Exchange 2007 SP3 Rollup 13

exchange2007logo2[1]Today the Exchange Team released Rollup 13 for Exchange Server 2007 Service Pack 3 (KB2917522). This update raises Exchange 2007 version number to 8.3.348.2.

This Rollup introduces the following fix:

  • 2926397 An Edge Subscription file from an Exchange 2013 Edge Transport server is rejected by an Exchange 2007 Hub Transport server

This Rollup also adds support for using Windows Server 2012 R12 domain controllers in your Exchange 2007 SP3 RU13 environment; it does not add support for running Windows Server 2012 R2 forest or domain functional levels.

Notes:

  • When running ForeFront Protection for Exchange, make sure you disable ForeFront before installing the rollup and re-enable it afterwards, otherwise the Information Store and Transport services may not start. You can disable ForeFront using fscutility /disable and enable it using the fscutility /enable command;
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking;
  • Rollups are cumulative, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production.

You can download Exchange 2007 SP3 Rollup 13 here.

Exchange 2007 SP3 Rollup 11

exchange2007logo2[1]Today the Exchange Team released Rollup 11 for Exchange Server 2007 Service Pack 3 (KB2873746). This update raises Exchange 2007 version number to 8.3.327.1.

Here’s the list of changes included in this Rollup:

  • 2852663 The last public folder database on Exchange 2007 cannot be removed after migrating to Exchange 2013
  • 2688667 W3wp.exe consumes excessive CPU resources on Exchange Client Access servers when users open recurring calendar items in mailboxes by using OWA or EWS

In addition to these fixes, this Rollup also includes a fix for the security issue described in Microsoft Security Bulletin MS13-061.

Notes:

  • When running ForeFront Protection for Exchange, make sure you disable ForeFront before installing the rollup and re-enable it afterwards, otherwise the Information Store and Transport services may not start. You can disable ForeFront using fscutility /disable and enable it using the fscutility /enable command;
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking;
  • Rollups are cumulative, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

You can download Exchange 2007 SP3 Rollup 11 here.

Exchange 2007 SP3 Rollup 10

exchange2007logo2[1]Today the Exchange Team released Rollup 10 for Exchange Server 2007 Service Pack 3 (KB2788321). This update raises Exchange 2007 version number to 8.3.298.3.

Here’s the list of changes included in this Rollup:

  • This Rollup adds coexistence with Exchange Server 2013. However, for coexistence Exchange Server 2013 Cumulative Update 1 (CU1) is required, which hasn’t been released yet.
  • 2783779 A hidden user is still displayed in the Organization information of Address Book in OWA in an Exchange Server 2007 environment

In addition to these fixes, this Rollup also includes a fix for the security issue described in Microsoft Security Bulletin MS13-012 and new daylight saving time (DST) updates.

When running ForeFront Protection for Exchange, make sure you disable ForeFront before installing the rollup and re-enable it afterwards, otherwise the Information Store and Transport services may not start. You can disable ForeFront using fscutility /disable and enable it using the fscutility /enable command.

Note that Rollups are cumulative, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

You can download Exchange 2007 SP3 Rollup 10 here.

Caution: KB2506146 and KB2506143 (Updated)

powershellA quick word of caution on the following recently released updates:

  • KB2506143 is the WMF 3.0 update for Windows Server 2008 R2 SP1 and Windows 7 SP1;
  • KB2506146 is the WMF 3.0 update for Windows Server 2008 SP2.

These updates will install Windows Management Framework 3.0 which includes PowerShell 3.0. However, Exchange 2007 nor Exchange 2010 currently works with PowerShell 3.0 and installing these updates will render your system unusable, including workstations from where you run the Exchange Management Tools.

The related updates have been published recently as optional updates through Windows Update. However, depending on your patch management methodology (e.g. WSUS), these updates might be installed automatically (e.g. accept all).

Therefor, it is advised to block these updates from being installed on your Exchange 2007 or Exchange 2010 systems when possible; Exchange 2013 requires WMF 3.0 therefor this doesn’t apply to systems running Exchange 2013.

Note that PowerShell 3.0 compatibility is announced for Exchange 2010 SP3, which is scheduled for Q1 2013; compatibility with Exchange 2007 isn’t announced nor expected.

Credits to Exchange fellow Michael B. Smith for discovering this.

Update, December 14th, 2012: Microsoft has acknowledged the problem here.

Update, December 19th, 2012: Microsoft pulled the updates from Microsoft Update / WSUS. Note that Exchange wasn’t the only product affected; WMF 3.0 also breaks Sharepoint 2010 for instance. Needless to say, WMF 3.0 should also not be installed on systems containing Small Business Server.

Exchange 2007 SP3 Rollup 8

Today the Exchange Team released Rollup 8 for Exchange Server 2007 Service Pack 3 (KB2734323). This update raises Exchange 2007 version number to 8.3.279.3.

Here’s the list of changes included in this Rollup:

  • 2699574 Microsoft Exchange Information Store service may stop responding when you perform a search on Exchange mailboxes in an Exchange Server 2007 environment
  • 2701037 Events 4999 and 7034 are logged and the Microsoft Exchange Information Store service crashes on an Exchange Server 2007 mailbox server
  • 2730089 Microsoft Exchange Information Store service may stop responding when you perform a search on Exchange mailboxes in an Exchange Server 2007 environment
  • 2732525 Outlook keeps prompting you for credentials and incorrectly connects to an out-of-site global catalog after you install Update Rollup 6 for Exchange Server 2007 SP3.

In addition to these fixes, this Rollup also includes a fix for the WebReady security issue described in Microsoft Security Bulletin MS12-058 (KB2740358).

When running ForeFront Protection for Exchange, make sure you disable ForeFront before installing the rollup and re-enable it afterwards, otherwise the Information Store and Transport services may not start. You can disable ForeFront using fscutility /disable and enable it using the fscutility /enable command.

Note that Rollups are cumulative, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

One special note: Exchange 2007 Mainstream Support has ended; extended support will end on April 11th, 2017. Because this is another Rollup released after mainstream support ended and releasing the Exchange 2013 Preview, I assume this will become the version level required for co-existence with Exchange 2013 RTM which, according to speculation by people like Tony Redmond, is expected in November. But of course, this remains speculation.

You can download Exchange 2007 SP3 Rollup 8 here.

Exchange Setup and AD Replication Latency

When setting up Exchange, by default setup assumes the domain controller it talks to is up to date and replication is working almost instantly. Unfortunately, depending on your Active Directory configuration and replication scheme, this isn’t always guaranteed. In such cases, issues can arise of which one I would like to show below.

Note that the problem mentioned due to replication latency may also occur when running cmdlets or scripts.

A typical issue caused by replication lag is the following error which is shown when trying to install the Mailbox server role:

Active Directory operation failed on dc01.contoso.com. This error is not retriable. Additional information: The name reference is invalid.  This may be caused by replication latency between Active Directory domain controllers.  Active directory response: 000020B5: AtrErr: DSID-03152392, #1:  0: 000020B5: DSID-03152392, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 200ab (homeMTA)

In the Exchange setup log you can notice something like the following pattern (in this case setup takes place from a sub domain):

[04/18/2012 09:59:15.0328] [2] Active Directory session settings for 'Enable-Mailbox' are: View Entire Forest: 'True', Configuration Domain Controller: 'dc01.nl.contoso.com', Preferred Global Catalog: 'dc01.nl.contoso.com', Preferred Domain Controllers: '{ dc01.nl.contoso.com }' <snip> [04/18/2012 09:59:36.0945] [1] 0.  ErrorRecord: Active Directory operation failed on dc01.contoso.com. This error is not retriable. Additional information: The name reference is invalid. This may be caused by replication latency between Active Directory domain controllers.

You can see the Domain Controller used for updating Active Directory is different than the one used for checking. Assuming replication is working correctly, you have several options to get around the situation, depending on whether you’re running setup or executing a cmdlet or script:

First, when running setup, you can use the /DomainController parameter to specify a Domain Controller setup should use, e.g.:

setup.com /Mode:Install /Role:Mailbox /DomainController:dc1.contoso.com

Alternatively, when running a cmdlet or script you can configure the Domain Controller to use by using Set-ADServerSettings in conjunction with the PreferredServer parameter, e.g.

Set-ADServerSettings –PreferredServer dc.contoso.com

Of course, there’s also a 3rd option which would be to wait for replication cycle. However, this could take a while, depending on the structure and replication scheme.

Note that the (potential) problem mentioned in this blog is the reason why you should let scripts stick to the same Domain Controller after picking one or respect the Set-ADServerSettings setting, preventing potential replication issues like this.

For more information on Set-ADServerSettings, consult TechNet here.

Exchange 2007 SP3 Update Rollup 7

Today the Exchange Team released Rollup 7 for Exchange Server 2007 Service Pack 3 (KB2655203). This update raises Exchange 2007 version number to 8.3.264.0.

Here’s the list of changes included in this rollup:

  • 2617514  Old spelling rules on the Brazilian Portuguese dictionary in OWA in an Exchange Server 2007 SP3 environment
  • 2645789  MAPI_E_NOT_FOUND error when a MAPI application calls the GetProps method on an Exchange Server 2007 mailbox server
  • 2654700  Certain mailbox rules do not work automatically after you move a mailbox from an Exchange Server 2007 server to an Exchange Server 2010 server and then move it back
  • 2677583  Move operation is not completed and 100 percent of CPU resources are consumed on an Exchange Server 2007 Mailbox server
  • 2677979  MSExchangePOP3 service crashes in an Exchange Server 2007 environment
  • 2680793  Free/busy lookups between Lotus Notes and Exchange Server 2007 users stop responding
  • 2682570  Store.exe crashes on Exchange Server 2007 servers when a public folder that contains an empty PR_URL_NAME property is replicated in a mixed Exchange Server 2007 and Exchange Server 2010 environment
  • 2690628  Pre-reform spelling rules are used in the Portuguese (Portugal) dictionary in Outlook Web Access in an Exchange Server 2007 environment
  • 2694267  MSExchangeRepl.exe process crashes when Active Directory returns the LDAP_PARAM_ERROR value in an Exchange Server 2007 environment
  • 2694274  User who has the Full Access permission cannot open another user’s mailbox by using Outlook Web App in a mixed Exchange Server 2007 and Exchange Server 2010 environment
  • 2694291   The autocomplete=”off” parameter is missing in Outlook Web Access in an Exchange Server 2007 environment
  • 2696628  You receive duplicate read receipts from a user who is using an IMAP4 client in an Exchange Server 2007 environment

Note that this version will also fix the CAS-CAS proxy issue with Exchange 2010 SP1 (KB2696649).

When running ForeFront Protection for Exchange, make sure you disable ForeFront before installing the rollup and re-enable it afterwards, otherwise the Information Store and Transport services may not start. You can disable ForeFront using fscutility /disable and enable it using the fscutility /enable command.

Note that update rollups are cumulative, i.e. they contain fixes released in earlier update rollups for the same product level (RTM, SP). This means you don’t need to install previous update rollups during a fresh installation but can start with the latest rollup.

One special note: Exchange 2007 Mainstream Support has ended, making this the final standard support release. Extended support will end on April 11th, 2017.

You can download Exchange 2007 SP3 Rollup 7 here.

Exchange 2007 SP3 Update Rollup 6

Today the Exchange Team released Rollup 6 for Exchange Server 2007 Service Pack 3 (KB2608656). This update raises Exchange 2007 version number to 8.3.245.2.

Here’s the list of changes included in this rollup:

  • 2289607  The week numbers displayed in OWA do not match the week numbers displayed in Outlook for English users and French users in an Exchange Server 2007 environment
  • 2498852  “0x80041606″ error message when you perform a prefix search by using Outlook in online mode in an Exchange Server 2007 environment
  • 2499841  An arrow icon does not appear after you change the email message subject by using OWA in an Exchange Server 2007 SP3 environment
  • 2523695  A “System.ArgumentOutOfRangeException” exception occurs when you click the “Scheduling Assistant” tab in Exchange Server 2007 OWA
  • 2545080  Users in a source forest cannot view the free/busy information of mailboxes in a target forest when the cross-forest Availability service is configured between two Exchange Server 2007 forests
  • 2571391  Applications or services that depend on the Remote Registry service may stop working in an Exchange Server 2007 environment
  • 2572010  The Microsoft Exchange Information Store service may crash after you run the Test-ExchangeSearch cmdlet in an Exchange Server 2007 environment
  • 2575360  A new feature is available to automatically stop the Microsoft Exchange Information Store service when a time-out is detected in an Exchange Server 2007 SP3 environment
  • 2591655  A journaling report remains in the submission queue when an email message is delivered successfully in an Exchange Server 2007 environment
  • 2598980  The PidLidClipEnd property of a recurring meeting request has an incorrect value in an Exchange Server 2007 environment
  • 2616427   An Outlook Anywhere client loses connection when a GC server restarts in an Exchange Server 2007 environment
  • 2617784  Journal reports are expired or lost when the Microsoft Exchange Transport service is restarted in an Exchange Server 2007 environment
  • 2626217   Certain changes to address lists may not be updated in an Exchange Server 2007 environment
  • 2629790   The Exchange IMAP4 service may stop responding on an Exchange Server 2007 Client Access server when users access mailboxes that are hosted on Exchange Server 2003 servers
  • 2633801   The SCOM 2007 SP1 server cannot alert certain issues in an Exchange Server 2007 organization
  • 914533  The Microsoft Exchange Information Store service may stop responding on an Exchange Server 2007 server
  • 976977  The scroll bar does not work in OWA when there are more than 22 all-day event calendar items in an Exchange Server 2007 user’s calendar
  • 2641312  The update tracking information option does not work in an Exchange Server 2007 environment
  • 2653334  The reseed process is unsuccessful on the SCR passive node when the circular logging feature is enabled in an Exchange Server 2007 environment
  • 2656040  An Exchange Server 2007 Client Access server may respond slowly or stop responding when users try to synchronize the Exchange ActiveSync devices with their mailboxes
  • 2658613  The “PidLidClipEnd” property of a no ending recurring meeting request is set to an incorrect value in an Exchange Server 2007 environment

When running ForeFront Protection for Exchange, make sure you disable ForeFront before installing the rollup and re-enable it afterwards, otherwise the Information Store and Transport services may not start. You can disable ForeFront using fscutility /disable and enable it using the fscutility /enable command.

Note that update rollups are cumulative, i.e. they contain fixes released in earlier update rollups for the same product level (RTM, SP). This means you don’t need to install previous update rollups during a fresh installation but can start with the latest rollup.

You can download Exchange 2007 SP3 Rollup 6 here.

Thoughts on “Automatic E-mail Server Notifications in Exchange 2010″

In an article on MsExchange.org, Markus Klein elaborates on the reasons behind the changed message delivery notification (MDN) behavior in Exchange 2010. Examples of MDNs are read or delivery receipts or out of office messages. Issues may arise with MDNs because Exchange 2010 (and Exchange 2007) will use a blank sender address and not all e-mail systems can cope with that, making Exchange compliant with the related RFC. The article ends with workarounds to mitigate the issue. Here are my thoughts on that article.

The article refers to RFC2298, dated March 1998. However, MDNs are defined by RFC3798 of May 2004, which obsoletes RFC2298. Nevertheless, like Klein indicated, both RFCs dictate the following:

The envelope sender address (i.e., SMTP MAIL FROM) of the MDN MUST be null (<>), specifying that no Delivery Status Notification messages or other messages indicating successful or unsuccessful delivery are to be sent in response to an MDN.

The idea behind using a blank sender address is that e-mail systems will not return DSN messages, e.g. mailbox unavailable or disk quota exceeded, as a reply to an MDN, preventing potential message loops. However, there are some side-effects as not all e-mail systems or messaging hygiene products are RFC compliant. For example, the default setting of ForeFront Protection 2010 for Exchange is to block messages with an empty sender address. These products may simply block those messages, since blank senders could potentially be an indicator for spoofed messages. When you suspect such product to be causing the issue, check and reconfigure when appropriate.

The author continues the article by describing how to configure and troubleshoot routing of MDNs to the internet. The author shows how to enable and inspect the receive connector logs. Instead, I suggest monitoring the send connector logs when troubleshooting MDN delivery. Inspecting the send connector log files, you can get a clue on why MDN delivery fails and will see if Exchange is trying to deliver the MDN at all, and if so, the reason why. To enable send connector logging use the following cmdlet:

Set-SendConnector <ConnectorID> -ProtocolLoggingLevel verbose

The log files are generated in the “V14\TransportRoles\Logs\ProtocolLog\SmtpSend” folder below the location where you installed Exchange.

Finally, the author suggests the following workarounds:

  1. Use Outlook “out of office”
  2. Switch Relay Provider
  3. Implement Exchange Server Edge Roles

The first workaround is a less preferable option, as it’s configured per-user as a rule and rules, stored in the user’s mailbox, can’t easily be managed. When using the OOF option, administrators can, using the Get-MailboxAutoReplyConfiguration and Set-MailboxAutoReplyConfiguration cmdlets. Also, it makes the end user responsible for working around the issue. Meanwhile, despite this instruction, you can still expect lots of users to keep using the OOF function.

The second and third suggestions are non-options, since they don’t eliminate the issue and will only add a product and an extra hop to the e-mail route. Yes, you can switch to using a different SMTP relay or implement an Exchange Edge server which will accept MDN messages with an empty sender address. However, that may not be the final destination of the e-mail message, so the (unpredictable) MDN delivery issue remains. Nobody can guarantee that the e-mail system or message hygiene appliance at the recipient blocks blocks your OOF message with an empty sender address. You can read that between the lines of the PSS statement the author quotes as well:

The Exchange edge server will not reject the OOF message as the edge server will be incorporated into the Exchange organization. The HUB server will transfer the OOF messages in the address of OOF mailbox to the edge server and the edge server will then send the messages with empty return path e.g. blank sender, MAIL FROM: <> “null” to Internet.

Now, when the issue lies outside of your Exchange organization, e.g. the hosted message hygiene service or destination mail system, you might be left with no other option than to violate RFC3798 by adding a sender address. In Exchange this isn’t possible, but other e-mail gateways could help you with that. Note that when using a hosted message hygiene service or appliance for outbound messages, using a non-blank sender might be less of an issue since you’re offloading the delivery, compared to trying to deliver the message to the destination mail system yourself.

However, when opting to resort to these measures, I’d strongly suggest reconsidering sending out of office messages (or MDNs in general) outside of your Exchange organization, regardless of the sender. Spammers love confirmed e-mail addresses, so treasure your business e-mail addresses like you probably treat your own personal address.

Note that this blog isn’t to condemn the author of the discussed article, but to clarify things up since many people moving from Exchange 2003 to Exchange 2007 or Exchange 2010 may run into these behavioral differences. You’re invited to comment or share your opinions in the comments below.

Exchange 2007 SP3 Update Rollup 5

Today the Exchange Team released Rollup 5 for Exchange Server 2007 Service Pack 3 (KB2602324). This update raises Exchange 2007 version number to 8.3.213.1.

Here’s the list of changes included in this rollup:

  • 981820  New X-headers of a message item do not appear when the message item is retrieved by IMAP4 or by POP3 in an Exchange Server 2007 SP2 environment
  • 2292150  A deleted hyperlink remains in the HTML source of an email message if you create the email message by using OWA in an Exchange Server 2007 environment
  • 2411423  The Msftefd.exe process constantly consumes up to 100 percent of CPU resources when your mailbox language is set to German on an Exchange Server 2007 server
  • 2450078  The sent time in an email message body is incorrect when you reply or forward the email message by using an EWS application in an Exchange Server 2007 environment
  • 2451415  “There was a problem logging onto your mail server” error message when you use a POP3 client to access a mailbox in an Exchange Server 2007 SP3 environment
  • 2536652  EdgeTransport.exe randomly stops responding on a Hub Transport server after you configure public folder replication in Exchange Server 2007
  • 2536695  “Some items cannot be deleted” error message when you try to delete or modify an email message in a public folder in an Exchange Server 2007 environment
  • 2536697  DBCS characters in a rule name are converted to question marks after you move a mailbox from Exchange Server 2003 to Exchange Server 2007
  • 2537783  The EdgeTransport.exe process crashes occasionally after you install Update Rollup 2 for Exchange Server 2007 SP3
  • 2538958  Extended Protection Warning Displayed in Exchange Management Console and Exchange Management Shell After Installing RU2 for Exchange 2007 SP3
  • 2554575  Items accumulate in the MRM submission folder when managed folder assistant journal items in an Exchange Server 2007 environment
  • 2556751  The EdgeTransport.exe process crashes when processing certain email messages on an Exchange Server 2007 Hub Transport server
  • 2557304  The Store.exe process may consume excessive CPU resources and memory resources intermittently when a user opens a calendar item by using OWA in an Exchange Server 2007 SP3 environment

When running ForeFront Protection for Exchange, make sure you disable ForeFront before installing the rollup and re-enable it afterwards, otherwise the Information Store and Transport services may not start. You can disable ForeFront using fscutility /disable and enable it using the fscutility /enable command.

Note that update rollups are cumulative, i.e. they contain fixes released in earlier update rollups for the same product level (RTM, SPx). This means you don’t need to install previous update rollups during a fresh installation but can start with the latest rollup available right away.

You can download Exchange 2007 SP3 Rollup 5 here.