Technical Discussion Forum

What is the difference between Firewall server and Proxy server?

2007-09-20T02:04:00.000-07:00

Reply 1)

Firewall server is primarily meant for protecting internal IT infrastructure from being attacked from the internet. These are generally standardized devices like Cisco PIX or software based solutions like Checkpoint and Microsoft ISA. Some of the devices can also function as enablers of internet sharing.

Proxy servers are meant for internet sharing and hiding the internal users information like (IP Address) from the internet. Some proxies also function as firewalls. But that is not what they are designed for. A company which has a good firewall may not require a proxy. However, if a company is just sharing an internet connection on a server may want to use proxies, so that internal users can access the internet through the same connection using the proxy. Windows 2000 onwards provides an inbuilt feature called “Internet Connection Sharing” which can have the same functionality. Typically cyber cafes and similar sized / type setups use proxies.

Reply 2)

Does NAT performs the same stuff similar to proxy server?

Reply 3)

Not really.

The objective of NAT is to enable 2-way communication with the internet of a machine which is not internet facing. For example, if you want to access your desktop computer from your home via broadband, how will you do it? Although you are connected to the internet from home and your office desktop is also connected to the internet through the default gateway. However, your office desktop computer has a private IP range (172.18.x.x) which is not recognized on the internet. So, there are 2 ways in which you could access your office desktop from home:

1) Connect your office desktop outside the router and let it get the public IP from the service provider. This will mean that only your office desktop will be able to access the internet and no one else will be able to access it (unless your office desktop is configured as a proxy server and everyone’s Internet Explorer is configured to use your office desktop as a proxy). With this arrangement, both your home computer and office computer have public IPs from the internet and hence you can connect as if you were on a LAN (not from the speed perspective).
2) The other option, is to let your office desktop continue using the intranet IP (172.18.x.x) and configure a NAT on the router / firewall. Basically, NAT will map an internet public IP to your office desktop’s internal IP. So let’s say, the public IP configured to NAT is 1.2.3.4 and your office desktop IP is 172.18.2.5. Now, you can connect to your office desktop from your home using the IP 1.2.3.4 (still not your internal IP 172.18.2.5). When this request hits the router / firewall, they will know that the IP requested (1.2.3.4) is meant from your office desktop (172.18.2.5) and it will route the packets accordingly.

Reply 4)

I would like to add something on the Proxy servers,
Proxy servers are used for internet sharing.
In other words , if we start looking at proxy servers from OSI model, these servers work in Application layer. When we talk about firewall, we are dealing with network layer and below.
That’s the main difference between Proxy servers and firewalls.
Proxy servers only deals with internet sharing, when we setup a proxy server we can have a excellent control on internet usage for internal users and that’s the reason why we see proxy servers in net cafes.
Proxy servers also cache internet contents and when any users requests same, it just picks from cache and shows to the user.
(this is another sign that Proxy servers work in Application layer)
Also in many environments we see that proxy is setup and Network admin configures group policies for Proxy servers ( under internet explorer settings.).

How to generate events about users receiving warning messages about mailbox storage limits in Exchange 2003?

2007-09-06T05:42:00.001-07:00

You can configure Exchange to automatically report to the Application event log the users who are exceeding mailbox store limits. To configure reporting of which mailboxes are being sent warning messages about their storage space, follow these steps:

1. Start Exchange System Manager.
2. Confirm that each mailbox store has a Warning Message Interval designated (on the Limits property page).
3. Under the Servers container, right-click the Exchange 2003 server you want to report on storage warnings, and then click Properties.
4. Click the Diagnostics Logging tab, open MSExchangeIS, and then click Mailbox.
5. Click Storage Limits, and then set the logging level to Maximum. Click OK.

Once this is completed, you will see the following event IDs in the Application log on the Exchange 2003 server you are monitoring:

◆ Event ID 1077 indicates which mailboxes exceed their storage warning limit.

◆ Event ID 1078 indicates which mailboxes exceed their prohibit send limit.

◆ Event ID 1218 indicates which mailboxes exceed their prohibit send and receive limit (mailbox disabled).

How to restrict only certain versions of Outlook to connect to Exchange server?

2007-09-05T03:24:00.000-07:00

From Exchange 2000 Service Pack 1, a new feature was introduced which enabled the Administrator to allow only certain versions of Outlook to connect to the Exchange Server. This is typically handy in large organizations which have multiple versions of Outlook running. This feature is used to prevent users who are still running an older version of Outlook to connect to the Exchange server.

A general recommendation is not to allow Outlook clients older than Outlook 2000 Service Pack 3 from connecting to the Exchange server. The reason is the enhanced security feature called “Email Security Update” which was introduced in Service Pack 3 of Outlook 2000.

This feature is also handy to prevent your users from installing Beta versions of Outlook, as these may cause loss of productivity and increase in the number of helpdesk calls.

For implementing Outlook version, restriction, the MAPI version of Outlook is required. There is a MAPI version available from Outlook  Help  About. We are not talking about this version number. The version number needs to be obtained from the Exchange server. This is available under Logons in the Exchange System Manager, under the column Client Version. Below is the diagram which shows this:

The version number presented is in the form of w.x.y.z

The number required for restricting access to certain version of Outlook is w.y.z. The number in x is not required.

The most important value in this table is the value in the Value Required to Restrict Logon column. By default, Exchange allows all versions of MAPI clients to access the mailbox stores. However, you can restrict access to the mailbox and public folder stores to specific versions if you create a Registry value called
Disable MAPI Clients of type REG_SZ in the following Registry key:

HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem

In this Registry value that you created, you will put in the values of clients that should be prevented from accessing the Information Stores. It is also permissible to put in a range of versions; entries must be separated by a comma. The Exchange components must always be allowed to access the store.

NOTE: The MAPI version 6 components must always be allowed to log on. They are the Exchange 2003 components such as the System Attendant or the Exchange System Manager.

Once this feature is in place, clients will get a “The attempt to log on to the Microsoft Exchange Server computer has failed” message if they try to access the Exchange server from a client whose MAPI version you are blocking. However, Outlook 2003 gives a little more intelligent and explanatory pop-up message:

What is SIP?

2007-09-03T06:59:00.000-07:00

Session Initiation Protocol (SIP), a signaling protocol, is used for establishing a session in an IP network — from a simple two-way telephone call to a multi-media conference call session with many participants. The IP telephony industry has recently adopted SIP, an RFC standard (RFC 3261) from the Internet Engineering Task Force (IETF), as the protocol of choice for signaling because of its ability to facilitate Internet applications by working with other protocols. It is not the be-all and end-all of protocols — it was designed to be a facilitation mechanism, not an all-inclusive solution. Its flexibility is what makes it so powerful, and an all-inclusive approach does not offer this level of flexibility.

Essentially, SIP establishes, manipulates and tears down sessions, and its main purpose is to help session originators deliver invitations to potential session participants wherever they may be. It uses URLs to address participants and SDP to convey session information and it’s easy to combine SIP with other applications, like Web browsers and messaging. The bottom line is that it’s a modular approach to maximizing IP telephony protocols. SIP can find and invite call invitees wherever they are. It facilitates multi-media calls with many participants who may join and leave at will.

How to customize system messages in Exchange Server?

2007-09-02T06:34:00.000-07:00

This is typically used when there is a need to customize system messages. For example, if there is a mailbox storage limit, and the default message that goes to the mailbox owner when a warning threshold is reached, needs to be customized, there are no options available through a GUI. These messages (and other system messages) can be customized by modifying a DLL file where all the system message contents are stored. A word of caution before editing DLL files:

1) They will be overwritten each time a patch or service pack attempts to upgrade the file to a newer version
2) If Microsoft PSS is working on an issue on the server, the file will need to be replaced with the default file.
3) Any modifications to the system file like a DLL file can make the system unstable

All the system messages are stored in a file called MDBSZ.DLL. This file is located in the Exchsrvr\Bin directory.

Unlike most files, this file cannot be opened in Notepad and changes made to it. Instead, Microsoft has released a bunch of tools called as ‘Resource Localization Toolset’. This includes a tool called RLSQuikEd. This is a tool that will need to be used to open and edit the MDBSZ.dll file.

The Resource Localization Toolset can be downloaded from http://tinyurl.com/88ash

It also contains a self help document called RLTOOLS.DOC

Below is the screenshot of a system message being modified by RLSQuikEd

How to allow only certain users to access the Exchange Server Information Store?

2007-08-26T05:34:00.000-07:00

The Exchange server information store be default allows all users to connect. There are some scenarios when the administrator wants to connect to the server and verify things, without having the end users connecting to the server. This is a typical requirement post maintenance, when an administrator wants to check the functionality of the server, but at the same time he does not wants any user to connect to the server. This can be done using the methods below:

1) Getting the LegacyExchangeDN attribute of the user to whom access needs to be given
2) Restricting access only to that user from the registry

We will see below how to do the above steps:

1) Getting the LegacyExchangeDN attribute of the user to whom access needs to be given.

LegacyExchangeDN attribute for the user can be obtained by using the ADSIEdit.exe or LDP.exe to run a LDAP query against the Active Directory.

2) Restricting access only to that user from the registry

1. Run the Windows NT Registry Editor (REGEDT32, not REGEDIT).

2. Locate the HKLM\System\CurrentControlSet\Services\MExchangeIS\ParametersSystem Registry key.

3. Select Edit Add Value, type Logon Only As, and select REG_DWORD in the Data Type box.
4. Enter 0 to allow anyone to access the Information Store or enter 1 to block access to the Information Store.

5. Create another Registry value by choosing Edit Add Value, type Trace User LegacyDN, and select REG_SZ in the Data Type box.

6. In the Data box that appears, enter the legacyExchangeDN of the mailbox that will be allowed to access the server. If you leave this box empty, no one will be able to access the server. The DN should be in the following format:

/O=Domain/OU=Sales/CN=Recipients/CN=Mathew

7. Stop and restart the Information Store service for the change to take effect.

What is new in the Move Mailbox wizard of Exchange 2003?

2007-08-24T22:35:00.000-07:00

Following are the additions in the Move Mailbox wizard of Exchange 2003:

1) The Move Mailbox wizard is now multi-threaded. Hence moving mailboxes will be less time consuming, because 4 mailboxes can be moved simultaneously
2) There is an option to ignore the alerts received while moving mailboxes and carry on the movement. Also the number of errors to pass before halting the movement can be specified.
3) Now a start time and end time can be specified for moving mailboxes. So if the activity is scheduled for late night start, someone need not wait by the server to start the moves.
4) The wizard provides an XML report after completing the move with the details of mailboxes moved and errors encountered.

How is availability calculated?

2007-08-23T06:32:00.001-07:00

There are 2 terms which goes into the calculation of availability:

Mean Time Between Failures (MTBF)
Mean Time to Recover (MTTR)

Availability is calculated by applying the formula below:

For example, if a network switch fails after 500,000 hours of service and it takes 24 hours to repair it, then the availability becomes 99.99520

If this availability is not acceptable and the repair time cannot be reduced, the alternative is to keep spares. In the previous example, let’s say, replacing the switch with a spare switch takes just 1 hour, then the availability comes down to 99.99980.

What does Exchange do during online maintenance?

2007-08-18T22:08:00.000-07:00

Following is the list of activities done during an online maintenance for Exchange:

1) If the mailbox retention period is 1 month, and a deleted mailbox has reached 1 month, it is deleted during the online maintenance process.
2) If deleted item retention period is 1 month, and a deleted item has reached 1 month, it is deleted during the online maintenance process.
3) An online defragmentation is performed on the store which rearranges all the white space in the database. This does not compacts the database file size.
4) The online maintenance process queries the Active Directory to verify that the mailbox’s associated user account is still available.
5) For public folder stores, the online maintenance purges all messages marked for expiration.

Online maintenance and online backup cannot run simultaneously. If an online backup of a single store is triggered during online maintenance, the online maintenance will halt.

How to determine whether Exchange 2003 is running Standard or Enterprise Edition?

2007-08-11T21:49:00.000-07:00

Reply 1)

We can find out which Exchange Version is running by using the event viewer. The following event id will get generated when exchange server installed.

Standard Edition: Event ID 1216
Enterprise Edition: Event ID 1217

Reply 2)

Great. Any other ways???

Reply 3)

Also if, under the servers Protocol container, you see an X.400 container, it has to be an Enterprise Edition

Reply 4)

Just to elaborate my point
Click start -> Run -> Type regedit.
Expand HKEY_LOCAL_MACHINE
Find software, expand software
Scroll to find Microsoft and expand it.
Then expand windows followed by current version and then finally uninstall.
Locate the GUID key which tells you what version you are running.
Like on my VM it is F95DE19F-CF69-4b03-81B6-9ec050D20D3b which says the server running is Enterprise Full Packed Product.
If you select the above key it also gives you the details like Installation path, display name, publisher name, uninstall path. You can also right click and modify the path but this may land you in nasty trouble.

What is brute force attack?

2007-08-10T07:34:00.001-07:00

Reply 1)

Brute force attack is nothing but trying each and every combination of the password with the authority.
Let’s say we know that password 3 character long – taking this as just a example.

These 3 characters will be from following sets

A-Z
a-z
1-9

So attacker will start from A and check that till 9 for first set.
Then he will start with 2 characters – AA till he reaches till end 99.
Then he will start with 3 characters – AAA till 999
Here I am not considering the symbol set (~!@#$%^&*()_+|{}:”<>?,./;’[]. )
That is how the brute force method works.

There is one more common method which is used more.
That is Dictionary attack.
In dictionary attack, there is a file which contains all words – which generally people may use as passwords
Using such files, number of attempts gets reduced.

Let’s talk about something about Active directory, what is the functionality provided by AD to avoid such attacks.

In AD we see that if we type a wrong password for about 3 or 4 times then it gets locked for some period. (we can set count in password policy in Default Domain policy)

This functionality reduces the attack surface.

By locking your account, attacker can’t attempt any more passwords for 20 or 30 min as your account gets locked out. ( again account lockout period can be set in password policy)
This increases time for attacker. Also gives time and notifications to admins that something is going on for specific account.

What are rootkits?

2007-08-09T01:54:00.000-07:00

Reply 1)

The word “rootkits” comes from the two words “root” and “kit”. Root refers to the user with maximum rights in UNIX systems (this can be UNIX, AIX, Linux, etc.). This person is called the “super-user”, the “administrator”, or one of a host of other names. Specifically, it represents the highest level of authority present within a given IT system. On the other hand, the “kit” is a group of tools, so a rootkits is therefore a group of tools with a root category.

A rootkits is a program or set of programs used by an intruder to both hide their presence on a computer system and allow future access to that same system. A rootkits is designed to hide logins, processes, files, and logs, and may include software to intercept data from terminals, network connections, and the keyboard.

Reply 2)

Perfect. Is there any way to detect and remove rootkits?

Reply 3)

Hi,

There are effective measures we can implement to minimize the risk of being afflicted by root kits or spyware. We can maintain below steps to minimize the risk of root kits.

• Maintain up-to-date antivirus and antispyware software.
• Deploy network and host-based firewalls.
• Stay current on patches for operating systems and applications.
• Harden the operating system.
• Use strong authentication.
• Never use software from sources you do not trust.

However, there are several tools to detect rootkit, including Vice, Patchfinder2 and klister.Many tools are written by the same people who created rootkits.

Microsoft's "GhostBuster" Can Detect Root Kits and Trojans.

This program will stop all other user programs. flushing the caches, and then doing a complete checksum of all files on the disk and a scan of any registry keys that could auto start the system, writing out the results to a file on the hard drive.

This program CD boots its own OS, and the scan is repeated. Any differences indicate a rootkit or other stealth software, without the need for knowing what particular rootkits are or the proper checksums for the programs installed on disk.

Reply 4)

Perfect. Some more points that come to mind:

1) Rootkits are generally mistaken for ‘exploits’. They are not exploits, but a bunch of tools left behind on an exploited system by the hacker. The objective is to easily access the exploited system again
2) Generally, it is believed that Rootkits are associated with UNIX systems and Windows are safe from it. It is far from reality and rootkits exists for Windows systems as well. Some examples are Subseven and NetBus. They operate in the User mode of Windows and if the anti-virus signature files contain the right definitions, they can be detected.
3) Rootkits which operates from the Kernel mode are impossible to detect, since they are placed between the OS and the applications. Most anti-virus applications only scan the user mode.
4) One of the signs of the presence of a rootkit in the system is the incorrect display of disk space. For example, if the disk capacity is 200 GB and the files occupy about 150 GB. If the free space displayed is less than 50 GB, there is a possibility of a rootkit running on the system.

Reply 5)

I would like to add couple of things more here:

1. We can run utility called UnhackMe, which will detect Rootkit on the systems
2. We can run ProceXP to detect any malicious services running (usually service with no description or company name)
3. Check if FTP anonymous access is turned on.
4. Check MSConfig for any suspicious services/SW configured to run on StartUP
5. Check for FXSVC and scanner.ini files
6. Check for files with .DIC extensions
7. Check Java folder
8. Check …/system32/LogFiles for logs and any malicious activities or IPs connecting to server (exXXXX.log and httpXXXX.log)
9. Check Desktop folder for user used in attack and see if anything stored there which looks suspicious
10. run c:/>cmt /f to check for malicious software
11. go to pandasoftware.com and run free AV check (caution on Exchange servers)
12. run netstat to check malicious software
13. run nbtstat –a to check routing table
14. run rout print

We normally perform above steps whenever we found that any server is compromised. If anybody has any queries please let me know.

Reply 6)

There is one more tool provided by Microsoft called WOLF, but for this we need to call Microsoft and create a ticket then Microsoft Security Team will run this tool on your system and it will remove rootkit from your system.

What is the difference between share level permissions and NTFS permissions...??

2007-08-09T01:51:00.000-07:00

Hello All,

What is the difference between share level permissions and NTFS permissions...??

Is there any changes in Windows server 2003 for share level permissions??

Thanking you.

Reply 1)

1 difference between NTFS and share level permissions is that NTFS permissions are applied irrespective of the folder being accesses locally or over the network. Share level permissions are applied ONLY when accessing the folder over a network.

Please contribute guys, there are many more differences between NTFS and share permissions.

Reply 2)

Alright, since no one is answering, below are the difference:

NTFS permissions can be applied to files as well as folders. These are applied at the NTFS level, which means that anyone who needs access to the file or folder must have NTFS permissions for it.

Share permissions can only be applied to folders. A person can access the folder locally, even if there is no explicit permission given to him. The only condition is, there should not be an explicit “Deny” share permission for the user.

A user can have different levels of NTFS and Share permissions. Let’s say a user has Read (NTFS) permission and Change (Share) permission, in this case, the most restrictive of the combined permissions gets effected.

What is ExMerge and what can it be used for?

2007-08-01T07:00:00.000-07:00

Reply 1)

Exmerge is Microsoft Exchange Mailbox Merge Program.It is used to extract data from Mailboxes on a Microsoft Exchange server and merge this data in to Mailboxes on
another Microsoft Exchange server. The program copies data from the source server in to personal folders (.pst) files, and then merges the data, in to Mailboxes of destination server.
It is useful in Disaster recovery & Migration.

Reply 2)

ExMerge stands for Microsoft Exchange Server Mailbox Merge.

Mailbox Merge is used to extract data from mailboxes on a Microsoft Exchange Server and then merge this data into another Microsoft Exchange Server. The program copies data from the source server into Personal Folders (.PST files) and then merges the data, in the Personal Folders, into mailboxes on the destination server.

How to index pdf files using Full Text Indexing of Exchange 2003?

2007-08-01T06:58:00.000-07:00

Reply 1)

There is a ifilter available from Adobe, which we need to install.
Then we can perform indexing on PDF files as well.

There is ifilter available for WordPerfect files as well from Corel.

Note :
What is iFilter ?
We can say its Indexing filter.
IFilters extract textual information from particular document formats.

Reply 2)

This is correct. However, the configuration is not done from within Exchange System Manager, but is done from Microsoft Search MMC. This console is not visible by default and a dll file called mssmmcsi.dll needs to be registered using the command

Regsvr32 mssmmcsi.dll

This will display “Microsoft Search” as one of the consoles in MMC

Need to follow the steps below to enable Full Text Indexing to start indexing the pdf files:

1. Open the Search MMC, and navigate through the servername ExchangeServer_servername Catalog Build Server.
2. Right-click the index catalog name on which you want to include PDF attachments in the full-text index, and choose Properties.
3. Click the File Types property page.
4. Click the Add button, include PDF in the list, and then click OK.
5. If the index exists, delete the index, and re-create it. If not, simply create the index.

Acrobat PDF documents will now be included in your full-text index searches.

What are the issues in using Full Text Indexing?

2007-07-27T04:30:00.000-07:00

Reply 1)

When we deploy full-text indexing, we select an individual public folder or mailbox store to be indexed & then conduct full-text searches on the messages and attachments contained in the public folder or mailbox store. By default, the index contains the subject and body of a message, along with names of the sender and recipient and any names that appear in the Cc and Bcc fields. The index also includes text from the following types of attachments: .doc, .xls, .ppt, .html, .htm, .asp, .txt, and .eml (embedded Multipurpose Internet Mail Extensions (MIME) messages) files.

Issues in using full test indexing :

Binary attachments, such as pictures and sounds, are not indexed.

Search results are only as accurate as the last time the index was updated. Because the content of public folders or mailbox stores changes, the index must be updated to reflect the new content.

Reply 2)

Few more issues in using Full Text Indexing are listed below:

1) Index data generated for Full Text Indexing can eat upto 10 – 40% of the store size
2) Indexing is a CPU intensive process and CPU utilization can reach upto 90% during an index refresh

Sending emails using scripts

2007-07-27T04:28:00.000-07:00

Here is the deal..

Yesterday I built my exchange machine .. fresh VM.

Joined it to a brand new domain. (Shantanu.local)
1.Created a 100 users using a script {Script} (Apptixuser1 to Apptixuser100)
2.Created mailboxes for all these 100 users using Dsa.msc (Selected all users , Right click -> Exchange task -> Create Mailboxes)

3.Now I want to grow my database size to few GB’s.

Step 3 is little complicated as I can’t find any way to send mails using scripts.

Please note that I am trying to send different emails.
When I send a email with attachment to all my users in domain – let’s say I have a attachment of 30MB and I send same mail to all the users in my domain in a single mail – my database size is growing only 30MB.
Can anyone please explain what’s going on in background.. ??

Please help me to increase my database size and also help me to understand better how database is growing..

Reply 1)

This is called ‘Single Instance Storage’, which works as follows:

1) 1 mail is sent to 5 mailboxes (or any number) with a 2 MB attachment
2) Exchange stores a single copy of the mail in the database and creates a link for this message in each mailbox. So a total of 6 links are created for a single message. 5 in Recipient’s Inbox and 1 in sender’s Sent Items folder
3) Due to this reason, the database size will grow only by 2 MB and not by 10 MB
4) The idea behind this was to save storage size in earlier versions of Exchange, because the Standard Edition database was restricted to 16 GB max size

There are few exceptions to this rule:
1) Single Instance Storage is maintained only within the same mailbox store. So in case the above 5 mailboxes are located on 5 different stores, a copy of the message will be stored on each store and the collective size of all 5 mailbox stores will grow by 10 MB (2 MB each)
2) Single Instance storage is broken if a message is modified. For example, if all 5 mailboxes are located on the same store, but 1 of the recipients opens the mail, and makes a small change and ‘Saves’ it again, it is stored as an additional copy, thereby increasing the size of the store by 2 MB to a total of 4 MB.
3) Single Instance storage is broken after an ExMerge. For example, if all 5 mailboxes are stored on the same store and someone Exmerges them out, they will consume 10 MB. Single Instance Storage will not be recreated after importing the exmerged data back into the store. The store will then have a size of 10 MB.
4) Lets say, 3 out of 5 messages are moved to a different store. In the new store also, a single copy of the message will be stored, with links to 3 moved mailboxes.

Hence one of the criteria for designing the structure for multiple stores is by grouping together people who need to send mails within themselves, for example, department or location.

Do let me know, if anyone has any queries.

What is Physical Address Extension (PAE) and its relevance with Exchange 2003?

2007-07-26T05:26:00.001-07:00

Reply 1)

Microsoft has improved memory management for Exchange through techniques such as Dynamic Buffer Allocation within the Exchange Server 2003 Informaton store. However, Exchange developers still must depend on the underlying hardware and OS to effectively use memory. And since we don’t yet have a 64-bit version of Exchange, Exchange is limited to 4GB of address space.However, recent OS and hardware advances help Exchange make the most of 32-bit.

Physical Address Extension (PAE) is a hardware technology that lets windows applications on IA-32 servers address more than 4 GB of physical memory.PAE actually uses 36 bits to create additional addressable memory. PAE lets an OS memory manager use a three-level address-translation scheme to access memory above the 2 GB or 3 GB available on servers that don’t use PAE.

For more information refer the following link-
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/techref/26eccf33-2454-4222-841a-c6d5aa1fc54c.mspx. . . .

Reply 2)

The PAE switch is applied in the BOOT.ini file at the end of the OS line

It operates in 2 modes, /PAE (turns PAE on) and /NOPAE (turns PAE off).

PAE was disabled by default in Windows 2003 RTM, but was enabled by default with SP1.

Error -1018 in Exchange 2003

2007-07-20T07:01:00.000-07:00

Why is -1018 such a dreaded error in Exchange 2003?
What are the possible situations when you see it?
How does it impact your operations?
How do you fix it?

Reply 1)

Why is -1018 such a dreaded error in Exchange 2003?

This error indicates Hard drive error and this causes dismounting the database(s). Even if you try to mount the database you will not be able to mount the database and you might get error c1041724.

You will the -1018 error during offline defrag, but it is only if you are using any different version of eseutil utility, like if your database is belongs to 2003 and you are using eseutil of Exchange 2000 then you will get -1018 error during offline defrag process.

What are the possible situations when you see it?

If there is a problem with Hard drive then you will find a event id 474 in your Application log which mentions in the description that there could be a problem with your Hard drive. You will see the event id as below:

Date: date
Source: ESE
Time: time
Category:
Type: Error
Event ID: 474
User: N/A
Computer: Servername
Description: Information Store (2240) The database page read from the file "E:\program files\exchsrvr\mdbdata\priv1.edb" at offset 204275712 (0x000000000c2d0000) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 303571876 (0x121823a4) and the actual checksum was 303571940 (0x121823e4). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup.

If you see -1018 value it means your hard drive is in trouble and you will not be able to mount the store due to bad hard drive. You need to check since when you are getting this error.

In this case you have only option is replace the bad hard drive and restore the good backup with good log files. Reply the log files with the restored backup and mount the store. You might loose the data if you don't have recent good backup.

You might not be able to mount the database(s), if the database is mounted client might facing a problem of slow connectivity. Most of the clients will not be able to access their attachments, etc.

How does it impact your operations?

If the database(s) is dismounted nobody will be able to access their mails. Database dismounting is nothing but a business impact.

How do you fix it?

You need to replace the Bad Hard drive and restore the recent good backup with good log files, ensuring that you click to clear the Last Backup Set check box in ESM. after restore, run eseutil /mk on log files to check the consistency of the log files and then replay the log files with the database by running a command eseutil /cc /t and hit enter. Then mount the database.

Reply 2)

Apart from dismounting databases, which becomes the extreme case, how else can -1018 impact operation? In other words, what things can’t be done on an Exchange server which is reporting -1018?

Reply 3)

One of the key impact you will notice due to a -1018 error is the inability to conduct online backups. Following is the sequence of events that lead to a -1018 error during an online backup

1) Exchange EDB files (not stm) stores contents in 4 KB pages (8 KB for AD and Exchange 2007)
2) In order to maintain the integrity of the data stored in each page, the system computes a checksum and includes it with the data
3) An online backup operation works by reading each page of the edb file and after verifying the checksum, writes the data to tape (or other media)
4) In case, the checksum at the time of writing does not match at the time of reading during backup, the system will presume that the integrity of the data has been compromised.
5) It will then abort the backup process and write an error in the Application log with -1018

Domain Controller and Global Catalog Scenario

2007-07-17T01:32:00.000-07:00

Scenario:

Lets say we have 100 DCs out of which 60 are GCs. We use a multi-site environment. How to know from a single console, which are the GCs in the domain?

Reply 1)

We can check the GC’s from AD sites and Services.

Reply 2)

This can be achieved by using the Replication Monitor tool (Replmon.exe). This is a tool available from Windows 2003 Support folders. Connect to any domain Controller using ReplMon, and right-click the server name. Choose Show Global Catalog Servers in Enterprise to display a list of all Global Catalog servers in the entire forest.

How to determine if there are duplicate SMTP addresses in Active Directory?

2007-07-17T01:24:00.000-07:00

Reply 1)

If the SMTP address already exists within the organization, Active Directory Users and Computers informs you of this fact via the error message shown below:

Reply 2)

Simplest way to check will be type the address in outlook and hit ctrl+k. If the name get resolved the address is already in list. In case the name is hidden from Gal you can send a test mail with receipt to that address. If you receive the receipt the address is already existing.
Correct me if I am wrong.

Reply 3)

Alright, let me rephrase the question in the correct way.

Lets say we have a Domain Controller named, DC1 in India and another DC2 in US. Both these DCs are in their own AD sites and the replication is configured to happen in 3 hours.

An admin on DC1 is trying to create a user, say User1 with SMTP address of user1@domain.com and at the same time an admin in US is trying to create a user, User1 with SMTP address of user1@domain.com. What will happen when the 2 DCs synchronize?

Reply 4)

Logically Speaking … AD creates a conflicting (CNF:[GUID]) object if it finds the same object because of delay in replication. However as per the document

Duplicated SMTP Address
http://www.microsoft.com/technet/prodtechnol/exchange/guides/ExMgmtGuide/93733b19-b78c-4844-b263-04230026d9b6.mspx?mfr=true

Which says …
==============================================================================================================================================================================
When more than one mail-enabled object in Active Directory has the same SMTP address, the sender of an e-mail to any of those recipients will receive a non-delivery report (NDR) back with an NDR code of 5.1.4. (See Non-Delivery Reports.) The issue occurs because of the multimaster nature of Active Directory, when administrators create multiple mail-enabled objects on different domain controllers using the same SMTP address. If this occurs:
• Check to make sure no duplicated SMTP address exists in Active Directory.
• Consider using the LDAP Data Interchange Format Data Exchange (LDIFDE) tool to export the Active Directory database and search for duplicates.
==============================================================================================================================================================================

It seems .. it will create a Duplicate SMTP … but any one of them will receive an NDR.

Reply 5)

Exactly. Now, lets say we have lots of such duplicate SMTP addresses in our domain, resulting in loads of NDRs being generated. How can we find out which user names have got duplicate SMTP addresses? Any another method than using LDIFDE?

Reply 6)

I think we can also find using CSVDE. I will try to find command.
Correct me if I am wrong.

Reply 7)

You can use DUPSMTP.vbs downloadable from http://www.swinc.com/resources/ to achieve this as well.

Why should Exchange 2003 server not be installed on Windows 2000?

2007-07-17T01:18:00.000-07:00

Reply 1)

Windows 2000 or with sp2 is not equal to Win 2003. To take full advantage and functionality of xchange 2003 you must run it on win 2003. Following is the list of feature of xchange 03 which are only supported on win 03 and not on win 2000.

@ Mount points overcome the 24-drive letter limitation of previous version of windows.
@ Volume shadow copy service for database backup
@ IPSec support for front and back end cluster
@ Cross-forest Kerberos authentication with MS Outlook 03
@ IIS 6 enhanced security and dedicated application mode
@ HTTP access from Outlook 2003
@ Real-time collaboration
@ Microsoft SharePoint Portal Server Web Part

List of function supported only when xchange 03 installed on win 03

@ Support 8-way PIII Xeon Processor
@ Support 8-way P4 XeonMP Processor (Hyper Threaded)
@ Up to 8-node Clustering
@ Mount Point Support.

For more information refer Book 70-284.

Reply 2)

Exchange 2003 requires IIS Version 6 where as in Windows 2000 has IIS Version 5. If you have Windows 2000 with SP3 or later you can install Exchange 2003 on that server.

Reply 3)

Both Exchange 2000 and Exchange 2003 rely heavily on Internet Information Services (IIS) in the Windows Server operating system for all Internet-based protocol services. For Windows Server 2003, IIS was extensively reengineered in accordance with industry best practices for increased system security. IIS in Windows Server 2003 now has two different modes: IIS 6.0 mode and IIS 5.0 compatibility mode. Improvements in IIS 6.0 include new fault tolerance that isolates applications in their own memory space and better protection against spam by disabling Internet Server Applications Programming Interfaces (ISAPI) by default. Additionally, IIS is not installed by default when running setup for Windows Server 2003; it is “locked down” to maximum security when selected for first installation on a server. These architectural design changes to IIS fundamentally change how Exchange and other applications utilize IIS in Windows Server 2003.

With approximately 350 code changes in Windows Server 2003 that affected Exchange, Microsoft determined that it would better benefit our customers to focus development efforts on Exchange 2003 to take full advantage of the new improvements in IIS 6.0, rather than on updating either version of Exchange to run on Windows Server 2003 in IIS 5.0 compatibility mode or Exchange 2000 to work with the new architecture in IIS 6.0. As a result, Exchange 2000 needs to be physically installed on a server running Windows 2000 with Service Pack (SP) 3 to coexist in a Windows Server 2003 environment. Exchange 2003 is fully supported on both Windows 2000 Server and Windows Server 2003 running IIS 6.0.

Reply 4)

Perfect guys, Nilesh mentioned below ‘HTTP access from Outlook 2003’. In case, someone did not understand what is this, it is RPC over HTTP which needs Exchange 2003 to be installed on Windows 2003.

Reply 5)

When I saw this mail from Nilesh, I got really impressed with the searching skills of Nilesh.
Keep up the spirit guys. This discussions are now getting really very informative.
I am enjoying it.

Only one question from my side..
What role IIS 6.0 plays here? Is really IIS6.0 is required to install Exchange 2003 ?
Or it just needs the IIS services running ? 5.0 / 6.0

Please help me to understand this better.
Thanking you all.

Reply 6)

What role IIS 6.0 plays here?
Answer: The following features are available in Exchange 2003 only with IIS 6
1) Exchange 2003 runs in IIS 6.0 as a ‘Worker Process’. What this means is, in case another process or a website on the same IIS server crashes, Exchange 2003 functionality is not impacted.
2) RPC over HTTP will NOT be available with IIS 5.0 since it is a feature of IIS 6.0

Is really IIS 6.0 is required to install Exchange 2003 ?
Answer: No. Exchange 2003 can run on IIS 5.0 as well, but will need .Net Framework and ASP.net to be installed. This is installed automatically during the Exchange 2003 setup on a Windows 2000 server. Refer http://technet.microsoft.com/en-us/library/bb124295.aspx

Or it just needs the IIS services running ? 5.0 / 6.0
Answer: If you are happy with losing out the points mentioned in Answer 1 above, Exchange 2003 can very well run on the HTTP, NNTP and ASP.net services provided by IIS 5.0. Refer to http://articles.techrepublic.com.com/5100-6345_11-5035139.html

Guys, please add more points if relevant. Thanks!

How do we send mail by SMTP Using Telnet Command?

2007-07-17T01:10:00.000-07:00

Reply 1)

Step 1

Connect to the Internet in case you are a dial-up user. Open an MS-DOS prompt, and enter this command:
C:\WINDOWS>telnet mail.monitortools.com 25
This will open a Telnet window, and within a short time, you will be connected to the SMTP server, and the server says:
220 PROTAGONISTNT Mailmax version 4. 8. 3. 0 ESMTP Mail Server Ready
This varies, but you should definitely see the '220' part. It is an indication that the server is ready to service your request.
________________________________________

Step 2

Now the server expects you to identify yourself. If you are a dial-up user, you can enter the name of your computer (the one Windows asks you when you intall Windows) or anything else you want. If you have a domain-name, then you should enter the domain-name here. For eg: computer's name is dell01, so I say:
helo dell01
Note that it is 'helo' and not 'hello'. The commands are not case-sensitive, so you can also say HeLo or HELO or hELo. The server replies:
250 HELO 217.120.215.201, How you can I help?
This is like a shake-hand. You tell the server your name, and it says its name.
________________________________________

Step 3

Next give the server your e-mail address. Note that most SMTP servers require that your e-mail address belong to the same domain as the server. For example, if you send mail from Yahoo! SMTP server, you should have a Yahoo! address. You cannot use it if you give it a Hotmail address. Let me give the SMTP server some e-mail address:
mail from: webmaster@monitortools.com
'mail from:' is a SMTP command. Note that there is a space between 'mail' and 'from', followed by a colon (:). The server says:
250 Ok
________________________________________

Step 4

Tell the server who you want to send the e-mail to. Let me send a mail to info@activexperts:
rcpt to: info@activexperts.com
There are no restrictions here. You can enter any e-mail address. If there is some problem with the recipient-address, your mail will bounce, but for now, the server doesn't complain. It will say:
250 Ok
________________________________________

Step 5

You have told the server your e-mail address, and the recipient's e-mail address, so now you can go ahead and type the e-mail. You have to do that with the data command:
data
The server asks you to go ahead with your e-mail:
354 End data with .
Don't worry with the thing. It'll be explained later.
________________________________________

Step 6

Now type in your e-mail, like this:
This is a test e-mail.
Remember to type it all right. Backspace key doesn't work in Windows
Telnet, though it does in Linux. If you make a mistake, try pressing
CTRL-h. If it works, well and good.
When you finish your e-mail, press [ENTER], then a '.', and again an [ENTER]. This tells the server that you have finished the e-mail, and it can send it. It will say:
250 Ok: queued as 6AB5150038
Your mail was sent!
________________________________________

Step 7

Now you can either send another mail, or disconnect from the server. If you want to send another mail, you should repeat the 'rcpt to:' and 'data' commands. There is no need for 'helo' and 'mail from:', because the server already knows who you are. If you want to disconnect, just say 'quit':
quit
The server will reply:
221 Bye
and you will lose connection with the server

Reply 2)

Introduction

We shall again be using Telnet to talk to our remote server here, like POP. The principle behind sending an email is simple - your local computer connects to the remote mail server, talks to it using SMTP - "Simple Mail Transfer Protocol". When the mail is sent, the session is over and the remote server closes the connection.

When you use an email client like Outlook or Eudora, the mail client does all this for you. It automates the process of talking to your mail server to send and receive emails. But what if you don't have, or don't want to use, a mail client? We can use Telnet!

First choose "Run" in your Start menu and type in Telnet. Telnet is an application that allows us to communicate with remote computers. In this example, we shall be communicating with Yahoo's SMTP mail server. Choose "Remote System" from the "Connect" Menu. This will give you a box, with 3 input boxes. Type in the host name - the address of the mail server. For my Yahoo, the SMTP mail server is at smtp.mail.yahoo.com.

Now about the port: The port is a sort of a "gateway" to a computer. On the internet, each protocol, by convention has one or two port numbers assigned for itself. The HTTP connection is usually done using ports 80 and 8080; while POP transactions are done using port 110. For SMTP, port 25 is used. So type in 25 for the port.

Conversation with the Server

Now Click on connect. Once you're connected to the mail server, the mail server will respond with something like this:

220 smtp017.mail.yahoo.com ready.
Now we need to introduce ourselves to the computer and specify the sender's address. Technically, it is possible to use any SMTP server to send a mail with any server's name as the sender. This is called "Message Relaying". Since almost all servers have this feature turned off, we will simply type in the name of the SMTP server itself. [Note that you will not be able to see what you type.]

HELO smtp.mail.yahoo.com

The server will respond with:

250 Hello smtp.mail.yahoo.com, pleased to meet you.

Now we specify the sender:

MAIL From:
The server replies:

250 ... OK

There are a few observations to be made here - note that you can specify any sender here. So if you wanted to cheat the server and send bogus mail, the SMTP will not stop you - it has no security provisions. To add security, they combine the SMTP with POP authentication. So, you will have to login using the POP protocol once before using SMTP. [See Dec 2001 issue for POP mail]
Also note that whenever the server sends a message, there's a 3 digit code along with it.

For example, when it sends 250, it means that the Transaction's okay. If it's 220, it means Service Ready. If it's 500, it means there's been a syntax error in the command that you sent, and so on. There are lots of these codes, each having a specific meaning.

This is a very useful thing, as mail program using the protocol will not need to read any of the English text - they will simply read the code to understand what the response is.

Now we type in the recipient and the data, and then quit:

RCPT To:

250 ... Recipient ok

DATA

354 Enter mail, end with "." on a line by itself
From: anaplexian@yahoo.com
To: anaplexian@yahoo.com
Subject: Hi there!

This is a test message!
.

250 Mail accepted

QUIT

221 smtp.mail.yahoo.com delivering mail
[connection closed]

Take a look at the format of the email - it had a bunch of details like From, To, and Subject listed, and then I left a line and then started my email. This is because a normal email comprises of minimum two parts, the header and the body, which are separated by a blank line.

The moment you send this email and close transaction using QUIT, the mail server will send the mail off to its destination.

So now we can send email using SMTP, (and receive using POP) all without the use of a mail client or a web browser. Note that the commands we did are only a part of the whole list - there's a lot more you can do with SMTP and POP.

So next time you want to check your mail, do it the cool way - use Telnet!!

SMTP Cheat Sheet

List of Basic SMTP Commands:
HELO: identifies client

MAIL: identifies the sender of the message.

RCPT: identifies the recipient. More than one RCPT command can be issued if there
are multiple recipients.

DATA: To type in the message

QUIT: terminates conversation and closes connection.

What is RAID and what are its different types?

2007-07-17T00:42:00.001-07:00

Reply 1)

RAID: Redundant Array of Independent Disks

The abbreviation for the RAID is Redundant Array of Independent Disks. This RAID by definition stands for the subsystem for the disks. The expectation for using this is the increment in the performance and the value added services in the reliability. The major purpose of the system is to provide the fault tolerance subsystem which can provide efficiency and reliability to the overall performance of the system. The RAID is also used as a server for the reasons mentioned above. The RAID in the earlier history is also implemented by the software to enable the present abilities.

Since the purpose of RAID is for fault tolerant systems hence the design is suited for that purpose. The RAID technology is actually a set of standards. These standards are required to be followed for developing a fault tolerant storage system. The performance also matters a lot here. Hence in the mentioned above paragraph it is said that RAID has been implemented by only the software. The set of standards should be kept in mind before implementing the RAID. This is done using at least two ordinary hard disks and a RAID controller.

The RAID has its origin starting from the year of 1980. At that time it was referred as the Redundant Array of Inexpensive Disks. This was in comparison with the storage system available at that time. The storage devices where quite expensive those days; so the implementation of a secure RAID drives was an important enhancement in the field of storage systems. Presently the prices of the memory whether it is the secondary memory like the hard disk, floppy drive, compact disk or any other storage media as well as the primary memory storage like the RAM etc, are all decreasing day by day. Hence by these statistics the RAID Advisory board modified the parameters from inexpensive to the independent.

The concept of mirroring and parity is also available in the RAID drives. In fact the property of fault tolerance is achieved by the process of mirroring and fault tolerance. The achievement is quite necessary for the purpose of providing a fault tolerant system.

The RAID system may have an altogether different drive for the sole purpose of replacing the drive that is failed or might have crashed. The RAID is drive that is replaced and is in spare is called as the hot spare. The hot drive is used in the case of an emergency where in the drive is the spare part that is used to fill in the gap provided by the crashed systems drive. Such a drive must always be ready and waiting. The physical state of such a drive is of quite importance where in the drive must be made available for the purpose of providing back up to the system. The replacement should be carried out immediately. So after the replacement is carried out now the entire system must be made aware of the fact that the hot spare drive is in use. And also the provision should be made for filling up the gap made by the hot spare drive. This is necessary if the other drives also fail and the condition is also possible even if the hot spare drive itself fails. But the RAID continues to dominate the technology that is used for the implantation of secure systems.

The different types of RAID levels are RAID 0, RAID 1, RAID 3, RAID 5 & RAID 10 levels.

RAID 0, STRIPING:
In this system, the data which is to be written across the drivers are split up in blocks of array.
RAID 0 will offers a superior Input Output performance and the performance can be increased further by using multiple controllers. The advantage of using RAID O is that it offers great performance such as read and writes operations. The Disadvantage of RAID 0 is not fault tolerant.

For Example: If at all the data in one of the disk is lost then all the data in the RAID 0 array will be lost. RAID 0 is designed for non critical storage of data where read and write are at a high speed. For example, it can be used in the Photoshop image retouching station.

RAID 1, MIRRORING:
In RAID 1, the data is stored twice on the data disk and on a mirror disk. If one of the disks fails, the controller uses the data drive or the mirror drive for data recovery. The advantages of using RAID 1 are excellent read speed and a write speed which is very high comparable to that compared to a single disk. If one of the disks fails, data is copied to the replacement disk. RAID 1 is a very simple technology compared to RAID O. The disadvantages of RAID 1 are that the storage capacity is half of the total disk capacity which is present in the system because all data get written twice. RAID 1 is ideally suited for mission critical storage. It is also suitable for small servers.

RAID 3:
In RAID 3 systems, the data blocks are divided into and are written in parallel on two or more drives. The additional drive which is used to stores parity information. Since parity is used in RAID 3 stripe set can handle a single disk failure without losing data. The advantages of RAID 3 are to provide high throughput for large data transfers. The disadvantage of RAID 3 is complex and performance is slower for small Input Output operations.

RAID 5:
RAID 5 is the most common used RAID level.
It is somewhat similar to RAID-3 in which data is transferred to disks by independent read and write operations. RAID 5 arrays can withstand a single disk failure as in RAID 3, without losing data. Extra cache memory can be provided in order to improve the write performance. The advantage of RAID 5 is it reads data transactions are very fast. The disadvantage of RAID 5 is disk failures and this is complex technology.

RAID 10, a mix of RAID 0 and RAID 1:
RAID 10 uses the advantages of RAID 0 and RAID 1 in a single system. Its added advantage helps in proving good security by mirroring all data on a secondary set of disks. The RAID 2, 4, 6 or 7 levels do exist in prepress environments. The advantages of RAID 10 are read data transactions are very fast & it is a very simple technology. The disadvantages of RAID 10 are that is its performance is slower for large transfers.

Reply 2)

RAID stands for Redundant Array of Independent (or Inexpensive) Disks,

There are number of different RAID levels:
Level 0:
Level 0 is a 'striped' disk array without fault tolerance. It provides data striping (spreading out blocks of each file across multiple disk drives) but no redundancy.
Level 1:
Level 1 does 'mirroring' and 'duplexing'. It provides disk mirroring

Level 2:
Level 2 does 'error-correcting coding'

Level 3:
Level 3 is 'bit-interleaved parity'. It provides byte-level striping with a dedicated parity disk

Level 4:
Level 4 is 'dedicated parity drive'. It is a commonly used implementation of RAID

Level 5:
Level 5 is 'block interleaved distributed parity'. It provides data striping at the byte level and also stripe error correction information.

Reply 3)

The distribution of data across multiple drives can be managed either by dedicated hardware or by software. Additionally, there are hybrid RAIDs that are partially software and hardware-based solutions.

Software RAID

Software implementations are provided by most operating systems. A software layer sits above the (generally block based) disk device drivers and provides an abstraction layer between the logical drives (RAID arrays) and physical drives. Software RAID is typically limited to RAID 0 (striping across multiple drives for increased space and performance), RAID 1 (mirroring two drives) and RAID 5 (data striping with parity).

In a multi-threaded operating system (such as Linux, FreeBSD, Mac OS X, Windows NT/2000/XP/Vista and Novell NetWare) the operating system can perform overlapped I/O, allowing multiple read or write requests to be initiated without waiting for completion on each request. This capability makes RAID 0/1 possible in an operating system. However, most operating systems do not support RAID 0/1 striping or mirroring with parity, due to the substantial processing demands of calculating parity].

Software implementations require some very small amount of processing time, which is provided by the main CPU in the host system. Since SCSI, PATA, and SATA drives all support asynchronous read/write, any multi-threaded operating system can support non-parity RAID on multiple hard drives with only a one percent increase in CPU overhead[ .

Software implementations can exceed the performance levels of hardware-based RAID due to the high-performance of modern CPUs]. Since the software must run on a host server attached to storage, the processor (as mentioned above) on that host must dedicate processing time to run the RAID software. Like hardware-based RAID, if the server experiences a hardware failure, the attached storage could be inaccessible for a period.

Software implementations can allow RAID arrays to be created from partitions rather than entire physical drives.

Hardware RAID

A hardware implementation of RAID requires at a minimum a special-purpose RAID controller. On a desktop system, this may be a PCI expansion card, or might be a capability built in to the motherboard. In industrial applications the controller and drives are provided as a standalone enclosure. The drives may be IDE/ATA, SATA, SCSI, SSA, Fibre Channel, or any combination thereof. The using system can be directly attached to the controller or, more commonly, connected via a SAN. The controller hardware handles the management of the drives, and performs any parity calculations required by the chosen RAID level.

Most hardware implementations provide a non-volatile read/write cache which, depending on the I/O workload, will improve performance. Cached RAID controllers are most commonly used in industrial applications.

Hardware implementations provide guaranteed performance, add no overhead to the local CPU complex and can support many operating systems, as the controller simply presents a logical disk to the operating system.

Hardware implementations also typically support hot swapping, allowing failed drives to be replaced while the system is running.

Hybrid RAID

Hybrid RAID implementations have become very popular with the introduction of inexpensive RAID controllers, implemented using a standard disk controller and then implementing the RAID in the controllers BIOS extension (for early boot-up/real mode operation) and the operating system driver (for after the system switches to protected mode). Since these controllers actually do all calculations typically proprietary to a given RAID controller manufacturer and typically cannot span multiple controllers. The only advantages over software RAID are that the BIOS can boot from them, and the tighter integration with the device driver may offer better error handling.

Both hardware and software implementations may support the use of hot spare drives, a pre-installed drive which is used to immediately (and almost always automatically) replace a drive that has failed. This reduces the mean time to repair period during which a second drive failure in the same RAID redundancy group can result in loss of data. It also prevents data loss when multiple drives fail in a short period, as is common when all drives in an array have undergone very similar use patterns, and experience wear-out failures

Reply 4)

Great posts everyone. Few queries that come to mind:

1) What is parity?
2) What are the possible ways of connecting a RAID system to the server?
3) Is there a minimum and maximum “number of disk” limit?
4) What is the difference between Disk Mirroring and Disk Duplexing?

Reply 5)

To gain performance and/or additional redundancy the Standard RAID levels( level 0 to level 5 ) can be combined to create hybrid or Nested RAID levels. Many storage controllers allow RAID levels to be nested. That is, one RAID can use another as its basic element, instead of using physical drives

For example, RAID 10 (or RAID 1+0) consists of multiple level 1 arrays stored on physical drives with a level 0 array on top, striped over the level 1 arrays. In the case of RAID 0+1, it is most often called RAID 0+1

Common nested RAID levels
RAID 0+1: Striped Set + Mirrored Set (4 disk minimum; Even number of disks) provides fault tolerance and improved performance but increases complexity. The key difference from RAID 1+0 is that RAID 0+1 creates a second striped set to mirror a primary striped set. The array continues to operate with one or more drives failed in the same mirror set, but if two or more drives fail on different sides of the mirroring, the data on the RAID system is lost.
RAID 1+0: Mirrored Set + Striped Set (4 disk minimum; Even number of disks) provides fault tolerance and improved performance but increases complexity. The key difference from RAID 0+1 is that RAID 1+0 creates a striped set from a series of mirrored drives. The array can sustain multiple drive losses as long as no two drives lost comprise a single pair of one mirror.
RAID 5+0: A stripe across distributed parity RAID systems
RAID 5+1: A mirror striped set with distributed parity

Also we can refer to following link for more info on nested array:
http://en.wikipedia.org/wiki/Nested_RAID_levels

Reply 6)

If the storage box is external, it can also have a Fibre interface. Also other option is the create virtual LUNs in SANs and then use RAID.

Reply 7)

1) What is parity?

Parity — Redundant information that is associated with a block of information and used to Rebuild a disk that has failed.

- RAID 5 arrays map data and parity intermittently across a set of disks. Within each stripe, the data on one disk is parity data and the data on the other disks are normal data. Therefore, RAID 5 arrays require at least three disks to allow for this Parity information. When a disk fails, the Array Manager software uses the parity Information in those stripes in conjunction with the data on the other disks to re-create the data on the failed disk.

2) What are the possible ways of connecting a RAID system to the server?

Possible ways of connecting RAID system is SCSI.
SCSI — Acronym for small computer system interface, which is a type of interface between a system and devices such as hard drives, diskette drives, CD drives, printers, scanners, and other peripherals.

3) Is there a minimum and maximum “number of disk” limit?

4) What is the difference between Disk Mirroring and Disk Duplexing?

Disk duplexing is a variation of disk mirroring in which each of multiple storage disks has its own SCSI controller. Disk mirroring (also known as RAID-1) is the practice of duplicating data in separate volumes on two hard disks to make storage more fault-tolerant. Mirroring provides data protection in the case of disk failure, because data is constantly updated to both disks. However, since the separate disks rely upon a common controller, access to both copies of data is threatened if the controller fails. Disk duplexing overcomes this problem; the use of redundant controllers enables continued data access as long as one of the controllers continues to function.

This failover method helps to ensure that data access will continue transparently to the user and allows technicians to take the server down to replace the defective controller at a more opportune time, instead of at the moment of failure. The ability to choose when the server comes down can be very advantageous, because -- in accordance with Murphy's Laws of Information Technology (Law of Inconvenient Malfunction) -- a device is likely to fail at the least opportune possible moment. Nevertheless, some experts advocate other systems (such as higher level RAID configurations) that don't require taking the server down to replace defective hardware.

Another benefit of disk duplexing is increased throughput. Using a technique known as a split seek, whichever disk can deliver the requested data more quickly responds. Multiple requests may also be split between the disks for simultaneous processing.

Reply 8)

I think already everyone is aware about the RAID.
Though I would like to add some images which will be more helpful in understanding of RAID Functionality.

RAID 0

RAID 1

Below we are looking at the RAID 1+0 i.e. RAID 10. Please find the exact description for this diagram in anjum’s Email.

RAID 4

RAID 5

RAID 5 divides the data and creates parity information similar to RAID 4, unlike RAID 4 the parity data is written separately across multiple disks.

RAID 6

RAID 6 deploys two parity records to different disk drives (double parity) enabling two simultaneous disk drive failures in the same RAID group to be recovered.

Why is ICMP considered dangerous?

2007-07-17T00:16:00.000-07:00

Reply 1)

ICMP is the protocol used by the ping command. Why is it considered dangerous and recommended to be banned by network administrators?

Reply 2)

ICMP Overview –
The Internet Control Message protocol was originally created to allow the reporting of a small set of error conditions. However it is used to implement a wide range of error-reporting, feedback, and testing capabilities. It is a companion protocol added to IP to overcome the flaws in IP like connectionless, unreliable, and unacknowledged. ICMP provides support to IP that allow different types of communication to occur between IP devices. These messages use a common general format and are encapsulated in IP datagrams for transmission. The key concept is in TCP/IP, diagnostic, test, and error-reporting functions at the internetwork layer are performed by the ICMP. The original version, now called ICMPv4, is used with IPv4, and the newer ICMPv6 is used with IPv6. I found a table but have no idea what it says can anyone explain to me. I will research bit more on this.

Table 31-1:

Reply 3)

It’s dangerous because so called term “ping of death ” … which means thousands of ping simultaneously …. may be because of a virus …. can affect .

Reply 4)

Yeps, the primary reason to block ICMP is to avoid any sort of compromise in terms of security of the network. Unblocking ICMP makes life of a hacker very easy to intrude the environment. Secondly, network traffic also increases as ICMP echo is sent to each host on the network in order to identify the open port.

If one does not want block ICMP then NAT (Network Address Translation) might be used which allows only specific IP addresses to connect to the target machine. For instance, if Group policies are not applying due to slow link detection then, ICMP is required to check if any packets are being fragmented.

For more information, refer http://www.microsoft.com/technet/technetmag/issues/2005/01/AnatomyofaHack/

Reply 5)

ICMP can be dangerous because Hackers can use it to map & attack networks. So it needs to be restricted.

Reply 6)

IPSec (IP Security policy) can also be used to block certain ports and protocols. They can allow or deny the incoming/outgoing traffic to target machine.

Reply 7)

Very correct. Following are some reasons which add up to already discussed points in the forum and some are new

1) ICMP can be used to launch Denial of Service attacks (DoS). Mihir touched upon this earlier. This works by overloading a server with a particular (ping) request, in such a way, that the server cannot process anything. Thereby, it is not able to serve its primary goal, of maybe a web server or an Exchange Frond End server. One example of this is Smurf. Someone, please provide some details on this if possible.
2) Using ICMP, hackers can get too much information about a system. This was designed to help troubleshoot network issues, but using it in the wrong way can mean misusing the information. Hackers use the information gained from ICMP to impersonate other systems. Example, SPAM and virus mails are generally never distributed from the spammers or virus creators machines.
3) To make matters work, ICMP was not designed to use authentication. Hence it is all the more vulnerable
4) ICMP also provides OS Fingerprinting. This means that using ICMP, it is possible to know what OS is installed on the target machine. So, the hacker knows that a particular machine has Windows 2003 and using the port scanning feature of ICMP, he can also know which services are running over which port. If he has an exploit ready for this, then God save your server. Hence it also becomes important to install the critical patches released by Microsoft, since they patch the vulnerabilities which they know exist and are known to hackers.