Windows Tips & Tricks UPDATE, May 24, 2004, —brought to you by the Windows & .NET Magazine Network and the Windows 2000 FAQ site
Make sure your copy of Windows Tips & Tricks UPDATE isn't mistakenly blocked by antispam software! Be sure to add XPandWin2K-TipsandTricks_UPDATE@list.winnetmag.com to your list of allowed senders and contacts.
This Issue Sponsored By
Download: Be Proactive with Real-Time Monitoring!
Exchange & Outlook Administrator
Sponsor: Download: Be Proactive with Real-Time Monitoring!
There are two ways to manage your critical systems: Reactive and Proactive. ELM Enterprise Manager supports the latter. ELM Enterprise Manager is the affordable solution that monitors the health and status of your systems in real-time, provides easy to access Views, and alerts you in time to take prompt corrective action. Be proactive, download you FREE 30 day full featured trial copy of ELM Enterprise Manager NOW and start experiencing the benefits of real-time monitoring.
- Q. Why do my Active Directory (AD)-integrated DNS zones on Windows 2000 Server domain controllers (DCs) have different content on DCs in different domains?
- Q. I have an Exchange Server 2003 server that runs on Windows Server 2003 and has more than 1GB of memory. What settings should I add to the boot.ini file to optimize virtual memory usage?
- Q. How can I obtain a certificate so that I can enable Secure Sockets Layer (SSL) on my Microsoft IIS server?
- Q. How can I enable forms-based authentication for an Exchange Server 2003 server that hosts Microsoft Outlook Web Access (OWA)?
- Q. How can I enable the Change Password option in Microsoft Outlook Web Access (OWA) for Exchange Server 2003?
by John Savill, FAQ Editor, firstname.lastname@example.org
This week, I tell you how to ensure a consistent view of a DNS zone in Active Directory (AD), how to optimize virtual memory usage on an Exchange Server 2003 server that runs on Windows Server 2003, and how to obtain a certificate so that you can enable Secure Sockets Layer (SSL) on a Microsoft IIS server. I also explain how to enable forms-based authentication for an Exchange 2003 server that hosts Microsoft Outlook Web Access (OWA) and how to enable the Change Password option in Exchange 2003 OWA.
Sponsor: Exchange & Outlook Administrator
Try a Sample Issue of Exchange & Outlook Administrator!
If you haven't seen Exchange & Outlook Administrator, you're missing out on key information that will go a long way towards preventing serious messaging problems and downtime. Request a sample issue today, and discover tools you won't find anywhere else to help you migrate, optimize, administer, and secure Exchange and Outlook. Order now!
Q. Why do my Active Directory (AD)-integrated DNS zones on Windows 2000 Server domain controllers (DCs) have different content on DCs in different domains?
A. Win2K Server lets DNS zone content be stored in the AD domain context. However, because the zone content is stored in the domain portion of the AD directory, the domain is the boundary for the zone content's replication. This means if you create an AD-integrated zone on DCs in different domains, each DC has its own version of the zone but has no way to replicate the zone information among the domains.
For example, let's say I have the following three domains and DCs and that all DCs are also DNS servers:
- savilltech.com: two DCs
- child.savilltech.com: two DCs
- child2.savilltech.com: one DC
If all five DCs have the zone savilltech.com defined and configured to be stored in the AD directory, the DCs in savilltech.com would have one version of the zone, the DCs in child.savilltech.com would have a second version, and the DC in child2.savilltech.com would have a third version. Thus, three distinct versions of the zone would exist with no replication between them.
To ensure a consistent view of the zone, you must store it in only one domain--for example, only on savilltech.com's two DCs. On the child.savilltech.com domain, you can create a new AD-integrated zone for child.savilltech.com, then delegate the child part of the parent zone (savilltech.com) to the DCs in child.savilltech.com. Doing so helps spread the load among DCs in different domains. Windows Server 2003 avoids the zone-replication problem by allowing forestwide replication of DNS zones.
Q. I have an Exchange Server 2003 server that runs on Windows Server 2003 and has more than 1GB of memory. What settings should I add to the boot.ini file to optimize virtual-memory usage?
A. On pre-Windows 2003 systems that have more than 1GB of memory, it was common to add the /3GB setting to the boot.ini file to optimize Exchange Information Store virtual memory usage. On a Windows 2003 system, you must specify an additional setting in boot.ini: /USERVA=3030. The /USERVA=3030 setting splits the virtual memory allocation between user mode and kernel mode. This memory allocation lets Exchange allocate an additional 40MB of memory to the kernel for page table entries, which improves an Exchange 2003 server's scalability. The following sample boot.ini entry shows the use of the /3GB and /USERVA=3030 settings:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Server 2003" /fastdetect /3GB /USERVA=3030
Q. How can I obtain a certificate so that I can enable Secure Sockets Layer (SSL) on my Microsoft IIS server?
A. Before you can use SSL for an IIS server, you must obtain a certificate. To request a certificate from your Certificate Authority (CA), perform the following steps:
- Start IIS Manager--click Start, Programs, Administrative Tools, Internet Information Services (IIS) Manager.
- Expand the Web sites, right-click the Web site for which you want to request a certificate (e.g., Default Web Site), and click Properties.
- Click the Directory Security tab.
- In the "Security communications" section, click Server Certificate.
- In the Web Server Certificate Wizard, click Next.
- Select the option "Create a new certificate" and click Next.
- Fill in the necessary details to request a certificate.
Q. How can I enable forms-based authentication for an Exchange Server 2003 server that hosts Microsoft Outlook Web Access (OWA)?
A. After you enable Secure Sockets Layer (SSL) on a Microsoft Internet Information Services 5.0 (IIS) server (as I described in the FAQ "How can I obtain a certificate so that I can enable Secure Sockets Layer (SSL) on my Microsoft Internet Information Services 5.0 (IIS) server?"), you can enable forms-based authentication on the server by performing these steps:
- Start the Exchange System Manager (ESM) utility (click Start, Programs, Microsoft Exchange, System Manager).
- Navigate to the OWA server (Administrator Groups, <Administrative group name>, Servers, <Server name>).
- Expand Protocols and expand HTTP.
- Right-click the HTTP virtual server and click Properties.
- Click the Settings tab of the displayed dialog box.
- Select the "Enable Forms Based Authentication" check box and click OK.
If you want to stop non-SSL connections to your Exchange server, you can modify the Exchange virtual directory through the Microsoft Management Console (MMC) IIS snap-in as follows:
- Access the Exchange virtual directory's Properties page.
- Click the Directory Security tab.
- Click Edit, and in the Secure Communication section, select the "Require secure channel (SSL)" check box.
Q. How can I enable the Change Password option in Microsoft Outlook Web Access (OWA) for Exchange Server 2003?
A. Unlike Exchange 2000 Server OWA, in Exchange 2003 OWA the Change Password button is disabled by default. To enable the Change Password option in Exchange 2003 OWA, perform these steps:
- Log on to the Exchange 2003 server.
- Start the registry editor (regedit.exe).
- Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA subkey.
- Double-click the DisablePassword registry entry. Set it to 0 and click OK.
- Stop and restart the Information Store and World Wide Web (WWW) services (through the Control Panel Services applet).
You can now change the password by clicking the Options button in OWA, as the figure at http://www.winnetmag.com/content/content/42763/owachgpasswd.gif shows.
(from Windows & .NET Magazine and its partners)
Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Exchange, scripting, and much more. Our expert authors deliver how-to articles and product evaluations that will help you do your job better. Try two, no-risk sample issues today, and find out why 100,000 IT professionals rely on Windows & .NET Magazine each month!
In this free web seminar, you'll learn about the Internet Information Services (IIS) performance tuning tools, including System Monitor, Application Center Test, and Log Manager. The webcast will show how to use these tools to gather Web server baseline performance information, optimize performance and memory utilization, and test performance of applications running on the Web server with different caching and configuration settings. Register now!
In this free eBook, you'll learn how to plan your IT infrastructure to get the most out of your systems while minimizing the costs involved. You'll discover which Windows version is right for your needs, how to lower licensing and operating costs, and more. Download this eBook now!
(A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events )
Take control of your workday! If you are supporting 24x7 operations by working around the clock instead of 9 to 5, learn how you can benefit from a sound service management strategy. In this free web seminar, you'll learn practical steps for implementing service management for your key Windows systems and applications. Register now!
Comparison Paper: The Argent Guardian Easily Beats Out MOM
Microsoft(R) TechNet Webcasts: essential guidance, industry experts
Here's how to reach us with your comments and questions:
- About the newsletter — email@example.com
- About technical questions — http://www.winnetmag.com/forums
- About product news — firstname.lastname@example.org
- About your subscription — email@example.com
- About sponsoring UPDATE — firstname.lastname@example.org
Contact Our Sponsors
TNT Software -- http://www.tntsoftware.com -- 1-360-546-0878
This weekly email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.