On Wed, 28 Aug 2002, John Horne wrote:
> Okay I can't resist.
Sorry, neither can I - but I have to dispell some common myths.
> We have a whole team of people looking after about 5 servers I think - I
> can point to them from where I am sitting, 5 people, a deputy manager
> and a manager. 3 Novell guys, and on the unix side - 2 exim central
> mailhubs, 11 Sun boxes and 5 linux boxes all providing central services
> - we have just me :-)
This sounds familiar - we have had more odd problems with Exchange than
other service we've ever put in. Most of which cannot be explained (being
able to read each other's mail, some people randomly not receiving mail,
mail getting randomly stuck, missing log reports, etc.).
Solving them is the usual Microsoft mechanism of uninstalling/reinstalling
the Service Pack, virus checking s/w etc. There's no explanation, no
reason, no log - just uninstall/reinstall and hope for the best.
> The cost of the Exchange boxes alone was a fortune for the University.
> They have been up and down more times than any of the other systems have
> ever been.
We've had to reboot a few times due to random problems which can't be
explained (the web client stopped working with random [totally useless]
errors - reboot and it works again). It's also been up and down more
times than a bride's nightie for the above uninstall/reinstall therapy.
These aren't crashes, but are just as bad.
> The diagnostics from Exchange, I am told, are crap...
That's right. The logs are hopeless and not even enabled by default!
> ... and the 'restore a mailbox' is pretty much impossible (something to
> do with the fact that you have to restore all the mailboxes...hmm,
> 20,000 users I don't think so).
This is the case, if you use the MS Backup program, supplied with Windows.
However, if you're doing Exchange you get Veritas or the like, which can
restore individual messages [but make sure you put the 'IgnoreBackupErrors
= dword:0000001' entry into the registry!].
> Oh, yes, the latest one, not really email related, sorry, a user forgets
> their password. It gets reset and then they have to wait up to 3 hours
> for it to be propagated to the other servers :-) I fell about laughing
> at this one.
This is your AD administrators' fault - ours is a few minutes/seconds and
can be manually triggered [we have similar delays because of NIS, anyway].
> Speaking this morning to the IT manager of another dept, I am told that
> remote working (i.e. users working from home) is also pretty much
> non-existant die to all the security problems with MS, outlook and the
> like. It has all been blocked at the firewall. Okay, that's our
> decision, but the punters aren't happy - you have security (?) or remote
> access.
We've no opened IMAP access to Exchange yet but allow the web client and
that's pretty much all they need. We certainly won't be opening the SMB
ports to our Exchange servers as they'll be effectively giving a global
door into our AD - you can (I believe - haven't this, as we haven't only
opened IMAP) just do a plain text authentication against Exchange.
> My personal opinion is to forget exchange...
This is an increasingly political decision and one becoming harder to
ignore with pressure from certain places. We installed it because of the
requirement of certain departments for shared diaries and things (the
words 'functional requirement' didn't come into the spec.).
As someone else said - Exchange is good at all the colaborative stuff and,
if it does what you want, it will do it pretty well without you having to
do anything on top.
However, for email it is overkill - unreliable, buggy, slow and
problematic (esp. if you don't have AD to begin with - we do have a big,
synchronised AD domain). I wouldn't feel happy scaling it up to the
University, as I can imagine our current problems with it (and less than
200 users) multiplying.
Also, the logs and debugging are terrible. Trying to track exactly what
happened to a message or why a particular message can't be delivered is
hopeless - you have to enable debugging for everything and pick through
(the thoroughly unhelpful) logs - no such thing as 'exim -d 4 -M ...'.
If people are going to trash Exchange - do it for the right reasons and
with the right facts [not that John had the wrong ones]. I'm not going to
stop management making [in my view] the wrong decision - but they will
listen to my opinions more if I give them a reasoned argument, rather than
'because it's by the same people that wrote Microsoft Bob'.
Anyway - back to my sailing holiday,
- Bob
--
Bob Franklin <r.c.franklin@???> +44 (0)118 378 6630
Systems and Communications, IT Services, The University of Reading, UK
Please note the new phone number from Thursday, 1st August 2002.