First, I had Server 2008 R2 Datacenter as my operating system on both the existing server (denoted double) and the new server (denoted ruby).  The servers could clearly communicate with each other within the same datacenter as well so that file / data transfers could be effective.  The first thing to adding any server is to give the new server a name and know its network configuration details ahead of time.  I’m not going to go into details about how to install Windows, since it’s pretty simple.  Just make sure that you have the correct drivers installed for your server after the installation completes.

Note about installing Windows: just so that you don’t run into any issues with your system, make sure that your primary hard drive is attached to the first port for your motherboard’s interface, in my case, the first hard drive was connected to SATA 0.  If you don’t do this, you’ll run into a lot of problems and waste a lot of time (like I did!).  In addition, make sure that your BIOS has AHCI enabled prior to installing Windows, this also caused problems in my scenario.  Once Windows is installed, make sure that you can disable write caching on your hard disk without the operating system freezing (in computer management, under storage, right click the disk and optimize for quick removal).  If you followed the above, this shouldn’t cause Windows to hang, and will prevent Active Directory from incapacitating your system during the restart phase of the installation.  In addition, this is a good time to name your computer, join it to some default workgroup, add remote administration features, and change the time zone / clock settings.

Before continuing, I’d also recommend disabling Internet Explorer’s advanced security features; this is done by going to the computer management main screen and scrolling down, finding IE ESC and turning it off (acknowledging all of the warnings).  If you keep them on, you’ll find yourself doing way too much work to download necessary applications, etc.  These features are only useful if you plan on doing general web surfing on the server (which I would not recommend for security reasons).  I also activated windows, ran all the necessary windows updates (several reboots and optional updates as well).  After this all has been done, I ended up rebooting the machine a final time.

At this point, I installed several applications (using IE to get Google Chrome initially).

• Google Chrome (http://chrome.google.com) for web surfing / downloading the rest of these
• Adblock plus for chrome (http://adblockplus.org/en/) to block malware / ads
• 7zip (http://www.7-zip.org/download.html) for good archive file support
• Microsoft Security Essentials (http://windows.microsoft.com/en-US/windows/products/security-essentials), Windows 7 version works fine, this is a quick, safe, free antivirus solution for all of those who hate Symantec’s ability to slow down the entire system (hey, that’s me!)   This is also good for desktop users!  I would recommend disabling the scheduled Sunday scan since real-time protection is sufficient in my case.
• Magic ISO (http://www.magiciso.com/tutorials/miso-magicdisc-overview.htm) to mount ISO images (including the Exchange 2010 ISO if you downloaded it from MSDN like I did).
• Office Filter Packs which are a prerequisite for Exchange 2010 (http://www.microsoft.com/download/en/details.aspx?id=17062)

At this point, I added 2 custom firewall rules on both servers that allowed unrestricted incoming traffic from each server.  I then started the Active Directory installer by installing the AD User Service Role, and then ran DCPromo.exe as suggested by the installer.  I did an advanced mode install, adding a new controller to an existing domain in an existing forest, installing the DNS role locally, and I let it install.  For the AD Restore Password, make sure you remember what you set it to since this will be the password to the local (inaccessible) administrator account on the server incase everything fails.  At this point, the server should reboot at least once on its own.

Next, I mounted the Exchange ISO and went through the step by step screens to install it.  For me, I installed the mailbox, client access, hub transport, and management tools roles.  I told it that the client role would be internet facing to the OWA website (matthouse.org).  Exchange takes roughly 3 hours to install at this point.  After it is done, you should enter the Exchange Management Console (EMC), enter a product key to active it, and add a send connector for your organization (for the new server specifically).  If you’re wondering why your server isn’t sending mail (and you’re new to this and installing Exchange for the first time), try adding a send connector that is internet facing and allows *, that will fix your problem.

You will want to run Windows updates again and make sure that all of the Exchange updates are installed before continuing.  This may require several reboots of the server.

At this point, Exchange should be synched with the other server mostly so it’s time to start migrating services.  I first recommend changing all of your DNS records for mail over to the new server and give them time to propagate (as per the Time to Live [TTL] value on the record).  I also did mailbox remove requests (through the EMC) to the database on the new server; this should be fairly intuitive for anyone with a background in at least some systems administration.  I also went through all the client access role options and made sure that the internal / external sites for IMAP, POP, OWA, OAB, and ECP were properly set up for my main OWA address (matthouse.org).

Since Exchange by default requires https://server/owa to gain access to Outlook Web Access [OWA], I needed to add a few files to the web root of the domain to properly forward the user onto the OWA website when they went to the main website.  To do this, simply go to the IIS manager, go to the Default Website, and right click and open the document root.  In here, add 2 files as follows:

Web.config:
<?xml version=”1.0″ encoding=”UTF-8″?>
<configuration>
<system.webServer>
<httpErrors>
<error statusCode=”403″ subStatusCode=”4″ path=”https://matthouse.org” responseMode=”Redirect” />
</httpErrors>
</system.webServer>
</configuration>

Default.aspx

<script language=”c#” runat=”server”>
private void Page_Load(object sender, System.EventArgs e)
{
Response.Status = “301 Moved Permanently”;
Response.AddHeader(“Location”,”https://matthouse.org/owa”);
}
</script>

Basically, these 2 files will forward anyone from the web root to the appropriate OWA directory in SSL (https) mode.  I figure that anyone competent can figure out what needs to be changed, it isn’t rocket science, after all.

At this point, I added a real RapidSSL certificate to the server.  To do this, I went to the Exchange Management Console, went to the server tab, found the place to generate a CSR (Certificate Signing Request) and I created one.  I pasted everything from the CA (Certificate Authority) and imported it to Exchange and set all the services to use it (IIS, SMTP, POPS, IMAPS).  I also found the remote desktop session host manager window, right clicked the configuration of the server, and right clicked on rdp-tcp and went to properties.  I selected the general tab, selected the appropriate already installed certificate and ok’d everything, after restarting my RDP session, I had the new secure connection.

For anyone who is curious about anti-spam, there is a hidden anti-spam feature on the Exchange Hub Transport role, to get this, you can run the below steps in the Exchange PowerShell environment.  Afterwards, you will see an Anti-spam option in the Hub Transport role node under the Organization Configuration node of the EMC.  As for me, I opted for Forefront Protection 2010 (formerly Forefront Security 2010) since it provides a much more sophisticated scanning engine, although it does cost more and takes a lot more memory and configuration to get running smoothly.

• cd /
• cd c:\
• cd program files
• cd microsoft
• cd exchange server
• cd v14
• cd scripts
• ./install-AntispamAgents.ps1
• Restart-Service MSExchangeTransport

After all of this, I also found an IE9 / EMC interoperability bug where you can’t close the EMC if IE9 is installed on the system, this seems to be a bug with the Microsoft Management Console (MMC), so the patch can be directly downloaded from Microsoft, I would recommend searching Google for hotfix 2624899 to get the patch.  Keep in mind that a hotfix rollup in the future will include this patch from Microsoft so I’d recommend only installing it if you have this issue.

At this point, I’d recommend securing the firewall, RDP’s port, and adding some backup scripts.

Next, it is time to remove the old server.  I ran the following in the Exchange Management Power Shell Environment: “Get-Mailbox -Arbitration -Database db1 | New-MoveRequest -TargetDatabase db2”, where db1 is on the old server, and db2 is on the new server.  In EMC, I went to the organization node > mailbox > offline address book (OAB), added a new OAB generated by the new server and removed the existing one generated by the old server.  I also went to hub transport under organization, went to send connectors and removed the old server from the send connector.

On the new server, go to Active Directory Sites and Services under Administrative Tools and find each domain controller and view the properties.  Make sure the new domain controller is a global catalog and the old domain controller is not a global catalog server (respectively), these will be under the NTDS settings properties page.  Next, we need to transfer several roles, I used (http://www.petri.co.il/seizing_fsmo_roles.htm) as a guide for this.

• open command prompt (run cmd)
• ntdisutil
• roles
• connections
• connect to server <new domain controller>
• q
• transfer naming master
• transfer infrastructure master
• transfer PDC
• transfer RID master
• transfer schema master
• q

On the old server, remove the Active Directory Certificate Services role if it exists (you can probably ignore any warnings since Exchange should be using external certificates).  You may have to reboot the server.  Finally, go to add/remove programs on the old server, and remove Exchange 2010 by deselecting all of the roles.  Exchange automatically detects if it is safe to remove everything and will transfer anything left behind over to the new server.  Do the same for Active Directory by running DCPromo.exe (under the Active Directory node of the server management console), and running through the prompt.  If you get any warnings / errors when attempting to remove Exchange / Active Directory, take the advice and don’t continue since you might end up creating a lot more work for yourself.

Once everything is removed, you can trash the old server from the network and Exchange has been successfully moved.  For me, I ended up having about 4 reboots that affected OWA for users for a total of roughly 5 minutes each while Exchange rebooted.

As usual, thanks for reading.  Disclaimer: this information is provided on an as-is basis, I do not guarantee that this will work in your scenario, but I hope that it can help someone else out that is having similar difficulties to the ones that I’ve described.

Before I get to the main point, I’d like to explain how a web server acts under the hood.  Deep down in the guts of the web server’s programming, there is a concept called a socket and a protocol.  Sockets are used to open a connection from any web browser (Internet Explorer, Firefox, Chrome, Safari, Opera, etc) to the web server sitting in a data center somewhere.  A socket is similar to establishing a telephone call to a friend, the wires that connect both ends of the telephone receivers together can be viewed as a socket.  A protocol can be simply described as a means of communication.  When you’re on the telephone, there is a way that you speak, for example, you expect to hear hello before the conversation begins, and there are pauses and such as both sides understand the other.  If the connection is weak, one side may ask to hear the message over again.  This is the normal protocol of a telephone call.  Computers are no different, they expect hello messages, acknowledgment messages and such to validate that the message each side got was the correct message.  In the web’s case, this protocol is called Hyper Text Transfer Protocol (HTTP).  Finally, there is data that is passed through the socket.  The data follows the protocol specification.  On the telephone, you’d begin speaking English, then once done, you’d wait for the other side to return its response in English.  Most web browsers understand HTML (Hyper Text Markup Language) and this is passed through the socket.  The last paragraph has been ultra simplified so that you can get the idea.

Contrary to popular belief, Windows hosting is actually just as compatible with the world as Linux hosting is!  Because of HTTP, all web servers must communicate using a single protocol which is HTTP.  All browsers that work with the web send an HTTP request to a web server for a certain content and the web server returns it.  It may not always be plain text (HTML is written in plain text), but at times it may be binary (1/0 encoded) data that contains an image or other files.  Regardless, the web server must be uniform in a response, it is up to the browser how this data may be displayed.

ASIDE: Most web developers are annoyed about how they HAVE to test Internet Explorer, Opera, Firefox, Chrome, and Safari to make sure that their web page looks correct.  Browsers all will get the same exact data from the server, but they parse the data differently.  Think of English, I’m sure that you’ve been in situations where you misunderstood the other party and therefore took a different action.  Computer browsers parse (or understand) the same web page differently, so they may display web pages a bit different than other browsers.  To implement (program) a browser, you need to look at the specification of the HTTP protocol and HTML language then give the browser methods to display what it understands.  There is no single way to write a parser, therefore all parsers (browsers in this case) may produce slightly different results.  In the past, Microsoft has been the worst offender since they didn’t fully implement the HTML specification which is well known, but they’ve gotten much better.

Back to the original topic, since all servers have to return the same exact data, it doesn’t matter what operating system is on the server, it will return the same compatible data regardless.  So now, what are the differences between Windows and Linux based hosting?

Windows Hosting-

• Price: Just like with your copy of Windows on your local computer, a copy of Windows for a server is quite pricey.  If you want the latest and greatest Windows Server version (currently 2008 R2), you are looking at anywhere between $300-$1500 PER COPY of Windows Server 2008 R2.  This is on top of the costs to keep the server running in a data center that is climate controlled and sufficiently powered (backup systems in place, multiple excellent internet connections to many providers).
• Stability: Windows has a monthly release of updates from Microsoft, sometimes these are more frequent as important issues are found and fixed.  Normally, 99% of Windows updates require a reboot of the server.  During the reboot, your websites are not accessible.  Therefore, you can easily look at 5 to 10 minutes of downtime at least once per month if your host cares anything about security.
• Ease of administration: Most administrators start in Windows and never leave because Windows typically babies the administrator through any task.  Windows has really nice wizards that take all the difficulty out of administration.  Windows also typically can fix itself if it runs into issues, so there is less time spent fixing problems.  Unfortunately, since administrators don’t need to know a lot to get by with Windows, some security measures are often overlooked.
• Control Panels: These are often desired in hosting since it gives the client the power to do anything with their website space, including create accounts, view statistics, add additional domains, control email accounts and more.  There are 4 control panels that I’m aware of, they are dotnetpanel, vdeck, plesk, helm.  All 4 of these controls panels can cost anywhere from $20-$100/month to maintain from their suppliers.
• Supported Languages: ASP.net, ASP, JSP, Perl (CGI), PHP, Python, Ruby, etc
• Supported Database Servers: MySQL, MSSQL, Oracle, etc

Linux Hosting-

• Price: Linux is free, so you’re really looking at the bare cost to keep the server running in a data center.  This dramatically reduces the cost of hosting.
• Stability: In my experience, I see the need to reboot a Linux server every 4 to 5 months due to a major security vulnerability that involves the kernel (the heart of Linux).  Linux can be easily updated without a reboot, so clients typically experience much less down time.
• Ease of administration: Linux has very few wizards and graphical screens that say “let me baby you through this dreaded task”.  In fact, Linux is 99% controlled by the command line when it is used as a server.  Often, Linux often will not even notify the administrator that there is a problem directly.  Therefore, administrators tend to monitor Linux more closely.  They also know the command line more because to get a server running in Linux takes a lot more knowledge than it does in Windows.  Linux administrators are also more likely to know about security measures more because they read more about flaws that are found.  This makes Linux administrators get a better pay check, but in the end, Linux tends to be very stable because the admins really know what they’re doing (in most cases).
• Control Panels: Like Windows, control panels on Linux cost between $20-$100/month from their suppliers.  The most common panel for Linux is CPanel, Plesk also exists.  These give you full control over your web space and in many cases, they also simply the administrator’s job by doing the hand editing of vital configuration files automatically (like Windows would do).
• Supported Languages: JSP, Perl (CGI), PHP, Python, Ruby, etc
• Supported Database Servers: MySQL, Oracle, etc

So, I’ve done a comparison, what is the verdict?  In my humble opinion, Linux is by far my choice of a hosting platform.  Although Linux admins may cost a little more, they really don’t cost enough more to make it unreasonable (Windows admins make a good pay check too!).  It does everything that Windows can do and more.  There is just one catch with Linux.  Linux doesn’t support Microsoft SQL Server or ASP.NET (active server pages) fully (You can achieve partial support using MONO).  Therefore, if you must have a website that uses either MSSQL or ASP/ASP.NET, I’m afraid that you have no choice if you want your website to work without problems.  Most websites are programmed in PHP, so this is rarely a problem, but for some businesses that started long before PHP was created, ASP is a need, therefore, Windows is needed.

Yet another Aside: You may have noticed that not too long ago, I added a new Windows server to Matthouse (bit).  This was added because I do not have a lot of ASP experience and I thought it would be nice to get some experience with it.  I’ve decided to use ASP to pull data from Microsoft Exchange to display a new calendar on FamousPhil.  I hope that this is done by the end of August!  Unfortunately, I cannot access Exchange from PHP, so I had no real choice but using ASP.net to pull data.

This blog post was made because I’ve always seen newbies go for Windows without a real reason.  Its sort of like the Mac fans who fight to get Mac products for no real advantage over something like the Android OS on Verizon Phones.  Hopefully this blog post will convince you that Linux is indeed a better choice unless you seriously want to learn or use ASP.net for your website.

For those of you who don’t know what an RTM is, this is the Release to Manufacturing version that usually becomes the full version within a few months automatically.  Unlike Release Candidates, the RTM version of any software packages will become the full version meaning they don’t require any re-installation or pose any security threats to use in production.

Exchange 2010 is important for me because it will introduce the send as function like hotmail and other providers have.  I have many email addresses, but my University at Buffalo address is my most important, so I send as my @ Buffalo address.  With 2010, this will no longer be the case because I will reply to email as the address it was sent to.  I believe this will prevent a lot of confusion to contacts that don’t recognize my university address.

With Exchange 2010, I will also be upgrading the hardware that hosts my email infrastructure.  I will be supporting Server 2008 R2 which is the latest operating system for Windows Server.  I believe this was only fully released a few days ago and it is very similar to Windows 7.  For those of you who don’t keep up with new releases of Windows, Windows 7 will be released to everyone late this month.  I am currently using the RTM version of Windows 7 and I find that it is about 10x faster and more stable than Windows XP.  Compared to Windows Vista, I’d say its about 50x more stable, faster, and more efficient.  Since Server 2008 is Vista’s server operating system, I prefer to stay away from Server 2008 entirely.

For those of you who are thinking about upgrading to Windows 7, I’d strongly recommend it!  First, if you are running Windows Vista, you’d be nuts not to goto Windows 7 within a few months of its final release.  Windows 7 is practically the same but much more efficient.  You will find that everything will be much easier to use on Windows 7 than Windows Vista.  For those of you on Windows XP, it might be time to bite the bullet and upgrade (like I did).  For the most part, if your system runs Windows XP fine, it will not have any issues running Windows 7 fine.  I did find a few minor problems with XP applications (mostly MIDI musical instrument related) not working on Windows 7, but support is fairly good otherwise.  Just one word of caution to the developers out there, if you want to run Visual Studio 2005/2008 on Windows 7, don’t install any Microsoft Office 2007 compatibility pack or PDF package.  These will make Visual Studio’s Installation fail (on my preliminary tests).

Now to get into some security updates.  I plan on migrating all of my systems to a more secure environment shortly after Exchange 2010 is fully implemented.  I will have 1 gateway server that serves as a connection point for all services within Matthouse to keep everything tightened down.  Within the next few months you can expect performance increases on sites that I host including my own (this one).

I have a lot more to blog about, and I hope to get around to it all as time permits.  My next blog will hopefully be something about mail filtering.

My first look at Windows 7 came in the form of a beta last April (2009).  I had a spare hard drive on my desktop computer that is meant for testing operating systems like this.  I spent a few hours going through an installation process very similar to Vista and I compared all the memory and cpu usage details to that of a similar Windows XP and Vista install.  Compared to XP, it was about the same, compared to Vista, it was about 50% less.  This alone hinted that I would very much like this version of Windows.  I then uninstalled it and prepared for a Windows XP to 7 migration when the release becomes available to me.

We are now at the release version of Windows 7 that will be supported through the end of the Windows 7 frenzy.  I decided that I should upgrade my systems from XP now because its the final week of summer and I may not get a chance to perform an upgrade without any risk until next year sometime (and personally, I want the new flashier features that XP doesn’t have and Vista sucks at showing).

The Windows 7 install was very much like that of Windows Vista, its a very flashy interface and very easy to navigate.   There wasn’t that much to it, simply do the “next next finish” routine that Windows has implemented so well. After the install, the release version I have looks somewhat like the beta was but is much more refined and clean.  I also see that it uses a touch less than Windows XP does on a fresh install to this computer.  To me, that is wonderful.  On the fresh install, it only requires me to install 3 drivers which is better than Vista and XP combined!

Overall, I would recommend Windows 7 to anyone who can get their hands on a release copy and hates Vista.  I would consider it stable enough to use for every day work and it has caused no harm to me.  Although I have only been on 7 for a mere 5 days, I already like it a lot more than I ever liked XP and its a massive improvement over the failure called Vista.

First, I have a fairly simple environment set up for my backup.  I have a Linux backup server running samba sitting in Seattle (mthsweb2).  This server has the Windows IP white listed so that only my Windows server can connect to it to map a network share.  For those of you who don’t know what samba is, samba is a daemon in Linux that will allow Windows to naively connect to a Linux server for file sharing.  Samba is a very simple solution for mapping a network drive to Linux in Windows without needing any specialized software such as sftpdrive (not called something else).

I want to connect Windows to Linux so I mapped a network drive on the Windows server (and I made sure reconnect at login was checked).  I logged in using the proper credentials and saved them to my Windows user account.  I then proceeded to setup NTBackup (the Windows server backup utility).  Configuring NTBackup was quite simple, a few next’s and a couple of checks on my exchange server information, system state, and a few very important directories that hold onto ssl certificates for the server.  Naturally, the backup ran fine while I was logged in.  The problem was, when I was logged off the server, the backup failed because the network drive wasn’t there.

After some research, I found an easy way to solve this via batch scripting.  I could schedule a task in Windows that would run the batch script which would map the network drive for my system and execute NTBackup.  Below is the script  (you will need to customize the bold parts as described below):

—————————————————–
@echo off

net use z: serverbackup /persistent:yes

C:WINDOWSsystem32ntbackup.exe backup “@C:Documents and SettingsadminLocal SettingsApplication DataMicrosoftWindows NTNTBackupdatad.bks” /a /d “Set created 7/10/2009 at 1:49 PM” /v:no /r:no /rs:no /hc:off /m normal /j “d” /l:s /f “C:Documents and SettingsadminMy DocumentsBackup.bkf”

net use z: /d /y

exit
———————————————————

Now that we have a script, what do we put in place of the bold remarks?  Server should be the IP Address of your remote file server.  This can either be a Linux server running samba or a Windows File Server.  Either method will require that you open up a range of file sharing ports on your firewall, I tend to just whitelist the ip of the server doing the backup from the backup server’s firewall.  If you are curious of the ports, I believe you need TCP ports 135-139 open for Windows file sharing to work, but there may be more.    The bolded backup is the path from the file sharing server to where you want to store your backup.

To get the other bolded part, you will need to login to Windows and map a network drive under the letter you used in the script (Z in this case).  Once the drive is mapped, make sure you save your login credidentials.  Now goto the system backup utility in start>programs>accessories>system.  Select your desired backup files and when you get to the location selection screen, make sure you save to the network drive letter you created.  Then when you get to the finish screen, click advanced.  Do a normal backup appending to existing backups (or whatever you desire).  Schedule the job for later (try a few days or a week later).  You will need to type in your username / password up to 4 times until you get past this screen to the finish screen.   Once done configuring your backup, goto start>programs>accessories>system -> scheduled tasks.  Double click the backup you made and you should see something like the blurb in the batch script above.  You will need to copy this entire line and paste it into this batch script.  After you have this line successfully saved into your script, you should disconnect the drive letter from my computer by right clicking the drive and selecting disconnect.

Now take the entire composed batch script and paste it into a new notepad document.  Now goto file > save as on notepad and save it to a file like backup.bat in the c drive or someplace where it will be easily findable.

Now you can go back to the scheduled tasks, remove that backup job (its not needed anymore) and remove it from the recycle bin.  Now create a new scheduled task.  This time select the bat script you made and schedule it as needed.  Its a fairly simple set of on screen instructions to follow.  Once this task is scheduled you’re all set.

If you wish to test the batch script before making it a scheduled task, simply click on it and your backup should run perfectly.

Thats all there is to it.  This was a 5 minute fix for me and I no longer have to worry about finding a third party solution to making stable backups of my operating system.  In addition to this backup method, you might want to look into running a mirror where 2 drives copy each other live.  This will also prevent against data loss provided there isn’t any danger in the server room such as fire or water damage.

Over the past week, I got a new server to host Microsoft Exchange which is a powerful email server from Microsoft.  Before you go all crazy on Microsoft (I know I typically do), Exchange is one of the few excellent products they make.  I am actually very hard pressed to find anything that compares to it that is open source and can easily run on Linux which 99% of  my hosting business up until now has ran off from.  Man, I never thought that I would say that

So the first logical question is, why move your email to exchange?  As you know, I’ve had 1and1 mailxchange now for quite some time.  I really wanted a solution that would sync my calendar, contacts, tasks, files, and email to every device I use on a daily basis.  Mailxchange was that solution but there are many problems. First the web client is very slow,  sure its flashy, but it takes 5 minutes to load on my connection (that is fairly fast).  I don’t have the time to wait on this client to load.  The next problem is it needs custom software to connect to Outlook and Mobile Devices, I’m not into installing “connectors” to software when it has functionality built in with other products.  Perhaps one of my biggest problems is the level of support I’ve gotten from 1and1.  My mail has gone down on a few occasions and I’ve been unable to easily send a support ticket in asking what is wrong.  I’m not even sure if 1and1 backs up my email and I have no method of backup, so I’m kind of stuck if they go down or don’t back up the server.  Its kind of scary actually since I save all of my email.

So about 2 weeks ago, I started talking to a few friends.  I know that I get a free msdn copy of Microsoft Exchange 2003 and Server 2003 from my University.  I figured if I could find a few friends who were interested in small mailboxes on exchange, I could cover the cost for the hardware to host my copies of this software.  I figured that I could host 4 people and handle a server that costs $25 a month from 3dgwebhosting which I’ve had in the past and they run excellent hosting on Windows server 2003.  They cover the license cost, so I’d only be covering exchange.  The downfall was I would only have 10GB to work with which isn’t a lot for email and backups.  Because of this, I looked for alternate hosting.  I decided that if I could find xen hosting, xen would support Windows.

About this time when I was looking, I knew that http://fsckvps.com who is a child company of vaserv in England hosted xen vps machines.  I went to that site to look up their support email and found out about the horrible hypervm owner hanging and they were down.  Anxious to get this hosting off the ground, I began looking at alternate places for hosting.  Shortly after, I found good reviews on other blogs of a new hosting company called Elite Data Hosting.  I contacted them about a 10mbps plan to host exchange on and they got an account for me on a xen vps using my server key.  I’m basically paying $15 a month for ~325MB of ram and 30GB of hard disk space.  The server is a high end server and I have had no complaints.  They even took the time to install Windows for me from my disk!

Elite Data Hosting is good news for me because I now can have my 2 guaranteed friends and myself have a guaranteed 5GB of space for files / mailboxes a piece.  It will also be very easy to automate backups of these mailboxes.  We all split the $5 a month cost for the server so I’m basically paying what I would be paying 1and1 but I control my backups and have a better piece of mind.

So now I started the daunting task of setting up the Exchange server. Normally with Microsoft products, it takes about 5 seconds and about 10 clicks of the next button to install software and another 3 minutes to say configure this software to do this.  By that point, everything normally works flawlessly (except for the occasional crashes of Microsoft Windows).  On linux, there is always a lot of configuration, but linux always works without the crashes and instability.  Perhaps this is the way to tell what is good and bad???

To get back to Exchange, I must say, this is the hardest piece of software I have ever had to install on both Linux and Windows.  Part of the reason is the way Exchange relies on existing Server 2003 infustructure to improve itself.  I’m not so sure if I’d rely on a Windows Server operating system, but I really have no choice with Exchange.  Exchange requires Active Directory among other server features to run correctly and the prerequisite list is a nightmare to get through in less than 5 hours if you ask me.  I started with a clean server a week from last Tuesday and didn’t get Exchange running until about Monday and I had 8 hours a day into it at the very least.  I will take part of the blame for not knowing what I was doing past Active Directory configuration, but Exchange was no day at the beach to figure out.  I also had a lot of errors that I spent hours reading about to find simple fixes.  Finally after all of the struggle, I got exchange fully working to the point where I wanted it about 2 days ago. During my struggle, I posted a lot about my solutions on Admin Reference which is my site where I post solutions to all of my problems.  I picture it as another *free* experts exchange but more tutorial based than question based.  Maybe some day it will do a little of both   That is my goal anyways!

One side note that I should add is, when I first loaded Outlook Web Access, I got a crappy looking interface.  I found out quickly that Exchange only supports Internet Explorer in its premium interface (the one that looks nice and loads quick).  Sadly, this is the only reason why I have opened Internet Explorer, and I have found that Firefox can open an IE tab, so I’ve began using that.  I will also likely find a solution when I migrate completely to Linux (my next upcoming project).

So now that Exchange works, what was so difficult? Most of my difficulty was from I never managed an exchange server in the past, and I couldn’t find any decent documentation on how to do it. That is why I posted a lot to Admin Reference unlike I normally would.  My biggest issue was the domain errors which were caused by firewalls and figuring out how to get Outlook Web Access and Outlook Mobile Access working with SSL encryption.  I also was not prepared to spend money on an SSL certificate (required by exchange) and provide antivirus / spam scanning to the server.  I was under the impression that spam/virus protection was built in, but it isn’t, and the freeware gfi version is no longer free.  I figured out how to migrate linux spamassassin to the server and that is adequate for spam protection

One last question that I should cover is why didn’t I go with Exchange 2007?  I will admit that Exchange 2007 is very nice software, but there are a few problems:

• My first issue would be, Exchange 2007 is really bloated.  If you compare the 2003 to 2007 installation disks, the 2003 install disk is about 300MB, the 2007 version is closer to 1.7GB.  That is a huge difference, one that I’m not willing to upgrade for.
• My next issue is due to the bloat, I would need a much powerful server.  I could upgrade to the 600MB RAM server plan with a 50GB hard disk or so for 30 dollars a month, but then I would have to start hosting more mailboxes than I’d want to to cover the costs, and I’m not really into that idea.  I might upgrade for 2003 if people are interested and it won’t take too many server resources or hurt my rigged spam fighting solution, but that is a decision that I’d rather not make now since it works perfectly as is!
• My final issue is, newer software normally sucks.  I always wait for at least Service Pack 1 (2 if possible) until I start using a product mainstream.  Exchange 2003 is at SP2 while Exchange 2007 is at SP1.  With other Microsoft software, I’ve found that when I compare a fresh install of Server 2003 to Server 2008: Microsoft Server 2003 with a GUI (Graphical User Interface or your windows desktop) uses 400MB on a new install, while the Microsoft Server 2008 Core Edition (no desktop, strictly command line to reduce bloat) uses 800MB on a new install with nothing configured.  This is a huge jump and I have a feeling that Exchange 2003-2007 will be very similar (the requirements for 2003 is 256MB of ram, 2007: 2GB of ram).  BIG DIFFERENCE, huh!

All in all, I figure I am paying about $200 bucks total for my new email solution, but my friends really do help cut the cost down to where I can happily afford it.  I still have 1 slot open but have a feeling that will be closed before long.  For a private email server, I consider it an excellent learning experience, and a good way to get some good content on Admin Reference! Hopefully you got some helpful tips out of this.

One final note:  I’d like to put a plug out there to any other system admins.  If you are like me, you are always running into new problems that don’t have easy solutions.  Why not take a few minutes when you find the answer and post it to Admin Reference?  Maybe someday you will look back on it (I know I have) and say thats how to fix it!  Someday when it gets a little more material, I plan on integrating the forum into a wiki that is easily searachable for solutions to problems.

Prior to last October (2008), I have solved a wide array of problems consisting of Apache malfunctions and complete Server Hard Drive failures requiring data recovery, to simply having to unblock a person’s ip address from the firewall because they tried to login to the server incorrectly too many times.  I never really messed a server up so badly that I couldn’t undo what I attempted to fix in the first place.

The biggest problem that I have ever had up until October 2008 was with an email server’s outgoing email queue.  All email that was sent from this server would always be refused by other popular mail servers on the internet due to it not having the correct configuration.  I never did figure out that error, and instead I changed the software that manages the email server from LXAdmin to CPanel.  This fixed the problem, I never did understand why the server wouldn’t send, but CPanel fixed my mail problems and so many other problems that I sort of fixed on LXAdmin but didn’t really have a long term solution for.

Now that I have blabbed on enough about my experience, lets get to this blunder (I’m sure I’ve posted about it elsewhere, but I don’t recall putting it here).  In October, Justin, a good friend who runs AmpHosted came to me (this wasn’t the first time incase you are wondering) asking about some sort of tiny problem that he was somewhat unsure of how to fix, but he had the right idea and I confirmed it.  He also asked me how to free up space on the linux /var directory since his was getting pretty full.  I’m not sure how the conversation went anymore, however I know that there were a few possible solutions.

My first goal was to free up enough space so that the /var partition wouldn’t overflow and risk crashing the server.  Server crashes can be costly, and Justin was in no mood to lose money as a president of a strengthening hosting company.  So I began googling to figure out what log files were safe to delete.  I know that linux has a lot of log files that cannot be deleted safely, and I was finding these so I would know not to delete them.

My second goal was to have this partition expanded from free space on the other partitions so that the problem would have a more permanent solution (which did happen in November).

I then noticed that one of the mysql directories was using most of the space.  I quickly did a google search and read that it was safe to delete a mysql log directory.  Unfortunate for me, I only saw what I wanted to see, and didn’t read the article thoroughly.  Needless to say, I wiped out the /var/lib/mysql directory from his server, effectively freeing up a lot of disk space on the /var partition, and also wiping out the mysql server and all of the database files. On top of this, when I began looking for the backup files to quickly restore the databases within an hour, I found out quickly that some of the backups were corrupt and others non existant.  After restoring most of the server, one client lost a month of data and I felt horrible!

Since then, my admin buddies still push that blunder in my face.  I’m not entirely sure why because I still feel sorry for Justin.  I have also started taking the time to read what is safe to remove and not so I don’t accidently do something that bad again.  A mistake like that could have costed me my job or a pay cut if I was working directly for a big time hosting company, even if I did have 10 to 15 years of experience.

Since then, when it comes to matthouse and my own hosting company, or when I’m helping Justin, I always make sure to double check that I’m right before I proceed.  I know that I’m now slower, but I also have made changes to my procedures to make them more safe, sacraficing speed in my repairs.

I feel that I should write this blog for 2 reasons, 1. to make it known that I DO make mistakes and I’m not perfect, and also, I hope that anyone who reads this blog will make sure to check twice before doing an operation that is not reversable (at least easily).

I will be taking a system administration course next semester which is linux based with a FreeBSD pioneer teaching that course.   The final reason why I wrote this was to say how good of an Admin I consider myself now, so that after that course, I can re-rate myself and hopefully talk about a lot of my experiences in that class.

One final note, I’m still working on adminreference.com, and I will probably start posting more recent knowledge that I’ve acquired in the near future after this final week of college classes and work.