Released: Update Rollup 2 for Exchange Server 2007 SP1

Exchange Server 2007 SP1 Update Rollup 2 has been released.

Description of the roll-up can be found in KB 948016. Besides all the fixes from Update Rollup 1 (for SP1), this rollup includes fixes for the following issues:

• - 940462 The public folder store may take several minutes to mount on an Exchange 2007 server
• - 944153 Exchange Server 2007 does not have Transport Neutral Encapsulation Format (TNEF) capabilities for POP and IMAP protocols
• - 945917 You receive an error message when you try to access the Outlook Web Access global address list in an Exchange Server 2007 environment
• - 947346 Exchange Server 2007 mailbox users cannot retrieve the free/busy information for Exchange Server 2003 mailbox users in a large Exchange Server organization that has more than 100 administrative groups
• - 947360 Error message occurs, and users cannot access the free/busy information after you use the Import-Mailbox cmdlet to import data to a mailbox in Exchange Server 2007 Service Pack 1
• - 947391 The contents of .pst files are not imported into Exchange Server 2007 mailboxes when you use the Import-Mailbox cmdlet
• - 947451 A recipient sees unexpected text in the top of an e-mail message that you send in Exchange Server 2007
• - 947458 The Edgetransport.exe process may crash on an Edge server that is running Exchange Server 2007 Service Pack 1
• - 947551 The Edgetransport.exe process may crash intermittently on an Exchange Server 2007 Service Pack 1 Edge server
• - 947577 If you try to connect a mobile device to a mailbox server through a server that is running Exchange Server 2007, the mobile device may be unable to connect
• - 947646 Event ID 12011 is logged every time that the MSExchangeTransport service starts after you install Exchange Server 2007 Service Pack 1 on a computer that is running the German version of Windows Server 2003
• - 948047 An event ID 1080 message is logged in the System log every three seconds after you run the Set-ExchangeServer command to set the static domain controllers on an Exchange 2007 cluster node
• - 948297 The OOF template may be delivered as an attachment in an Exchange 2007 environment when you use the "Reply with Template" option in Microsoft Outlook
• - 948332 Failover takes a long time to finish in an Exchange Server 2007 cluster continuous replication environment
• - 948374 The EdgeTransport.exe process crashes intermittently, and event ID 1033 is logged in Exchange Server 2007
• - 948666 When you try to migrate a mailbox from Exchange Server 2003 to Exchange Server 2007, the Exchange Management Shell may stop responding
• - 948830 The MSExchangeSyncAppPool application pool crashes on a server that hosts an Exchange Server 2007 Client Access Server role
• - 948831 A user may be unable to synchronize with an Exchange Server mailbox from a mobile device when a Client Access server has been upgraded to Exchange Server 2007 Service Pack 1
• - 948844 An exception occurs, and event IDs 4999 and 5000 are logged when you modify the Outlook Web Access user interface
• - 949186 When you try to run the Restore-mailbox cmdlet on a server that is running Exchange Server 2007, you receive an error message
• - 949193 The address rewrite agent does not rewrite the address for Out of Office (OOF) messages in Exchange Server 2007
• - 949463 An exception error is generated after you run a Set-AttachmentfilterListConfig command together with the ExceptionConnectors option on an Exchange 2007 SP1-based server
• - 949541 You cannot log on to Outlook Web Access Light, and an error message occurs in Exchange Server 2007
• - 949703 Error message in Outlook when you click the signature icon of a signed e-mail message that an Exchange Server 2007-based Edge server receives: "The digital signature is invalid"
• - 949726 After you install Exchange Server 2007 Service Pack 1, the Set-ExcecutionPolicy task causes an error message, and event ID 103 is logged
• - 949772 If you run the "isinteg -dump" command against a dismounted store on a server that is running Exchange Server 2007, the Store.exe process stops unexpectedly
• - 950123 Error message after you apply Update Rollup 1 for Exchange Server 2007 Service Pack 1 in a Japanese environment: "Public Folder Management Console is not an allowed Snap-in"

PWN to OWN Contest: Vista gets compromised

Update on the PWN to OWN contest at the CanSecWest conference. After the MacBook Air got compromised in 2 minutes, Shane Macaulay claimed victory over the Fujitsu laptop running Windows Vista. Yes, Windows Vista was compromised at the tail end of Day 2, at 7:30 p.m., thanks to a vulnerability in Adobe Flash.

More in PWN to OWN: Final Day (and another winner!) on TippingPoint.

The list of conference sponsors includes both Adobe and Microsoft.

Mac, meet PC: PC, the Mac's already hacked!

The Event: CanSecWest's PWN 2 OWN contest, Vancouver, Canada
The Contenders: Mac OS X Leopard, Microsoft's Windows Vista, and Linux.
The Challenge: Compromise the OS
The Prize: $10,000 + laptop
The Winner: Charlie Miller

Apparently, the OS that's safer by design is the first to get compromised, after the rules were relaxed a little bit. 2 minutes is all it took, according to a report in InfoWorld (yes, still one of my favorite tech news sources). Excerpt:

Contest rules state that Miller could only take advantage of software that was pre-installed on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple's Safari browser.

And:

Shane Macaulay, who was Dai Zovi's co-winner last year, spent much of Thursday trying to hack into the Fujitsu Vista laptop, at one point rushing back to his Vancouver area home to retrieve a file that he thought might help him hack into the system.

But it was all in vain.

More in Gone in 2 minutes: Mac gets hacked first in contest on InfoWorld.com.

This comes little over a week after Apple released what is labeled a massive patch, a monster patch, a mega-update, or a mega-monster security update by the media (Yes, that makes me feel like Jon Stewart now). The patch contains 90 fixes according to these reports.

Last year's contest winner, Dino Dai Zovi, exploited a vulnerability in Apple's QuickTime to take home the prize.

Gloat not, Windows Vista and Linux. You are expected to be hacked by today— and when that happens, it will be further proof that vulnerabilities exist in all systems. That's the nature of software. When it comes to millions of lines of code, "bug-free" and "vulnerability-free" software is a myth. What really matters is how easily these can be exploited, how quickly the vendor responds and releases patches to fix vulnerabilities.

As far as Windows Vista is concerned, it has an enviable track record so far.

India not looking to ban BlackBerry, keen to resolve issue

India's Dept of Telecom (DoT) says it has asked Indian wireless carriers to specify a timeframe by which they will resolve all security concerns. India is not looking to shutdown BlackBerry services, but it is keen to resolve the issue.

There has been a lot of speculation about the DoT having given a 15-day notice to carriers and RIM to allow snooping or face a shutdown. The Economic Times says "all players offering BlackBerry in India said that that the government had not issued any such directives."

Excerpt:

DoT is looking at various possibilities, including asking RIM to create a mirror image of all emails and data sent on these devices in India and store the information for at least six months to address the concerns of security agencies.

DoT is also looking at other options such as asking RIM to migrate all data traffic originating from Indian mobile networks to servers in India.

More in "DoT calls up BlackBerry providers".

"Save XP" Campaign: InfoWorld responds, and the facts about downgrade rights

Note to readers: I haven't had to keep a post on hold for as long as I"ve kept this one, contemplating whether I should post it or not. After much thought, I've decided to post this, because it is important to know the facts about downgrade rights, and to clarify my position on this debate.

InfoWorld responded to my previous post (read InfoWorld's campaign to "Save Windows XP").

In a blog post titled Exchangepedia Blog Author calls "Save XP Campaign" Childish!, InfoWorld columnist J. Peter Bruzzese writes:

However, in the overall scheme of things will it budge the folks at Redmond to reconsider its plans? Not if Bharat Suneja, an MVP for Exchange and tech guru who publishes the popular Exchangepedia Blog site has anything to say about it. He has done his own research on the matter and his opinion should be heard!

Thanks for the kind words Peter - much appreciated.

To put it on record, I am not for or against Microsoft extending the deadline for Windows XP OEM and retail sales. I called Peter the saner voice (of InfoWorld) - he gets the gist of what I wanted to convey in the post:

The point Bharat is trying to make: Windows XP is an operating system that has lived past its prime, and Microsoft isn't about to pull the plug on it any time soon. (Users can move to Vista on their own timeline).

In my post, I pointed out Microsoft's Product Lifecycle Policy for Windows XP, including the facts that Windows XP mainstream support won't end till April 2009, extended support will be available till April 2014, and Volume License customers can use their downgrade rights if Windows XP licenses are no longer available from retail or OEM channels. (As it turns out, downgrade rights are not restricted to Volume License customers.)

In fact, Microsoft will soon release a new service pack— Service Pack 3, for Windows XP. You can download Release Candidate 2 of the service pack here.

InfoWorld Editor Galen Gruman comments
InfoWorld Editor Galen Gruman left a comment on the post here. What she has to say (relevant portions highlighted and bolded for emphasis):

For the record, as the InfoWorld editor who's responsible for the "Save XP" story and related content, there's one big error in this well-reasoned post: XP will not be generally available after June 30 if you are *adding* computers or people. We never said this was an issue of support. It is true that if you have a site license to Vista, you have downgrade rights to XP. But most small businesses and no individual buyers have these rights. They cannot get XP after June 30. And unless they bought new of two specific types of Vista -- the full, not OEM, versions of Vista Business and Vista Ultimate -- they do not have downgrade rights. GIven that practically everyone who buys a computer has just an OEM copy of Windows, they do not in fact have downgrade rights to XP and cannot add new XP licenses to their mix of XP systems. This forces them to have a mix of XP and Vista, whether or not they are ready for Vista. It was this concern that we heard repeatedly in the last year and led to this story. And why we advocated that XP be available for sale indefinitely -- meaning not forever but until the market as a whole is much more ready to move.

Thanks for commenting Galen. Having read your follow-up article "The "Save XP" manifesto: Time to get past the distractions", I agree with some of the arguments presented (and greatly disagree with others), and the underlying reasons for the "Save XP" campaign. However, your basic premise that setting a date for end of availability of OEM and retail licenses for Windows XP is like Microsoft giving users an eviction notice is simply not true!

I understand that the main issue Galen has is not about existing Windows XP users or computers, but about availability of Windows XP for new computers or users. Carrying the analogy further, that's more like Microsoft saying we aren't accepting new lease applications for this old, run-down apartment that is scheduled to be torn down. You can, however, lease a unit in this brand new complex we built across the street.... It is far from an eviction notice for existing tenants.

The facts about downgrade rights
As far as the downgrade rights Galen referred to (highlighted) in the above comment and in her follow-up article are concerned— she deserves the benefit of the doubt. There's clearly some misunderstanding on her part, and it probably isn't her fault. (Update: Based on our email exchange, I know she has tried to get a definitive answer to this.) Navigating Microsoft's web of licensing options and agreements can be be challenging, even for MVPs. However, to be fair to Microsoft, I was able to get the answer by searching the web, and a single follow-up call to Microsoft Pre-Sales and Licensing. The response was clear and unambiguous.

Downgrade rights are not limited to large enterprises. This Microsoft Volume Licensing Brief [download] (dated January 2007) titled Microsoft Select License, Open License, Original Equipment Manufacturer (OEM) License, and Full Packaged Product (FPP) License Downgrade Rights says:

Can I downgrade my OEM version of Windows Vista Business to Windows XP Professional?
Yes. OEM downgrade rights for desktop PC operating systems apply to Windows Vista Business and Windows Vista Ultimate as stated in the License Terms. Please note, OEM downgrade versions of Windows Vista Business and Windows Vista Ultimate are limited to Windows XP Professional (including Windows XP Tablet PC Edition and Windows XP x64 Edition). End users can use the following media for their downgrade: Volume Licensing media (provided the end user has a Volume Licensing agreement), retail (FPP), or system builder hologram CD (provided the software is acquired in accordance with the Microsoft OEM System Builder License). Use of the downgraded operating system is governed by the Windows Vista Business License Terms, and the end user cannot use both the downgrade operating system and Windows Vista Business. There are no downgrade rights granted for Windows Vista Home Basic or Windows Vista Home Premium.

Translation: If you buy a computer and it ships with Windows Vista Business or Ultimate preinstalled by the manufacturer, also known as an OEM license, you can downgrade to Windows XP Professional. You do not need a Volume License of any kind to do that - end users, small businesses with or without an Open License, and larger businesses - again, with or without a Select or Enterprise License, can downgrade to Windows XP Professional, and use it for as long as they wish.

Microsoft confirms
A quick call to Microsoft Sales/Licensing confirmed that. You are welcome to do so yourself, by calling 800.426.9400. Select option 5, then option 3. In a follow-up call, Microsoft also explicitly and unambiguosly stated that users can use the OEM media (CD) or the one that came with a prior purchase of a FPP (retail) version to downgrade. Organizations with a volume license can also use their volume license media to downgrade. "The media is not important here, the license is", added the Microsoft rep.

If you're having trouble finding your Windows XP CD or need to order a replacement copy, you can do so by calling 800.360.7561 if you bought the retail (FPP) version. The cost is $23, or $29 with taxes and shipping. Volume License customers can order CDs by calling Volume License Fulfillment at 800.248.0655. When asked how long the replacement CDs will be available, and whether these will still be available after Windows XP is no longer sold, the rep responded: "They will be available for quite a while. No plans for discontinuing that yet."

Though well-intentioned, some of the arguments presented by Galen are not as valid. Once again, I am neither for or against Microsoft continuing to sell Windows XP, nor profess that users move to Vista whether they're ready or not. However, the implication that Microsoft is forcing users to move to Windows Vista, and terms like eviction notice used in such articles, do not present the issues in the right perspective.

Given the facts about Microsoft's product lifecycle, support policies and downgrade rights, is Microsoft's stance wrong here? Or does InfoWorld's Save XP campaign amount to unfairly criticizing Microsoft, as InfoWorld's own columnist J. Peter Bruzzese states in "Save XP? Why bother?"?

PS: Tom Sullivan's response, and comment about MVPs

I was equally annoyed and amused by InfoWorld Editor Tom Sullivan's response in "On the necessity of InfoWorld's 'Save XP' campaign". Tom says:

As Peter Bruzzese points out, the author of Exchangeapedia, Bharat Suneja, suggests that the campaign won't inspire Microsoft to change its plans and keep Windows XP alive beyond June 30.

Suneja, it's worth explaining, is a Microsoft MVP. A rare breed, indeed, these disciples are devout enough that, while attending an MVP Summit back in 2001, a pair of them even got married in Redmond, Wash. and read vows from their Pocket PCs.

That said, Bruzzese writes that Suneja "has done his own research on the matter and his opinion should be heard." I agree, and particularly when he explains that mainstream support will end on April 14th, 2009, and extended support will be available for five years from that date, till April 8th, 2014, both points IT shops should research. Suneja writes, in his post, "Windows XP doesn't seem like a product that's being retired prematurely."

That, obviously, is a matter of some debate. Contrarians can easily point to the reality that Vista sales are not exactly going like gangbusters.

Tom, All I can say is, I wish you had read my original post before commenting. Perhaps that's just one of those good old journalistic niceties that we simply don't have time for any more. :)

If you did read my original post, please accept my apologies.

MVPs are also some of Microsoft's sharpest critics. An excerpt from the article in Computerworld:

Paul DeGroot, an analyst at Directions on Microsoft, a research firm in Kirkland, Wash., agreed that MVPs are both "in Microsoft's camp" and its "best critics" at the same time.

"They criticize from a position of deep knowledge about the products and how customers use them," DeGroot said. "So when they say something, they know what they're talking about, and they're not inclined to take cheap shots. They'd rather fix things than lay blame."

MVP or not, my opinion and criticism of InfoWorld in this matter wouldn't have changed. It is sad to note that what is otherwise a well-regarded tech journal is increasingly sounding like the MAD magazine of tech journalism on this topic.

India wants access to BlackBerry encryption algorithms to fight terrorism

India's half a million BlackBerry users may have to live with the prospect of the Indian government having easy access to their wireless communication.

India says it needs access to RIM's encryption algorithms, used to encrypt email sent and received by BlackBerry smartphones, to fight terrorism. The Indian government is delaying a license to offer BlackBerry services to wireless carrier Tata Teleservices, and may cancel the licenses already issued to other Indian wireless carriers— Vodafone Essar, Bharti Telecom and Reliance Communications, if RIM doesn't comply by March 31st. The Information Technology Act of 2000 provides the government of India the right to intercept electronic communications for security reasons.

It's no secret that terrorists are increasingly using the internet and email to communicate. Bringing BlackBerry handhelds under the scope of lawful interception shouldn't come as a big surprise, but it does pose interesting questions for RIM.

The Department of Telecom's intent and its notice to carriers is anything but abrupt. The DoT had requested access some time last year. The March 31st deadline is an extension to the earlier deadline of December 31st. DoT officials are meeting with carrier execs and RIM officials to resolve the issue.

More in "BlackBerry under security scrutiny in India" on washingtonpost.com.

What makes the whole episode more interesting are reports that the Indian government wants significantly weaker encryption keys to be used across the board. If true, this could make security of online banking and e-commerce transactions questionable, and may even pose threats to India's growing outsourcing sector. ISP Association of India President Rajesh Chharia says "Routine check-ups are fine with us since the issue is one of national security. All ISPs must, and will, cooperate. What is of concern, though, is the fact that we have been asked to reduce the encryption from 128-bit to 40-bit, which is ridiculous.” (More in "BlackBerry security issue makes e-com insecure").

As similar incidents involving India's bureaucracy have proven in the past, better sense does eventually prevail in India (Read previous post: "Update: India blocks access to blogs"), but not before giving massive doses of anxiety attacks to those concerned.

iPhone, meet Exchange: Apple announces Exchange ActiveSync support

Finally, Apple announces Exchange ActiveSync Support.

Phil Schiller, Apple's Senior VP of Marketing, announced minutes ago what many have suspected all along - Apple chose to go with Microsoft by licensing EAS. Schiller demonstrated EAS on the iPhone, including the ability to remotely wipe an iPhone.

Without taking names, Phil also criticized the BlackBerry approach of routing mail through its datacenter, and the accompanying risks and reliability issues. Devices compatible with EAS, including devices running Microsoft's Windows Mobile OS, can synchronize email, calendar, and contacts directly with an Exchange Server.

Terry Myerson, Microsoft's corporate VP for Exchange, met Schiller daily for 2 weeks to make the agreement possible. Says Myerson, "When it comes to mobile phones, Windows Mobile still delivers the premier mobile e-mail experience for Microsoft Exchange Server, by delivering the Outlook experience on a mobile phone and with the most complete support for Exchange’s many enterprise device management policies. But, we also partner with many mobile device makers – including Apple – and believe that by making Exchange an open platform, our customers and partners, ultimately, will be the beneficiaries."

Update:
- The new iPhone 2 firmware with ActiveSync support will be released in June.
- Apple is accepting applications for its iPhone Enterprise Beta Program

iPhone, meet Exchange: Will Apple make them talk?

March 6 is here, and the iPhone's software roadmap, including the much talked about "enterprise features" should be public in a few hours, along with the release or another announcement of the iPhone SDK.

In the past, there have been plenty of rumors and some "confirmations" about Apple having licensed Microsoft's Exchange ActiveSync (EAS) protocol (read previous post "Apple Licenses Exchange ActiveSync for the iPhone?"). If Apple does announce availability of EAS on the iPhone, will it become the new smartphone of choice in the enterprise?

It may not be an easy task. IT departments would need to be convinced about security and manageability of the device. Being the closed device that it has been since its inception, it will be interesting to see whether (and how) Apple provides this much needed control to IT.

ActiveSync isn't the only option available to Apple. iPhone users can use IMAP protocol to connect to mail servers that support it, including Microsoft Exchange. However, the experience isn't quite comparable to EAS or RIM's BlackBerry, and IMAP isn't supported in many organizations.

Given the high penetration of RIM's BlackBerry Enterprise Server (BES) in organizations world-wide, making a version of RIM's BlackBerry Connect software available on the iPhone would instantly make it much more attractive to enterprise users. BlackBerry Connect allows non-BlackBerry devices to work with BES (read previous post: "RIM does a BlackBerry on Windows Mobile").

Yet another option would be to buy or create its own middleware - the Apple version of a BlackBerry or GoodLink server. It's hard to see what Apple would gain with such an approach - it wants to sell more iPhones, not compete with the big boys RIM and Microsoft.

Another important question Apple will need to answer— will the iPhone finally become carrier-independent? Tethered to a single wireless carrier with a slow wireless data network, it is unlikely to get as serious a consideration as it otherwise would if IT could simply buy the device and configure it to work on any carrier - either out-of-the-box, or perhaps using a configuration tool provided by Apple. Apple's "fixed battery" approach isn't likely to win it many fans in IT, and has attracted lawsuits in the past.

Whichever route Apple decides to take, time is right for the iPhone to make its enterprise move.

InfoWorld's campaign to "Save Windows XP"

I've been an avid reader of InfoWorld for as long as I can remember. It is one of the finest trade publications out there. In case you've missed it, they've been running an online campaign to "save Windows XP". A few weeks ago, they announced that 75,000 XP users had signed up for it (Read "75,000 demand Microsoft keep Windows XP going"). If you look at the numbers, it's a tiny fraction of the overall number of Windows XP users.
Update: The last update from InfoWorld is dated Feb. 28th- the number reported is 97,280.

InfoWorld says its readers want Microsoft to keep selling and supporting Windows XP indefinitely. Given that Windows XP was released back in 2001 - almost 7 years ago, is Microsoft wrong in ending support for a product that has certainly lived past its shelf life? If you work in the software industry, dealing with today's rapid-fire software releases, it's hard to imagine supporting something that old!

From Save Windows XP! The clock is ticking:

Millions of us have grown comfortable with XP and don't see a need to change to Vista. It's like having a comfortable apartment that you've enjoyed coming home to for years, only to get an eviction notice. The thought of moving to a new place -- even with the stainless steel appliances, granite countertops, and maple cabinets (or is cherry in this year?) -- just doesn't sit right. Maybe it'll be more modern, but it will also cost more and likely not be as good a fit. And you don't have any other reason to move.

Reading the above, you get the impression that somehow Microsoft can and is actually forcing existing users of Windows XP to stop using that OS past June 30th, 2008. That is completely untrue! All Microsoft is saying is - this product has reached its end of life, and we will stop selling it by that date. It really has no impact on existing users who want to continue using it.

The fact is: your licensed copy of Windows XP doesn't come with an expiration date.

If you have an XP license today, or buy one by that date, you can install it on any computer you buy two, five, ten, or any number of years from now, provided the hardware is compatible. This does not apply to OEM licenses sold to computer manufacturers like Dell, HP, or Gateway - which are tied to the computer they ship with.

Microsoft's Windows Lifecycle Policy: Selling Windows, And Supporting It

Microsoft's Windows Life-Cycle Policy states that:
- Direct OEM and retail licenses will be sold till June 30th, 2008.
- System Builder licenses will be available till January 31st, 2009.
- The policy further states that "licenses will continue to be available through downgrade rights available in Volume Licensing programs after end of general availability".

Though Microsoft will stop selling Windows XP based on the above timeline, support for the operating system isn't going to end when that happens. Microsoft Support Lifecycle explains Microsoft's support policies, including what mainstream and extended support mean. According to the Microsoft Support Lifecycle for Windows XP:
- Mainstream support will end on April 14th, 2009.
- Extended support will be available for five years from that date, till April 8th, 2014!

For a product with General Availability dating back to December 31, 2001, Windows XP doesn't seem like a product that's being retired prematurely.

On a second look, InfoWorld's case isn't so much for Windows XP, as it is against Windows Vista. Running alongside the Save Windows XP articles: Why people hate Vista and Time to dump Windows?.
Update: To be fair to InfoWorld, they've also recently published "How to deploy Windows Vista".

A quick look at some of the arguments against Windows Vista:

Vista a resource hog? Yes, Windows Vista requires more resources - and the last time I looked around, today's PC hardware was more than adequately equipped for Vista. Most decently-configured laptops, including the entry-level ones that sell for way under a thousand bucks, ship with dual-core processors and 2 Gigs of RAM. And under a thousand bucks get you what can be considered a state-of-the-art quad-core desktop with 3-4 gigs of RAM. In fact, a few weeks ago I was pleasantly surprised by the price of 4 Gigs of RAM for my laptop - $79!

Vista isn't designed to run on yesterday's hardware, and there's no reason for Microsoft to be apologetic about it. It's the same hardware + OS + apps purchase cycles we've been used to for a long time now. What do you want to buy the next time your three or five-year-old computer dies, or you simply get fed up with it and want something new? Do you look for a single-core Pentium 4 processor that can run Windows XP well - assuming you can find one? (As a sidenote, I'm writing this on a single-core Pentium 4 box running Windows Vista, and doing fine, thank you! I also had a 400-Mhz (yes, Mhz... ) PIII box with all of 256 Mb RAM running Windows Server 2003, AD, and Exchange Server 2003 for years, till it died last year.)

It's the same cycle as buying microwaves or vacuum cleaners - they get old, stop working, or simply get in the way and impair users' productivity. When that happens, you go out and buy a new one, generally in the same price range or perhaps a little cheaper, but something that has all (or most of) the bells and whistles - the right stickers, logos, and features that a contemporary microwave or vacuum cleaner would have.

PCs are no different. In fact, thanks to Murphy's Law and the underlying technology breakthroughs, we generally get a lot more bang for our buck with every upgrade cycle.

If your microwave/vacuum cleaner/PC isn't broken yet (or more importantly, if you aren't fed up with it, and it isn't getting in your way), there's really no reason to buy a new one. Unless you like buying new computers every couple of years, or sooner, and can afford to do so.

Drivers: Yes, drivers. Somehow Microsoft is to blame for the perceived lack of drivers. Personally, I haven't come across any piece of hardware recently - a display card, printer, or other peripheral that does not sport a driver for Windows Vista, or otherwise caused any compatibility issues. For most part, everything works out of the box.

Security: Security, you say. Seems like Windows Vista has proved its credentials on that front. Agreed, UAC can be a little annoying at times, and gives Apple a great talking point for its commercials, but that doesn't take away from the fact that Vista is a much more secure OS than Windows XP ever was. In fact, Vista does very well on this front compared to other OSes, including Apple's. Read previous post about the 6-month vulnerability report "Numbers talk: Vista most secure OS of all?", or grab the more current one-year vulnerability report.

User Account Control

It is easy to criticize the UAC feature without getting a good understanding of what it does and the problem it's intended to solve for IT departments. After years of extolling the virtues of not logging on using an account with administrator privileges for day-to-day stuff, I love UAC! It ensures administrator privileges are not available to your session all the time - even if you're logged in as an administrator. Not only does this protect computers from malicious code, it also protects users from themselves. When you do need to perform a task that requires administrator privileges, you are prompted for it.

Security has a cost - often measured in user inconvenience. Many security products and features come with some inconvenience to users. The argument shouldn't be about whether to have UAC, but about the ability to fine-tune it to an organization's security requirements. Arguably, this could be refined further to allow more granular control, but being aware of the options already available, including the ability to turn it off using Group or Local Policies helps.

The following graph from the one-year vulnerability report shows vulnerabilities found in Windows Vista, Windows XP, Red Hat Linux, Ubuntu, and OS X in the first year of release. It's clear what the numbers reveal, though many of us often tend to get more influenced by anecdotal evidence- particularly in this context.


Figure 1: Vulnerabilities found in Windows Vista in the first year of its release compared to other operating systems

Vista is slow: One of the more common arguments against Vista, slow is a relative term. Slow as compared to what? Running on the same hardware as my Windows XP computer, performing the same tasks, I haven't noticed this slowness. If you benchmark performance results, Vista can be proven to be slower than anything. The questions to ask: - When was the test conducted? What version of Vista? What kind of hardware? What kind of applications? And more importantly, how slow was it really?

Yes, you may lose a few percentage points in performance, but there are gains in usability and new features.

I wouldn't blame InfoWorld for wanting to ride the "Bash Vista" bandwagon - it's fashionable to do so. To our relief, there are some saner voices out there. Like InfoWorld's own columnist, J. Peter Bruzzese. Peter writes in his Enterprise Windows column - titled "Save XP? Why bother?":

The fact of the matter is, Vista is incredible. I've been working with it since Beta 3, and I won't return to that cartoon-looking XP for anything. Not only is it more secure than XP, it includes a host of invaluable new tools and applications (more on those in a bit).

Yes, Vista is more resource-intensive than XP. Yes, upgrading from XP to Vista requires putting some cash on the table. But Vista beats XP hands down, and the Save XP campaign amounts to unfairly criticizing Microsoft for adhering to a core capitalist practice: retiring an old product to sell newer, better ones.

That "yucky Windows"

My 4-year old son agrees with Peter's assessment about XP. For the few days that I had a loaner Media Center PC running Vista, not only did the little one get quite comfortable with it, he fell in love with it. When it was time to get my XP Media Center PC back from repairs, there were angry protests about having to deal with the "yucky Windows" (that would be XP!) that one doesn't ordinarily associate with someone his age.

Though a lot of it has to do with the aesthetics - the "X button that glows" when he wants to close a window and Gadgets that expand his vocabulary - isn't the UI and usability a big reason why we choose to use Windows and the exact topic Apple can't stop talking about when it comes to OS X?


Figure 2: Windows Vista's Media Center interface

I finally upgraded the box - the last one I had with Windows XP, to Windows Vista on the last day of 2007. The delay was in large part because of the vendor - name withheld, mislabeled the TV tuner driver, causing a lot of confusion amongst its customers.

As a sidenote to this sidenote, Media Center is probably the most mission-critical app of all, as far as end-users/home users are concerned... an email outage at work is probably something you can survive and live to tell the tale. A "TV outage" at home is an event unmatched in its criticality, perhaps deserving a designation higher than P1/S1.

What kind of supporters is InfoWorld touting with its Save XP campaign? Let's turn again to Peter's column:

If you read a lot of the comments that people have been adding on the Save XP pages, you might note that an awful lot of people say, "Go to Linux," or "That's why I use Linux." You know, I've never heard a Mac user complain about Apple or their Mac, nor a Linux user complain about Red Hat or whatever version they are using. That's not to say they don't have problems; they just keep the discussion among themselves. But they are having a field day watching Microsoft users fight each other. Ever think they're the ones stirring up this whole Save XP campaign?

Come on InfoWorld, it's time to give up the skepticism, and that childish campaign. Users are moving to and using Windows Vista, and that will only accelerate going forward, now that SP1 is here. Users and organizations who want to continue using Windows XP can take their own time to upgrade - Windows XP will still be available for the foreseeable future, and supported for a much longer period (as stated in Microsoft's product lifecycle policies referenced in this post).

Zenprise and the BlackBerry Blackout of 2/11/2008

At Zenprise, we do not revel in outages and issues that cause service disruptions or service deterioration for our customers. However, when such incidents do occur - whether in the Exchange messaging infrastructure or in BlackBerry service, we take pride in the fact that Zenprise is able to help customers by providing early warnings and timely alerts about such outages, or conditions that may lead to one.

The accolades are coming in, from customers and prospective customers alike. The difference between having Zenprise and not having Zenprise on the afternoon of 2/11/2008 couldn't be clearer.

An email from a satisfied customer - the Canadian subsidiary of a large consumer electronics manufacturer:

Dan, zenprise is amazing. For Feb 11’s network outage. I was alerted immediately. When I called Rogers, they are not even been informed by RIM at that time. Thanks for the good monitoring software.

Figure 1: The end-to-end view of BlackBerry service shown in the Zenprise Console. Alerts for connectivity issues to RIM's SRP network and a high number of pending messages for a user are displayed in the above screenshot of the User Dashboard

An email from another organization that was affected by the outage (not a Zenprise customer):

“After having to call 2 different carriers the other day and waiting on hold for about 20 minutes each, I am ready for a change. These IT engineers and managers that are at their laptop most of the time don’t understand how much our execs and sales people that are out on the road depend on their Blackberry. When RIM had the outage, our entire Management lead team was out of the office and every one of them only had their Blackberry with them. Needless to say, an hour after he called me the CIO was not too happy when I finally was able to give him a definite answer that the problem was with RIM’s network. I have been trying to decide whether to send your message up to him, but I think I just answered my question as to whether I should. I’ll get back to you within a week to give you an update.”

Not to forget the accompanying media attention:


BlackBerry Outage Caused by Upgrade

TMCnet: Zenprise on BlackBerry Outage


InformationWeek: RIM Confirms BlackBerry Outage, Investigates Cause


ZDNet Exclusive: BlackBerry outage indicated by IP address connect refusals


CNBC: BlackBerry Outage Caused by Upgrade


BlackBerry Outage Caused by Upgrade


InfoWorld: Outage knocks BlackBerry users offline


BlackBerry Cool: North American outage reported


PC World: RIM's BlackBerry Service Getting Back to Normal


BlackBerry outage leaves 8 million users disconnected


Why Your Blackberry Crashed



Outage blamed on upgrade

BlackBerry service out in N. America: Zenprise customers benefit from proactive detection

North American users of the ubiquitous BlackBerry service are hit by another outage - it's second major one in less than a year. The extent of the outage isn't known, nor an ETA available from RIM. Update: According to Bloomberg, 8 million users are impacted - about two third of its 12 million users.

Users of Zenprise for BlackBerry benefited again from the proactive troubleshooting approach of Zenprise, that can provide advance notifications for many issues before they turn into deterioration of service or outages impacting users. Zenprise notified customers about the outage at 12:26 PM PST, before wireless carrier AT&T learnt about it. More in "North American outage reported" on BlackberryCool.com.

The last major outage was back in April 2007, also automatically detected by Zenprise users (read previous post " Zenprise proactively detects BlackBerry N. America outage!").

Reuters has more (as do a lot of other web sites): RIM reports "critical" BlackBerry outage

Update: The outage ended at 6:45 PM Eastern, according to Bloomberg.

Sony Ericsson jumps on the Windows Mobile bandwagon with Xperia X1

If you're in the market for Windows Mobile smartphones, your choices are going to grow at a rapid pace this year. Amongst the more exciting announcements at the Mobile World Congress in Barcelona - Sony Ericsson's first Windows Mobile phone, the Xperia X1. Yes, Sony finally jumps on the WinMo bandwagon.

The Xperia X1's all-metal body fits an arc slider design, a QWERTY keyboard, a 3-inch wide WVGA screen (800x480, compared to the iPhone's 3.5 inch diagonal at 480x320), a 3.2 megapixel digital camera that also does 30fps vga video. The phone supports aGPS, WiFi, quad-band GSM/Edge and UMTS/HSDPA/HSUPA.

The X1 supports a Touch interface, in addition to a 4-way key and an optical joystick. At 17mm, it's not as svelte as the 11.6mm iPhone. However, if it's the convenience of a full QWERTY keyboard (as in a "hardware keyboard" you can actually type those reasonably long emails on), a fast 3G network, Windows Mobile OS and Exchange ActiveSync support for mobile email you're interested in, this certainly looks like one attractive device.

The X1 will be available in the second half of this year, and probably won't be tied to a single wireless carrier.

More X1 details, specs and pictures on the X1 minisite. Also take a look at this image gallery on Engadget Mobile. As usual, Engadget's doing great job of covering these events, and the accompanying avalanche of new products and announcements.

Zenprise alerts customer about data outage at AT&T

The end-to-end view of BlackBerry® service provided by Zenprise has always been of (a lot of) interest to me. Besides detecting specific issues impacting users, Exchange and infrastructure issues affecting BES, what has been particularly exciting is our ability to detect issues with RIM's SRP network, and also those with carrier networks in use by Zenprise customers.

Both of the above types of outages are rare, but when they do occur, the resulting user impact, help desk calls, and time spent troubleshooting before narrowing it down to RIM or the wireless carrier results in many wasted man hours.

Zenprise for BlackBerry has successfully detected (and provided advance warning for) a RIM outage in the past (read previous post: "ZDNet: Zenprise gave indications 2 hours before the BlackBerry outage").

Reproducing the equivalent of a RIM outage in a test environment isn't difficult, but how does one reproduce a carrier outage? Could we ask AT&T, Verizon or Sprint to turn off their wireless network so we can test Zenprise? Or just have them switch off the data network? Of course, there are other more realistic workarounds in test environments, but how do we validate this in real-world situations?

What just popped in this morning from my Google Alerts should make Zenprise, and our customers, very happy:

My company just installed the Beta Version of Zenprise Tuesday of this week. This morning we started getting requests where our Blackberry users were not able to send messages. Instead of our regular ‘reboot the BES to fix all’ process we normally would follow, I was able to see that the all the devices affected were from the AT&T network. I immediately contacted our AT&T rep and she was able to confirm an outage that was affecting the central and northeast regions. Although we have not purchased Zenprise yet, this was an excellent real life proof of concept of its ability to save my team hours of time troubleshooting.

More in Data outage nails AT&T subscribers

The Saga Continues: White House Says It Routinely Overwrote E-Mail Tapes From 2001 to 2003

The saga of Messaging Records Mismanagement continues, with interesting bits and pieces surfacing every once in a while. Elizabeth Williamson and Dan Eggen report in the Washington Post:

From 2001 to October 2003, the White House's practice was to use the same backup tape each day...

Although the White House said in the filing that its practice of recording over the tapes ceased after October 2003, it added that even some e-mails transmitted through the end of 2005 might not have been fully preserved. "At this stage, this office does not know" whether additional e-mails are missing, said the affidavit filed minutes before a court-ordered deadline of midnight Tuesday night by Theresa Payton, chief information officer in the White House Office of Administration.

Not sure if the email messages that "might not have been fully preserved" are part of the 5 million missing messages reported earlier.

Read "White House Says It Routinely Overwrote E-Mail Tapes From 2001 to 2003" on WashingtonPost.com.

Zenprise at Fenway Park: How the 2007 World Champion Boston Red Sox's IT Shop Keeps BlackBerrys in the Game

I haven't posted too many updates from Zenprise lately. Zenprise v3.3 will ship soon, and the regular stream of customers throughout the year has been a great validation of Zenprise's approach to monitoring and real-time troubleshooting of Microsoft Exchange Server and BlackBerry environments.

The exciting news - standing here during the attendee party at TechEd 2006, I couldn't have thought of this possibility. Yes! The Boston Red Sox became a Zenprise customer earlier this year (Go Red Sox!).

Al Sacco writes about the Red Sox's Zenprise experience in this CIO magazine article.

Excerpts:

Twenty-four/seven connectivity is a must for the 2007 world champion Boston Red Sox's behind-the-scenes champions, and the team counts on a mobile device management (MDM) product from Zenprise to ensure that its BlackBerrys never strike out.

"Within four days of having the product in, we were able to correlate root cause and be able to show ROI from that," Conley says. "Within a month, a problem that was ongoing for five to six months just disappeared." Better yet, he notes, fewer people were calling his team with problems. Instead, the Zenprise tool began offering early warnings on issues so he could report them to users before noticeable problems appeared.

Conley says that since the day his team installed Zenprise for BlackBerry, the Red Sox IT staff has been able to find root causes for every BlackBerry-related issue they've encountered, major or minor, and promptly address those issues with confidence that the suggested fixes will work.

Today, Conley has only one person who spends any of his time—a mere 10 percent—on BlackBerry support. Zenprise does the rest, he says. A year ago, two IT staffers handled BlackBerry support and the organization had only a quarter of the devices it supports today.

Read more on CIO.com: "Eyes on Zenprise: How the 2007 World Champion Boston Red Sox's IT Shop Keeps BlackBerrys in the Game".

Redmond on Exchange's Evolving Strategy

Tony Redmond outlines his perspective of how Exchange will evolve over E14 and onwards in this Windows IT Pro article. The key areas, according to Redmond, are automation, virtualization, mobility, Unified Communications, Information Management, and Software as a Service (SaaS). Read "Exchange's Evolving Strategy" on WinItPro.com (requires subscription).

Released: ForeFront Security for Exchange SP1

ForeFront Security for Exchange SP1 follows Exchange Server 2007 SP1 out the door. FSE SP1 is compatible with Exchange Server 2007 SP1. It includes support for Windows Server 2008, IPv6, and improved content filtering.

Exchange Server 2007 SP1 and ForeFront Security for Exchange

- Before you upgrade Exchange Server 2007 to SP1, make sure you either upgrade ForeFront Security for Exchange to SP1, or uninstall it.
- If ForeFront Security for Exchange is upgraded to SP1, you must stop all ForeFront services before upgrading Exchange Server 2007 to SP1.

Download it here.

Released: Exchange Server 2007 SP1

Great news, in words of Exchange TAP Program Manager David Espinoza: "Exchange Server 2007 SP1 has left the building". The "pack of goodies" is Build 240.06 - download it here.

(Read the announcement on the team blog, with feedback from TAP customers, including Zenprise.)

Congratulations to the Exchange product team for shipping an unusual service pack, loaded with improvements in performance, functionality, plenty of new GUI admin interfaces in the EMC (more details in "New Exchange Management Console Features in Exchange 2007 SP1"), and quite a few new features.

On top of the list for most folks is the eagerly awaited Standby Continuous Replication (SCR), which uses the Database Continuous Replication technology to replicate Storage Groups from clustered/non-clustered sources to clustered/non-clustered targets. Designed to provide datacenter redundancy - the source and target can be on different subnets, in different AD Sites altogether.

Additionally, LCR - used to replicate Storage Groups to another volume on the same server - no longer requires 2-3x the disk IOPS on volumes where the replica is stored. LCR can also use the Transport Dumpster now (restricted to CCR earlier).

Support for Windows Server 2008 also allows Exchange Server 2007 to leverage the new Failover Clustering features in the OS - allowing CCR clusters to span across subnets, making CCR clusters across WAN links easier to deploy.

Exchange ActiveSync (EAS) comes with plenty of improvements as well - users with WinMo (i.e. Windows Mobile) 6 devices will be happy. Administrators will like the number of new settings in ActiveSync policies that allow increased control of devices. (Read previous post "Exchange Server 2007 SP1: Take control of your Windows Mobile devices").

OWA users get Public Folder access, S/MIME support, Personal Distribution Lists, server-side rules, and monthly calendar views, amongst other improvements.

Complete list of features available in "What's new in Exchange Server 2007 SP1".

Make sure you read the SP1 Release Notes before upgrading.

Clichés aside, this is the best Exchange service pack ever.

Messaging Records (Mis)Management at the White House

ORDERED that defendants shall preserve media , no matter how described, presently in their possess or under their custody or control, that were created with the intention of preserving data in the event of its inadvertent destruction. Defendants shall preserve the media under conditions that will permit their eventual use, if necessary, and shall not transfer said media out of their custody or control without leave of this court.

In the continuing saga of what can be seen as MRM (Messaging Records Mis-Management), U.S. District Judge Henry H. Kennedy has issued the above temporary restraining order (