How to recover an Exchange Database after a Raid HDD failure

Last night I had one hard drive on the raid 5 array die. The hot spare took over and the array is currently rebuilding. Unfortunately the exchange databases and log files reside on that array and the e00.log file is corrupt. I ran integrity checks on both priv1 and pub1 databases and they are ok.

To solve this the following steps have to be done:

In this situation I would first take a copy of everything in your mdbdata folder as it is now. Once that’s done and confirmed you can move on. Have you confirmed the current state of the datbases via eseutil /mh.
i.e. eseutil /mh “c:program filesexchsrvrpriv1.edb”
If this shows the database as clean shutdown state then all the log files should have been committed to the database so you should be able to MOVE all the E00*.log files and mount that database. As I said before keep a copy of these just in case DON’T delete ANYTHING.
If the database state is dirty shutdown then you can try to rename the last E00*.log file back to E00.log and then try to mount the database.
http://support.microsoft.com/?kbid=896143.

Searching on the internet i found a post on Daniel Petri :

An internal processing error has occurred. Try restarting the Exchange System Manager or the Microsoft Exchange Information Store service, or both. ID no: c1041724

In the Application event log, you may also receive following events.

Event Type: Error
Event Source: ESE98
Event Category: Logging/Recovery
Event ID: 455
Date: 3/18/2001
Time: 5:14:22 PM
User: N/A
Computer: SERVER1
Description: Information Store (2376) Error -1811 (0xfffff8ed) occurred while opening log file D:exchsrvrMDBDATAE000xxx.log.

Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 9518
Date: 3/18/2001
Time: 5:14:22 PM
User: N/A
Computer: SERVER1
Description: Error Current log file missing starting Storage Group /DC=COM/DC=COMPANY/CN=CONFIGURATION/CN=SERVICES/CN=MICROSOFT EXCHANGE/CN=MICROSOFT/CN=ADMINISTRATIVE GROUPS/CN=FIRST ADMINISTRATIVE GROUP/CN=SERVERS/CN=SERVER1/CN=INFORMATIONSTORE/CN=FIRST STORAGE GROUP on the Microsoft Exchange Information Store.

There might be a few reasons for these errors:

• You might be running an Anti-Virus program on the Exchange server and that program might not be properly configured. Read article KB245822 for more info on how to properly configure your Anti-Virus software on a computer running Exchange server.
• If the Anti-Virus Quarantine option is enabled on the Exchange server and the anti-virus is not configured according to article KB245822.
• If your Anti-Virus software is configured to scan x:Program FilesexchsrvrMDBDATA it might think that the “E00.log “ contains a virus, or that the file itself is the virus, therefore it will automatically quarantine the E00.log and cause the Exchange services to crash.

In order to solve these errors you might want to consider the following options:

Resolution

1. Stop all exchange services.
2. Configure your Anti-Virus program according to article KB245822.
3. Save your current log files that are usually located on x:Program FilesexchsrvrMDBDATAExxxxxxx.Log to a temporary folder.
4. Delete all *.log files in the  x:Program FilesexchsrvrMDBDATA.
5. Check that the folder “(x:Program FilesexchsrvrMDBDATA)” only contains the following files:

e00.chk

res1.log

res2.log

If not, move all extra files to a temporary folder.

1. Start all Exchange Services and mount the Information Store service.

If the above procedure did not work, you might have a problem in the Exchange Database and you will need to try to resolve it by following option number two.

If the above procedure did not work, you might have a problem in the Exchange Database and you will need to refer to article KB313184.

3 tips for building an effective email security awareness program

What’s the weakest link in your email security? Your firewall? Your anti-virus software? The operating systems on your users’ computers? How about the users themselves?

Over the last decade great strides have been made in securing systems against attacks by cyber miscreants. We’ve gone from the Golden Age of Hacking–where few computers had firewalls, multiple operating system services were turned on and patching was haphazard at best–to an era where firewalls are turned on by default, services are kept to a minimum, memory locations are protected and patching procedures have been standardized.

At the turn of the century, if you took a computer out of the box and connected it to the Internet, it would be compromised in a matter of hours. Take a computer running Windows 7 out of the box today, marry it with cyberspace and that computer may never be hacked. That’s because, according to Lance Spitzner, director of the SANS Institute’s Securing the Human Program, “by default, the firewall is on, it is running few if any services, and it is using a variety of new and enhanced memory protection mechanisms.”

“In addition,” he added, “Microsoft has invested tremendously in a robust Security Development Life Cycle (SDLC).

According to Microsoft, SDLC “encompasses the addition of a series of security-focused activities and deliverables to each of the phases of Microsoft’s software development process.”

“These activities and deliverables include the development of threat models during software design, the use of static analysis code-scanning tools during implementation, and the conduct of code reviews and security testing during a focused ’security push,’” it explained.

“Before software subject to the SDL can be released, it must undergo a Final Security Review by a team independent from its development group,” it added, “When compared to software that has not been subject to the SDL, software that has undergone the SDL has experienced a significantly reduced rate of external discovery of security vulnerabilities.”

Despite that progress, however, nary a day passes without news of some new malware infection spreading through organizations everywhere or some new botware enslaving millions of computers to perform malicious mischief on its behalf. Why is that so? According to Spitzner, an internationally recognized leader in the field of cyber threat research, training and awareness, it’s because we expose computers to the weakest link in the security chain–people.

“Once people start interacting with a computer, its risk exposure is exponentially increased,” Spitzner asserted.  “Humans read email, click on links, download files and open file attachments. People, not technology, are the weakest link–and attackers know it.”

He cited one study by a security firm that found that 90 percent of today’s malware requires some form of human interaction to work.

The chief way to strengthen the human link in your security chain is to make employees more aware of the security risks they pose to a computing environment. Spitzner, writing for SearchSecurity.com, offered these tips for designing an effective awareness program for an organization.

1. Design your program for your audience. A program designed for full-time employees may not be suitable for other types of workers who have access to your system–for instance, part-time employees, telecommuters and contractors–or even your customers, if they have access to your system for ordering and account management. “It is often these non-employee resources that have employee-like access that can be the greatest risk,” Spitzner wrote. In addition, it sometimes makes sense to further tailor an awareness program to specific groups within your organization, such as management people or IT staff.
2. Sell your program. Sure, participation in a program can be mandated, but just because an employee’s butt is in a seat doesn’t mean his or her mind is in the room. “Nothing is more boring to employees than having to sit through hours of training, and being told what they can and cannot do for the benefit of the company,” Spitzner wrote. “The key to success is not to focus on the organization, but to focus on how employees benefit.”
   “About 70 percent to 80 percent of any security awareness program not only applies to the organization, but applies to an employee’s personal life,” he added. “Most of the same technologies, such as email, instant messaging, mobile phones and laptops, are used in both environments.”
3. Make your program digestible. “Have your security team go through the risks in your environment and identify what you feel are the greatest, and prioritize those,” Spitzner recommended. “By focusing on no more then 10-12 topics, you will have a far more effective awareness program.”

Tips for Safe Computing ? Microsoft Small Business Centre

Tips for Safe Computing ? Microsoft Small Business Centre

Ensure you have the latest updates. Install updates and security patches on all servers, desktop and laptop PCs.

To get the latest updates for your Windows operating system, software and hardware, go to Microsoft Update (U.S.). It scans your computer to determine which updates you need and then you can download any or all of them.

To improve the security and stability of your Microsoft Office software, go to Office Update (U.S.) and follow the Check for Updates link.

If you use Windows XP Professional, there is an even easier way to get updates. Simply activate the Automatic Updates feature, which allows your PC to automatically notify you of important updates once they are made available.

Reduce the risk of viruses. There are numerous things you can do to protect your computer and your network against viruses. Using anti-virus software and keeping it current is the first step, but there are other things you can do:

Use the default security settings in Office 2003, which is the most secure version of Office released to date

Visit the Office Update (U.S.) site for the latest updates and patches

Never open suspicious e-mail messages or file attachments; take advantage of the state-of-the-art junk mail filter in Outlook 2003 to send suspicious messages directly to your Junk E-mail Folder

Use Windows Security Centre to manage your settings. Get a clear picture of the security settings on your PC using the single, unified view provided in the Windows Security Centre. Adjust them as necessary to the level of protection you are comfortable with. The settings that guard your PC are automatically applied to files and content delivered via the internet, helping safeguard confidential business data.

Encrypt sensitive information on your laptop. If you travel on business and use a laptop that runs Windows 2000 Professional or Windows XP Professional, guard against data theft. Use the Encrypted File System (EFS) to encrypt sensitive files and folders. If the laptop is stolen, your files and folders are protected because only those with a special decryption key can access the encrypted files.

Download internet files from trusted sources only. If you’re unsure if the files you want to download are safe, consider downloading them to a disk separate from your hard drive, such as a CD or floppy. Then you can scan the files with your virus scanner.

Use password encryption to protect Office files. Improved encryption technology has strengthened password security in Word 2003 and Excel 2003 and extends password encryption to PowerPoint 2003. Look under the Tools menu in each of these three programs to activate password protection. This is an effective way to restrict access to confidential business information.

Clean your hard drive before you discard a PC. If you’re getting a new PC or notebook and your old one is being discarded, be sure to remove any sensitive business or personal information before you let it go. This doesn’t mean simply deleting files and emptying your Recycle Bin. Your options include reformatting the hard drive or acquiring software that wipes it clean.

Use a firewall. If your company uses always-on broadband to connect to the internet, install a firewall as a basic line of defence against outside intruders. There are two basic types: 1) a software firewall such as the Microsoft Internet Connection Firewall that’s included in Windows XP Professional protects the machine it runs on, and 2) a hardware firewall that blocks all traffic between the internet and your entire network except for traffic from senders who are specifically trusted.

Never surf the web from a server. As the command centre for your entire network, a server typically stores critical business information. If your server is compromised, it puts all of that data as well as your entire network at risk.

Be smart about passwords. Always use strong passwords that are at least eight characters long and a combination of lower and upper case letters, numbers and symbols. Don’t use the same password repeatedly and make it a point to change your passwords frequently. If you have trouble remembering passwords, consider using a pass-phrase, which you can do in Windows 2000 and Windows XP. A pass-phrase might be something like “I had pizza for lunch Tuesday.”

For more tips on safe computing visit Microsoft SMB guide for pc workplace users .

GT Kimberly is an ardent follower of IT Software News. He is a regular reader of news happenings of Big Companies like , etc..