L’Histoire se rĂ©pète. After the meeting issues with iOS 6.0, which were fixed in 6.0.1, you could have assumed Apple learned a lesson. Unfortunately, there are again reports of misbehaving iOS devices; this they’re on iOS 6.1.
As reported by Exchange fellows Tony Redmond and Paul Robichaux today, there are reports iOS 6.1, released end of January, may generate excessive transaction log growth. A report on the F5 forum states the issue may lie in the improper handling of Meeting Responses by iOS 6.1 devices, causing some sort of loop.
Since Exchange is a business critical platform and excessive log growth can have severe consequences when not properly monitored (storage space running out, impact on replication or backup), it is recommended to take the following steps until the situation becomes more clear (and Apple releases a fix):
- Inform iOS users and discourage them to upgrade at the moment (you can’t uninstall it). To create an inventory of iOS 6.1 users, use Steve Goodman’s Export-iOSDeviceStatistics script (available here) or use Get-ActiveSyncDevice, e.g.
Get-ActiveSyncDevice | where {$_.DeviceOs -match “iOS 6.1”}
- Consider implementing an access rule to block IOS 6.1 users (see below);
- When experiencing the issue, report it to Apple.
When you want to block iOS 6.1 users, specifically the MeetingResponses, you need to filter on User Agent “^Apple.*1002.*” and check the URI for “Cmd=MeetingResponse” (so iOS 6.1 users can keep having e-mail but not send meeting responses). Your options and implementation depend on the components user in your organization:
- You can block iOS 6.1 devices using Exchange 2010’s Allow/Block/Quarantine mechanism, e.g.
New-ActiveSyncDeviceAccessRule -QueryString “iOS 6.1 10B142” -Characteristic DeviceOS -AccessLevel Block
- Alternatively, you can install and utilize the IIS Rewrite Module;
- When running TMG/ISA, you can utilize the http filter to block iOS 6.1, i.e. select the ActiveSync publishing rule, Configure HTTP, tab Headers. Unfortunately, wildcards are not supported, so you need to enter each iOS6.1 User-Agent variation by using Add / Request headers and entering the exact string like (list not complete):
- Apple-iPhone4C1/1002.142
- Apple-iPad2C1/1002.141
- Apple-iPad3C3/1002.141
- F5 has guidance on creating a blocking iRule to block MeetingResponse requests for iOS devices on their forum here.
Generally speaking, like implementing Service Packs or Rollups straight after their release in a production environment is a bad idea, the same rule should apply to clients of all types. I know this might sound challenging with the whole Bring Your Own movement and the adoption of iPhones/iPads, I think blocking or quarantining newly released iOS versions and only allowing them after a few weeks (“incubation period”) can be a wise strategy. Also, this strategy can be part of your communications or house rules for end users when they connect their own or company devices to your corporate environment.
Update (11Feb): It is reported the issue won’t occur after deleting the partnership and setting it up again doing a full sync. To delete a partnership from Exchange’s perspective, use Remove-ActiveSyncDevice, e.g.
Get-ActiveSyncDeviceStatistics –Mailbox Olrik | Where {$_.DeviceOS –match “iOS 6.1”} | Remove-ActiveSyncDevice.
Note that the iOS 6.1.1 update released by Apple today is for iPhone 4SÂ only and fixes 3G issues.
Update (12Feb): Microsoft published KB2814847. They added the option of mitigating the issue by introducing a throttling policy, which Exchange admins need to assign to iOS 6.1 users. Note that this only applies to Exchange 2010 and up and will only slow down the process of transaction log generation, but users can keep using their device. It’s then recommended to instruct iOS 6.1 users to restart their devices if their device complains it can’t connect. Looking at the article, Office 365 already has throttling in-place for all users.
Update (13Feb): Apple has published a support article as well (TS4532). Their suggestion; Turn calendars off, wait 10 seconds then turn calendars back on again. Yes, really. They mention it’s related to responding to recurring meeting exceptions and state a fix is in the works.
Update (15Feb): As it turns out, he meeting response issue isn’t the worst issue in iOS 6.1; apparently you can easily bypass the lock screen on iPhones due to a glitch in the emergency calling feature, allowing anyone to use your phone for calling or accessing your contacts.
Update (16Feb): Rumors are Apple will release iOS 6.1.2 early next week but before February, 20th.This update should fix this meeting bug as well as the lock screen issue.
Update (19Feb): Today, after more than 10 days after initial reports of the issue, Apple released iOS 6.1.2, which supposedly fixes the meeting bug which caused excessive transaction log generation and battery drain. Given Apple’s track record, I’d test this properly first in your environment before waving the green flag to all your iPhone and iPad users. Note that according to reports, the lock screen glitch hasn’t been fixed in 6.1.2.
With the release of Exchange 2010 SP3, you can now control where sent items are stored when Send-As or Send-on-Behalf permissions are configured and you’re using Outlook Web Access. In Outlook we already had the possibility to control where sent items are stored this using registry keys, but now we can do so from Outlook Web Access or using the Exchange Management Shell. Unlike Outlook, you unfortunately can’t control where deleted items are stored.
EighTwOne (821) 