This article help me a lot when i try to tracking a problem when sending email
Last week our exchange server drive C hard drive space, growth abnormally. We’re using windows server 2003r2.
After analyze all folder in drive C, I found that the c:\windows\system32\logfiles\W3SVC1 have the biggest space in drive C.
Because I don’t know if the log in folder can be deleted, so I googling the solution and I found this solution.
After do the solution (deleted the file using scheduler) my hardisk capacity becomes free by 50%.
Hope this workaround will help some people.
Accidentally I deleted the folder called office information in outlook, and it is an important folder to give user information about office in my organization.
After searching from google I found a tools to restore folder from public folder in exchange 2003.
The tools called PFDAVAdmin.exe, you can download it from here
And for the steps you can do the following step (based on Microsoft kb 924044)
For the step 1 : download the tools
Step 2: Recover a deleted public folder
Move to the PFDAVAdmin folder, and then double-click the PFDAVAdmin.exe file.
On the File menu, click Connect.
- In the Exchange server box, type the name of the Exchange server to which you want to connect.
In the Global Catalog box, type the name of the global catalog server. To find out the global catalog do the nslookup like this
- If it is required, click to clear the Authenticate as currently logged-on user check box. Type an appropriate user name, password, and domain in the respective boxes.
- In the Connection area, click Public Folders, and then click OK.
- Expand Public Folders, and then click the parent folder of the deleted folder.
- Right-click the parent folder, and then click Show deleted subfolders. The deleted subfolder is shown in red.
- Right-click the subfolder, and then click Recover folder.
- Click OK to acknowledge the Recovery succeeded message. The recovered folder name appears as Folder_NameRecovered.
- Test access to the folder by using an e-mail client.
- In Exchange System Manager, right-click the recovered folder, and then rename the folder.
Step 3: Recover a deleted item
In PFDAVAdmin, open the folder that contains the deleted item.
- Click the Items tab, and then click Deleted items.
- Right-click the item that you want to recover, and then click Recover items.
- Click OK to acknowledge the Recovering these items message.
Hope it help J
Yesterday, i had a problem with email server(exchange 2003). The problem are corrupt database. I’m trying to googling a solution to repair the database, and I found one link that make repairing the database so simple. So, here are the steps I follow at their simplest/most technical along with a few useful resource links.
ESEUTIL /MH to check for dirty shutdown
- ”c:program files/exchsrvr/bin/eseutil.exe” /mh priv1.edb
- If the state is ‘Dirty Shutdown’, you’ll need to move on to repair efforts. If this is a recovery effort to a new server or your logs are bogus, make sure your MDBData folders, etc. only have the necessary EDB/STM files and no logfiles (move ‘em elsewhere)
ESEUTIL /P to repair (this takes a while)”c:program files/exchsrvr/bin/eseutil.exe” /P priv1.edb
ESEUTIL /D to defrag (this takes even longer)”c:program files/exchsrvr/bin/eseutil.exe” /D priv1.edb
Repeat steps above for all of the databases you have (including your PUB as well).
- Start Exchange Information Store
- ISINTEG -s SERVERNAME -FIX -test allfoldertests (run until no errors or fixes, then replace -pri with -pub)
- Perform another ESEUTIL /MH to check for clean shutdown
Reference Link :
- ISINTEG Reference: http://support.microsoft.com/kb/182081
- ESEUTIL Reference: http://msexchangeteam.com/archive/2004/06/18/159413.aspx
- Exchange 2003 Disaster Recovery Switch:http://www.petri.co.il/exchange_disasterecovery_switch.htm
- Exchange 2007 Recover Server Switch: http://www.msexchange.org/tutorials/Recovering-Exchange-2007-Server-RecoverServer-switch.html
- Using ESEUTIL and ISINTEG together: http://www.msexchange.org/tutorials/Exchange-ISINTEG-ESEUTIL.html
This spambot had attacked my company network, and it make my email server (exchange 2003) IP address get blacklisted. The effect of this spambot are outbound email from my company email server was blocked to send email outside my organization . It can be seen in the picture below, mostly queue connection in email server getting the retry status.
To check the ip address that getting the blacklisted, I’m using 2 website :
To solved this problem, I’m creating a new firewall rules in my trend micro office scan server. And this firewall will blocked :
- Port 25 to all client workstation
- And an Ip addresses that I found in cbl.abuseat.org. The ip address are 126.96.36.199
After 2 days waiting, finally the culprit are found. There are one computer that making connection continously to ip addresses 188.8.131.52. To cleanup this computer, the first thing I must do is disconnect the connection from this computer. After that, I deleted manually the spambot because my antivirus cannot detect it and make sure there is no more spambot in this computers.
To make sure the spam bot has gone, I checked the ip address reputation on the senderbase.org and thanks god it’s show that my ip reputation are good 😀