How did it feel to beat Google?

Every time I pass the Microsoft Silicon Valley campus in Mountain View, I'm amused and amazed that a Microsoft campus is in close proximity to Yahoo, Google, and other Silicon Valley bellwethers. The talent here is amazing!

If you haven't done so already, check out BingTweets, which fuses Bing's search results and real-time content from Twitter.

The San Jose Mercury News carried an interesting story over the weekend about how Bing's Silicon Valley-based team beat search engine giant Google to real-time search. Interestingly, Microsoft engineers Chad Carson and Eric Scheel, and their boss Sean Suchter— formerly VP of Search at Yahoo, planned it all aboard Alaska Airlines Flight 321 enroute to Seattle. The new search team at the Silicon Valley campus includes heavyweights like database expert and former IBMer Ashok K. Chandra— "a professorial presence who sounds like a poet when he compares creating computer algorithms to the view from the summit of Mount Whitney", and Shubha Nabar, a "newly-minted" Ph. D. from Stanford.

Excerpt:

By the time Flight 321 was over Oregon, the group in Row 6 had evolved from a technology klatch to a cabal of plotters who scrawled a schematic tangle of boxes on a sheet of paper to map out something no big Internet search engine had yet achieved. The three members of Microsoft's new Silicon Valley search team would try to make their company's Bing a window into America's stream of consciousness, serving up the chatter on Twitter and blog posts, with the latest updates on everything from celebrity gossip to breaking news.

Another interesting factoid many here in Silicon Valley may relate to— the plan didn't involve a PowerPoint.

The afternoon of the Seattle flight, Suchter stood before his boss in Redmond, Harry Shum, and pulled the dog-eared sheet of paper from his back pocket. This, Suchter told Shum, handing him the marked-up page, is what the team wants to do.

"I know I've got to get worried when you're giving me your plans drawn on a piece of paper and not in PowerPoint," Shum said. But he approved the effort.

When asked how it felt to beat Google, Suchter responds:

That was fun— retroactively. We didn't know we were going to catch them. We kind of though we would, but who knew?

More in Microsoft's Challenge: 90 days to beat Google on mercurynews.com.

Microsoft and Research in Motion announce full BES support for Exchange 2010

Microsoft and Research in Motion have just announced full BlackBerry Enterprise Server (BES) support for Exchange 2010 - the earliest customers have been able to deploy BlackBerry smartphones with a new Exchange release— ever.

You'll need the just-released Update Rollup 1 for Exchange 2010, Exchange Server MAPI Client v6.5.8147, and BlackBerry Enterprise Server 5.01 Maintenance Release 1 (MR1).

More from Paul Bowden in BlackBerry Enterprise Server fully supported on Exchange 2010 on the Exchange team blog.

Cloned machines and duplicate SIDs

It's been over 4 years since I wrote about the duplicate SID issue in SID error on cloned Virtual Server / VPC / VMWare OSes. I recommended using the NewSID utility from Sysinternals to fix the cloned machine.

Hyper-V wasn't around back then, and looking back it seems incredible that many of us survived without it (or your virtualization platform of choice).

Since then, I've only used sysprepped images, and the increasing reliance on virtual machines has translated into a time-saving and efficient method of creating cloned VMs at short notice. Using a sysprepped base image and differencing drives makes life incredibly simple, and even if you don't using differencing drive it works quite well. I highly recommend making at least one more copy of the base image and making the file read-only.

As far as the NewSID utility goes, Mark Russinovich recently posted about retiring it. More in The Machine SID Duplicate Myth.

Prevx Apologizes: So-Called Windows 'Black Screen' not caused by Windows Update

Interestingly, after reporting last Friday 'Black Screen woes could affect millions on Windows 7, Vista and XP', and causing a furor amongst IT pros, users and the media, Prevx apologized for claiming a patch applied by Windows Update was the cause of the so-called 'Black Screen of Death'.

In last week's post, Prevx stated:

If you Google Black Screen then you will find a whopping 80 Million plus results, mostly dominated by people searching for a fix to this problem. Thousands of users have resorted to reloading Windows as a last ditch effort to fix the problem, avoid that at all cost. We hope we can help a good many of you avoid the need to reload.

Clicking on the link provided in Prevx's blog post, and the search results are nowhere close to the "whopping 80 Million plus results" Prevx claimed in its blog post. In fact, the number is inflated by almost 100%, and there's a good chance it's not 40 million users facing the issue, or even 20, 10, or 1 million.



On Monday (11/30), Microsoft said it is investigating the issue. A Microsoft representative also said:

Based on our investigation so far we can say that we're not seeing this as an issue from our support organization. The issues as described also do not match any known issues that have been documented in the security bulletins or (knowledge base) articles."

On Tuesday (12/1), Microsoft's Security Response Communications lead Chris Budd said in a statement:

The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports.

Microsoft also said it had not been contacted by Prevx before going public with the issue. More in Microsoft: November security updates are fine on News.com.

Prevx backtracked in a follow-up post yesterday (12/1):

Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.

Prevx apologized for the faux pax. However, its original post and the follow-up apology says nothing about informing Microsoft about a potential issue caused by a patch.

Tempting as it is to rush to blog and tweet about a critical bug or security issue one may have discovered, the responsible behavior is to contact the vendor, report the issue and request or even demand an investigation and a fix. As a customer you have every right to do so, and depending on the severity and impact of an issue, expect a fix within a reasonable time frame. If the vendor does not investigate or provide any explanation, go public.

This is not to say that the "black screen" issue many users may have been facing isn't real, but it's no excuse for insufficient testing, irresponsible reporting, and inflating the impact (quite dramatically in this case).

Office 2010 Beta: Outlook 2010 Shines

Now that Office 2010 Beta is officially available for download to TechNet and MSDN subscribers, here's a quick shout out to the Outlook team for what's shaping up to be an excellent, super-impressive, fabulous new release of Microsoft Outlook!

I've always preferred web-based apps, including Outlook Web Access (OWA) in the past, and Outlook Web App (still OWA!) in Exchange 2010. Like most IT pros, I use many different computers during the course of a day - laptops, desktops, servers, virtual machines, and RDP sessions. OWA is a natural fit for this type of usage.

But Outlook 2010 has won me over for its user experience, features, and user experience (in that order). Web-based e-mail apps/providers, with the exception of OWA 2010 of course, do not provide a comparable experience, and although a lot of emailing is now done on "Exchange ActiveSync-capable" mobile devices, if you have to use email on a real computer, there's no better way to email than Outlook 2010.

Want to check out how cool Outlook 2010 is? There's a video for that. Play it full screen to clearly see Outlook 2010 quick demos.

Exchange Server 2010 Released

Microsoft announced the release of Exchange Server 2010 today at Microsoft TechEd 2009 in Berlin. The release marks the first version of Exchange Server designed for the cloud, and provides customers the option of deploying it on-premises— the way Exchange Server has always been deployed, or use it as a service hosted by Microsoft, or a combination of the two.

Exchange Server CVP Rajesh Jha posts on the Exchange team blog:

This has been an incredible engineering endeavor that no one else in the industry comes close to delivering. Today, we've successfully scaled Exchange 2010 to more than 15 million Outlook Live accounts around the world and, moving forward, to millions more with Exchange Online. Our promise to deliver a seamless Exchange experience on premises with the server, in the cloud as a service or a combination of the two truly gives customers choice and peace of mind.

More in Exchange Server 2010 is now available worldwide! on the Exchange team blog.

Want to take Exchange 2010 for a test drive? Microsoft provides multiple ways for trying Exchange 2010. You can try Exchange 2010 by downloading the 120-day trial, or the pre-configured virtual machine for use with Windows 2008 Hyper-V. You can also experience Exchange 2010 and Office Communications Server 2007 R2 free for 60-days by signing up for the Unified Communications Virtual Experience.

Exchange Server 2010 120-day Trial: Build 14.00.0639.021
Exchange 2010 Release Candidate VHD: Exchange Server 2010 VHD image: This is a pre-configured VHD image which gets you started on your Exchange 2010 evaluation quickly without having to setup everything from scratch. Requires Windows 2008 Hyper-V.

Some links to get you started on the road to Exchange 2010:

• Overview | What's New | Documentation
  
• Licensing: On-Premise Licensing for Exchange Server 2010
  
• Pricing | Licensing & Pricing FAQ | Purchasing Options
  
• Exchange 2010 Forum
  

Windows 2008 R2 Support Coming for Exchange 2007

Exchange 2007 will be supported on Windows Server 2008 R2, Kevin Allison, GM Exchange Customer Experience, posted on the Exchange team blog today. With the general availability of Exchange 2010 just around the corner, Microsoft had earlier decided not to update Exchange 2007 to support its latest server operating system. Exchange 2007 is supported on Windows Server 2003, Windows Server 2003 R2, and Windows Server 2008. This change in course is a result of customer feedback.

An update to Exchange 2007 will be released some time next year to enable full support for Windows Server 2008 R2. More in Supporting Exchange 2007 on Windows Server 2008 R2 on the Exchange team blog.

Exchange 2007 SP2 Released, Adds PowerShell v2 and Exchange 2010 Support

Exchange Server 2007 Service Pack 2 is now available for download. SP2 adds support for Windows Powershell v2, and allows coexistence with Exchange Server 2010.

SP2 also adds support for VSS backups of Exchange 2007 on Windows Server 2008. More in Details of Exchange 2007 SP2 in-box backup when running on Windows Server 2008 on the Exchange team blog.

There's also support for monitoring named properties. For background, see Jason Nelson's post Named Properties, X-Headers, and You. As Jason notes in Named Properties, Round 2: What lies Ahead

(In SP2) ...No x-headers are ever promoted to individual properties if a client has not already requested (and mapped) them.

Finally, head over to Service Pack 2 Preview: Get-NamedProperty for more details on how to use Get-NamedProperty.

Exchange 2007 SP2 updates the Active Directory schema. Details of schema changes, including new attributes and classes, and modifications to existing ones can be found in Active Directory Schema Changes (SP2).

Note, once you install SP2, you cannot uninstall it without uninstalling Exchange 2007 from the server.

Microsoft recommends upgrading Exchange 2007 servers in the following order:

1. Client Access Servers (CAS)
   
2. Unified Message (UM) servers
   
3. Hub Transport servers
   
4. Edge Transport servers
   
5. Mailbox servers

More details and important deployment considerations in Exchange 2007 SP2 Release Notes.

Released: Exchange 2010 Release Candidate

Microsoft has released Exchange 2010 Release Candidate— a feature-complete version of the next release of Exchange Server. It is available for download here. You will be able to upgrade from the Release Candidate to the RTM version, due later this year.

Looking back, Exchange has come a long way in its 14-year history. Microsoft's Michael Atalla notes in a blog post on the Exchange team blog:

When we shipped the first version of Exchange about fourteen years ago, IBM/Lotus dominated the space. According to a 2008 Ferris research report, Notes/Domino share has dwindled to a mere 10% in enterprises, while Exchange has grown to 65% market share across all organizations and continues to grow with more than 4.7M starting the switch to Exchange last year. In fact, Exchange is now is approaching $2B in annual revenues. If Exchange were a standalone business, it would be the 9th largest software company in the world. We expect that momentum to accelerate with Exchange 2010, the most compelling version yet.

More in Exchange Server 2010 Release Candidate Available Today!

Exchange 2010 is a 64-bit only release— Microsoft released a 32-bit version of Exchange 2007 for testing and training, during Exchange's transition to the 64-bit platform. Not surprisingly, in-place upgrades from previous Exchange Server versions are not supported. (In-place upgrades stopped being supported from Exchange 2007, and most Exchange folks do not prefer or use this method for upgrading Exchange servers.)

There is a lot to look forward to in Exchange 2010, and end-users will enjoy the many new features. I am particularly excited about the new Outlook Web App (yes, the new OWA. Note, the acronym remains the same), the productivity-boosting conversation view that'll help users better manage their email, MailTips, the new self-help features including users' ability to track messages from OWA and manage distribution groups. There's plenty to look forward to for IT pros and organizations as well, and we'll continue to look at these new features on Exchangepedia.

The 'Catastrophic' Windows 7 bug and security vulnerability that never was

Perhaps I should've used a different headline for this post. Something like "InfoWorld's conspiracy to derail the Windows 7 product launch". But that would be giving in to exactly the temptation I want to highlight— the one many bloggers, writers, and editors fall victim to, or otherwise find hard to resist in the quest for more pageviews.

Somewhere in the blogosphere, someone reports a "critical Windows 7 bug". One tech writer sees it as a "catastrophic bug" in Windows 7 which could "derail the Windows 7 launch".

Although the writer didn't discover the bug, and I'm not quite sure if the headlines are the writer's own or the handiwork of an over-zealous editor, but the outcome is an article with a sensational headline that screams for attention— Critical Windows 7 bug risks derailing product launch.

The sub-headline is equally interesting: An apparent fatal flaw in the NTFS driver stack may bring Microsoft's Windows 7 impending victory parade to a grinding halt.

What's wrong with Windows 7? In the writer's words:

The bug in question -- a massive memory leak involving the chkdsk.exe utility -- appears when you attempt to run the program against a secondary (that is, not the boot partition) hard disk using the "/r" (read and verify all file data) parameter. The problem affects both 32- and 64-bit versions of Windows 7 and is classified as a "showstopper" in that it can cause the OS to crash (Blue Screen of Death) as it runs out of physical memory.

Sounds like a serious security vulnerability, and the writer suggests it is exactly that.

Also worth considering: This command can be executed in a nonelevated context under the looser Windows 7 UAC implementation (Vista requires elevation of this command via the normal user consent dialog before continuing). Not only is this a potentially catastrophic bug from a functional standpoint, it also opens up a new attack vector for malicious code. Hackers may be able to use this unprotected command to destabilize a system (by consuming almost all available RAM), and in extreme cases, cause it to fail altogether.

As reported, Microsoft has not been able to reproduce the bug.

I waited till I actually had the RTM code, and had the time to install and try this out on a couple of computers. Not only have I not been able to reproduce the blue screen, but as you can see in the following screenshot, UAC actually does prevent you from running chkdsk! And this is plain vanilla Windows 7 RTM with no updates, hotfixes, or changes to UAC settings.


Figure 1: UAC prevents running chkdsk /r on a computer with Windows 7 RTM.

The writer's implication of this being a catastrophic bug that opens up a new attack vector is not true. The command is not "unprotected"— Windows requires an elevated prompt to run chkdsk.

I also ran the command with an elevated prompt, and failed again! Chkdsk did consume a fair amount of available memory, but nowhere close to the "massive amounts of memory" reported by the writer. Needless to say, the much feared blue screen of death (BSOD) was never encountered. (As a sidenote, I've not seen a blue screen in a long time. The last time I saw it was when I knowingly installed an unsigned driver, bypassing Windows' warnings urging me not to do so! When was the last time you saw one?)


Figure 2: Chkdsk consumes a fair amount of memory, but nowhere close to 90%. It graciously releases memory when required for other tasks.

On further testing, I also noticed that chkdsk graciously released memory when the system required it for other tasks, such as running other programs [see screenshot]. This is not very different from how Exchange Server has historically behaved as far as memory consumption goes. Some tasks require more memory, and if more memory is available, perhaps it's intended to be used at some point?

As a more-than-reasonably-technically-savvy user, I do not recollect running chkdsk more than once or twice in almost a decade. Yet, a so-called bug that can't really be reproduced easily— or reproduced at all, somehow becomes a catastrophic bug that "risks derailing product launch". Noted author and ZDNet columnist Ed Bott responds with A killer Windows 7 bug? Sorry, no. Ed explains further why this is not at all what it's made out to be.

In an unusual response, Windows division president Steven Sinofsky left a comment on the blog that reported this issue. Says Sinofsky:

While we appreciate the drama of ‘critical bug' and then the pickup of ‘showstopper' that I've seen, we might take a step back and realize that this might not have that defcon level.

And as you may have guessed, that got faithfully reported by InfoWorld in Windows president tries to calm fears of critical Windows 7 bug. Yet another headline for InfoWorld, and no questions asked about who stoked the fear to begin with.

[Update: Steven Sinofsky explains how Microsoft deals with bug reports, partially in response to this issue. Read What we do with a bug report? on the Engineering Windows 7 blog.]

Having had my own brush with InfoWorld editors and writers in the past (Details in "Save XP" Campaign: InfoWorld responds, and the facts about downgrade rights), all I can say is— it saddens me to see what used to be a well-regarded technical journal for geeks (and still has some excellent experts and writers I admire) accelerate its pace towards becoming the MAD magazine of tech journalism.

Ready, Set, 7: Windows 7 Released To Manufacturing

Windows 7 and Windows Server 2008 R2 were released to manufacturing (RTMed) today. These will become generally available on October 22nd.

IT Pros and developers with TechNet or MSDN subscriptions will be able to download the English version on August 6th, with other languages following on October 1st.

If you've been waiting to get a new computer with Windows 7 pre-installed, you may have to wait a little longer as most hardware manufacturers complete their shipping images.

Windows 7 and Direct Access: The Anywhere Experience

Over the past few weeks, Windows 7 Release Candidate has been widely downloaded, used, praised (including by some very vocal critics), and loved. It's easy to fall in love with the Windows 7 user experience, and I don't just mean the lovely wallpapers and themes that are in stark contrast to the kind of visual content that's been generally packaged with Microsoft products in the past. You can see the images in A Little Bit of Personality on the Engineering Windows 7 blog. The Wall Street Journal's Nick Wingfield calls them "some of the most visually arresting background images ever to ship with a piece of software". More in This is Your Windows on Drugs on wsj.com.

Last night, Brandon LeBlanc revealed box shots and details of Windows 7 packaging on the Windows blog. Head over to Check out the New Windows 7 Packaging.

One of the Windows 7 features I love is called Direct Access. It's like the Outlook Anywhere version of VPNs.

Outlook Anywhere, AutoDiscover, and Microsoft Communicator: A Seamless Unified Communications Experience
Outlook Anywhere allows Outlook 2007 + Exchange 2007 users to seamlessly access their mailbox from outside (and inside) the corporate network. Yes, part of it is of course RPC over HTTP(S)— available in Exchange 2003, but another important piece that makes this experience so transparent to the user is AutoDiscover.

You get out of work (or work remotely), turn on your laptop, and if you have Internet access Outlook 2007 just works as if you were in your office. No VPN connections to establish, no wondering if the required ports are open on the firewall, no additional authentication prompts, and full Outlook access! Although Outlook Web Access has increasingly become more like a full-fledged email client, for many folks there's simply no replacement for the full blown functionality of Microsoft Outlook. With Office Communications Server 2007 implemented right, you can have a similar experience with Microsoft Communicator - seamless access to Instant Messaging, presence information, and the all-important ability to connect to the "voice world".

Yes, the voice world, still an inseparable part of our work lives. The ability to click and talk to a Contact is handy, and found in many free IM and telephony services such as Skype. However, what's more impressive and important for many— you can dial phone numbers and receive inbound phone calls on your work phone number, regardless of your location. You can check voicemail, and also redirect calls to another phone number. The voice quality is good enough that it's hard to tell if one's using an ordinary phone or a VoIP phone.

Direct Access: Extending the Anywhere Experience
Windows 7's Direct Access feature extends this Anywhere Experience. It allows you to access network resources on your corporate network, without having to establish a VPN connection. Now you can turn on your laptop, and if you have Internet access, you can access file shares on your corporate network, use client/server apps, and use RDP to connect to servers/computers "on the other side".

DirectAccess uses IPv6-over-IPSec to encrypt communication, and supports multifactor authentication mechanisms such as smart cards.

Besides the initial "Wow!" moment, which inevitably follows the first experience with Direct Access, the combined Anywhere Experience boosts productivity, and improves satisfaction levels of remote/mobile workers.

Steve Riley explains why it's one of his favorite Windows 7 features:



More about Direct Access in DirectAccess enhances mobility and manageability, or download Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2 for a more in-depth technical look.

Microsoft responds to VMWare's FUD

Much as I love blogging, I'm quite enjoying this unannounced break the past 3 weeks or so! A lot of interesting news, events (including TechEd 2009 in L.A.) and tidbits over the past weeks, and I'm sure you've kept up with it. (Incidentally, this also happened to be the first year in a long while when I actually took a break from TechEd!) What prompted me to end my unannounced break is the rather interesting turn the VMWare FUD has taken, with Microsoft's Jeff Woolsey, Principal Group Program Manager in the Windows Server Hyper-V team actually responding to VMWare on the Virtualization team blog.

Let's take a few steps back and look at the sequence of events.

Hyper-V Wows IT Pros and Critics Alike
It's no big secret that Microsoft's Hyper-V virtualization platform has wowed users and critics alike in its very first release. ZDNet's Mary-Jo Foley posted a review of the pre-release Hyper-V code (by Jason Perlow):

Even though Hyper-V is still pre-1.0 code, I think Microsoft has done a bang-up job with its hypervisor, and it may just turn this Linux freak a Windows 2008 junkie for running his own personal virtualization needs. While VMWare's ESX is still superior on a number of fronts, including its aforementioned VMotion technology and its more powerful cluster management tools, Microsoft has certainly sent a major warning shot across its bow and the bows of the respective Linux vendors, as well.

More in Review: Microsoft's Hyper-V puts VMWare and Linux on notice on ZDNet.com.

InfoWorld's Randall C. Kennedy, who can never be accused of writing a kind word for Microsoft by any stretch of the imagination, calls Hyper-V a "technically sound, well-performing hypervisor..." in Test Center reveiw: Microsoft's Hyper-V does the trick.

I've been using Hyper-V myself for a while now, and given how easy it is to deploy as a server role in Windows Server 2008, or as a standalone virtualization server using Hyper-V Server 2008, I'm admittedly a big fan and excited about where this train's headed.

Scott Drummonds' Video: VMWare FUD?
Back to the VMWare episode— On May 1, 2009, a video titled "Hyper-V Crashes in Consolidated Environments" is posted on YouTube by drummonds1974. The video, which seems to have been updated since then, leads with the following text :

On April 30, 2009, Microsoft TechNet and MSDN went down.
In 2008, Microsoft announced TechNet and MSDN migration to Hyper-V.
Are these two events related?

The video shows some VMs running on Hyper-V crashing, and the mystery voice-over informs you Hyper-V is running a workload "based on VMmark". VMmark, in case you aren't already familiar with it, is an "industry-standard" virtualization benchmark— developed by VMWare.

Of course, no technical details about the particular test or the scenario are provided in the video. Towards the end, drummonds1974 quips:

.. in one of our tests, we actually got the parent partition to crash, which brought down the entire server. Here's a bluescreen of that happening...

You can't be blamed for thinking "Perhaps a childish prank by a newbie sysadmin who just learnt a new trick or two?"

The final screen of the video boldly concludes: Consolidated workloads crash Hyper-V.

The video was posted by Scott Drummonds, Technical Marketing Manager at VMWare.

Microsoft responds
Jeff Woolsey responded to the video in Hyper-V Winning Daily/VMWare FUD Reaching New Heights. Excerpt:

The poster, who doesn't appear on the video, doesn't state what company he works for or provide any context. Gee, I wonder where he works.

and

On the Hyper-V team, we run thousands of stress tests per week and the stress tests we run are far more invasive than the test in this video. So, I consulted our Hyper-V Supportability Program Manager and dug deeper. I wanted to know if we've had any Hyper-V crashes reported. Here's what I found out.

Of the 750,000 downloads, we've had 3 reports of crashes under stress and with the same error code as seen in the video bugcheck (0x00020001). The solution in all three cases was to upgrade the server BIOS which solved the problem. This can happen as hypervisors interact very closely with hardware and BIOS updates generally inlcude updated microcode for processors ofteintimes to address errata.

In case you're wondering, VMWare has had similar crashes with older BIOSes as well. Here.

Round 2: Drummonds' non-response
May 15, 2009: (The timestamp can't be correct, because Woosley's response to this post is actually dated May 9th... !) Back at VMWare, Scott Drummonds responds with Video on Hyper-V Crashes. Scott states:

..The video and descriptive text have raised more questions than answers.

Now, like me, if you watched the entire video about 5 times in an attempt to get any answers, much as you would appreciate the conciseness of Drummond's video, it was devoid of any answers. Drummonds continues to bash Hyper-V in his response:

...the run rules were violated to make Hyper-V produce its best results...

Nice!

09 May 09 09:17: Over on the Virtualization team blog, Woolsey responds with Day Two of the Scott Drummonds VMWare FUD Fiasco. Rather than quote parts of it here, I'll let you read it and come to your own conclusion.

Of course, it doesn't end here!

Round 3: VMWare Responds, Again
May 14, 2009: VMWare's Bruce Herndon responds in Setting the Record Straight on the Hyper-V Video:

I am not exactly pleased to be writing on this particular subject in a public venue...

I can't help but comment here - Herndon is not exactly pleased about responding, but apparently, posting a public video on YouTube appears to be perfectly alright.

I had hoped that this whole kerfuffle would quickly die down, but it shows little sign of abating....

You hoped? Wihtout any details forthcoming for two weeks while a colleague from product marketing amateurishly bashes a competitor's product? As Woolsey points out,

In the meantime, VMware Sales Staff emails customers and would be customers to "check out this video" and VMware senior architects Twitter to "check out this video on You Tube"

Herndon ends his post with:

In the mean time, we intend to focus on helping to build amazing rock-solid products that our competitors can’t yet imagine.

Needless to say, I'm truly amazed by the attitude and tone of VMWare's posts!

Rather than reproducing Herndon's post and commenting on every bit, I'll let you head over to the Virtualization team's response from 17 May 09 10:01: VMware FUD Fiasco Part 3....

All I can say is— it's not the VMWare I know, and certainly not the many fine folks who work at its Palo Alto headquarters (I'm super-impressed with their new campus.. every bit as cool as Google's!). Perhaps the pressure of having real competition to deal with changes things? As Jason Perlow pointed out not too long ago:

Hyper-V represents the first stage of the mass-commodization of hypervisor technology, and if this beta release is any indication, it’s going to be a rough ride ahead for Microsoft’s competitors.

Windows 7's Windows XP Mode: Removing Application Compatiblity From The Equation

Earlier yesterday, Paul Thurrott and Rafael Rivera revealed a secret new feature in Windows 7— Windows XP Mode (XPM). XPM allows you to run Windows XP in a virtualized session, and includes a license for Windows XP SP3. As Thurrott & Rivera's blog post says:

Windows XP Mode dramatically changes the compatibility story for Windows 7 and, we believe, has serious implications for Windows development going forward.

Interestingly, XPM does not require you to run a separate desktop with Windows XP. Applications installed in the virtual environment are published to the Windows 7 host and shortcuts placed in the host's Start menu. Users can run Windows XP applications (installed in XPM) directly and transparently in Windows 7 desktop!

All I can say is— this is super cool! And although I haven't had a chance to try it out yet, it seems application compatibility is quickly headed to be a non-issue with Windows 7.

More details in Secret No More: Revealing Windows XP Mode for Windows 7 on Thurrott's SuperSite for Windows, and screenshots in Windows XP Mode for Windows 7 Screens.

Scott Woodgate confirmed it later in Coming Soon: Windows XP Mode and Windows Virtual PC on the Windows Blog.

Released: Exchange 2010 Beta

The word is out— the product hitherto known as E14 has hit the streets as Exchange 2010 beta! Download it here (Note: 64-bit only).

As Exchange CVP Rajesh Jha points out on the Exchange team blog (read 'Presenting Exchange 2010'), the latest and greatest version of Exchange Server is built from the ground up with Software + Services in mind, and is already being used by 5 million Outlook Live users! In case you missed it, Outlook Live is the free email service available to universities, formerly known as Exchange Labs.

The reviews are already pouring in:

• InfoWorld: Exchange 2010 beta shines
  
• eWeek: Microsoft Exchange 2010 Beta Looks Solid from Core to Cloud
  
• Slideshow: Microsoft Exchange Server 2010 Includes Welcome Improvements, where you can see some screenshots.

Revealed: Windows Mobile 6.5, Marketplace, and MyPhone Service at MWC

The moment finally arrived. At a much anticipated press conference at MWC 2009 in Barcelona, Spain, Microsoft revealed Windows Mobile 6.5, the next version of Windows Mobile software that will power smartphones from many mobile headset manufacturers such as LG and HTC.

Microsoft also announced Windows Marketplace for Mobile, an app store that will provide Windows Mobile apps, and MyPhone, a service to synchronize data on your Windows Mobile phone to the web.

Did pigs fly? Exchange embraces FireFox, Safari

It was a common belief Microsoft would never support the premium Outlook Web Access (OWA) experience on web browsers other than Internet Explorer (IE). OWA Premium, as you may already know, is the feature-rich OWA. Non-IE browsers such as FireFox and Safari have been relegated to the “reach” experience of OWA Light, with a reduced feature set. When asked if Microsoft would ever support the OWA Premium experience on other browsers, the common response from the skeptics has forever been: Sure, when pigs fly.

If Microsoft licensing ActiveSync to Google (earlier this week..!) was a precursor of things to come, this year may prove to be the Year-of-the-Flying-Pig!

In a video just posted on the Exchange team blog, KC Lemson announces full browser parity in Exchange14, the next version of Exchange Server, and ExchangeLabs— the services offering already running on Exchange14. The video includes a demo of Exchange 14’s support for FireFox, and Safari, in all its premium goodness. This puts all the three popular browsers on par for accessing Exchange14 using Outlook Web Access.

ExchangeLabs, the hosted Exchange service (aka "Exchange-in-the-cloud", or the "cloud offering") Microsoft provides for free to students and alumni is now called Outlook Live. It already hosts 3.5 million mailboxes, and is now available to faculty and staff as well.

Also demoed in the video is the new Conversation view of email threads, something that's been on many users' wishlists. The ability to view an entire conversation together, being able to delete it together, and Exchange14’s implementation should make our lives more productive dealing with the ever-increasing volume of email.

Wait, that’s not all – Outlook Web Access/Outlook Live also includes integrated instant messaging, bringing email, voicemail, and instant messaging (IM) into a single client. Now you can see presence information integrated within OWA, and start a conversation from within the browser window.

To find out more and watch the video (including what may be the first-ever demo of Exchange features on a MacBook Pro :-), head over to ‘Introducing Outlook Live for schools – and cool new features for everyone’ on the Exchange team blog. Make sure you post what you think of the dramatic intro music in the video! :)

Google joins the Exchange ActiveSync bandwagon

Google is the latest addition in a long list of Exchange ActiveSync (EAS) licensees.

In what may be one of the briefest press releases ever, Microsoft announced Google's licensing Exchange ActiveSync as "a clear acknowledgement of the innovation taking place at Microsoft". Google will use ActiveSync for its Google Sync service announced today.

After Apple's embrace of ActiveSync for its iPhone, will Google add ActiveSync support to its Android mobile phone OS? The licensing agreement announced today does not cover Android, as CNET's Ina Fried reports in Microsoft, Google in rare technology pact.

CNET's Idea of Tech News

Although otherwise very readable publications/sites, some tech media outlets increasingly come up with news that really isn't news, and certainly not worthy of publication. For instance, this item in CNET's News.com: Georgetown University bans use of Windows 7 beta

Given such media coverage, you can't be blamed for wondering: "Wow, there must be something wrong with Windows 7 to prompt Georgetown to ban it!".

The fact that it's a beta, and the title of this apparently newsworthy (according to someone at CNET) item says so, doesn't quite register.

The writer quotes Paul McDougall's report from InformationWeek. It's a practice which, as you may have noticed over the past few years, absolves the quoting reporter of any responsibility to give it a serious thought or otherwise use common sense! Needless to say, "<Blah> bans the use of Windows 7 beta" is an excellent headline, bound to result in more than its fair share of page views. It sells.

Of course, there's no debate about the underlying facts - CNET's simply reporting what's been reported by another reporter in another publication! InformationWeek's original headline beats what CNET came up with: Windows 7 Beta Flunks Out Of Georgetown! It even comes with a juicier sub-title: University's IT department nixes downloads of Microsoft's new operating system.

A look at the source
To find out what Georgetown's University Information Services (UIS) really stated in its policy, let's head to the source doc on UIS' web site:

Microsoft Corporation recently released a "beta", or "pre-release", version of its new operating system, Windows 7. However, UIS strongly discourages using it.

The UIS doc goes on to explain what a beta is, and why you shouldn't install Windows 7 beta. The doc cites Microsoft's Windows 7 web site:

Microsoft's Windows 7 Web site states emphatically that there are risks associated with installing beta version of Windows 7 and that "it's not a finished product."

The doc goes on to state UIS' policy on software support.

Not trusting my own eyes, and my reading and comprehension skills, which told me the word "ban" did not show up in the UIS doc, I also used the search feature in both Internet Explorer and FireFox. As suspected, both browsers failed to find the word "ban" in the doc!

To ensure I was well into the "beyond reasonable doubt" territory, I reached out for the dictionary (the online one @ Dictionary.com), and looked up the words discourage and ban. I am now convinced, beyond a reasonable doubt, that "discourages", even when prefixed with "strongly", is not the same thing as "bans".

Unfortunately, CNET isn't the only media outlet that falls to the temptation of putting headlines and page views before fair reporting. Overall, CNET continues to do a great job of reporting tech news. (I miss Brian Cooley on CNET Radio— an important part of Silicon Valley culture for many, during the tail end of the dot com boom.)

Testing beta software
Windows 7 beta continues to receive some balanced (read "favorable") coverage, even from the naysayers.

Nevertheless, there's a reason beta software is called beta, and what's OK for an engineer at Intel may not be OK for the average non-technical user at large. Although the Windows 7 beta is remarkably stable, performs well, and is "production-ready" according to many testers and reviewers, it's not a great idea to run a beta on your "production" PCs unless you're prepared to support it yourself.

If you really want to test or play with beta software, get yourself a test box, or use virtualization software to run it in a virtual machine.

Gartner refutes IBM's Notes marketshare claim

In a recent press release ahead of its annual LotusSphere conference, IBM claimed that Notes is narrowing the lead Microsoft Exchange has. Garnter analyst Tom Austin says:

I don't believe that in either revenue or user seat share, that IBM is closing the gap [with Microsoft]. The gap is getting bigger and bigger.

and:

IBM may be adding Notes users, but its share of the installed base is getting smaller.

Interestingly, the Gartner statistic cited by IBM from "Gartner Dataquest's most recent report from 2008" indicating a 40% share worldwide for Lotus Notes, compared to Microsoft Exchange's 48%, was for 2007 shipments according to Austin.

The statistic is gone from an updated IBM press release.

More in 'Au contraire: Exchange's lead over Notes actually 'getting bigger and bigger,' says Gartner' on Computerworld.com.

Just posted: Exchange 14 video on Exchange team blog

The first public sighting of E14, aka Exchange 14, has been reported on the Exchange team blog! KC Lemson and Jim Lucey from the product team tell you more about the exciting developments around E14 in a video.

Head over to the team blog to see Exchange 14 in action!

SeaDragon Mobile: A Microsoft app for the iPhone?

A Microsoft App for the iPhone? Yes, that's right. LiveLabs became the first group within Microsoft to launch an application for the iPhone. It's called SeaDragon Mobile. It's available on Apple's AppStore. More on LiveLabs.com.

Released: Update Rollup 5 for Exchange 2007 SP1

Update Rollup 5 for Exchange Server 2007 SP1 has been released. Download it here.

As noted in previous posts, Exchange 2007 updates are cumulative and release-specific.

Fixes for the following issues are included (details in KB 953467):

• 925371 Domino Server does not see attachments in meeting requests from Exchange Server 2007
  
• 939037 By default, managed content settings apply to the root folder and all subfolders in an Exchange Server 2007 environment
  
• 949722 An Event 800 event message does not log the username of users who ran the Get-MessageTrackingLog command in an Exchange 2007 environment
  
• 949893 You cannot create a new mailbox or enable a mailbox in an Exchange Server 2007 environment on February 29, 2008
  
• 949895 Exchange Management Shell crashes (stops responding), and Event ID 1000 is logged when you perform a cross-forest migration from Exchange Server 2003 to Exchange Server 2007 S949895
  
• 949901 Exchange 2007 users cannot send e-mail messages to a mail-enabled public folder in a mixed Exchange 2003 and Exchange 2007 environment
  
• 949968 Unified Messaging does not handle the diversion header correctly in Exchange Server 2007 Service Pack 1
  
• 950272 The formatting of a plain text message is incorrect when you print the plain text message by using Outlook Web Access in an Exchange Server 2007 environment
  
• 951267 An exception occurs in Exchange Management Console when you preview AddressList in an Exchange Server 2007 environment
  
• 951273 The received date and the received time of IMAP messages are changed to the time of migration after you migrate mailboxes to an Exchange 2007 Service Pack 1-based server
  
• 951505 You may receive an error message when you run the Update-SafeList cmdlet in an Exchange 2003 and Exchange 2007 mixed environment
  
• 951564 Exchange 2007 S951564 Update Rollup 5 supports the addition of new items to context menus in Outlook Web Access 2007
  
• 951710 You receive error messages or warnings when you change an Active Directory schema so that the Company property supports more than 64 characters
  
• 952097 Update Rollup 5 for Exchange 2007 Service Pack 1 introduces events 12003 which can be used to clarify ambiguous Event messages
  
• 952583 Japanese DBCS characters are corrupt when you reply to a message or forward a message in an Exchange Server 2007 S952583 environment
  
• 953619 A public folder conflict message cannot be delivered, and event error 1016 is logged, when the public folder name contains DBCS characters in an Exchange Server 2007 Service Pack 1 environment
  
• 953787 You receive an error message when you try to move Exchange 2000 mailboxes or Exchange 2003 mailboxes from one forest to an Exchange 2007 server that is located in another forest by using the Move-Mailbox command
  
• 953840 Event ID 5000 occurs, and the IMAP4 service may crash, on a server that is running Exchange Server 2007 with Service Pack 1 when you use a third-party application to migrate POP3 and IMAP4 users
  
• 954036 Hidden folders or files are listed when you view a UNC file server by using OWA in an Exchange 2007 environment
  
• 954195 The task originator is not notified of task changes and task progress in an Exchange Server 2007 environment
  
• 954197 Exchange 2007 CAS cannot copy the OAB from the OAB share on Windows Server 2008-based Exchange 2007 CCR clusters
  
• 954270 Message class changes during conversion when a digitally signed Message Disposition Notification is received by a server that is running Exchange Server 2007 Service Pack 1
  
• 954451 An appointment item cannot be opened by a CDOEX-based application if the item is saved by Exchange Web Service together with the Culture property in Exchange Server 2007
  
• 954684 You cannot use an Outlook 2007 client to display or download an attachment when you access a message that includes an inline attachment from Exchange Server 2007
  
• 954810 An Exchange 2007 room mailbox stops processing requests after the resource booking assistant receives a delegated meeting request from an Exchange 2003 user
  
• 954887 You cannot add a Mail User or a Mail Contact to the Safe Senders list in Microsoft Exchange Server 2007 by using OWA client
  
• 955001 Error message when you use the IMAP protocol to send a SEARCH command that has the CHARSET argument on an Exchange 2007 server: "BAD Command Argument Error"
  
• 955196 Log files are not copied to the target server in a standby continuous replication environment in Exchange Server 2007
  
• 955429 VSS backup application causes the Information Store service to crash repeatedly on an Exchange 2007 Service Pack 1-based server
  
• 955460 The start time and the end time of a meeting request are incorrect when a delegate uses Exchange Web Service to send the request in an Exchange 2007 environment
  
• 955480 Meeting requests from external senders are displayed as Busy instead of Tentative in an Exchange Server 2007 environment
  
• 955599 Event ID 10 messages fill up the Application log on an Exchange 2007 CAS server if an Exchange Server 2003 mailbox owner makes an Exchange Web Service call
  
• 955619 A user cannot access the mailbox by using a POP client or an IMAP client through Client Access Server in an Exchange Server 2007 environmen
  
• 955741 A message stays in the Outbox, and the message is resent until it is deleted manually on Windows Mobile 6.1-based devices in an Exchange 2007 Service Pack 1 CAS proxying scenario
  
• 955946 If a private message is submitted by a SMTP sender, the sender receives an NDR message from the Exchange 2007 server
  
• 955989 The SPN registration of a cluster fails, and Error event IDs 1119 and 1034 are logged in an Exchange Server 2007 Service Pack 1 environment
  
• 956199 The last character of a user’s Chinese display name is truncated in the Offline Address Book on an Exchange 2007 server
  
• 956319 The W3wp.exe process may crash on an Exchange 2007 CAS server after you use Entourage to send a message that is larger than 48 KB
  
• 956573 Event ID 1032 is not logged in the Application log when users send e-mail messages while they are logged in to Outlook Web Access as another user in Exchange Server 2007
  
• 956582 Exchange Server 2007 Update Rollup 3 does not update the Outlook Web Access Logon.aspx file after you modify the file
  
• 956613 The W3wp.exe process intermittently stops responding and Event ID 1000 is logged in Exchange Server 2007 Service Pack 1
  
• 956709 Some recurring meetings may be missing when you view the meetings using Outlook Web Access in Exchange Server 2007
  
• 957002 The Edgetransport.exe process may crash intermittently on a server that is running Exchange Server 2007 Service Pack 1
  
• 957137 The reseed process is unsuccessful on the CCR passive node after you restore one full backup and two or more differential backups to the CCR active node
  
• 957813 A Non-Delivery Report is generated when you try to send a high priority message that is larger than 250 KB in an Exchange Server 2007 Service Pack 1 environment
  
• 957978 The OAB generation is unsuccessful and Event IDs 9328 and 9373 are logged in the Application log in a Windows Server 2008-based Exchange 2007 Single-Copy cluster environment
  
• 958855 The Edge Transport service crashes repeatedly, and an event error 1000 is logged repeatedly on a server that is running Exchange Server 2007 Service Pack 1
  
• 958856 Event ID: 7012 occurs when you search message tracking logs on an Exchange Server 2007-based server
  

Microsoft TechEd 2009: Move back to 1-week format

Microsoft's premiere technical education and networking event, Microsoft TechEd 2008 was held over a 2-week period— one week for the developer audience, and the second week for IT professionals. Based on attendee feedback, TechEd reverts to the familiar 1-week format in 2009.



TechEd 2009 will be held at the Los Angeles Convention Center in Los Angeles, CA, from May 11-15. Yes, after a year in Boston, and 3 years in Orlando, it's back to the west coast.

Exchange CVP Terry Myerson heads to Windows Mobile

As reported on the Exchange team blog, Terry Myerson, CVP for Exchange is heading over to Windows Mobile.

Terry came to Exchange in 2001.

Rajesh Jha, CVP for Microsoft Office Live, will be heading Exchange.

Related posts and links:

• iPhone, meet Exchange: Apple announces Exchange ActiveSync support
  
• Apple licenses Exchange ActiveSync for the iPhone
  
• Microsoft Exchange Labs
  

Update Rollup 4: The Right Thing To Do

Now that Exchange 2007 SP1 Update Rollup 4 has shipped, it's time to revisit recent events preceding it.

A few days before yesterday's release, a pre-release version of Update Rollup 4 for Exchange Server 2007 SP1 made its way to Microsoft Update. Customers who had the Automatic Updates feature of Windows Server OS configured to automatically download and install updates got the pre-release version downloaded and applied automatically to those servers. Although it was detected and removed quickly from Microsoft Update, the update has left some customers affected by this issue quite annoyed— and understandably so.

Microsoft's Scott Roberts posted the details on the Exchange team blog in INFO: Update Rollup 4 for Exchange Server 2007 Service Pack 1, including some of the issues faced by customers, and workarounds. Scott also responded to customers who left comments on the blog post, and frequently updated the post/comments.

Although this has proved to be a major annoyance for some customers, overall the number of customers affected was relatively quite low.

What's of note is the upfront communication about this through the Exchange team blog. Rather than trying to sweep the issue under the carpet, it was actually talked about! Fessing up about such issues, apologizing where apologies are due, and ensuring adequate controls are in place so such things do not happen again is the right thing to do.

It's also a sign of how Microsoft is increasingly being more open about such incidents.

Computerworld's Gregg Keizer wrote about this in Microsoft issues wrong update for Exchange 2007. Surprisingly, other tech media outlets such as News.com and InfoWorld did not pick this up.

Keizer notes:

"For a brief period of time on 9/9, a pre-release version of Update Rollup 4 for Exchange Server 2007 Service Pack 1 was inadvertently made available to Microsoft Update, the Microsoft Update Catalog and WSUS servers for download," an unidentified Microsoft employee said in a post to the official Exchange blog.

To set the record straight, the linked post is written by Scott Roberts, and clearly attributed to him with a link to his bio.

Auto-updating Servers and Server Apps?

Given the incident, it's easy to respond with "We can't trust Microsoft to automatically push patches that work!" — and you can't be blamed for thinking that way. In fact, you shouldn't trust any vendor to automatically push patches and updates to servers and server apps. In many organizations, patches for desktop/laptop OS and apps are also accorded similar treatment.

Although most software vendors test patches— some more extensively than others, there are a staggering number of variations in configurations, topologies, software and hardware deployed by customers. It is close to impossible to test a patch and account for these variations, and chances of a patch being tested for an environment exactly like yours are arguably quite slim.

It is a Patch Management best practice (and has been for as long as I can remember) to not auto-apply patches to servers and server applications without first testing these in a lab environment. A test and change control process— however rudimentary it may be, always helps in orderly deployment of patches, tracking of such updates, and forces you to think of a back-up plan.

It's a good idea to always apply a patch or update on a test box or two, then roll it out to production servers— starting with low-impact/low-priority servers first to discover problems early on. This ensures that should things go wrong, the initial impact is low. As the patch or update is applied to more servers and you move to more critical/high-impact servers, you've gradually reduced the chances of things going wrong. (Of course, the exact method of rolling out and the order in which servers get a patch applied will vary in each organization and may depend on the type of patch being applied.)

Small businesses, some with no full-time IT staff, many with a single server, may not be able to justify the cost of a test environment or a consultant to test patches and updates.

One option is to use virtualization software such as Microsoft's hypervisor-based Hyper-V (the standalone Hyper-V Server 2008, or the Virtualization/Hyper-V role of Windows Server 2008), the non-hypervisor-based Microsoft Virtual Server 2005 R2, or Microsoft VirtualPC 2007 for desktops— (all of them except Windows Server 2008 are free), to setup a virtual test environment.

If you are a consultant responsible for supporting many such small businesses, perhaps you can test patches on behalf of customers, and distribute the cost to a number of customers. You can generate additional revenue, and customers can get the assurance that the patches they deploy are tested by someone responsible for maintaining their servers— someone who knows their environment well. It can reduce the possibility of downtime, and is generally cheaper than actual downtime of critical services or applications.

Having patches and updates automatically applied to servers, without any testing, can and will land you in trouble at some point— regardless of the vendor.

Released: Update Rollup 4 for Exchange 2007 SP1

Update Rollup 4 for Exchange Server 2007 SP1 has been released. Download it here.

Fixes for the following issues are included (details in KB 952580):

• 942649 Description of the commands that support the UseRusServer option that is imported in Update Rollup 4 for Exchange Server 2007 Service Pack 1
  
• 944831 You cannot configure Exchange Server 2007 so that the simple display name appears in outgoing messages
  
• 945854 A meeting reminder is still active when you configure Outlook to send no reminders to an Exchange Server 2007 user
  
• 945870 TAB symbols may be converted incorrectly to spaces in Exchange Server 2007
  
• 948896 Certificates that contain wildcard characters may not work correctly on an Exchange 2007-based server
  
• 948897 An attachment incorrectly appears as the body of the e-mail message in an Exchange Server 2007 environment
  
• 948923 Users do not receive information in DSN messages in Exchange Server 2007 with Service Pack 1
  
• 949512 An embedded message is removed from the attachment list on Exchange Server 2007 if the embedded message subject ends with .com, .exe, or any other blocked extension
  
• 949782 An In-Policy request that is forwarded to delegate appears as an Out-Of-Policy request if a user submits an In-Policy meeting request against a room mailbox of Exchange 2007 server
  
• 949858 The provisioning process cannot be successful when you use Microsoft Identity Lifecycle Manager (ILM) 2007 to provision user objects for Exchange Server 2007
  
• 949926 Error when you use an IMAP4 client or a POP3 client to log on to a delegate mailbox of Exchange Server 2007: "800cccd1"
  
• 950076 After you move a mailbox from Exchange Server 2003 to Exchange Server 2007 Service Pack 1, you cannot edit rules in Outlook Web Access
  
• 950081 Error message when users use an SMTP client to send e-mail messages in Exchange Server 2007 Service Pack 1: "454 4.7.0 Temporary authentication failure"
  
• 950138 You are prompted for your credentials three times and you receive an error message when you use the Outlook Anywhere feature to connect to an Exchange Server 2007 Service Pack 1–based server that is running Windows Server 2008
  
• 950198 You can enable AfterConversion snapshot for all messages if pipeline tracing and Content Conversion Tracing are enabled
  
• 950235 The IMAP4 or POP3 worker process may stop responding on an Exchange 2007 CAS role that is working with an Exchange 2003 back-end server
  
• 950409 The reminder is triggered earlier than expected when an Exchange Server 2007 server receives an iCalendar meeting request message over an SMTP server
  
• 950622 Messages are converted to a very small font size in Outlook Web Access and in Outlook 2003 when you use Exchange Server 2007
  
• 950976 Event ID 115 may be logged intermittently on a computer that is running Exchange Server 2007 with Service Pack 1
  
• 951067 Event ID 7034 may be logged in the Application log in Exchange Server 2007 when an MAPI application tries to access a mailbox in a certain way
  
• 951156 The message body of some appointments appears garbled after you use a mobile device that is running Traditional Chinese edition Windows Mobile 6 to synchronize appointments that was created in Outlook Web Access for Exchange Server 2007
  
• 951251 A MAPI application does not work correctly if Exchange 2007 is installed on a Windows Server 2008 server
  
• 951594 The W3svc log reports the incorrect number of attachments on an Exchange Server 2007 server that has deployed Exchange ActiveSync Service (EAS)
  
• 951747 An error occurs when you use the Export-mailbox or Restore-mailbox command to migrate certain mailboxes on Exchange Server 2007: "error code -1056749164"
  
• 951864 Some users must enter their credentials when they access rights-protected messages even though you have deployed the Rights Management Services (RMS) prelicensing agent on an Exchange Server 2007 Service Pack 1-based server
  
• 952152 The Autodiscover service for ActiveSync in an Exchange 2007 environment does not work for users in sites that do not have the ExternalURL property set
  
• 952250 You encounter a long delay for each mailbox when you run the "Move-Mailbox" or "Set-Mailbox" command on an Exchange Server 2007 computer
  
• 952682 Log file drives on the SCR target may eventually fill up and cause replication failure in Exchange Server 2007 Service Pack 1
  
• 952924 Error message when Exchange users try to access public folders that are hosted on Exchange Server 2003 by using Outlook Web Access for Exchange Server 2007: "Outlook Web Access is unable to open public folders"
  
• 953312 The "Open Message In Conflict" button is not available in the conflict notification message for Exchange Server 2007 users
  
• 954058 You can change the method for transfer encoding after you apply Update Rollup 5 for Exchange Server 2007 Service Pack 1
  
• 954205 Event ID 1113 is logged in the Application log on a Unified Messaging (UM) server when users contact the UM server by using secured connections
  
• 954237 The IMAP service crashes intermittently on Exchange 2007, and Event ID 5000 is logged
  
• 955208 Event ID 5000 occurs when the Exchange IMAP4 worker process crashes intermittently in Exchange Server 2007
  
• 956775 CopyItem and MoveItem Operations in Exchange Web Services can return the Item ID after you install Update Rollup 4 for Exchange Server 2007 Service Pack 1
  
• 957133 Description of improvements in functionality that occur in Exchange Web Services operations after you install Update Rollup 4 for Exchange Server 2007 Service Pack 1

Microsoft: "High Priest of Secure Software Development"

From a company most frequently bashed for the security woes of the world, Microsoft has morphed into what CNET calls the "high priest of secure software development", which is now helping others develop secure software.

The Trustworthy Computing Initiative started six years ago is paying off.

More in 'Microsoft becomes high priest of secure software development' on News.com.

Unraveled: The Mystery of the Disappearing Exchange Update Rollup 4

Did you really see Exchange 2007 Update Rollup 4 appear and then quickly disappear earlier this week?

Scott Roberts explains in 'The case of disappearing Rollup Update 4' on the team blog.

Announced: Virtualization support for Exchange Server 2007

Exchange Server 2007 is now supported on Hyper-V and other (read "Non-Microsoft") hypervisors validated under the Microsoft Server Vitualization Validation Program. Vendors participating in the program: Citrix, Cisco Systems, Novell, Sun Micrososystems, and Virtual Iron Software.

The new support policy for Exchange in virtualized environments: Microsoft Support Policies and Recommendations for Exchange Servers in Hardware Virtualization Environments.

• What's supported: Exchange Server 2007 SP1 running on Windows Server 2008
  
• Supported Exchange 2007 Server Roles: All except Unified Messaging
  
• What Hypervisor: Microsoft Hyper-V, or any hypervisor validated by MSVVP
  
• Not supported: Differencing disks and expandable virtual disks
  
• Not supported: Taking VM snapshots (these aren't application-aware)
  
• Not supported: Combining Exchange's clustering features (SCC and CCR) with availability features from the virtualization layer, such as Hyper-V's quick migration.

A change has also been made to licensing policies allowing transfer of licenses for server applications (such as Exchange and SQL Server) between servers as frequently as required. This was earlier restricted to 90 days. This facilitates virtualization, where VMs running these server applications can be easily transferred from one server to another. More about the change in licensing policy in the Volume Licensing Brief titled Application Server License Mobility (Word DOC).

More details about the announcement in the Exchange team blog post: Microsoft Virtualization and Licensing Announcements

Released: RDP Client for Mac 2

If you're a Mac user, connecting to Windows servers and desktops just got a lot better. The much anticipated RDP Client for Mac 2 has been released.

The RDP Client for Mac 2 is available in 8 languages (including English). Download it here.

New features include multi-session support, new Network Level Authentication (NLA) that completes authentication before establishing an RDP session, a more Mac-like UI, wide-screen resolutions, automatic reconnects, and printing support (ability to print documents from a RDP session to the locally attached printer on your Mac).

This comes close on the heels of Microsoft Messenger for Mac 7 (M3?), released in late April. It's compatible with Office Communications Server 2007, and includes Bonjour support— go to the Office for Mac team blog to find out more.

While we're still on the subject, have you looked at Office 2008 for Mac? If you're already using it, let me know what you think!

Released: ISA 2006 Service Pack 1

ISA Server 2006 SP1 has been released. SP1 brings some new features, and improvements such as support for SAN certificates. Download SP1.

New features:

• Configuration Change Tracking: Registers all configuration changes applied to ISA Server to help you assess issues that may occur as a result of these changes.
  
• Test Button: Tests the consistency of a Web publishing rule between the published server and ISA Server.
  
Traffic Simulator:Simulates network traffic in accordance with specified request parameters, such as an internal user and the Web server, providing information about firewall policy rules evaluated for the request.

• Diagnostic Logging Viewer: Now integrated as a tab into the ISA Server Management console, this feature displays detailed events on packet progress and provides information about handling and rule matching.

Improvements for existing features:

• Support for integrated NLB mode in all three modes, including unicast, multicast, and multicast with Internet Group Management Protocol (IGMP). Previously, ISA Server integrated NLB-supported unicast mode only.
  
• Support for use of server certificates containing multiple Subject Alternative Name (SAN) entries. Previously, ISA Server was able to use either only either the subject name (common name) of a server certificate, or the first entry in the SAN list.
  
• Support for KCD cross-domain authentication. Credentials from users located in a different domain than the ISA Server, but in the same Forest, can now be delegated to an internal published Web site by using KCD .
  
• Support for client certificate authentication in a workgroup deployment. This removes the requirement to map each client certificate to an Active Directory® directory user account when forms-based authentication is used as the primary authentication method and client certificates are used as the secondary method.

SP1 fixes the following issues:

• 894679 Users who do not have the appropriate permissions can receive restricted content from ISA Server 2004
  
• 920913 Error message in response to some HTTP requests on client computers that are running ISA Server 2004 as a proxy server: "400 Bad Request"
  
• 921944 A client computer takes longer than expected to connect to a Web site through an ISA Server 2004 Web proxy server
  
• 922851 You receive a blank page when your Web browser submits a POST request to an ASP Web site over an ISA Server 2004 access rule that requires client authentication
  
• 922899 An ISA Server 2004 Web chaining rule may not redirect requests to the specified port
  
• 923318 Error message in SecureNAT clients after you configure a Web chaining rule to forward HTTP as HTTPS in ISA Server 2004: "The target principal name is incorrect"
  
• 923322 A large file download fails when an ISA Server 2004 SOCKS client computer uses passive mode FTP
  
• 923765 The Microsoft Firewall service stops responding to client computer requests and Event IDs 7034, 14057, and 1000 are logged after you publish an OWA server in ISA Server 2004
  
• 923766 A client computer may not be authenticated by ISA Server 2004 when you use integrated Windows authentication
  
• 924405 Client computers cannot download attachments when you use ISA Server 2004 or ISA Server 2006 forms-based authentication and run a third-party OWA add-in program to manage attachments
  
• 925288 One or more published sites may stop being available if you create more than 300 Web site publishing rules in ISA Server 2006 Enterprise Edition
  
• 928273 Users may receive slow responses when you enable the Cache Array Routing Protocol in ISA Server 2004, Enterprise Edition
  
• 929818 You receive an error message when you try to install or to run Windows Vista: "The Software Licensing Service reported that the license is invalid"
  
• 930415 You cannot apply an OWA Web publishing rule that redirects users who connect to the root of the OWA Web site to an internal folder by using ISA Server 2006
  
• 933523 When an Internet Security and Acceleration Server 2004 client performs an action that uses the HTTP POST method, the action may be performed multiple times
  
• 934022 An ISA Server 2004 downstream server does not reuse the TCP connections to a third-party upstream server
  
• 935767 The authentication delegation in the existing Web publishing rules does not work after you upgrade ISA Server 2004 Enterprise Edition to ISA Server 2006 Enterprise Edition
  
• 938465 Error message when you try to access Web sites through a downstream server after you enable hotfix 927265 on an upstream server that is running ISA Server 2004: "502 Proxy Error"
  
• 938550 An update enables multicast operations for ISA Server integrated NLB
  
• 940659 Error message when you try to visit a Web site that is published in ISA Server 2004: "HTTP error 500: network name no longer exists"
  
• 940708 The "401 Authentication Required" response that is sent by a Web site is dropped when you use ISA Server 2004 as a Web proxy
  
• 941162 In ISA Server 2006, you cannot set a session time-out for private computers in a Web listener that has the RSA SecurID authentication method configured
  
• 941296 An ISA Server 2006 computer may stop responding under a heavy load
  
• 941634 After an ISA Server 2006 application filter establishes an HTTP connection, the connection closes before it can be used, and a "0x80004001 (E_NOTIMPL)" status code is logged
  
• 941870 Only 1,000 PPTP ports and 1,000 L2TP ports are open in Routing and Remote Access if the maximum number of VPN clients is set to more than 1,000 in ISA Server 2006
  
• 942313 Web pages do not appear as expected when you publish a Web site by using a publishing rule in Internet Security and Acceleration (ISA) Server 2006
  
• 942637 A user cannot access a Web site that is published in ISA Server 2006 by using Kerberos constrained delegation if the user is not in the same domain as the ISA Server computer
  
• 942638 POST requests that do not have a POST body may be sent to a Web server that is published in ISA Server 2006
  
• 943200 The Microsoft Firewall service stops unexpectedly on a computer that is running ISA Server 2004
  
• 943212 You cannot filter the RPC traffic based on universally unique identifiers (UUID) by using an access rule in ISA Server 2006
  
• 943214 When you publish a back-end ISA Server 2006 computer on a front-end ISA Server 2006 computer that faces the Internet, you cannot enable forms-based authentication on both computers
  
• 944699 The Microsoft Firewall service stops unexpectedly if a Web filter is used on a computer that is running ISA Server 2006
  
• 944764 Requests that have large request bodies may fail when you publish a Web site in ISA Server 2006
  
• 944824 Stop error message on a computer that has ISA Server 2006 installed: You receive a "Stop 0x0000007f"
  
• 945224 ISA Server 2006 may forward requests to an incorrect Web server when a client computer accesses Web sites that have different public names in the same session
  
• 945524 Some Web servers that are published in ISA Server 2006 by using the Web Publishing Load Balancing feature may be incorrectly detected as unavailable at random times
  
• 945814 Error message when you try to change the password of a user account even if you configure ISA Server 2006 to allow users to change their passwords
  
• 945882 HTTP SEARCH requests that do not have a SEARCH body may be sent to a Web server that is published in ISA Server 2006
  
• 947254 A computer that is running ISA Server 2006 may randomly stop routing packets from certain VPN clients or from certain VPN site-to-site networks
  
• 947255 Packets from the branch office may not reach the destination servers in the central office over a site-to-site VPN connection that you create through ISA Server 2006
  
• 947521 When HTTP compression is enabled in Web publishing rules in ISA Server 2006, the compression filter may be unable to handle HTTP responses
  
• 948711 A report may not display HTTPS traffic in ISA Server 2006
  
• 949628 The Microsoft Firewall service crashes randomly when you use ISA Server 2006 to publish a Web server by enabling forms-based authentication
  
• 950139 The Microsoft Firewall service in ISA Server 2006 stops responding to client requests after you publish a Web server by using NTLM authentication delegation
  
• 951508 When you use ISA Server 2006 to publish a Web server, and authentication delegation is enabled, some Web content may not be displayed correctly when a user accesses the published Web server
  
• 951509 Users cannot access a Web site that is published in ISA Server 2006 if the Web site accepts only the SPNEGO authentication package
  
• 950150 Error message when you open a .gz file that you downloaded through an ISA Server 2004 Web proxy server: "Invalid archive directory"
  
• 952675 You cannot log on to a local intranet site that you publish by using ISA Server 2006 when there are multiple user accounts that have the same account name in different domains

Save XP, Rick Mercer Style

It's June 30th! I had the date marked because of two reasons. The first one has to do with Windows XP, and if you haven't heard enough already, CBC's Rick Mercer has his own view of how to save Windows XP. Caution: May not be entirely work-safe for some.



The second reason's coming up in a post after the break, and it has absolutely nothing to do with Windows XP or Windows Vista!

Released: Windows Server 2008 Hyper-V

While I was away yesterday, Windows Server 2008 Hyper-V made its public debut (RTMed in Microsoftese). I know what you're thinking: Let the Microsoft PR storm begin, VMWare has a better virtualization product, and other unbloggable thoughts... :).

I've been using Hyper-V for a few months now, and all I can say is— it's been a great experience way before RTM, and I am impressed! Of all things Hyper-V that impress me, I'm blown away by the performance - it flies! This, on a desktop class machine (one that meets the CPU and other requirements, of course, but poorly-configured to be used as a server/Hyper-V box that's running quite a few virtual machines).

Next, the simplicity and ease-of-use. As InfoWorld's Randall C. Kennedy puts it:

As with most Server 2008 "roles," enabling Hyper-V was a simple matter of ticking a check box in Server Manager and picking a NIC for use by the virtual network manager.

Read more of Randall's review in Test Center review: Microsoft's Hyper-V does the trick.

Scott has a post with plenty of links to Hyper-V resources and blog posts— Hyper-V has RTM'd and is Available!

As Scott mentions in the post, Microsoft will have a support statement about Exchange Server and virtualization 60 days from Hyper-V RTM. This was announced at TechEd IT Pro in Orlando little over 2 weeks ago.

Released: Transporter Suite v08.02.0053

An updated version of the Transporter Suite— a set of tools for interoperability and migration from Lotus Domino and generic POP/IMAP servers to Exchange Server 2007, has been released.

Download Transporter Suite v08.02.0053 from here.
Updated release notes are here.

If you're getting started on an interop or migration project, take a look at Resources for Interoperability and Migration from Lotus Domino.

Community content in Exchange docs: the wikization begins!

Microsoft recently started allowing community content (annotations/links) in Exchange documentation on TechNet. Initially available for Exchange 2003 documentation, this feature was recently expanded to Exchange 2007 documentation as well.

At the bottom of each page in Exchange documentation (on TechNet) you'll see the links to add community content.


Figure 1: Links to add community content in Exchange documentation pages on TechNet

This is a great way to share your Exchange expertise and add more value to Exchange documentation - you can add your code snippets, undocumented scenarios, tips & tricks, links to relevant content on web sites/blogs— yes, links to your blog posts too!

The wiki-zation of Exchange documentation has begun!

For an example of what this looks like, check out the Messaging Records Management (MRM) docs:
1) How to Create Managed Content Settings
2) How to Apply a Managed Folder Mailbox Policy to User Mailboxes

Registration required. Here's the code of conduct, and answers to some frequently asked questions are in this faq.

What it's not...
This is not a place to post product feedback or new feature requests. You can provide new feature requests by email to exwish at microsoft. It's also not a place to post requests for help with any issues— that's better handled in Exchange newsgroups and TechNet Forums, where you can get assistance from expert IT Pros, including MVPs, and Microsoft folks.

TechEd IT Pro: A major Exchange announcement in Scott's session?

Scott Schnoll is presenting two sessions at TechEd this week:
1. Microsoft Exchange Server 2007 SP1: Tips & Tricks:
When: Wednesday, June 11 2:45 PM - 4:00 PM
Where: N220 D
What: This session provides an overview of how to gather diagnostic and troubleshooting information for Exchange Server 2007 focused on performance, connectivity, and services, as well as details about the best tools to use for quickly resolving issues.

2. Advanced Troubleshooting Strategies for Exchange Server 2007
When: Friday, June 13 1:00 PM - 2:15 PM
Where: S230E
What: This session provides an overview of how to gather diagnostic and troubleshooting information for Exchange Server 2007, as well as details about the best tools to use for quickly resolving issues.

Scott also promises a major Exchange announcement during his first session on Monday! More in Scott's blog: Microsoft TechEd IT Pro 2008

Mac, meet PC: PC, the Mac's already hacked!

The Event: CanSecWest's PWN 2 OWN contest, Vancouver, Canada
The Contenders: Mac OS X Leopard, Microsoft's Windows Vista, and Linux.
The Challenge: Compromise the OS
The Prize: $10,000 + laptop
The Winner: Charlie Miller

Apparently, the OS that's safer by design is the first to get compromised, after the rules were relaxed a little bit. 2 minutes is all it took, according to a report in InfoWorld (yes, still one of my favorite tech news sources). Excerpt:

Contest rules state that Miller could only take advantage of software that was pre-installed on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple's Safari browser.

And:

Shane Macaulay, who was Dai Zovi's co-winner last year, spent much of Thursday trying to hack into the Fujitsu Vista laptop, at one point rushing back to his Vancouver area home to retrieve a file that he thought might help him hack into the system.

But it was all in vain.

More in Gone in 2 minutes: Mac gets hacked first in contest on InfoWorld.com.

This comes little over a week after Apple released what is labeled a massive patch, a monster patch, a mega-update, or a mega-monster security update by the media (Yes, that makes me feel like Jon Stewart now). The patch contains 90 fixes according to these reports.

Last year's contest winner, Dino Dai Zovi, exploited a vulnerability in Apple's QuickTime to take home the prize.

Gloat not, Windows Vista and Linux. You are expected to be hacked by today— and when that happens, it will be further proof that vulnerabilities exist in all systems. That's the nature of software. When it comes to millions of lines of code, "bug-free" and "vulnerability-free" software is a myth. What really matters is how easily these can be exploited, how quickly the vendor responds and releases patches to fix vulnerabilities.

As far as Windows Vista is concerned, it has an enviable track record so far.

"Save XP" Campaign: InfoWorld responds, and the facts about downgrade rights

Note to readers: I haven't had to keep a post on hold for as long as I"ve kept this one, contemplating whether I should post it or not. After much thought, I've decided to post this, because it is important to know the facts about downgrade rights, and to clarify my position on this debate.

InfoWorld responded to my previous post (read InfoWorld's campaign to "Save Windows XP").

In a blog post titled Exchangepedia Blog Author calls "Save XP Campaign" Childish!, InfoWorld columnist J. Peter Bruzzese writes:

However, in the overall scheme of things will it budge the folks at Redmond to reconsider its plans? Not if Bharat Suneja, an MVP for Exchange and tech guru who publishes the popular Exchangepedia Blog site has anything to say about it. He has done his own research on the matter and his opinion should be heard!

Thanks for the kind words Peter - much appreciated.

To put it on record, I am not for or against Microsoft extending the deadline for Windows XP OEM and retail sales. I called Peter the saner voice (of InfoWorld) - he gets the gist of what I wanted to convey in the post:

The point Bharat is trying to make: Windows XP is an operating system that has lived past its prime, and Microsoft isn't about to pull the plug on it any time soon. (Users can move to Vista on their own timeline).

In my post, I pointed out Microsoft's Product Lifecycle Policy for Windows XP, including the facts that Windows XP mainstream support won't end till April 2009, extended support will be available till April 2014, and Volume License customers can use their downgrade rights if Windows XP licenses are no longer available from retail or OEM channels. (As it turns out, downgrade rights are not restricted to Volume License customers.)

In fact, Microsoft will soon release a new service pack— Service Pack 3, for Windows XP. You can download Release Candidate 2 of the service pack here.

InfoWorld Editor Galen Gruman comments
InfoWorld Editor Galen Gruman left a comment on the post here. What she has to say (relevant portions highlighted and bolded for emphasis):

For the record, as the InfoWorld editor who's responsible for the "Save XP" story and related content, there's one big error in this well-reasoned post: XP will not be generally available after June 30 if you are *adding* computers or people. We never said this was an issue of support. It is true that if you have a site license to Vista, you have downgrade rights to XP. But most small businesses and no individual buyers have these rights. They cannot get XP after June 30. And unless they bought new of two specific types of Vista -- the full, not OEM, versions of Vista Business and Vista Ultimate -- they do not have downgrade rights. GIven that practically everyone who buys a computer has just an OEM copy of Windows, they do not in fact have downgrade rights to XP and cannot add new XP licenses to their mix of XP systems. This forces them to have a mix of XP and Vista, whether or not they are ready for Vista. It was this concern that we heard repeatedly in the last year and led to this story. And why we advocated that XP be available for sale indefinitely -- meaning not forever but until the market as a whole is much more ready to move.

Thanks for commenting Galen. Having read your follow-up article "The "Save XP" manifesto: Time to get past the distractions", I agree with some of the arguments presented (and greatly disagree with others), and the underlying reasons for the "Save XP" campaign. However, your basic premise that setting a date for end of availability of OEM and retail licenses for Windows XP is like Microsoft giving users an eviction notice is simply not true!

I understand that the main issue Galen has is not about existing Windows XP users or computers, but about availability of Windows XP for new computers or users. Carrying the analogy further, that's more like Microsoft saying we aren't accepting new lease applications for this old, run-down apartment that is scheduled to be torn down. You can, however, lease a unit in this brand new complex we built across the street.... It is far from an eviction notice for existing tenants.

The facts about downgrade rights
As far as the downgrade rights Galen referred to (highlighted) in the above comment and in her follow-up article are concerned— she deserves the benefit of the doubt. There's clearly some misunderstanding on her part, and it probably isn't her fault. (Update: Based on our email exchange, I know she has tried to get a definitive answer to this.) Navigating Microsoft's web of licensing options and agreements can be be challenging, even for MVPs. However, to be fair to Microsoft, I was able to get the answer by searching the web, and a single follow-up call to Microsoft Pre-Sales and Licensing. The response was clear and unambiguous.

Downgrade rights are not limited to large enterprises. This Microsoft Volume Licensing Brief [download] (dated January 2007) titled Microsoft Select License, Open License, Original Equipment Manufacturer (OEM) License, and Full Packaged Product (FPP) License Downgrade Rights says:

Can I downgrade my OEM version of Windows Vista Business to Windows XP Professional?
Yes. OEM downgrade rights for desktop PC operating systems apply to Windows Vista Business and Windows Vista Ultimate as stated in the License Terms. Please note, OEM downgrade versions of Windows Vista Business and Windows Vista Ultimate are limited to Windows XP Professional (including Windows XP Tablet PC Edition and Windows XP x64 Edition). End users can use the following media for their downgrade: Volume Licensing media (provided the end user has a Volume Licensing agreement), retail (FPP), or system builder hologram CD (provided the software is acquired in accordance with the Microsoft OEM System Builder License). Use of the downgraded operating system is governed by the Windows Vista Business License Terms, and the end user cannot use both the downgrade operating system and Windows Vista Business. There are no downgrade rights granted for Windows Vista Home Basic or Windows Vista Home Premium.

Translation: If you buy a computer and it ships with Windows Vista Business or Ultimate preinstalled by the manufacturer, also known as an OEM license, you can downgrade to Windows XP Professional. You do not need a Volume License of any kind to do that - end users, small businesses with or without an Open License, and larger businesses - again, with or without a Select or Enterprise License, can downgrade to Windows XP Professional, and use it for as long as they wish.

Microsoft confirms
A quick call to Microsoft Sales/Licensing confirmed that. You are welcome to do so yourself, by calling 800.426.9400. Select option 5, then option 3. In a follow-up call, Microsoft also explicitly and unambiguosly stated that users can use the OEM media (CD) or the one that came with a prior purchase of a FPP (retail) version to downgrade. Organizations with a volume license can also use their volume license media to downgrade. "The media is not important here, the license is", added the Microsoft rep.

If you're having trouble finding your Windows XP CD or need to order a replacement copy, you can do so by calling 800.360.7561 if you bought the retail (FPP) version. The cost is $23, or $29 with taxes and shipping. Volume License customers can order CDs by calling Volume License Fulfillment at 800.248.0655. When asked how long the replacement CDs will be available, and whether these will still be available after Windows XP is no longer sold, the rep responded: "They will be available for quite a while. No plans for discontinuing that yet."

Though well-intentioned, some of the arguments presented by Galen are not as valid. Once again, I am neither for or against Microsoft continuing to sell Windows XP, nor profess that users move to Vista whether they're ready or not. However, the implication that Microsoft is forcing users to move to Windows Vista, and terms like eviction notice used in such articles, do not present the issues in the right perspective.

Given the facts about Microsoft's product lifecycle, support policies and downgrade rights, is Microsoft's stance wrong here? Or does InfoWorld's Save XP campaign amount to unfairly criticizing Microsoft, as InfoWorld's own columnist J. Peter Bruzzese states in "Save XP? Why bother?"?

PS: Tom Sullivan's response, and comment about MVPs

I was equally annoyed and amused by InfoWorld Editor Tom Sullivan's response in "On the necessity of InfoWorld's 'Save XP' campaign". Tom says:

As Peter Bruzzese points out, the author of Exchangeapedia, Bharat Suneja, suggests that the campaign won't inspire Microsoft to change its plans and keep Windows XP alive beyond June 30.

Suneja, it's worth explaining, is a Microsoft MVP. A rare breed, indeed, these disciples are devout enough that, while attending an MVP Summit back in 2001, a pair of them even got married in Redmond, Wash. and read vows from their Pocket PCs.

That said, Bruzzese writes that Suneja "has done his own research on the matter and his opinion should be heard." I agree, and particularly when he explains that mainstream support will end on April 14th, 2009, and extended support will be available for five years from that date, till April 8th, 2014, both points IT shops should research. Suneja writes, in his post, "Windows XP doesn't seem like a product that's being retired prematurely."

That, obviously, is a matter of some debate. Contrarians can easily point to the reality that Vista sales are not exactly going like gangbusters.

Tom, All I can say is, I wish you had read my original post before commenting. Perhaps that's just one of those good old journalistic niceties that we simply don't have time for any more. :)

If you did read my original post, please accept my apologies.

MVPs are also some of Microsoft's sharpest critics. An excerpt from the article in Computerworld:

Paul DeGroot, an analyst at Directions on Microsoft, a research firm in Kirkland, Wash., agreed that MVPs are both "in Microsoft's camp" and its "best critics" at the same time.

"They criticize from a position of deep knowledge about the products and how customers use them," DeGroot said. "So when they say something, they know what they're talking about, and they're not inclined to take cheap shots. They'd rather fix things than lay blame."

MVP or not, my opinion and criticism of InfoWorld in this matter wouldn't have changed. It is sad to note that what is otherwise a well-regarded tech journal is increasingly sounding like the MAD magazine of tech journalism on this topic.

iPhone, meet Exchange: Apple announces Exchange ActiveSync support

Finally, Apple announces Exchange ActiveSync Support.

Phil Schiller, Apple's Senior VP of Marketing, announced minutes ago what many have suspected all along - Apple chose to go with Microsoft by licensing EAS. Schiller demonstrated EAS on the iPhone, including the ability to remotely wipe an iPhone.

Without taking names, Phil also criticized the BlackBerry approach of routing mail through its datacenter, and the accompanying risks and reliability issues. Devices compatible with EAS, including devices running Microsoft's Windows Mobile OS, can synchronize email, calendar, and contacts directly with an Exchange Server.

Terry Myerson, Microsoft's corporate VP for Exchange, met Schiller daily for 2 weeks to make the agreement possible. Says Myerson, "When it comes to mobile phones, Windows Mobile still delivers the premier mobile e-mail experience for Microsoft Exchange Server, by delivering the Outlook experience on a mobile phone and with the most complete support for Exchange’s many enterprise device management policies. But, we also partner with many mobile device makers – including Apple – and believe that by making Exchange an open platform, our customers and partners, ultimately, will be the beneficiaries."

Update:
- The new iPhone 2 firmware with ActiveSync support will be released in June.
- Apple is accepting applications for its iPhone Enterprise Beta Program

InfoWorld's campaign to "Save Windows XP"

I've been an avid reader of InfoWorld for as long as I can remember. It is one of the finest trade publications out there. In case you've missed it, they've been running an online campaign to "save Windows XP". A few weeks ago, they announced that 75,000 XP users had signed up for it (Read "75,000 demand Microsoft keep Windows XP going"). If you look at the numbers, it's a tiny fraction of the overall number of Windows XP users.
Update: The last update from InfoWorld is dated Feb. 28th- the number reported is 97,280.

InfoWorld says its readers want Microsoft to keep selling and supporting Windows XP indefinitely. Given that Windows XP was released back in 2001 - almost 7 years ago, is Microsoft wrong in ending support for a product that has certainly lived past its shelf life? If you work in the software industry, dealing with today's rapid-fire software releases, it's hard to imagine supporting something that old!

From Save Windows XP! The clock is ticking:

Millions of us have grown comfortable with XP and don't see a need to change to Vista. It's like having a comfortable apartment that you've enjoyed coming home to for years, only to get an eviction notice. The thought of moving to a new place -- even with the stainless steel appliances, granite countertops, and maple cabinets (or is cherry in this year?) -- just doesn't sit right. Maybe it'll be more modern, but it will also cost more and likely not be as good a fit. And you don't have any other reason to move.

Reading the above, you get the impression that somehow Microsoft can and is actually forcing existing users of Windows XP to stop using that OS past June 30th, 2008. That is completely untrue! All Microsoft is saying is - this product has reached its end of life, and we will stop selling it by that date. It really has no impact on existing users who want to continue using it.

The fact is: your licensed copy of Windows XP doesn't come with an expiration date.

If you have an XP license today, or buy one by that date, you can install it on any computer you buy two, five, ten, or any number of years from now, provided the hardware is compatible. This does not apply to OEM licenses sold to computer manufacturers like Dell, HP, or Gateway - which are tied to the computer they ship with.

Microsoft's Windows Lifecycle Policy: Selling Windows, And Supporting It

Microsoft's Windows Life-Cycle Policy states that:
- Direct OEM and retail licenses will be sold till June 30th, 2008.
- System Builder licenses will be available till January 31st, 2009.
- The policy further states that "licenses will continue to be available through downgrade rights available in Volume Licensing programs after end of general availability".

Though Microsoft will stop selling Windows XP based on the above timeline, support for the operating system isn't going to end when that happens. Microsoft Support Lifecycle explains Microsoft's support policies, including what mainstream and extended support mean. According to the Microsoft Support Lifecycle for Windows XP:
- Mainstream support will end on April 14th, 2009.
- Extended support will be available for five years from that date, till April 8th, 2014!

For a product with General Availability dating back to December 31, 2001, Windows XP doesn't seem like a product that's being retired prematurely.

On a second look, InfoWorld's case isn't so much for Windows XP, as it is against Windows Vista. Running alongside the Save Windows XP articles: Why people hate Vista and Time to dump Windows?.
Update: To be fair to InfoWorld, they've also recently published "How to deploy Windows Vista".

A quick look at some of the arguments against Windows Vista:

Vista a resource hog? Yes, Windows Vista requires more resources - and the last time I looked around, today's PC hardware was more than adequately equipped for Vista. Most decently-configured laptops, including the entry-level ones that sell for way under a thousand bucks, ship with dual-core processors and 2 Gigs of RAM. And under a thousand bucks get you what can be considered a state-of-the-art quad-core desktop with 3-4 gigs of RAM. In fact, a few weeks ago I was pleasantly surprised by the price of 4 Gigs of RAM for my laptop - $79!

Vista isn't designed to run on yesterday's hardware, and there's no reason for Microsoft to be apologetic about it. It's the same hardware + OS + apps purchase cycles we've been used to for a long time now. What do you want to buy the next time your three or five-year-old computer dies, or you simply get fed up with it and want something new? Do you look for a single-core Pentium 4 processor that can run Windows XP well - assuming you can find one? (As a sidenote, I'm writing this on a single-core Pentium 4 box running Windows Vista, and doing fine, thank you! I also had a 400-Mhz (yes, Mhz... ) PIII box with all of 256 Mb RAM running Windows Server 2003, AD, and Exchange Server 2003 for years, till it died last year.)

It's the same cycle as buying microwaves or vacuum cleaners - they get old, stop working, or simply get in the way and impair users' productivity. When that happens, you go out and buy a new one, generally in the same price range or perhaps a little cheaper, but something that has all (or most of) the bells and whistles - the right stickers, logos, and features that a contemporary microwave or vacuum cleaner would have.

PCs are no different. In fact, thanks to Murphy's Law and the underlying technology breakthroughs, we generally get a lot more bang for our buck with every upgrade cycle.

If your microwave/vacuum cleaner/PC isn't broken yet (or more importantly, if you aren't fed up with it, and it isn't getting in your way), there's really no reason to buy a new one. Unless you like buying new computers every couple of years, or sooner, and can afford to do so.

Drivers: Yes, drivers. Somehow Microsoft is to blame for the perceived lack of drivers. Personally, I haven't come across any piece of hardware recently - a display card, printer, or other peripheral that does not sport a driver for Windows Vista, or otherwise caused any compatibility issues. For most part, everything works out of the box.

Security: Security, you say. Seems like Windows Vista has proved its credentials on that front. Agreed, UAC can be a little annoying at times, and gives Apple a great talking point for its commercials, but that doesn't take away from the fact that Vista is a much more secure OS than Windows XP ever was. In fact, Vista does very well on this front compared to other OSes, including Apple's. Read previous post about the 6-month vulnerability report "Numbers talk: Vista most secure OS of all?", or grab the more current one-year vulnerability report.

User Account Control

It is easy to criticize the UAC feature without getting a good understanding of what it does and the problem it's intended to solve for IT departments. After years of extolling the virtues of not logging on using an account with administrator privileges for day-to-day stuff, I love UAC! It ensures administrator privileges are not available to your session all the time - even if you're logged in as an administrator. Not only does this protect computers from malicious code, it also protects users from themselves. When you do need to perform a task that requires administrator privileges, you are prompted for it.

Security has a cost - often measured in user inconvenience. Many security products and features come with some inconvenience to users. The argument shouldn't be about whether to have UAC, but about the ability to fine-tune it to an organization's security requirements. Arguably, this could be refined further to allow more granular control, but being aware of the options already available, including the ability to turn it off using Group or Local Policies helps.

The following graph from the one-year vulnerability report shows vulnerabilities found in Windows Vista, Windows XP, Red Hat Linux, Ubuntu, and OS X in the first year of release. It's clear what the numbers reveal, though many of us often tend to get more influenced by anecdotal evidence- particularly in this context.


Figure 1: Vulnerabilities found in Windows Vista in the first year of its release compared to other operating systems

Vista is slow: One of the more common arguments against Vista, slow is a relative term. Slow as compared to what? Running on the same hardware as my Windows XP computer, performing the same tasks, I haven't noticed this slowness. If you benchmark performance results, Vista can be proven to be slower than anything. The questions to ask: - When was the test conducted? What version of Vista? What kind of hardware? What kind of applications? And more importantly, how slow was it really?

Yes, you may lose a few percentage points in performance, but there are gains in usability and new features.

I wouldn't blame InfoWorld for wanting to ride the "Bash Vista" bandwagon - it's fashionable to do so. To our relief, there are some saner voices out there. Like InfoWorld's own columnist, J. Peter Bruzzese. Peter writes in his Enterprise Windows column - titled "Save XP? Why bother?":

The fact of the matter is, Vista is incredible. I've been working with it since Beta 3, and I won't return to that cartoon-looking XP for anything. Not only is it more secure than XP, it includes a host of invaluable new tools and applications (more on those in a bit).

Yes, Vista is more resource-intensive than XP. Yes, upgrading from XP to Vista requires putting some cash on the table. But Vista beats XP hands down, and the Save XP campaign amounts to unfairly criticizing Microsoft for adhering to a core capitalist practice: retiring an old product to sell newer, better ones.

That "yucky Windows"

My 4-year old son agrees with Peter's assessment about XP. For the few days that I had a loaner Media Center PC running Vista, not only did the little one get quite comfortable with it, he fell in love with it. When it was time to get my XP Media Center PC back from repairs, there were angry protests about having to deal with the "yucky Windows" (that would be XP!) that one doesn't ordinarily associate with someone his age.

Though a lot of it has to do with the aesthetics - the "X button that glows" when he wants to close a window and Gadgets that expand his vocabulary - isn't the UI and usability a big reason why we choose to use Windows and the exact topic Apple can't stop talking about when it comes to OS X?


Figure 2: Windows Vista's Media Center interface

I finally upgraded the box - the last one I had with Windows XP, to Windows Vista on the last day of 2007. The delay was in large part because of the vendor - name withheld, mislabeled the TV tuner driver, causing a lot of confusion amongst its customers.

As a sidenote to this sidenote, Media Center is probably the most mission-critical app of all, as far as end-users/home users are concerned... an email outage at work is probably something you can survive and live to tell the tale. A "TV outage" at home is an event unmatched in its criticality, perhaps deserving a designation higher than P1/S1.

What kind of supporters is InfoWorld touting with its Save XP campaign? Let's turn again to Peter's column:

If you read a lot of the comments that people have been adding on the Save XP pages, you might note that an awful lot of people say, "Go to Linux," or "That's why I use Linux." You know, I've never heard a Mac user complain about Apple or their Mac, nor a Linux user complain about Red Hat or whatever version they are using. That's not to say they don't have problems; they just keep the discussion among themselves. But they are having a field day watching Microsoft users fight each other. Ever think they're the ones stirring up this whole Save XP campaign?

Come on InfoWorld, it's time to give up the skepticism, and that childish campaign. Users are moving to and using Windows Vista, and that will only accelerate going forward, now that SP1 is here. Users and organizations who want to continue using Windows XP can take their own time to upgrade - Windows XP will still be available for the foreseeable future, and supported for a much longer period (as stated in Microsoft's product lifecycle policies referenced in this post).

DST 2007: December 2007 cumulative time zone update for Microsoft Windows operating systems

The last time we took a look at the timezone changes was when the August 2007 cumulative time zone update was released (Read previous post: "DST 2007: August 2007 Cumulative Timezone Update for Windows operating systems"). The August 2007 update included new timezone data for Caucasus Standard Time, Armenian Standard Time, New Zealand Standard Time, GTB Standard Time, and Jordan Standard Time. Some updates were minor - such as changing the display name of a time zone.

In December, Microsoft released another time zone update - KB 942763: December 2007 cumulative time zone update for Microsoft Windows operating systems. Changes:
- Arabic Standard Time: Adjusts DST start and end dates for Baghdad time zone
- Australia: Central Australia, Eastern Australia and Tasmania Standard Time - these start and end on the same day.
- Egypt Standard Time: Adjusts DST start and end dates for Cairo time zone
- Israel Standard Time: Adjusts DST start and end dates for Jerusalem
- South America: E. South America Standard Time, Central Brazilian Standard Time - Adjusts DST start dates and end dates for the Brasilia time zone and for the Manaus time zone
- Venezuela Standard Time: Adds a new time zone for the Caracas time zone

Updates in the above list reflect the latest time zone changes made around the world after the Aug. 2007 Cumulative Timezone Update was released. If you've already applied the previous updates affecting your locale, and rebased appointments, the latest update will not change anything for you.

Also note, this is a cumulative update. It includes all previous timezone updates.

Related posts:
- DST 2007 Rollup Post

Rain City Guide: Seattle companies get no love

Just back from a good part of a week spent on the Microsoft campus, discussing Exchange developments - far more exciting than the new gadgets being unveiled at CES in Vegas all week. Though it rained almost every single day, and even snowed the night before I arrived, the weather wasn't really that bad, and the sun showed up on Friday morning. Back here in the Bay Area, the weather's been beautiful - it almost feels like spring's here!

Galen Ward in a blog post on the Rain City Guide, a great Seattle-area resource:

I'm no Microsoft "fanboy", but have you ever noticed that when they release some half baked project with a promising future (Microsoft Unified Communications Products) they get a log of grief ("Microsoft's Phone Ambitions Face A Winding Road"), but when Google comes out with a half baked product with a promising future (Google's "Presentations"), the media thinks it's cool and they focus on the future potential ("Google Presentations... one more step in the right direction").

The media's love affair with Google is never-ending. (As a sidenote, just noticed Google's Gmail web-based email service is still in beta... the oldest messages in my Gmail account are from 2004! What's interesting - nobody really cares, or even notices any more.)

Apple and Steve Jobs seem to get the similar favored treatment. To Apple's credit, it makes some really cool products, backed by some clever marketing and a media-savvy Jobs. It's MacWorld time, and the euphoria seems to be building up. As Jobs prepares to take the stage at Moscone Center tomorrow, speculation is rife about a new 3G iPhone and a new ultra-portable MacBook.

It's also time to speculate about ActiveSync support (read previous post: "Apple Licenses Exchange ActiveSync for the iPhone?).

Redmond on Exchange's Evolving Strategy

Tony Redmond outlines his perspective of how Exchange will evolve over E14 and onwards in this Windows IT Pro article. The key areas, according to Redmond, are automation, virtualization, mobility, Unified Communications, Information Management, and Software as a Service (SaaS). Read "Exchange's Evolving Strategy" on WinItPro.com (requires subscription).

Released: Exchange Server 2007 SP1

Great news, in words of Exchange TAP Program Manager David Espinoza: "Exchange Server 2007 SP1 has left the building". The "pack of goodies" is Build 240.06 - download it here.

(Read the announcement on the team blog, with feedback from TAP customers, including Zenprise.)

Congratulations to the Exchange product team for shipping an unusual service pack, loaded with improvements in performance, functionality, plenty of new GUI admin interfaces in the EMC (more details in "New Exchange Management Console Features in Exchange 2007 SP1"), and quite a few new features.

On top of the list for most folks is the eagerly awaited Standby Continuous Replication (SCR), which uses the Database Continuous Replication technology to replicate Storage Groups from clustered/non-clustered sources to clustered/non-clustered targets. Designed to provide datacenter redundancy - the source and target can be on different subnets, in different AD Sites altogether.

Additionally, LCR - used to replicate Storage Groups to another volume on the same server - no longer requires 2-3x the disk IOPS on volumes where the replica is stored. LCR can also use the Transport Dumpster now (restricted to CCR earlier).

Support for Windows Server 2008 also allows Exchange Server 2007 to leverage the new Failover Clustering features in the OS - allowing CCR clusters to span across subnets, making CCR clusters across WAN links easier to deploy.

Exchange ActiveSync (EAS) comes with plenty of improvements as well - users with WinMo (i.e. Windows Mobile) 6 devices will be happy. Administrators will like the number of new settings in ActiveSync policies that allow increased control of devices. (Read previous post "Exchange Server 2007 SP1: Take control of your Windows Mobile devices").

OWA users get Public Folder access, S/MIME support, Personal Distribution Lists, server-side rules, and monthly calendar views, amongst other improvements.

Complete list of features available in "What's new in Exchange Server 2007 SP1".

Make sure you read the SP1 Release Notes before upgrading.

Clichés aside, this is the best Exchange service pack ever.

TechNet Chats: Q&A With the Exchange MVP Experts

Microsoft is holding another round of Q&A chats with Exchange Server MVPs. These were fun the last time (transcripts here), so if you have questions about Exchange Server - planning issues, deployments, best practices, security, HOW TOs, etc., and want answers from Exchange MVPs - pick a convenient time from the following.

Q&A With the Exchange MVP Experts
We invite you to attend a Q&A with the Microsoft Exchange Server MVPs. In this chat Exchange MVPs will be on hand to answer your questions about Exchange Server, Outlook and Exchange for Small Business Server. So if you are thinking of upgrading to Exchange Server 2007 or have questions about Exchange Server 2003 we hope you can join us for this informative online chat!

December 5, 2007 - 10:00 AM Pacific Time - Add To Calendar
December 12, 2007 - 5:00 PM Pacific Time - Add To Calendar

Enter TechNet Chat Room (for both events)

Notes v/s Exchange: Networking's 50 greatest arguments

Network World has an article on Networking's 50 Greatest Arguments. Interestingly (and as expected...), Microsoft is the subject of many arguments in the list, including Netware v/s Microsoft networking, Windows v/s OS/2, Microsoft v/s U.S. Justice Dept., IE v/s Netscape Navigator, Windows v/s Unix, Mac v/s PC, and the inevitable Lotus Notes v/s Microsoft Exchange.

Surprised to find no traces of Windows v/s Linux, BlackBerry v/s Windows Mobile, amongst others.

Microsoft Office Communicator 2007 requires OCS 2007

Microsoft released Office Communications Server 2007 (OCS 2007), its much-awaited next-generation telephony/Unified Communications product, with much fanfare in San Francisco earlier last week. This is a major update to its predecessor - Live Communications Server 2005 (LCS 2005).

The new client, Microsoft Office Communictor 2007, requires OCS 2007 at the server end. It does not work with LCS 2005, even with reduced functionality. More product requirements can be found here for the new Communicator client.

Dvorak on Rethinking Microsoft

John Dvorak says there's plenty of upside for Microsoft and it's time to rethink our attitudes towards the company's stock. More in Rethinking Microsoft on TheStreet.com.

Released: Exchange Server 2007 Management Pack for Operations Manager 2007

Microsoft has released Exchange Server 2007 Management Pack for Operations Manager 2007 (i.e. Microsoft Systems Center Operations Manager 2007).

The Management Pack can be downloaded from here.

Novell credits Microsoft for booming SUSE Linux sales

Novell reported a 243% jump in sales of its SUSE Linux operating system, crediting its alliance with Microsoft. Interesting development, after the initial teething issues the two companies have had with their relationship, and the open source community's quick kneejerk reaction (not that it wasn't expected... ) to it.

Entourage 2008: OOFs coming to the Mac

With the release of Office 2008 for the Mac, Entourage users will be able to use Out of Office messages just like the rest of the world (i.e. Windows users with Microsoft Outlook) have been doing forever. Entourage 2008 supports Exchange Server 2007's enhanced OOF functionality, including the ability to schedule OOF start and stop times in advance, and set-up separate OOF messages for co-workers and external recipients.

Nevertheless, Entourage 2008 doesn't come close to Microsoft Office Outlook 2007 as far as features go. There's no capability to schedule resources, and no MAPI (recently rechristened "Outlook-Exchange Transport Protocol"), amongst a long list of other features on Entourage users' wish list. More in Lead Program Manager Andy Ruff's post "Office 2008 Enterprise Series: OOF Coming to Entourage" on the Office for Mac team blog.

Exchange Server 2007 SP1: Take control of your Windows Mobile devices

Microsoft announced availability of SP1 Beta 2 as a community technology preview (read Exchange product group GM Terry Myerson's post "Announcing Service Pack 1 Beta 2 for Exchange Server 2007"). Yes, the much awaited bag of goodies that SP1 promises to be is now within reach, if you're a TechNet Plus or MSDN subscriber.

SP1 greatly enhances policy-based control of Windows Mobile devices - ActiveSync policies now have enough settings to please most IT security folks and administrators who require more control over mobile devices.

Here are some screenshots.


Figure 1: The Password tab now allows you to enforce encryption on storage cards inserted in Windows Mobile devices



Figure 2: New Sync Settings tab allows control of messasge sizes (that can be synched to device), restrict synch when roaming, allow/disallow html mail on device, restrict attachment downloads and control attachment sizes (that can be downloaded). You can also control how many days/weeks worth of past email and calendar items can be downloaded to WM devices.



Figure 3: New Device tab allows control of device components like Wi-Fi, camera, removable storage cards, infra-red, and Bluetooth (including ability to limit Bluetooth connectivity only to hands-free headsets), restrict RDP sessions from device, restrict synchronization from a desktop, and restrict internet sharing from device.


Figure 4: New Advanced tab allows control of browser usage, consumer mail (i.e. home/personal email accounts), unsigned applications and unsigned installation packages, and also restrict which applications can and cannot run on a device, (comparable to some Group Policy settings that can be applied to Windows desktop/client and server operating systems)

As the screenshots above state, the settings on the Device and Advanced tabs require an Enteprise CAL for each mailbox that has these settings enabled.

Windows Mobile shops have a lot to be pleased about with SP1, as Exchange ActiveSync + Windows Mobile get ready to give BlackBerry a run for its money.

NetCraft: IIS gaining ground on Apache

Internet research firm NetCraft reports Microsoft's IIS web server is now gaining ground on its open-source rival Apache. Out of close to 128 million web sites surveyed this month, 34.2% use IIS - an increase of 1.4%. Apache's marketshare slipped by 1.7%, to 48.4%. More in NetCraft's August 2007 Web Server Survey.

Update:
Eric Lai reports on Computerworld.com: "Survey: Apache could lose Web server market lead to Microsoft by 2008".

Lai quotes open source proponent Bruce Perens: "But businesses that use IIS are bringing trouble upon themselves, he argues. "My own Web server running Linux does not have a firewall, it's been on the Net for 10 years and has never needed one. Try running any MS operating system naked on the Net that way."

First thing, hats off for running the same server for 10 years! (I'm interested in finding out who the vendor is, since my own boxes don't live nearly as long...)

For an open source proponent, Peren's view is hardly surprising. I've hosted an IIS server on the web (the one on which this blog was previously published) for 3+ years - with (gulp!) no firewall! Windows is an easily securable platform than many open source proponents realize. The built-in IPSec support provides adequate protection, imo. (Check out Steve Riley's 2-part article on TechNet about IPSec and usage scenarios: Using IPsec for Network Protection). Coupled with some basic server hardening steps and implementing the security policies available in Group Policy/Local Policy, you can run a Windows+IIS server on the internet and not lose sleep over it. (No, I'm not recommending you try this at work). :)

FireFox 2.0.0.6: Mozilla fixes the IE security hole that wasn't

You've probably heard about the FireFox patch that fixed a vulnerability caused by IE? Here's more.

July 10: Mozilla's head of Security Strategy Window Snyder writes: "Today security firm Secunia released an advisory on a security issue found (apparently) simultaneously and independently by Greg MacManus and Billy Rios based on a previously reported issue in Safari found by Thor Larholm.

Any Windows application that calls a registered URL protocol without escaping quotes may be used to pass unexpected and potentially dangerous data to the application that registers that URL Protocol. This could result in a critical security vulnerability."

July 18th: Mozilla claims it has fixed the vulnerability in 2.0.0.5, which wasn't really it's own. Window Snyder writes on her blog - "This patch for Firefox prevents Firefox from accepting bad data from Internet Explorer. It does not fix the critical vulnerability in Internet Explorer. Microsoft needs to patch Internet Explorer, but at last check, they were not planning to."

She adds: "Mozilla recommends using Firefox to browse the web to prevent attackers from taking advantage of this vulnerability in Internet Explorer".

Turns out 2.0.0.5 didn't really fix the vulnerability in FireFox!

Microsoft's Jesper Johansson responds in his blog post titled "Hey, Mozilla: Quotes Are Not Legal in a URL". Jesper cites RFC 3986, an internet standard that defines how URLs should be formatted.

July 30: Mozilla releases another update - FireFox 2.0.0.6. Here's more on what's fixed: "Mozilla Foundation Security Advisory 2007-27". (You probably see where we're going with this.... :)

From Window Snyder yesterday (7/30): "We’ve just released Firefox 2.0.0.6 which contains a security patch to mitigate the issue described here. The patch enables percent-encoding for spaces and double-quotes in URIs handed off to external programs. This reduces the risk of malicious data being passed through Firefox to another application that may then trigger unexpected and potentially dangerous behavior."

After crying out loud "It's really Microsoft's fault... ", Mozilla and Snyder didn't really make as much noise about this new patch.

Disclaimer: Given that this is the second post in a row about FireFox, it should be no surprise that I continue to use FireFox as my preferred browser, in addition to Internet Explorer and (gulp!) Safari!

Microsoft's "Creative Product Naming Dept" Does Exist

The "Creative Product Naming Dept" that I've talked about several times here [read a previous post "It's Official - Exchange "12" is now Exchange Server 2007"] does in fact exist at Microsoft! CNET News.com cites recent product names like Silverlight, Popfly, and Surface as evidence that Microsoft "has put in place a concerted effort to improve its product naming". David Webster, a Director at "product naming expert" Siegel+Gale, was hired as GM of Brand Strategy two years ago.

Read more here - "Microsoft looks to improve its name game".

A cool name isn't all that takes for a product to succeed, as highlighted in this list of 10 products with cool names that turned out to be disasters, or didn't "succeed as expected in the marketplace". Ironically, at the top of the list is Microsoft's Zune portable media/music player - read "10 tech disappointments...with cool names" (The Zune doesn't really deserve that spot... it's a decent first attempt by Microsoft).

Interestingly, Exchange had cooler code names like Titanium (Exchange Server 2003), Platinum (Exchange 2000) and so on, till Exchange Server 2007 - codenamed "E12" (no, E12 wasn't that bad, but not quite as interesting or exciting as Titanium, Platinum, Longhorn, Wolfpack, etc.). Perhaps a little late in the game to change the code name for the next version of Exchange, given how far in advance these things are planned.

As far as actual product names go, Exchange isn't likely to see any changes either. E14 will probably be called "Exchange Server [year it'll be released in]", and given Exchange is arguably one of the better Microsoft brands out there, there's little reason to change it.

Nevertheless, if you have any ideas for cool names, please do post it in the comments or send me an email.

Exchange Server 2007 Enterprise CALs: Let Microsoft do the filtering

Microsoft introduced the concept of Standard and Enterprise Client Access Licenses (CALs) for Exchange Server 2007. In previous versions, only the server part of Exchange came in Standard or Enterprise flavors, the latter allowing you the use of enterprise features like more number of Storage Groups and Stores, no limits on Store sizes, clustering, etc.

With a lot more features and functionality in Exchange Server 2007, the Client Access Licenses come in both flavors as well.

If you're planning to buy Enterprise CALs for your Exchange Server 2007 deployment, these come with an interesting benefit. Yes, Microsoft's ForeFront for Exchange is part of the deal, and though it's a good product (its predecessor - Sybari Antigen for Exchange, was for long considered the best of breed anti-virus products for Exchange), that's not the interesting benefit.

That distinction goes to Microsoft Exchange Hosted Filtering, which is part of the Enterprise CAL offering. Yes, this is Microsoft's software product + services play - you can outsource your anti-spam and anti-virus filtering headaches to Microsoft. You may not have to deploy any Edge Transport servers (depending on your organization's security policies, of course.. ).

If you're wondering what the new Standard and Enterprise CALs offer, this page has it all. (Well, almost... - the nuances of Exchange Server 2007 licensing are lost to many, so always get a quote and details from your software vendor or Microsoft rep.).

Things to note:
- the Enterprise CAL is an add-on to the Standard CAL.
- Depending on Exchange Server features used, not all users need an Enterprise CAL.
- Standard Journaling, which offers the same granularity as Exchange Server 2003 - that of journaling at the Store level, does not require an Enterprise CAL
- Premium Journaling: Per user or per distribution list journaling - you need an Enterprise CAL for only the users that'll be subject to/use premium journaling.
- Simply because you require or have Entperprise CALs for users doesn't necessarily mean you require Enterprise Edition licenses for Exchange Server. The Enterprise Edition is required only if you want to scale up beyond 5 Storage Groups/Mailbox Stores, or if you want to use clustering using Exchange Server 2007's Single Copy Cluster (SCC) or Cluster Continuous Replication (CCR).
- As Paul Robichaux notes in WinITPro's "Exchange and Outlook UPDATE" newsletter, there has been a licensing change in CAL requirements: Managed Default Folders like Inbox, Deleted Items, Junk Mail, etc. no longer require an Enterprise CAL, restoring the equivalent of Exchange Server 2003/2000 Mailbox Manager policies (i.e. Recipient Policies with Mailbox Manager settings) without an additional licensing cost. Managed Custom Folders feature, which allows you to create and manage custom folders in user mailboxes, requires an Enterprise CAL.

Note: Mailbox and Public Folder Stores in Exchange Server 2007 Std. Edition do not have size restrictions like the 16 Gb. limit in previous versions. The limit was raised to a max of 75 Gb. in Exchange Server 2003 SP2, and removed completely from Stores in the Std Edition of Exchange Server 2007.

Exchange Server 2007 and Address Literals

RFC 2821 allows the use of a literal form of a recipient's address, which uses the destination system's IP address enclosed by square brackets in the domain part, as an alternative to a domain name. Commonly known as address literals, this form of addressing helps in delivery of mail to a recipient when the recipient's domain is facing DNS issues - such as when DNS servers are not available, or domain registration records point to invalid or old DNS server (as may happen temporarily when moving to different DNS servers and old information lives on in DNS caches... ).

In addition to the technical glitches with DNS, there will always be that odd case of human error, when someone responsible in your organization for domain registrations/renewals, and paying the bills, forgets to pay up for renewal. If it can happen to Microsoft (Hotmail lost the domain name hotmail.co.uk, which expired due to non-renewal), it can happen to any of us.

Exchange Server 2003 supports address literals [read previous post "Address Literals and Microsoft Exchange"]. A Recipient Policy rule can be created to generate literal addresses. This allows mail delivery to a recipient, without relying on or using DNS.

The usage scenario: A monitoring system/service like Zenprise, which monitors service availability for email, DNS, etc. detects unavailability of your external DNS servers/zones, or some inconsistency with DNS zones or records. This affects mail delivery to your domain(s) using your normal email address(es) - e.g. foo@yourdomain.com. In such cases, the monitoring system or service can send mail using the address literal - foo@[1.2.3.4] or notify postmaster@[1.2.3.4].

Exchange Server 2007 does not support address literals - you cannot create an AcceptedDomain and EmailAddressPolicy (together these are equivalent of Recipient Policies in Exchange Server 2003/2000) to generate literal addresses, nor does it support manually adding such addresses to a recipient. Microsoft has no plans of reintroducing it.

However, much as one would like to see these supported, Exchange Server 2007 cannot be accused of not being standards-compliant - address literals are neither a requirement, nor a recommendation according to RFC 2821. It allows the use of such addresses.

Exchange and Security MVP Chats on TechNet This Week

Microsoft is holding Exchange Server Q&A with MVP experts twice this week. Exchange MVPs will be on hand to answer your questions about Exchange Server, Outlook, and Exchange for Small Business Server. So if you are thinking of upgrading to Exchange Server 2007 or have questions about Exchange Server 2003 we hope you can join us for this informative online chat!

Chat 1
When: Tuesday June 19th
Time: 5pm PST or 8pm EST
Where: TechNet Chat Room
No password required
Add to Calendar

Chat 2
When: Thursday June 21st
Time: 10am PST or 1pm EST
Where: TechNet Chat Room
No password required
Add to Calendar

Info and links: Upcoming Chats page on TechNet.

Security Chat

Q&A with the Security MVP Experts

We invite you to attend an Q&A with the Microsoft Security MVPs. In this chat the MVP experts will answer your questions regarding online safety issues such as phishing, spyware, rootkits as well as server related topics. If you have questions on how to protect your PC, please bring them to this informative chat

When: Thursday June 21st
Time: 4pm PST and 7pm EST
Where: TechNet Chat Room
No password required
Add to Calendar

Will Microsoft do a Linux?

The ever-so-opinionated John Dvorak in PC Mag:

People are always looking for the be-all-end-all super-perfect Linux. It will never happen until Microsoft does Linux. Oops. Did I say that?

Excerpt from the column: Has anyone besides me noticed that Linux has become the oddest "flavor of the day" product ever marketed to the computing community? We go from one distro to the next every few months, each one being touted as the "best". That version soon loses momentum and a newcomer takes its place. A few of these one-hit wonders stick around and develop a following but are never considered trendy again.

Just checked www.linux.org/dist - it spews out a list of 205 Linux distributions!!

Will Microsoft ever do a Linux distribution? Some conspiracy theorists would like the world to believe it's in the works. Some would actually prefer Microsoft go that route in a full-hearted embrace of the open source OS. It would be amusing to see a Linux distribution that actually feels and looks like the real Windows, only if to have some of the existing Linux vendors stop trying to do the same. However, as of now, a Microsoft Linux distro doesn't seem very likely.

Besides, Redmond doesn't really need to unleash its own Linux distribution on the world to beat the Linux crowd. It's been trying to do that single-handedly with the number of different editions of Windows.

Think the different versions of Windows Vista - Home Basic, Home Premium, Business, Enterprise, and Ultimate - seen bundled by hardware vendors is confusing at best? Are Windows XP Media Center Edition and the one for Tablet PCs a distant memory? Get ready for a Windows Server editions overload. Microsoft currently ships Windows Server 2003 (SP2) and Windows Server 2003 R2. We've been seeing the Standard, Enterprise and Data Center editions, a little-known and even-less-publicized Web edition, Small Business Server Standard and Premium editions, and a Windows Storage Server (yes, Windows Storage Server is considered a Server OS check here). Most of these ship in 32-bit (x86) and 64-bit (x64 and/or Itanium) editions. On the horizon - a Windows server version for the remote office, and one for the home!

Though I like the ideas behind Home Server, I hope it won't branch out into even more flavors - like the Home Server Small Family Edition, or a Home Server for Grandma Edition. Maybe I'll seriously consider an alternative to Windows if I see a Home Server In-Laws Edition.

Happy Birthday OWA: Outlook Web Access Turns 10!

Outlook Web Access, the web-based interface for accessing Exchange, turns 10 today! Released on May 23, 1997, as part of Exchange 5.0, OWA went by the name "Exchange Web Access" back then.



OWA has come a long way since Exchange 5.0 - abandoning its ability to live on a separate (non-Exchange) IIS server on the way (amongst other things), and gaining exciting new capabilities. Here's an interesting post on the team blog about the evolution of OWA - "Outlook Web Access - A catalyst for web evolution"

OWA 2003 was a huge improvement over OWA 2000 - it became my client of choice to access Exchange. It also became one of the reasons a few deployments I was involved with chose to upgrade - once remote users got hooked to OWA 2003, many didn't want to go back to Outlook client over VPN. (Yes, RPC over HTTP has been around since then, but in the absence of stronger authentication support like RSA SecurID, it's been a challenge to have security folks agree to such access in many cases).



The shiny new OWA in Exchange Server 2007 is quite impressive - it's much closer to an Outlook client - including:
- capability to right-click items and get OWA/email related options (instead of those related to a web page)
- a "browsable" GAL/Address Book that was missing in previous versions (and added by third-party solutions like MessageWare)
- the Outlook-like behavior of new messages popping up without having to refresh
- the new OOF wizard with different OOF options for internal and external recipients and ability to restrict OOFs to a users' Contacts
- Junk Mail management options (Safe/Blocked senders)
- ability to manage Windows Mobile devices
- empty Deleted Items on exit/logoff
- and the less annoying pop-up meeting reminders to name a few.

(A more extensive list of the new features in OWA 2007 can be found in "Client Features in Outlook Web Access" in the product documentation).

Even "OWA Light" - the interface seen by legacy and non-IE browsers, is quite feature-rich and a pleasure to use.

The missing features like deleted item recovery, S/MIME support, Public Folder access, rules, etc. have been a thorny issue. Luckily, these are making their way back in SP1 [read previous post "Exchange Server 2007 SP1: A bag of goodies!"].

It'll be interesting to see what OWA has in store for E14 - the next version of Exchange (yes, I know Exchange 2007/E12 just RTMed, but that's the nature of software companies... with one product version shipped, it's time to work on the next one... :).

Can The Blue Monster Change Microsoft?

Apparently, this cartoon created by Hugh MacLeod of GapingVoid.com is getting traction amongst Microsofties, and outside Microsoft.

Microsoft's Steve Clayton explains what it is in a video.

What strikes me is the simplicity of the message (and the medium).

Hugh adds: "The Blue Monster was designed as a conversation starter. To paraphrase the ongoing dialogue between Steve and I:
For too long, Microsoft has allowed other people- the media, the competition and their detractors, especially- to tell their story on their behalf, instead of doing a better job of it themselves.

We firmly believe that Microsoft must start articulating their story better - what they do, why they do it, and why it matters- if they're to remain happy and prosperous long-term."

Interestingly, the "Change the world... " phrase has a strong association with Apple CEO Steve Jobs. His offer to PepsiCo President John Sculley to head Apple in 1983 (as commonly reported) - "Do you want to spend the rest of your life selling sugared water or do you want a chance to change the world?" Looking back, the Mac didn't really change the world if you consider its marketshare, though it does have a cult-like following of Mac fanatics, and Apple has the best product design by far. Apple's iPod music player, however, is a different story.

Hilf: Don't look at Fortune magazine as the manifestation of Microsoft strategy

In an exclusive interview to InfoWorld magazine, Microsoft's Bill Hilf clears up the air [read previous article - "Bill Hilf: Free Software Movement Is Dead"] about Microsoft's open source strategy, and its patent infringement claims. According to Hilf, Microsoft's strategy hasn't changed. It's not on the litigation path. Ignore Fortune's spin on Microsoft counsel Brad Smith's interview.

"Our strategy from everyone in the company -- from [Steve] Ballmer to Brad Smith to me and everyone in between -- has always been to license and not litigate as it relates to our intellectual property. So we have no plans to litigate. You can never say we'll never do anything in the future, but that's not our strategy. That article spins it on the attack. The only new piece information in that article is that it just put a number on the patents", says Hilf.

Read the complete interview on Infoworld.com.

CAS In DMZ Redux: Time For an OWA Appliance?

The number of times I continue to field this question is amazing - Can the Client Access Server be located in the perimeter (DMZ) network? I wrote about it not too long ago [read previous post titled "Locating Exchange Server 2007 CAS role in the perimeter?"]. Exchange folks continue to get the standard requirement/mandate from security departments - an internal server (i.e. one located behind the internal firewall) cannot be made accessible from the internet. The security rule of thumb for long has been - if it needs to be accessed from the internet, it resides in the perimeter.

Exchange Server 2007 Client Access Server (CAS) role is not supported in the perimeter. In fact, the only role that's supported and intended for the perimeter network is the Edge Transport server. Those new to Exchange Server 2007 cannot be blamed for contemplating the possibility of making the Edge Transport server "an OWA server". It resides in the perimeter any way, so why not?

The Edge Transport server role does not co-exist with any other server role, and it's typically not a member of your Active Directory domain. (You can locate it on the internal network if you wish, and you can install the Edge on a server that's a member of your AD domain - but that's not the intended purpose - Bharat).

The alternatives
a) You could open the necessary ports on your firewall(s) to make the CAS accessible from the internet. Yes, that's a non-starter for most. The thought may seem scary, or you may run the risk of being laughed out of your job by the security folks.
b) Publish CAS using an application-aware or application-layer firewall/SSL VPN. Microsoft's ISA Server does the job really well.

I've been very impressed with Whale Communications' implementation - their e-Gap/AirGap (I always got confused between the two - Bharat) will certainly win the approval of the most demanding security departments. Microsoft bought Whale about a year ago (read previous post - "Microsoft buys Whale Communications"), and Whale appliances are now sold as Microsoft Intelligent Application Gateway 2007 - a part of Microsoft ForeFront security solutions.

Perhaps the Exchange team should seriously think about an Edge-like equivalent of the Client Access Server role - a server that can be located in the perimeter to provide secure access to OWA, OutlookAnywhere (RPC over HTTP), POP3, IMAP4, and ActiveSync. (I'm guessing the idea must have been bounced arond... ). Yes, ISA and the IAG can do it - but it may be a lot easier to deal with security folks if an Edge-like server role or appliance is available that can be located in the perimeter.

While we're on the topic - since the Edge Transport server (and its CAS equivalent I proposed) do not need to be members of an AD Domain, it would be great to have these as appliances - stuff you plug-in, spend a few minutes configuring - perhaps using a web-based interface, and forget about.

Are you ready for the Edge and OWA Appliances?

Bill Hilf: Free Software Movement Is Dead

This may add a lot of fuel to the platforms (Windows v/s Open Source and Almost Open Source But Never Free) debate, and will certainly balloon into a controversy of interesting proportions.

Bill Hilf, Microsoft's GM of Platform Strategy, said in a recent interview in Bangkok: "The Free Software movement is dead. Linux doesn't exist in 2007. Even Linus has got a job today."

Most Linux customers run a distribution - Redhat, Novell, Suse, or Mandiva. Most of the work done on maintaining the Linux kernel is done by developers working for these distributions. They are full-time employees, with 401K (and) stock options. What does it mean? It means that Linux doesn't exist any more in 2007. There is no free software movement. If someone says Linux is about Love, Peace and Harmony, I would tell them to do their research. There is no free movement any more. There is big commercial [firms] like IBM and there is small commerical [firms] like Ubuntu.

Why should one listen to this guy? Before he joined Microsoft, Hilf led IBM's Linux/Open Source technical strategy worldwide. Seems like he would know a thing or two about open source. :)

Read the complete interview - Microsoft director out to 'debunk mythology around open source' - on Bangkok Post's web site.

Personally, I find the terms "Open Source" and "Free Software" amusing. It's another branding war that Microsoft did not make any serious efforts to win. Free software is anything but free, at least for the wide majority of business users. Wait, I'm trying not to get drawn into this debate myself. It's an endless one.

In related news, Microsoft general counsel Brad Smith revealed to FORTUNE magainze that free software like Linux violates 235 of its patents.

Interestingly, Eben Moglen, longtime counsel to the Free Software Foundation says - software is a mathematical algorithm and, as such, not patentable. It's one thing to say the current (software) patents regime is a tad overdone, but to suggest that software cannot be patented at all - that leaves me in incredulous disbelief!

The world just became a lot more interesting place to live in. Let the rants begin.

'Crapware'-free: Longhorn Server does not include useless desktop apps

We've been hearing a lot about 'crapware' apps installed by hardware vendors on desktops and laptops - apps like AOL (or other ISP) software, myriad browser add-ins and toolbars, trial versions of anti-virus, firewall, and security software that you may never use - perhaps because your organization has standardized on some more manageable enterprise versions of such apps, or the apps installed are either not the the ones you would choose, or they're completely useless. Annoying as it is to get these apps installed by default, what's even more annoying is the fact that most vendors generally give you no choice to get a computer with a "clean"/base operating system installed.

Given the razor-thin margins in the PC industry, vendors cannot resist augmenting their bottom line through such deals with application vendors.

However, little attention has been paid to the crapware that comes with the operating system itself. For instance, why does a server OS need Windows Media Player installed by default? Cursors of different shapes and sizes? Themes and wallpapers? NetMeeting? It's a long list.

It's a common practice in many organizations, where servers are deployed/redeployed on a regular basis, to build a secure server image sans all these apps and services that are of no use on a server (further locked down using the organization's secure server build procedures).

Luckily, that's not the case with Longhorn server. None of the crapware or desktop-like apps get installed by default. Should you want to, features like "Desktop Experience" can be installed.


Click here for a complete screenshot

Additionally, Server Core - a barebones install of the OS sans the Windows Explorer GUI interface (can be managed locally from the commandline or remotely from a workstation with management tools installed), and purposing a server based on server roles - 17 of them available in Beta3, ensures Longhorn servers are leaner, with a reduced attack surface.

It's important to realize that the Windows management experience is going to change from the everything-turned-on-by-default model of previous versions of Windows (server and client OSes), where you disabled or removed the components you did not need, to one where you get a basic install that makes the OS functional, requiring other components to be added/enabled/configured later, as required.

One component that does get installed by default is Internet Explorer. It would be great to get rid of this as well - though a web browser may be seen as an essential component of the OS by many, particularly - as the argument goes - for the ability to download patches/updates/drivers, etc., do you really want to browse web sites from the server? Using IE?

Exchange Hosted Services is not hosted Exchange

Like many folks out there, I believed - wrongly so, that Exchange Hosted Services is hosted Exchange, and competes with Microsoft/Exchange's model of selling Exchange Server software licenses.

Thanks to Paul Englis, PM, UC Services, for the clarification - EHS offerings include Exchange Hosted Filtering - an anti-spam/anti-virus filtering service, Exchange Hosted Archive - an outsourced mail archiving service for message retention, Exchange Hosted Continuity - which allows users to access their last 30 days' email over the web and send/receive new mail - to reduce impact of a mail server outage on users, and Exchange Hosted Encryption - which offers policy-based message encryption. These services complement your (in-house/on-premise) Exchange deployments, not replace them.

Microsoft does pitch hosted Exchange (as in hosted mailboxes) through its partners, and given the general tone of the hosted Exchange/Exchange Hosted Services message, one cannot be blamed for thinking Microsoft is hosting Exchange. For instance, take a look at the pricing/licensing page for Exchange Hosted Services.

On the above page, before you get to the pricing for Exchange Hosted Services - a Microsoft offering, the company pitches Exchange Hosted E-mail - provided by its hosting partners.

Regardless of who does the actual hosting - Microsoft itself, or its partners - it is about giving customers a choice - on-premise/in-house, or hosted.

A third alternative, and one not offered by Microsoft, is managed services - the infrastructure can be on-premise/in-house, but managed by a managed services provider (MSP), which promises the best of both worlds - if you're convinced enough.

For many organizations, hosted Exchange makes sense - whether it does for you or not depends on your evaluation criteria, cost being a major one. (It's a hot-button issue for many Exchange folks, and a topic for another post... - Bharat)

Drumroll: MAPI is now Outlook Exchange Transport Protocol

Messaging Application Programming Interface - or MAPI, the equally loved (overstatement?) and hated protocol used by Microsoft Outlook to communicate with Microsoft Exchange Server, just got rechristened! It's now called Outlook Exchange Transport Protocol. Found this little tidbit burried in Paul Robichaux' blog.

Saw it mentioned as such on a Microsoft licensing web page not too long ago (linked from Paul's post), but I didn't really hear or read about the name change till I saw his blog post. As he notes in the post, "MAPI is dead as a name, but I suspect it'll be a loooong time before those four letters are expurgated from all of the existing MS documentation and support materials"... and from our collective memories, if I may add.

Exchange Server 2007 Service Pack 1 Beta 1 available to subscribers

Microsoft has released Exchange Server 2007 SP1 Beta1 to TechNet and MSDN subscribers. Both the 32-bit (for test/lab use) and 64-bit versions are available on TechNet. MSDN shows only the 64-bit version.

If you subscribe to TechNet or MSDN, head over to either site to download Beta1. (Charged up with enthusiasm as you may be about SP1, it's not recommended to install beta products in production... :)

Internetnews.com: Surprise, Microsoft Listed as Most Secure OS!

Microsoft has no dearth of critics as far as security goes, particularly from the open source bandwagon. Apple's commercials certainly show no mercy when talking about this issue, and frankly the commercials are quite funny and well-executed, imo (..but then isn't marketing the art or science of being as far removed from the facts as possible without getting caught? :).

Nevertheless, the numbers tell a different story, and so does a recent report from Symantec - the vendor of anti-virus and security software who can be accused of being anything but too kind to Microsoft as far as security goes.

"...Symantec, no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors", writes Andy Patrizio in an InternetNews.com article titled "Surprise, Microsoft Listed as Most Secure OS".

According to Symantec's 11th Internet Security Threat Report, Microsoft Windows had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last six months of 2006.

Here's how they fared in the second half of 2006, according to the report:
1. Microsoft Windows: 39 vulnerabilities found, 12 high-priority/severe, average time for a patch: 21 days.
2. Red Hat Linux: 208 vulnerabilities, 2 severe, 130 medium severity, 76 low severity, average time to fix: 58 days.
3. Apple's Mac OS X: 43 vulnerabilities, 1 severe, average time to fix: 66 days
4. HP-UX: 98 vulnerabilities, average time to fix: 101 days
5. Sun Solaris: 63 vulnerabilities, average time to fix: 122 days

Coming from a source which cannot be accused of any bias towards Microsoft, this is an interesting revelation! Though it can be argued that Microsoft had the highest number of severe vulnerabilities, it's comforting to note the company's doing better than most vendors of releasing patches for those in a timely fashion.

Paul Thurrott: Microsoft Showed Practicality, Compassion for Mac at Apple's Lowest Point

Paul Thurrott is one of the columnists and tech writers I enjoy reading every column and product review from. He is opinionated, criticizes Microsoft when it's appropriate (and isn't kind when he does it...), and gives credit to the company where credit is due.

In his latest WinInfo newsletter/column titled "Microsoft Showed Practicality, Compassion for Mac at Apple's Lowest Point", he talks about how Microsoft helped save a close-to-bankruptcy Apple back in 1997 by releasing Mac Office 97, and investing $150m in the company.

Of course, Mac fanatics and the Mac media will never agree with this account. Bill Gates pushing for an early release of Mac Office 97 when it made little business sense to do so, given the Mac's meager and declining market-share at that time? That's hardly sensational. Microsoft as the big bad software giant out to quash little Apple Computer and other would-be competitors - that sells more copies. :)

Thurrott's column also has a link to a court document (PDF) containing the relevant email.

Makes for interesting reading - read the WinInfo column on WinITPro.com.

As a bonus, you can watch this (I highly recommend it... ) video clip on YouTube that shows the ever-so-charismatic Mr. Jobs talk about "a meaningful partnership" with Microsoft, at MacWorld Boston in 1997.

Did we really hear the MacWorld audience applaud when Jobs announced Microsoft promises to release Office for the Mac "for the next five years"? :)

Wait, did he also say IE is a really good browser too?

Jobs: Microsoft is buying $150 million of Apple stock.
Audience: Booooo..
Jobs: Non-voting shares.
Audience: [applause.... ]

DST 2007: Understanding what needs to be done and how to do it

As we head closer to March 11, which is when the extended Daylight Savings Time kicks in - 3 weeks earlier this time, thanks to the Energy Policy Act, here are answers to some more commonly asked questions.

This is not meant to be a comprehensive guide to DST 2007 (at least as of writing) - I have not covered details of how to run the Exchange Calendar Update Tool (MsExTmz.exe) in this post. The tool is covered quite well by Microsoft KnowledgeBase articles, in particular KB 930879: How to address daylight saving time by using the Exchange Calendar Update Tool, and posts on the Exchange team blog.

Microsoft has updated its guidance in the past few days, and the relevant Microsoft KB articles have been updated accordingly. Keep an eye on the date and versions of the KBAs you refer to. These now include a change log as well - thanks to the folks who thought of including this within the KBA for this time-sensitive issue.

In this post, I’ll talk about the relevant patches/updates and the tools made available by Microsoft. I’ll also take a look at how time works, how appointments are booked, what rebasing does, what specifically needs to be updated, and then go through the order of doing things. Needless to say, the exact order of doing things has many folks in different states of confusion, and as I write the guidance on that appears to have been locked in.

- Through the rest of this post, I will refer to calendar items as appointments - these can either be appointments created for yourself, or meetings where you invite others.
- I will also use the term Microsoft Outlook Calendar Update Tool to refer to the Time Zone Data Update tool for Microsoft Office Outlook, and once again request the marketing folks and product groups at Microsoft to coin names that are no longer than 2-3 words (4 words being the hard limit... :) - you could see the March 11 deadline for DST 2007 fly by you in the time it takes to say the Microsoft name for this tool.

1. KB 931836: February 2007 Cumulative Time Zone Update for Microsoft Windows operating systems:
What this does: Updates time zone information/rules in the Windows operating system. Windows stores time zone information in the registry. This updates those time zones, and tells the OS when the extended DST time will start and end in 2007 (amongst other things).
Operating Systems: Windows Server 2003, and Windows XP SP2.
What about Windows 2000 and Windows XP prior to SP2: These OSes are no longer in active support. Refer to KB 914387 - basically you'll have to hack the registry to update these OSes with DST 2007 time zone info.

2. Exchange Server CDO Patch: Exchange Servers have CDO installed. This is used by apps that use CDO - like OWA for instance, to perform functions like creating appointments. Third-party applications like RIM's BlackBerry Enterprise Server also use CDO. CDO has timezone information embedded in it. As such, it is important to update CDO on Exchange servers. There are 2 versions of the CDO patch available:
KB 926666: Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2
KB 931978: Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 1
Note: Computers running Exchange System Management Tools also have CDO installed, as do app servers like RIM's BlackBerry Enterprise Server (BES). These need to be updated as well.

What about Exchange Server 2007? This is the latest version of Exchange, and it does not require any CDO updates. However, appointments in mailboxes on Exchange Server 2007 servers created using the old DST 2006 time zone rules will need to be rebased.

What about "legacy" Exchange versions, like Exchange 2000 for instance? These versions are not in active support as of now. You should contact your Microsoft Technical Account Manager (TAM)/rep to obtain any support or patches. Yes, there may be costs involved, and it's not the purpose of this post to delve into that, but I have commented about it in an earlier post. Apart from the CDO patch, appointments in mailboxes on these servers will also need to be rebased using either the Outlook or Exchange Calendar Update Tool.

3) The Tools: There are two tools made available by Microsoft.
i) Microsoft Outlook Calendar Update Tool/Time Zone Update Tool for Microsoft Outlook (TZMOVE.EXE): This is the tool that can be used by end-users to rebase their own appointments. We will get into rebasing in a moment.
Downloads: 1) Outlook Calendar Update Tool 2) Update: Hotfix for the Outlook Calendar Update Tool (KB 933146, Revision 1.1, Feb. 28, 2007). Allows force rebasing, rebasing Direct Booking resource mailboxes and Public Folders. Creates an item modification log.

ii) Microsoft Exchange Calendar Update Tool (MsExTmz.exe): This is the tool that can be run by administrators to rebase appointments for a bunch of mailboxes. It's important to note that you shouldn't install this tool on your Exchange servers, nor on computers running Exchange System Management Tools. It requires Outlook to be installed on the computer you run this from. The tool is a wrapper around the client tool TZMOVE.EXE - it calls TZMOVE and updates users' calendars as if they were running the client tool themselves, minus the UI that clients see which allows them to pick and choose which appointments to update.
Download: Microsoft Exchange Calendar Update Tool v2.0 (date: 2/21/2007, all of 253 Kb)

When you download the Exchange Calendar Update Tool, there's an automated configuration tool called MsExTmzCfg.exe that is also part of the package. What does this do? It walks you through the steps of extracting time zone information from mailboxes and creating the appropriate input files for the update tool to run. You can do without this one and configure everything manually, but this just makes it a lot easier, so it makes sense to use it.

How Time Works!

Now let's take a look at how time works, and the problem at hand.

- Time Zone definitions in registry: As noted earlier, time zone definitions, including details like when Daylight Savings Time (DST) will start and end, is stored in the registry.



- Coordinated Universal Time: Most time related stuff is done using what is known as Coordinated Universal Time or UTC. (No, the abbreviation is not CUT, and you can use any web search tools to find out why.... as a sidenote, this was formerly known as Greenwich Mean Time or GMT - both refer to the same time at longitude zero. The U.S. Naval Obeservatory site has more info on UT1, UTC and GMT. Not to veer too off-topic, UTC is not supposed to differ from UT1 by more than 0.9 seconds. For the purpose of this discussion, let's treat them as the same given the negligible difference.). Time servers that use protocols like Network Time Protocol (NTP) use this notion of a universal time that everyone and their computers can sync their clocks to.

- My Time Zone offset from UTC: Computers calculate local time as an offset to the UTC time, which can be trusted to be always accurate, regardless of what time zone you're in at the moment. UTC will remain the same.

If you remember setting up a Windows client or server OS, you may be familiar with the locale and time zone questions asked during setup. You can also view this by double-clicking the Windows clock and selecting the Time Zone tab. My time zone is Pacific Time, which during non-DST hours uses an offset of -8:00 from UTC. This means when the UTC time is 8:00 AM, my time is 8:00 AM - 8 hours = 12:00 AM (midnight).



Creating Appointments in Microsoft Outlook

When you create an appointment in Microsoft Outlook, it is created using UTC, which is calculated using the Time Zone information in the registry that would be in effect during that time (e.g. 4:30 PM PST = 4:30 + 8:00 time zone offset = 12:30 A.M. UTC). Before 2007, we have been used to seeing Windows update its time automatically when the time zone rules change - twice a year, as it will this year as well.

Recurring and Single-Instance Appointments: There are two types of appointments as far as Outlook is concerned - those that occur only once, also known as Single-Instance appointments, and those that occur regularly - let's say every week, starting from a particular date and ending on a particular date, called Recurring appointments. Versions of Microsoft Outlook prior to Outlook 2007 have handled these differently.

- Recurring Appointments save the time zone information within the appointment. This makes it much easier to figure out which time zone rules (DST 2006 or DST 2007 for instance) were used to create those appointments.
- Single Instance Appointments: These appointments, which only occur once, do not have any time zone information saved in them.

Additionally, it's important to note that as stated earlier, all time stuff works (or should work) based on UTC time. Both recurring and single-instance appointments are saved using UTC time.

The following screenshot shows MAPI properties of a recurring meeting that occurs at 4:30 PM PDT on March 12th. As you can see, the start and end times are UTC - 12:30 AM - 1:00 AM on March 13th! Single-instance meetings look somewhat similar - besides the recurrence, they don't have the TimeZone saved in the item as recurring meetings do.



How Outlook renders an appointment on your Calendar: When you view a Calendar in Microsoft Outlook, it looks at an appointment's Start and End times - and as the screenshot above shows, those are in UTC. It then looks up the time zone information from the registry of your computer, and determines your time zone's offset from UTC - let's say UTC -8:00, and renders the appointment at 4:30 PM on your Calendar. This allows folks from different time zones to schedule meetings with each other, and ensure those meetings show up at the correct local times in their time zone, not at 4:30 PM for everyone.

Dealing with DST: If the appointment were to occur at 2:00 PM during normal DST hours - which used to start on the first Sunday in April, Outlook would look up the DST rules in registry and be able to determine that. As a result, it would still show the appointment at 2:00 PM on that date - it would know that come first Sunday in April, the time zone offset from UTC would be -7:00 and not -8:00.

The good part is, we are used to dealing with this change every year, so it's not something unknown, like the Y2K bug. Further, it's not really a software bug as such - at some point the United States Congress decided it was a good idea to move the clock forward by one hour (i.e. UTC -7:00 for those in Pacific time zone, known as Pacific Daylight Time) three weeks ahead of time (and also move the clock backward by one hour - i.e. UTC -8:00 for Pacific time zone, known as Pacific Standard Time - a week later than usual), so we have more daylight and hopefully we'll end up using less energy. All well-intentioned stuff, I'm sure. What IT folks would have to go through to make this transition wasn't something that was on their minds at that point. :)

DST 2007: So, come March 11th, we will move our clocks forward by an hour. The Pacific Daylight Time, which would have otherwise started on April 1st this year, will start on March 11th instead. Similarly, it will end a week later - on November 4th this year, instead of October 28th. What are the implications of this?

1. Tell Windows operating sytems about this change occurring 3 weeks sooner and ending a week later. This is what the Feb. 2007 Cumulative Time Zone Update does, for Windows Server 2003, and for client operating systems like Windows XP SP2.

2. Rebasing Appointments: With the above in place, we should be OK, shouldn't we? Well, not really! This will work for all new appointments that we create using Outlook, but it does nothing for the existing appointments that we've already created using the DST 2006 rules, which assume DST will start on the first Sunday in April, as usual.

We will need to go back to all our appointments we created in our Calendars, and update them with this change. This process is called "rebasing".

In the above instance, (before rebasing) our appointment at 4:30 PM on 3/12 had a start time of 12:30 AM to 1:00 AM UTC on 3/13. Using DST 2006 rules, that would be rendered using UTC -8:00, and show up at 4:30 PM. However, after updating our computer's time zone for DST 2007, we would be at DST -7:00 on March 11, and the appointment would've been rendered at 5:30 PM instead. The following screenshot shows how rebasing the appointment adjusts the start and end times so it gets rendered correctly - the start and end times were changed to 11:30 PM on 3/12 and 12:00 AM (midnight) on 3/13 - UTC.



Let's take a look at what appointments will look like when created from a computer that has (old) DST 2006 rules, and how they will be rendered by Outlook once you do apply KB 931836 DST 2007 time zone update to the OS.


Click here to see the complete image if it's cut-off.

As you can see, appointments created on a computer with the old rules appear an hour behind on the computer with DST 2007 time zone rules.

After rebasing these appointments, here's how Outlook will render them:

Click here to see the complete image if it's cut-off.

The reverse is true if appointments are created by users with new DST 2007 rules, but are viewed by meeting invitees or the organizer on computers with old DST 2006 rules.

Let's walk through the rebasing process and the impact it has. We will use the Outlook Calendar Update Tool (TZMOVE.EXE) for this exercise - the Exchange Calendar Update Tool also calls this client tool to actually perform the updates.

1. Install TZMOVE.EXE on a computer with DST 2007 time zone update (KB 931836) applied


2. TZMOVE finds appointments.



Notes:
- Recurring meeting using new DST 2007 time zone at 12:00 PM does not get picked up by the tool - recurring meetings have time zone info embedded, the 12:00 PM meeting was created using the correct DST 2007 time zone.
- The old recurring meeting created using DST 2006 time zone does get picked up, and will get rebased.
- The single-instance meeting at 9:00 AM created using DST 2007 rules also gets picked up and rebased!

How long should you wait before applying the DST 2007 time zone update to all client computers and rebasing appointments. If you wait too long, here's what could happen - clients will inadvertently end up creating new appointments in the affected extended DST period using the new DST 2007 rules. When you rebase, these appointments get rebased as well. Here's what this could look like after rebasing:

Click here to see the complete image if it's cut-off.

Update: The Outlook Calendar Update Tool can be patched with a new hotfix (KB 933146) discussed earlier in this post. The patched tool can then detect when the OS was updated with DST 2007 time zone info and only rebases appointments after that time, using the /ONLYCREATEDPREPATCH command line parameter. Alternatively, only appointments created before a certain date & time - expressed in UTC - can be rebased, using the /ONLYCREATEDPREPATCH:(utc time here) command line parameter.

The take aways from this:

1) Once new time zone rules are applied on client computers, we will need to rebase the old appointments so they are rendered in the correct time slot by Outlook.
2) Any new appointments created on an updated computer (with DST 2007 rules) should not be rebased

3) To avoid #2, it's best to rebase appointments as soon as users get the DST 2007 time zone update applied on their computers (else they may create new appointments using new DST 2007 rules before rebasing is done, which may result in the newer appointments being rebased wrongly!)

4) As seen in the above examples, simply having users insert the correct time in the meeting subject makes these appointments stand out if they're off by an hour or two - if possible, have your users do this. It will be of great help in getting through this process.

5) Going a step forward, at least for important users like execs, have their assitants or the users themselves print out their calendars for this extended DST period (3 weeks from March 11 to April 1, hopefully you would have worked out the kinks by the time you get to the end of the DST period in the last week of October.

Which items will we rebase? Appointments created using old DST 2006 rules that occur during this "extended" DST period, which is the 3-week period prior to the first Sunday in April (i.e. March 11 - April 1), and the 1-week period between the last Sunday in October to the first Sunday in November (October 28th - November 4th).

Where do these items reside?
1) The default Calendar folder in user mailboxes on Exchange Server
2) Other "non-default" Calendar folders or sub-folders in user mailboxes
3) Perhaps in PST files, if users use them. Important to note that Exchange knows nothing about content in your PST files.
4) In Public Folders, if you have created any to store appointments.
5) Resource Mailboxes: Resource mailboxes are mailbox-enabled user accounts created for booking resources like conference rooms, projectors, et al. These are set up to be booked automatically when users invite them to meetings as resources. When rebasing appointments, if a resource is booked back-to-back, the rebased appointments will conflict with other appointments on the calendar through the rebasing process. It makes sense to configure them to accept these conflicts during the rebasing process.

There are two ways resource mailboxes can be setup:

- Direct Booking: If using Direct Booking, an admin logs into a resource mailbox using Microsoft Outlook, and sets it up to a) Accept meetings automatically and b) automatically decline conflicting meeting requests. During rebasing, we should configure resource mailboxes to not decline conflicting meeting requests, by unchecking the latter, as shown below:



The patched (with hotfix in KB 933146) Outlook Calendar Update Tool (TZMOVE.EXE) should be run using the /FORCEREBASESUPPRESSALLUPDATES command line parameter against resource mailboxes that are configured for Direct Booking. Once rebased, you can revert the resource mailbox configuration to decline conflicting meeting requests.

- Using the Auto-Accept Agent: The Auto-Accept Agent is an add-on server-side tool that Microsoft released as a web download after the release of Exchange Server 2003. Unlike using Direct Booking (as shown above), which uses the resource's Free/Busy information, the Auto-Accept Agent actually looks up the resource mailbox' Calendar to determine if a resource is available or not. It also has additional functionality like stripping attachments, dropping non-calendar items, amongst other things. The Auto-Accept Agent uses an xml file for configuration - AutoAccept.config.xml. By default, this resides in \Exhsrvr\Agents\AutoAccept.

The patched Outlook Calendar Update Tool (TZMOVE.EXE) should be run using the /FORCEREBASESUPPRESSALLUPDATES command line parameter against resource mailboxes that are registered with the Auto-Accept Agent.

3. Updating Exchange Servers: Next, we will need to go and update our Exchange Servers. They will need the new time zone update rules for Windows Server OS (KB 931836), and the Exchange CDO patch - depending on the version of Exchange Server you're on (KB 926666 for Exchange 2003 SP2, KB 931978 for Exchange 2003 SP1, and as stated earlier - patches for any previous versions of Exchange that may be in use in your organization, if you 've obtained them from Microsoft).

The Order!

Having talked about the issues, and I hope you understand them by now, let's take a look at the order of doing things. The guidance related to this has evolved and changed over the past few weeks and days. With that in mind, let's look at the order that Microsoft recommends we make these changes in, going by the recent guidance.


1. Update Windows Servers (update: including Exchange servers) and Windows client operating systems with the February 2007 Cumulative Time Zone Update (KB 931836 for Windows Server 2003 and Windows XP SP2).
2. Rebase Appointments
3. Exchange Servers: Apply the Exchange CDO patch to update the time zone embedded in the CDO components on Exchange servers (KB 926666 for Exchange Server 2003 SP2, KB 931978 for Exchange Server 2003 SP1)

Exchange Server 2007 SP1 and Longhorn Server

Update to the previous post titled "Exchange Server 2007 SP1: A bag of goodies!", which referenced Exchange product group GM Terry Myerson's blog post on the Exchange team blog.

Terry's post stated:
"On Longhorn Server, we will support Exchange 2007 on native IPv6 networks."

In a follow-up email conversation today, Terry confirmed Exchange Server 2007 SP1 will run on servers running Longhorn server OS, and SP1 will also support Domain Controllers running Longhorn.

Longhorn is the codename for the next version of Windows Server operating system - a code-name shared by the client OS now known as Windows Vista.

For those planning Exchange Server 2007 deployments in the SP1 timeframe, this should be welcome news. At the time of writing, Longhorn server is slated to be available "in 2007" according to Microsoft's web site. The site also adds: "Microsoft's philosophy is to deliver our products only after we have received extensive feedback from beta customers and partners and after we have thoroughly tested the software".

Windows Vista: Love the packaging?

Just got my 2 copies of the boxed version of Windows Vista Ultimate. Can't call them shrink-wrapped versions, they actually come in a plastic case.

For the record, I love the Windows Vista packaging! It puts Microsoft in the realm of cool - finally, something Apple-like! Wonder if Apple and the Mac fanatics are feeling threatened... :)

Seriously, the interface, and the packaging look great - but there's one gotcha. You have to be able to open it! I struggled for a little while, and during that time it seemed like I'd need a manual or an online video tutorial to show me how to open the box. :)

A quick web search revealed I'm not the only one (ref. to this thread on Anandtech).

It's easy to miss the sticker on the side with little pictures that show how to open it.

The box-opening issue aside, Windows Vista is one of the coolest things Microsoft's done in a while (surpassed - on the IT Pro side - only by what the Exchange team's done with Exchange Server 2007, imo! Exchange Server 2007 SP1 will raise the bar even further - read Terry Myerson's post about SP1 features on the team blog), regardless of what the Mac fanatics have to say about the former, and myriad distractors about the latter.

DST 2007 and Exchange 2000: Patch For A Price?

IT folks in many organizations still on Exchange 2000 are upset about the fact that Microsoft isn't providing the DST 2007 CDO patch for Exchange 2000 for free, unlike the ones for Exchange 2003. (Exchange Server 2007 does not require it).

If you're still on Exchange 2000, and upset about the price-tag of this patch, and ongoing support costs, consider the following:
- Exchange 2000 is now in extended support, after five years of being in mainstream support:
Microsoft's support policy for Exchange 2000
- Exchange has undergone two major product releases/updates (Exchange Server 2003 & 2007) since then.
- Moreover, the DST issue is not a product vulnerability or security issue. It was the government's doing, thanks to the Energy Policy Act of 2005, and the issue was non-existent when Exchange 2000 (and also Exchange Server 2003) was released.
- In many environments, the cost of upgrading to a currently-supported Exchange version (Exchange Server 2003 or Exchange 2007), even after factoring in the cost of new hardware, may be lower than the ongoing support costs and costs of downtime. (If you run a perfect Exchange operation where outages *never* happen, this doesn't apply to you.. :)
- In smaller, single-server environments with low number of users (let's say SBS-type environments) - the cost of this patch alone could possibly buy you a new server and Exchange license.

Exchange Server 2007 launch: some projections from Radicati

Exchange Server 2007 launches today in New York, along with Windows Vista and Office 2007.

The Radicati Group has some interesting market share numbers and projections - Exchange has about 30% of the messaging software market, compared to IBM's 20%, and takes in half of the $2.3 billion spent on messaging software worldwide. Yes, Exchange became a billion dollar business not too long ago [Previous post: Exchange joins Microsoft's Billion Dollar Club, gets new product roadmap].

The market is poised to grow to about $3.3 billion by 2009, and Radicati projects Microsoft will have two thirds of it - that's over $2 billion, and close to 100% growth in about 3 years. ["Microsoft trading on new Exchange" - News.com]

Good news for Exchange folks around the world, and a great time to get up to speed with a new version of Exchange that will drive this growth.

- You can pre-register for a free 120-day eval.
- If you like the ease of having stuff pre-installed (in a virtual machine) - it certainly cuts down the time to test stuff - or if you're not up for building test boxes, you can download the Exchange Server 2007 VHD images, ready to run.

Exchange Server 2007 "Business Launch", Edition Comparison: Microsoft removes Store size limits from Standard Edition

As most Exchange folks may already know by now, Exchange Server 2007 will get its business launch along with Windows Vista and Office 2007 come Nov. 30th. From the number of times I've been asked if that is indeed the RTM date, it's clear this is an eagerly awaited Exchange release.

I can't say when it will RTM - that's NDA stuff. However, with the business launch (which is a marketing event) scheduled for end of this month, can the RTM be far behind?

Earlier last week Microsoft quietly published details of Exchange Server 2007 Editions and CAL (Client Access License) requirements. Here's the good news: Exchange Server Standard Edition will allow a maximum of 5 Stores in (a maximum of) 5 Storage Groups! Wait, there's more - the Store sizes are unlimited! This is a step up from the 16 Gb Store limit of Standard Edition in previous versions, which was raised to a maximum of 75 Gb in Exchange Server 2003 SP2.

Further, the Local Continuous Replication (LCR) feature that replicates a mailbox Store to another volume on the same server, and allows Exchange to switch to the replica in case of a Store/storage-related disaster, will be available in Standard Edition.

You will still need the Enterprise Edition for clustering.

On the CAL side, there are now Standard and Entperise CALs - the latter's required to access Unified Messaging, Per-User and Per-DL Journaling, Managed Email Folders, and also buys you Exchange Hosted Filtering and Forefront Security for Exchange (that's the new version of Sybari Antigen - the anti-virus software for Exchange that many Exchange folks regard as best of breed. Microsoft bought Sybari sometime last year).

Finally, the difference between Standard and Enterprise editions makes a lot more sense.

Microsoft opens up SenderID

Microsoft announced today it's putting its SenderID technology under its Open Specification Promise program. This allows anyone to create products or services using SenderID technology. SenderID lets (receiving) mail servers determine whether a sending mail host is authorized to send email for a particular domain, based on SPF records published in the sending domain's DNS.

SenderID has been around for 2 years, and is used by about 5 million domains according to Microsoft. It is a good anti-phishing defense, and also another component in a multi-layered approach to fighting spam.

CNET has more.

TechEd 2007: Looking for another venue?

In Vegas I learnt Microsoft is moving TechEd 2007 from New Orleans - the venue announced and publicized earlier. Redmondmag.com has more on this today - Microsoft is citing logistics issues of moving (an estimated 14-15,000 people, including 11,000 attendees) in and out of the city.

A new venue has not been announced so far, but one can be sure it was selected before the move out of New Orleans was announced. (In the limited time and internet access I had, I tried looking for a PR on Microsoft's web site but couldn't find one).

After travelling to the east coast for 2 years in a row (Orlando in 2005, and Boston this year), I would love to see it on the west coast next year. My top venue choices for the event: 1) San Diego 2) San Francisco 3) Seattle.

Microsoft buys Whale Communications

Microsoft's buying Whale Communications - maker of SSL VPN appliances. Having used Whale in a secure Outlook Web Access deployment, I have high regard for their technology. It locks down OWA pretty tightly, without ever touching your Exchange server.

I've frequently recommended their appliances - which allowed integration of RSA SecurID authentication for OWA access, and wondered whether/when these would allow secure RPC over HTTP(S) access, since Outlook itself does not natively support any integration with SecurID authentication.

It is quite likely the Whale technology may be integrated into ISA Server.

What would really impress many enterprise users is Outlook (RPC over HTTPS), OWA, and ActiveSync working with two-factor authentication mechanisms like SecurID and smartcards, natively, out of the box.

Nevertheless, Microsoft has done it again - bought another best-of-breed technology.

Exchange Server 2003 gets Common Criteria certified

Your favorite messaging server - Exchange Server 2003 (don't tell me it's NOT Exchange Server 2003 as of now... though that may change some time in the near future with E12 betas around the corner.. ) - is now Common Criteria certified.

"Common Criteria for Information Technology Security Evaluation" (CCITSE) - commonly known as "Common Criteria" or CC - is an international standard (ISO 15408) for computer security. Exchange Server 2003 got certified at EAL4, the highest level you'll see for most general products. Specifically, it wasn't RTM but SP1 with hotfix 894549 (MS05-021) applied, build 6.5.7226.0.

How does the CC work? CC has 2 parts - first is a set of common requirements of what a product should do, called a Protection Profile. The second - the evaluation rating - says how well the product satisfied those requirements in a given configuration. So unless you know what the Protection Profile for a given product's certification process is, the different evaluation ratings really mean nothing except the fact that some amount of reasonable testing was conducted under certain conditions and the product did well to get a higher rating.

The Exchange web site has more details and "Exchange Server 2003 Common Criteria Security Target" doc that describes the security requirements and components that were tested.

Microsoft completes FrontBridge acquisition

Microsoft has just completed the acquisition of FrontBridge, a hosted email provider.

Why FrontBridge?
To offer Exchange as a hosted service (directly from Microsoft). It now wants a cut from the hosting pie. I wouldn't blame them for wanting to grow revenues, but wondering what its partners think about Microsoft competing with them.

Windows Vista it is!

Microsoft just announced the next version of Windows that practically the whole world (except for the Mac users perhaps?) is eagerly awaiting will be called Windows Vista. The first beta will ship early next month. The actual product will ship in second half of 2006.

The name - Vista - has left many people confused. My thought as of this moment is - how uninspiring!! Nevertheless, throw enough marketing dollars at anything and it starts making sense.

Why not just Windows Longhorn? Or perhaps Windows 2006 Professional? Or Windows 10? (Not sure what version number it actually is, perhaps more like 6.. but 10 just sounds cooler.)

It took Microsoft 8 months to decide on this name. Let's see how it succeeds (or not) at making Vista a popular and valuable brand.

The 24-hour Linux phenomenon

Interesting observation by InfoWorld columnist Neil McAllister. He quotes Jim Allchin (Group VP of Platforms at Microsoft).

Excerpts from the Open Enterprise column (emphasis mine). Standard disclaimers (including "take this with a pinch of salt") etc. apply... I do think there's some element of truth in this - having heard from or of people who've bought cheap desktops with unheard of OSes and installed Windows.... or taken Apple's "Switched" campaign too seriously and then returned to Windows... few hundred (or thousand) dollars poorer.. :

Microsoft gave up pretending that Linux isn't a threat to its Windows server business a long time ago. But when the soft-spoken Allchin first brought up the server market during our conversation that afternoon, he dropped the L-word with such candor that I was frankly shocked.

"Linux is the expected winner," Allchin says, "with its lineage from Unix. But we're happy, because we're winning market share." Got that? Not only is Linux a formidable competitor in the server market, but now Microsoft actually paints itself as the underdog.

Allchin was far less charitable (about Linux on the desktop) ..... attributing Linux's reported growth in the desktop market to something he called the 24-hour Linux phenomenon."

According to Allchin, most customers who buy a new computer outfitted with Linux instead of Windows are doing it solely as a cost-cutting measure. They avoid the Windows license fee at the cash register when they ask for systems with Linux preinstalled. Once they get the hardware home, however, that Linux OS is quickly erased and replaced with a pirated copy of Windows -- often within 24 hours.

Allchin calls the practice of replacing the default OS with Windows "flipping," and he says it's particularly prevalent in Asian markets, where software piracy is rampant. In China, he says, shipments of desktop Linux are actually declining. The reason? Vendors who once shipped systems with Linux preinstalled are now switching to free or low-cost versions of DOS. That's because it's a lot easier for a customer to flip a system loaded with that bare-bones OS than it is to flip a comparatively more Byzantine Linux system.

Read it on Infoworld.com - http://www.infoworld.com/article/05/04/25/17OPopenent_1.html

Windows Beats Linux in Live Security Contest

Interesting... I've since long held Windows as a more easily "securable" (provided you know how) OS.

This just came in - from WinInfo Daily Update (Paul Thurrott, creator of SuperSite for Windows, part of the Windows IT Pro mag network).
-----------------------------------------------------

Windows Beats Linux in Live Security Contest

During a live duel of sorts between backers of Windows 2003 and Red Hat Enterprise Linux during the RSA Conference 2005 this week in San Francisco, a surprising victor emerged.

Based on the previously agreed upon rules, Windows 2003 came out ahead, emerging as the more secure OS.

How could this happen, you ask? After agreeing to terms, backers of both OSs evaluated the security-oriented performance of Windows 2003 and Red Hat Enterprise Linux during the past year, looking at such key criteria as number of reported security vulnerabilities and the amount of time that elapsed between the public disclosure of a security flaw and the release of a fix. But doesn't the open-source model practically guarantee that fixes are released more quickly than they are with proprietary OSs? I guess not.

Results of the competition will be released next month, but here's the gist: Windows 2003 won every part of the competition. It had fewer flaws overall. The average time between Windows 2003 flaw reports and fixes was less than half that of Red Hat Enterprise Linux. Less than half.

Does this mean that Windows is more secure than Linux on the server? Not necessarily. But it certainly provides an interesting real-world example of why assumptions about Linux security are completely bogus, as I've often noted.

Microsoft to acquire Sybari Software

Microsoft will acquire Sybari Software, the company that makes best-of-breed antivirus (and antispam) products for Microsoft Exchange, Microsoft SPS, and (yes!) Lotus Domino.

Another best-of-breed acquisition to bolster Microsoft's security portfolio - it bought Giant Company recently and is currently beta-testing the Microsoft-branded version of Giant's antispyware.

In mid-2003 it purchased the Romanian antivirus company GeCad.

It'd be interesting to see Windows shipping with built-in antivirus and antispyware tools, and even more interesting - have Sybari Antigen antivirus built into Exchange, manageable from Exchange System Manager.

On a different note, I continue my quest to figure out what prompts a Microsoft product manager to name a product or tool... for instance, why is Exchange System Manager called that? Why not simply Exchange Manager? Ditto for ICF - aka Internet Connection Firewall. Someone probably noticed that one and post-Service Pack 2 it's now known as Windows Firewall.)

Exchange joins Microsoft's Billion Dollar Club, gets new product roadmap

It happened in 2004. Microsoft Exchange Server crossed the $1 billion revenue threshold, joining Microsoft's enviable stable of products that the software company can rely on for more than a billion dollars in revenues each year.

http://entmag.com/news/article.asp?editorialsid=6534

Exchange also got a new (ever-evolving?) product roadmap

SP2 will be released in second half of 2005. It will includes Microsoft's SenderID framework.

A new release of Exchange - codename E12 or Exchange12 - will be released in the 2006-2007 timeframe. Wonder where the E12 codename came from? Perhaps from the next release of Microsoft Office (Office 2003, the last release, was Office11).

The previous code names for Exchange - Platinum and Titanium for 2000 and 2003 - sounded cool. Now we know Aluminium wasn't the next in line. :)

More on InfoWorld: Microsoft reveals Exchange road map
http://www.infoworld.com/article/05/01/21/04NNexchange_1.html