Category Archives: General

Learn about Top 5 Exchange OST Recovery Tools of 2016

With the development of various tools for recovering Exchange OST data, choosing a right one maybe quite confusing for users. Nevertheless, their motive is to be able to restore data from damaged OST files without affecting its integrity. Now-a-days, OST recovery Tools are in high demand among users as the Exchange OST file is very prone to corruption, mainly due to the synchronization issues. In such situations, one reliable way to restore back our data like emails, calendar, contacts, etc. from such OST files is to use automated recovery software. This article will guide users in choosing the right tool by discussing the Top 5 Exchange OST Recovery Tools of 2016. Continue reading Learn about Top 5 Exchange OST Recovery Tools of 2016

GFI MailEssentials Online Reviewed

GFI MailEssentials Online Reviewed


GFI MailEssentials Complete Online (MEO) is a cloud-based anti-spam, anti-malware, and anti-phishing service that provides outsourced services for messaging hygiene, as well as additional capabilities. Email admins can add MEO to an existing messaging infrastructure without significant changes or costs, and pay for the service as an annual per-user subscription.

Requirements and Setup

MEO is designed to make implementation quick and easy. Once you have set up an account on the service, you need to perform four additional steps:

1. Provision your users in the system

2. Configure where the service should deliver clean mail

3. Create MX records for your domain(s) that point to the service

4. Optionally, configure your email system to route outbound mail through the service.


With the ability to import users or sync via LDAP or SQL, you can be up and running in a matter of minutes – this is not a service that takes many hours or days to set up. S

Sending your outbound email through an anti-spam service may seem strange, but there are several advantages to doing this. In addition to screening your outbound messages for malware or anything that might look like spam, there are additional benefits we’ll go over below.


For ease of setup, we give this a score of 5/5.

Out of the box configuration

Once mail is flowing through the system, your users are protected from malware, and to a lesser extent, spam. By one configuration, all messages detected as spam will continue to be delivered to users, though the subject line will be prepended with SPAM. You will probably want to change that default to “Redirected to the recipient’s junk mail quarantine” but this lets you get a feel for what MEO will do without actually changing the mail flow to start.


You can also adjust the aggressiveness of the filtering, and choose whether or not to use greylisting, which can reply to unrecognized servers with a deferral message. With greylisting enabled, legitimate mail servers will receive the initial deferral and then retry the message delivery, while most spam systems will simply receive the deferral message and give up.

You can also implement scheduled summary messages (“digests”), which will notify each user of all messages sent to them which were blocked as spam, and enable them to release any false positive messages without having to open a helpdesk ticket, contact an administrator, or even access the control panel.

As an anti-spam service, we’d expect it to quarantine spam by default rather than flag and forward it, so we give this a 4/5.

Management Interface

As you can see from the screen shots above, the management interface is clean and well designed, with an easy-to-follow logic and tab-based approach. The interface works well on practically any browser and operating system we tested, except for mobile devices.

As heavy iPhone users, we’d give higher marks to any service that we can use with our mobile devices, but it’s hard to find fault with such a clean and intuitive setup. 4/5.


Every customer will want to be able to customize the service, and MEO offers several options to tailor the service to better suit your needs. Whitelists and blacklists can be created based on FROM Address, TO Address, subject and source IP, you can block or allow based on character sets and attachment types, and also completely block things like egregious spam, viruses, and NDRs.


One thing we found missing was keywords. The service lets you white/blacklist by subject, but not by words in the body. It might be nit-picking, but we missed that option. Still, with all the options available, this still earns 4/5.

Performance and Accuracy

MEO performs exceptionally well, with a high degree of accuracy. During our trial we saw no spam get through the filters, and no appreciable delay in either inbound or outbound message flow. With only a couple of false positives, which were easily released, we have to give MEO 5/5 here.


We mentioned additional benefits above, and here’s what we were talking about. With all your inbound and outbound mail flowing through MEO, you can enable optional archiving to keep a record of all your email. Archiving is becoming a requirement for more and more companies, and being able to deploy it without any additional hardware or software is a great value-add. But that’s not all.

MEO allows users to log in to the portal to check for, and release, their own quarantined messages. Instead of opening countless helpdesk tickets, they can take care of themselves.

Perhaps most importantly, the service includes built-in “email continuity”. This means that any time your mail server is off-line, for maintenance or any other reason, users can simply log on to the MEO console and can use the service to send and receive emails while the production mail system is down. Given how much organizations depend on email these days, this is a very valuable feature.

With all this extra capability, we give this 5/5.


GFI MailEssentials Complete Online is a great service for email hygiene with several valuable bonus features for customers. The ease with which it can be implemented, its effectiveness, and its accuracy make for a very powerful protection for your users. Averaging 4.5/5, we consider this a great product.

Microsoft Unified Communications – User Group, India

Ladies and Gentleman,

It is our great pleasure to announce the formation of Microsoft Unified Communications – User Group, India. “Microsoft Unified Communication User Group – India” is an independent group is focussed on encouraging communication between IT Professionals motivated by self-interest in Microsoft Unified Communication products like…

  • Microsoft Exchange Server
  • Microsoft Office Communication Server (OCS)
  • SharePoint Server (MOSS & WSS)

We understand the value of networking & knowledge transfer and would like to take opportunity to assist and inspire all Unified Communication IT Professionals through this platform. This User Group is designed as an Information Resource where Unified Communication Professionals can find:

  • Articles,
  • How-To(s),
  • Technical Videos,
  • Unified Communication Industry News,
  • Forums (to discuss technical things),
  • New Product features and
  • Product understanding.

Though this User Group is based out of India, there will be no regional boundaries as “Microsoft Unified Communication User Group – India” will host Virtual Monthly Meetings regularly and occasional In-person Events to increase the awareness of Microsoft Unified Communication products. We will also host guest speakers comprising of Experts in the Unified Communications space.

We welcome your contributions and memberships along with your valuable feedback for the site.

Visit @

Register @

Invite Friends @

RSS Feeds @
News @
Events @
Articles & How-Tos @

Please feel free to get in touch with us for any of your feedbacks or queries.

Warm Regards,

Leaders @ MUC-UG, India

An open source virtual router for your labs

During a lab setup last time I wanted to deploy two active directory sites where I could deploy two different Exchange Server 2007 HT roles. I found it little difficult to achieve using windows RRAS. I was seeking for a routing software that could meet my complex needs. Windows RRAS definitely offers enough configurations those can be used to deploy a test lab at least. But, on the other hand it fails on working with lower resources and needs more memory and disk resources compared to what you need.

If you are seeking to build your own labs and deploy 2 or more AD sites in it also running low on resources. You may find FreeSCO very useful.

This is an open source utility you can use with a Linux or a UNIX box. If you are thinking that you are hardcore Microsoft guy and you wont be able to use it on a character user interface system like Linux and Unix then you really don’t need to be scared about that. Its a fairly simple installable program that can be configured using given documentation on What all you need is a little bit of knowledge of Linux and you should be good to go. I tested it on my VMware 6.5 labs and it really works great!

Thanks to the guys who developed it.

Download it from: FreeSCO’s Downloads Page

I changed my blog to WP

Due to some technical reasons with my previous hosting provider I have moved my blog to wordpress today. There are several settings to be done  yet though all the text information is available. I will update the missing screen shots and other widgets as soon as possible.

I appreciate your visit. You can come back and check the updated information.


Microsoft says no to 32 bit management console for Exchange 2010

I just came across a very good post by Paul Robichaux on Windows IT Pro under Exchange and Outlook section.

Paul discussed the demand versus availability of Exchange Server 2010 32 bit management tools very well in his post.

Bottom line of the post talks about zero expectations to see a 32 bit management console for Exchange Server 2010. Only Microsoft can tell how difficult is it for them to write a 32 management console code.

Personally, I would do a favor for a whole new x64 architecture offering a more memory addressing capabilities and performance. Yes, it does include cost to upgrade the hardware and software both but sticking back to legacy versions of hardware and software holds you back from upgrading your skills yourself.

Companies do have budgets for their IT infrastructures and may not tend to spend more money towards upgrade. But an upgrade may also help the heldesk and support teams to perform their jobs easily and much faster than they used to do. Normally, an Exchange support engineer needs to have a well equipped computer with troubleshooting tools where he/she may also need to work with some tools which demand more memory and high performance systems.

Also, if you are favoring to have a 32 bit Exchange 2010 application for your test labs then you probably need to understand that testing a performance of application on a 32 bit platform will be drastically different than having it tested on fully functional 64bit platform.

Read more about this story at Exchange 2010: No 32-Bit for You

Considering all above aspects and few more highlighted by Paul in his article probably many people may think of changing their thoughts on demanding a 32 bit management tools or the whole software for test labs.

How would the values of msExchRoutingAcceptMessageType attribute change selection?

I was helping someone a couple of days back on his problem with his Exchange Server 2003. This guy was running into a problem where users in his organization were able to send their emails to their personal email addresses using an automatic forwarding rule in outlook though the “Allow automatic forward” option was deselected  at his Exchange Server 2003 Organization level. It was certainly not really very hard to suggest him to change the value of attribute msExchRoutingAcceptMessageType to 25 which fixed his problem. Yet, it would be really a fun to know how does Active Directory determine what to be allowed and what not to be when it is based on a numeric value? This is a small try to share my findings about it. So, when you look at the following picture you will notice there are some checkboxes selected and some are not. Based on these selected check boxes the value of the attribute msExchRoutingAcceptMessageType.


Now, what is value for each of these check boxes and how it varies? Take a look at below table:

Check Box Selected Value
Allow out of office responses 1
Allow automatic replies 2
Allow automatic forward 4
Allow delivery reports 8
Allow non-delivery reports 16
Preserve sender’s display name on message NA

So, when 1st and 2nd check boxes are selected the value of attribute msExchRoutingAcceptMessageType becomes 3. In simpler terms it would be simple addition of numbers based on the above table. The last option is “Preserve sender’s display name on messages” is not relate to these values. Attribute msExchRoutingDisplaySenderEnabled stores the value of it and works on a Boolean values of “TRUE” or “FALSE”.

Well, text and picture above is pretty clear and explains the things if you understand a little of AD and Exchange but where do I locate these attributes and their values? Open ADSIEDIT.msc and browse to the location below and open the properties dialog box:


CN=Default,CN=Internet Message Formats,CN=Global Settings,CN=<Org Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration

Note: above location may change according to your customized settings.

Even before you go ahead follow this blindly and change the settings per your requirement, do take a look at your Active Directory health and replication as well. Exchange may not be able to contact AD for the correct information to read and hence allows the automatic forwarding to internet or does not apply the restrictions mentioned above.

All day events that span two days across time zones in Outlook

This is just a small follow up note to the Microsoft KB 262451. Sometimes, even if you choose the time of the meeting manually you still see the calendar entry spanned across two days. Why would that happen if Microsoft has already addressed the issue. Is this a bug? No it is not. It is a simple logic of time zones and the way outlook handles the time zone information in your calendar. The following should explain you why does it happen?


There are two users in my exchange organization Kate and Robb. Kate resides in Central Time Zone (US) and Robb resides in Pacific Time Zone (US). Rob sends a meeting request to Kate and marks this meeting as an All Day Event. Rob can see it correctly framed within a single day not spanning across the days.


However, when Kate receives this meeting she sees it spanning across two days and it appears the same even after she accepts it.


Basically, this behavior occurs because of the way outlook handles the meeting requests. If you observe correctly Outlook provides you a time frame of 24 hours to book someone’s or your own calendar. From 12:00 AM to 11:30 PM. When a appointment or a meeting request is marked as an “All day Event” outlook automatically adds the start time of the meeting request as 12:00 AM depending upon the local or mailbox time zone configured for a particular mailbox. This is one of the reasons why Kate’s calendar shows this entry spanned across two days. As written earlier if Rob’s outlook marked the start time as 12:00 AM 28th Wed according to Pacific Time it turns into 2:00AM 28th Wed in Central Time where Kate resides. Yet, the meeting is to complete after 24 hours and hence it spans across two days till 2:00 AM next day.

In an another scenario if this would have been a half day event which would have started somewhat around 7:00 AM and ended near about 7:00 PM in Rob’s calendar it would have reflected the correct booking in Kate’s calendar because according to her client time zone settings the meeting would have started around 9:00 AM and would have ended by 9:00 PM.

Another case where a meeting starts 7:00 AM PST and ends at 11:59 PM which is again more than a half day event will reflect spanned across two days to any users having its outlook client configured in CST.

Using Log Parser to determine the email traffic statistics to and from a particular mailbox

Several times there is a requirement to figure out how many emails are sent or received by a particular user in the exchange organization. Exchange Server 2007 makes it easier to determine by simply running a transport agent on an Edge Box which can be downloaded from Microsoft Download Center Message Statistics Sample Agent. But, when it comes to Exchange Server 2003 it is quite difficult to trace such type of reports. Fortunately, Exchange Server 2003 still holds this information with it in the form of message tracking logs per server. If you have message tracking enabled on your exchange servers it would not be hard for you figure out the number of sent or received emails by a particular mailbox.

Still, the question remains unanswered. How do I do this if my boss asks me to provide such reports. There are many third party tool available in the market to do the same task. But, if you are not willing to invest money to buy a dedicated software for doing this; you can use the Microsoft Log Parser tool to export this information. Below are the steps to do it:


Microsoft Log Parser 2.2 – Download

Microsoft Windows 2000 Professional or higher.

Microsoft Exchange Server 2000 or higher.

Message Tracking Log file structure:

Once you have downloaded the Log Parser from above link you can install the log parser by using the GUI interface. Yet, the application does not have a very good GUI itself. It’s a purely a console based application. Before you actually start using this application once the installation is completed we need to understand the format of the Exchange Server message tracking file. Message tracking files are saved in W3C format by default and can be parsed using Log Parser. Basically, if you open a sample message tracking log file in a text editor you can see the fields mentioned in it. They appear as below.

# Message Tracking Log File                                                                               
# Exchange System Attendant Version 6.5.7638.1                                                                               
# Date    Time    client-ip    Client-hostname    Partner-Name    Server-hostname    server-IP    Recipient-Address    Event-ID    MSGID    Priority    Recipient-Report-Status    total-bytes    Number-Recipients    Origination-Time    Encryption    service-Version    Linked-MSGID    Message-Subject    Sender-Address

In above example the Exchange System Attendant Version suggests the version of Exchange Server to which the log files belong and the text marked in maroon color suggests the fields in the message tracking log files according which details of each message is sorted.

Now we can go ahead and start sorting the things of our interest. To determine the number of emails sent/received or both by a specific user You can simply start with a simple command at Log Parser command prompt:

C:Program FilesLog Parser 2.2>Log parser -i:w3c "SELECT * FROM C:20090118.log WHERE Sender-Address like ‘’" -O:CSV >C:Output.csv

Considering the above example as a specimen, Sender-Address can be replaced by any fields mentioned above and same applies for the replacement of ‘*’. At the end of processing you get a filtered output for it. Each of the fields can be separated by a comma (,) same will apply for email addresses as well.


  • You can not parse more files from different servers at the same time.
  • If you have multiple files  to extract data from; the queries has to be run on each file separately. As a work around to it a little bit of scripting would help you to accomplish your requirement.
  • Exchange stores the message tracking information for a single day in each file.

Exchange Server 2007 and Windows Registry

Probably this would be the last post highlighting Exchange Server 2007 registry integration on a windows server 2003 system. When we browse through the windows server 2003 based computer registry where an Exchange Server instance is installed, most of the time we notice that the service control manager database showing up many registry entries for Exchange Server 2007 under it however there are several other keys which can also be seen under the registry entries of Exchange Server services. I will try to explain what all those sub keys mean.

Expanding any of the Exchange Server 2007 related registry keys in registry editor we get a view of at least one sub key under it. If noticed correctly most of these children entries are named as “Diagnostics”, “Performance”, and “Linkage”


We would take a glance at all these three and their contents.


This is basically for providing the event logging level. In some scenarios we need to bounce the diagnostics logging on some of the components of Exchange Server to understand or locate an exact problem place. Diagnostics key node will help bouncing the event logging level as per your desire and your expectations helping to locate a problem with some particular component.

As an example if you explore down till the location; HKLMSYSTEMCurrentControlSetServicesMsExchange ADAccess. Diagnostics tree node under it will list all the available sub components for MsExchange ADAccess. Values of each registry entry under the diagnostics node varies between 0-7. So, what does it return when values are set to 0 and what when it’s set to 7? Keeping in mind 0 is the lowest level of logging and 7 is the highest below table will tell what you get upon bouncing these values. If you have been already been administering an Exchange Server 2000 or 2003 box you will easily understand what changes happen in registry when you bounce up the diagnostic logging using the server properties page in ESM. The below table has been written assuming that it would be easier to co relate the levels.













Field Engineering

Diagnostics logging level 7 is considered as the expert level logging which if enabled will log events including Information, Warnings, and Errors. These errors may range between 100-1000 events a minute depending upon how the service is being used; number of calls handled by the service as well the number of errors it encounters. So, before you think of bouncing up the diagnostics logging to 7 you also need to think of the application log file settings on your server.

To set these levels manually you can browse to the location …<Service Name>Diagnostics in your registry editor and set them manually. However it is strongly recommended to do it manually. For Exchange Server 2007 a simple command using EMS would serve the purpose. To bounce diagnostics logging on any component you can use Set-EventLogLevel “MSExchangeSANSPI Proxy” -Level 5. You will notice that if there is a space in the service name of a component name the EMC will show you a red line to death.


This is something which holds the performance related data of each of the services installed on the server. You can see this entry below the registry node for most of the well known services of Exchange Server 2007 and holds information about the performance libraries (DLLs), performance counters (that you see in performance monitor of windows server 2003), a little information of performance objects in WMI and a little more about the actions to be taken when a particular incident is manually triggered by the server administrator.

Below table contains a list of common registry keys that you can see under the tree node named “Performance”.




Opens a call to performance Library DLL


Closes a call to Performance Library DLL


A threaded collection process that collections the actual metrics


This is a name of the performance library DLL


File containing list of all counters for a particular service or a component.

Thanks to James for helping to form above table. He made my understanding clearer about these. I have rest of them too and will post them later.


The optional Linkage sub key specifies the binding options for the driver by using the Bind and Export values.