Conrad Agramont's WebLog

Moved to:

January 2005 - Posts

ISA SSL Capacity Planning

I don't really blog much about ISA, but I thought the following link is extremely useful if you're deploying Exchange with OWA and/or RPC over HTTP.  Both of which requires SSL in a production environment.  If you have ISA as a part of that mix, then this article is a MUST READ!!

[Found out about this via another blog post:]

Posted: Jan 28 2005, 10:04 AM by Conrad | with no comments
Filed under:
MPS: Provisioning Client Event Log Errors (4608)

During normal MPS/MPF operations, you may see the following Entry in the Event Log:

Event ID: 4608
Source: Provisioning Client

A failure occurred while connecting to the configuration database. Previously cached configuration settings will be used.

Connection String = 'server='sql01';database='MPFConfig''.

SQL server reported errors:
Login failed for user 'MYCOMPANY\IIS01$'.

For more information, see Help and Support Center at

This is a very common issue.  There is no need to worry or take action on this error.

The MPF Client gets information on available MPF Engines and setting by connecting to the MPFConfig Database (this is stored in a registry key).  Peridodically (not sure of what the time frame is), the MPF Client will try to refesh the data in it's registry (this is a duplicate of what's in the MPFConfig database) with the data in the MPFConfig Database.  If the user submitting the request doesn't have the appropriate rights to connect to the MPFConfig database, then this error will be written to the Event Log and the request will continue to be processed based on the data already in the Registry (which includes information on MPF Engines).

So in the above Event Log error example, the Active Directory Object "IIS01$", which is a Machine Account" was trying to access the MPFConfig database but failed because it doesn't have access.

So how DO you refresh the database table?  Well, you'd have to submit a request (any request will do) to MPF with a user account that has access to the MPFConfig database.

Posted: Jan 25 2005, 03:18 PM by Conrad | with no comments
Filed under:
Disable OMA via Hosted Exchange

In a post to the Hosted Exchange forum (, a user had the following issue:


One of my requirement is to create a plan that will disable the OMA and ActiveSync features. What I have done was to disable the OMA feature in the plan as follow:-

<featureDescription>Outlook Mobile Access</featureDescription>

After I have created the user with this plan, when I viewed the user properties in Active Directory Exchange Task - Mobile Services, it displays as follow:-

Outlook Mobile Access - Enabled
User Initiated Synchronization - Enabled
Up-to-date Notification - Disabled

When I try to access the user mailbox using my mobile device, I can access OMA and also run activeSync with the user account.

The disable OMA feature, seems like not functioning properly, and it only disable the "Up-to-date Notification".


The answer to this is pretty simple.  The value that is being set in the <featureValue> node is actually being directly written to the associated users object in the msExchOmaAdminWirelessEnable attribute.

So with a little bit of playing around, here are some various values that enable the listed features (X represents an enabled feature):

msExchOmaAdminWirelessEnable Outlook Mobile Access User Initiated Synchronization Up-to-date Notification
0 X X X
1 X X  
2   X X
3   X  
4 X   X
5 X    
6     X

So in order to get what you're looking for, try setting "7" for the value of featureValue.

SQL Server Web Data Administrator

For those that might have not noticed or been aware of this tool, there is a Web based utility from Microsoft that allows you to manage a SQL Databases.  It provides both Integrated Authentication and SQL Authentication for logon and enables you to create, manage, and delete databases.

It also includes support for

  • Tables - Create, Edit, Delete, and Manage Properties
  • Stored Procedures - Create, Update, Delete, and Manage Properties
  • Queries - Adhoc Queries
  • Users - Assign rights to database objects
  • Rolese - Manage Roles

BTW, this component is also in the Microsoft Solution for Windows based Hosting 3.0, but it includes some "Tweaks" and documentation to make it more hostable.

Posted: Jan 20 2005, 02:51 PM by Conrad | with no comments
Filed under:
Microsoft Log Parser 2.2

As soon as I make a post on Log Parser 2.1, Microsoft then releases Log Parser 2.2!

Here are some interesting things I've found in this thus far (I'm sure I'll find more later):

  • No "Native" .NET Support or Wrapper.
  • There is a C# Sample, but there is only one and it doesn't provide lots of detail on how to do other things with the Log Parser via .NET.
  • There are a lot of new Input types including (XML, Actie Directory, Registry, Netmon, and more)
  • Command-Line Utility provides the ability to dynamically create a pie chart based on results (it's a GIF file)

Here is a link to download Log Parser 2.2

Posted: Jan 20 2005, 10:17 AM by Conrad | with 1 comment(s)
Filed under:
OWA Customization and Hosted Exchange

This post has moved:

Posted: Jan 19 2005, 03:58 PM by Conrad | with no comments
Filed under: ,
Did you know?

That you can't fully manage an IIS 6 server via Windows XP using the Internet Information Services Manager (the MMC to manage IIS) that ships with Windows XP?

You can resolve that issue by installing the IIS 6.0 Manager for Windows XP.

This is due to an issue with the version of the IIS Namespace for ADSI installed on the Windows XP machine and the updated version of that API that's in Windows 2003 for IIS.  I think it's actually a WMI thing...I can't remember, but either way if you download and install the tool you should be all set.

Posted: Jan 19 2005, 01:30 PM by Conrad | with no comments
Filed under:
IIS Resource Kit

This has been out for a while, but worth noting.

IIS 6.0 Resource Kit:

This is mainly the documentation portion of the Resource Kit.  It's got LOTS of great information about managing and securing your IIS Servers.  It's a lot to go through, so mostly it's a reference guide or something to poke around in as you get curious on certian areas.

IIS 6.0 Resource Kit Tools :

This includes about 14 handy tools for IIS 6, but the ones that I think are the best are:

  1. Log Parser
  2. Metabase Explorer
  3. RemapURL
  4. IIS 6.0 Migration Tool 1.0 (Version 1.1 is now available via a seperate download:




Posted: Jan 19 2005, 01:21 PM by Conrad | with no comments
Filed under:
Exchange OWA Admin Tool Evaluation/Feature List

I finally taken a bit of time to evaluate the Exchange OWA Admin tool, but I finally did it and here are my thoughts.

First, here is a link to my previous post on the tool: Exchange OWA Admin Tool

So here is the quick breakdown of the installation:

  1. Installation was very simple and quick
  2. OWA Admin requires that it must be on a site that has SSL enabled for it to work.  The good news is that if you don't have one for your site (say it's for lab use), it will create a temp one for you.  Now the ReadMe documentation says that this should not be installed on a forward facing server which makes sense, but then you start wondering why the big push to force SSL?  I guess to protect those that put it on a forward facing server anyways.  Either way, it's not a bad requirement, but something to be mindful of.
  3. After you install it, it didn't really say what the URL was to access the OWA Admin site.  So I took a guess and went to https://localhost/owaadmin/ .  It worked!
  4. Again, if you're site doesn't have SSL, it will have created a temporary one and associated it with the "Default Website".  So when you first go tot he URL, it will prompt you to accept the Temp SSL as it isn't a "Trusted" certificate.

Here is a list of the features found in the OWA Admin Tool:

  1. You can select from a drop-down list which OWA server you'd like to manage.
  2. Address Book - Set the Maximum number of entries (e.g. Users, contacts, distribution lists, etc.) that are returned during a search.
  3. Attachment Handling - Provide the ability to Disable Attachments (Allow all attachments (default), Allow attachment access through back-end servers, and Do not allow attachments).  You can also specify if you want a specific Front-End server to be the "pass through" for all attachments.  You're also able to define what File Types are disallowed.  There is already a long list, but you can add or remove file extensions from that list.
  4. Automatic Signature - Here you can define that Maximum Signature Length that a user can have.  The default is 4096.
  5. Character Handling/Encoding - This section will allow you to select from a collection of settings that help OWA determine how it should handle localization (Use Regional Charcter Set, Disable NCR Conversion (Default: No), Use GB18030(Default: No), Use ISO-8859-15 (Default: No),
  6. Client Notifications - This section allows the administrator to set how often the OWA Client will poll the server for updates (New Mail Notification Interval (Default: 2 minutes), Reminder Polling Interval (Default: 9 minutes))
  7. Forms based Authentication - This section enables the administrator to set time out and SSL options (Public Client Timeout (Default: 15 minutes), Private Client Timeout (Default: 1440 minutes), and Allow SSL Offloading (Default: No).  The Allows SSL Offloading is an interesting features, because it disables the requirement to run OWA via SSL if Forms Authentication is enabled.  This is great if you have a Hardware based SSL Solution that sits in front of your OWA Server.
  8. Junk E-mail - This section allows you to configure how OWA should handle Junk Email settings. (Maximum Junk E-mail Contact Addresses (Default: 10000), Maximum Blocked Junk E-mail Senders (Default: 1024), Maximum Junk E-mail Safe Recipients (Default: 1024), Maximum Junk E-mail Safe Senders (Default: 1024), Advanced Junk E-mail Support (Default: No)
  9. Public Folders - This section enables the administrator to define how Public Folders will be handled by OWA (Resolve Foreign Users (Default: No), Maximum Public Folder Attachment Size (Default: 1024KB))
  10. Security - This section enables the administrator to define the various security aspects used by OWA (User Context Timeout (Default: 60 minutes), Enable Change Password ((Default: No), Enable Basic Authentication to Back-End Server (Default: No), Enable SMTP Address Mailbox Access (Default: Yes), Enable Logoff Warning (Default: No))
  11. Spell Check - This section defines all areas of Spell Check (Maximum Spell Check Document Size (Default: 100 KB), Maximum Spell Check Errors Per Item (Default: 1024), Maximum Simultaneous Spell Check Requests (Default: 64), Maximum Unique Errors (Default: 256), Disable Spell Check on Send (Default: No), and Update Spell check Language List (Default: No))
  12. S/MIME - This is a collection of all S/MIME feature settings (Check CRL on Send (Default: No), Distribution List Expansion Timeout (Default: 60000 milliseconds), Use Secondary Proxies when Finding Certificates (Default: Yes), CRL Connection Timeout (Default: 60000 milliseconds), CRL Retrieval Timeout (Default: 10000 milliseconds), Disable CRL Check (Default: No), Always Sign (Default: No), Always Encrypt (Default: No), Clear Sign (Default: Yes), Includes Certificate Chain Without Root Cert (Default: No), Include Certificate Chain and Root (Default: No), Encrypt Temporary Buffers (Default: Yes), Signed E-mail Certificate Inclusion (Default: Yes), BCC Encrypted E-mail Forking (Default: One Envrypted message per BCC), Include S/MIME Capabilities in Message (Default: No), Copy Recipient Headers (Default: No), Only use Smart Card (Default: No), Triple Wrap Encrypted Mail (Default: No), S/MIME Encryption Algorithms (Default: 3DES - 168 bit-key), Use Key Identifier (Default: No))
  13. Tasks - This section defines the length of days and weeks that are defined as work days/weeks throughout the entire organization (Minutes in a Day (Default: 480), Minutes in a Week (Default: 2400).
  14. User Privacy - This section defines how OWA will handle external content embedded in an email message (Content Filtering Options (Default: Show filtering as an option to the user in the options page) and Filtering Mode (Default: Display filtered images as clear gif files).
  15. View Settings - This section defines the number of default rows show in OWA (Maximum View Rows (Default: 100))
  16. Apply a default theme to this server - This section allows an administrator to select a common OWA theme to be used.
  17. Server Wide Feature Support - Here you can specify which features OWA will make available (Calendar, contacts, task, journal, notes, Public Folders, Reminders, New mail pop-up, Premium Client (e.g. rich text editing),  Spell Checking, S/MIME, Search Folders, Auto Signature, Rules, Themes, and Junk E-mail filtering)

I admit that some of the features (And title of the sub-features) may not be that helpful in understanding exactly what each feature does.  But I think it's enough to give you of an idea of what's there and interests you enough to look into it a bit more.  All of the feature adjustments made through this tool could be done without the tool via registry edits, but who wants to take on that risk?

So after looking at this tool a bit closer, I think that this is a vital tool to any organization or Service Provider deploying Outlook Web Access (OWA).  There is a large number of options that allows the administrator to customize which features should be exposed via OWA and also set their behavior.

Posted: Jan 19 2005, 03:11 AM by Conrad | with 3 comment(s)
Filed under:
IIS Logging & Analytics

During this past weekend, I spend a few hours taking a look at the IIS Resource Kit utility, "Log Parser".  What I was most interested in was the ability to use it to provide some "Real Time" information about sites.

So here is a quick list of the information I wanted to get back:

  1. Hits per site
  2. Hits per virtual directory
  3. Hits per page/item
  4. Network Traffic per site (and by dates)
  5. Network Traffic per directory (and by dates)

Now the Log Parser only has 2 ways to interact with it:

  1. Command-line Utility
  2. COM Object (aka DLL)

So to further my experiment with this, I wanted to be able to call the Log Parser DLL via a .NET Application.  So I created a .NET Class that used .NET Interop to communicate with the DLL.  Now in the past, you could take a look at some code written in javascript (which is the language used to run it via Windows Script Host) and translate that to .NET.  But this turned out to be a bit more difficult.

Well I figured out how to finally do this and now I have my final result.  I'm able to use the Log Parser via .NET and get the per site information that I needed.

The next step is to build more logic into my new .NET Class Library to interact with the Log Parser and provide additional functionality beyond what the Log Parser does.  I figure this could be a really cool utility to help us out on customer engagements or just give to some of our "loyal customers" as a neat utility.

Posted: Jan 19 2005, 02:01 AM by Conrad | with no comments
Filed under:
More Posts Next page »