Question for anyone using MSME 8.0 (with hotfix for ESP3) and Exchange 2010 SP3.
Our old set up was Exchange 2007 and GSE 7.0.something with patch 1 rollup 1,2 etc... Separate role boxes, CAS server, Hub Transport Server and Mailbox servers.
We had VSAPI turned on on the Mailbox servers.
New environment being built and tested.... W2008, 4.6 agent/VS8.8/MSME8.0 with hotfix for Exchange 2010 with SP3.
Now, we have "multiple role" boxes. Hub and Mailbox on the same box.
Do you still need to have VSAPI turned on?
Message was edited by: camplife on 3/5/13 10:46:10 AM CST
Actually with a combined hub/mb role server you don't need to have vsapi scanning enabled. all mail has to go through the hub role so even with vsapi scanning disabled all email will still get scanned both inbound and out. the only downside (and this is very minor) to having the vsapi turned off is that the original email will still be in the users sent items unscanned. however, if the user decides to resend the email from the sent items it will get scanned once it hits the transport agent. there is also the option to run an odscan on the mailbox stores if the need arises to clean them out due to an infection.
Thank you sir for that reply... that's exactly what I needed to know... Why don't they say that in the MSME8 guides ?
Any "best practices" yet for MSME 8 ?
you can choose between vsapi and transport scanning. VSAPI is a lighter load on the processor, but McAfee recommends transport scanning on Edge servers if I recall correctly, so if your server is doing the Hub role, I would probably use transport scanning.
Well if you have separated roles with GSE or MSME install on each - e.g edge - hub -mb
Then the config would be Transport Scan - Transport Scan - VSAPI.
Choice exists, as TLange states, on Combo HUB\MB - and if you have the Antispam Addon in the HUB\MB then its necessary to have Transport Scan enabled.
Nice catch on the AntiSpam thing. I did not know that, thanks for mentioning it. As to the best practice guide, I have not seen one for 8 yet. I have stuck to the prior version best practice guide. I don't know if that's a good idea or not.
Just thought i'd share what's learned as I've learned a lot from others here...
So we started out with VSAPI and Transport scanning enabled.... after running for a little while, we found messages getting stuck in the routing queue. One call to Platinum support and suggested turn off vsapi.... so we did. Now mail is routing with no issues.
Here is one more update... Since we did the above (disable VSAPI) we still had some stuck queues....
After discussing and troubleshooting with MS, one difference between W2008R1 and R2 is an item called tcpip chimney... it's disabled by default in R1 and "enabled" on R2. We "disabled" tcpip chimney and mail is flowing between the DB server and other MB/Hub servers.
Command to disable
c:\>netsh int tcp set global chimney=disabled