it. I only want to allow people on my network to access this using Integrated Authentication, no one else, so I am going to restrict access to the Virtual Directory that I've just created to my IP subnet. To do this right click the newly created Virtual Directory (ExchangeIA) and select the "Directory Security" tab. Under "IP address and domain name restrictions" click "Edit". Now select "Denied access" to deny anyone other than the exceptions, then click "Add.." and enter the details of your network to allow those computers access.
   
8. Now head back to step 1 and repeat for the /Public folder, if Integrated Authentication is required for Public Folders.
   

We recently needed to upgrade one of our applications, and the new version requires an addition server instead of the application and SQL it requires a back end search, a front end web server and a SQL server. The specifications of the new server which are "required" to qualify for support are pretty high. The problem is that the actual processor usage is very light, and it is very hard to justify buying a whole new server that I know is going to be barely used.

The alternative plan was to virtualise the servers, make use of the existing physical hardware, upgrade the RAM and add a couple of drives to the RAID array, which we opted for because it would cost less than £300, instead of £3000.

I forgot, however, the 4GB limitations of Windows Server 2003. 32 bit processors cannot address more than 4GB of RAM, so to get round that you can use Physical Address Extensions (using the /PAE switch in the boot.ini) which enables you to utilise more than the standard 4GB.

Typically a 32 bit system with 4GB RAM will allow 2GB for the kernel, and 2GB for the Applications to use. This means that each application can virtually address up to 2GB of RAM. You can change this balance using the /3GB option in the boot.ini to allow 3GB for applications. Think carefully before doing this!

To enable PAE:

1. Right click "My Computer", select "Properties"
2. Select the "Advanced" tab and click the "Startup and Recovery" button
3. Under "System startup" you can click "Edit" to open the boot.ini file.
4. BE CAREFUL! You can render you OS unbootable! Add the /PAE and /3GB options to the startup (see below for an example) Save, OK and reboot.

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows Server 2003, Standard" /PAE /3GB /fastdetect

It's worth noting that if you have DEP (Data Execution Protection) turned on then PAE will be turned on by default. DEP is on automatically in Windows Server 2003 SP1 - you'll see the /noexecute=[policy level] in the boot.ini

"Nothing can come of nothing" - to quote King Lear, but it seems this is not always true. Marc Andre is giving away an album, and all he asks in return is that you mention it to your friends. I've not listened to it yet, but even if I hate it...it was free!

Thanks to Matt Hellyer for the tip off.

I noticed a post over at David Overton's blog today that highlights a new release of Windows Search. Normally not that exciting, but it is if you're using Outlook to open up another users mailbox.

I have quite a few mailboxes that are opened for historical reasons, people leave a company and I need access to their email. I don't want to bloat my mailbox with all their email, it's hard enough to find my own emails!

Previously, I've not been able to index the other people's mailboxes, this is a distinct bonus!

David's post is here: http://uksbsguy.com/blogs/doverton/archive/2008/06/08/upgrade-windows-search-to-version-4-0-and-improve-your-pc-for-windows-vista-xp-server-2003-and-2008.aspx

It seems that the nice people at Microsoft were looking out for us, lest the evil people in the world see how we categorise our email, and decided to strip away any category information from sent and received objects by default. Sure, I understand if you were categorising emails from someone as "sneaky git" or "numbnuts" then you might not be too happy about sending those out...but really it should be your choice right?

Did you know, for example, that In your Outlook 2007 rules there is a sneaky little enabled by default rule that clears the categories?

Removing that is an obvious first step!

The next step involves editing the registry, so make sure you know what you are doing before editing, always back the registry up first

There are also some registry keys you'll need to add, so open up Regedit and in HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Preferences, create DWORD keys SendPersonalCategories and AcceptCategories with values of 1. You'll need to restart Outlook for them to apply.

Finally, as per this TechNet article,  log on to your Exchange server as an Exchange Organisation Administrator and run the following command in the Exchange Management Shell

Set-TransportConfig -ClearCategories $False

You should be able to send and receive emails, appointments, tasks and any other Exchange object that supports categories, complete with category intact.

I've just upgraded my VMWare Server install to the latest version of the VMWare Server beta, which I have to say, is looking pretty good! One slight niggle that I had was that when I opened the VMWare Remote Console it would tell me that I could not connect, with the error:

Error opening the remote virtual machine SM-00109:8333\16:  The host name could not be resolved.

Clearly THAT's a pain in the proverbial. A quick trawl through VMWare's forums reveals two solutions, one that is clunky and stupid, the other that works. For brevity, the one that works is...

Use the fully qualified domain name of the computer to connect to the VMWare console, so for me, that mean using:

https://SM-00109.domain.dom:8333

instead of

https://SM-00109:8333

Simple!

I've just added some code syntax highlighting to this blog using SyntaxHighlighter and a great how-to article by Scott Dougherty this means that any code I post should look like this:

public static string SayHello(string name){    return String.Format("Hello, {0}!", name);}

There are a few bugs at the moment, one being that tiny_mce is stripping linebreaks from the code posting (just a minor one) and the theme somehow removes the line numbers, but I'm sure I'll find a way around them...somehow.