February 13, 2011

Disabling services and protocol logging on exchange 2003 servers

Refer to http://www.tech-faq.com/disabling-services-and-protocol-logging-on-exchange-2003-servers.html

Server 2003 Services

Exchange Server 2003 uses a number of components, services, and processes that communicate between each other on the local computer and remote computers. The role of the Exchange server and the clients that it has to support determines which services are necessary and unnecessary on your front-end and back-end Exchange servers.

All unnecessary services can be disabled. The security of your Exchange Server 2003 system is enhanced when you disable unnecessary services on your Exchange server. Port attacks can no longer be preformed on the ports of disabled services.

The main factors to consider when you want to disable a service are listed here:

  • Determine if there are any components and processes that use the service.
  • Determine if there are any other services that are dependent on the service running.

Exchange Server 2003 services can be classified as follows:

  • Role-independent services
  • Services running on an Exchange 2003 front-end server
  • Services running on an Exchange 2003 back-end server

Role-Independent Exchange Services

Role-independent Exchange services are those services that are needed as determined by the role performed by the Exchange 2003 server. There are also services that are needed for the following functions to be performed:

  • Administer Exchange Server 2003.
  • Run Exchange Server 2003 Setup.
  • To maintain interoperability with previous versions of Exchange.
  • To perform routing of messages.

The following services are needed to run Exchange Server 2003 Setup. The services have to be installed and enabled:

  • SMTP service
  • NNTP service
  • World Wide Web Publishing Service
  • IIS Admin Service

Exchange Server 2003 by default disables a few services. The state of these services is though maintained if you enable the service, and then later perform an upgrade or reinstallation.

The services that Exchange Server 2003 by default disables are listed here:

  • NNTP service
  • Microsoft Exchange IMAP4 service
  • Microsoft Exchange POP3

The following services are needed to administer Exchange Server 2003. The services have to be installed and enabled:

  • Microsoft Exchange System Attendant service
  • Microsoft Exchange Management service
  • Windows Management Instrumentation service

The following services are needed to maintain interoperability with previous versions of Exchange:

  • Microsoft Exchange Event Service
  • Exchange MTA Stacks
  • Microsoft Exchange Site Replication Service

The following services are needed to enable Exchange Server 2003 to perform message routing functions:

  • Microsoft Exchange Routing Engine
  • SMTP service
  • IIS Admin Service

There are also a number of services that provide additional Exchange Server 2003 features:

  • World Wide Web Publishing Service
  • Microsoft Search

Services Running on an Exchange 2003 Front-end Server

The services listed here are required on an Exchange 2003 front-end server:

  • Microsoft Exchange Routing Engine; needed to enable Exchange to route messages.
  • IIS Admin Service; needed to enable Exchange routing functionality. The IIS Admin Service is dependent on the Microsoft Exchange Routing Engine.
  • IPSec services; these services are needed if you want to configure an IPSec filter on OWA servers. IPSec services provide security between clients and servers on TCP/IP networks.
  • World WideWeb Publishing Service; needed if you want clients to be able to access OWA or Outlook Mobile Access front-end servers.

You can disable the services listed here on an Exchange 2003 front-end server:

  • Microsoft Exchange IMAP4 service; only required if your server is configured for IMAP4 clients.
  • Microsoft Exchange POP3 service; only required if your server is configured for POP3 clients.
  • Microsoft Exchange Information Store service; because Exchange 2003 front-end server do not contain user mailboxes or public folders, you can disable this service.
  • NNTP service; needed only if newsgroup functionality is required.
  • Outlook Mobile Access server; can be disabled if you are not planning to use Outlook Mobile Access.
  • Microsoft Exchange System Attendant; if you are not planning to perform configuration changes to Exchange Server, then this service can be disabled as well.
  • Microsoft Exchange Management service; if you are not enabling the Message Tracking feature, then you can disable the Microsoft Exchange Management service. Bear in mind though that the service also enables you to use the user interface to configure which domain controller or global catalog server Exchange Server 2003 uses.
  • SMTP service; should be enabled only if the Exchange front-end server is configured to receive SMTP mail as a gateway or a front-end server for IMAP4 or POP3.

Services Running on an Exchange 2003 Back-end Server

The services listed here are required on an Exchange 2003 back-end server:

  • Microsoft Exchange Information; required because the server stores user mailboxes and public folders.
  • Microsoft Exchange Management service; if you are enabling the Message Tracking feature, you need to enable the Microsoft Exchange Management service.
  • Windows Management Instrumentation (WMI); this service is dependent on the Microsoft Exchange Management service and needs to be enabled.
  • Microsoft Exchange System Attendant; required to perform administrative tasks for Exchange Server 2003. The service is also needed for Exchange maintenance to be performed.
  • NTLM Security Support Provider; this service is dependent on Microsoft Exchange System Attendant and needs to be enabled.
  • Microsoft Exchange Routing Engine; needed to enable routing functionality between Exchange servers.
  • IIS Admin Service; needed by the Microsoft Exchange Routing Engine.
  • Microsoft Exchange SMTP; needed to transfer messages.
  • IPSec Services; required if you want to configure and deploy an IPSec policy on the server.
  • Exchange MTA Stacks; needed if you want to maintain interoperability with previous versions of Exchange.
  • World Wide Web Publishing Service; needed if you want to communicate with OWA or Outlook Mobile Access front-end servers.

You can disable the services listed here on an Exchange 2003 back-end server:

  • Microsoft Exchange IMAP4 service; only required if a front-end server is configured for IMAP4 access.
  • Microsoft Exchange POP3 service; only required if a front-end server is configured for POP3 access.
  • NNTP service; needed only if newsgroup functionality is required.
  • Microsoft Search service; can be disabled if you are not using full-text indexing of mailbox stores or public folder stores.
  • Microsoft Exchange Site Replication service; can be disabled if you do not require compatibility with previous versions of Exchange.
  • Microsoft Exchange Event Service; can be disabled if you do not require compatibility with previous versions of Exchange.

Understanding Protocol Logging

If you want to troubleshoot mail system protocol issues then you should enable and configure protocol logging. Protocol logging provides information on the message commands that a user sends to an Exchange Server 2003 server.

This includes the following information:

  • Date and time
  • Protocol
  • Domain name
  • IP address
  • Bytes sent

The following Internet protocols can be configured to track the message commands that a user sends to an Exchange Server 2003 server.

  • SMTP
  • NNTP
  • HTTP

Protocol logs are stored in the C:WINNTSystem32LogFiles directory by default.

You can configure the logging format that should be used for logging the information:

  • ASCII-based format
  • Open Database Connectivity (ODBC) format

The different ASCII format options which you can choose between are:

  • Microsoft IIS log file format
  • NCSA log file format
  • W3C Extended log file format

For the ODBC format, you have to configure which ODBC database to use, and then configure the database to receive protocol logging information. You can use Access or SQL Server to create an ODBC database. The table in the ODBC database has to contain a set number of fields. The fields that have to be created are listed below. Bear in mind that varchar(255) in Access is the same as a Text data type with a Field Size setting of 255:

  • ClientHost field; varchar(255) data type
  • Username field; varchar(255) data type
  • LogTime field; datetime data type
  • Service field; varchar(255) data type
  • Machine field; varchar(255) data type
  • ServerIP field; varchar(50) data type
  • ProcessingTime field; integer data type
  • BytesRecvd field; integer data type
  • BytesSent field; integer data type
  • ServiceStatus field; integer data type
  • Win32Status field; integer data type
  • Operation field; varchar(255) data type
  • Target field; varchar(255) data type
  • Parameters field; varchar(255)

How to enable protocol logging for an SMTP virtual server

  • Open Exchange System Manager.
  • Expand the Administrative Groups node, the administrative group, the Servers node, Server Name, Protocols.
  • Expand the SMTP folder.
  • Right-click Default SMTP Virtual Server and then select Properties.
  • The Default SMTP Virtual Server Properties dialog box opens.
  • Select the Enable logging checkbox on the General tab.
  • Choose either of the following logging format options available in the Active Log Format drop-down list:
    • Microsoft IIS Log File Format
    • NCSA Common Log File Format
    • ODBC Logging
    • W3C Extended Log File Format
  • Click Properties.
  • The Logging Properties dialog box opens.
  • In the New Log Schedule area of the General tab, choose either of the following options:
    • Hourly
    • Daily
    • Weekly
    • Monthly
    • Unlimited File Size
    • When File Size Reaches, and set the size setting.
  • In the Log File Directory box of the General tab, set the log file location.
  • If you have selected the W3C Extended Log File Format option, then you can click the Advanced tab to configure the items which should be tracked.
  • Click OK in the Logging Properties dialog box.
  • Click OK in the Default SMTP Virtual Server Properties dialog box.

How to enable and configure logging on the Default HTTP virtual server

  • Open the IIS Manager console.
  • Expand the Web Sites node.
  • Right-click Default Web Site and then select Properties from the shortcut menu.
  • Click the Web Site tab.
  • Check the Enable Logging checkbox.
  • Select the log file format from the Active Log Format drop-down list. The default format specified is W3C Extended Log File Format.
  • Click Properties.
  • The Logging Properties dialog box opens./li>
  • On the General tab, set the following:
    • Specify when information should be saved to the log file.
    • Specify the log file size.
    • Specify the log file location.
  • Click the Advanced tab if you have selected the W3C Extended Log File Format. This is where you can configure Extended Logging Options.
  • Click OK in the Logging Properties dialog box.
  • Click OK in the Default Web Site Properties dialog box.

No comments:

Post a Comment