Fixing RSS Feeds in Outlook 2010 Beta 2

I love RSS.  I can't believe I'm saying this, because for years, I never really 'got' it.  I knew how it worked technically, I saw how it could possibly be useful, but I just never really cared enough to actually use it, and I couldn't imagine why anyone else ever would, either.

That is, until Outlook added RSS support.

For me, Outlook is always running.  I manage half my life through that program, in fact (the other being OneNote, which I like even better).  And as I’ve mentioned before, I really dislike the current state of the web, where each web site is most like a program, with its own interface and quirks and learning curve, not to mention bugs, advertisements, distractions, and security issues.  So if I can take the content from the sites I love and read that content in a program I already know, I’m a happy man.

Outlook lets me do just that:

By default, Outlook creates a folder for each feed to keep things organized, but I’ve changed that to have everything delivered into my RSS Feeds folder.  Outlook keeps every article around until I choose to delete it, shows me which I’ve read, and lets me manage them just like any other Outlook item.  I can even forward interesting stories to friends just like an e-mail.  You can also see Outlook keep an archive of all our Slick IT articles here, which is a very easy way of having a complete backup and searchable offline reference of all our content.  Happily, the feeds I choose to read are saved in my .PST file, so I don’t have to re-add them every time I rebuild my machine or reinstall Outlook.

The Problem

When I upgraded to Outlook 2010 Beta 2, however, the magic stopped.  Everything looked okay… my RSS Feeds folder was still there, the articles I hadn’t yet read were working just fine, but I wouldn’t get any new articles delivered.  It wouldn’t sync.  I’d hit Send / Receive all day, but the RSS Feeds just wouldn’t update.  I even checked under Accounts, where they seem to show up:

But despite this, Outlook wouldn’t actually check them.

The Solution

It turns out to be quite an easy fix.  Here’s what worked for me:

1. Using Internet Explorer, add a new feed.  If you’re using IE now, just click the View Feeds button on the toolbar and then click “Subscribe to this feed”:
   
   
2. Under the File menu, choose Open, and then click Import:
   
   
3. Choose “Import RSS Feeds from the Common Feed List” and click Next:
   
   
4. Check the feed you just added and click Next:
   
   
5. Click finish, and then try another Send / Receive.  You should find all your old feeds now begin to synchronize.  You’ll only have to do this once, and you can now remove the feed you just added.  But, if you just added Slick IT, why would you?

Hope this helps!

The Fall of DomainPeople

Like many of you, I manage a few domains.  Mostly, these are on behalf of clients, and as such, great support and reliability are more important to me than rock-bottom prices.  I want to keep all my domains with the same registrar, under one account, and since many of my domains are .ca, this somewhat limits my choice in registrars.

Well, let me summarize this lengthy article with a few choice words of wisdom:

Never use DomainPeople for anything.  If you’re using them now, run away.

For years, I’ve used DomainPeople.  They have been around forever, they promise 24/7 tech support that’s easy to reach (no waiting on hold), and they offer a good selection of “value-added” services, such as DNS hosting, e-mail forwarding, and so on.  Their prices might not be the cheapest, but they’re not quite as astronomical as a couple others you probably know about.  And, keep in mind, this goes back a few years, to a time when GoDaddy wasn’t an option, Network Solutions didn’t do .ca domains (or perhaps was even more expensive than it is today), and generally, the world of domain registration was a very different place.

By the time 2009 rolled around, DomainPeople’s site and control panel was looking a bit dated.  There had been essentially no change for years in either the function or the design of their services.  But that’s okay.  It all worked.  Sure, they weren’t the most dynamic and aggressively-growing company out there, but I didn’t want that.  I just wanted a good, stable registrar.  I didn’t mind putting up with a quirky interface from the 90’s so long as they delivered where it counts.  And for years, they did.  Mostly.  And when they didn’t, it was easy to reach them by phone and have everything sorted out.

Until everything changed.

The Full Story

Let’s do this chronologically.

January 11, 2010: The first sign of change arrives.  I receive an e-mail (well, five, actually… but DomainPeople has never been particularly organized when it comes to that sort of thing) describing some upcoming changes to their control panel.  Here’s essentially what they had to say:

• Within two weeks, your account will be automatically upgraded.
• You will gain access to new features.
• Your username and password will not change.
• An auto-renew feature has been added.  If you choose to keep a card on file with us, we’ll renew any domain automatically before it expires.
• You will no longer be able to access the control panel on a per-domain basis using the domain’s password.  If you don’t want all your domains to be accessible by your master account password only, you must remove them from your master account within the next two days.

Okay, so fair enough.  New features are coming, and there’s nothing I need to do.  Wonderful!  Now, in the back of my mind, I was thinking “gee, it’s a good thing I don’t need to provide my clients with access to their domain control panel, because then I’d have only two days to set up new accounts for each and every domain, provide my clients with the new login information, and then lose the ability to manage the domains myself without keeping track of dozens of user accounts, hoping none of my clients changed their passwords”.  This should have set off a few alarms… I’m sure many of their customers were caught off-guard by this, and I doubt many of them actually responded to this in the two days DomainPeople gave.  But it didn’t affect me, there was nothing I needed to do, and I was looking forward to having a snazzy new interface with new features, so I didn’t much care.

Friday, January 15, 2010: I receive close to 10 e-mails from DomainPeople, all of which are notices of pending auto-renewals.  I also receive two notices of auto-renewal failures.  This is all a bit odd, but I figure that since I haven’t provided a credit card, this is just their auto-renewal system trying its best to do its thing.  It’s a bit odd that I was given no notice of pending auto-renewal for the two failed attemps, but that’s okay.  So far, none of this means anything; it’s just a bit of weird e-mail related to a feature I’m not using.

Saturday, January 16, 2010: I receive two notices of pending domain expiry.  This is weird… these are different domains.  I would have expected more auto-renewal notices.  So do domains renew automatically, or not?  Still, I put this down to glitches in the deployment of their new system.  Again, none of it affected me at the moment.

Sunday, January 17, 2010: Another five notices of auto-renewal failures.  This is getting a bit ridiculous.  By the way, at this time I was on a small island off the west coast, and due to a recent windstorm, had no power or Internet.  But this is all okay, because I don’t need to do anything.  I thought.

Monday, January 18, 2010: The calls start.  I’m not quite sure why so many of my clients have no e-mail or websites working at the moment, but my first thought is that it must be related to the power outage.  What weird, vital, forgotten thing do I have running through my workstation?  It’s tough to diagnose, of course, when all you have is a cell phone (thank God for Windows Mobile, and no, there is no iPhone App for that), but by that afternoon, I was eventually able to trace things back to a DNS issue.  Well, for the clients having trouble, I use DomainPeople for their DNS.  So, I call them.

They answer quickly.  This is a good sign.  I explain the problem, and they admit that yes, there was an issue transferring zone files to their new system, but there are technicians working on it right now, and the problem should be fixed in a couple hours.  So, I leave them to do their thing.  The notices of renewal failures and upcoming renewals continue.

Tuesday, January 19, 2010: Still no fix.  And still no power, unfortunately.  So, I call again.  I’m given pretty much the same story.  They’re aware of the issue, they’re working on it, and it should be fixed soon.  I’m also asked for a list of ‘high priority’ domains, which they promise to take care of right away.  After asking a few more questions, I find out that these issues would have started on Friday, and yes, many other customers are affected.  I’m a bit discouraged at this point… four days of downtime on a simple DNS server, and no estimated time of resolution?  This is not the DomainPeople I had grown to love and trust.  Still, shit happens, and it sounds like they’re doing everything they can to fix it, so I hang up feeling pretty lucky I’m not a DomainPeople admin today.

By the end of that day, I realize how much as gone wrong: no DNS for any of the domains they serve, no e-mail forwarding, nothing.  Web sites are down, e-mail is broken, and still, there’s no estimated time of resolution.

Wednesday, January 20, 2010: Still broken.  And another surprise: a bunch of my domains have auto-renewed!  How odd. I call tech support, and learn that there is a senior technician working on the issue, but this person will not accept my call or provide any further details to Tier 1 tech support.  No estimated time of resolution is available.  Apparently, I should just hang up, wait, and eventually, it will be fixed.

I inquire about the domain auto-renewals.  Well, it turns out that one of my clients had called DomainPeople directly, and was told the issue was caused by a domain name about to expire (this was entirely false), and if she didn’t renew the domain immediately, it would be gone forever.  In a panic, my client provided her credit card to renew the affected domain name.  Big mistake.  This didn’t fix the problem, of course, but it did allow the auto-renewal system to renew many domain names to her credit card.  The tech support representative was not sympathetic, but did suggest I call their billing department.

Billing agreed with my assessment, but didn’t see anything wrong.  I was told that the auto-renew process was explained in an e-mail, and that the system was working properly.  I should have turned off auto-renew if I didn’t want this to happen.  Well, here are the problems with that:

• Notice of pending auto-renewals were first given only on Friday, the 15th.  This is, by the way, the same day everything went down and the first auto-renewal failure notices started to come in.  No credit card was on file at this time.
• DomainPeople did not have authorization from me – the accountholder and domain registrant – to make changes to the billing configuration of my account.
• DomainPeople did not have authorization from the cardholder to charge the credit card for the amounts or services billed.

Eventually, the billing representative was able to see this.  The new system, however, does not have the ability to remove a credit card that has been added, and the charges could not be removed, but only reversed and then applied to a different credit card.

So, at this point, DomainPeople has told my client the downtime was due to an expired domain (entirely untrue), has charged my client (without authorization) with the renewal of many other domains (none of which were immediately about to expire), and has still not fixed the technical issues.  No one is able to offer any additional help.

I then track down a manager at DomainPeople who listens patiently to my tale of woe, takes a bunch of information, and promises to have both the technical and billing issues resolved as soon as he can make it happen.  He promises to stay in touch with me, and tells me to expect a call from him the next morning.

Thursday, January 21, 2010: Still broken.  And no call from tech support or the manager I was working with.  I do, however, have a message from the billing department advising me that auto-renew has been turned off, they’re working on the refund, and I should call to provide a bit more information.  I do, and a told that they will be able to process the reversal in the next day or so.

However, the technical issues still exist.  And worse, the tech support department has no record of anything even being wrong.  Nobody is working on this.  The senior technician responsible for this problem is ‘not available’.  The manager I spoke with earlier is ‘not in today’.  And nobody knows anything.  I’m encouraged to open a ticket using their web site.

Again, I battle my way to a senior staff member who seems to be in a position to help things.  He is very friendly, understanding, and promises to get things resolved immediately.  He takes my contact information, a list of the domains in question, the support ticket numbers I have been provided, and other details.  He then tells me he will call back as soon as he’s able to get things resolved.

Friday, January 22, 2010: Still broken.  I’ve heard back from billing, and they are pleased to say they were able to reverse the charges.

But not a word from tech support or either of the higher level people I was working with.  I’m told to sit tight, that technicians are working on this, and I will be called.

Saturday, January 23, 2010: Still broken.  Still no word.  I’m out of town and unable to do much except for call to see what’s happening.  I don’t learn much.  This marks one week since my clients had working e-mail.  I do not look good to them.

Sunday, January 24, 2010: Still broken.  Still no word.  Another call, but no more answers.  Only empty promises.  Nobody I’ve spoken with earlier is around, and nobody else seems to be in a position to help.

Monday, January 25, 2010: Still broken.  Still no word.  Things are getting really critical at this point.  I’m starting to ask myself how I’ve let things go over a week.  I could have transferred the domain to a different registrar twice over by now, at least.

I call tech support.  No changes have been made.  They have no record of any word being done on this.  The tickets I provide have all been marked as resolved, one by the original senior-level technical working on my account.  This technician still refuses to speak with me directly, and does not return the messages I have left for him.  Neither of the two managers I spoke with are available, nor have they returned my calls.  I leave additional messages, explaining how I cannot wait any longer, and this issue, one way or another, must be resolved.  I am yet again promised immediate action.

I have also now come up with a strategy on moving away from DomainPeople.  It’s not pretty, or fast, but it will work.

Tuesday, January 26, 2010: Still broken.  Still no word.  At this point, I’m done with DomainPeople.  It’s been over 10 days since this problem arose, and I am no closer to fixing anything than when I started.  I’m going to reconfigure my DNS elsewhere and point my domains to these new nameservers.  I’ll also reconfigure e-mail forwarding, avoiding DomainPeople’s services and servers entirely.  This will all take time, of course, but a couple more days of downtime followed by a guaranteed resolution that I can control looks much better than anything DomainPeople could offer at this point.  There’s only one thing that could break this: in the unlikely event that someone at DomainPeople is still working on this, they might see the changes I make to my nameservers and undo them.

So, I call.  Nobody knows anything about my issues, and nobody cares.  All tickets are closed.  There is no one able to help.  Nothing.

I leave a message, stating that no one at DomainPeople must edit my nameservers, or do anything else with any of my domains, without first talking with me, directly, over the phone.  I’m assured this will be the case, but I don’t think the representative actually does anything.

I begin the process of rebuilding DNS records elsewhere.

Wednesday, January 27, 2010: Still broken.  Still no word.  Everything on my end is now set to go, though, and I’m just waiting for the nameserver changes to propagate.

Thursday, January 28, 2010:  All my domains are now working!  This is because I moved all services away from DomainPeople, though… still no word from them, of course.

The Aftermath

If I look back, here’s what I see: for many, many years, I have a great relationship with DomainPeople.  I pay them thousands of dollars, they provide me with everything I need to offer quick and reliable service to my clients.  And then one day, the world explodes.  With no useful warning whatsoever, they break half my domains, charge one of my clients’ credit cards with a long series of unauthorized charges, and offer no assistance whatsoever in fixing anything.  For over a week, they do nothing to fix the problems they have created.  They do not return calls.  Ultimately, I am held hostage by a company who doesn’t care and doesn’t respond, and I am left to my own devices to find a way to escape and restore service to my clients.

It’s important to realize that I was never rude or hostile with anyone at DomainPeople.  Every time I called, it was always easy to find someone to speak with.  When I spoke with managers, they were all very understanding and promised to do everything they could to resolve the matter.  And while all this sounds good, the fact remains: they didn’t fix what they broke.

Hosting domains and running DNS is not hard.  These are the fundamental parts of the Internet designed to withstand nuclear assault.  There’s just about nothing that needs to be done here.  And there’s absolutely no reason why this should have broken.  That it did, and for so long, is enough to stay away from DomainPeople alone.

But to have a large,  legitimate company (who charges premium rates for their services in exchange for promised reliability and support) completely ignore a customer like this and not work towards resolving these issues is entirely unacceptable.

So, everyone: be warned!  Go to great lengths to avoid DomainPeople, because you do not want to go through what I did to learn this.

And, of course, if anyone has a recommendation for a new registrar that does .CA domains, offers DNS hosting and e-mail forwarding, and actually helps out when there’s a problem, please leave a comment!

The iPad: Please, people, think!

Okay, so you’ve read about it, you’ve seen the glamour shots, and you want one.

And maybe, just maybe, this is exactly what you need.  God knows it will sell well!  But before you drop your hard-earned cash, let’s set aside the Apple logo for a moment and really look at this.  Let’s examine this as though it had an Asus or – God forbid – Microsoft logo on it.

First, let’s get one thing straight: this is nothing new.  Tablets have been around for a long, long time.  They’ve never really sold well, because (so far) they’re not entirely practical.  Maybe once we can build a full-fledged computer the size and weight of a real pad of paper, with a nice colour e-Ink display and days-long battery, this form factor will make sense.  I’d love it.  But we’re just not there yet, and Apple hasn’t changed this.

The iPad is a device that’s defined more by what it isn’t than what it is.  It’s not a phone.  In fact, you can’t use it as a phone in any way, even if you wanted to.  It can’t even do SMS, and it has no camera.  It’s also not a computer.  Sure, you can run iPhone apps on it, and Apple even has some simple productivity applications ready for it.  But let’s be serious, people: this is not a device you can work on.  It has no keyboard, and it can’t even multitask, an absolute necessity for doing any kind of real work these days.  It’s too big for an MP3 player, it’s too small for sharing videos, and the display technology and battery life are entirely inappropriate for serious reading.

So what can it do well?  I’d love to say it’s useless, but that’s simply not true.  If I were sitting on the couch and I wanted to check something on the Internet, this would be a good device to have on the coffee table.  Some of the wonderful features and uses Apple describes are entirely valid.  Using Google Maps on this (assuming it’s supported) as your friend is driving around the city would be fantastic.  And I’d way rather review my calendar on this than my phone.

But here’s the problem: If I’m not at home, I won’t have this device with me.  I already have a cell phone that can do everything this can do (and more!), and there’s no way I’m going to lug this beast around with me just to get a few extra inches on my calendar.  If I’m at home (or work), I have a full-featured computer sitting there waiting for me that lets me do absolutely anything.  And even if I were inclined to haul a 9” device around with me (when I’m travelling or at a meeting), there are far, far better choices out there.

For example, let’s have a look at Asus’s T91:

This device is the roughly the same size (just a tad thicker, and maybe 30% heavier) as the iPad.  It can do everything the iPad does, and it can do it just as well, if not better.  But it can also do a hell of a lot more, because this little tablet runs an Intel processor with Windows.  It has USB ports, it has a VGA port, it even has (gasp!) a network port.  I can run Outlook, web sites work properly because I can use a real browser, my usual array of programs will all work here, and I can get on my network.  I can even print things!  On this device, I really can do anything.  Oh, and there’s one more trick I want to show you:

 

That’s right, an actual keyboard and trackpad!  Now sure, an on-screen keyboard on a 9” screen might be less awful than your iPhone, but with a real keyboard, you can actually type!  You know what this means?  I can get things done!

Now, I’m not saying this T91 is the device for you.  It’s not the device for me.  But it’s still a hell of a lot closer than the Apple iPad – in fact, in my opinion, it totally eclipses the iPad.  And the T91 is only one of many, many tablet devices out there running Windows (or Android, or whatever).  Sure, it doesn’t have Apple’s striking design, and it doesn’t quite scream ‘luxury’ the same way.  But if that’s what you want, go look at other tablets, because they’re out there.

And, by the way, I’ve left cost out of this so far.  The T91 sells for around $450.  Netbooks – which offer equivalent functionality with a more traditional laptop-style form factor – start at around $300 for something good.  And full-blown laptops – only a few inches larger and less than a pound heavier – start around $600.

The iPad starts at $500.  Sounds like a good price, for a laptop.  But this isn’t a small laptop.  It’s a big iPhone that isn’t a phone.  In fact, at $500, it doesn’t even have 3G Internet access, and you have to make do with a mere 16 GB of storage.  That’s about a tenth the size of my music collection alone.  By the time you add the 3G radio and bump storage up to 64 GB – the bare minimum for anything beyond a phone these days – you’re looking at over $800!  And that, ladies and gentleman, is a hell of a lot of money for a device the size of a laptop with the functionality of a phone (except for, you know, the phone part).  This also doesn’t include the $30 you’re going to be paying to AT&T every month, or the hundreds you’ll spend on matching docks and cases and accessories.

So if you want a really trendy way to browse YouTube in a coffee shop, this is probably the device you want.  But apart from that, stick with your phone and your laptop.  Soon, we’re going to have a tablet that’s worth having.  But this is not it.

Raw Music

Just launched a new site for a friend of mine who happens to be a musical genius:

http://rawmusic.ca

This is going somewhere, so get in now! 

It was a great learning experience for me, too.  It’s a simple little site, but there were two elements I haven’t dealt with before: Flash music previews, and PayPal integration.  Flash was horrible, of course, but easily tamed.  I still wish there was an alternative out there, but there really isn’t.  Perhaps in time Silverlight adoption will reach a usable level.  Working with PayPal was interesting, however.  I come away with this conclusion: PayPal is a well-designed, well-built, well-oiled machine: they’ve thought of just about everything, it works well, it’s easy for users to use, it’s easy for developers to target, it works everywhere, and it’s cheap.  There’s just one problem… there’s nothing there BUT machine.  If you ever need any help, or you run into any kind of problem, there is NO ONE who can help you.

People, we all love technology, but let’s not forget: it works for us.  The second things start to work the other way, it’s time to step way back and figure out what went wrong.

Configuring IIS Directory Security through ASP.NET

As a developer, one of the most frustrating things to contend with is the case where you spend countless hours building the perfect solution, debugging and testing and fixing until there’s not a single issue left (ha!), and then finally deploying to a production server just to see your baby crash and burn!  This is particularly common when deploying web applications, and it doesn’t make it any easier when server admins guard their machines so fanatically that us developers aren’t allowed to see so much as a stack trace.

One of the best ways to avoid this scenario is to minimize the amount of configuration that must be performed on the server to install your application.  Traditionally, this was pretty tough to do, but with the introduction of IIS 7, a pretty amazing array of settings can be controlled through web.config files.  This includes, of course, directory security.

Let’s say you’ve built a nice little web site for a new client that has a bit of ASP.NET through in.  There are some XML files in a ‘data’ directory that your code needs but shouldn’t be available through the browser.  You’ve also written a back-end to be used by your client that shouldn’t be exposed to the general public.  This is a pretty typical scenario.  Traditionally, you’d deploy the web site, add the back-end files to a sub-directory called ‘admin’, and then use IIS’s directory security to deny anonymous access to the sub-directory.  Finally, you’d deny all access to the ‘data’ directory. This works.  But let’s look at the problems:

1. Manual server configuration is required.  Is there someone around able and willing to do this?  Often, there isn’t.  In shared hosting environments, this can be particularly troublesome.
2. Deployment considerations change depending on your platform.  This sucks.
3. Permissions suck.  Between file permissions, share permissions, IIS permissions, user accounts, and more, it’s pretty common for things to go mysteriously wrong.
4. What if somebody forgets?  What if a server is rebuilt, and the guy doing the rebuilding doesn’t know about locking down your special folders?  These are not scenarios you want to consider.
5. It’s just not pretty.

Luckily, IIS 7 and ASP.NET bring us a better way.  Open your web.config file, find the <system.web> section, and add this to it:

<deny users="?" />

Now try browsing the site.  You should find that IIS now asks you to log in (or will automatically do so through Windows Authentication).  What’s happening here?  Well, it’s quite simple, really.  You just told ASP.NET to deny access to anonymous users.  Of course, this is great for controlling access site-wide, but what if you want to lock down just one directory?

Many people don’t realize this, but ASP.NET actually checks each directory for web.config files, not just the root.  Any settings specified in a directory’s web.config file apply only to that directory (and it’s children).  Some settings can only be set in the root, but many can be set anywhere.  Security is one of these.  So, let’s say you want to lock down your ‘admin’ directory.  Just add this to a new web.config file and place it in your ‘admin’ folder:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</configuration>

Want to secure your data directory, too?  Here’s how to prevent all access to a folder:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
        <authorization>
            <deny users="*" />
        </authorization>
    </system.web>
</configuration>

Simple as that!  Now, your site permissions will be included in the site’s files themselves.  Just e-mail your friendly server admin a zip file and enjoy your weekend.

But Wait…!

There’s a catch.  There’s always a catch.

This works perfectly under Visual Studio’s development server.  This will also work just fine under IIS, so long as your site only includes .ASPX and other ASP.NET files.  But, if you happen to use any other file (such as, oh, a JPG image, CSS file, or ZIP file), IIS will ignore your carefully-authored security settings and just hand out everything to everyone.  What the hell?

Don’t blame ASP.NET.  ASP.NET has nothing to do with it.  In fact, that’s exactly the problem.  For static file types, IIS just hands them out without invoking .NET (and hence without consulting your .NET-based security settings).  This makes sense… why slow things down by running a bunch of managed code when you don’t have to?  We’re just serving static files, right?

To fix this problem, you need to configure IIS to run all requests through .NET.  Open web.config (the one in your site’s root) and look for the <system.webServer> section.  Add this to it:

<modules runAllManagedModulesForAllRequests="true">

Note that if this section already exists (which is pretty likely), all you need to do is change <modules> to <modules runAllManagedModulesForAllRequests="true">.

Finally, you might want to retest your site.  You’ll now be getting requests for all file types, regardless of whether the file exists, which might expose bugs you didn’t catch before.

There’s More!

One final bit of help you might appreciate… the ASP.NET Configuration tool built into Visual Studio (check the Project menu) is actually built to help manage site security in exactly this way.  This gives you a nice web-based UI you can use to configure things rather than hand-edit XML yourself.  Just go to Security and look for Access Rules.

Enjoy!

Repairing an Exchange 2007 Database

As system administrators, there is nothing quite like the feeling you get when you are staring at a downed exchange server. Honestly, there is very little that would impact end users more than the loss of email. Unwittingly, I have even had a whole DC go down for several hours unnoticed just due to the fact that email and Internet was still working.  Losing exchange is a big deal.

All versions of exchange, despite their overwhelming complexity, have several tools available to help one repair and/or recover an exchange data store. Today’s post will mainly focus on Exchange Server 2007, but again, a lot of these tools are available with 2003 and will be available in the 2010 version.

Before we begin this, I think we are all working under the assumption that there is a recent and intact backup available. If there isn’t, I really must say – all bets are off. Backup! Backup! Backup…not doing so is playing with your career!

More often than not, the first tool you will use when dealing with Exchange database issues is the Database Recovery Management Tool. This tool can be found under the toolbox section of the exchange management console and will offer a lot of insight into why the database has failed. In worst case scenarios, it may even be able to recover the database to a working state.

Some of the functions of this tool are:

• to verify databse and transaction log files 
• to analyze log drive space
• to reset the log generation number
• to repair a database
• to show database-related event logs
• to merge or copy mailbox content
• to set the database can be overwritten by restore option.

One word of caution here though – the repair database option can and often does result in permanent data loss. Only use this option if you do not have a backed up database to restore from and this is your only option.

Another handy tool that can be used to work with your exchange databases is the Database Troubleshooter tool.

This is handy when you are faced with a database that will not mount, or there is some inconsistency in the log files due to them being excessively long or from a drive space issue.  The tool is pretty straightforward and will systematically test the database to identify issues stopping a successful connection and/or mounting.

The third tool that can be used is the venerable Exchange Server Database Utility often known as the ese utility.  The tool is located in the default Exchange install folder in the bin directory and can be used in many ways from the command line to repair or recover and exchange database. Again, another word of caution is needed here. The ese utility can result in data loss, so your first and best bet is to always try restoring from backup first if at all possible. In fact, the repair function in the (the /P switch) ese utility works by going through pages in the database that seem unrecoverable and simply discarding them to bring the database back into a consistent state. If that sounds a little scary too you, I am glad that you are fully comprehending the gravity of that switch. The /R switch will attempt to recover the database by rolling back or updating database files by replaying the transaction log. This, while time consuming, often works well in fixing the information store up.

One thing that should be mentioned at this time also – to use the eseutility, you have to dismount the database first.

Use the following command from the exchange management console to do this.

Dismount –Database –Identity “DBName\First Storage Group\Mailbox Database”  After running any of these commands, it is also advisable to use the /D switch to defragment the database as repair operations will often leave large areas of white space.

Finally, Exchage 2007 has a tool known as the integrity checker (isinteg.exe). This tool is effective in fixing relationships between databse tables such as the “public Folders” and mailbox tables. It runs at the logical schema level and because of this attempts to repair inconsistencies at the application level.   This tool is designed for disaster recovery and is often run after you have recovered a mailbox store using the eseutility or from backup.

Unfortunately, Exchange repair is never a fast or particularly fun task, but knowing and practice using the tools above will help alleviate the pressure of production server failures. Set up your own exchange environment, populate it with some garbage, and then practice breaking and recovering the database as many times as you can stomach. Try using a hex editor to cause corruption in the database and see how these tools work.  Trash it and see what you can do!

Good Luck.

Microsoft Security Essentials

Hello!

This has been a long time in coming and with this post I do apologize for the recent sparsity and brevity of the content.  Things have been really crazy to say the least.

First of all, I have a shiny new job and it has been great! My position is basically the same as what it always has been, but there is an extra emphasis on getting out and making face time with our clients – this is great and I am working with a really great group of guys that are all dedicated to their craft.

Anyway, enough of that. Let’s get on with today’s topic which is kind of a product review/plug for Microsoft’s latest entry into the antivirus market – Microsoft Security Essentials.

For years, I have been looking for the perfect free antivirus solution to recommend to my home clients and it seemed all of the offerings seemed to come up short in one area or another. While all of them did do their basic job, it seemed that each had some particular annoyance that was just short of being irritating enough to uni9nstall the product.

AVG Free, for example did a reasonable job of scanning and catching viruses and was easy to download and install, but it seemed that the virus updates were always popping up and new clients released far too often for my tastes.  Often the transition to the new client meant uninstalling the previous version completely in order to have the update complete successfully.

On the other hand, Avast suffers from faults in the ease of use category. Actually getting your hands on the product involved a myriad of fill in fields on their webpage and then you actually were forced to register the product with a valid email. This made it particularly cumbersome to install for clients as I really did not want to register in my name, nor did I want to give the pc back with Avast not registered.  Equally annoying is the daily verbal broadcast saying “Virus database has been updated.” This has made the neighbours set their whiskey glasses down a few times when it blasted out of my home theatre PC speakers at 2:00 in the morning.

As for Avira, I don’t have a lot of experience with it, but I do recall that I found the product a little unwieldly. Kaspersky is a swear word around here and that is all I will say about it. (Happy BSOD to all of you Kaspersky lovers out there.)

So, here we are. I can’t believe that I am doing this, but I am going to come out and fully recommend a Microsoft antivirus product.  Microsoft Security Essentials is great.  It is easy to download, installs very quickly, does not ask for a bunch of unnecessary information, runs silently in the background, updates itself and basically does not let you know it is there. And as an added bonus, it actually catches viruses too!

This hits the mark and is exactly what I have been looking for. I recommend that all of my readers that are running another free product give this a try – it is great.

The installer package itself can be downloaded here

http://www.microsoft.com/Security_Essentials/default.aspx?mkt=en-us#dlbutton 

Click on run, and within minutes you will be protected.  It couldn’t get much easier.

The only hitch will be for those of you not running a legit copy of Windows. You will be out of luck on this one as Microsoft does verify authenticity as part of the install.

Please everyone who actually installs this, let me know what you think.

Cheers!