May 2008 Archives
Configuration-->CN=Service-->CN=Microsoft Exchange-->CN=<Exchange ORG. Name>-->CN=Global Settings-->CN=Message Delivery-->鼠标右键-->内容
delivContLength:<10240> (0~2097151KB) 预设值为10MB,最大可以设为2097151KB (2GB)
submissionContLenght:<10240> (0~2097151KB) 同上
msExchReciplimit:<5000> (0~2147483647) 不用改
Exchange 2007传送大小,使用MAPI时会受限于Global limits、Organizational limits、使用者信箱传送大小的限制、Pickup大小的限制、集线传输规则的附件档大小限制、Connector limits、OWA 2007 (Web.config file)的上传下载大小限制。
传送大小的限制原则是:使用者的传送大小或接收大小取决于使用者信箱的传送大小限制的设定,若保持预设(没有特别指定),再由Global及ORG.两者的传送大小限制来决定,但预设上,Global是限制10MB,而ORG是没有限制,因此Global与ORG之间再取最小值,所以若使用者信箱没有特别 设定传送大小限制,预设值会被限制在10MB。
以上为纯Exchange 2007安装时的情况,若是由Exchange 2003或Exchange 2000升级上来的,则Global会保留原有设定, 一般人比较容易疏忽的是Global设定,因为这是旧版本Exchange的设定,只能由Exchange 2000或2003的管理界面去查看或设定,若是纯Exchange 2007的安装,并没有直接的管理界面或命令去指定,必须通过ADSI工具来修改
上次微软面试官问的问题,很可惜,他的答案是错误的,虽然他一再坚持并叫我回来自己查证,其实CAS/HUB Server 安装在一起做NLB是可行的.
NLB can be used to provide high availability in the following scenarios:
1. Load balancing of inbound SMTP connections for POP and IMAP client connections to the default Receive connector named "Client <Server Name>" that is created only on Hub Transport servers.
2. Load balancing of inbound SMTP connections for applications that submit e-mail to the Exchange organization.
NLB should not be used to distribute connections for internal routing between Hub Transport servers.
Besides,NLB is only avaliable on Exchange 2007 with SP1 installed.
1. For the first question: should NLB be setup before or after Ex2007 installation?
NLB should be configure after we have these roles have installed.
2. IP address you want to use as the Windows NLB cluster IP address should be an IP address on the same subnet as the NLB member servers.
3. When we begin to setup NLB the first thing is to do is to create an A-record for the NLB cluster name in DNS. So that we can use these two Hub transport/Client Access server as one. Then you have to point your MX record to Windows NLB cluster IP address, which you specified when you create the A record. So that Client will find the Hub transport/Client Access server.
4. Yes, you are right. Internally, you can use https://mail.internal.domain.com/owa ,external URL should be the https://mail.domain.com/owa
More information share with you:
How you can load-balance Exchange Server 2007 Service Pack 1 (SP1) Hub Transport Servers using Windows Network Load Balancing technology.
Using Network Load Balancing
Update
In order to keep the number of servers down in a high availability environment, administrators have been looking at using Network Load Balancing (NLB) for CAS and then co-locating the HT role on each node of the NLB cluster to also provide high availability for the HT role.
This configuration can work, and it really is not too difficult to configure. It is extremely important to note that using NLB to load balance the default SMTP receive connectors (using port 25) is not supported and is completely unnecessary since they are load balanced for all intra-Exchange communications like HT to HT communications. However, using NLB to provide redundancy and load balancing for connections to HTs that are hosting Client SMTP receive connectors (using port 587) is fully supported and may be desireable if you have a large number of external SMTP/POP and SMTP/IMAP clients that need to connect to this receive connector.
The steps that you need are to:
-
Setup two servers running Windows Server 2003 with two NICs in each server
-
Install Exchange Server2007 Hub Transport and Client Access Service (CAS) on each server
-
Configure one NIC for the Network Load Balance cluster and setup the other NIC in a separate network so it can be managed through that IP address
-
Configure NLB with Unicast and even load balancing
-
Setup the port rules:
-
Port 25 to 25 for both TCP and UDP and select the radio button to disable this port range (this will exclude port 25 from being listed to using the virtual IP address of the NLB cluster, but still allow the individual server IPs to still listen to port 25)
-
Port 465 to 465 for both TCP and UDP and selected the radio button to disable this port range
-
Port 80 to 80 for both TCP and UDP and set affinity to none (I recommend "none" so you can easily test and verify that it works)
-
Port 587 to 587 for both TCP and UDP, affinity none (this is for the client SMTP receive connector)
-
Port 443 to 443 for both TCP and UDP, affinity none
-
Port 110 to 110 for both TCP and UDP, affinity none
-
Port 993 to 993 for both TCP and UDP, affinity none
-
Port 143 to 143 for both TCP and UDP, affinity none
-
Port 995 to 995 for both TCP and UDP, affinity none
-
With affinity set to none, you can more readily test the CAS (after updating the web pages to show which server is actually responding) and verify that the load is being shared. You can also test to make sure the NLB cluster does not respond to SMTP on port 25, which it shouldn't if you set it right, and verify that each server does respond to SMTP as an individual server name.
-
You can configure protocol logging for the other protocols and telnet to the ports using the NLB IP address to see if they are loading balancing like they should. You can also use the NLB IP for the testing by sending and receiving messages and checking the message tracking logs to see that the traffic was being balanced. It all worked.
NOTE: You may want to change affinity to either single (especially if it is being used internally) or Class C (especially if it is accessible from the Internet) once your testing is done.
Introduction
The HMC 3.5 deployment tool carries out a lot of automated tasks, with somewhat mysterious names like "Initialize Active Directory for Hosting". Many customers have asked me what it is actually doing to their Active Directory configuration! This info is actually buried in the HMC 3.5 documentation (in the Deployment Automation Appendix), but I have created a simple listing of what each step actually does.
Following is an overview of what each deployment automation feature does.
1.1.1 Initialize Service Account Security
Steps Performed.
1. Ensure Windows-based Hosting Service Accounts exists in the Users container. If it does not exist, create it.
2. Reference the dn of this group in an OtherWellKnownObject on the domain OU.
3. Remove the Authenticated Users group from the Pre-Windows 2000 Compatibility Group
4. Add the Domain Computers group to the Pre-Windows 2000 Compatibility Group
5. Apply a read ACL to the domain root giving the Windows-based Hosting Service Accounts group read access to the directory tree.
If you are using a web application that uses Windows Live, such as Microsoft Dynamics CRM Live, you might be wondering, how does authentication work.
The first step in the process is that the
web application registers with the Windows Live ID service. This
registration includes creating unique keys for the application and
storing a URL that the Live ID service will use to redirect users after
they sign into Windows Live ID.
The 2nd step is when the
application wants to authenticate the user. The application will
provide the 'sign-in' link on it's web page. When clicking on the link,
the user will be redirected to a sign-in page hosted by Windows Live
ID. When this happens a token is also passed that identifies the
application. By passing in a token that was given to the application at
time of registration, the sign-in page understands who is calling it.
The
3rd step is that the user logins into Live ID. After logging into Live,
the Live service redirects the user to the applications designated page
that it registered with. The application can then redirect back to the
original landing page the user came in on. Presto, you are
authenticated to the Web application.
Windows Live does not store or pass any permissions ( or personal ) information to the application. It's the applications responsibility to manage the permissions. Windows Live is used to handle the authentication. Authentication is validating that the user is who the user claims they are. Below is a high level architectural diagram of the Windows Live ID Service.
For client side applications it's little different. On the client side, applications utilize a special component named MSIDCRL40.dll. This component handles a variety of services such as encryption. The client side application will need a to create or retrieve a key that is used. In a software+service model, this might include calling into a web service of a online application to retrieve a dynamically generated key that is used. After the call is made, a token is used that can be presented to the application that can be checked against the original key to ensure that the authentication was not compromised. After that the user is authenticated and again the application handles permissions internally. In both scenarios, the authentication is time stamped to be valid only for a specific time. The time stamped token can be 'cached' just like cookies are used in web application.
Mark..
MOSS Form Based Authentications
Part 1 - http://msdn2.microsoft.com/en-us/library/bb975136.aspx
Part 2 - http://msdn2.microsoft.com/en-us/library/bb975135.aspx
Part 3 - http://msdn2.microsoft.com/en-us/library/bb977430.aspx
Part 1 - http://blogs.msdn.com/sharepoint/archive/2007/03/06/what-every-sharepoint-administrator-needs-to-know-about-alternate-access-mappings-part-1.aspx
Part 2 - http://blogs.msdn.com/sharepoint/archive/2007/03/19/what-every-sharepoint-administrator-needs-to-know-about-alternate-access-mappings-part-2-of-3.aspx
Part 3 - http://blogs.msdn.com/sharepoint/archive/2007/04/18/what-every-sharepoint-
Exception: Microsoft.Provisioning.DeploymentTool.Engine.DeploymentExceptionDeploymentFailed
HResult: -2146233088
Message: Deployment interrupted because of a failure. See inner exception.
Stack Trace:
at Microsoft.Provisioning.DeploymentTool.Engine.Deployment.DoDeploymentWork()
at Microsoft.Provisioning.DeploymentTool.MainForm.ExecuteDeploymentSlice()
--------------------
Inner Exception (1): Microsoft.Provisioning.DeploymentTool.Engine.NamedProcedureException
HResult: -2146233088
Message: <errorContext description="The network path was not found" code="0x80070035" executeSeqNo="27"><errorSource namespace="Computer Management Provider" procedure="Group IsMember" /><errorSource namespace="Deployment Automation" procedure="TryLocalGroupAdd_" /><errorSource namespace="Deployment Automation" procedure="AddMPFConfigAdmin_" /><errorSource namespace="Deployment Automation" procedure="ConfigureMPFServiceAccounts" /></errorContext>
Stack Trace:
at Microsoft.Provisioning.DeploymentTool.Engine.ExecuteNamedProcDeploymentAction.CheckForFinished()
at Microsoft.Provisioning.DeploymentTool.Engine.DeploymentAction.Update()
中国驻美使领馆提供的帐号
Houston(Chinese Version):
http://houston.china-consulate.org/chn/zlgxx/t434173.htm
Los Angeles
http://losangeles.china-consulate.org/eng/news/topnews/t434986.htm
Donors may donate money through Chinese Consulate by sending checks under individual or organization's name either by mail or in person. Please make check payable to "Chinese Consulate General in LA" and mark on both check and envelope (attention to Ms. Wang Chengyin) with "donation for earthquake in China".
Our Location / Mailing Address
443 Shatto Place, Los Angeles, CA 90020
Working Hour
Monday to Friday 9 am to 12 pm, 2 pm to 4:30 pm.
New York:
http://www.nyconsulate.prchina.org/eng/xw/t434849.htm
Special Banking Account of Chinese Consulate General in New York For Earthquake Donations
In order to facilitate earthquake donations, especially online transfer, Chinese Consulate General in New York has opened a special banking account with Bank of China New York Branch. The account details are as follows:
Account Name: CHINESE CONSULATE GENERAL AC 1.
Account No.: 01006449.
The Chinese Consulate General in New York highly appreciates your help and kindness. If you have other questions, please call 212-244-9392 ext.1000.
Other Information:
For those in USA who cares about tax-benefit and expects company matching, please make donation to Mercy Corps at
Just select "China Earthquake".
For those in Canada who cares about tax-benefit and expects company matching, please make donation to Canada Red Cross at
https://www.paypaq.com/redcross/new/index.php
Just select "China Earthquake".
For those who do not care about tax-benefit, please join any legitimate local fund drive or donate directly to China Red Cross at
or Hong Kong Red Cross at
UK:
http://uk.china-embassy.org/eng/sghd/t434619.htm
Google:
http://www.google.com/chinaearthquake/
AU:
https://www.redcross.org.au/Donations/onlineDonations.asp
Thank you everybody! God bless them, God bless China.
BLOG:
MDT官方BLOG:
微软官方BLOG,提供最官方的信息,包括bug、新版本发布等。能找到一些有用的东西,但不是很多。尤其是更新缓慢,可以一个月看一次。
http://blogs.technet.com/msdeployment
DeploymentGuys
微软的几个Deployment组成员觉得各自写各自的太散乱,便决定合在一切写blog,组成了Deploymnetguys。虽然东西不多,但却是少数持续更新的blog。
http://blogs.technet.com/deploymentguys
Richard Smith
微软英国桌面部署的牛人,他的blog是不能错过的,尤其是需要找视频资料的时候。当然,还有各种实用脚本以及一些部署资料。不过他已经加入了Deploymentguys,包括其他几个blog
http://blogs.technet.com/richardsmith
Ben Hunter
Deploymentguys的发起者,其blog内容也相当不错。那篇《bdd2007十大问题》曾经助我解决不少难题,其他的就是些脚本和部署参考,值得一看,虽然也是不更新了。
http://blogs.technet.com/benhunter
文档:
BDD2007/MDT/MDT2008文档库:
文档库可以说是微软提供的最权威的资料,按照微软的说法,百分之九十的问题都能在文档库里找到解决办法。文档库不仅仅包含相关资料,同时引用msf模型作为整个部署的指导,引导如何进行大规模部署。
微软中国有推出BDD2007的中文文档,差一小部分ZTI部署没有完成,可以在以下地址找到http://www.microsoft.com/china/technet/desktopdeployment/bdd/2007/ConfigRef_2.mspx
John Arwidmark的Greeks Guide to BDD 2007系列:
4篇文档以step by step的形式介绍了如何部署轻量级接触和零接触,虽然是纯文本形式,却十分详尽。由于只是入门介绍,没有过多深入,适合刚接触BDD/MDT系列的初学者。
可以在deployvista.com的BDD2007栏目找到
BDD 2007微软动手实验营手册:
同 样也是Step by Step的初学者文档,不过微软的手册更加详细,已经涉及使用数据库进行自动部署,还把VISTA部署和XP部署分别进行说明。通过此手册可以基本掌握 BDD的相关内容。但由于是动手实验营的配备手册,配合微软已经制作好的虚拟机进行实验才能顺利实施。自己手动创建实验环境常常会遇到一些不可预料的问 题。
http://bbs.winos.cn/thread-27898-1-1.html
视频:
微软中国商业桌面部署加速解决方案Webcast:
微软中国为BDD2007推出而准备的Webcast,内容以BDD2007的文档为基础,每一个部分一讲,基本覆盖了BDD2007部署的方方面面,想要全部弄清楚也不是那么容易的。
http://www.microsoft.com/china/technet/webcasts/class/bdd.mspx
MDT轻量级部署xp演示视频(demo):
所 有的BDD/MDT演示视频大同小异,但都是老外作的。这里推荐的是由微软英国的Richard Smith完成。由于是英文视频,鸟语不好的弟兄可能得受累一下。另外视频经过后期制作,像安装之类的都一闪而过,千万不要认为真实情况下也是如此。这个 视频相比于下面的BDD2007版本,多了一个OFFICE2007部署介绍,也是MDT的一大特点吧~
http://www.richard-x-smith.co.uk/download/MDT%20Lite%20Touch%20Build%20Capture%20and%20Deploy.zip
使用SCCM2007管理MDT部署演示视频(DEMO)
安装完MDT,我们会发现相比于BDD2007,程序菜单里会多了三个程序。他们是为SCCM2007集成而准备的,至于怎么用,看过这个视频演示就清楚了。
http://www.richard-x-smith.co.uk/download/SCCM2007%20MDT%20Setup%20and%20Config.zip
BDD2007轻量级接触和零接触演示视频(DEMO)
同样由Richard Smith制作,这个视频制作得较早,但还是比较详细的。
http://richard-x-smith.co.uk/download/LITETOUCH.zip
http://www.richard-x-smith.co.uk/download/ZEROTOUCH.zip
WIKI
http://www.myitforum.com/myITWiki/OSD.ashx
myitforum是微软的合作论坛,其论坛上也常有微软的专家在解答。这个wiki的内容也是相当的全面,可惜长时间不再更新,内容也略显陈旧,不过如果是初学者还是很推荐来看一看,尽管只有bdd2007的内容。
论坛::
微软在中国不提供BDD/MDT的技术支持,所以大部分论坛都是在国外,挑几个比较容易。
www.Myitforum.com
www.deployvista.com
www.deploymentforum.com
当然实际上不止这三个,只是在google的时候,大多数问题都在这三个论坛里解答。
介绍的是国内最热门的自定制XP制作,虽然和BDD没有什么直接关系,但里面很多内容涉及XP的安装流程,多了解一下也是好的。文章最大的优点就是实用,即使不能直接用于BDD,其母盘制作的流程对制作bdd样机也是很有帮助。
文章上搜索引擎找吧,到处都是.....
本文出自 "xmuxsp" 博客,请务必保留此出处http://xmuxsp.blog.51cto.com/144876/72653
新的一年,理应要有新的生活,希望能够有所改变.
WDS -> Windows Deployment Services, Windows 部属服务.WDS是用于客户端网络引导的,客户端计算机可以通过PXE功能来连接部署服务器,只适用于全新安装系统场景.
BDD -> Business Desktop Deployment Solution Accelerator, 商务桌面部署解决方案.在以前的版本中,BDD 通过可管理和可重复的方式帮助您创建和维护桌面映像。现在,BDD 2007 将 BDD 与 Windows 部署服务 (WDS)、SQL ServerTM 以及 Windows Server® 2003 分布式文件系统复制 (DFS-R) 结合起来,提供了构建可伸缩部署解决方案的新增功能。
OSD -> Operating System Deployment, 操作系统部署. 这个OSD是 SCCM 2007 中新增的一个功能, 主要用来实现操作系统的全新安装与升级. OSD结合SCCM 2007可以进行多种方式的部署,比如New、Refresh、Replace等,也可以利用SCCM OSD来完成BDD ZTI(无人接触安装)的系统部署功能.
MDT -> Microsoft Deployment Toolkit, 微软部署工具包. 这个其实算是 BDD 的下一代产品, 正如很多人说的, BDD只是一个过渡的产品, MDT 才是新一代的系统部署解决方案.它将台式机和服务器部署所需的工具和流程集成到一个公用部署控制台和指南集合.此产品为使用 System Center Configuration Manager 2007 的台式机和服务器添加了新的部署和任务定序功能.
大概的介绍完成了, 近来1~2个月内有空的话, 尝试上 MDT.
http://technet.microsoft.com/zh-cn/magazine/cc137754.aspx?pr=PuzzleAnswer
使用 BDD 2007 进行简单的可伸缩部署
- BDD 2007 的核心功能
- 与 SQL Server 集成
- 构建可伸缩部署解决方案
0) this.src=small; if (current.indexOf(small) > 0)this.src=large;">
