An Update on Exchange Server 2010 SP1 Rollup Update 4

The Exchange Sustained Engineering team recently made the decision to recall the June 22, 2011 release of Exchange 2010 SP1 Rollup 4. This was not an action we took lightly and we understand how disruptive this was to customers. We would like to provide you with some details that will give you a deeper understanding of what actually happened and, more importantly, what improvements we are making to prevent this in the future.

  • Q: What actually triggered the recall?

A: While fixing a bug that prevented deleted public folders from being recovered, we exposed an untested set of conditions with the Outlook client. When moving or copying a folder, Outlook passes a flag on a remote procedure call that instructs the Information Store to open deleted items which haven’t been purged. Our fix inadvertently caused the RPC to skip all content that wasn’t marked for deletion because we were not expecting this flag on the call from Outlook on the copy and move operations.

  • Q: Why didn’t you test this scenario?

A: The short answer is we thought we did. We didn’t realize we missed a key interaction between Exchange and Outlook. The Exchange team has well over 100,000 automated tests that we use to validate our product before we ship it. With the richness and number of scenarios and behaviors that Exchange supports, automated testing is the only scalable solution. We execute these tests in varying scenarios and conditions repeatedly before we release the software to our customers. We also supplement these tests with manual validation where necessary. The downside of our tests is that they primarily exercise the interfaces we expose and are designed around our specifications. They do test positive and negative conditions to catch unexpected behavior and we did execute numerous folder copy and move tests against the modified code which all passed. What we did not realize is that our tests were not emulating the procedure call as executed by Outlook.

  • Q: Exchange has been around a while, why did this happen now?

A: In Exchange 2010 we introduced a feature called RPC Client Access. This functionality is responsible for serving as the MAPI endpoint for Outlook clients. It allowed us to abstract client connections away from the Information Store (on Mailbox servers) and cause all Outlook clients to connect to the RPC Client Access service.

As part of our investigation, we discovered that there was some specific code added to the Exchange 2003 Information Store to handle the procedure call from Outlook using the extra flag. This code was also carried forward into Exchange 2007. But when the Exchange team added the RPC Client Access service to Exchange 2010, that code was not incorporated into the RPC Client Access service because it was mistakenly believed to be legacy Outlook behavior that was no longer required. That, unfortunately, turned out not to be the case. The fact that we were not allowing a deleted public folder to be recovered was masking this new bug completely.

  • Q: Are there other similar issues lurking in RPC Client Access?

A: We do not believe so. The RPC Client Access functionality has been well-tested at scale and proven to be reliable for the millions of mailboxes hosted in on-premises deployment and in our own Office 365 and Live@EDU services.

  • Q: What are you doing to prevent similar things from happening in the future?

A: We have conducted a top-to-bottom review of the process we use to triage, develop and validate changes for Rollups and Service Packs and are making several improvements. We have changed the way we evaluate a customer requested fix to ensure that we more accurately identify the risk and usage scenarios that must be validated for a given fix. Recognizing the diversity of clients used to connect to Exchange, we are increasing our client driven test coverage to broaden the usage patterns validated prior to release. Most notably, we are working even closer with our counterparts in Outlook to use their automated test coverage against each of our releases as well. We are also looking to increase coverage for other clients as well.

Kevin Allison
General Manager
Exchange Customer Experience

Exchange 2010 Service Pack 2 !


The Exchange 2010 SP2 has been announced for the second half of calendar year 2011 !

Here is a list of the new feautres and capabilities that will include:

  • 1. Outlook Web App (OWA) Mini: A browse-only version of OWA designed for low bandwidth and resolution devices. Based on the existing Exchange 2010 SP1 OWA infrastructure, this feature provides a simple text based interface to navigate the user’s mailbox and access to the global address list from a plurality of mobile devices.

2. Cross-Site Silent Redirection for Outlook Web App: With Service Pack 2, you will have the ability to enable silent redirection when CAS must redirect an OWA request to CAS infrastructure located in another Active Directory site.  Silent redirection can also provide a single sign-on experience when Forms-Based
Authentication is used.

  • 3. Hybrid Configuration Wizard: Organizations can choose to deploy a hybrid scenario where some mailboxes are on-premises and some are in Exchange Online with Microsoft Office 365. Hybrid deployments may be needed for migrations taking place over weeks, months or indefinite timeframes. This wizard helps
    simplify the configuration of Exchange sharing features, like: calendar and free/busy sharing, secure mailflow, mailbox moves, as well as online archive.

 

  • 4. Address Book Policies: Allows organizations to segment their address books into smaller scoped subsets of users providing a more refined user experience than the previous manual configuration approach. We also blogged about this new feature recently in GAL Segmentation, Exchange Server 2010 and Address Book Policies.

 

  • 5. Customer Requested Fixes: All fixes contained within update rollups released prior to Service Pack 2 will also be contained within SP2. Details of our regular Exchange 2010 release rhythm can be found inExchange 2010 Servicing.

Exchange 2010 can now run in a virtualized environment !


From now Exchange 2010 is completely supported to be run in a virtualized environment.

This also includes the unsupported features:
– Unified Messaging server Role
– Combining Exchange 2010 DAG ( Database Availability Groups ) with hypervisor-based clustering, high availability and migration solutions that move automatically failover mailbox servers that are members of a DAG.

The vendors that participate in the SVVP can be found here:http://www.windowsservercatalog.com/svvp.aspx?svvppage=svvp.htm

The whitepaper “Best Practices for Virtualizing Exchange Server 2010 with Windows Server® 2008 R2 Hyper V™” is also available and can be downloaded from here:
http://www.microsoft.com/download/en/details.aspx?id=2428

The hardware requirements for virtualization can be found here:
http://technet.microsoft.com/en-us/library/aa996719.aspx

Solved | Office 365 Directory Synchronization Tool Error: Set-CoexistenceConfiguration was unable to modify the source properties

I recently ran in to a problem running the DirSync tool with Office 365.  My account was an Enterprise Administrator, as well as a member of the MIISAdmins local group.  The error I got after attempting synchronization was “Set-CoexistenceConfiguration was unable to modify the source properties.  See the event logs for more detailed information.”:

Upon opening the Event Viewer, as the ever-so-meaningful error instructed me to do, I found the following Errors logged:

  • A Constraint violation occured. (Exception from HRESULT 0x8007202F)
  • Set-CoexistenceConfiguration was unable to modify the source properties.


I determined where the error was occurring by running the AD Insight tool, which is part of the Windows Sysinternal applications and can be found here: http://technet.microsoft.com/en-us/sysinternals/bb897539.aspx.

The error indicated that I was unable to modify an attribute within the domain, which lead me back to checking permissions.  I found that though my system account was part of the Enterprise Administrators in our domain, Enterprise Admins were not included in the built-in Administrators group for our domain. Once I added the account to the Administrators account and retried the directory synchronization, everything worked perfectly.

Then click retry and it works perfect !

ENJOY.

And if you encounter any problems feel free to comment contact me.

How to send from another account / How to activate BCC in Exchange Online / OWA 2010 ?

Two annoying problems in Exchange Online / OWA are:
– How to select another account ( the from field in Outlook ) ?
– How to see BCC when writing a new mail ?

1. Open OWA / Go in the right-up corner / click on Options / Click on See All Options:


2. Go to the Settings menu in the left / At message format section select Always show BCC  and / orAlways show From ( depending of your scenario ), then click SAVE ( right-down corner ):

ENJOY.

And if you encounter any problems feel free to comment contact me.

How to open .jnlp files ?

1. You have to install / or update your Java for browser ( http://java.com/en/download/index.jsp )
2. Go to the *.jnlp file, and open with / Select “Java web Start” / click OK / and the application will run:

ENJOY.

And if you encounter any problems feel free to comment contact me.

How to see when was Windows installed on this machine?

A question that may had troubled, or is troubling some of you is: “When was my Windows installed ?”

There is a very easy way to find out:

1. Go to Start / type: CMD / Press Enter ( or Start Run for previous Windows versions, prior to Win7 )
2. A command promt window will appear
3. Type: systeminfo | find /i “install date” / press enter


ENJOY.

And if you encounter any problems feel free to comment contact me.

How to Turn off Internet Explorer Enhanced Security Configuration | Step-by-Step

A very annoying thing in Windows 2008 R2 is the Internet Explorer’s error: “content from the website listed below is being blocked by the internet explorer enhanced security configuration“.

Ok now, but how do we disable this security setting ? ( it is called Internet Explorer Enhanced Security Configuration – IE ESC ).

FOR WINDOWS 2008:

1. If you have it enabled, or freshly installed the Windows 2008, you will get this error:

2. Go to Start Administrative Tools Server Manager:


3. Click on Server Manager / Expand the Security Information Section / click on Configure IE ESC:


4. Turn OFF the IE ESC ( for Administrators / for Users / or for both, depending of your scenario ):


FOR WINDOWS 2003:

1. Close all Internet explorers
2. Open Control Panel
3. Go to ADD or Remove Programs 
4. Click on Add/Remove Windows Components 
5. Uncheck the checkbox named Internet Explorer Enhanced Security Configuration / click NEXT
6. You’re done, and you can now open a IE.

ENJOY.

And if you encounter any problems feel free to comment contact me.