Alberto Ortega’s Blog

Say you have planned your AD Forest topology and Exchange Server 2003 deploy carefull. You have executed forestprep and domainprep on each corresponding PDC, but there is no way that the Information Store service get started.

Check your Event Log and seek for the first Exchnage Server related error that is being logged. If the error being logged looks something like this:

"Process MAD.EXE (PID=524). All Global Catalog Servers in use are not responding:
pdc.mydomain.ad"

You have already realize that your Exchnage Server cannot contact the Global Caltalog Server. This can happen if you have installed Exchange 2003 on a child domain that is not marked as a Global Catalog.

In theory this shouldn´t happen, just one GC on the Forest should be enough for the Exchange Server to startup. But DSAccess does not use any domain controller that does not have permissions to read the SACL on the nTSecurityDescriptor attribute in the domain controller. In orther words, if that permission is not granted on the GC Server, that GC is unusable by the Exchange Server. The domainprep process is responsible for adding the SACL right to the GC domain controller (but for some reason this didn´t happen on my forest).

Since there are no GC’s in the child domain, there is nothing for the System Attendant to talk to and therefore won’t start.

The solution is to make the child domain a GC as well. Now your Exchange Server will be able to find a Global Catalog to talk to and the problem is gone.

Related Links: http://support.microsoft.com/kb/316300

You can prevent certain users to send internet based eMail, by restricting them to open an outgoing SMTP Connection.

This delivery restrictions relies upon an SMTP Connector. The most common configuration for your SMTP Connector to allow outgoing mail is:

SMTP Connector:

General: Use DNS to route each address space on this connector

Delivery Restrictions:
       By default, messages from everyone are: Accepted

Address:
Type: SMTP
Address: *
Cost: 1

Now if you want to restrict some specific domain user to send outgoing mail you could add a Delivery Restriction by following this steps:

1. Open you SMTP Connector properties.

2. Click on the “Delivery Restrictions” tab, and add the restricted user to the “Reject messages from” section.

This should work great, but for performance issues SMTP Connectors Delivery Restrictions are disabled by default. This is the tricky part of the process,  restriction checking is controlled by a registry key that must be set on the Exchange bridgehead that is the source for the connector that is being checked. If you specify a restriction, but do not create the registry key, the restriction is not checked.

To enable restriction checking follow the following steps:

1.Start Registry Editor (Regedt32.exe).

2.Locate and click the following registry key:

HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Resvc/Parameters/

3.On the Edit menu, click Add Value, and then add the following registry value:

Value Name: CheckConnectorRestrictions
Data Type: REG_DWORD
Radix: Hexadecimal
Value: 1

4.Quit Registry Editor.

5.Restart the Microsoft Exchange Routing Engine service and the Simple Mail Transfer Protocol (SMTP) services for this change to take effect.

Links:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q277872

http://www.msexchange.org/tutorials/MF009.html