Published on August 9, 2007
MSG350Life of an E-Mail Message: MSG350 Life of an E-Mail Message Kevin Laahs Principal Consultant Advanced Technology Group HP Services Objectives: Objectives Raise awareness of various files, registry settings, and other items that influence an end-user’s Microsoft Office Outlook 2003 experience Understand the components of the transport system that are involved for successful message delivery and their roles Agenda: Agenda Client-side issues: From creation to sending Connection issues: What if I cannot connect to my mailbox? Transport issues: From receipt to delivery Monday Morning at 09:00: Where do these unread counts come from, and are they correct? Monday Morning at 09:00 Is It Correct?: Multiple applications update these keys Outlook, Outlook Express, Hotmail (using Messenger) Count included if TimeStamp within last 3 days Can set MessageExpiryDays to control: set to 0 to remove the unread mail count Is It Correct? Logonui.exe (workgroup systems only) reads MessageCount value from multiple registry keys User Starts Outlook: User Starts Outlook Outlook requires a profile: where is it stored? HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles (Microsoft Windows XP, Windows 2000 Server, Windows NT 4.0) HKCU\Software\Microsoft\Windows Messaging Subsystem\Profiles (Windows Millennium Edition, Windows 98, Windows 95) Multiple profiles possible Control Panel or Mail DefaultProfile value in key for default profile to use HKCU\Software\Microsoft\Exchange\Client\PickLogonProfile Many utilities for creating or manipulating profiles Outlook /importprf, /cleanprofile, /profiles Third-party tools, such as Profilemaker from desktopstandard Custom Installation and Maintenance Wizard (Office Resource Kit) What’s Inside an Outlook Profile?: What’s Inside an Outlook Profile? Many, many items! Multiple services are contained within a profile E-mail accounts Exchange Server, POP, IMAP, HTTP, and others Address books Outlook, personal, Lightweight Directory Access Protocol (LDAP) Personal folder file (.pst file) and offline folder file (.ost file) settings Location of files, type of files Outlook client settings Cached mode, connection state, time-outs, and others Outlook Profile Format: Profile Services and Accounts MAPI property mappings - types and ids Bit flags and string values Outlook Profile Format Profile Registry Example Is a .pst file in use?: Profile Registry Example Is a .pst file in use? MAPI property PR_PST_PATH Hexadecimal value andamp;H6700001F 001F indicates type (Unicode PR_STRING8) 6700 indicates MAPI ID So mapping value in registry is 001F6700 But which service do we look in? Profile Registry Example Is a .pst file in use? (cont’d): Profile Registry Example Is a .pst file in use? (cont’d) Which of these services have something to do with personal folder files? Profile Registry ExampleIs a .pst file in use? (cont’d): Profile Registry Example Is a .pst file in use? (cont’d) Each service within a profile has a GUID Some services have well-known GUIDs Exchange global settings is 13dbb0c8aa05101a9bb000aa002fc45a Outlook client settings is 0a0d020000000000c000000000000046 Others you need to find using something you know about the service! For example, service Name (001F3D09) for .pst files is MSPST MS Slide12: Outlook Appears: Outlook Appears From where am I viewing my mailbox details? Cached offline folder file, online store, or personal folder file? Offline Folder Files: Offline Folder Files By default, created in the Windows profile Local settings\application data\microsoft\outlook\outlook.ost Mapping in MAPI profile for location is 001F6610 (PR_PROFILE_OFFLINE_STORE_PATH) So could I replace this with someone else’s .ost file or create a new MAPI profile and point it to someone else’s .ost file? Offline folder files are encrypted using EntryID EntryID in MAPI profile, mailbox, and .ost file A new MAPI profile needs to connect to mailbox to retrieve EntryID Multiple MAPI profiles can point to same .ost file, assuming they also point to same mailbox! If you re-create the server mailbox, a new .ost file has to be created because EntryID changes Multiple users and multiple profiles result in multiple .ost files Offline Folder File Recovery: Offline Folder File Recovery Offline folder file recovery utility available from http://www.officerecovery.com/exchange May be useful for orphaned .ost files. Microsoft tools scanost and scanpst also available User Creates Message: Where does this drop-down list come from? User Creates Message Profile Specific Nickname File: Profile Specific Nickname File Stored in Windows profile \Application Data\Microsoft\Outlook\andlt;profilenameandgt;.NK2 Resolving Addresses: Resolving Addresses Typically resolve against Outlook address book and global address list (GAL) Outlook address book is per Outlook profile (service name CONTAB) Contains contact folders from personal mailbox and public folders GAL is effectively per mailbox Can create multiple GALs and can use permissions to control access Cached mode and disconnected or offline Public folders will only be used if you have synchronized your public folder favorites into your offline address file GAL is only available if you have previously downloaded an offline address book Offline Address Book Do I have one?: Offline Address Book Do I have one? View properties of GAL Folder or global catalog By default, files stored in Windows profile \Local Settings\Application Data\Microsoft\Outlook Beware multiple MAPI profiles pointing at different Exchange organizations! Six files (u)*.oab Could be large, HP andgt; 200 megabyte (MB) Can change location using 001E660E mapping in Exchange service Offline Address Book (OAB): Offline Address Book (OAB) Where does it come from? Offline address list server (OALGen part of System Attendant) Creates and posts files into system folder Multiple offline address lists possible Associate individual address lists with each offline address list Associate offline address lists with mailbox store or individual user (msExchUseOAB attribute) Creates Changes.oab for differential downloads Full download if andgt; x% changes (default is one-eight) Controllable through client registry key See KB article 843483 OAB: Common Issues: OAB: Common Issues Trouble? Increase logging on MSExchangeSA and offline address list generator Check public folder replication Improved logging with Exchange Server 2003 Service Pack 1 Contents up-to-date? By default OALGen runs daily OALGen can take time to complete! Multiple versions of each offline address book could be required Contents need to replicate to an available public folder Outlook 2003 requests updates once every 24 hours Can control offline address book download through various registry keys (and group policy) Can throttle server if it is servicing too many offline address book requests http://www.microsoft.com/technet/prodtechnol/exchange/guides/OfflineAddressGuide/86f692aa-7242-49c3-a5a5-db4aa0e7cab7.mspx See K B article 843483 for client logging details User Sends Mail: User Sends Mail Typical synchronization order Server inbox, hierarchy, local outbox, local sent mail Server inbox headers, hierarchy, local outbox, local sent mail, server inbox full Use connection manager to watch what is going on CTRL+click Outlook icon in system tray Local mailbox tab Troubleshooting Synchronization logs in mailbox Tools/Options/Other/Advanced Options/Mail Logging File created in %userprofile%/local settings/temp/OPMLog.log (OPM=Outlook Protocol Manager) Only logs for cached mode and POP3 Appears to only log outgoing messages For more details, see KB article 300479 Event log SP1 introduces calendar logging Agenda: Agenda Client-side issues: From creation to sending Connection issues: What if I cannot connect to my mailbox? Transport issues: From receipt to delivery I Cannot Connect to My Mailbox!: I Cannot Connect to My Mailbox! Are you on the network? Check your client connection settings and LAN adapter status ipconfig/all Can you reach your Exchange server? Exchange server name determined from profile (001f662a) Can you ping the server? Check pings are not suppressed by firewall! Are there name resolution problems? Try replacing the server name in the profile with an IP address and issuing Check Name Nslookup tool and check Hosts file If there are resolution problems check connectivity to the DNS server The majority of connection problems are due to name resolution issues I Cannot Connect to My Mailbox!: I Cannot Connect to My Mailbox! Are you on the network? Check your client connection settings and LAN adapter status ipconfig/all Can you reach your Exchange server? Exchange server name determined from profile (001f662a) Can you ping the server? Are there name resolution problems? The majority of connection problems are due to name resolution issues Server is Available but I Still Cannot Connect: Server is Available but I Still Cannot Connect Are remote procedure calls (RPCs) getting through? If Check Name succeeds, RPCs are reaching the server Use RPing utility Run Rpings.exe on the server and Rpingc32.exe on the client Run against store and admin endpoints Use RPCDump to verify Exchange services registered on server Are ports blocked on the firewall or router? Client access to port 135 is required and the dynamic port range 1024-65535 is also required You can check which ports are in use on the client and server using Netstat –an -o Other Issues: Other Issues Check for obvious server issues Exchange services not started Entries in the event log Is the store blocking logons? HKLM\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem Value: Logon Only As (DWORD 1 = block access) Value: Trace User LegacyDN (String) Are MAPI logons being blocked? Different versions of Outlook can be controlled HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem Value: Disable MAPI Clients Type: REG_SZ (string) Troubleshooting Connections: Connection type available with Windows Management Instrumentation (WMI) counters ClientMode property Details available at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/e2k3/e2k3/_wmiref_cl_Exchange_Logon.asp Troubleshooting Connections Administrator can determine the mode for Outlook 2003 connections Classic online (1) Cached (2) How and Where am I Connecting?TCP or RPC?: How and Where am I Connecting? TCP or RPC? Answers available with Outlook connection status Troubleshooting: Troubleshooting Enable tracing on the client HKCU\Software\Microsoft\Office\11.0\RPC RpcTraceEnable DWORD: Value '1' Disable automatic transport failover DisableRpcTCPFallback DWORD: Value '1' Troubleshooting RPC Over HTTP: Troubleshooting RPC Over HTTP Use the RPCPing utility (see KB article 831051) First establish if you can reach the RPC proxy server rpcping -t ncacn_http -s andlt;ExchangeServerandgt; -o RpcProxy=andlt;ProxyServerandgt; -P 'User,domain,*' -I 'User,domain,*' -H 1 -u 10 -a connect -F 3 -v 3 -E -R default Then try to reach the Exchange server rpcping -t ncacn_http -s ExchangeServer -o RpcProxy=ProxyServer -P 'User,domain,*' -I 'User,domain,*' -H 1 -u 10 -a connect -F 3 -v 3 -R default rpcping -t ncacn_http -s ExchangeServer -o RpcProxy=ProxyServer -P 'User,domain,*' -I 'User,domain,*' -H 1 -u 10 -a connect -F 3 -v 3 –e 6001 Use RPCDump to determine if the default port settings have changed Key -t protocol sequence -s server address -o binding options -P proxy authentication options -I authentication identity -H HTTP authentication scheme 1=NTLM -e port (6001 or 6004) -u security package provider 10=NTLM -a authentication level -F RPC/HTTP Front-end authentication flags -v verbose mode -E echo from RPC proxy -R local HTTP proxy Troubleshooting RPC Over HTTP: Use the RPCPing utility (see KB article 831051) First establish if you can reach the RPC proxy server rpcping -t ncacn_http -s andlt;ExchangeServerandgt; -o RpcProxy=andlt;ProxyServerandgt; -P 'User,domain,*' -I 'User,domain,*' -H 1 -u 10 -a connect -F 3 -v 3 -E -R default Then try to reach the Exchange server rpcping -t ncacn_http -s ExchangeServer -o RpcProxy=ProxyServer -P 'User,domain,*' -I 'User,domain,*' -H 1 -u 10 -a connect -F 3 -v 3 -R default rpcping -t ncacn_http -s ExchangeServer -o RpcProxy=ProxyServer -P 'User,domain,*' -I 'User,domain,*' -H 1 -u 10 -a connect -F 3 -v 3 –e 6001 Use RPCDump to determine if the default port settings have changed Troubleshooting RPC Over HTTP Troubleshooting RPC Over HTTP (cont’d): -t protocol sequence -s server address -o binding options -P proxy authentication options -I authentication identity -H HTTP authentication scheme 1=NTLM -e port (6001 or 6004) -u security package provider 10=NTLM -a authentication level -F RPC/HTTP Front-end authentication flags -v verbose mode -E echo from RPC proxy -R local HTTP proxy Troubleshooting RPC Over HTTP (cont’d) Key Problems with Outlook Web Access: Problems with Outlook Web Access Implicit or explicit logon? Try explicit first http://webmail.contoso.com/exchange/lee http://firstname.lastname@example.org SP1 only Default Simple Mail Transfer Protocol (SMTP) domain name associated with HTTP virtual directory Outlook Web Access uses this in conjunction with the user name for an implicit logon and must match an SMTP alias for the user Typical symptoms http://andlt;serverandgt;/exchange yields: 401 Access Denied/Unauthorized http://andlt;serverandgt;/exchange/andlt;userandgt; yields: 404 Not Found Is HTTP access disabled? Check Internet Information Service (IIS) and protocols on user’s active directory object Agenda: Agenda Client-side issues: From creation to sending Connection issues: What if I cannot connect to my mailbox? Transport issues: From receipt to delivery How Do Messages Get to the Transport?: How Do Messages Get to the Transport? By means of MAPI client By means of SMTP (or MTA/X.400) By means of the pickup directory By means of a gateway Are messages getting to the server? Use Telnet Use pickup directory Increase diagnostic logging and look at events Enable protocol logging Telnet localhost 25 Mail from: <Some SMTP Address>: Telnet localhost 25 Mail from: andlt;Some SMTP Addressandgt; Rcpt to: <Some Valid Exchange Mailbox SMTP Address>: Rcpt to: andlt;Some Valid Exchange Mailbox SMTP Addressandgt; Data <Enter Text>: Data andlt;Enter Textandgt; Complete Message with . <CR/LF?>: Complete Message with . andlt;CR/LF?andgt; Use Pickup Directory: Copy and paste text file to the pickup directory Use Pickup Directory Routing Architecture: NTFSQueue Exchange Store Driver ExchangeStore Driver Routing Architecture Queues: Queues Routing Architecture: OnSubmission and PreCat: NTFSQueue Exchange Store Driver ExchangeStore Driver Only ever called once, even on reroute Queue 'messages pending submission' Queue 'messages pending submission' Routing Architecture: OnSubmission and PreCat Routing Architecture: OnSubmission and PreCat: Routing Architecture: OnSubmission and PreCat Routing Architecture: Categorizer: NTFSQueue Exchange Store Driver ExchangeStore Driver Categorizer made up of 10 event sinks 'Messages awaiting directory lookup' Routing Architecture: Categorizer Routing Architecture:Categorizer (cont’d): Routing Architecture: Categorizer (cont’d) Categorizer: Categorizer Resolves addresses of sender and recipient Manipulates messages based on attributes of Active Directory object (applies default proxy addresses, stamps SMTP address on message) 2. Adds recipients Distribution list expansion, mail forwarding, content conversion 3. Enforces per recipient flags and restrictions on users 4. Bifurcates messages For example recipients require different bodies Categorizer (cont’d): Categorizer (cont’d) Executes non-looping code Prevention of distribution list looping Prevention of forwarding loops 2. Performs message journaling Forwards all unresolved addresses to host mailbox Stamps fully qualified domain name (FQDN) of target message database (MDB) on message and hands to routing If recipient is a public folder, alternate algorithm used Categorizer: Sending to public folders: Categorizer: Sending to public folders This is different from Exchange Server 5.5 Exchange Server 5.5 sent to server that owned the public folder Two major stages Find a public folder store that holds hierarchy containing the public folder homeMDB contains name of public folder hierarchy Lookup hierarchy’s directory information. Gets list of servers holding hierarchy. Picks from list and sends message local server, same routing group, first server in list (no stores less than 2 days old are in list) Redirect message to a store holding a replica of the public folder Filters Also Executed During Transport: Gateway Server Transport Exchange Server 2003 Mailbox Server Store Junk Mail Folder Junk Mail Folder Inbox Exchange Server 2003 Outlook Web Access Outlook 2003 SCL = spam confidence level Spam? User Safe and Blocked Senders Exchange Intelligent Message Filter ISV Products Allow or Deny Lists DNS Block Lists Recipient and Sender Filtering Message + SCL Spam? User Safe and Blocked Senders Inbox User Safe and Blocked Senders SMTP Message Filters Also Executed During Transport Categorizer at Work: Categorizer at Work Categorizer is checking that the 'must be authenticated flag' is set on the user object Categorizer at Work (cont’d): Categorizer at Work (cont’d) Generation of non-delivery report (NDR) Troubleshooting: Troubleshooting Categorizer Directory Service Access (DSAccess) determines global catalogs to use KB article 284204 - types and codes for delivery status notifications (DSNs) Set logging to 'debugging' level 7 (through registry) Setting logging to maximum does not help Message tracking Shows messages stuck in categorizer Use Perfmon counters (KB article 231734) Categorizer related counters Troubleshooting (cont’d): Troubleshooting (cont’d) Categorizer, other tools ADSIEDIT, LDIFDE, LDP, LDSU reports Determine if AD attributes are set properly ADCdump tool (from Microsoft product support services) DUMPRP.vbs (Recipient policy dump) RecipPolicies pushed from Active Directory andgt; Metabase but not the other way. Be sure they are correct. Metabase edit tool Netmon trace (check that global catalog queries are properly formed and responses are as expected) Regtrace (KB article 238614) Archive sink Archive messages on both OnSubmission and PostCat and compare how messages are changed (Q307798) Routing Architecture: PostCat and Routing Engine: NTFSQueue Exchange Store Driver ExchangeStore Driver Queue 'waiting to be routed' Queue 'waiting to be routed' Routing Architecture: PostCat and Routing Engine Routing Architecture: PostCat and Routing Engine (cont’d): Routing Architecture: PostCat and Routing Engine (cont’d) Routing Engine: Routing Engine Focused on next hop of message Either local delivery If the FQDN stamped on message matches the homeMDB of the local server, routing is skipped Remote delivery through SMTP or X.400 Determined by routing Gateway Next hop determined through link state table. Why do we need a link state table? Within Routing Group:Point-to-point, SMTP, Port 25: Within Routing Group: Point-to-point, SMTP, Port 25 Between Routing Group: Routing group connector, SMTP, X.400: Between Routing Group: Routing group connector, SMTP, X.400 External Connectivity: SMTP, X.400: X.400 Internet SMTP Exchange 5.5 Org B Exchange 2003 Org A External Connectivity: SMTP, X.400 What Route Should I Take?: What Route Should I Take? Multiple servers, multiple routing groups, multiple connectors How does a server know which route to take to get something from server A in routing group A to server Z in routing group Z? Link state table (LST) is the answer Non-looping, most efficient, least cost path France United States Singapore United Kingdom Canada Routing Master: Link state table updates: Routing Master Routing Master: Link state table updates Link State Updates: Link State Updates X-link2state indicates an update message Routing Events: Routing Events What information can you get from the event log? Where is this being routed? Internal or external? Does this match WinRoute? WinRoute: WinRoute Match Between Event Log and Information in Active Directory or WinRoute: Match Between Event Log and Information in Active Directory or WinRoute Remote Delivery: Remote Delivery Queues andamp; Links Same final destination Same next hop Connects to destination IP address Sends 20 messages per connection bound for same link – configurable on SMTP Virtual Server Response codes dictate errors Per recipient, per message, per connection 400 level – Retryable Glitch retry (60 seconds), then enter true retry state See http://blogs.technet.com/exchange/archive/2005/04/04/403297.aspx 500 level – Permanent Generate NDR Undeliverable NDRs =andgt; badmail folder See KB article 284204 Troubleshooting: Did the message leave?: Troubleshooting: Did the message leave? Your first choice is message tracking You can also use protocol logging, or check out the event log (after you increase the logging level) Knowledge Base Articles: Knowledge Base Articles Exchange 2003 Transport and Routing Guide: http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/extransrout.mspx Q238614, 'XCON: How to Set Up Regtrace for Exchange 2000' Q233363, 'XCON: What Message Categorization in Exchange 2000 Involves' Q231729, 'XCON: DSUseCat Key and the Message Categorizer' Q274320, 'XCON: Event 9004 with Error Code 0x8007054b Occurs When Processing Inbound Mail' Q284204, 'XCON: Delivery Status Notifications in Exchange 2000 Server' Q290204, 'XCON: 5.1.0 NDRs When You Send from Exchange 2000 to Exchange Server 5.5 Computers' Q231730, 'XCON: The DSFlags Key and the Message Categorizer' Q281761, 'XCON: Attributes Required to Route Messages Through the Categorizer' Q279616, 'XCON: Adding a Registry Key to Re-Categorize Messages' Q278529, 'XFOR: ‘Forward All Mail with Unresolved Recipients’ Does Not Work' Q231734, 'XCON: Performance Monitor Counters for Message Categorizer' Knowledge Base Articles (cont’d): Knowledge Base Articles (cont’d) Q233358, 'XCON: Message Handling for an Inbound SMTP Message Meant for the Local Store' Q307798, 'XCON: The Archive Sink Utility Is Available in Service Pack 2' Q269408, 'XADM: Duplicate E-Mail in Exchange 2000' Q271930, 'XADM: Message Delivery to Global Groups Does Not Work' Q262308, 'XCON: How to Generate Application Log Events for Non-Delivery Report Failures' Q253838, 'XADM: How the Recipient Update Service Applies System Policies' Q253827, 'XADM: How Exchange Hides Group Membership in Active Directory' Q272593, 'XCON: Message Generates NDR When Sent to a Windows NT Server 4.0 Recipient Represented as Contact in Active Directory' Q250570, 'XCON: Directory Service Server Detection and DSAccess Usage' Q271201, 'XADM: Alternative Methods to Obtain a Dump of an Object' Q255253, 'XADM: How to Perform a Dump of Container or Object in Exchange 2000' Slide72: Your Feedback is Important! Please Fill Out a Survey for This Session on CommNet Fill out the Exchange Product Survey: Enter to Win an XBOX! 3 Daily Drawings Fill out the Exchange Product Survey via 2 methods: www.researchhq.com/messagingsurvey (attendee ID required) CommNet Fill out the Exchange Product Survey Slide74: © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.