Outlook Spy 2.15 is Outlook 2010-compatible

Didn't notice earlier— one of my favorite Outlook/Exchange tools is now compatible with Outlook 2010. Outlook Spy is primarily a tool for Outlook/Exchange developers, but Exchange administrators also find it useful. It allows you to look under the hood of mailboxes and messages. Created by Dmitry Streblechenko, an Outlook MVP, Outlook Spy has been on my list of "must have Exchange tools" for as long as I can remember. Released in November 2009, the latest version of Outlook Spy (v2.15) adds Outlook 2010 compatibility.

You can download Outlook Spy 2.15 from Dmitry's web site. Registration for a single user license is $49.99. It's been worth every penny and more for me.

I also like the free MFCMapi tool on Codeplex - Microsoft's open source community site where you'll find a lot of useful tools and apps along with the source code. MFCMapi is a compact executable (760-873K) and doesn't require installation. It was created by Microsoft's Stephen Griffin. It's available in both 32-bit and 64-bit versions.

Bulk mailbox creation: Import passwords from a file

Automating bulk mailbox creation required fairly advanced scripting skills in Exchange 2003/2000. Thanks to the Exchange Management Shell (aka "the shell") in Exchange 2010 and 2007, this task is greatly simplified. It doesn't require any advanced scripting skills and it can be accomplished by relative newcomers to Exchange Server with very little knowledge of the shell.

Exchange Server 2007: Bulk creation of mailboxes using Exchange Management Shell shows you how to create bulk mailboxes using user data imported from a CSV file. A related post— Bulk mailbox creation revisited: Adding Active Directory attributes shows you how additional Active Directory attributes not included in the New-Mailbox/Set-Mailbox cmdlets can be populated.

When creating mailboxes using the New-Mailbox cmdlet, Exchange Shell requires the password to be of type System.Security.SecureString, derived from the SecureString class in the dot net framework. In the example in Exchange Server 2007: Bulk creation of mailboxes using Exchange Management Shell, we use the same password for all accounts. We also prompt the admin to enter that password using the Read-Host cmdlet, as shown below:

$Password=Read-Host "Enter Password" -AsSecureString

When the admin running the command or script enters the password, powershell masks the password by displaying a * for each character entered.

One frequently asked question when discussing bulk mailbox creation is: how do I import passwords from a text file? Of course, saving passwords in a text file isn't very secure, but there may be cases where you need to do this temporarily— particularly when you want to create mailboxes/user accounts in bulk and don't want to assign the same password to all accounts. When doing so, it's recommend to set the account to change password on next logon. There may also be other scenarios where you need to import passwords from a text file, so I'll leave the security aspect of this up to you.

The first step to importing passwords from the text file is to add it as an additional column or field in the file. For example:

Alias,Name,UPN,Password
User_One,User One,userone@yourUPNsuffix.com,P@ssw0rd1
User_Two,User Two,usertwo@yourUPNsuffix.com,P@ssw0rd2
User_Three,User Three,userthree@yourUPNsuffix.com,P@ssw0rd3

If you try to use the same command as shown in the previous post, and simply add the parameter -password and the value $_.password in the code block, it'll fail.

Import-CSV CreateRecipients.csv | foreach {new-mailbox -alias $_.alias -name $_.name -userPrincipalName $_.UPN -database "Mailbox Database" -org Users -Password $_.password}
Cannot process argument transformation on parameter 'Password'. Cannot convert the "P@ssw0rd1" value of type "System.String" to type "System.Security.SecureString".
+ CategoryInfo : InvalidData: (:) [New-Mailbox], ParameterBindin...mationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,New-Mailbox

Converting a string to a SecureString
To use the password field imported from the CSV file, you must first convert it to a SecureString. You can convert a string to a SecureString using the ConvertTo-SecureString cmdlet. When using the ConvertTo-SecureString cmdlet, you must specify that the source string is provided as cleartext by using the AsPlainText switch (not to be confused with the plaintext message format). The cmdlet also requires that you specify the Force switch to confirm you really want to do this— yes, you've just provided your consent to convert a plaintext string to a SecureString!

The modified command looks something like this:

Import-CSV CreateRecipients.csv | foreach {New-Mailbox -Alias $_.alias -Name $_.name -UserPrincipalName $_.UPN -Database "Mailbox Database" -Org Users -Password (ConvertTo-SecureString $_.password -AsPlainText -Force)}

To enforce a password change on next logon, add the ResetPasswordOnNextLogon parameter to the command:

Import-CSV CreateRecipients.csv | foreach {New-Mailbox -Alias $_.alias -Name $_.name -UserPrincipalName $_.UPN -Database "Mailbox Database" -Org Users -Password (ConvertTo-SecureString $_.password -AsPlainText -Force) -ResetPasswordOnNextLogon $true}

Export and Import Content Filter Words or Phrases

In Exchange 2010 and Exchange 2007, you can add custom words or phrases as good or bad words to modify the Spam Confidence Level (SCL) assigned to messages. Messages with a good word or phrase are assigned an SCL of 0 and bypass other antispam agents that fire after the Content Filtering agent. Messages with a bad word are assigned an SCL of 9, and any configured action (delete/reject/quarantine) is taken based on the Content Filtering configuration.


Figure 1: Adding a custom word or phrase to Content Filtering configuration

To add a good or bad phrase to the custom words list using the EMC:

1. Go to Organization Configuration | Hub Transport | Anti-spam tab
   
2. Select Content Filtering and click Properties in the action pane
   
3. In Content Filtering Properties, select the Custom Words tab
   
4. Add a word or phrase in the following fields as required:
   • Messages containing these words or phrases will not be blocked:To add a good word or phrase, type it in this field
     
   • Messages containing these words or phrases will be blocked, unless the message contains a word or phrase from the list above: To add a bad word or phrase, type it in this field.
   
   

To add a word or phrase using the shell, besides the actual word or phrase, you must also specify the influence:

Add-ContentFilterPhrase "bad word" -Influence Badword

You can get a list of words or phrases added to Exchange by using the Get-ContentFilterPhrase cmdlet:

Get-ContentFilterPhrase | Select phrase,influence

Exporting and Importing Custom Words and Phrases
On the Edge Transport server, configuration information is stored in the local instance of Active Directory Application Mode (ADAM) on Windows Server 2003. In Windows Server 2008, ADAM is renamed to Active Directory Lightweight Directory Service (ADLDS). Unlike Exchange Server configuration information stored in Active Directory, which is replicated to all domain controllers in the AD forest, Edge Transport configuration information stored in ADAM/ADLDS is not replicated to other Edge Transport servers.

You can configure an Edge Transport server using a cloned configuration. See Using Edge Transport Server Cloned Configuration.

You can also export only the content filter phrases from one Edge Transport and import it to another Edge Transport server. To export the phrases, use the Get-ContentFilterPhrase cmdlet:

Get-ContentFilterPhrase | Select Phrase,Influence | Export-CSV "C:\MyFolder\CFPhrases.txt"

To import the phrases on another Edge Transport server, use the Add-ContentFilterPhrase cmdlet:

Import-Csv "C:\MyFolder\CFPhrases.txt" | foreach {Add-ContentFilterPhrase -Phrase $_.phrase -Influence $_.influence}

User Self-Service: Message Tracking from OWA

One of the things on top of my Exchange wish lists, and I'm sure on the Exchange wish lists of many Exchange folks, is allowing users to help themselves with common tasks such as managing Distribution Groups, and tracking the status of their own messages as I suggested in Message Tracking as part of OWA/Outlook (hard to believe this was posted in July 2005!).

Yes, Exchange has had Message Tracking for administrators, but this results in the waste of valuable IT resources when users call/e-mail/shoutout (depending on location and position... ) why a particular message they were supposed to receive hasn't yet made it, or why someone never received a message they sent.

Exchange 2010 allows users to track their own messages using the Exchange Control Panel (ECP). Head over to Spotlight on Exchange 2010: Delivery Reports on the Exchange team blog for more info.

I'll gladly admit the final implementation of this feature is a lot better than the way I thought it should work 4 years ago. Allowing users to perform common tasks using easy-to-use web-based self-service options, using functionality found out-of-the-box in Exchange Server, should help you reduce administration costs and resources.

What's your take on these self-service features?

Using Outlook's Instant Search on Windows Server 2008

If you have Microsoft Outlook 2007 installed on Windows Server 2008 (perhaps because you're also using a lab server as your workstation, or require Outlook for testing), when you start Outlook it complains about Windows Search service not being installed and that Outlook cannot provide fast search results when using the Instant Search feature.


Figure 1: Microsoft Outlook 2007 prompt indicating Windows Search service is not installed

Outlook also displays a clickable notification under the Instant Search box.


Figure 2: Microsoft Outlook 2007 notification to enable Instant Search

Clicking on the notification brings up the same dialog box shown in Figure 1.

In Online mode, Outlook 2007 uses Exchange Search for searching the mailbox - the mailbox is not cached locally.

In Cached Mode, it uses Windows Search service to index messages in the cached copy of your mailbox. Windows Vista includes Windows Desktop Search (WDS) out-of-the-box. Windows Server 2008 and Windows XP do not.

Of course, you can disable the prompt to enable Instant Search in Outlook by going to Tools | Options | Other tab | Advanced Options, and unchecking Show prompts to enable Instant Search. But if you live in a high-volume email environment and have a fairly large mailbox to show for it, Search is an invaluable tool!


Figure 3: Disabling the prompt to enable Instant Search in Outlook 2007

Install Windows Search service
To install the Windows Search service on Windows Server 2008, use the following command:

ServerManagerCmd -i FS-Search-Service

Or install it using the Server Manager console using the following procedure:

1. Start Server Manager
   
2. Click Roles in the navigation tree on the left
   
3. Select Add Role in the Roles Summary section
   
4. Select the File Services role and click next
   
5. Select the Windows Search role service
   

After Windows Search is installed, when you click the notification in Outlook, it acknowledges Windows Desktop Search has been installed, and prompts you to restart Outlook to enable Instant Search.

Meanwhile, Windows Search indexes your email and documents in the background. If you use Instant Search before indexing is complete, it returns results from the messages it has already indexed, and notifies you of number of items still to be indexed.

Windows Search 4.0 is the more current version of Windows Search. Download: x64 | x86 .

ASN1 Bad Tag Error Installing an SSL Certificate in IIS 7

You've installed SSL certificates on previous versions of IIS more times than you care to remember. It's no rocket science - you create a certificate request, request the certificate from a Certification Authority, get the certificate and complete your certificate request.

Then there's IIS 7. Modularized. Optimized. Secure. You follow the same procedure as you did with previous versions of IIS. Create a certificate request, check. Get the certificate from a CA, check. Install the certificate, and that's where the familiarity ends. Instead of installing the certificate, IIS 7 throws up a cryptic error: There was an error while performing this operation. Details: CertEnroll::CX509Encrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b (ASN: 267).


Figure 1: IIS 7's cryptic error when trying to install an SSL certificate

If you fire up the Certificates console (start a new MMC console | add Certificates snap-in | select the computer account), you'll see the certificate is indeed installed.

By default, IIS does not create a binding for HTTPS.


Figure 2: IIS 7's default site bindings

Add a binding for HTTPS

1. In the Site Bindings window, click Add
   
2. In the Add Site Binding window, select https from the Type: drop-down.
   
3. Select an IP address (or optionally, leave All Unassigned selected if you want the site to bind to the specified SSL port on all IP addresses
   
4. From the SSL certificate: drop-down, select the certificate you want to use for the binding/web site.
   
   [Optional] You can click the View button to view the certificate and ensure you're selecting the right one.
   
   Figure 3: Creating a binding for https in IIS 7
   
5. Click OK to close the Add Site Binding window.

Close the Site Bindings, start a browser, and test the web site using https.

Exchange Server Remote Connectivity Analyzer: Test Exchange from outside the firewall

Exchange 2007 brought with it a number of Exchange shell cmdlets that let you test Exchange functionality (scroll down to the end of this post for a list of the test cmdlets). But how do you test Exchange services are actually available and usable from the Internet?

Have you longed for an Exchange cmdlet like Test-ExchangeConnectivity which could test your Exchange services such as Outlook Anywhere, AutoDiscover, Exchange ActiveSync, and SMTP from outside your firewall?



Now there is! Exchange Remote Connectivity Analyzer is a web-based service that lets you test Exchange functionality and availability from the Internet. Best of all— it's free!

Exchange Remote Connectivity Analyzer answers your Exchange operations questions, such as:

1. Can my Exchange server receive inbound Internet/SMTP email?
   
2. Can my Outlook Anywhere (aka "RPC over HTTP" in Exchange 2003) clients connect from outside the firewall?
   
3. Can my mobile users connect using Exchange ActiveSync phones/devices?
   
4. Does AutoDiscover work for Outlook 2007 clients?
   
5. Does AutoDiscover work for Exchange ActiveSync clients?
   
6. Are the certificates used for these services valid?

Head over to Exchange Remote Connectivity Analyzer at testexchangeconnectivity.com. More details, and a great video, in Announcing the release of Exchange Server Remote Connectivity Analyzer on the Exchange team blog.

Exchange 2007's Built-In Test Cmdlets
Here's a list of Exchange 2007 Test Cmdlets. Although these test cmdlets aren't intended to replace full-fledged monitoring software or diagnostics systems, they do allow you to test a lot of Exchange functionality quickly and easily, without having to fire up a console or browser!

1. Test-ActiveSyncConnectivity: Lets you test ActiveSync synchronization
   
2. Test-EdgeSynchronization: Test EdgeSync status of subscribed Edge Transport servers, including whether a specified recipient is synchronized
   
3. Test-ExchangeSearch: Test Exchange Search status/health for a specified server or individual mailbox.
   
4. Test-ImapConnectivity: Test IMAP functionality on a Client Access Server
   
5. Test-IPAllowListProvider: Test if an IP address is listed in an IP Allow List Provider (a DNS-based list, think of it as the opposite of an IP Block List Provider or RBL)
   
6. Test-IPBlockListProvider: Test whether an IP address is listed in an IP Block List Provider (aka RBL)
   
7. Test-Mailflow: Test mailflow, including mail submission, transport, and delivery, from the System Mailbox on an Exchange Server to another Exchange Server or specified email address
   
8. Test-MAPIConnectivity: Test MAPI connectivity to an Exchange server or a specified mailbox. A MAPI logon is performed. This test will also create a mailbox in the MDB for those freshly created/enabled mailboxes that haven't been logged on to.
   
9. Test-OutlookWebServices: Test AutoDiscover configuration for Outlook 2007.
   
10. Test-OwaConnectivity: Test connectivity to Outlook Web Access, including certificate validation.
    
11. Test-PopConnectivity: Test POP3 connectivity for a specified Client Access Server
    
12. Test-ReplicationHealth: Test the health of Continuous Replication
    
13. Test-SenderId: Test SenderID status for a specified IP Address (the sending host) and domain.
    
14. Test-ServiceHealth: Test the status of services set to start automatically.
    
15. Test-SystemHealth:
    
16. Test-WebServicesConnectivity:

Internet Explorer 8 and OWA: Where Are The Images?

Internet Explorer 8 was released last week at MIX09. It's likely many users may already be running either the RTM version or one of the earlier betas.

IE 8 is more secure than previous versions (see Stay Safer Online for a list of IE8's security features), including some of the default settings. Here's one of those changes and how it may impact your OWA users (and potentially result in a helpdesk call).

A user gets an HTML message with images. When viewing the message in OWA, the user sees missing images, as shown below:


Figure 1: An HTML message rendered in OWA with missing images

Instead of this:


Figure 2: HTML message with images rendered in OWA

Is that the web beacon and form filtering feature of OWA 2007 at work?

OWA 2007: Web beacon and form filtering

Web beacons (aka "web bugs") are very small, transparent image files in web pages and HTML email. These 'invisible' images are commonly used by web sites to track visitors, along with cookies. When you inadvertently download such an image in an HTML email message, it calls home and tells Mr. Spammer: "I made it! The email address is valid, and someone even viewed the message!"

In Exchange 2007, OWA blocks web beacons, and displays the following prompt inline in the information bar (where header information such as subject, sender, recipient, and timestamp are displayed).


Figure 3: The web beacon and form filtering feature displays a prompt in the information bar to allow user to unblock content

If users determine the message is from a trusted sender and safe to open, they can unblock the blocked content by clicking on the "Click here" link in the information bar (highlighted in Figure 3 above).

Web beacon and HTML form filtering behavior can be controlled for an OWA virtual directory. Use the Set-OwaVirtualDirectory cmdlet to toggle the FilterWebBeaconsAndHtmlForms property, as shown in How to Control Web Beacon and HTML Form Filtering for Outlook Web Access.

But you don't see the familiar click here link in the message!

The Tale of The Two Prompts
You're accessing OWA (or any other web page for that matter) over a secure HTTPS session. The page has images or other unsecure content (not unsecure as in malicious content, but the content is accessed using HTTP) it wants the browser to display. The first time the browser faces this scenario, it sends alarm bells ringing. It warns you, the user almighty, and asks you what you wish to do.

You may even remember the IE prompt— even if vaguely so. Yes, the one you dismissed by clicking the "Yes" button, without giving it any thought? Afterall, what harm could a lowly web page do to your highly secure computer?

In IE8, the prompt has been reworded, and the choices reordered. Here's what the shiny new prompt looks like.


Figure 4: Security warning in Internet Explorer 8, clearly informing users about blocked content, and the potential security impact of displaying such content

As you can see, users instinctively clicking the "Yes" button continue to be protected by Internet Explorer 8. They do not end up in an insecure state! Moreover, the dialog is clearer and more informative, compared to the one found in previous versions of IE. Here's the dialog from IE 7:


Figure 5: The 'Security Information' prompt in Internet Explorer 7, prompting users about nonsecure items

Released: PowerShell Snap-in For IIS 7

The big news from MIX09 is probably the release of Internet Explorer 8, but for shell aficionados, Exchange folks and scripting geeks, the release of IIS Snap-in for Windows PowerShell is not a lesser event. The snap-in has 71 cmdlets to manage IIS, from web application pools to web site configurations, bindings, and SSL.

Download the IIS Snap-in for Windows PowerShell: X86 | x64.

For more information about the snap-in, head to IIS.net. IIS developer Sergei Antonov, who owns scripting and command-line tools, blogs here.

Curious to find out which cmdlets are included? Head over to the IIS 7 Cmdlets mini-reference.

Released: Exchange 2007 SP1 Update Roll-up 7

Update Roll-up 7 for Exchange Server 2007 SP1 has been released. Download it here.

As noted in previous posts, Exchange 2007 updates are cumulative and release-specific. This roll-up is for Exchange 2007 SP1, and supersedes all previous update roll-ups for Exchange 2007 SP1.

As Ananth notes in the post on the Exchange team blog (read 'Update Roll-up 7 for Exchange Server 2007 Service Pack 1 has been released'), this update has 50 fixes, including important fixes for SCR and IMAP4 issues.

Fixes for the following issues are included (details in KB 960384):

• 946449 A non-read report message is sent after you perform a "Mark All as Read" operation against unread e-mail messages in Exchange Server 2007
  
• 949113 Unexpected modified instances of a recurring meeting may appear when you use Entourage to access a calendar on a computer that is running Exchange Server 2007
  
• 949114 Duplicate calendar items may appear when you use Entourage to access a calendar on an Exchange 2007 server
  
• 949464 The customized properties are removed in the recipients' calendars when you send a meeting request that includes customized properties
  
• 950115 When a CDO 1.2.1-based application generates a meeting request that includes some European characters in the message body, these characters appear as question marks in Exchange 2007
  
• 951341 Users cannot read calendar items when they connect Exchange Server 2007 by using certain IMAP4 or POP3 clients
  
• 952778 Event ID 9874 is frequently logged on Exchange Server 2007 with Service Pack 1
  
• 953094 The value in the "Messages queued for submission" performance counter on the mailbox role of Exchange Server 2007 increases after a meeting request is delivered
  
• 954213 All Test commands that are related to the Client Access Server fail when you run the commands on an Exchange 2007 server in a disjoint namespace
  
• 954741 The UseRUSServer parameter does not work if an administrator has specified an RUS server on a target mailbox server
  
• 954898 The LegacyExchangeDN attributes for mail-enabled objects are incorrectly set in an environment that contains Exchange 2003 and Exchange 2007
  
• 955027 The Edgetransport.exe process may crash on a hub transport server that is running Exchange Server 2007 Service Pack 1
  
• 955462 You notice high CPU usage when the IMAP service is running on an Exchange 2007 Service Pack 1 server that has the CAS role
  
• 955778 You receive a Non-Delivery Report (NDR) message when you send an e-mail message to a non-SMTP address in an Outlook client that is using Cached mode
  
• 956069 A Non-Delivery Report (NDR) is generated when an Exchange Server 2007 user tries to send a message to a recipient who has a one-off FAX address that includes any characters that are larger than 0xFF in Unicode
  
• 956205 Corrupted characters appear in the Subject field or in the Location field of a recurring calendar item after a user adds DBCS characters to a field in a meeting occurrence by using an Outlook 2002 client
  
• 956275 An Exchange 2007 sender's address is split into two separate addresses when an external recipient replies to the message
  
• 956455 The display name appears in a received message even though the property of the user mailbox is set to "Hide from Exchange address lists" in Exchange Server 2007
  
• 956687 Messages stay in the submission queue after you enable per-mailbox database journaling in an Exchange Server 2003 and Exchange Server 2007 coexisting environment
  
• 957019 Images cannot be pasted in an Exchange Server 2007 Outlook Web Access message body
  
• 957071 The MSExchange Transport service may crash intermittently on the Exchange 2007 server
  
• 957124 You do not receive an NDR message even though your meeting request cannot be sent successfully to a recipient
  
• 957227 The Exchange Management Console crashes when one or more domain controllers of a top-level domain are not reachable
  
• 957485 The Test-OwaConnectivity command returns a warning message in Exchange Server 2007 when there is a disjoint namespace
• 957504 The IMAP4 service crashes intermittently, and Event ID 4999 is logged on Exchange Server 2007
  
• 957683 An IP Gateway can still be used to dial out for a "Play on Phone" request after the IP Gateway is disabled
  
• 957834 Network shares are deleted and created intermittently by the replication service on an Exchange SCC cluster when SCR is enabled on the Exchange server
  
• 957947 The Exchange Information Store service may crash when an Entourage client synchronizes with an Exchange 2007 server
  
• 958091 You cannot update the task complete percentage to any value other than 0 or 100 in Outlook Web Access
  
• 958093 Voice mail messages are not stamped with the disclaimer that is defined in the transport rule in an Exchange Server 2007 environment
  
• 958128 Replication messages stay in a queue in a retry state after a public folder database is dismounted
  
• 958331 The Restore-StorageGroupCopy command may fail in an Exchange Server 2007 SCR environment
  
• 958444 Event 522 is logged when replication is resumed on a suspended Storage Group on an Exchange Server 2007 CCR or SCR environment
  
• 958472 An unexpected text string appears at the top of the message body when an Exchange Server 2007 user sends an HTML message by using Outlook Web Access
  
• 958552 The ByteEncoderTypeFor7BitCharsets setting does not take effect for the US ASCII character set after you install the hotfix that is mentioned in Microsoft Knowledge Base article 946641
  
• 958638 Exchange 2007 Server cannot parse X-Priority headers from clients that submit X-Priority headers that contain additional comments
  
• 958803 The EdgeTransport.exe process may stop responding in Exchange Server 2007 when the priority queuing feature is enabled
  
• 958872 The Map This Address feature in the contact page for an OWA client does not work in Exchange Server 2007
  
• 959100 Exchange Server 2007 cannot route e-mail messages to mail enabled Non-MAPI public folders that are hosted on an Exchange Server 2003 server
  
• 959135 Event 9673 occurs when the Microsoft Exchange Information Store service crashes on a computer that is running Exchange 2007 with Service Pack 1
  
• 959397 An increase in database size is generated unexpectedly when IMAP4 users use a Copy command in Exchange 2007
  
• 959434 The last logon time is not updated to reflect the logon times that have occurred after users log on to their mailboxes by using the Entourage client in an Exchange 2007 environment
  
• 959545 A redirection message in Outlook Web Access 2007 is incorrect when the message is translated to Korean
  
• 959671 The Manage Mobile Devices option is not displayed in Exchange Management Console after a mobile device re-synchronizes with an Exchange 2007 server
  
• 959952 The Set-Mailbox command does not change the AutomateProcessing attribute for an Exchange Server 2007 user when a regular user mailbox is converted from a room mailbox
  
• 960291 Outlook Web Access or an Exchange Web Service application does not correctly display a monthly or yearly recurring appointment or meeting request
  
• 960292 The MSExchangeIMAP4 service may crash intermittently after you apply an update rollup for Exchange Server 2007 Service Pack 1
  
• 960349 The Exchange Information Store service may crash after you enable tracing for the logon actions
  
• 961281 An error is returned when you enable SCR from any source in a child domain after you install Exchange Server 2007 Service Pack 1 Rollup 5
  
• 961395 The Exchange 2007 Unified Messaging server does not update the caller information if an external user makes a call
  

Are Distribution Groups really being used?

Over the years, you end up creating a large number of Distribution Groups based on user demands. The regular departmental Distribution Groups such as Sales, Marketing, Engineering, and HR. The geographical ones such as AllUS, All-California, All-BayArea, and so on. The ones by employment status such as All-FTE for full-time employees, All-Contractors, and so on. And ones to facilitate the working habits of executives and senior managers, who want to address their team with a distro (geekspeak for Distribution Group) like JoeSchmoe-DirectReports. Then there are the more interesting ones, such as All-MountainClimbers, All-GrungeFans.

Why are so many of these Distribution Groups prefixed with an All-? Can Distribution Groups ever be All-Whatever? Is it possible to include all grunge fans in the All-GrungeFans group? Or only the ones who confess? Can you guarantee everyone in the Sales dept will be included in the All-Sales group by default— even if you used Dynamic Distribution Groups? There will be times when someone does not populate the department attribute for the newly hired Manager of Inside Sales for Timbuktu, and surrounding areas. After two weeks in his exciting new inside sales position, the poor bloke finds out he hasn't received the number of sales leads freely flying around on the distro, and unfortunately won't be able to meet his targets for selling surfboards in Timbuktu that quarter.

Over the lifetime of Exchange deployments, there will be groups that get used more frequently, such as Send-Your-Jokes-Here-If-You-Have-Nothing-Better-To-Do-At-Work (the alias conveniently shortened to ExecTalk... ), or the ones that never get used, such as All-ExEmployees (hard as it is to believe, at least one of these two have been spotted in real-world deployments!).

One fine day, your friendly manager/auditor/HR person shows up at your desk wanting to know which distribution groups are in use.

That's where message tracking logs come to the rescue— assuming these are enabled. If you've been mucking around with these logs in Exchange 2007, you probably know a fair bit of PowerShell, and chances are you're absolutely loving it! If not, head over to previous post Exchange Server 2007: Message Tracking from the command line, and get to know the wonderful cmdlet Get-MessageTrackingLog.

Tracking messages sent to Distribution Groups
How do we get a list of messages sent to Distribution Groups? By getting a list of all Distribution Group expansion events, noted in message tracking logs with the EventID EXPAND. The RelatedRecipientAddress field in the EXPAND entry contains the PrimarySmtpAddress of the Distribution Group expanded. Use the following command to grab a list. You can restrain Get-MessageTrackingLog cmdlet in a number of ways. Since these have been covered in the previous post, I won't go into details here.

Get-MessageTrackingLog -Start 2/1/2009 -EventID Expand | ft Timestamp,RelatedRecipientAddress -Autosize

You get back a table that looks something like this:

Timestamp RelatedRecipientAddress
--------- -----------------------
2/18/2009 4:36:27 PM DG-Marketing@MyDomain.com
2/18/2009 4:41:18 PM DG-Sales@MyDomain.com

Next, how do we determine how many messages each Distribution Group received? This is easily done by piping the results to the Group-Object cmdlet:

Get-MessageTrackingLog -Start 2/1/2009 -EventId Expand | group-object RelatedRecipientAddress | ft Name,Count -Autosize

This returns a count for each group of messages:

Name Count
---- -----
DG-Marketing@MyDomain.com 123
DeptSales@MyDomain.com 145

To list messages sent to a particular Distribution Group:

Get-MessageTrackingLog -EventID Expand | ? {$_.RelatedRecipientAddress -like "DG-Marketing@MyDomain.com"} | ft Timestamp,Sender,MessageSubject -Autosize

Of course, you could use the message tracking GUI in EMC— but would it rate anywhere close on your geek satisfaction index?

Applying Exchange 2007 SP1 Update Rollup 6

Perhaps I should have picked another day for applying Exchange 2007 SP1 Update Rollup 6. I ran into the services not starting issue documented in KB 944752 Exchange Server 2007 managed code services do not start after you install an update rollup for Exchange Server 2007.

It was a single server topology - Exchange 2007 SP1 sitting behind ISA Server 2006 (SP2), with no previous post-SP1 rollups installed. The System Attendant, Information Store, and Active Directory Topology services started without any issues. The other Exchange services did not. Manually starting the stopped services resulted in the familiar 1053 error - service failed to start in a timely fashion.


Figure 1: Manually starting Exchange managed services resulted in error 1053

A helpful colleague informed me about the nature of these managed services, and pointed me to the above KBA and the related downloads. Installing .Net Framework 2.0 SP2 fixed it, although according to the KBA .Net Framework 2.0 SP1 would work just as well.

The managed code services not starting issue is mentioned clearly in KBA 959241 Description of Update Rollup 6 for Microsoft Exchange Server 2007 Service Pack 1:

Note Certain Exchange Server 2007 managed code services may not start after you install this update rollup. This problem occurs if all the following conditions are true:

• The services cannot access the following Microsoft Web site:
  http://crl.microsoft.com/pki/crl/products/CodeSigPCA.crl
  
• You do not have a .NET Framework common language runtime (CLR) build that supports the generatePublisherEvidence configuration setting.

For more information about how to resolve or work around this issue, click the following article number to view the article in the Microsoft Knowledge Base:
944752 Exchange 2007 managed code services do not start after you install an update rollup for Exchange 2007

Rudimentary best practices
When working in mid to large deployments, we normally tend to follow change control procedures in place. Service packs, hotfixes, and updates are tested adequately. Change control also translates into being able to articulate a suitable fallback plan. Backups need to be performed before applying any updates. These practices, even in a scaled down version, are routinely ignored or avoided in smaller environments.

Installing updates without testing and without reading the accompanying documentation could turn into your little adventure on days you can ill-afford to indulge in such adventures. The consequences could range from hours wasted (read "unbillable hours" if you're a consultant) troubleshooting or restoring service, to potentially more serious consequences caused by the downtime.

The good news is this can be avoided easily!

Have you been in a situation before where not following these rudimentary best practices has resulted in undesirable consequences?

Released: Update Rollup 6 for Exchange 2007 Service Pack 1

Update Rollup 6 for Exchange Server 2007 SP1 has been released. Download it here.

As noted in previous posts, Exchange 2007 updates are cumulative and release-specific. Additionally, as Ananth notes in the post on the Exchange team blog (read 'Update Rollup 6 for Exchange Server 2007 Service Pack 1 Released'), this update has a fix for a security issue rated as critical, and the update to allow Internet Explorer 8 to be used to access Outlook Web Access does not include the S/MIME control. An updated version of the control will be released in a future rollup.

Fixes for the following issues are included (details in KB 959421):

• 959239 MS09-003: Vulnerabilities in Microsoft Exchange could allow remote code execution
  
• 950675 Downloaded .xls file attachments are empty when you open the files by using Outlook Web Access on Exchange Server 2007 Service Pack 1
  
• 955443 Some free/busy messages are not replicated from Exchange 2007 to Exchange 2003 servers after some mailboxes are migrated from Exchange Server 2003 to Exchange Server 2007
  
• 956356 The Microsoft Exchange File Distribution service uses lots of memory and processor time when Exchange Server 2007 processes many OABs
  
• 956624 The Microsoft Exchange Transport service crashes continuously after you enable journal rule or deploy an antivirus application on an Exchange Server 2007 server
  
• 957748 The custom message class of contact object is overwritten by the normal IPM.Contact class when an Exchange 2007 server replicates the contact object to any other public store

Managed Folders: Why aren't Calendar items expired?

You're testing Exchange 2007's Messaging Records Management (MRM) features to implement your organization's messaging retention policies.

You create a new Managed Folder for Calendar items, and then create a Managed Content Setting for it to expire Calendar items in 1 year. Next, you create a Managed Folder Mailbox Policy and add the Managed Folder to the Policy. You apply the policy to a test mailbox.

Testing the Managed Folder Policy
You open the test mailbox, create a single-instance appointment that starts and ends on some date more than a year ago.

To test the new Managed Folder Policy, you manually run the Managed Folder Assistant against your test mailbox:

Start-ManagedFolderAssistant -Mailbox "Joe Adams"

You expect the meeting, which (starts and) ends at some date more than a year ago, to be expired and the RetentionAction specified in the Managed Content Setting to be applied. It doesn't.

Calculating Retention Age for Calendar items

You can tell the MFA when to start counting an item's retention age from, by specifying it in the Content Settings for a Managed Folder. It can be based on:
1) When the item was delivered to a mailbox or
2) When the item was moved to a folder


Figure 1: Configuring retention period in Managed Content Settings

Calendar items such as meetings and appointments, and Tasks, are treated differently since these items have an end date. You could create a meeting for a future event, or create a recurring meeting that takes place at a certain interval (daily/weekly/monthly/yearly) during a certain period, or indefinitely. Therefore, the end date of these items needs to be considered when expiring them. Recurring meetings will expire based on the end date of the last occurrence. Meetings with no end date do not expire.


Figure 2: Recurring meetings can be scheduled to occur daily, weekly, monthly, or yearly for a long period, or indefinitely. When expiring such items, the MFA considers the end date.

If these items are deleted, and thus end up in the Deleted Items folder, the end date is no longer a factor. The Managed Folder Assistant expires Calendar items in the Deleted Items folder based on the message-received date. If the received-date cannot be determined, the message-creation date is used.

More details about retention age for different types of items in "How Retention Periods Are Calculated for Items in Managed Folders".

You locate an older PST and copy a Calendar item which occurs in roughly the same timeframe as the one you just created. When you run the MFA, the copied item with an end date from more than a year ago is expired!

When processing a mailbox, the MFA queries for Calendar items where the creation date is older than the expiration date. If you create a test item for a past date, as we did in this case, it does not get processed by the MFA until the creation date is older than the AgeLimitForRetention.


Figure 3: Calendar items created for a past date will have a creation time that is later than the meeting/appointment end time

Of course, you're not likely to run into this issue except in test scenarios. Real-world meetings do not get created in the past. The creation date is guaranteed to be equal to or older than the end date of the meeting..

EHLO: DSNConversionMode and You

If you haven't already read Jason Nelson's take on Delivery Service Notifications (DSNs), head over right away to DSNConversionMode and You: An Administrator's Guide.

Returning all recipients from the Forest in recipient cmdlets

If you're trying to get recipients from the whole AD Forest using the Exchange shell, there are two things to be aware of:

1. Session scope: By default, the scope of your shell session is set to the Domain of the computer you're running the session on.
2. Result size: By default, shell cmdlets return 1000 results. You can modify this using the Resultsize parameter. The number of search results to return can be specified, or you can use the value unlimited to return all results.

To view the current settings for your admin session, simply type $AdminSessionADSettings.

What you get back:

ViewEntireForest : False
DefaultScope : MyDomain.com
PreferredGlobalCatalog :
ConfigurationDomainController : MyDC.MyDomain.com
PreferredDomainControllers : {}

You can change the DefaultScope parameter to specify another domain or an OU. (Recipient cmdlets also have the OrganizationalUnit parameter which lets you restrict the command to a particular OU).

To return recipients from the whole Forest for all recipient cmdlets used in the session, you can set the session scope by using the following command:

$AdminSessionADSettings.ViewEntireForest = $True

Note, session variables are limited to the session. Once you close the shell window, it's gone. If you start another session, you'll need to set the ViewEntireForest variable to $True again.

You may find not having to return recipients from the entire Forest for the most part. If you do not want to change your session scope to the Forest, but return all recipients in a single recipient command, you can bypass the session scope by adding the IgnoreDefaultScope switch with recipient cmdlets:

Get-Mailbox -IgnoreDefaultScope -ResultSize unlimited

Other parameters such as the preferred GC, DC and config DC for the session can also be set by modifying the session variable.

SCRIPT: List Delegates With Send On Behalf Access

Send On Behalf access allows a user to send mail on behalf of the mailbox owner.


Figure 1: Send On Behalf access can be assigned from ADUC | recipient properties | Exchange General | Delivery Options, or by the mailbox owner using Microsoft Outlook

Here's a script that lists all users with delegates.

File: listDelegates.zip

Related posts and links:

• Understanding Exchange Server 2003 Mailbox Access Delegation
  
• List users with email forwarding enabled
  
• HOW TO: Export all email addresses from a domain
  
• SCRIPT: Show mailbox limits
  
• SCRIPT: Reset Mailbox Limits
  

Released: Update Rollup 5 for Exchange 2007 SP1

Update Rollup 5 for Exchange Server 2007 SP1 has been released. Download it here.

As noted in previous posts, Exchange 2007 updates are cumulative and release-specific.

Fixes for the following issues are included (details in KB 953467):

• 925371 Domino Server does not see attachments in meeting requests from Exchange Server 2007
  
• 939037 By default, managed content settings apply to the root folder and all subfolders in an Exchange Server 2007 environment
  
• 949722 An Event 800 event message does not log the username of users who ran the Get-MessageTrackingLog command in an Exchange 2007 environment
  
• 949893 You cannot create a new mailbox or enable a mailbox in an Exchange Server 2007 environment on February 29, 2008
  
• 949895 Exchange Management Shell crashes (stops responding), and Event ID 1000 is logged when you perform a cross-forest migration from Exchange Server 2003 to Exchange Server 2007 S949895
  
• 949901 Exchange 2007 users cannot send e-mail messages to a mail-enabled public folder in a mixed Exchange 2003 and Exchange 2007 environment
  
• 949968 Unified Messaging does not handle the diversion header correctly in Exchange Server 2007 Service Pack 1
  
• 950272 The formatting of a plain text message is incorrect when you print the plain text message by using Outlook Web Access in an Exchange Server 2007 environment
  
• 951267 An exception occurs in Exchange Management Console when you preview AddressList in an Exchange Server 2007 environment
  
• 951273 The received date and the received time of IMAP messages are changed to the time of migration after you migrate mailboxes to an Exchange 2007 Service Pack 1-based server
  
• 951505 You may receive an error message when you run the Update-SafeList cmdlet in an Exchange 2003 and Exchange 2007 mixed environment
  
• 951564 Exchange 2007 S951564 Update Rollup 5 supports the addition of new items to context menus in Outlook Web Access 2007
  
• 951710 You receive error messages or warnings when you change an Active Directory schema so that the Company property supports more than 64 characters
  
• 952097 Update Rollup 5 for Exchange 2007 Service Pack 1 introduces events 12003 which can be used to clarify ambiguous Event messages
  
• 952583 Japanese DBCS characters are corrupt when you reply to a message or forward a message in an Exchange Server 2007 S952583 environment
  
• 953619 A public folder conflict message cannot be delivered, and event error 1016 is logged, when the public folder name contains DBCS characters in an Exchange Server 2007 Service Pack 1 environment
  
• 953787 You receive an error message when you try to move Exchange 2000 mailboxes or Exchange 2003 mailboxes from one forest to an Exchange 2007 server that is located in another forest by using the Move-Mailbox command
  
• 953840 Event ID 5000 occurs, and the IMAP4 service may crash, on a server that is running Exchange Server 2007 with Service Pack 1 when you use a third-party application to migrate POP3 and IMAP4 users
  
• 954036 Hidden folders or files are listed when you view a UNC file server by using OWA in an Exchange 2007 environment
  
• 954195 The task originator is not notified of task changes and task progress in an Exchange Server 2007 environment
  
• 954197 Exchange 2007 CAS cannot copy the OAB from the OAB share on Windows Server 2008-based Exchange 2007 CCR clusters
  
• 954270 Message class changes during conversion when a digitally signed Message Disposition Notification is received by a server that is running Exchange Server 2007 Service Pack 1
  
• 954451 An appointment item cannot be opened by a CDOEX-based application if the item is saved by Exchange Web Service together with the Culture property in Exchange Server 2007
  
• 954684 You cannot use an Outlook 2007 client to display or download an attachment when you access a message that includes an inline attachment from Exchange Server 2007
  
• 954810 An Exchange 2007 room mailbox stops processing requests after the resource booking assistant receives a delegated meeting request from an Exchange 2003 user
  
• 954887 You cannot add a Mail User or a Mail Contact to the Safe Senders list in Microsoft Exchange Server 2007 by using OWA client
  
• 955001 Error message when you use the IMAP protocol to send a SEARCH command that has the CHARSET argument on an Exchange 2007 server: "BAD Command Argument Error"
  
• 955196 Log files are not copied to the target server in a standby continuous replication environment in Exchange Server 2007
  
• 955429 VSS backup application causes the Information Store service to crash repeatedly on an Exchange 2007 Service Pack 1-based server
  
• 955460 The start time and the end time of a meeting request are incorrect when a delegate uses Exchange Web Service to send the request in an Exchange 2007 environment
  
• 955480 Meeting requests from external senders are displayed as Busy instead of Tentative in an Exchange Server 2007 environment
  
• 955599 Event ID 10 messages fill up the Application log on an Exchange 2007 CAS server if an Exchange Server 2003 mailbox owner makes an Exchange Web Service call
  
• 955619 A user cannot access the mailbox by using a POP client or an IMAP client through Client Access Server in an Exchange Server 2007 environmen
  
• 955741 A message stays in the Outbox, and the message is resent until it is deleted manually on Windows Mobile 6.1-based devices in an Exchange 2007 Service Pack 1 CAS proxying scenario
  
• 955946 If a private message is submitted by a SMTP sender, the sender receives an NDR message from the Exchange 2007 server
  
• 955989 The SPN registration of a cluster fails, and Error event IDs 1119 and 1034 are logged in an Exchange Server 2007 Service Pack 1 environment
  
• 956199 The last character of a user’s Chinese display name is truncated in the Offline Address Book on an Exchange 2007 server
  
• 956319 The W3wp.exe process may crash on an Exchange 2007 CAS server after you use Entourage to send a message that is larger than 48 KB
  
• 956573 Event ID 1032 is not logged in the Application log when users send e-mail messages while they are logged in to Outlook Web Access as another user in Exchange Server 2007
  
• 956582 Exchange Server 2007 Update Rollup 3 does not update the Outlook Web Access Logon.aspx file after you modify the file
  
• 956613 The W3wp.exe process intermittently stops responding and Event ID 1000 is logged in Exchange Server 2007 Service Pack 1
  
• 956709 Some recurring meetings may be missing when you view the meetings using Outlook Web Access in Exchange Server 2007
  
• 957002 The Edgetransport.exe process may crash intermittently on a server that is running Exchange Server 2007 Service Pack 1
  
• 957137 The reseed process is unsuccessful on the CCR passive node after you restore one full backup and two or more differential backups to the CCR active node
  
• 957813 A Non-Delivery Report is generated when you try to send a high priority message that is larger than 250 KB in an Exchange Server 2007 Service Pack 1 environment
  
• 957978 The OAB generation is unsuccessful and Event IDs 9328 and 9373 are logged in the Application log in a Windows Server 2008-based Exchange 2007 Single-Copy cluster environment
  
• 958855 The Edge Transport service crashes repeatedly, and an event error 1000 is logged repeatedly on a server that is running Exchange Server 2007 Service Pack 1
  
• 958856 Event ID: 7012 occurs when you search message tracking logs on an Exchange Server 2007-based server
  

Start Managed Folder Assistant for a single mailbox

When testing Managed Folder Mailbox Policy settings in Exchange 2007, you may need to frequently run the Managed Folder Assistant (MFA)) to process a mailbox on-demand, so you can check the mailbox content and MRM logs. However, every time you run Start-ManagedFolderAssistant, the MFA processes all mailboxes on all Mailbox Databases on the server.

Of course, you can avoid all the agony by instructing the Managed Folder Assistant to process only the specified mailbox:

Start-ManagedFolderAssistant -Mailbox "Foo"

Processing a single mailbox results in the MFA completing its job quickly and makes parsing the MRM log easier— the MFA only logs events related to the specified mailbox.

The -Mailbox parameter does not take multiple mailboxes as input. To process more than 1 mailbox, you will need to use the Get-Mailbox cmdlet (or Get-User piped to Get-Mailbox, depending on the property you want to filter on) and pipe a filtered list of mailboxes to Start-ManagedFolderAssistant. For example, the following command will result in the MFA processing all mailboxes from the department:

Get-User -Filter {department -eq "Sales" -and RecipientType -eq "UserMailbox"} | Get-Mailbox | Start-ManagedFolderAssistant

Or maybe you want to have the MFA process all mailboxes with a particular policy applied. Note, the Filter requires the distinguishedName of the policy:

$policy = (Get-ManagedFolderMailboxPolicy "MRMPolicy-VPs").distinguishedName; Get-Mailbox -Filter {ManagedFolderMailboxPolicy -eq $policy} | Start-ManagedFolderAssistant

Update Rollup 4: The Right Thing To Do

Now that Exchange 2007 SP1 Update Rollup 4 has shipped, it's time to revisit recent events preceding it.

A few days before yesterday's release, a pre-release version of Update Rollup 4 for Exchange Server 2007 SP1 made its way to Microsoft Update. Customers who had the Automatic Updates feature of Windows Server OS configured to automatically download and install updates got the pre-release version downloaded and applied automatically to those servers. Although it was detected and removed quickly from Microsoft Update, the update has left some customers affected by this issue quite annoyed— and understandably so.

Microsoft's Scott Roberts posted the details on the Exchange team blog in INFO: Update Rollup 4 for Exchange Server 2007 Service Pack 1, including some of the issues faced by customers, and workarounds. Scott also responded to customers who left comments on the blog post, and frequently updated the post/comments.

Although this has proved to be a major annoyance for some customers, overall the number of customers affected was relatively quite low.

What's of note is the upfront communication about this through the Exchange team blog. Rather than trying to sweep the issue under the carpet, it was actually talked about! Fessing up about such issues, apologizing where apologies are due, and ensuring adequate controls are in place so such things do not happen again is the right thing to do.

It's also a sign of how Microsoft is increasingly being more open about such incidents.

Computerworld's Gregg Keizer wrote about this in Microsoft issues wrong update for Exchange 2007. Surprisingly, other tech media outlets such as News.com and InfoWorld did not pick this up.

Keizer notes:

"For a brief period of time on 9/9, a pre-release version of Update Rollup 4 for Exchange Server 2007 Service Pack 1 was inadvertently made available to Microsoft Update, the Microsoft Update Catalog and WSUS servers for download," an unidentified Microsoft employee said in a post to the official Exchange blog.

To set the record straight, the linked post is written by Scott Roberts, and clearly attributed to him with a link to his bio.

Auto-updating Servers and Server Apps?

Given the incident, it's easy to respond with "We can't trust Microsoft to automatically push patches that work!" — and you can't be blamed for thinking that way. In fact, you shouldn't trust any vendor to automatically push patches and updates to servers and server apps. In many organizations, patches for desktop/laptop OS and apps are also accorded similar treatment.

Although most software vendors test patches— some more extensively than others, there are a staggering number of variations in configurations, topologies, software and hardware deployed by customers. It is close to impossible to test a patch and account for these variations, and chances of a patch being tested for an environment exactly like yours are arguably quite slim.

It is a Patch Management best practice (and has been for as long as I can remember) to not auto-apply patches to servers and server applications without first testing these in a lab environment. A test and change control process— however rudimentary it may be, always helps in orderly deployment of patches, tracking of such updates, and forces you to think of a back-up plan.

It's a good idea to always apply a patch or update on a test box or two, then roll it out to production servers— starting with low-impact/low-priority servers first to discover problems early on. This ensures that should things go wrong, the initial impact is low. As the patch or update is applied to more servers and you move to more critical/high-impact servers, you've gradually reduced the chances of things going wrong. (Of course, the exact method of rolling out and the order in which servers get a patch applied will vary in each organization and may depend on the type of patch being applied.)

Small businesses, some with no full-time IT staff, many with a single server, may not be able to justify the cost of a test environment or a consultant to test patches and updates.

One option is to use virtualization software such as Microsoft's hypervisor-based Hyper-V (the standalone Hyper-V Server 2008, or the Virtualization/Hyper-V role of Windows Server 2008), the non-hypervisor-based Microsoft Virtual Server 2005 R2, or Microsoft VirtualPC 2007 for desktops— (all of them except Windows Server 2008 are free), to setup a virtual test environment.

If you are a consultant responsible for supporting many such small businesses, perhaps you can test patches on behalf of customers, and distribute the cost to a number of customers. You can generate additional revenue, and customers can get the assurance that the patches they deploy are tested by someone responsible for maintaining their servers— someone who knows their environment well. It can reduce the possibility of downtime, and is generally cheaper than actual downtime of critical services or applications.

Having patches and updates automatically applied to servers, without any testing, can and will land you in trouble at some point— regardless of the vendor.

Released: Update Rollup 4 for Exchange 2007 SP1

Update Rollup 4 for Exchange Server 2007 SP1 has been released. Download it here.

Fixes for the following issues are included (details in KB 952580):

• 942649 Description of the commands that support the UseRusServer option that is imported in Update Rollup 4 for Exchange Server 2007 Service Pack 1
  
• 944831 You cannot configure Exchange Server 2007 so that the simple display name appears in outgoing messages
  
• 945854 A meeting reminder is still active when you configure Outlook to send no reminders to an Exchange Server 2007 user
  
• 945870 TAB symbols may be converted incorrectly to spaces in Exchange Server 2007
  
• 948896 Certificates that contain wildcard characters may not work correctly on an Exchange 2007-based server
  
• 948897 An attachment incorrectly appears as the body of the e-mail message in an Exchange Server 2007 environment
  
• 948923 Users do not receive information in DSN messages in Exchange Server 2007 with Service Pack 1
  
• 949512 An embedded message is removed from the attachment list on Exchange Server 2007 if the embedded message subject ends with .com, .exe, or any other blocked extension
  
• 949782 An In-Policy request that is forwarded to delegate appears as an Out-Of-Policy request if a user submits an In-Policy meeting request against a room mailbox of Exchange 2007 server
  
• 949858 The provisioning process cannot be successful when you use Microsoft Identity Lifecycle Manager (ILM) 2007 to provision user objects for Exchange Server 2007
  
• 949926 Error when you use an IMAP4 client or a POP3 client to log on to a delegate mailbox of Exchange Server 2007: "800cccd1"
  
• 950076 After you move a mailbox from Exchange Server 2003 to Exchange Server 2007 Service Pack 1, you cannot edit rules in Outlook Web Access
  
• 950081 Error message when users use an SMTP client to send e-mail messages in Exchange Server 2007 Service Pack 1: "454 4.7.0 Temporary authentication failure"
  
• 950138 You are prompted for your credentials three times and you receive an error message when you use the Outlook Anywhere feature to connect to an Exchange Server 2007 Service Pack 1–based server that is running Windows Server 2008
  
• 950198 You can enable AfterConversion snapshot for all messages if pipeline tracing and Content Conversion Tracing are enabled
  
• 950235 The IMAP4 or POP3 worker process may stop responding on an Exchange 2007 CAS role that is working with an Exchange 2003 back-end server
  
• 950409 The reminder is triggered earlier than expected when an Exchange Server 2007 server receives an iCalendar meeting request message over an SMTP server
  
• 950622 Messages are converted to a very small font size in Outlook Web Access and in Outlook 2003 when you use Exchange Server 2007
  
• 950976 Event ID 115 may be logged intermittently on a computer that is running Exchange Server 2007 with Service Pack 1
  
• 951067 Event ID 7034 may be logged in the Application log in Exchange Server 2007 when an MAPI application tries to access a mailbox in a certain way
  
• 951156 The message body of some appointments appears garbled after you use a mobile device that is running Traditional Chinese edition Windows Mobile 6 to synchronize appointments that was created in Outlook Web Access for Exchange Server 2007
  
• 951251 A MAPI application does not work correctly if Exchange 2007 is installed on a Windows Server 2008 server
  
• 951594 The W3svc log reports the incorrect number of attachments on an Exchange Server 2007 server that has deployed Exchange ActiveSync Service (EAS)
  
• 951747 An error occurs when you use the Export-mailbox or Restore-mailbox command to migrate certain mailboxes on Exchange Server 2007: "error code -1056749164"
  
• 951864 Some users must enter their credentials when they access rights-protected messages even though you have deployed the Rights Management Services (RMS) prelicensing agent on an Exchange Server 2007 Service Pack 1-based server
  
• 952152 The Autodiscover service for ActiveSync in an Exchange 2007 environment does not work for users in sites that do not have the ExternalURL property set
  
• 952250 You encounter a long delay for each mailbox when you run the "Move-Mailbox" or "Set-Mailbox" command on an Exchange Server 2007 computer
  
• 952682 Log file drives on the SCR target may eventually fill up and cause replication failure in Exchange Server 2007 Service Pack 1
  
• 952924 Error message when Exchange users try to access public folders that are hosted on Exchange Server 2003 by using Outlook Web Access for Exchange Server 2007: "Outlook Web Access is unable to open public folders"
  
• 953312 The "Open Message In Conflict" button is not available in the conflict notification message for Exchange Server 2007 users
  
• 954058 You can change the method for transfer encoding after you apply Update Rollup 5 for Exchange Server 2007 Service Pack 1
  
• 954205 Event ID 1113 is logged in the Application log on a Unified Messaging (UM) server when users contact the UM server by using secured connections
  
• 954237 The IMAP service crashes intermittently on Exchange 2007, and Event ID 5000 is logged
  
• 955208 Event ID 5000 occurs when the Exchange IMAP4 worker process crashes intermittently in Exchange Server 2007
  
• 956775 CopyItem and MoveItem Operations in Exchange Web Services can return the Item ID after you install Update Rollup 4 for Exchange Server 2007 Service Pack 1
  
• 957133 Description of improvements in functionality that occur in Exchange Web Services operations after you install Update Rollup 4 for Exchange Server 2007 Service Pack 1