Microsoft and Research in Motion announce full BES support for Exchange 2010

Microsoft and Research in Motion have just announced full BlackBerry Enterprise Server (BES) support for Exchange 2010 - the earliest customers have been able to deploy BlackBerry smartphones with a new Exchange release— ever.

You'll need the just-released Update Rollup 1 for Exchange 2010, Exchange Server MAPI Client v6.5.8147, and BlackBerry Enterprise Server 5.01 Maintenance Release 1 (MR1).

More from Paul Bowden in BlackBerry Enterprise Server fully supported on Exchange 2010 on the Exchange team blog.

iPhone OS 3.1 Security Changes and Exchange ActiveSync Policy

Apple implemented device encryption in the iPhone 3GS, improving its odds of being considered for enterprise deployment.

However, users using Exchange ActiveSync (EAS) to connect to their Exchange 2007 mailboxes couldn't take advantage of it, even when encryption was required by an Exchange ActiveSync Mailbox Policy, because the device didn't tell Exchange it can support encryption.

With the latest iPhone OS 3.1 update, iPhones start identifying themselves correctly, and if the ActiveSync policy configured by the administrator requires device encryption (see Figure 1 below), data on the device is encrypted. That's great news— unless you happen to have an older iPhone. If you're using the (Original/Classic/2G/1G?) iPhone , or the iPhone 3G, and device encryption is required, you will be unable to log on to your mailbox.

This is great for iPhone 3GS users, who can now be more secure than they previously were. Users of legacy iPhones can either buy an iPhone 3GS to have their data stored securely on the device, or downgrade, somehow, to the previous version of iPhone OS. I'm not sure if a downgrade is possible, or if you'll need to take your iPhone to an Apple store to have it downgraded. (Incidentally, the iPhone user in the family was in no rush to upgrade to iPhone OS 3.1, and can't really stand Apple's iTunes software.)


Figure 1: Enforcing device encryption using an ActiveSync Mailbox Policy in Exchange 2007

News.com's Jim Dalrymple suggests in Apple explains iPhone OS 3.1 Exchange changes:

If you already upgraded to iPhone OS 3.1 on an iPhone or iPhone 3G and connect to an Exchange 2007 server, you can ask that the IT admin turn off the hardware encryption requirement for those devices.

Good luck with that!

Update: Interestingly, the above suggestion is actually what Apple recommends in its knowledgebase article TS2941: iPhone OS 3.1: 'Policy Requirement' error when adding Microsoft Exchange account. Specifically:

To reestablish syncing, have your Exchange Server administrator change the mailbox policy to no longer require device encryption.

In a nutshell— lower security to allow older iPhones to sync. If you use the same ActiveSync policy for all users, this also lowers security for all mobile devices in your organization!

If you want to read InfoWorld (the dabbling-in-sensationalism publication I call MAD magazine of tech journalism and others equate with tabloid journalism) executive editor Galen Gruman's - should I say, more strongly worded take on it, here it is.

It turns out that Apple's iPhone 3.1 OS fix of a serious security issue -- falsely reporting to Exchange servers that pre-3G S iPhones and iPod Touches had on-device encryption -- wasn't the first such policy falsehood that Apple has quietly fixed in an OS upgrade. It fixed a similar lie in its June iPhone OS 3.0 update. Before that update, the iPhone falsely reported its adherence to VPN policies, specifically those that confirm the device is not saving the VPN password (so users are forced to enter it manually). Until the iPhone 3.0 OS update, users could save VPN passwords on their Apple devices, yet the iPhone OS would report to the VPN server that the passwords were not being saved.

I resisted highlighting that entire quote. Needless to say, if this is indeed true and not merely InfoWorld's interesting interpretation and reporting of facts— it makes Apple's tall claims of being "highly secure by design" and "secure from day 1" across its product line (OS X, Safari browser, the iPhone and Apples online services) worth every bit of suspicion, skepticism, and scrutiny they deserve.

The InfoWorld article ends with:

IT organizations can also consider using third-party mobile management tools that enforce security and compliance policies; several now support the iPhone to varying degrees, including those from Good Technology, MobileIron, and Zenprise.

Although mobile device management products such as those mentioned above can make it cost-effective to manage large number of mobile devices, improve service levels, lower time to resolution, and to some extent help with securing them, I doubt any of them can actually determine if what the device reports about its capabilities or status is really true. To read rest of the article, head over to The other iPhone lie: VPN policy support on InfoWorld.com.

Does the iPhone meet the bar for enterprise deployment? Do you allow iPhone users to connect to your Exchange server?

UAE BlackBerry Update A Surveillance App

Unsuspecting BlackBerry customers in the UAE have been pushed out a surveillance app disguised as a BlackBerry update by telco Etisalat. Rather than improve BlackBerry handheld performance, the update emails received messages back to a central server! After downloading the app developed by Milpitas, CA-based SS8, a provider of communications intercept and surveillance solutions, users reported significantly reduced battery life, poor reception and in some cases, handsets stopped working altogether.

The telco in question calls it a "slight technical fault", saying that the "upgrades were required for service enhancements".

BlackBerry-maker Research in Motion said that it did not authorize the software installation and "was not involved in any way in the testing, promotion or distribution of this software application."

"Independent sources have concluded that it is possible that the installed software could ... enable unauthorized access to private or confidential information stored on the user's smart phone,' it said in a statement.

More in RIM Warns Update Has Spyware on WSJ.com.

Revealed: Windows Mobile 6.5, Marketplace, and MyPhone Service at MWC

The moment finally arrived. At a much anticipated press conference at MWC 2009 in Barcelona, Spain, Microsoft revealed Windows Mobile 6.5, the next version of Windows Mobile software that will power smartphones from many mobile headset manufacturers such as LG and HTC.

Microsoft also announced Windows Marketplace for Mobile, an app store that will provide Windows Mobile apps, and MyPhone, a service to synchronize data on your Windows Mobile phone to the web.

Google joins the Exchange ActiveSync bandwagon

Google is the latest addition in a long list of Exchange ActiveSync (EAS) licensees.

In what may be one of the briefest press releases ever, Microsoft announced Google's licensing Exchange ActiveSync as "a clear acknowledgement of the innovation taking place at Microsoft". Google will use ActiveSync for its Google Sync service announced today.

After Apple's embrace of ActiveSync for its iPhone, will Google add ActiveSync support to its Android mobile phone OS? The licensing agreement announced today does not cover Android, as CNET's Ina Fried reports in Microsoft, Google in rare technology pact.

McCain Campaign Sells Loaded BlackBerry Smartphones

As part of winding down operations, the McCain-Palin campaign ended up making yet another security foible - the campaign sold 10 BlackBerry smartphones without wiping them clean. According to Fox News, the devices with confidential campaign data on them were sold for $20 each. More in McCain Campaign Sells Info-Loaded Blackberry to FOX 5 Reporter.

SeaDragon Mobile: A Microsoft app for the iPhone?

A Microsoft App for the iPhone? Yes, that's right. LiveLabs became the first group within Microsoft to launch an application for the iPhone. It's called SeaDragon Mobile. It's available on Apple's AppStore. More on LiveLabs.com.

Congratulations America: Electing The Tech President

Earlier tonight, as the major networks called the election and Senator John McCain gave a graceful concession speech, history was made in more ways than one. Not only did the nation elect its first African American president, it also voted for what could potentially be one of the most tech-savvy administrations ever. It's great to see a candidate aspire to be the Tech President, as the Wall Street Journal notes.

The Obama campaign executed well on several fronts. BarackObama.com was voted as the best campaign website by the Web Marketing Association. Although his technology plan is not very different from Senator McCain's plan— Senator Obama unveiled his during a visit to the Google campus in Silicon Valley almost a year ago. The McCain plan was revealed in August 2008, a few weeks before the election.

The Obama campaign made impressive use of social media— blogs, abundant online videos, YouTube, Facebook, downloadable widgets, buttons, wallpapers, etc. have been communicating the vision of a more tech-savvy candidate for a long time. Gamers who fired up Electronic Arts' Burnout Paradise on their Xbox 360 consoles were greeted with a virtual billboard by the campaign. One can't help but wonder how the Obama campaign's iPhone app contributed to building an enviable online community, and the record online campaign contributions will make an interesting case study in innovative use of technology in a political campaign.

Undoubtedly, technology has played a crucial part in this campaign. The contrasts with Senator McCain's (with the deepest respect) "self-admitted computer ignorance" is striking. It's no surprise that the Facebook generation finds a candidate who has "never felt the particular need to e-mail" less appealing than the campaign they can connect with at the touch of a cell phone icon.

Congratulations, Mr. Tech President elect!

We can hope we won't be talking about missing email in the next four years.

T-Mobile G1: The 80s called...

The launch of T-Mobile's G1 phone, based on Google's Android OS, was arguably the biggest news event on the planet the day it happened. Although I'm mostly indifferent to Android, I couldn't help but chuckle at some of the media coverage and commentary.

Reader colamix comments on the G1 review on News.com:

The 80s called, they want their form factor back.

Engadget, on the G1's lack of a 3.5mm headphone jack:

Hey, that's pretty awesome that Amazon's thrown together an MP3 store app for the G1, isn't it? What would be even cooler still, though, is if you could actually listen to those tracks without a crazy dongle hanging off your phone.

Here in Silicon Valley, it's hard to avoid the myopic world-view of Google, Apple and other valley-based tech companies. San Jose Mercury News' Chris O'Brien tries to put things in perspective in "Why we'll all soon forget about Google's Android":

But isn't Android, the latest wonder to come tumbling out of the Google Innovation Factory, going to change the world? Or at least the world of mobile phones?

Nope. And Tan's response provides a little perspective on the immense hype Android has generated in Silicon Valley. Around the globe, Android is barely a blip on the radar. And that's unlikely to change.

Instead, expect Android to remain the latest in a long list of Google curiosities introduced amid great fanfare, only to quietly fade into the background.

Exchange Server 2007: Listing Exchange ActiveSync users and device information

In How to get a list of Exchange ActiveSync users we list EAS users on Exchange 2007. Some users may have more than 1 device, or perhaps the user simply got a new smartphone and the old device partnership has not been removed.

Output from Get-ActivesyncDeviceStatistics -mailbox [email protected]:

FirstSyncTime : 12/22/2007 1:34:10 AM
LastPolicyUpdateTime : 12/22/2007 1:34:43 AM
LastSyncAttemptTime : 1/14/2008 7:45:15 AM
LastSuccessSync : 1/14/2008 7:45:15 AM
DeviceType : PocketPC
DeviceID : *******************************
DeviceUserAgent :
DeviceWipeSentTime :
DeviceWipeRequestTime :
DeviceWipeAckTime :
LastPingHeartbeat :
RecoveryPassword : ********
DeviceModel : WIZA100
DeviceIMEI : ************21900
DeviceFriendlyName : Pocket_PC
DeviceOS : Windows CE 5.2.19134
DeviceOSLanguage : English
DevicePhoneNumber : 1650*******
Identity : [email protected]\AirSync-PocketPC-*******************************

The * characters in the Identity field are for the DeviceID.

Here's a a quick code snippet (it can probably be scrubbed up a little... ) that will list users and all their devices, along with first sync and last successful sync times:

$mbx = get-casmailbox | where {$_.hasactivesyncdevicepartnership -eq $true -and $_.identity -notlike "*CAS_{*"} ; $mbx | foreach {$name = $_.name; $device = get-activesync devicestatistics -mailbox $_.identity; $device | foreach {write-host $mbx.name, $_.devicemodel, $_.devicephonenumber, $_.deviceid, $_.FirstSyncTime, $_.LastSuccessSync} }

Update: 10/2/2008:
Making it more efficient: Filtering on the server-side using -Filter
Well, the above code could be scrubbed up a little. Rather than getting all mailboxes using Get-CASMailbox and filtering them on the client-side using the Where-Object cmdlet, a more efficient way of doing this is filtering on the server-side using the -Filter parameter, and getting only the mailboxes which have an ActiveSync device partnershp.

Yes, I've just realized HasActiveSyncDevicePartnership is in fact a filterable property, listed under Advanced Filterable Properties in Filterable Properties for the -Filter Parameter in Exchange 2007 SP1.

Here's the updated version:

$mbx = get-casmailbox -Filter {HasActivesyncDevicePartnership -eq $true -and -not DisplayName -like "CAS_{*"}; $mbx | foreach {$name = $_.name; $device = get-activesync devicestatistics -mailbox $_.identity; $device | foreach {write-host $mbx.name, $_.devicemodel, $_.devicephonenumber, $_.deviceid, $_.FirstSyncTime, $_.LastSuccessSync} }

The output looks like this:

Bharat Suneja WIZA100 16501231234 353B7ACF5014C020CE22CBF1DB7FFD92 11/5/2007 7:41:29 AM 12/20/2007 11:00:15 PM
Bharat Suneja WIZA100 16501231234 7E6B67F47DFD370E89BE13280A75EAA5 12/22/2007 1:34:10 AM 1/14/2008 7

Related posts and links

• Cmdlet: Get-ActiveSyncDeviceStatistics
  
• Cmdlet: Get-CasMailbox

HTC Touch Diamond: Cure for iPhone Envy?

While I was out at TechEd last week, the new 3G iPhone was announced. From the previous announcement, we knew it'll have EAS support. While many await the new EAS-capable, 3G iPhone, and yet many debate on whether it'll make inroads in the enterprise, there's something else on the horizon that's quickly becoming the object of desire for many folks. Yes, I'm talking about HTC's Touch line of Windows Mobile phones, and the HTC Touch Diamond.

Looks like an exciting new version of Windows Mobile? It's actually the current version of WinMo— v6.1. With HTC's own shell on top called HTC TouchFLO™ 3D. Yes, you can touch, swipe, shake, rattle, and roll. :)

A glance at the features:
- 2.8" LCD
- HSDPA connectivity
- 3.2 Megapixel camera
- 4Gb memory
- Integrated GPS

To top it all, the dimensions— it's 11.35 mm thin and weighs all of 110g, with batteries!

More info about the Touch Diamond on the HTC web site.

Engadget reports spotting the Touch Diamond at CompUSA. I'm waiting to get my hands on one of these.

Update: Available on CompUSA.com, unlocked, for $779.

India not looking to ban BlackBerry, keen to resolve issue

India's Dept of Telecom (DoT) says it has asked Indian wireless carriers to specify a timeframe by which they will resolve all security concerns. India is not looking to shutdown BlackBerry services, but it is keen to resolve the issue.

There has been a lot of speculation about the DoT having given a 15-day notice to carriers and RIM to allow snooping or face a shutdown. The Economic Times says "all players offering BlackBerry in India said that that the government had not issued any such directives."

Excerpt:

DoT is looking at various possibilities, including asking RIM to create a mirror image of all emails and data sent on these devices in India and store the information for at least six months to address the concerns of security agencies.

DoT is also looking at other options such as asking RIM to migrate all data traffic originating from Indian mobile networks to servers in India.

More in "DoT calls up BlackBerry providers".

India wants access to BlackBerry encryption algorithms to fight terrorism

India's half a million BlackBerry users may have to live with the prospect of the Indian government having easy access to their wireless communication.

India says it needs access to RIM's encryption algorithms, used to encrypt email sent and received by BlackBerry smartphones, to fight terrorism. The Indian government is delaying a license to offer BlackBerry services to wireless carrier Tata Teleservices, and may cancel the licenses already issued to other Indian wireless carriers— Vodafone Essar, Bharti Telecom and Reliance Communications, if RIM doesn't comply by March 31st. The Information Technology Act of 2000 provides the government of India the right to intercept electronic communications for security reasons.

It's no secret that terrorists are increasingly using the internet and email to communicate. Bringing BlackBerry handhelds under the scope of lawful interception shouldn't come as a big surprise, but it does pose interesting questions for RIM.

The Department of Telecom's intent and its notice to carriers is anything but abrupt. The DoT had requested access some time last year. The March 31st deadline is an extension to the earlier deadline of December 31st. DoT officials are meeting with carrier execs and RIM officials to resolve the issue.

More in "BlackBerry under security scrutiny in India" on washingtonpost.com.

What makes the whole episode more interesting are reports that the Indian government wants significantly weaker encryption keys to be used across the board. If true, this could make security of online banking and e-commerce transactions questionable, and may even pose threats to India's growing outsourcing sector. ISP Association of India President Rajesh Chharia says "Routine check-ups are fine with us since the issue is one of national security. All ISPs must, and will, cooperate. What is of concern, though, is the fact that we have been asked to reduce the encryption from 128-bit to 40-bit, which is ridiculous.” (More in "BlackBerry security issue makes e-com insecure").

As similar incidents involving India's bureaucracy have proven in the past, better sense does eventually prevail in India (Read previous post: "Update: India blocks access to blogs"), but not before giving massive doses of anxiety attacks to those concerned.

iPhone, meet Exchange: Apple announces Exchange ActiveSync support

Finally, Apple announces Exchange ActiveSync Support.

Phil Schiller, Apple's Senior VP of Marketing, announced minutes ago what many have suspected all along - Apple chose to go with Microsoft by licensing EAS. Schiller demonstrated EAS on the iPhone, including the ability to remotely wipe an iPhone.

Without taking names, Phil also criticized the BlackBerry approach of routing mail through its datacenter, and the accompanying risks and reliability issues. Devices compatible with EAS, including devices running Microsoft's Windows Mobile OS, can synchronize email, calendar, and contacts directly with an Exchange Server.

Terry Myerson, Microsoft's corporate VP for Exchange, met Schiller daily for 2 weeks to make the agreement possible. Says Myerson, "When it comes to mobile phones, Windows Mobile still delivers the premier mobile e-mail experience for Microsoft Exchange Server, by delivering the Outlook experience on a mobile phone and with the most complete support for Exchange’s many enterprise device management policies. But, we also partner with many mobile device makers – including Apple – and believe that by making Exchange an open platform, our customers and partners, ultimately, will be the beneficiaries."

Update:
- The new iPhone 2 firmware with ActiveSync support will be released in June.
- Apple is accepting applications for its iPhone Enterprise Beta Program

iPhone, meet Exchange: Will Apple make them talk?

March 6 is here, and the iPhone's software roadmap, including the much talked about "enterprise features" should be public in a few hours, along with the release or another announcement of the iPhone SDK.

In the past, there have been plenty of rumors and some "confirmations" about Apple having licensed Microsoft's Exchange ActiveSync (EAS) protocol (read previous post "Apple Licenses Exchange ActiveSync for the iPhone?"). If Apple does announce availability of EAS on the iPhone, will it become the new smartphone of choice in the enterprise?

It may not be an easy task. IT departments would need to be convinced about security and manageability of the device. Being the closed device that it has been since its inception, it will be interesting to see whether (and how) Apple provides this much needed control to IT.

ActiveSync isn't the only option available to Apple. iPhone users can use IMAP protocol to connect to mail servers that support it, including Microsoft Exchange. However, the experience isn't quite comparable to EAS or RIM's BlackBerry, and IMAP isn't supported in many organizations.

Given the high penetration of RIM's BlackBerry Enterprise Server (BES) in organizations world-wide, making a version of RIM's BlackBerry Connect software available on the iPhone would instantly make it much more attractive to enterprise users. BlackBerry Connect allows non-BlackBerry devices to work with BES (read previous post: "RIM does a BlackBerry on Windows Mobile").

Yet another option would be to buy or create its own middleware - the Apple version of a BlackBerry or GoodLink server. It's hard to see what Apple would gain with such an approach - it wants to sell more iPhones, not compete with the big boys RIM and Microsoft.

Another important question Apple will need to answer— will the iPhone finally become carrier-independent? Tethered to a single wireless carrier with a slow wireless data network, it is unlikely to get as serious a consideration as it otherwise would if IT could simply buy the device and configure it to work on any carrier - either out-of-the-box, or perhaps using a configuration tool provided by Apple. Apple's "fixed battery" approach isn't likely to win it many fans in IT, and has attracted lawsuits in the past.

Whichever route Apple decides to take, time is right for the iPhone to make its enterprise move.

Zenprise and the BlackBerry Blackout of 2/11/2008

At Zenprise, we do not revel in outages and issues that cause service disruptions or service deterioration for our customers. However, when such incidents do occur - whether in the Exchange messaging infrastructure or in BlackBerry service, we take pride in the fact that Zenprise is able to help customers by providing early warnings and timely alerts about such outages, or conditions that may lead to one.

The accolades are coming in, from customers and prospective customers alike. The difference between having Zenprise and not having Zenprise on the afternoon of 2/11/2008 couldn't be clearer.

An email from a satisfied customer - the Canadian subsidiary of a large consumer electronics manufacturer:

Dan, zenprise is amazing. For Feb 11’s network outage. I was alerted immediately. When I called Rogers, they are not even been informed by RIM at that time. Thanks for the good monitoring software.

Figure 1: The end-to-end view of BlackBerry service shown in the Zenprise Console. Alerts for connectivity issues to RIM's SRP network and a high number of pending messages for a user are displayed in the above screenshot of the User Dashboard

An email from another organization that was affected by the outage (not a Zenprise customer):

“After having to call 2 different carriers the other day and waiting on hold for about 20 minutes each, I am ready for a change. These IT engineers and managers that are at their laptop most of the time don’t understand how much our execs and sales people that are out on the road depend on their Blackberry. When RIM had the outage, our entire Management lead team was out of the office and every one of them only had their Blackberry with them. Needless to say, an hour after he called me the CIO was not too happy when I finally was able to give him a definite answer that the problem was with RIM’s network. I have been trying to decide whether to send your message up to him, but I think I just answered my question as to whether I should. I’ll get back to you within a week to give you an update.”

Not to forget the accompanying media attention:


BlackBerry Outage Caused by Upgrade

TMCnet: Zenprise on BlackBerry Outage


InformationWeek: RIM Confirms BlackBerry Outage, Investigates Cause


ZDNet Exclusive: BlackBerry outage indicated by IP address connect refusals


CNBC: BlackBerry Outage Caused by Upgrade


BlackBerry Outage Caused by Upgrade


InfoWorld: Outage knocks BlackBerry users offline


BlackBerry Cool: North American outage reported


PC World: RIM's BlackBerry Service Getting Back to Normal


BlackBerry outage leaves 8 million users disconnected


Why Your Blackberry Crashed



Outage blamed on upgrade

BlackBerry service out in N. America: Zenprise customers benefit from proactive detection

North American users of the ubiquitous BlackBerry service are hit by another outage - it's second major one in less than a year. The extent of the outage isn't known, nor an ETA available from RIM. Update: According to Bloomberg, 8 million users are impacted - about two third of its 12 million users.

Users of Zenprise for BlackBerry benefited again from the proactive troubleshooting approach of Zenprise, that can provide advance notifications for many issues before they turn into deterioration of service or outages impacting users. Zenprise notified customers about the outage at 12:26 PM PST, before wireless carrier AT&T learnt about it. More in "North American outage reported" on BlackberryCool.com.

The last major outage was back in April 2007, also automatically detected by Zenprise users (read previous post " Zenprise proactively detects BlackBerry N. America outage!").

Reuters has more (as do a lot of other web sites): RIM reports "critical" BlackBerry outage

Update: The outage ended at 6:45 PM Eastern, according to Bloomberg.

Sony Ericsson jumps on the Windows Mobile bandwagon with Xperia X1

If you're in the market for Windows Mobile smartphones, your choices are going to grow at a rapid pace this year. Amongst the more exciting announcements at the Mobile World Congress in Barcelona - Sony Ericsson's first Windows Mobile phone, the Xperia X1. Yes, Sony finally jumps on the WinMo bandwagon.

The Xperia X1's all-metal body fits an arc slider design, a QWERTY keyboard, a 3-inch wide WVGA screen (800x480, compared to the iPhone's 3.5 inch diagonal at 480x320), a 3.2 megapixel digital camera that also does 30fps vga video. The phone supports aGPS, WiFi, quad-band GSM/Edge and UMTS/HSDPA/HSUPA.

The X1 supports a Touch interface, in addition to a 4-way key and an optical joystick. At 17mm, it's not as svelte as the 11.6mm iPhone. However, if it's the convenience of a full QWERTY keyboard (as in a "hardware keyboard" you can actually type those reasonably long emails on), a fast 3G network, Windows Mobile OS and Exchange ActiveSync support for mobile email you're interested in, this certainly looks like one attractive device.

The X1 will be available in the second half of this year, and probably won't be tied to a single wireless carrier.

More X1 details, specs and pictures on the X1 minisite. Also take a look at this image gallery on Engadget Mobile. As usual, Engadget's doing great job of covering these events, and the accompanying avalanche of new products and announcements.

Zenprise alerts customer about data outage at AT&T

The end-to-end view of BlackBerry® service provided by Zenprise has always been of (a lot of) interest to me. Besides detecting specific issues impacting users, Exchange and infrastructure issues affecting BES, what has been particularly exciting is our ability to detect issues with RIM's SRP network, and also those with carrier networks in use by Zenprise customers.

Both of the above types of outages are rare, but when they do occur, the resulting user impact, help desk calls, and time spent troubleshooting before narrowing it down to RIM or the wireless carrier results in many wasted man hours.

Zenprise for BlackBerry has successfully detected (and provided advance warning for) a RIM outage in the past (read previous post: "ZDNet: Zenprise gave indications 2 hours before the BlackBerry outage").

Reproducing the equivalent of a RIM outage in a test environment isn't difficult, but how does one reproduce a carrier outage? Could we ask AT&T, Verizon or Sprint to turn off their wireless network so we can test Zenprise? Or just have them switch off the data network? Of course, there are other more realistic workarounds in test environments, but how do we validate this in real-world situations?

What just popped in this morning from my Google Alerts should make Zenprise, and our customers, very happy:

My company just installed the Beta Version of Zenprise Tuesday of this week. This morning we started getting requests where our Blackberry users were not able to send messages. Instead of our regular ‘reboot the BES to fix all’ process we normally would follow, I was able to see that the all the devices affected were from the AT&T network. I immediately contacted our AT&T rep and she was able to confirm an outage that was affecting the central and northeast regions. Although we have not purchased Zenprise yet, this was an excellent real life proof of concept of its ability to save my team hours of time troubleshooting.

More in Data outage nails AT&T subscribers

InsideMicrosoft: Windows Mobile 7 To Focus On Touch and Motion Gestures

I haven't written much about the exciting new developments with Windows Mobile, and the high expectations with it. Without a doubt, the iPhone has raised the bar a few notches, with typical Apple design finesse and consumer orientation (Yes, still no EAS, and still tethered to a really slow data network!). If you've been waiting to find out how Microsoft and Windows Mobile will respond to it, InsideMicrosoft has some interesting details and plenty of screenshots.

Purportedly from an internal Microsoft doc, so it's not really official, but the detailed descriptions and abundant visuals do appear quite real. Nathan Weinberg points out "the document appears to be from last summer".

More in: "Exclusive: Windows Mobile 7 To Focus On Touch and Motion Gestures"

Zenprise at Fenway Park: How the 2007 World Champion Boston Red Sox's IT Shop Keeps BlackBerrys in the Game

I haven't posted too many updates from Zenprise lately. Zenprise v3.3 will ship soon, and the regular stream of customers throughout the year has been a great validation of Zenprise's approach to monitoring and real-time troubleshooting of Microsoft Exchange Server and BlackBerry environments.

The exciting news - standing here during the attendee party at TechEd 2006, I couldn't have thought of this possibility. Yes! The Boston Red Sox became a Zenprise customer earlier this year (Go Red Sox!).

Al Sacco writes about the Red Sox's Zenprise experience in this CIO magazine article.

Excerpts:

Twenty-four/seven connectivity is a must for the 2007 world champion Boston Red Sox's behind-the-scenes champions, and the team counts on a mobile device management (MDM) product from Zenprise to ensure that its BlackBerrys never strike out.

"Within four days of having the product in, we were able to correlate root cause and be able to show ROI from that," Conley says. "Within a month, a problem that was ongoing for five to six months just disappeared." Better yet, he notes, fewer people were calling his team with problems. Instead, the Zenprise tool began offering early warnings on issues so he could report them to users before noticeable problems appeared.

Conley says that since the day his team installed Zenprise for BlackBerry, the Red Sox IT staff has been able to find root causes for every BlackBerry-related issue they've encountered, major or minor, and promptly address those issues with confidence that the suggested fixes will work.

Today, Conley has only one person who spends any of his time—a mere 10 percent—on BlackBerry support. Zenprise does the rest, he says. A year ago, two IT staffers handled BlackBerry support and the organization had only a quarter of the devices it supports today.

Read more on CIO.com: "Eyes on Zenprise: How the 2007 World Champion Boston Red Sox's IT Shop Keeps BlackBerrys in the Game".

Exchange Server 2007: How to get a list of Exchange ActiveSync users

Getting a list of actual Exchange ActiveSync (EAS) users was not an easy task with Exchange Server 2003, and certainly not one that could be accomplished in a hurry.

Yes, it indeed is a one-liner shell command with Exchange Server 2007:

Get-CASMailbox | where {$_.HasActiveSyncDevicePartnership} | select Name

10/7/2008:
Here's an updated version, which uses the -Filter parameter to filter recipients on the server-side:

Get-CASMailbox -Filter {HasActiveSyncDevicePartnership -eq $true} | Select Name

Related posts and links:

• Exchange Server 2007: Listing Exchange ActiveSync users and device information
  
• Exchange 2003 - Active Sync reporting
  
• More on Exchange ActiveSync Reporting with Log Parser - COM object available
  
• Exchange ActiveSync, ISA 2006 and Error 0x85010004
  
• Exchange Server 2007 SP1: Take control of your Windows Mobile devices
  

Zenprise in Network World's '9 Wireless Network Companies To Watch'

Zenprise was named as one of the '9 Network Wireless Companies To Watch' by Network World.

From Network World:

Why it’s worth watching: Zenprise for BlackBerry software was launched in February 2007. Two months later, when RIM’s North American BlackBerry network crashed, Zenprise customers were perhaps the only people on the continent who knew hours before anyone else that 1) there was a problem, 2) it was serious, and 3) it was in RIM’s NOC. What everyone else saw as a third-party service that customers were dependent upon, Zenprise understood to be a critical enterprise asset that customers needed to manage like any other. The software makes it possible to actually enforce service-level agreements and improve support to mobile e-mail users.

One more thing: iPhone's 33% cheaper in 10 weeks

Did you rush out to buy the cool new and way overhyped 8 Gb iPhone on Day 1 for $599? You must love Jobs' announcement this morning - the music player + cell phone + web surfing + email (sans Exchange ActiveSync, of course.. ) device just got a 33% price cut. You can now have it for $399!

No Exchange ActiveSync support announced yet - that's rumored to be in the works with another 33% price cut in early 2008... :)

Exchange Server 2007 SP1: Take control of your Windows Mobile devices

Microsoft announced availability of SP1 Beta 2 as a community technology preview (read Exchange product group GM Terry Myerson's post "Announcing Service Pack 1 Beta 2 for Exchange Server 2007"). Yes, the much awaited bag of goodies that SP1 promises to be is now within reach, if you're a TechNet Plus or MSDN subscriber.

SP1 greatly enhances policy-based control of Windows Mobile devices - ActiveSync policies now have enough settings to please most IT security folks and administrators who require more control over mobile devices.

Here are some screenshots.


Figure 1: The Password tab now allows you to enforce encryption on storage cards inserted in Windows Mobile devices



Figure 2: New Sync Settings tab allows control of messasge sizes (that can be synched to device), restrict synch when roaming, allow/disallow html mail on device, restrict attachment downloads and control attachment sizes (that can be downloaded). You can also control how many days/weeks worth of past email and calendar items can be downloaded to WM devices.



Figure 3: New Device tab allows control of device components like Wi-Fi, camera, removable storage cards, infra-red, and Bluetooth (including ability to limit Bluetooth connectivity only to hands-free headsets), restrict RDP sessions from device, restrict synchronization from a desktop, and restrict internet sharing from device.


Figure 4: New Advanced tab allows control of browser usage, consumer mail (i.e. home/personal email accounts), unsigned applications and unsigned installation packages, and also restrict which applications can and cannot run on a device, (comparable to some Group Policy settings that can be applied to Windows desktop/client and server operating systems)

As the screenshots above state, the settings on the Device and Advanced tabs require an Enteprise CAL for each mailbox that has these settings enabled.

Windows Mobile shops have a lot to be pleased about with SP1, as Exchange ActiveSync + Windows Mobile get ready to give BlackBerry a run for its money.

Xandros licenses ActiveSync and MAPI

Linux vendor Xandros has licensed ActiveSync and Outlook-Exchange Transport Protocol, formerly known as MAPI. This will allow its Scalix mail server to push email to Windows Mobile (and other ActiveSync-enabled) devices, and Microsoft Outlook clients will be able to talk to Scalix using their native protocol. InfoWorld has more: "Xandros expands Microsoft partnership".

Other ActiveSync licensees include DataViz, Nokia, Sony Ericsson, Palm, Motorola, and Symbian.

Whether Apple belongs to the above list of ActiveSync licensees has been the subject of never-ending speculation since before the launch of its iPhone cell phone + PDA + music player, which does have Exchange as one of the options for configuring mobile email, but is currently limited to using IMAP4 (read previous post: "Apple Licenses Exchange ActiveSync for the iPhone?").

Exchange ActiveSync, ISA 2006 and Error 0x85010004

When publishing Exchange ActiveSync with ISA Server 2006, you get an error 0x85010004 on the device. The error:

Result:
Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings. Contact your Exchange Server administrator.

Support code: 0x85010004

After hours of troubleshooting, deleting the ISA rule and recreating it, playing with the ISA web listener and Exchange's ActiveSync virtual directory settings, it turns out the server fqdn had a typo in the Public Name tab of the ISA rule. ISA responds to a HTTP request if the host header matches the Public Name - akin to host headers in IIS when publishing multiple web sites using a single IP address.



About authentication settings on the web listener: The same web listener can be used for publishing OWA and ActiveSync. The Authentication settings for the listener can be set to HTML Form Authentication. At first look, this doesn't seem too intuitive given Exchange Server 2003's issues with Forms-Based Authentication and Exchange ActiveSync (KB 817379: Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003), but it works.

Apple: Time to iPatch your iPhones

Within weeks of the iPhone's launch, it's time to patch your iPhones! Yes, Apple has released a bunch of fixes for Mac OS X and the just-launched iPhone. The iPhone patches get delivered to you next time you synch your iPhone with iTunes.

Apple's security woes: Has less than 7 days to fix iPhone vulnerability

The company that designs its products "to be secure from day 1" is facing some security headaches of its own.

First, the vulnerabilities in its beta release of Safari browser for Windows, ironically discovered on "day 1", within hours of Apple Wizard-In-Chief Steve Jobs announcing it with much fanfare (read previous post "Safari, Meet Windows: Apple's cool browser comes with security holes"). Followed up by vulnerabilities in its cool (but way-too-overhyped) new iPhone. On Monday, Independent Security Evaluators revealed a vulnerability and a "a proof-of-concept exploit capable of delivering files from the user's iPhone to a remote attacker".

Part of the interesting Q&A on ISE's web site (linked above):
Should I turn my iPhone off and lock it in a drawer until Apple fixes this?
Not unless you plan to do the same to all the other computers you own. The iPhone is an internet connected device running a relatively full featured software suite: this research shows that it is vulnerable just like many other similarly capable devices, both PCs and embedded systems.

Does this add credence to Apple's position that 3rd party applications are not allowed on the iPhone for security reasons?
We don't think so. Almost all of the security engineering effort on the iPhone seems to have been spent protecting the revenue model, rather than protecting the user (which is, of course, an entirely understandable position). For example, a constrained environment is used to prevent users from loading new ringtones onto the phone, but the applications are not run in a constrained environment to contain damage caused by hackers who exploit them.

ISE's Dr. Charlie Miller will reveal more details in a presentation on Monday (Aug 2nd) at BlackHat. Apple has fewer than 7 days to patch the iPhone, according to InfoWorld. More in this report "Black Hat spurs Apple to patch iPhone".

Rist's interesting take on iPhone and Windows Mobile

After having used (or should "played" be the word?) the iPhone over the weekend, I'm a little underwhelmed by it. Clearly the product doesn't quite live up to the hype and the aura surrounding it in Apple's commercials and on its web site.

Nevertheless, Apple has a good version 1.0 product on its hand, and many of its issues are easily fixable. Like the "Exchange" button that shows up as an option when configuring email, only to inform you that you need to have IMAP enabled on the Exchange server. The Exchange team blog clarifies the difference between iPhone's connectivity to Exchange using IMAP, and the ability of Windows Mobile/Exchange ActiveSync (EAS) to use DirectPush, amongst other benefits (read "Mobile Device Connectivity to Exchange using IMAP vs Exchange ActiveSync").

If you've ever used ActiveSync, you're not likely to cherish the iPhone's IMAP experience, for reasons mentioned by Paul Robichaux in "The iPhone and Exchange, Part 2".

Given the rumors about Apple having licensed Exchange ActiveSync that surfaced days before the product's launch, fueled further by the Exchange button on the iPhone, it's likely Apple did in fact license it but couldn't complete the code to meet its internal deadlines. Most speculate it will show up in a future software update - perhaps it'll be part of Jobs' "And one more thing..." announcements in one of his keynotes.

However, even with EAS ported to the iPhone, it's unlikely to be a device as manageable as one running Windows Mobile, and certainly nowhere near a BlackBerry. It just may be cool enough for everyone to want one.

InfoWorld columnist Oliver Rist has an interesting take on iPhone v/s Windows Mobile platforms. Excerpt: "Sure, Apple messed up the iPhone. Nothing ticks off the geek set more than a company promising great things with vagaries, then delivering lots of not-so-great specifics. Locked-down APIs mean no mobile app coolness for the foreseeable future, no hardware price breaks, a nasty phone plan relationship, and difficulty integrating with the desktop stuff with which the biz people like to integrate."

Rist is none too pleased with Windows Mobile either. His advice for Microsoft: Windows Mobile needs fixing, fast.

Apple Licenses Exchange ActiveSync for the iPhone?

Has Apple finally seen the light, and licensed Exchange ActiveSync from Microsoft? Will iPhone users be able to get Exchange email pushed out to their iPhones using DirectPush?

Gadget blog Engadget.com reports on rumors that indicate what many thought nearly impossible (but certainly something that would make a lot of sense for Apple - read previous post "iPhone buzz refuses to die down after a Mac-less MacWorld") may already have happened. Thanks to fellow Exchange MVP Dustin Smith for pointing this out.

Sounds interesting, but till this is confirmed by either Microsoft or Apple, rumor it is. Given Apple's tendency to keep such details secret, such an announcement or confirmation may not happen till the moment the device is released. The Engadget post claims it may be announced tomorrow. If it does indeed happen, the question most would want answered is - will it be available in the shipping version of the device on June 29th, or perhaps a downloadable update at a later date.

Update: ZDNet's Mary Jo Foley confirms it here: "The iPhone will be compatible with Microsoft Exchange, after all"

It's great to see Apple play nice with Microsoft - (ignoring iTunes and QuickTime), there's Bootcamp, the utility and drivers that allow Intel-based Macs to support running Windows in a dual-boot configuration, and Safari browser for Windows a few days ago.

iPhone with Exchange ActiveSync - sure sounds tempting!

French govt bans BlackBerry citing security risks

In an interesting twist, the French government has banned members and their advisors from using BlackBerrys, citing security concerns arising from the fact that data flows through servers in the U.K. and N. America. Says InfoWorld, "This concentration of data poses a threat to national security, according to Alain Juillet, senior economic intelligence advisor to the French Prime Minister, because of the risk of data interception".

Research In Motion, the Canadian BlackBerry-maker and service provider (email sent/received from/to BlackBerry devices flows through RIM's data centers), disputes that assessment, saying data is encrypted using 256-bit AES encryption - the origin of a message on RIM's network cannot be traced, the content cannot be analyzed even by RIM.

More details in InfoWorld's report titled "Update: Security risks prompt French BlackBerry ban".

Zenprise Wins Best Of TechEd 2007 Award

An interesting week in Orlando, as TechEd weeks generally are. The Zenprise team returned home with the Best of TechEd 2007 award! That's 2 years in a row - first time a start-up has won Best Of TechEd two years in a row! What's a cause for cheer for most of us - this time it's in the Mobility category, for Zenprise for BlackBerry! (Last year, Zenprise for Exchange won the Best of TechEd in the Messaging category - read previous post "Zenprise wins Best Of TechEd 2006 award").

It was great to see customers visibly excited about Zenprise for BlackBerry, and the new User Dashboard feature in Zenprise 3.1 (in beta right now, this is what attendees saw at our TechEd booth last week) promises to make the job of IT/messaging/mobility help desks a lot easier. For Exchange, the User Dashboard provides a quick snapshot of all the important user properties and real-time performance stats of a user's mailbox server. For BlackBerry, the User Dashboard shows BlackBerry Enterprise Server and BlackBerry device-related properties and performance stats, and also an end-to-end availability state for a particular user. The dashboard also enables instant testing of a user's device.

The rapid-fire software release cycles of our times means we're working on some exciting new features for v3.2, in our mission to go where no Exchange and BlackBerry monitoring & troubleshooting products have gone before. :)

WES 2007: RIM extends office phone sytems to BlackBerries

At its Wireless Enterprise Symposium - WES 2007 in Orlando, FL, Research In Motion announced the BlackBerry MVS (Mobile Voice System), a suite of products that extends enterprise PBX systems to BlackBerry devices, enabling users to have a single phone number and making BlackBerries part of the enterprise telephony eco-system - as extensions of their desk phones.

MVS allows users' BlackBerry devices and desk phones to ring at the same time, the ability to dial extensions from BlackBerries, make conference calls, and route outbound calls made from the device through the organization's PBX.

The system consists of:
1. BlackBerry MVS Client software installed on BlackBerry devices
2. BlackBerry MVS Connectors installed on an organization's BES (BlackBerry Enterprise Servers)
3. Ascendant Voice Mobility Suite (software gateway to PBX systems)

Interestingly, RIM will make these available later this month as free updates for existing BlackBerry devices and BlackBerry (Enterprise) Servers. (I'm guessing the Ascendant Voice Mobility Suite gateway for PBXes is what customers will need to pay for - Bharat)

More details on RIM's web site.

ZDNet: Zenprise gave indications 2 hours before the BlackBerry outage

Before the world knew: insider’s diary of BlackBerry service shutdown by ZDNet's Russell Shaw -- For two hours before the BlackBerry email outage two weeks ago, the Zenprise BlackBerry service monitoring system in place at the County of Alameda (Cal.) data center in the 1.5 million-populaton county seat of Oakland "gave us some indications connectivity was intermittent," senior server engineer Paul Hinsberg told me just a few minutes ago.

The engineer adds that as the afternoon progressed, the (scored) confidence levels of successful BlackBerry network connections as scored by Zenprise gradually descended from Very High-This Is Fixed to " 'I am completely sure I cannot connect. '"

Read the complete article (and get a glimpse of the performance chart from Zenprise for BlackBerry) on "The BlackBerry Beat" over on ZDNet.com.

RIM does a BlackBerry on Windows Mobile

Interesting announcement from RIM - it will offer the BlackBerry application suite for devices running Microsoft's Windows Moible 6, which will morph the Windows Mobile device into a BlackBerry at the touch of a button. Sort of.

Once installed, the application will provide users with a "virtual BlackBerry appearance" - including support for BlackBerry email, phone, calendar, address book, tasks, memos, browser, instant messaging, and other apps for BlackBerry. Users will be able to use BlackBerry email using a BlackBerry Enterprise Server (BES) or BlackBerry Internet Service.

According to RIM, this will expand user's device options.

Though Windows Mobile seems to be gaining ground slowly, the BlackBerry juggernaut seems to show no signs of slowing down - the growth pattern continues.

However, RIM does seem to be sending the signal that the device itself isn't as important. Not too long ago, it extended BlackBerry email functionality to devices running Palm OS, in partnership with PalmSource. Users addicted to the Palm OS can use BlackBerry Connect software on their Palm devices, and get access to BlackBerry email. With BlackBerry application suite for Windows Mobile devices, users of both the leading (non-BlackBerry) smartphone/PDA platforms will be able to get BlackBerry service.

Competing smartphone manufacturers have recently stepped into RIM's turf. Motorola's MotoQ smartphone (another over-hyped but mostly disappointing product, imo. I was without a cell phone for a week, and switched providers when Verizon launched the Q) introduced Windows Mobile users to the "thumb wheel". Used to easily navigate through a list of email messages using a thumb, it has been one of the more distinguishing features of BlackBerries. (Along with what may be the first QWERTY keyboard on such devices that allowed users to easily type entire email messages using a thumb, the thumb wheel is responsible for "BlackBerry Thumb" - a term used to describe the soreness caused by "spending hours on a hand-held email device").

RIM's own devices increasingly display more design savvy - they're getting thinner & sexier, sporting better displays and more consumer-oriented features like GPS, voice-activated dialing, and ability to play music and video clips. (I like the BlackBerry 8800. I've given up on Windows Mobile devices for now - after having tried a number of them over the past year or two. As of now, I don't carry any mobile devices other than a plain old cell phone. I'm looking for a Windows Mobile device that's compelling enough... hopefully it'll show up this year - Bharat)

Nevertheless, the lure of Windows Mobile will be hard to resist for users, and for organizations considering deploying mobile devices. It offers the familiarity of desktop operating system that most of us use - making users feel at home instantly. Windows Mobile OS gets better with every version, and its integration with Exchange Server's ActiveSync feature allows organizations to deploy mobile email without having to invest in separate servers like RIM's BlackBerry Enterprise Server solution does.

It will be interesting to watch how RIM's BlackBerry application suite for Windows Mobile 6 fares.

It will be a lot more interesting if RIM offers the "BlackBerry experience" on the-yet-to-be-released-but-most-hyped-product-on-earth - Apple's iPhone [read previous post - "iPhone buzz refuses to die down after a Mac-less MacWorld"], which lacks any business email features. But I'm not holding my breath just yet.

RIM Reveals Cause of BlackBerry Outage

Research In Motion finally provided more details about the cause of its 14-hour outage starting Tuesday night. You can read more about it on Russell Shaw's The BlackBerry Beat blog on ZDNet, or News.com (RIM offers explanation for massive outage), or the publication of your choice - it's all over the place.

Judging by the explanation, I'm not surprised it took them 2 days to come up with that statement. :)

RIM has generally offered a reliable service - one of the reasons it is so popular and has most business folks (including many government ogranizations) addicted to it.

System and network outages happen, despite our best efforts, tests, and investments in high availability and redundancy. Most users understand this -as long as outages are not the norm in a given environment. What annoys users is the lack of information. From the user's perspective, it's more about "tell me when it's broken, tell me you're working on it, and if/when you know it'll be up, let me know". However, this type of communication has been lacking in RIM's efforts.

I haven't been able to find anything related to the outage on RIM's support web site. (Maybe I'm looking in the wrong places... if you've seen something, please post a link in the comments - Bharat)

BlackBerry Outage Cause of a Break-up!

In an interesting twist on last night's BlackBerry outage at RIM, Network World's John Cox reports how the extended outage resulted in one user's girlfriend breaking up with him. After a bad argument the couple had earlier in the day, user Rafael Paz' girlfriend sent him a few emails. When she did not receive a response, she "called it off", according to Paz.

The article also provides other examples of how many users suspected "something was wrong" (as opposed to the early detection by Zenprise), and talks about how Zenprise watched the whole disruption unfold through one of its customers, the County of Alameda, Calif.

Read the complete article titled "In-depth: BlackBerry becomes Crashberry as RIM’s net fails for hours" on NetworkWorld.com.

Zenprise proactively detects BlackBerry N. America outage!

BlackBerry® users in North America were without email last night (Tuesday April 17th), thanks to an extended system-wide outage in Research In Motion's network that handles email.

Zenprise customers report that Zenprise for BlackBerry automatically detected this outage in the BlackBerry SRP network at 5:19 PM last night, and were able to pro actively inform users about the outage and its underlying cause!

Interestingly, I did not find out about this outage myself until early this morning, when CNet's News.com reported it (No, I don't carry a BlackBerry with me... - Bharat). The report has since been updated to reflect the changed condition - BlackBerry e-mail is back, but problems remain.

This is another example of how Zenprise products - Zenprise for BlackBerry and Zenprise for Exchange - help IT departments in early detection of issues in messaging infrastructure along with their underlying root cause, and get step-by-step resolution instructions to resolve the issue. To state this using some marketing buzz words - it's a pro-active way of managing IT (one that I hope will spill over to other parts of IT infrastructure in the future - Bharat).

Needless to say, we are "very excited" about these capabilities of Zenprise. :)

SearchCIO.com: BlackBerry troubleshooting a breeze for retail chain

SearchCIO.com just published this article by Andrew Hickey, titled "BlackBerry troubleshooting a breeze for retail chain", about how Zenprise for BlackBerry helps troubleshoot BlackBerry issues.

The level of interest of BlackBerry (Enterprise Server for Exchange) customers in Zenprise amazes me - needless to say, it's beyond my expectations... :)

John Dvorak: Apple should pull the plug on the iPhone

John Dvorak on the iPhone in his Second Opinion column titled "Apple should pull the plug on the iPhone": These phones go in and out of style so fast that unless Apple has half a dozen variants in the pipeline, its phone, even if immediately successful, will be passé within 3 months.

Interesting and opinionated, in a style that's unique to Dvorak, he adds - "What Apple risks here is its reputation as a hot company that can do no wrong".

Read the entire column on Marketwatch.com.

DST 2007: Heading into the weekend... list of relevant links

Some of us will probably be working on DST 2007 issues over the weekend.

Here's a list of some quick links to get you to relevant web pages for Microsoft KBAs, downloads, and BlackBerry DST 2007 resources.

(My list of DST 2007 posts can be accessed from the navbar link on the left side of this post - Bharat)

Windows OS Time Zone Updates:
1. 931836: February 2007 cumulative time zone update for Microsoft Windows operating systems, v6.5 date: 2/28/2007
Update 08/21/2007: KBA 931836 has been superseded by KBA 933360 August 2007 cumulative time zone update for Microsoft Windows operating systems. On 8/21/2007 this new KBA and the accompanying hotfix have been updated to include the following time zone changes:
Caucasus Standard Time: Display name changed, time zone changes removed
Armenian Standard Time: New time zone created
New Zealand Standard Time: DST start and end times changed because of new law passed in New Zealand after the Feb. 2007 Cumulative Timezone Update
GTB Standard Time: Display name for GTB Standard Time corrected to include Bucharest
Jordan Standard Time: Just like New Zealand, changes to DST start and end dates based on law passed after the Feb. 2007 Cumulative Time Zone Update was released.
2. 914387: How to configure daylight saving time for the United States in 2007 (For Windows 2000, WinXP RTM), v18.0 date: 2/28/2007

Exchange Server CDO Patches:
3. 926666: Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2, v12.3 date: 3/2/2007
4. 931978: Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 1, v3.0 date: 2/20/2007

Rebasing Tools:
5. Microsoft Office Outlook Tool: Time Zone Data Update Tool for Microsoft Office Outlook
TZMOVE.EXE version 1.0 2/19/07 8.3 Mb
6. Microsoft Exchange Calendar Update Tool
v2.0 KB 930879, 2/21/2003, 253KB
7. 933146: Description of the hotfix package for the Time Zone Data Update tool for Microsoft Office Outlook, v1.1 date: 2/28/2007
8. DST Virtual Machine image v1.0 : Virtual Machine for Microsoft Exchange Calendar Update Tool (still v1.0 of the tool last time I checked - Bharat)
9. DST Update for Windows Mobile PocketPC

HOW TO Articles:
10. 930879: How to address daylight saving time by using the Exchange Calendar Update Tool
v17.0 date: 3/1/2007
11. 931667: How to address the daylight saving time changes in 2007 by using the Time Zone Data Update Tool for Microsoft Office Outlook, v9.0 date: 2/27/2007
12. Prepare Outlook calendar items for daylight saving time changes in 2007

Issues:
13. 932599: Information Store database does not mount with Event ID 9519 and 9518, v6.0 date: 2/28/2007
14. 930241: The Exchange 2003 database does not mount, and event IDs 9518 and 9519 are logged in the Application log – HOTFIX for same issue as KB 932599, v3.0 date: 2/23/2007
15. 912918: Users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003, v13.0 date: 2/15/2007

Misc.:
16. Preparing for Daylight Saving Time changes in 2007, Last Reviewed: 2/26/2007
17. Exchange Server and Daylight Saving Time (DST) 2007 - Scott Schnoll

BlackBerry:
18. Daylight Saving Time 2007 resource page on BlackBerry.com
19. Updating your BlackBerry Environment to Support DST 2007 Changes (detailed PDF Doc on blackberry.com)
20. RIM "Set Send As" Permission tool
21. RIM's DST 2007 Query tool (queries BlackBerry database for hand-held device versions)

iPhone buzz refuses to die down after a Mac-less MacWorld

The furore surrounding Apple's iPhone announcement refuses to die down (depending on whether you're a faithful Mac/iPod user wedded to Apple, a Microsoft-basher - and there's no dearth of these - or not). However, sanity seems to be returning to the world. The fact is, what many consider to be the sexiest phone ever to show up on the planet won't actually be available for a few more months.

Though nowhere close in magnitude, the pre-launch hype does remind me of another phone (that I couldn't stand after a couple of days but had to endure for a week) - the Moto Q.

What got a lot less attention amidst all the iPhone fanfare was the change of name that the company formerly known as Apple Computer, Inc. went through - they struck out the word computer from the name, so it's now Apple, Inc. Nice! Don't let that make you think - even for a moment - they'll stop making great-looking computers and a cool-looking OS to go along with it. However, it certainly signals Apple's serious bid for the home entertainment and consumer electronics kingdom, much more than the rapid-fire iPod releases did over the past 5 years.

Paul Thurott's newsletter title puts it quite succinctly - "At Mac-less MacWorld, Apple Completes Transition to Consumer Electronics Company".

As long as Apple doesn't pack up its bag of toys and leave the personal computer business altogether, and there are no such indicators that it will, I am all for this change.

Don't get me wrong - I've loved Apple products for as long as I can remember now, and this official entry in the consumer electronics space gives Apple another opportunity at showing off its excellent design finesse. I've been seriously considering buying a MacBook Pro laptop to run Windows Vista, and am probably the first and perhaps the only person not known to the world (until now) to have run Active Directory and Exchange on an Intel-powered Mac Mini! :)

I've loved their creativity, their stress on simplicity in product design (just ask the thousands of die-hard Apple fans), their advertising, and - not to forget - their cool product names. They own the entire stack - the hardware, the OS, most peripherals that really sell, and many cool apps as well. They charge a premium for their product, and get it.

However, Apple has never really made any serious attempts at targeting enterprise/business customers. Though they've recently started making forays into that space with servers, storage, et al, and the current flavors of Mac OS are based on Unix, they don't seem to have met with any significant success.

The iPhone is a perfect example of why Apple isn't so wildly popular in the enterprise. All they needed to do to ensure it is a device most Blackberry and Treo-toting execs, VPs and management types would consider or actually crave for was to make it work with Exchange Server's DirectPush / Exchange ActiveSync. Popular consumer electronics blog Engadget.com asks: Will the iPhone support Exchange Direct Push? We can speculate all we want about why Apple chose not to do that, or if they actually had a choice.

In his MacWorld keynote, Steve Jobs did claim the iPhone will support many different email systems - including Exchange. As long as you use IMAP.

Or you could switch to using Yahoo Mail if you really want push email so bad.

Thanks, but no thanks Steve! :)

Verizon first (and exclusive) with Moto Q

In one of the most anticipated product launches since about a year (for smartphone/Windows Mobile geeks anyway!), it appears Verizon will be the first and - for a while at least - exclusive provider to sell Motorola's new Moto Q smartphone.

Labelled as the "Blackberry Killer" ever since rumors and early details/photos appeared about a year ago (if I remember correctly, we were talking about Windows Mobile 5.0, and awaiting the release of Exchange Server 2003 SP2 which would bring the fruits of DirectPush to push email to Windows Mobile handhelds back then... ), the Moto Q will finally make an appearance sometime next week.

For what it's worth, the Moto Q is one sexy gadget. I haven't actually held one in my hands yet, but do look forward to the Razr-slim device - .45 inches thin - with a usable QWERTY keyboard and even the thumb-wheel navigation mechanism that's been sort of a trademark of the Blackberry devices.

Having recently used a Cingular 2125 and an Audiovox SMT5600 not very long ago, and being somewhat of a Blackberry fan (pre-Exchange ActiveSync and DirectPush) before that, I felt terribly "Blackberry-sick" with the smartphone devices that didn't offer a keyboard. Incredibly difficult, if not impossible, to type a simple one-liner email on those things!

I am out of a cell phone for over a week now - and surviving very well, thank you! Now it makes sense to not rush out and get a new one today or over the weekend, but wait for the Moto Q next week. Yes, that would require me to switch cell phone providers as well, something I don't mind doing if the Q turns out to be everything Motorola and the number of enthusiast web sites promise it will be.

Check out the Moto Q teaser page on Verizon's web site:
http://www.vzwshop.com/q/

Whether the Q actually turns out to be a "Blackberry Killer" remains to be seen.

New Exchange fixes change permissions model, may disrupt Blackberry, Goodlink, and other services

A recent change in the Exchange permissions model may disrupt Blackberry, Goodlink and other services. Many folks may have already applied hotfixes that changed the behavior of "Send As" and "Full Mailbox Access" permissions. Here's a brief overview.

What: Separation of "Full Mailbox Access" and "Send As" permissions.

Why: Earlier, users with "Full Mailbox Access" permission on a mailbox were implicitly provided the "Send As" permission. This allowed them to send mail as that user. Services like Blackberry Enterprise Server and Goodlink commonly use Full Mailbox Access to be able to send mail as a user. This was a security issue for many customers and the permissions needed to be separated. With this change, users/services will now explicitly need "Send As" permission on a given user's mailbox to be able to send as that user.

Which versions: The above change was applied to the STORE.EXE file. You can tell by the version of STORE.EXE - if the version you have is equal to or later than the following, this change has already been made in your environment.
- Exchange 2000 SP3: version 6619.4 or later (first made available in hotfix KB 915358)
- Exchange 2003 SP1: version 7233.51 or later (first made available in hotfix KB 895949)
- Exchange 2003 SP2: version 7650.23 or later (first made available in hotfix KB 895949)

(Note About Today's Security Bulletin MS06-019: The security patch released today in Microsoft Security Bulletin MS06-019 also contains this fix for Exchange Server 2003 SP1. If you use Microsoft Update on your Exchange Servers, this will be applied as part of critical fixes. If you're on Exchange Server 2003 SP2, the SP2 version of the patch does not update Store.exe).

Do I need to do anything?: If your users or accounts used by services like Blackberry or Goodlink need to impersonate the user and use the "Full Mailbox Access" permission to do so, they will need to be assigned "Send As" permission explicitly.

Microsoft has included a script in KB 912918 that will dump all user accounts that have "Full Mailbox Access" permission. You can browse through the list and determine if any of those accounts need to impersonate users and therefore explicitly require "Send As" permission. You can then use the script to assign "Send As" permission to those accounts.

Are there any exceptions?: Yes, indeed. The following are exceptions where "Send As" permission is not required:
- the mailbox owner does not require "Send As" permission on its own mailbox
- Associated External Account - typically used in cross-Forest scenarios and while you're in mixed-mode with accounts in a NT 4.0 domain and Exchange in an AD Forest
- a delegate account that also has "Full Mailbox Access" permission

Treo 700 - a wish come true

When I first saw the Treo - then from Handspring, a company started by ex-Palm folks that was later acquired by Palm - I instantly fell in love with it. It had a great color display and a very usable keyboard. The part I didn't fall in love with was, of course, the Palm OS. Only if this thing ran Windows Mobile... (not sure if it was called called Windows CE/Pocket PC back then... ).

It's the same feeling I get when I lustily look at the shockingly well-designed products from another of Microsoft's competitors - Apple. I would run out and buy a Mac Mini if it ran Windows XP Media Center - the perfect form factor and looks for a media center, imo. And if the PowerBooks and iBooks ever ran Windows, those would be the only laptops I'd ever use.

Well, seems like the first wish has already come true. Last week Bill Gates & Palm's Ed Colligan announced the Treo 700 - a Treo that runs Windows Mobile. What probably accelerated Palm's move to Windows Mobile is probably PalmSource - the Palm spin-off that develops Palm OS - being snapped up by a Japanese computer company.

It'd be interesting to see how the Treo 700 stacks up against Redmond's current favorite smart-phone, the Audiovox SMT5600. With Motorola's Razr going Windows Mobile (is that really true??) soon, we'll have lots of cool Windows Mobile devices to choose from some time early next year.

With the Treo out of the way (or rather, hand in glove with Microsoft), I am looking forward to Intel-powered Macs next year. Who knows - it may be another wish come true!