Category: Computers and Internet

Installing Exchange Server 2010 begins with installing and preparing the operating system.  Exchange Server 2010 can be installed only on Windows Server 2008 Standard Edition or Enterprise Edition.  If you plan on trying out database availability groups and mailbox database copies, you will need to use the Enterprise Edition of Windows Server 2008.Installing Exchange Server 2010 begins with installing and preparing the operating system.  Exchange Server 2010 can be installed only on Windows Server 2008 Standard Edition or Enterprise Edition.  If you plan on trying out database availability groups and mailbox database copies, you will need to use the Enterprise Edition of Windows Server 2008.
Once the operating system has been installed, several pre-requisites must be installed. 
Operating system components, including RSAT-ADDS (needed on server that will perform schema updates), Web-Server, Web-Metabase, Web-Lgcy-Mgmt-Console, Web-ISAPI-Ext, NET-HTTP-Activation, Web-Basic-Auth, Web-Digest-Auth, Web-Windows-Auth, Web-Dyn-Compression, RPC-over-HTTP-proxy, Web-Net-Ext and Net-Framework.  You can install all of these components at one time (e.g., for the Mailbox, Client Access and/or Hub Transport Server roles) by running the following command:

ServerManagerCmd -i RSAT-ADDS Web-Server Web-Metabase Web-Lgcy-Mgmt-Console Web-ISAPI-Ext NET-HTTP-Activation Web-Basic-Auth Web-Digest-Auth Web-Windows-Auth Web-Dyn-Compression RPC-over-HTTP-proxy Web-Net-Ext -Restart


You might have noticed that Failover-Clustering is not listed as a pre-requisite. There is a feature in Exchange Server 2010 called a database availability group that does use Windows failover clustering technologies. However, thanks to another Exchange Server 2010 feature called incremental deployment, you no longer install failover clustering before installing Exchange.  If you decide to use a database availability group, you simply create one, and then add Mailbox servers to it. When you add a Mailbox server to a DAG, we install the Windows failover clustering feature and automatically create a cluster for you. So while you do need to have Exchange installed on an operating system that supports Windows failover clustering, you do not install the failover clustering feature manually, or ahead of time, and you don’t manually create a cluster. It makes deploying highly available mailbox databases quick and easy.

Exchange Server 2010 also supports installing the above pre-requisites by using an Answer File with ServerManagerCmd, and answer files are included in the \AMD64\Scripts folder.  To use them, you run ServerManagerCmd -ip <Name of File>.  For example:

ServerManagerCmd -ip Exchange-CAS.XML

I recommend that you don’t use the XML Answer Files for Exchange-Typical or Exchange-MBX as is, because in the Beta build it mistakenly includs the Failover-Clustering feature, which does not need to be installed before Exchange is installed.  This is a remnant from the Answer Files we had in Exchange 2007 that we’ve since removed.

Next, are the software pre-requisites, which include:

I’ll start by launching Setup.exe from the AMD64 folder.  This launches the Exchange 2010 splash screen:

As you can see, the Exchange 2010 splash screen is very similar to the one we had in Exchange 2007.  Any needed pre-requisites which are detected, are greyed out, indicating they have been installed, and that you can proceed to the next step.  In this case, I can proceed directly to Step 4: Install Microsoft Exchange.

I click that link and it launches the GUI version of Exchange Setup, beginning with a file copy process, and the initialization of Setup.



Immediately, you might notice some differences from Exchange Server 2007.  First, the Custom Exchange Server Installation option no longer lists any clustered mailbox server roles.  That’s because clustered mailbox servers don’t exist in Exchange Server 2010.  Exchange 2010 includes a new feature called Incremental Deployment.  This feature enables to you configure high availability and site resilience for your mailbox database after Exchange has been installed.

Second, the default path for the Exchange Server installation is new and different. If I choose Custom Exchange Server Installation, the Server Role Selection page appears:

If I choose Typical Exchange Server Installation instead of Custom Exchange Server Installation and click Next, or once I’ve completed the Custom Exchange Server Installation choices and clicked Next, the Exchange Organization page appears:

If the Exchange organization uses Outlook 2003 or earlier, or Microsoft Entourage, then a public folder database is needed so that those clients can access system data, such as Free/Busy information. In that case, you would select Yes on this page.  Since my organization does not use Outlook 2003 or earlier, or Entourage, I can leave the default setting of No and click Next.

The Customer Experience Improvement Program (CEIP) page appears:





Live Meeting

Attend a Live Meeting with
the certification planners for
a live review of the Windows
Server 2008 certification
roadmaps and a chance to
ask questions about your
individual path. Register for:



April 23, 2008 at 7:30 A.M. Pacific Time (What time is this in my region?)



April 23, 2008 at 5:00 P.M. Pacific Time (What time is this in my region?)

As of today, these two Windows Server 2008 MCITP exams are available in English for registration worldwide:

  • Exam 70-646 PRO: Windows Server 2008, Server Administrator
  • Exam 70-647 PRO: Windows Server 2008, Enterprise Administrator

These exams, along with the Microsoft Certified Technology Specialist (MCTS) exams that released last month, make it possible for you to verify your deep technical skills and job-role expertise as an MCITP: Server Administrator or MCITP: Enterprise Administrator on Windows Server 2008.

Microsoft Patches Flaw That Could Trigger Worm Attack

Microsoft has fixed a critical flaw in the Windows operating system that could be used by criminals to create a self-copying computer worm attack.

The software vendor released its first set of patches for 2008 on Tuesday, fixing a pair of networking flaws in the Windows kernel. Microsoft also released a second update for a less-serious Windows flaw that would allow attackers to steal passwords or run Windows software with elevated privileges.

The critical bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft says that an attacker could send specially crafted packets to a victim’s machine, which could then allow the attacker to run unauthorized code on a system.

Security experts say that there is no known code that exploits this flaw, but now that the patch has been posted, hackers can reverse-engineer the fix and develop their own attack code.

Because IGMP is enabled in Windows XP and Vista by default, this bug could be used to create a self-copying worm attack, Microsoft said Tuesday.

"Theoretically this is wormable and that’s why this is rated critical," said Tim Rains, security response communications lead with Microsoft. However, Microsoft does not believe that hackers will have an easy time developing attack code that will work reliably. "We’ve done a thorough analysis of the vulnerability and we’ve come to the conclusion that there are several technical mitigating factors that make it unlikely to get reliable remote code execution," Rains said.
What Windows Uses Protocol For

Windows uses the IGMP protocol for many popular consumer applications such as streaming video, multiplayer games and universal plug-and-play, but the protocol is usually blocked at the router. A derivative of IGMP, MLD is the multicast protocol used by IPv6 systems and is enabled on Vista by default

"If it became a worm it could take over an internal network pretty quickly, or at least all the machines where multicast is enabled," said Eric Schultze, chief technology officer with Shavlik Technologies. "But this one is going to be mitigated because a lot of people have blocked multicast."
Other Patches

The critical MS08-001 update that fixes this flaw also patches a second, less-serious bug in the Windows networking stack that could be leveraged to launch a denial of service attack against a Windows system. This vulnerability lies in the Internet Control Message Protocol Router Discovery Protocol (ICMP RDP) which is used by Windows to find out how to communicate with the network. Because this capability is not turned on by default, Microsoft considers this to be merely an "important" bug.

Microsoft’s other Tuesday update, MS08-002, fixes an elevation of privilege flaw in the Windows Local Security Authority Subsystem Service (LSASS), used to manage account credentials in Windows.

This flaw could be exploited by attackers to steal passwords or run their code with a higher level of privilege on Windows, said Schultze. "The primary concern is Johnny who is a user becoming Johnny admin," he said. But if attackers were to combine an attack that exploited this flaw with another exploit that would allow them to run code on the system, then "that could become a critical issue," he said.

New findings by researchers at the Georgia Institute of Technology and Google on a malicious DNS-related attack have stirred some debate over whether open recursive DNS servers are inherently insecure.

DNS servers basically translate domain names, like, into IP addresses so that computers can find one another. Recursive DNS servers respond to DNS lookup requests from any machine on the Internet. The researchers found an increase in corrupted DNS servers that send clients to malicious sites, and concluded that the large number of open recursive DNS servers on the Net could ultimately be compromised and used as part of a malicious DNS infrastructure that routes users to phishing sites and other bad places.

But David Ulevitch, CEO of OpenDNS, which offers a free open recursive DNS service, says the report is flawed because it points the finger only at open recursive DNS servers. (Closed recursive servers are only accessible to users on a specific network.) "The data they collected may have been accurate, but their interpretations of it are as far off base as you can get," Ulevitch says. "They drew the conclusions that open recursive names servers on the Net are enabling a new form of phishing. That’s wrong."

Ulevitch argues that some DNS name servers on the Net indeed do get compromised and provide malicious results to users. But it’s not just the open recursive DNS servers: "All they [the researchers] were able to test were the open ones," Ulevitch says. "[But] being open has nothing to do with being compromised. Any name server can be compromised."

The new form of DNS threat is dubbed "DNS resolution path corruption" by the researchers: David Dagon, Chris Lee, and Wenke Lee of Georgia Tech and Google’s Niels Provos. They will present their findings in February at the Network and Distributed System Security Symposium (NDSS) in San Diego.

The researchers found somewhere around 17 million open-recursive DNS servers on the Net, and discovered that about .4 percent, or 68,000 of them, are performing malicious operations by answering DNS queries with false information that sends them to malicious sites. About 2 percent are returning suspicious results, they reported.

But even legitimate open recursive servers can sometimes appear to be acting unusually or maliciously, security experts say.

One such example is OpenDNS’s servers, which correct fat-fingering mistakes from sending a user to a typo-squatter’s site as well as block unwanted sites. "The problem is that they [the researchers] are referring to those changes in DNS responses as malicious. We are blocking adult and phishing sites," OpenDNS’s Ulevitch says.

In this type of attack, the client machine first would get infected via a tainted Website or by clicking on a malicious attachment that runs an exploit, according to the researchers. The user’s machine would then be directed to visit the bad guy’s DNS server, and the attacker could direct the victim to some correct Websites so as not to arouse suspicion, as well as phishing sites, for instance.

Such an attack could help a botmaster consolidate his bot assets more easily and quietly, says Bill Guerry, vice president of product management for Damballa, the company Dagon and Wenke co-founded. Guerry noted that the new research is not Damballa’s, but that of the Georgia Tech and Google researchers.

"All of this is very real," says Paul Parisi, CTO for, which has filed for a patent for a new technology that could help detect online fraud before it actually occurs by checking a user’s DNS settings
They [the researchers] are basically saying that by a bot or some other means, a user’s DNS settings get changed," he says.’s new technology would detect that a user’s DNS settings had been changed, and alert him, Parisi says.

Meanwhile, misconfigured Internet-facing DNS servers are a common problem. A recent survey conducted by DNS vendor Infoblox and The Measurement Factory found that organizations aren’t properly configuring their DNS servers for security. Recursive queries and zone transfers — two features that can be exploited by an attacker — are allowed by more than half of the servers and 31 percent, respectively.