UC Unleashed

In an article I wrote earlier this year (“Installing the Exchange 2007 prerequisites on Windows Server 2008“) at Daniel Petri’s site, I showed how to use the XML files created by the product group to quickly and painlessly install the Exchange Server 2007 prerequisites on Windows Server 2008. For the most part, those work fine. But, if you’re installing multiple CAS servers, and going to load balance them using Windows Network Load Balancing (NLB) feature, you still need to manually install the NLB feature.

This can be done by either opening Server Manager, going to Features, and installing the NLB feature, or opening a command prompt and typing

ServerManagerCmd -i NLB

Since the whole idea behind the XML files was to automate the process, this wasn’t the cleanest way of doing it. Also, one of the best ways to test Hub Transport functionality is via telnet, which isn’t installed by default in Windows Server 2008. Telnet can also be manually installed via Server Manager or

ServerManagerCmd -i telnet-client

A common implementation practice is to install the Hub Transport and Client Access roles together, and then load balance CAS, as well as some hub traffic. That being the case, why not streamline the prerequiste process to include NLB and telnet? Now you can.

Open Exchange-CAS.xml, and scroll to the bottom. Right under

<Feature Id="RPC-OVER-HTTP-proxy" />

paste the following:

<!-- Install Network Load Balancing and telnet client as mentioned at https://www.ucunleashed.com/111 -->
<Feature Id="NLB" />
<Feature Id="Telnet-Client" />

Save the file as Exchange-NLBCAS.xml. Just like the others, you can call the file via servermanagercmd.exe using

ServerManagerCmd -ip Exchange-NLBCAS.xml

to install the prerequisites. Check the original article mentioned above for more info on how to use the XML files.

Enjoy!

Microsoft has released the following update rollup for Exchange Server 2007:

• Update Rollup 4 for Exchange Server 2007 SP1 (952580)

If you’re running Exchange Server 2007 SP1, you need to apply Update Rollup 4 for Exchange 2007 SP1 to address the security issues listed below.

Remember, you only need to download the latest update for the version of Exchange that you’re running. RTM updates can’t be installed on SP1 and vice versa.

Rollup 4 for Exchange Server 2007 SP1 supersedes the following:

1. 945684 Update Rollup 1 for Exchange Server 2007 Service Pack 1
2. 948016 Update Rollup 2 for Exchange Server 2007 Service Pack 1
3. 949870 Update Rollup 3 for Exchange Server 2007 Service Pack 1

Here is a list of the fixes included in rollup 4:

1. 942649 Description of the commands that support the UseRusServer option that is imported in Update Rollup 4 for Exchange Server 2007 Service Pack 1
2. 944831 You cannot configure Exchange Server 2007 so that the simple display name appears in outgoing messages
3. 945854 A meeting reminder is still active when you configure Outlook to send no reminders to an Exchange Server 2007 user
4. 945870 TAB symbols may be converted incorrectly to spaces in Exchange Server 2007
5. 948896 Certificates that contain wildcard characters may not work correctly on an Exchange 2007 Service Pack 1-based server
6. 948897 An attachment incorrectly appears as the body of the e-mail message in an Exchange Server 2007 environment
7. 948923 Users do not receive information in DSN messages in Exchange Server 2007 with Service Pack 1
8. 949512 An embedded message is removed from the attachment list on Exchange Server 2007 if the embedded message subject ends with .com, .exe, or any other blocked extension
9. 949782 An In-Policy request that is forwarded to delegate appears as an Out-Of-Policy request if a user submits an In-Policy meeting request against a room mailbox of Exchange Server 2007
10. 949858 The provisioning process is unsuccessful when you use Identity Lifecycle Manager (ILM) 2007 to provision user objects to an Exchange Server 2007 resource forest
11. 949926 Error when you use an IMAP4 client or a POP3 client to log on to a delegate mailbox of Exchange Server 2007: “800cccd1”
12. 950076 After you move a mailbox from Exchange Server 2003 to Exchange Server 2007 Service Pack 1, you cannot edit rules in Outlook Web Access
13. 950081 Error message when users use an SMTP client to send e-mail messages in Exchange Server 2007 Service Pack 1: “454 4.7.0 Temporary authentication failure”
14. 950138 You are prompted for your credentials three times and you receive an error message when you use the Outlook Anywhere feature to connect to an Exchange Server 2007 Service Pack 1-based server that is running Windows Server 2008
15. 950198 You can enable AfterConversion snapshot for all messages if pipeline tracing and Content Conversion Tracing are enabled
16. 950235 The IMAP4 or POP3 worker process may stop responding on an Exchange 2007 CAS role when you use an IMAP4 client or a POP3 client to connect the Exchange 2007 CAS role to your mailbox
17. 950409 The reminder is triggered earlier than expected when an Exchange Server 2007 server receives an iCalendar meeting request message over an SMTP server
18. 950622 Messages are converted to a very small font size in Outlook Web Access and in Outlook 2003 when you use Exchange Server 2007
19. 950976 Event ID 115 may be logged intermittently on a computer that is running Exchange Server 2007 with Service Pack 1
20. 951067 Event ID 7034 may be logged in the Application log in Exchange Server 2007 when an MAPI application tries to access a mailbox in a certain way
21. 951156 The message body of appointments is garbled after you use a mobile device to synchronize appointments that were created in Outlook Web Access on Exchange 2007
22. 951251 A MAPI application does not work correctly if Exchange 2007 is installed on a Windows Server 2008 server
23. 951594 The W3svc log reports the incorrect number of attachments on an Exchange Server 2007 server that has deployed Exchange ActiveSync Service (EAS)
24. 951747 An error occurs when you use the Export-mailbox or Restore-mailbox command to migrate certain mailboxes on Exchange Server 2007: “error code -1056749164”
25. 951864 Some users must enter their credentials when they access rights-protected messages even though you have deployed the Rights Management Services (RMS) prelicensing agent on an Exchange Server 2007 Service Pack 1-based server
26. 952152 The Autodiscover service for ActiveSync in an Exchange 2007 environment does not work for users in sites that do not have the ExternalURL property set
27. 952250 You encounter a long delay for each mailbox when you run the “Move-Mailbox” or “Set-Mailbox” command on an Exchange Server 2007 computer
28. 952682 Log file drives on the SCR target may eventually fill up and cause replication failure in Exchange Server 2007 Service Pack 1
29. 952924 Error message when Exchange users try to access public folders that are hosted on Exchange Server 2003 by using Outlook Web Access for Exchange Server 2007: “Outlook Web Access is unable to open public folders”
30. 953312 The “Open Message In Conflict” button is not available in the conflict notification message for Exchange Server 2007 users
31. 954058 You can change the method for transfer encoding after you apply Update Rollup 5 for Exchange Server 2007 Service Pack 1
32. 954205 Event ID 1113 is logged in the Application log on a Unified Messaging (UM) server when users contact the UM server by using secured connections
33. 954237 The IMAP service crashes intermittently on Exchange 2007, and Event ID 5000 is logged
34. 955208 Event ID 5000 occurs when the Exchange IMAP4 worker process crashes intermittently in Exchange Server 2007
35. 956775 CopyItem and MoveItem Operations in Exchange Web Services can return the Item ID after you install Update Rollup 4 for Exchange Server 2007 Service Pack 1
36. 957133 Description of improvements in functionality that occur in Exchange Web Services operations after you install Update Rollup 4 for Exchange Server 2007 Service Pack 1

Download the rollup here.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

I’ve updated the Set-AllVDirs.ps1 script that streamlines the process of setting the virtual directory paths for various web services including Offline Address Book, AutoDiscover, Unified Messaging, and Exchange Web Services. If you’re using a single name certificate in place of a Subject Alternative Name certificate, this script walks you through the process of changing each of the URLs.

See the script at The Exchange 2007 Wiki page here.

True to their word of releasing their official support statement within 60 days of the RTM of Hyper-V, Microsoft released their official statement and a press release.

Microsoft says they’ll support Exchange on virtualization platforms that have been validated through their Microsoft Server Virtualization Validation Program (SVVP). Shortly after this release, some noticed that the other big player, VMWare, was not in the program. But shortly after, Microsoft said VMware has now signed on to the SVVP program. Microsoft is certainly excited to add VMware to the program, recognizing the value this provides to Microsoft customers.

This announcement has been long awaited. Many companies have either gone ahead and virtualized Exchange (generally on VMWare), or held off while waiting for the statement from Microsoft.

I suspect now that we’ll see a large transition to 2007, now that this barrier has been dealt with.

Of course we all know by now how powerful PowerShell is. “It slices, it dices, it makes julienne fries, whatever those are!” to quote Ron Popeil

One of the cool things with PowerShell is that you can call some external programs. While waiting for some hardware to arrive on a project, I was scripting the setup of a two node Single Copy Cluster (SCC) install of Exchange 2007. One thing you want to do with an Exchange SCC cluster in 2007 is assign dependencies for resources. Say you have a mailbox database called “First Storage Group/Mailbox Database”, and it resides on the cluster resource called “Disk S:”. Well, when the cluster starts up, it should wait for “Disk S:” to be online before trying to bring the “First Storage Group/Mailbox Database” resource online. It only makes sense, right?

Back to my project. So I’m able to script the creation of the storage groups using something like

New-StorageGroup SG1 -SystemFolderPath G:\SG1 -LogFolderPath K:\SG1

from there, I create a new database

New-MailboxDatabase -Name DB1 -StorageGroup SG1 -EdbFilePath G:\SG1

I set some configuration on the new database

get-mailbox | set-mailboxdatabase -DeletedItemRetention 14.00:00:00 -MailboxRetention 30.00:00:00 -IssueWarningQuota unlimited -ProhibitSendQuota unlimited -ProhibitSendReceiveQuota unlimited -PublicFolderDatabase "Second Storage Group\Public Folders" -RetainDeletedItemsUntilBackup:$true -MountAtStartup$true

Life is good. Now, I need to assign the cluster dependencies for the new database resource. But first, the database needs to be unmounted to assign the dependency. So, we precede the cluster command with:

get-mailboxdatabase | dismount-database

Then we can do the dependencies. From a command prompt,

Cluster cluster1 res "SG1/DB1 (MbxCluster1)" /AddDep:"Disk S:"

would work beautifully. It would assign the “Disk S:” cluster resource as a dependency for the new database. But PowerShell wouldn’t accept that syntax, telling me

“Too many command line parameters have been specified for this operation…”

Seems PowerShell doesn’t like the special characters there, and they need to be escaped with a back tick (on an English keyboard, that’s the key to the left of the “1”). After some noodling around, and the help of Ross and Scott, this seems to work:

Cluster cluster1 res ` "SG2`/DB3 `(MbxCluster1`) `" `/adddep: `"Disk S: `"

Not the cleanest of lines, but I’m able to keep everything within a single PowerShell script. Normally, I would have given up and just manually done the dependency configuration, except that this project will involve dozens of databases, and, like many engineers, I’m lazy. Plus, I should know this limitation for the future, as it streamlines the setup of the cluster.

We can now mount the databases with

get-mailboxdatabase | mount-database

I use those broad commands to essentially handle all of the databases, since the script sets them all up at the same time.

Note: I know, we should not have databases with no quota limits on them. But this is a GroupWise to Exchange 2007 migration. So I leave them unlimited till the migration is complete (to avoid migration problems), and then I’ll clamp them down for safety.

As you can see, we can essentially setup all of the SGs and DBs, and assign the cluster config all from within PowerShell. If you’re looking for a great book on PowerShell for Exchange 2007, check out Professional Windows PowerShell for Exchange Server 2007 Service Pack 1 @ Amazon.com. It’s an easy read, but quite informative.

Microsoft has released the following update rollups for Exchange Server 2007:

• Update Rollup 3 for Exchange Server 2007 SP1 (KB 949870)
• Update Rollup 7 for Exchange Server 2007 RTM (KB 953469)

The above update rollups will also be released to Microsoft update, but there is no ETA at this time.

Fixes for security issue

A security issue has been identified in Exchange Server 2007 as documented in http://www.microsoft.com/technet/security/bulletin/MS08-039.mspx.

If you’re running Exchange Server 2007 RTM, you need to apply Update Rollup 7 for Exchange 2007 RTM to address the security issue.

If you’re running Exchange Server 2007 SP1, you need to apply Update Rollup 3 for Exchange 2007 SP1 to address the security issue.

Remember, you only need to download the latest update for the version of Exchange that you’re running. RTM updates can’t be installed on SP1 and vice versa.

Update: Here is a list of the fixes included in rollup 3:

1. 937436 Error message when an Exchange 2007-based user sends a meeting request to a resource that is located in a Lotus Domino resource reservation database: “Error autoprocessing message“
2. 941770 How to disable the “Sent by Microsoft Exchange Server 2007” branding sentence in an Exchange Server 2007 DSN message
3. 945453 You cannot log on to Outlook Web Access in an Exchange Server 2007 environment, and you receive an error message: “HTTP Error 403.4“
4. 947573 It takes a long time for the Exchange Management Console to load in an Exchange Server 2007 organization that was deployed in a multiple-domain environment
5. 949206 The e-mail address of a contact does not appear in the Outlook Address Book after you use Exchange Web Services to edit the contact in Exchange Server 2007 with Service Pack 1
6. 949549 Error message when you import a .pst file by running the Import-Mailbox cmdlet in Exchange Server 2007: “Unable to make connection to the server“
7. 949778 The icons that represent TIFF attachments may not be shown correctly if the e-mail message is viewed by using Outlook Web Access 2007 in an Exchange Server 2007 environment
8. 950153 A storage group may not mount after you move the resources from the active node to the passive node while the backup is in progress in Exchange Server 2007
9. 950674 Web services sends meeting request information that has an incorrect time if a delegate modifies an appointment in an Exchange Server 2007 environment
10. 951263 The heading of the “State” column is translated incorrectly in the German version of the Exchange Management Console in Exchange Server 2007
11. 951293 Error message when you enter logon credentials after an Outlook Web Access session times out in Exchange Server 2007: “Server Error in ‘/ExchWeb/bin’ Application“
12. 953539 The W3wp.exe process may intermittently stop responding, and event ID 1000 is logged in Exchange Server 2007 Service Pack 1
13. 950120 You cannot control the behavior of attachments on mobile devices by using the ActiveSync policy in Exchange Server 2007 Service Pack 1
14. 951094 You cannot run the New-X400AuthoritativeDomain cmdlet successfully in an Exchange Server 2007 environment if an X.400 address contains a space character
15. 953747 MS08-039: Vulnerabilities in Outlook Web Access for Exchange Server could allow elevation of privilege
16. 950930 You cannot resolve a sender name or a recipient name when the name belongs to an alternative domain tree in Exchange Server 2007
17. 950758 OVA announces “Unrecognized caller” in an Exchange Server 2007 environment even though Outlook and Outlook Web Access correctly resolve the caller address
18. 951563 External e-mail message senders receive an NDR when you select the Turkish language setting on a computer that is running Exchange Server 2007 Service Pack 1

Also, several people have had problems installing rollup 3. Make sure when you install it, you use an account with appropriate rights. It’s a good idea to use the account used when Exchange was installed. In some instances, if the account you’re using doesn’t have sufficient rights, the rollup might still say it installed completely, and the logs may even verify this. But it might not be the case. updateowa.ps1 needs local admin rights and at least the rights to read the AD down to the Exchange Object level. servicecontrol.ps1  needs to query the AD to discover the roles installed on the server. Reinstalling this rollup with the correct account generally resolved the problem. Thanks to Scott Schnoll for notifying us of this.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

Update 02-25-2010: The method defined below is NOT supported for UPGRADING servers, such as new service packs and rollups. This method is ONLY for NEW installations.

Note: The Service Packs and Update Rollups mentioned here are no longer current, but the process is still the same. Simply substitute the latest SP and UR packages when using this process.

One of the very slick features built into the setup routines of Exchange Server 2007 is the ability to install Exchange with service packs and rollups already applied. Microsoft has previously provided this feature in operating system installations via it’s slipstreaming process, but the Exchange 2007 method is even easier.

The Exchange Server 2007 Service Pack 1 download is a full install, so you can install Exchange directly from that download, instead of having to install Exchange first, then the service pack. This alone will save you some time. But we can shorten this up further by incorporating the latest Rollup package into the install as well.

When you look at the file structure of an Exchange 2007 RTM DVD, you see something like:

\Forefront
\Scripts
\Setup
\UM
\Updates
autorun.inf
EXCHANGESERVER.msi
relnotes.htm
Setup.com
Setup.EXE

But when you download the SP1 file and expand it, you’ll notice that the \UM and \Forefront folders don’t exist. That’s because those components are not part of the SP1 download. The SP1 Unified Messaging language packs are available as a separate download. Due to their size, I can certainly understand why Microsoft provides them as separate downloads. You can also download an updated version of Forefront including the latest service pack via a separate download. The rest of the file is a full, complete set of Exchange installation
files.

The clue here is the \Updates folder. The latest rollup, which, as of this time is Service Pack 1 Rollup 2, can be installed at the same time by placing the rollup .msp file in the \Updates folder of your installation point. By doing that, the setup routine will automatically apply the rollup as it installs Exchange.

If you’re doing unattended installations, you can also specify the directory containing updates using the /UpdatesDir switch. For more information on unattended installs, see How to Install Exchange 2007 in Unattended Mode

If you do a lot of Exchange installs, you might want to put together a full DVD by downloading the SP1 file, the rollup file, Forefront, and the UM language packs and tossing them onto a DVD or thumbdrive, recreating the original folder structure. An interesting note in that the Exchange autoplay program checks for the existence of the Forefront folder to determine if the install option should be displayed on the menu.

I also include the 32bit SP1 download so I can install the management tools on workstations, as well as the 32 and 64 bit versions of the prerequisites, .Net Framework 2.0 Service Pack 1 (32 bit)(64 bit), Management Console 3.0 (32 bit), and PowerShell. This gives me a full set of everything needed to install Exchange server, right on a thumbdrive, without having to resort to lengthy downloads.

As we can see, we don’t need to sit and watch the blue bars go by as we wait for files to download. We can speed up the time it takes to deploy Exchange.