Common Mail Server Configuration Mistakes

1. Installation on Unsupported Hardware

Unless there is a very good reason not to, always install Exchange on hardware supported by Microsoft.  Consult Microsoft’s Windows Server Catalog (formerly the “Hardware Compatibility List,” or HCL) for a complete list of compatible, supported hardware.  In order for a system to be considered supported, it must be listed in the Windows Server Catalog.  Systems containing some supported and some unsuported software are considered unsupported by Microsoft.  In addition to ensuring a smoother installation or upgrade, using supported hardware also means you will receive better technical support from Microsoft or other vendors should the need arise in the future.  Using unsupported hardware can cause problems ranging from intermittent mail outages to total and complete loss of data.

• Exchange Server 2008 requires both 64-bit hardware and 64-bit Windows.  See “Exchange 2007: Frequently Asked Questions” for more information.
• Exchange Server 2003 cannot run on 64-bit Windows.  See “Choosing Exchange Server 2003 Hardware for Reuse with Exchange Server 2007“ for recommendations from Microsoft on choosing the best hardware for Exchange.
• See “Microsoft support policy on hardware not in the Windows Catalog (Windows HCL)” (KB142865) for more information on Microsoft position on unsupported hardware.

2. Misconfigured DNS

Because Exchange relies heavily on both Active Directory and DNS, a simple configuration problem in either one will cause major headaches for your new or upgraded Exchange environment.  Here are a few of the common configuration mistakes when it comes to DNS and your Exchange environment:

• All Windows 2000 Servers must be on Service Pack 3 or Windows Server 2003, including Global Catalogs (GCs).  It is also Microsoft’s recommendation that at least one GC be placed in each site containing an Exchange mail server.
• Verify your Mail Exchanger (MX) records are correct and that no MX record points to the Fully Qualified Domain Name (FQDN) of an Exchange server.  See “How to Verify that MX Records Do Not Point to the FQDN of an Exchange Server.”
• If it exists, remove the root zone under Forwarded Lookup Zones in the DNS management console, as it will prevent Exchange from sending mail (outbound mail).  See “How To Remove the Root Zone (Dot Zone)“ (KB298148) and “‘Host Unknown’ message when sending outbound Internet mail” (KB289045) for information on removing the root (AKA “dot”) zone.
• See “Exchange Server 2003: Verifying DNS Design and Configuration“ for more information on verifying your DNS configuration.

3. Misconfigured Active Directory

Active Directory (AD) plays a crucial role in the configuration, performance, administration, and security of Exchange Server 2003 and Exchange Server 2008.  There are several “gotchas” to watch out for when configuring Active Directory for use with Exchange.

• Be certain that Active Directory Connector (ADC) is installed, and that you are using the version appropriate to your installation or upgrade.  The ADC is responsible for replicating Exchange information to and from AD, and must be upgraded to the version included in Exchange 2003 prior to upgrading Exchange itself.
• Check your domain level(s).  Exchange Server 2003 is supported in 5 AD domain levels which basically break down into 2000/2003 mixed or native and mixed 2000 and 2003 domains.
• See “Overview of operating system and Active Directory requirements for Exchange Server 2003”(KB822179) for a complete list of requirements.

4. Disabled Message Tracking

Message Tracking is one of Exchange’s best features for troubleshooting mail delivery problems.  Microsoft describes Message Tracking as follows: “Message Tracking Center, when it is enabled, logs information about the sender, the mail message, and the message recipients. Specifically, you can review statistics such as the time the message was sent or received, the message size and priority, and the list of message recipients. You can also log the subject line of e-mail messages. The Message Tracking Center searches for messages such as system messages, public folder messages, and e-mail messages.” ¹  Unfortunately, Message Tracking is not enabled by default on Exchange 2000 or Exchange 2003.  If you are running Exchange Server 2007, and the system has the Hub Transport server role, the Mailbox server role, or the Edge Transport server role Message Tracking is enabled by default.

See: “How to enable message tracking in Exchange 2000 Server and in Exchange Server 2003“ (KB246856) for more information.

5. Misconfigured Anti-Virus Software

It should go without saying that any Windows mail server should have a properly configured and up-to-date anti-virus solution.  One has only to look at the abundance of viruses to be convinced the effort of maintaining anti-virus software is well worth the time, effort, and expense.  Misconfigured anti-virus software, however, especially on such highly-visible and highly-used systems as mail servers, can affect problems from minor performance issues to major catastrophic failures.  Properly configuring the parameters of your anti-virus software can be an art as much as a science.  On the one hand, if your anti-virus configuration is too inclusive, or too stringent, it may cause a severe performance penalty on the system.  If, on the other hand, the configuration excludes too many processes, services, directories or files, or its policies are too lax, it may be vulnerable to attack.  In many cases, this second case is the worse possible scenario a system can be in, simply because an anti-virus solution is installed and configured, therefore it is assumed that the sysem is safeguarded against such attacks.