POW #10 – Exchange Server 2007 SP2 (Part 1)

December 22, 2009 at 3:24 PM2102

As many of you probably know, Service Pack 2 for Exchange Server 2007 is one of the prerequisites for introducing Exchange Server 2010 into existing Exchange organization.

Beside many fixes, Service Pack 2 for Exchange Server 2007 also includes some cool new features:

  • Enhanced Auditing: New Exchange auditing events and audit log repository enable Exchange administrators to more easily audit the activities occurring on their Exchange servers. It allows the right balance of granularity, performance, and easy access to audited events via a dedicated audit log repository. This simplifies the auditing process and makes review of audited events easier by segregating audited events in a dedicated location.
  • Exchange Volume Snapshot Backup Functionality: A new backup plug-in has been added to the product that will enable customers to create Exchange backups when a backup is invoked through the Windows Server 2008 Backup tool. Exchange Server 2007 didn't have this capability on Windows Server 2008 and additional solutions were required to perform this task.
  • Dynamic Active Directory Schema Update and Validation: The dynamic AD schema update and validation feature allows for future schema updates to be dynamic deployed as well as proactively preventing conflicts whenever a new property is added to the AD schema. Once this capability is deployed it will enable easier management of future schema updates and will prevent support issues when adding properties that don't exist in the AD schema.
  • Public Folder Quota Management: SP2 enables a consistent way to manage quotas by improving the current PowerShell cmdlets to perform quota management tasks.
  • Centralized Organizational Settings: SP2 introduces new PowerShell option that enable centralized management of many of the Exchange organization settings.
  • Named Properties cmdlets: SP2 enables Exchange administrators to monitor their named property usage per database.
  • New User Interface for Managing Diagnostic Logging: SP2 enables Exchange administrators to easily configure and manage diagnostic logging from within the Exchange Management Console.

Update your server(s)!

I strongly recommend that you install latest Service Packs and hotfixes for your operating system and installed software. Please note that Exchange Server 2007 (SP2) is only supported on Windows Server 2003, Windows Server 2003 R2 and on Windows Server 2008. Windows Server 2008 R2 is not supported!

Windows Installer 4.5

You need to deploy Windows Installer 4.5 on all target Exchange Server 2007 servers prior installing Service Pack 2.

Download Windows Installer 4.5 for Windows Server 2003 SP1, Windows Vista SP1 and Windows Server 2008 RTM from Microsoft Download:

Download: Windows Installer 4.5 Redistributable

Please note that Windows Installer 4.5 is already included in Windows Server 2008 SP2 and Windows Vista SP2.

Backup Active Directory and Exchange!

Please backup Active Directory and Exchange (especially Databases) before Active Directory preparation and Exchange Server 2007 SP1 installation. You should consider reading my previous blog post named Importance of good backups.

Prepare Active Directory

Not all steps are necessary in simple Active Directory setup (single domain forest). So here are necessary steps to prepare Active Directory for Exchange Server 2007 Service Pack 2. The advantage of running steps separately is that you can use account which has minimum permissions necessary for task.

  • Run  setup /PrepareSchema – You need to run this with domain account that is member of Schema Admins and Enterprise Admins security groups. Make sure that you run this commands from server that is in the same Active Directory Site as Schema Master DC. (Note: You must not run this command in a forest in which you do not plan to run setup /PrepareAD. If you do, the forest will be configured incorrectly, and you will not be able to read some attributes on user objects.).
  • Run setup /PrepareAD - You need to run this with domain account that is member of Enterprise Admins security group. Make sure that you run this commands from server that is in the same Active Directory Site as Schema Master DC. In order to support the new Role Based Access Control (RBAC) model in Exchange Server 2010, a new security group is created inside Microsoft Exchange Security Groups OU named Exchange Trusted Subsystem.

  • Run setup /PrepareDomain to prepare local domain, run setup /PrepareDomain:exlab.exchange.pri to prepare specific domain, run setup /PrepareAllDomains to prepare all domains in forest. Please note that /PrepareAD prepares current (local) domain during process. If you have single domain Active Directory forrest, running /PrepareDomain is not needed. PrepareDomain in Exchange Server 2007 SP2 does not include ACEs introduced by Exchange Server 2010.

After you run each command, you should wait for the changes to replicate across your Exchange Organization. It can take a while in large Active Directory site topology. You can always force replication via Active Directory Sites and Services MMC.


How do you verify successful preparation of Active Directory?

Setup.com /PrepareSchema sets value of rangeUpper attribute of ms-Exch-Schema-Version-Pt to 14622 after successful finish.



Setup.com /PrepareAD sets value of objectVersion attribute of <Organization Name> container to 11222 after successful finish.




Installation order

There is nothing specific in the installation order of Exchange Server 2007 Service Pack 2. You should stick with standard installation order for Exchange Server 2007:

  1. Upgrade all Client Access Servers
  2. Upgrade all HUB Transport Servers
  3. Upgrade all EDGE Transport Servers (can be upgraded later but not before HUB Transport Servers)
  4. Upgrade all Mailbox Servers
  5. Upgrade all Unified Messaging Servers

In multi site environment upgrade site by site in the above order (not for example all Client Access Server across multiple sites! and than next role). Upgrade internet facing site(s) first.



Posted in: Exchange | Active Directory | POW


Action Required by Dec. 1, 2009: Keep your Protection Current!

December 3, 2009 at 10:41 AM2102

This post is from ForeFront Server Blog:

As we announced on July 1, 2009, Microsoft is revising its engine mix on Dec. 1, 2009 for the Forefront and Antigen products.  This change will allow customers to utilize a set of engines that help optimize detection, while also allowing us to invest in new areas for increasing overall protection for customers. 

Antimalware Protection

The AhnLab, CA, and Sophos engines will be retired on Dec. 1, 2009.  After December 1st, customers will not receive any updates for these retired engines. In order to make sure your Antigen and Forefront products continue to scan efficiently and effectively for malware, any customers running the AhnLab, CA, or Sophos engines must DISABLE these engines before Dec. 1, 2009 and select from the new set of five engines – Authentium, Kaspersky, Microsoft, Norman, and VirusBuster.

SPECIAL NOTE: Antigen for SharePoint 8.0 and Antigen for Instant Messaging 8.0 customers – In order to gain access to the new engine set and provide optimal protection for your messaging and collaboration environments, please download the Service Pack 1 releases of these products on the MVLS or VLSC site prior to Dec. 1, 2009.  The updates for the new engine set will use a new update infrastructure as of Dec. 31, 2009 – the Service Pack 1 releases will allow you to continue to receive updates correctly from their new location.

For more information about Service Pack 1 for Antigen for SharePoint and Antigen for IM, see the following KB article:


- SPECIAL NOTE: Antigen for Exchange 8.0 and Antigen for SMTP Gateways 8.0 customers –These products will end of life on Dec. 31, 2009. Customers must upgrade to Antigen 9.0 SP2 for Exchange before this date, as the product will no longer continue to receive anti-malware updates starting Jan. 1, 2010. With the retirement of the CA, Sophos, and AhnLab engines on Dec. 1, customers running Antigen for Exchange 8.0 or Antigen SMTP Gateways 8.0 will only be protected by the Norman engine. For customers who need to continue using this product between Dec. 1, 2009 and the end-of-life date of Dec. 31, 2009, please contact Forefront Contract Administration for access to the revised engine set.

For more information on upgrading your Antigen for Exchange 8.0 or Antigen for SMTP Gateways 8.0 to Antigen 9.0, see the following KB article:


Antispam Protection

One of the most important changes in our engine revision strategy is moving to the Cloudmark antispam engine*, which provides 99%+ detection rate and less than 1 in 250,000 false positives (West Coast Labs).

The Mail-Filters SpamCure antispam engine will be retired on Dec. 1, 2009. Customers using Antigen products for antispam protection must upgrade to the latest service pack releases listed below BEFORE DEC. 1, 2009 to maintain their antispam defenses.  This is the only way to gain access to the new Cloudmark engine.  The service packs can be accessed on the Microsoft MVLS and VLSC sites:

- Antigen for Exchange Server with Antigen Spam Manager 9.0 with SP2

- Antigen for SMTP Gateways with Antigen Spam Manager 9.0 with SP2

For more information on the engine revision strategy, see the Antimalware Engine Notifications and Developments Web page or contact Forefront Contract Administration .  Again, we strongly urge all customers to update to the newest service packs before Dec. 1, 2009 to get the full protection benefits of the Forefront and Antigen server products. 

*Please note:  Customers using Forefront Security for Exchange Server will get access to the Cloudmark engine in the next version release – Forefront Protection 2010 for Exchange Server – scheduled to be available in Q4 CY09.


Source: Microsoft ForeFront Server Blog - Action Required by Dec. 1, 2009: Keep your Protection Current!

Posted in:


Nova učinkovitost - novi val tehnologij v 7 slovenskih mestih

September 30, 2009 at 7:44 PM2102

Pa še eno vabilo… tudi tokrat v ne-angleškem jeziku… :)



Vabimo vas, da se nam pridružite na dogodku Nova učinkovitost – novi val tehnologij v 7 slovenskih mestih. Tehnologijo in prednosti, ki jih pri­naša, vam bo približal kot še nikoli, saj bomo obiskali kar 7 slovenskih mest – Koper, Kranj, Ljubljano, Maribor, Mursko Soboto, Novo Gorico in Novo mesto. Najnovejše tehnologije bodo tako prišle dobesedno na vaš prag. Na prijetnih dogodkih z omejenim številom prostih mest boste spoznali izdelke Windows 7, Windows Server 2008 R2 in Exchange Server 2010 ter razvijalske tehnologije na novih platformah

Ob uradnem datumu predstavitve operacijskega sistema Windows 7 smo za skupnost strokovnjakov in razvijalcev za informacijske tehnologije pripravili posebne dogodke, ki bodo z bogatimi in privlačnimi vsebinami predstavili najnovejši namizni operacijski sistem Windows 7. Dogodki na različnih lokacijah bodo potekali vzporedno, ob istem času. Obenem pa vam želimo zagotoviti čim več informacij tudi o drugih dveh izdelkih, ki bosta nedvomno vplivala na vaše delo – strežniški operacijski sistem Windows Server 2008 R2 in sporočilni sistem Exchange Server 2010.

Slovenski strokovnjaki za informacijske tehnologije vam bodo v vašem domačem mestu predstavili prednosti, ki jih novi izdelki prinašajo v informa­cijska okolja podjetij vseh velikosti. Prav tako boste lahko spremljali prenose izbranih predavanj. Na dogodkih boste imeli priložnost spoznati predavatelje in predstavnike Microsoftovih partnerjev, prav tako pa je to enkratna prilož­nost za navezovanje stikov z drugimi strokovnjaki.

Več informacij o dogodku vam bomo posredovali v prihodnjih dneh.

Posted in: Microsoft


Pregled IT novosti sporočilnega sistema Microsoft Exchange Server 2010

September 30, 2009 at 7:31 PM2102

Vabim vas, da se udeležite tehničnega seminarja na tematiko Exchange Server 2010. Prilagam izvorno vabilo…



Vabimo vas na tehnični seminar Pregled IT novosti sporočilnega sistema Microsoft Exchange Server 2010.

O upravljanju, namestitvi in vzdrževanju novega Exchange strežnika bo iz svojih izkušenj predaval Sašo Erdeljanov, strokovjnak in slovenski MVP (Most Valuable Professional) za področje sporočilnih sistemov.

Sašo bo na seminarju predstavil nove zmožnosti Exchange 2010, izboljšave glede na prejšnje različice, nove tehnologije, ki pripomorejo k bolj učinkovitemu sporočilnemu sistemu, ter dobre razloge, zakaj bi IT strokovnjak izbral novi strežnik za boljšo podporo sporočanju v svoji infrastrukturi.

Skupaj smo za vas pripravili dva termina, da si boste lažje organizirali svoj čas:

- 19. 10. 2009, Ljubljana (Predavalnica Microsofta) in

- 29. 10. 2009, Maribor (Microsoft Center inovacij).

Enodnevni seminar je namenjen IT strokovnjakom in IT vodjem, ki želijo in potrebujejo nova znanja o prihajajočih sistemih za bolj učinkovito vpeljavo novih tehnologij v svoje IT okolje.

Predavanje bo v slovenščini, materiali pa bodo zaradi velikega števila tujih izrazov v angleščini.



09:00 – 10:30

Novosti v Exchange Server 2010

10:30 – 10:45


10:45 – 12:15

Arhitektura in RBAC

12:15 – 13:15


13:15 – 14:45

Prehod na Exchange Server 2010

14:45 – 15:00


15:00 – 16:30

Arhiviranje in visoka razpoložljivost

16:30 – 17:00

Vprašanja in odgovori

Posted in: Microsoft


Microsoft Exchange Server 2010 Public Beta

April 15, 2009 at 10:48 AM2102

Microsoft today released the first public beta of upcoming Exchange Server 2010 (Code name Exchange 14).


Microsoft Exchange® Server 2010 Beta helps IT Professionals achieve new levels of reliability with greater flexibility, enhanced user experiences, and increased protection for business communications.

  • Flexible and reliable - Exchange Server 2010 gives you the flexibility to tailor your deployment based on your company's unique needs and a simplified way to keep e-mail continuously available for your users.
  • Anywhere access - Exchange Server 2010 helps your users get more done by giving them the freedom to securely access all their communications - e-mail, voice mail, instant messaging, and more - from virtually any platform, Web browser, or device.
  • Protection and compliance - Exchange Server 2010 delivers integrated information loss prevention, and compliance tools aimed at helping you simplify the process of protecting your company's communications and meeting regulatory requirements.

This software is intended for evaluation purposes only. You must accept the license terms before you are authorized to use this software. There is no product support for this trial software. You are welcome to participate in the forums to share your trial experiences with others and to ask for advice.

System Requirements

  • Supported Operating Systems: Windows Server 2008; Windows Vista 64-bit Editions Service Pack 1
  • Operating System for Installing Management Tools: The 64-bit editions of Microsoft® Windows Vista® SP1 or later, or Windows Server® 2008.
  • PC - x64 architecture-based computer with Intel processor that supports Intel 64 architecture (formerly known as Intel EM64T) or AMD processor that supports the AMD64 platform

Additional requirements to run Exchange Server 2010 Beta
  • Memory - Minimum of 4 gigabytes (GB) of RAM per server plus 5 megabytes (MB) of RAM recommended for each mailbox
  • Disk space
    • At least 1.2 GB on the drive used for installation
    • An additional 500 MB of available disk space for each Unified Messaging (UM) language pack that you plan to install
    • 200 MB of available disk space on the system drive
  • Drive - DVD-ROM drive, local or network accessible
  • File format - Disk partitions formatted as NTFS file systems
  • Monitor – Screen resolution 800 x 600 pixels or higher

Exchange Server 2010 Beta Prerequisites
If these required prerequisites are not already installed, the Exchange Server 2010 Beta setup process will prompt and provide links to the installation locations; Internet access will be required if the prerequisites are not already installed or available on a local network.
  • Microsoft® .NET Framework 3.5
  • Windows PowerShell v2
  • Windows Remote Management


Microsoft Exchange Server 2010 Beta

Posted in: Exchange | Microsoft


POW #8 – DPM 2007 SP1 Error ID 3013

April 10, 2009 at 12:31 PM2102

If you installed Microsoft Data Protection Manager 2007 SP1 on Windows Server 2008 RTM you receive Error ID 3013 if you select Reporting from DPM Management console.


DPM could not connect to SQL Server Reporting Services server because of IIS connectivity issues.

On the computer on which the DPM database was created, restart the World Wide Web Publishing Service. On the Administrative Tools menu, select Services. Right-click World Wide Web Publishing Service, and then click Start.

ID: 3013

Problem resides in Reporting Services virtual directory in Internet Information Services (IIS) named ReportServer$MS$DPM2007$.

Workaround is simple:

  • Run Internet Information Services (IIS) Manager, expand Web Sites, expand Default Web Site, and then click the virtual directory for the report server.
  • Under Features View, double-click Handler Mappings.
  • Under Actions, click Edit Feature Permissions.
  • Click to select the Scripts check box, and then click OK.

Microsoft MVP for Exchange Server

January 29, 2009 at 1:05 PM2102

MVP_FullColor_ForScreen I received a pleasant surprise on January the 1st from Microsoft MVP Award Program. I was awarded as Microsoft Most Valuable Professional in year 2009 for Exchange Server. It’s a privilege and honor to serve as MVP!

I would like to thank Microsoft for noticing my efforts in the community over the last years!

You can also read Welcome post from my MVP Lead Alessandro Teglia!

Posted in: Microsoft


MCT Summit 2009 Prague

January 19, 2009 at 10:07 PM2102

mctsummit I was attending MCT Summit 2009 in Prague. Prague is definitely beautiful and cold city during winter. :)

Great job Tjeerd Veninga and thanks to all speakers for another great MCT Summit!

Cheers to everyone I met there (Gasper, Joze, Vincent, Andy Malone,..., and of course Slavko and Marko ;-))!

Here are some pictures from Prague:

MCT Summit Prague (10)

MCT Summit Prague (6)

MCT Summit Prague (11)

Posted in:


POW #4 - Send connector external FQDN in HELO/EHLO banner

October 27, 2008 at 1:55 PM2102

Pretty common problem this days is around specified FQDN for external connections from Exchange 2007 HUB servers.

For demo purposes let's say our internal FQDN of Exchange 2007 HUB server is DEMO-E2K7SP1.demo.pri and external FQDN is demomail.exchange.si.

Specify FQDN for Send Connector

We need to specify FQDN for each send connector we created for internet delivery. In our case we have send connector named Internet. Let's specify FQDN:

Set-SendConnector -Identity "Internet" -Fqdn demomail.exchange.si

As you can see demomail.exchange.si is specified as FQDN for above mentioned send connector. Please do not forget to also create/use certificate with Subject Name (or Subject Alternative Name) demomail.exchange.si.


Let's see what will be present in mail header at recipient side. As you can see bellow in the first red marked part demomail.exchange.si FQDN was used at HELO/EHLO step when contacting recipient mail server.


As you may also noticed DEMO-E2K7SP1.demo.pri is also visible in mail header. There is nothing wrong with that! It's expected behavior of every mail server in the planet. Full 'travel' path is always included in message header.

How do I hide internal servers from message header?

My recommended solution is with Transport Rules usage. Here is sample transport rule that strip Receive part from message header.

Create new transport rule:


Specify Condition from users Inside the organization, sent to users Outside the organization and Action remove header (Received).


If we look again into message header you will notice that internal server is not visible anymore (Received: from DEMO-E2K7SP1.demo.pri). Removing other parts from message header can also be done with Transport Rules.


I hope this problem with distinguishing between configuration errors and records in message header is just a bit more clear now.

Posted in: Exchange | Microsoft | POW


SloWUG - Exchange Server 2007 SP1 High Availability

October 20, 2008 at 7:21 PM2102

Last Thursday, I was presenting at SloWUG event here in Ljubljana about (new) High Availability options in Exchange Server 2007 SP1.



  • Mailbox Server High Availability options in Exchange Server 2007 SP1
  • Cluster Continuous Replication
  • Standby Continuous Replication
  • Data Loss?
  • Demo!

Presentation with recorded demos is now available for download. Any comments or suggestions are more than welcome. I'm also accepting requests for next presentation.

SloWUG - Exchange Server 2007 SP1 High Availability