One-Box Servers

Before I get started this week, I need to make a correction to the August 28 Exchange & Outlook UPDATE. In that week's Commentary, I mentioned a script for automatically configuring RPC-over-HTTP; that script isn't yet downloadable. Microsoft is working to make RPC-over-HTTP easier to configure and plans to have a better solution in early 2004. I don't yet know what form that solution will take, but rest assured I'll let you know when I find out. Now on with the show.

Can small organizations productively use Exchange Server? My answer is "Yes," but you must find a balance between Exchange's productivity features (e.g., calendaring, group scheduling, resource booking, Web-based email access, public folders) and Exchange's resource requirements (e.g., hardware requirements, dependence on Active Directory--AD). Microsoft Small Business Server (SBS) offers an all-in-one product that includes Exchange, but the product limits you to a maximum of 50 or 75 mailboxes (depending on which version you buy). Many organizations that are too big to use SMS--say, a company with 200 mailboxes--have considered building a relatively small "one-box" server that's powerful enough to host all the company's mailboxes and also act as a domain controller (DC). Many larger Exchange organizations that want to power individual regional or branch offices have also considered such a combination, which provides good email and logon performance (even though most such organizations would get off cheaper by using Exchange Server 2003 and Outlook 2003's cached mode to consolidate sites).

Microsoft has never encouraged putting Exchange on a DC, but the company's attitude is beginning to change a bit with Exchange 2003 and Windows Server 2003. The company's support boundaries do have limits, however--and I'll add a few of my own.

- Know how to perform disaster recovery. Exchange disaster recovery can be complicated, but with study and practice you can master the complexities. AD disaster recovery adds its own set of complications and restrictions, and you'd best understand them before committing your production email database to an AD server.

- Have reasonable performance expectations. For light loads, you probably won't notice a performance difference on a one-box setup compared to running Exchange alone on the same hardware. For heavier loads, you'll notice a difference, although its magnitude is difficult to calculate in advance. Remember that AD uses transaction logging too, so try to put the Exchange logs, AD logs, and Exchange databases on separate disk sets whenever possible.

- Be careful with your hardware. In particular, remember that Exchange 2003 clusters aren't supported on DCs. In the same vein, don't use the /3GB switch; if you do, Exchange might end up stealing memory from Windows, leading to drastic performance reductions. Remember that the one-box server must also be a Global Catalog (GC) server. If the server fails for some reason, Exchange won't fail over to using another GC. Outlook clients, however, can still find another GC if one exists.

- Secure things appropriately. One good reason for separating your DC and Exchange servers is that compromising one doesn't make it any easier to compromise the other. You lose this advantage by putting the DC and Exchange on the same box. In addition, remember that if Exchange administrators can log on to the local console, they might be able to escalate their privileges to gain domain administrator access. This situation is unlikely but worth thinking about all the same.

After you set up the DC/GC, installing Exchange is perfectly straightforward, with no special steps or requirements. One quirk you'll notice is that shutting down the server (as opposed to pulling out the power cord) takes an extremely long time because one of the first services to shut down is lsass.exe, which DSAccess tries to contact as it shuts down. Because DSAccess can't find that service, it will time out and try again, leading to an 8- to 10-minute shutdown cycle. To avoid this problem, manually stop the Exchange System Attendant when you shut down the machine; the following command does the trick:

net stop msexchangesa /y

One-box configurations aren't for everyone, but for small organizations or those using a branch-office topology, Microsoft's support for this design is terrific news. Still, proceed with caution.