Troubleshooting Exchange Server 2003 Server Migration and Interoperability (part 1)

Troubleshooting Installation

An Exchange Server 2003 organization may be created by migration from Exchange 2000 Server or Exchange Server 5.5. However, you may also need to install an Exchange Server 2003 server, or even an entire Exchange Server 2003 organization, from scratch. Normally, Exchange Server 2003 installation is a straightforward process, but things can go wrong. A clean installation of Exchange Server 2003 can fail for a number of reasons:

• The target server does not meet hardware requirements.

• The target server does not meet software requirements.

• You do not have the appropriate permissions.

• The appropriate services are not running, or services are running that should not be.

• Active Directory is not available.

• ForestPrep and DomainPrep have not been run.

• The DNS service is not available.

When you try to install Exchange Server 2003 and not all the conditions are met, the installation program typically responds with a list of all the required conditions. It is then up to you to determine what conditions you have failed to meet. It is therefore wise to go through a checklist before starting to install the software. The first page of the installation setup guidance that appears after you select New Exchange 2003 installation gives you this checklist. It also gives links to ForestPrep and DomainPrep.

Hardware Requirements

The minimum processor requirement is a Pentium 133. However, a Pentium III 500 processor is recommended for Exchange Server 2003, Standard Edition, and a Pentium III 733 for Exchange Server 2003, Enterprise Edition. It is unlikely that the processors on all but your most out-of-date servers fall below the minimum installation requirements, but severe performance problems will result in all but the smallest Exchange Server 2003 organizations if the recommendations are not followed.

The minimum memory requirement is 256 megabytes (MB). It is possible that this could be a source of failure if you are installing on a Windows 2000 Server machine. Windows 2000 Server will install on 128 MB. However, such an inadequate machine would be a strange choice for an Exchange Server 2003 server. What is more likely is that you will experience performance problems if your server memory is below the recommended 512 MB.

Installation will fail if you do not have 200 MB free space on your system drive and 500 MB free space on the partition where Exchange Server 2003 is installed. In practice, you will experience severe problems if your free disk space drops to anywhere near these limitations. An Exchange Server 2003 server will typically use disk arrays for performance and failover protection, and will store at least transaction logs, and possibly also Exchange binaries, on separate disks from the Exchange databases.

It is unlikely that the machine chosen for Exchange Server 2003 installation will not have a CD-ROM drive or VGA graphics. It is, however, necessary to ensure that all disk partitions involving Exchange Server 2003 are NTFS. Typically, all partitions in Windows Server 2003 servers and Windows 2000 Server servers are NTFS unless the machines are dual boot.

Software and Service Requirements

Exchange Server 2003 will not install unless the target machine is running either Windows Server 2003 or Windows 2000 Server with Service Pack 3 (SP3) or later installed. If you want to use Windows clustering services for failover protection, then either Windows 2000 Advanced Server or Windows Server 2003, Enterprise Edition, is required. Network Load Balancing can be implemented on Windows 2000 Server or Windows Server 2003, Standard Edition. The SMTP, Network News Transport Protocol (NNTP) and World Wide Web (WWW) services must be installed and enabled on the server before you start Exchange Server 2003 installation, and the Post Office Protocol version 3 (POP3) service should not be installed. NNTP is required for installation, but you should subsequently disable it unless newsgroup functionality is required.

If your server is running Windows Server 2003, then Active Service Pages (ASP.NET) must be installed. It must also be enabled using the Internet Information Services (IIS) Manager console. Windows Server 2003 has Microsoft .NET Framework built into the operating system and you do not need to install it.

Permission Requirements

You need to run ForestPrep when you install the first Exchange Server 2003 server in a forest and hence create an Exchange Server 2003 organization. ForestPrep can take some time—often an hour or more—to complete.

You need to run DomainPrep on the forest root domain, on all domains that will contain Exchange Server 2003 member servers, and on all domains that will contain Exchange Server 2003 mailbox-enabled objects. Most administrators remember that they need to run DomainPrep on child domains in their forests, but it is easy to forget that you also need to run it on the forest root domain directly after running ForestPrep.

To run ForestPrep for the first time in a forest, you need to be a member of the Schema Admins and Enterprise Admins groups. The Administrator account on the first domain on the first tree of a forest is by default a member of both groups, but it is good practice to use that account as seldom as possible. If you need to run ForestPrep again, then you can do so if you have Exchange Full Administrator permissions at the Exchange organizational level. The same level of permissions is also required to install the first Exchange Server 2003 server in a domain or to install an Exchange Server 2003 server with the Site Replication Service (SRS) enabled. To install additional services in a domain, you need to have Exchange Full Administrator permissions at the administrative group level. To run DomainPrep, you need to be a member of the Domain Admins group in the target domain. If you do not have sufficient permissions, then the installation will fail.

Removing an Exchange Server 2003 Server

The Exchange Server 2003 server installation wizard is also used to remove an Exchange Server 2003 server from an Exchange Server 2003 organization. You need the same level of permissions to remove a server that you do to add one. However, you can have problems that you need to troubleshoot when removing servers. For example, the wizard will not remove a server unless you have deleted or moved all the mailboxes on that server. In this case, the wizard stops with an error message, and you have two choices:

• You can move or delete all the mailboxes.

• You can forcibly remove the Exchange Server 2003 server from the organization.

The second process will result in the loss of any data held in public stores or mailboxes on the server. It is carried out using Exchange System Manager, and you need to power the server down or else an error will occur. This implies that the server you are removing cannot be the only machine on which Exchange System Manager is installed. (It would be very bad practice if it were.)

Troubleshooting Connectivity

Another possible reason for installation failure is that your target server is not connected to the services that you think it is. You can perform simple tests such as pinging a domain controller and a DNS server, or using the nslookup utility. However, more powerful tools are included in the Support/Tools folder on the Windows Server 2003 installation CD. The netdiag utility is used to test network connectivity, and the dcdiag utility can test both network connectivity and DNS resolution.

The netdiag command-line diagnostic utility is used to isolate networking and connectivity problems by performing a series of tests to determine the state of your server. This tool has a number of switches that let you specify specific tests, and to fix simple faults. However, a major advantage of the tool is that it can run without specifying any parameters or switches. You can therefore focus your efforts on analyzing the output rather than on training users how to use the tool.

The dcdiag command-line diagnostic utility analyzes the state of domain controllers in a forest and reports any problems. It is a powerful tool, with a large number of (optional) switches, which provides you with detailed information that lets you identify abnormal behavior in the system. The tool consists of a framework for executing tests, plus a series of tests that verify different functional areas of the system.

Troubleshooting Migration

Migration is designed to be straightforward and can be rolled back if problems occur. Problems, and hence troubleshooting requirements, are mainly associated with transferring user mailboxes. In Exchange 2000 Server, as in Exchange Server 2003, there is a one-to-one relationship between user accounts and mailboxes. However, Exchange Server 5.5 maintains its own directory independent of Windows, and a single Windows user account could be associated with multiple Exchange Server 5.5 mailboxes. This can cause problems when migrating Exchange Server 5.5 to Exchange Server 2003.

If you use the Active Directory Connector to move mailboxes, it creates a new disabled user account when it cannot match a mailbox to an existing user account. The problem with this method is that the newly created user accounts have different security identifiers (SIDs) than the accounts currently in use in the source organization. As a result, they have no permissions configured, and they are not the mailbox owners for the corresponding mailboxes. To work around this problem, you need to enable each account manually and then grant that account permissions to the associated mailbox.

The preferred migration technique is to use the Active Directory Migration Tool, which is found in the \I386\ADMT folder of the Windows Server 2003 installation CD. This tool migrates the SID history of the user account, which enables accounts to retain their permissions after the migration. However, a problem can occur when using the Active Directory Migration Tool. If you find that the user passwords have not been migrated, and that as a result you need to set the passwords manually, then you may have used an old version of the tool. Version 2 on the Windows Server 2003 installation CD can migrate passwords. Previous versions cannot.

Another problem that can occur during migration involves the use of connectors. If the Exchange Server 5.5 server was configured with an Internet Mail connector, then you need to configure an SMTP virtual server on the Exchange Server 2003 server and change the Mail Exchanger (MX) record in DNS to point to the new server. There will be a disruption in Internet mail delivery while this information propagates over the Internet. This is unavoidable, and the changeover should be done at off-peak server usage times. If the changeover is not done, the Exchange Server 2003 organization will continue to use the Internet Mail connector. In this case, when you take the Exchange Server 5.5 server out of service, internal mail is unaffected but all Internet mail stops. The temporary workaround is to put the Exchange Server 5.5 server back on the network, but you should switch to the SMTP virtual server as soon as possible.

Troubleshooting Interoperability

When your Exchange Server 2003 organization is interoperating with other e-mail systems, problems can occur due to formatting incompatibility or to the use of Exchange-specific functions such as calendaring. For example, Exchange Server 2003 sends messages across an X.400 connection in native Exchange format. This works when the system at the other end of the connection is also running Exchange, but if the destination system is, for example, UNIX, then the message will be garbled. The solution to this problem is to clear the Allow Exchange Contents option on the X.400 connector and allow standard X.400 formatting to be used.

Sometimes an X.400 connector is the solution rather than the problem. By default, Exchange Server 2003 routing groups are connected by routing connectors. If, however, the connection is unreliable or non-persistent (a demand-dial connection, for example), then transfer reliability can be improved by using an X.400 connection, which uses message-based data transfer rather than remote procedure call (RPC).

You also need to take care how you specify encoding formats for your POP3 and Internet Message Protocol version 4 (IMAP4) clients on the relevant virtual servers. If your clients use UNIX to UNIX encoding (uuencode), then your virtual servers need to be set up appropriately. For Macintosh clients, you need to specify uuencode and then select BinHex for Macintosh.

Microsoft Outlook users tend to take calendaring for granted because it is a built-in Outlook function. However, the Calendar Connector’s properties are set not to synchronize calendar data by default. Thus when Outlook users attempt to view the schedules of users on foreign systems, for example Lotus Notes, the information could be out of date.