Exchange Server 2003 Services
Several new services are installed as part of the Exchange Server 2003 installation process. Figure 1
shows these services and their default configuration for Startup Type,
the account the services Log On As, and the current state of the
service (started or stopped).
Table 1 lists and describes the services that are installed in a typical installation.
Table 1. Exchange Server 2003 Services and Their Function
| Service | Description |
|---|
| Microsoft Exchange Event | Monitors folders and fires events for Microsoft Exchange Server 5.5–compatible server applications. |
| Microsoft Exchange IMAP4 | Provides
Internet Message Access Protocol 4 (IMAP4) services to clients. If this
service is stopped, clients are unable to connect to the computer using
the IMAP4 protocol. |
| Microsoft Exchange Information Store | Manages
the Microsoft Exchange Information Store, including mailbox stores and
public folder stores. If this service is stopped, mailbox stores and
public folder stores on the computer are unavailable. |
| Microsoft Exchange Management | Provides
Exchange management information using Windows Management
Instrumentation (WMI). If this service is stopped, Exchange management
information is unavailable using WMI. |
| Microsoft Exchange MTA Stacks | Provides
Microsoft Exchange X.400 services. Exchange X.400 services are used for
connecting to Exchange 5.5 servers and are used by other connectors
(custom gateways). If this service is stopped, Exchange X.400 services
are unavailable. |
| Microsoft Exchange POP3 | Provides
Post Office Protocol version 3 (POP3) services to clients. If this
service is stopped, clients are unable to connect to the computer using
the POP3 protocol. |
| Microsoft Exchange Routing Engine | Provides
topology and routing information to Exchange Server 2003 servers. If
this service is stopped, optimal routing of messages will not be
available. |
| Microsoft Exchange Site Replication Service | Allows
Exchange Server 2003 to coexist in an Exchange Server 5.5 site by
presenting the Exchange Server 2003 server as an Exchange Server 5.5
directory service to other Exchange Server 5.5 servers. The Site
Replication Service (SRS) is disabled by default and is useful only in
mixed-mode organizations. |
| Microsoft Exchange System Attendant | Provides
monitoring, maintenance, and Active Directory lookup services, for
example, monitoring of services and connectors, defragmenting the
Exchange store, and forwarding Active Directory lookups to a global
catalog server. If this service is stopped, monitoring, maintenance,
and lookup services are unavailable. If this service is disabled, any
services that explicitly depend on it will fail to start. |
Service Dependencies
Troubleshooting
problems with Exchange Server 2003 often involves services that have
stopped. A problem you are trying to solve might seem as though it is
the result of one service failing, when the service in question stopped
only because a service it was dependent upon stopped first. For
example, if users could not log on to their Exchange Server 2003
server, you check the services and notice that the Information Store
service has stopped. While the problem could be related to the
Information Store service itself, you might also find that the
Information Store service stopped only because the System Attendant
service stopped. The System Attendant may have stopped because a
service it depends upon stopped, and so on. Table 2 lists the dependencies for the Exchange Server 2003 services.
Table 2. Exchange Server 2003 Service Dependencies
| Service | Dependencies |
|---|
| Microsoft Exchange System Attendant | Event Log |
| | NTLM Security Support Provider |
| | Remote Procedure Call (RPC) |
| | RPC Locator |
| | Server |
| | Workstation |
| Microsoft Exchange Information Store | Microsoft Exchange System Attendant |
| | Exchange Installable File System (EXIFS) |
| Microsoft Exchange IMAP4 | Internet Information Service (IIS) Admin Service |
| Microsoft Exchange POP3 | IIS Admin Service |
| Microsoft Exchange MTA Stacks | Microsoft Exchange System Attendant |
| Microsoft Exchange Management | RPC |
| | WMI |
| Microsoft Exchange Routing Engine | IIS Admin Service |
| Microsoft Exchange Event | Microsoft Exchange Information Store |
Tip
You
can view service dependencies through the Services management console,
but for the exam, you should be able to identify the dependencies of
each of the Exchange Server 2003 services. You may see scenarios where
knowing the service dependencies is essential to determining the real
problem and finding the correct answer. |
Tip
There
can be multiple levels of dependencies, where one service depends on
another, which depends on another, and so forth. There are additional
dependencies, as well, outside of the Exchange-specific services, such
as the services that the IIS Admin Service depends on, and the services
RPC depends on, and so on. When troubleshooting a service, first ensure
that there are no other service dependencies in a stopped state. |
Service Logon Accounts
In Figure 3-1,
in the Log On As column, notice that by default Exchange Server 2003
uses the Local System account to start each of the services. The Local
System account is a built-in account that has full administrative
rights; most services are associated with this account by default.
Applications such as Exchange Server 2003 use it automatically because
it is a known account with the correct permissions. However, when you
have multiple services sharing the same logon account, troubleshooting
security can be more difficult. Therefore, it is recommended that you
use a dedicated service account for your Exchange Server 2003 services.
You will configure the services to use your dedicated service account
later in this lesson.
Anyone
who has administered a version of Microsoft Exchange Server in the real
world knows that rebooting a server running Exchange Server, whether on
Microsoft Windows NT 4, Windows 2000 Server, or Windows Server 2003,
can take much longer than normal. Exchange Server 2003 is no different,
and if it is installed on a Windows Server 2003 server that functions
as a global catalog server, the server can take as long as 10 minutes
to reboot. If Exchange Server 2003 is installed on a member server, the
process is not as lengthy, but it can still take significantly longer
than rebooting a non-Exchange server. A
common workaround for this problem is to stop the Exchange services
prior to initiating the server restart. To automate the process, many
administrators use a batch file to stop the Exchange Server 2003
services and use the Shutdown.exe program (found in the Windows NT 4,
Windows 2000 Server, or Windows Server 2003 Resource Kits) to
completely script the reboot process. By doing so, the reboot process
is dramatically sped up. |
|
Delegation of Authority
Another
post-installation consideration with Exchange Server 2003 is
identifying the user accounts to which you will delegate administrative
authority for the Exchange organization. When you installed Exchange
Server 2003, the user account used was automatically given Exchange
Full Administrator rights, which includes the ability to administer all
configuration details of the Exchange organization and the ability to
modify permissions. No other accounts are given rights to administer
the Exchange organization. This means that any future administration
has to be performed under the security context of the account that
installed Exchange Server 2003. This is impractical and largely
undesirable for a few reasons. First, if you have multiple Exchange
administrators, you want to be able to track the activity of each
administrator through the Security log. If all administrators use the
same user account, it will be much more difficult to accomplish this.
Another reason is that it will be necessary to distribute the service
account password to every administrator, which will compromise
security. In addition, each administrator will have the same level of
permissions to the Exchange organization, which isn’t desirable either.
The
best practice is to delegate authority to the groups or individual
users that need to administer the Exchange organization. The standard
practice in system administration is to use security groups wherever
possible for assigning permissions and to assign permissions to
individual users only when absolutely necessary. By following these
practices, an administrator is better able to manage and maintain
security in an enterprise environment.
Exchange
Server 2003 supports three administrative roles that can be delegated
using Exchange System Manager: Exchange Full Administrator, which can
manage anything in the organization including permissions; Exchange
Administrator, which can manage everything in the organization except
permissions; and Exchange View Only Administrator, which has read-only
administrative access to the Exchange organization.
Security Alert
Authority
to administer Exchange Server 2003 can be delegated in one of two
places: at the organization level (which grants the permissions to the
entire organization) or at the administrative group level (which grants
the permissions only to that administrative group). In a decentralized
administrative model, you can delegate administrative rights to a
division to manage their own administrative group without allowing them
to have rights to any other administrative groups. And in a centralized
administrative model, you can delegate administrative rights to the
entire organization so that you don’t have to repeat the delegation
process for every administrative group that is added. |
Administration from Client Workstations
Exchange
administration tasks, including delegating authority, should not be
performed directly from the server consoles. Secure environments
strictly limit the ability to log on locally to a server, perhaps to
only the Administrator account. Allowing regular user accounts to log
on locally to servers, especially domain controllers, is not a
recommended security practice.
If
you have a workstation that meets the criteria, you can install
Microsoft Exchange System Management Tools and administer the Exchange
organization from there. Table 3
lists the system requirements necessary to install Microsoft Exchange
System Management Tools. The requirements for non-Exchange servers are
given, as well, in case you need to install the tools on a server that
isn’t running Exchange Server 2003. If a service pack level is given,
the service pack is part of the requirements, and the tools cannot be
installed on a system that isn’t at that service pack level or later. A
basic requirement for any management workstation is that it is a member
of the same domain and forest as the Exchange organization.
Table 3. System Requirements for Running Microsoft Exchange System Management Tools
| Operating system | Requirements |
|---|
| Windows XP Professional SP1 | IIS snap-in component Simple
Mail Transfer Protocol (SMTP) service component (disable SMTP service
after installation; it is needed only for the snap-in and poses a
security threat if left running) World Wide Web (WWW) service (required by SMTP; should be disabled after installation) Windows Server 2003 AdminPack (for Network News Transfer Protocol (NNTP) and Active Directory Users And Computers snap-ins)
|
| Windows XP Professional SP2 | |
| Windows 2000 Professional SP3 | |
| Windows 2000 Server SP3 | |
| Windows Server 2003 | |
The
Microsoft Exchange System Management Tools installation is very similar
to the Exchange Server 2003 installation. When your management
workstation meets all the requirements, run Setup from the Exchange
Server 2003 installation CD. The Microsoft Exchange Installation Wizard
will start, and you will go to the Component Selection page and perform
a Custom installation. The only component you need to select is
Microsoft Exchange System Management Tools; however, if you will be
managing any Exchange Server 5.5 servers, as well, you can also install
the Microsoft Exchange 5.5 Administrator. Once Setup completes, you
will be able to start Active Directory Users And Computers and Exchange
System Manager and complete tasks using the rights that you have been
delegated.
Adding and Removing Exchange Server 2003 Components
There
might be times when you need to add or remove an Exchange Server 2003
component. Perhaps you installed the Microsoft Exchange Connector for
Novell GroupWise as part of the process of migrating GroupWise to
Exchange Server 2003, and with that process now complete, you want to
remove the connector component. Or perhaps your company has recently
acquired a company that has an Exchange 5.5 organization, and you need
to install the Microsoft Exchange 5.5 Administrator in order to
administer that site. Whatever the circumstance, the process of adding
or removing an Exchange Server 2003 component involves re-running
Exchange Server 2003 Setup and changing the selections on the Component
Selection page of the Microsoft Exchange Installation Wizard.
Important
When
planning
to remove a component, it is necessary that you ensure the
component is no longer in use in the organization. With connectors,
that means making sure there are no existing connection agreements that
utilize the connector . If you attempt to remove a component that is
currently in use, Setup will block the removal, and Setup will fail. |
Usually
adding or removing a component is as simple as running the Microsoft
Exchange Installation Wizard. However, if the installation wizard won’t
allow you to add or remove a component and you know there shouldn’t be
a problem with it, there are ways to accomplish the task manually.
