I'm also looking for some help, if anything at all can be done without
reinstalling everything from scratch.
First of all, the scenario: this big customer is an Italian government
agency where I was sent by my company as an external consultant, and where
lots of people manage things they don't have any clue at all about (and I'm
not talking only about computers here). There are about 600 users in the
main office here in Rome, together with a hundred servers (literally), a lot
of whose nobody is actually sure about what they're here for; there also
about 100 peripheral offices around the world, which usually have only a few
users and a local do-it-all server; the main office and the others are
connected via some VPNs.
The situation is almost hopeless: the network is *quite* confused and
definitely undersized, with even lots of 10 mbit hubs around; the desktop
computers are... well... not exactly top-of-the-line: the standard
configuration includes a P2-350 with 64 MB of RAM; the servers are simply
scary: you *can't* run a critical Exchange which stores top managers'
mailboxes on a box which has 256 MB of RAM and normally uses 370.
This was for the hardware; the software side is even worse: all those
machines run NT 4.0, with only some new desktops having Windows XP, and
every single server is also NT; Exchange, where it's used, is of course the
infamous 5.5 version. And yes, I know NT is Old, and Bad, and Ugly, and also
Unsupported (which is the worst of the four), but they're definitely *not*
going to do any migration until Windows 2042 comes out, so they'll have to
stick with it.
My only luck in this story is, I don't have to re-organize this chaos and
make it work; I'm only there to solve some specific problems, and the
current one is what I was talking about in this post's title.
Some guy who probably was more suited for farming than systems
administration decided to implement e-mail for the peripheral offices, and
Exchange (or any analogous server-side software) wasn't take into any
consideration due to various reasons (like "I don't want to pay for it" or
"I love when a desktop's disk crashes and the user loses every message
together with his documents which of course weren't stored on a file server
in the first place"); I don't know what was chosen in regard to receiving
e-mails, but the plan for sending them is to have every user connecting his
mail client to the local server, which will then relay it to a main mail
gateway in the central office, which will (hopefully) send it to the outside
world; I'm not commenting on this, other than remarking that the sites are
linked via VPNs, so every mail will have to jump around the Internet at
least a couple of times before reaching its recipient; the main gateway
server will also be very happy.
Anyway, this was planned before I got there, so I can't change anything
about it; my role is to find a way to configure about 100 NT 4.0 servers to
properly relay Internet-bound e-mail to the main office.
To be more exact, this is not my role, since the configuration checklist was
already prepared; my real role is to find how to resurrect some of these
servers that are in conditions, well, critical.
The main problem is: these servers are of the do-it-all kind, so they're
domain controllers for the local office's domain, they host some application
back-ends, some of them also run Oracle DBs, and all of them have some
version of IIS, on top of which sits the corporate antivirus package they're
running; the reason I wrote "some version of IIS" will soon be clear enough.
The goal of this project would be to properly configure the SMTP component
of IIS, installing it where it isn't installed; but there are basically
three states in which these servers can be.
Some of them, due to excessive luck, actually *have* the SMTP component
installed and able to run when configured and started; these are simple, and
I'll leave them alone, hoping they'll survive long enough to relay some
messages before reaching the Big Domain Controller In The Skies.
On some of them, Something That Shouldn't Happen actually happened: somebody
whose systems administration skills are roughly comparable to those of an
amoeba, a long time ago, installed Exchange for reasons which are now lost
in the fog of time, and then decided he didn't need it anymore, so proceeded
...no, the period isn't ending with "properly uninstall it".
It ends with "disable those services which looked Exchange-related,
physically remove some of the program files and databases and deleting
random Registry keys without having any clue at all about what he was
doing". If he had fired at the servers with a BFG 9000 he would have done
less harm to them.
Now, normally my opinion on Exchange 5.5 can be summarized as "a big load of
crap" (as opposed to, say, Exchange 2000/2003 which I consider good
products), but I know Microsoft managed to sell lots of copies of it, so
maybe it *is* good for something else than putting the installation media in
a microwave oven and watching the fireworks. Howewer, ripping its
installations away surely *isn't* the right way to use it, so something got
really, really screwed up in those poor servers, and that wasn't Exchange's
Obviously, the IIS SMTP service is not installed there, and it also refuses
to install, since it detects the mortal spoils of the dead Exchange and
states that, ah, it isn't going to run there if you don't remove Exchange
before; but you obviously *can't* remove Exchange, since it isn't no longer
there, and also can't reinstall it, since it's (partly) still there and its
own setup won't be able to run properly; so, while Exchange lies in this
sort of limbo screaming in search of its revenge, having the server relay
any kind of e-mail is definitely impossible.
Now, let's digress from this frightening topic and talk about the other
status in which one of those servers can be found; and finally, here the
"some version of IIS" part will come back to haunt your dreams.
On some of those servers (where, incidentally, the above mentioned Exchange
catastrophe can *also* have happened, making a not-so-small number of them
good candidates for euthanasia), IIS is not installed. Its place was taken
by its stripped-down version, the Personal Web Server 4.0. Now, there is
something really, *really* weird about this, since PWS comes with the
Workstation version of NT's Option Pack, as opposed to the Server version
which contains the "real" IIS; and the Option Pack for NT Worstation is
actually installed on those servers, even if *this program is not allowed
there*, and its setup refuses to install it saying "this is NT Server, use
the Server Option Pack instead of this one". I've tried this on a server in
a test lab for all the afternoon, with no results other than a great urge to
do some experiments with torture devices on whoever is responsible for this.
After having somewhat retrieved interior peace, I was quite ready to
uninstall PWS (which, of course, doesn't have the SMTP component that now is
needed) and replace it with IIS, when the antivirus problem arose. That
software relies *heavily* on IIS, so heavily in fact that uninstalling IIS
will lead to having to re-install it, losing all the informations about its
clients in the process. Unless, of course, one can manage to replace PWS
with IIS while mantaining exactly the same web site configuration in terms
of permissions, virtual directories, file types and so on.
Oh, and did I say that *no one* of those servers can be reinstalled from
scratch, since all of them have some valuable data and/or are running some
programs which have been working for years, and nobody remembers anything
about how (or, for what it matters, why) they work and how to install them?
Ok, let's get to some conclusions here.
I need a way to:
1) Finally putting an end to Exchange's sufferings where its tormented soul
still resides altough it lost (parts of) its body. I.E. I need to properly
and totally remove it, its services and its Registry keys, in order to be
able to install IIS's SMTP where it's needed.
2) Replace the infamous PWS 4.0 with the a-little-less-infamous IIS 4.0
without losing the antivirus web site's configuration.
3) (Optional) Send a legion of very bad-tempered demons hunting the
(sub)human being(s) who managed to unleash such chaos, in the hope they'll
never be able to do it again.
Hope to get some help from you, and thanks for reading this post until the
You don't need help from this forum, your company needs to propose a
full and complete system refresh. If my company had an Italian
subsidiary then I'd have them look at bidding.
You don't even want to go near the problem because the second you do,
you'll be responsible for supporting it, warts and all.
Scope the work.
Document the issues.
Agree the next scope.
Work with the customer to construct an Invitation to Tender or an RFI
(request for information) which is a pre-tender document.
Win the tender.
Design a replacement solution, fully costed with timeframes and
If they don't want to do it properly then run away. It's too big a job
to muck about with
"Mark Arnold [MVP]" <ma...@mvps.org> wrote in message
You can look for alternate(3rd party) SMTP servers/relays, maybe sourceforge has something that could help you, i'll see what i can dig up.
How about recommending them a monster sized firewall, like Astaro Secure Linux(www.astaro.com) that has a full feldged mail relay server inside(i think the cost for unlimited users is around 5000u$s) for a large site, it could cost less, and you can remove whatever the hell does the VPN/internet sharing
"Mark Arnold [MVP]" <ma...@mvps.org> wrote in message news:8987815qfl9ab7ofu...@4ax.com...
> Nice, real nice.
> I see this all the time and I just thank God I do. Every one helped
> means one less worry about my mortgage.
> You don't need help from this forum, your company needs to propose a
> full and complete system refresh. If my company had an Italian
> subsidiary then I'd have them look at bidding.
That would be good, but they're not looking for this; they don't want to
change anything, don't want to renew anything and (the root of it all) don't
want to spend any money; they of course don't understand how much more
they're spending in supporting old systems instead of replacing them, but
that's typical of governement structures :-(
> You don't even want to go near the problem because the second you do,
> you'll be responsible for supporting it, warts and all.
> Scope the work.
> Document the issues.
> Agree the next scope.
> Work with the customer to construct an Invitation to Tender or an RFI
> (request for information) which is a pre-tender document.
> Win the tender.
> Design a replacement solution, fully costed with timeframes and
> refresh plans.
They're not looking for this; they're only hiring some sysadmins from
external companies (because, of course, they don't bother building an
internal I.T. team) and throwing them into bizarre projects like this,
without even considering the need for a full reorganization.
> If they don't want to do it properly then run away. It's too big a job
> to muck about with
Luckily, this time I only need to assess the situation and suggest how to
"do it" (if it at all can be done); so I won't have to support anything, I
won't even be there when they'll finally decide what to do and finally try
to do it.
Anyway, I can't touch any systems outside the scope I described... so, it's
useless to complain about the whole mess.
>What mark says makes sense, but... but!, it seems that noone
>gives a rat's ass about the state of things(otherwise, it wouldn't
>have evolved into such monster) and the "total change proposal"
>will go into the trash can.
That's perfectly correct.
>You can look for alternate(3rd party) SMTP servers/relays,
>maybe sourceforge has something that could help you, i'll see
>what i can dig up.
>How about recommending them a monster sized firewall, like
>Astaro Secure Linux(www.astaro.com) that has a full feldged
>mail relay server inside(i think the cost for unlimited users is
>around 5000u$s) for a large site, it could cost less, and you
>can remove whatever the hell does the VPN/internet sharing
Again, I'm not in the position for making such a proposal; someone (who, as
I already said, doesn't have any clue) already planned everything without
even knowing if it was at all possible... and then they hired external
technical people to actually implement their (bad) dreams.
So, I'm basically in the position of saying "you can do this and this" or
"it's totally impossible"; I already expressed my toughts on the subject,
and, of course, nobody cared.
So, any techinal suggestions?
Jorge Patricio Díaz Guzmán
"Massimo" <bar...@mclink.it> escribió en el mensaje
i haven't tested them myself, but maybe you can test them in your lab for the particular task of relaying mail.
letme know if they worked
"Massimo" <bar...@mclink.it> wrote in message news:d609i0$595$1...@newsreader1.mclink.it...
Remove All Leaves Exchange Keys In Registry
XADM: Best Practices for Removing an Exchange 5.5 Site from the Organization
XADM: Remove All Does Not Remove Setup Key in Registry
XADM: Remove All Does Not Remove Everything
It's impossible to loose the antivirus web site configuration changing the
PWS (who was the genious who did that?) to IIS, this is your biggest problem
The very bad-tempered demons sad to me that they are not necessary, this
people are bad enought with the human being.
Good luck and if you have more questions, please, rply to this thread.
"Massimo" <bar...@mclink.it> escribió en el mensaje
>Massimo, i've found a couple sourceforge projects that can
>be of use to you:
>i haven't tested them myself, but maybe you can test them
>in your lab for the particular task of relaying mail.
Thank you very much, but as I said I'm not in the position to suggest any
project change; they'll have to use IIS's SMTP, and that's all :-(
Back to the main question: is there any way to fully back-up a PWS
configuration and restore it inside IIS? Something like newer IIS's metabase
I'll exorcise the dreadful Exchange spirit myself ;-) but I'd really like
some help with this PWS thing.
And, about this: got any ideas abut how could anyone manage to get PWS
installed on NT Server? I can't even replicate this in the lab to do some
tests, it simply refuses to install. Maybe the installed one is another
PWS's version than the one in the Option Pack?
> First of all you have to remove the Exchange 5.5 tottaly. I don't know if
> you have the CD to unninstall this, but I will send a set of links that
> will help you:
> How to manually remove Exchange Server 5.5 completely
> Remove All Leaves Exchange Keys In Registry
> XADM: Best Practices for Removing an Exchange 5.5 Site from the
> XADM: Remove All Does Not Remove Setup Key in Registry
> XADM: Remove All Does Not Remove Everything
Thanks, I'll have a look at them; I had already planned a KB search for
tomorrow, you saved me some time :-)
> It's impossible to loose the antivirus web site configuration changing the
> PWS (who was the genious who did that?) to IIS, this is your biggest
> problem at now.
Yes, I know; I'd also like to know who the genius was, and also how could he
do it, since PWS doesn't work on NT Server... I can't even reproduce this in
the lab for testing purposes!
> If you have more questions, please reply, I'll be glad to help you to
> leave this nightmare
The first question is rather simple: it seems like PWS can't be installed on
Windows NT Server, but it's there. The NT Option Pack came in two versions,
one for Server and one for Workstation; the Server one included lots of
things, and amongst them there was the full IIS 4.0; the Workstation version
included less things, and between them there was PWS, the stripped-down
version of IIS. I've tried installing the Option Pack for NT Workstation
onto NT Server, and it doesn't install: an error box pops up saying I should
use the Server version. So, it seems like the Workstation Option Pack can't
actually be installed on NT Server... yet, it's installed and working on at
least 10 servers (maybe 20), where its PWS is running. How can this be?
The second question is how to back-up a PWS configuration and restore it in
IIS; I know there are plenty of utilities for backing up IIS's metabase and
configuration, so I'd like to know if some of them are compatible with PWS
(which, basically, is the same IIS with some restrictions added) and if
there is any tool that can be used to export and re-import these
configurations without having to manually re-create them (or reinstall the
> Maybe it was a workstation with the PWS installed, and they then
> upgraded to server ??? just a thought
Tought about it, too; but they're running the Italian language version of NT
Workstation, so a direct upgrade to NT Server would be quite problematic,
Besided, as absolutely clueless as they ae, I don't think even they could
have done *this*... :-/
You can use a tool like metaedit or metabase explorer to do a dump
export/import of metabase settings, but you cannot do the import in-bulk
(otherwise, you'd be able to simply copy the old metabase.bin, uninstall
PWS/reinstall IIS4, and copy the old metabase.bin back). This is because
various keys in the metabase are encrypted using the machine's key, and this
changes between reinstallations of IIS. So if you reinstall IIS, you have to
selectively hand-import the old settings.
Hopefully, there's only a couple of applications/vdirs/websites on the
server, so this doesn't take that long. Reinstalling IIS shouldn't touch
filesystem ACLs, and if the AntiVirus doesn't have any other dependencies
(like some secret/corrupt value inside the metabase that disappears on the
reinstall), it should hopefully work.
IIS 6 Resource Kit (I believe many of the tools should work on NT4):
This posting is provided "AS IS" with no warranties, and confers no rights.
> Maybe it was a workstation with the PWS installed, and they then
> upgraded to server ??? just a thought
Tried even this, in the test lab. After upgrading it doesn't work anymore,
and also the Option Pack setup complains about being the workstation
It works perfectly on the said servers, both PWS and the Option Pack
setup... yet, it's the Workstation one.
>A long time ago, I remember PWS was a stand-alone free download on its own.
> I had installed it on Win9x "client" machines just fine, without involving
> the NT Option Pack. A possible install sequence to get PWS on NT4 would be
> if the machine first it started as a Win9x machine, then had this
> stand-alone PWS installed, and later upgraded to NT4 Workstation. That
> upgrade path would preserve PWS; I know this because it is one of the XP
> upgrade cases that we walked through for setup testing -- Win98 with PWS
> NT4 Workstation to XP Pro with IIS 5.1. I believe there is also a
> upgrade path between NT4 Client and NT4 Server so maybe that's how they
> PWS on NT4 Server.
That was my tought, too, but (as I said in another post) I tried it in the
test lab, and after upgrading to NT Server PWS doesn't work anymore and the
Option Pack setup, when launched, states it's the wrong version and doesn't
even start, either. But it works perfectly on the servers, and it most
definitely is the Option Pack in the Workstation version, not a stand-alone
PWS: the Option Pack setup it's there, runs perfectly and it's the
Workstation version, i.e. doesn't have any of the components specific to the
Besides, all of the servers are PDCs, so I'm 99,9% sure they were installed
as servers in the first place, as opposed to being upgrade installs.
That's absolutely weird.
> You can use a tool like metaedit or metabase explorer to do a dump
> export/import of metabase settings, but you cannot do the import in-bulk
> (otherwise, you'd be able to simply copy the old metabase.bin, uninstall
> PWS/reinstall IIS4, and copy the old metabase.bin back). This is because
> various keys in the metabase are encrypted using the machine's key, and
> changes between reinstallations of IIS. So if you reinstall IIS, you have
> selectively hand-import the old settings.
> Hopefully, there's only a couple of applications/vdirs/websites on the
> server, so this doesn't take that long. Reinstalling IIS shouldn't touch
> filesystem ACLs, and if the AntiVirus doesn't have any other dependencies
> (like some secret/corrupt value inside the metabase that disappears on the
> reinstall), it should hopefully work.
Yes', that'll probably be the route they'll follow.
Anyway, it's not my problem anymore... I finished studying it and presented
my assessment of the situation today, then went away (sighing in relief, of
course); now it's in their hands.
Thanks to all of you for any help :-)