Categories
2010 exchange

Restrictive Throttling Policies in Exchange 2010

Exchange Server 2010 has the ability to limit user and administrative actions. But in testing this feature in a lab I set the default policy (which by default affects everyone, including the Administrator account) to a policy that stopped me undoing the policy again!

I ran Set-ThrottlingPolicy def* -PowerShellMaxConcurrency 1 -PowerShellMaxCmdletsTimePeriod 1000 -PowerShellMaxCmdlets 1 which had the effect of saying I could open one PowerShell session (that is okay – its my lab environment), run a single cmdlet (maybe a bit too low) and to run one cmdlet every 1000 seconds. I had not worked out that 1000 seconds is over 15 minutes.

The problem came two days later, starting Exchange Management Shell and connecting to the remote PowerShell endpoint obviously invokes more than one cmdlet. The second cmdlet is terminated, and so Exchange Management Shell cannot start – ever!

The error message I got was:

The WS-Management service cannot process the request. The user load quota of X requests per Y seconds has been exceeded. Send future requests at a slower rate or raise the quota for this user. The next request from this user will not be approved for at least Z milliseconds.

X is the value of PowerShellMaxCmdlets and Y is the PowerShellMaxCmdletsTimePeriod

So to fix I cracked open ADSIEdit – not to be done lightly, as it runs the risk of destroying the entire Exchange organization and Active Directory.

To fix this and reset the Throttling Policy connect to the Configuration Naming Context in ADSIEdit and navigate to CN=Global Settings,CN=organization name,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain. Open CN=Default Throttling Policy_guid and edit msExchPowerShellThrottlingPolicyState to read:

v~0~con~18~cmds~-1~per~-1~que~-1~excmds~-1

Once Active Directory replicates you will be able to run PowerShell cmdlets in Exchange Management Shell. The first cmdlet I would run would be one to ensure that you are back to the default policy just in case you made a mistake in ADSIEdit:

Set-ThrottlingPolicy def* -PowerShellMaxConcurrency 18 -PowerShellMaxCmdletsTimePeriod $null -PowerShellMaxCmdlets $null -PowerShellCmdletQueueDepth $null

Categories
2010 SCOM

Managing Exchange Server 2010

The recently release Release Candidate (RC) version of Exchange 2010 also has available the Management Packs for System Center Operations Manager. Unfortunately it does not have any documentation available!

To configure System Center Operations Manager (SCOM) to work with the RC version of the management packs you need to enable proxying of the agent, or you will just be left with each Exchange Server listed, but showing “Not Monitored”.

So install your agents to your Exchange Servers and wait until they appear under the Agent Managed node of the Administration view. Right-click the agent and choose Properties. Change to the Security tab and tick the box “Allow this agent to act as a proxy…” and click OK. Finally restart the System Center Management service on the Exchange Server (net stop healthservice | net start healthservice).

Then each Exchange Server will begin to report issues with the installation within 15 minutes.

Categories
2007 2010 2013 exchange

P1 and P2 Headers in SMTP

P1 = the value on the MAIL FROM command of the SMTP connection (the message envelope) as defined in RFC 821.
P2 = the email address in the message body as defined in RFC 822. These include the FROM, REPLY TO and SENDER fields

For example, the following SMTP command sequence describes where P1 and P2 are used:

HELO server
MAIL FROM this_is@my_p1_address.com
RCPT TO: recipient@domain.com
DATA
FROM: this_is@my_p2_address.com
TO: recipient@domain.com
SUBJECT: This is a blog on P1 and P2

This is the text of the message
.

The MAIL FROM value should be your email address, but it does not have to be (ie one of the reasons why spam is so prevalent)
The FROM: header should match this, but this value is what is displayed in the email in Outlook (and other clients). The P1 address is used for routing and not display.

If the connection to an Exchange Server is anonymous then the P2 address will contain the display name and the email address, but if it is an authenticated connection then the P2 email address will be resolved to the value in the address book and this value will be displayed.