Provide Feedback on this Broadcast

Note This document is based on the original spoken WebCast transcript. It has been edited for clarity.

Evan Dodds: My name is Evan Dodds, and I am a technical lead in the admin group. Most recently I've been working with the SP1 project. Today, what we're going to do is talk about SP1 from an overview perspective.

(Slide 2) Our objectives are to provide information about what's new in Exchange 2003 SP1, and also in Web Release (WR) 1, which released at the same time, and is available for download on the Internet. And in doing so we'll hopefully demonstrate that there is some functionality and changes that make the upgrade to Exchange 2003 SP1 worthwhile.

(Slide 3) The way we'll approach this is, first of all, we'll talk through some of the overview aspects of SP1, the important new features in the SP1 release. Note that we're not going to talk today about site consolidation. This is a very big part of SP1. In fact, it's so big a part of SP1 that we have a separate WebCast set aside to talk about site consolidation. So, all the things that we talk about today won't really apply to site consolidation. We'll talk about the rest of SP1.

After we're done with that, we've move on and talk about some of the new and updated Web release utilities in WR1. Then at the end we'll have a question-and-answer session.

(Slide 4) What is Exchange 2003 Service Pack 1? The goal of Service Pack 1 really was to address many customer-requested functionality changes since the Exchange 2003 release. Some of those are new features; some of them are fixes. We'll go into specifically what some of those are in the next couple of slides.

(Slide 5) One major new feature of Exchange 2003 Service Pack 1 is the addition of the Recover Mailbox Data wizard. This is something that is based on the Recovery Storage Group concept. Recovery Storage Groups, as you know, were introduced in Exchange 2003 RTM, about a year ago.

This allows us to eliminate the need to use Exmerge to recover mailbox data from Recovery Storage Groups. Before Exchange 2003 Service Pack 1, after you've gone through the Recovery Storage Group process and you have restored the database, you'll need to use the external Exmerge tool to pull that data out and bring it back into the production databases. So to make this process a bit easier, we've added into the interface the functionality provided by the Exmerge tool.

This is now available from the Exchange System Manager GUI. When you're inside the Recovery Storage Group Mailboxes node, you'll see that there is an Exchange tasks option. Previous to Exchange 2003 Service Pack 1, the Exchange tasks option was unavailable when you were inside the Recovery Storage Group. Now what we have is a function to recover the mailbox data while you're inside that Recovery Storage Group. You'll see that it's very similar to doing a Move Mailbox. The interface is quite similar to the Move Mailbox interface.

A couple benefits of this added functionality are it does not have the 2-GB limitation that Exmerge has. So if you have very large mailboxes, it will make it easier to recover those mailboxes directly through the GUI.

We also have two options with the Recover Mailbox Data wizard. We have the Merge option and the Copy option. Each of these has a different use. The Merge option is what you would generally prefer to use if you are doing a full database recovery. Say you have lost your entire mailbox store and brought up a blank dial-tone database. After you have recovered to the Recovery Storage Group and swapped the databases for the documentation, what you would now do, instead of using Exmerge, is use the Merge option. And it would bring all of the mail from your Recovery Storage Group directly back into the original mailboxes and the original store, and to the original folders, ensuring that there are no duplicates created.

The Copy option is what you would use if you were to perform a single message-type recovery. If the CEO of your company loses a very important message and needs to have it recovered, now you can use the Recovery Storage Group and bring back in the messages using the Copy option, which will bring all of the messages from the Recovery Storage Group into a subfolder inside the original mailbox. So it won't affect any of the additional messages inside your production environment. It will just give them the opportunity to have all of the data from the backup dropped into their mailbox.

There is more information on this Recover Mailbox Data Wizard in the planning guide, in chapter 7, called "Storage Features." The current planning guide was updated at the end of May, along with the release of Service Pack 1. There's a bit of information on this new functionality and how to use it.

(Slide 6) The next thing that we'll talk about is the managed RPC/HTTP or RPC/HTTPS topology. This lets us automatically configure some aspects of the RPC/HTTPS topology. Before Exchange Server 2003 Service Pack 1, it was definitely difficult in many environments to get RPC/HTTPS working properly. It was a fairly complicated process.

With Service Pack 1 we've introduced some functionality that will allow you to manually set and maintain the RPCProxy ValidPorts registry key. That's of course the registry key on the front-end server that controls which back-end servers can be contacted. To use this new functionality, this managed topology, you need to have your RPCProxy server running Exchange Server 2003 Service Pack 1 on a front-end Exchange Server.

The back-end, in a managed RPC/HTTPS topology, can be Exchange Server 2003 RTM or Service Pack 1. So only the front-end has to be upgraded to Service Pack 1 to support this new functionality.

This is configured through the Exchange System Manager GUI on the Properties of the server. There is a new tab, RPC/HTTP, that will allow you to configure that it's either not part of a managed topology, or it's a managed front-end or back-end server, depending on whether the server itself is a front-end or back-end server.

It requires a separate front-end and back-end server. You can still use RPC/HTTP with a single-server scenario, such as a Small Business Server (SBS). Or, if you only have one server and no front-end servers, you can still use RPC/HTTP. But the managed topology functionality, which is new with SP1, will not benefit you in that scenario. So in that case, you will still need to go in and configure that on your own to get the ValidPorts key configured properly.

(Slide 7) Some more on this topic - you want to make sure, when you configure your managed topology, that you configure your back-end server first. If you configure your front-end servers first, you may run into some trouble. What happens is that the front-end servers, when they're configured to be managed topology servers, scan the Active Directory® on a very regular, periodic basis, and they look for managed back-end servers that they can add to their ValidPorts registry key. This is the reason why you need to have the RPCProxy running on an Exchange 2003 Service Pack 1 front-end server. That automatic update of the registry key only happens if it's running on an Exchange 2003 Service Pack 1 front-end server.

If you configure your front-end servers first, particularly if you already have a valid RPC/HTTPS topology in place, what will happen is, if there are no back-end servers already configured in your organization to be managed back-end servers, then when the front-end server, which has now been configured as a managed server, scans the Active Directory looking for back-end servers to add to the registry key, it will find none. When it finds no back-end servers to add to the registry key, it will blank out the registry key. Even if you have an existing registry key containing valid information, that key will be blanked out if you configure the front-end servers first.

What we you want to do is make sure that you always configure your back-end servers first. This can be kind of a hassle if you have a lot of back-end servers to add. So someone in PSS has put together a script that will automatically add all of the existing topology information from your existing RPCProxy front-end server. It will take that information and touch each and every back-end server listed in that registry key to enable the managed topology automatically.

The name of this tool is TopoManager. It's a Visual Basic® script. You can get it either from PSS, or it's available through downloads directly from the Internet, and there will be some links we can talk about at the end of the presentation that will point you to that.

Another big change from the managed RPC/HTTP topology in SP1 is that global catalog servers are no longer published, only back-end servers. That can be inferred from the discussion we were just having with configuring the front-end servers and the back-end servers. There is no discussion of configuring global catalog servers.

What happens now in Service Pack 1 is when a connection is made to this back-end server running Service Pack 1, and that connection comes across the ncacn_http endpoint, the SP1 Exchange 2003 server is smart enough to know that that's a special RPC/HTTP connection. Instead of referring the Outlook® client to a global catalog server for its directory lookups, Service Pack 1 now refers the Outlook client directly to DSProxy on its own server, on itself. Then DSProxy is used directly, instead of referral to a separate global catalog server.

What this means is when you look at your connection status, after you have a connection to a Service Pack 1 back-end server over RPC/HTTP, you will see only your mailbox servers and public folder servers listed. You will see no global catalog servers in the list.

A note to that, your global catalog servers still need to be running Windows Server™ 2003. Note also that there is an RPC/HTTP deployment scenario side, which will help you get all of this configured and talk about the new functionality.

(Slide 8) Also new in Exchange Server 2003 Service Pack 1 are some updates to the ADC tools. The ADC tools have been modified to allow more control over creation of connection agreements. Specifically, in the 2003 release of the ADC tools a year ago, one common complaint was that when creating connection agreements with the ADC tools, when you created your connection agreements, it would provide you the list of connection agreements it was going to create, but you had no opportunity to review these connection agreements. Immediately upon their creation, because they had a schedule of Always, what would happen is those connection agreements would run, even before you had an opportunity to review them.

In Service Pack 1, what we've done to the ADC and ADC tools is we've provided the ability to specify override values prior to creation of the CA. The example here would be inside the CA_Defaults.xml file, which is a new file, which you'll find in the directory along with the ADC binaries. That file has some sample values in it, and you can specify a number of different values. We'll talk about activation styles, because that's probably the most common example people are interested in.

What you can do is specify activation style as a particular attribute inside that .xml file, along with what you want the default value to be. For instance, maybe you'd want that value to be zero, so it wouldn't schedule it for Always. So if you configure your CA_Defaults.xml file with an activation style of zero, when you run the ADC tools, if it creates new connection agreements for you, those new connection agreements will have the activation style set to whatever this override default value is. So in that case, setting it to zero, you would have an opportunity, prior to first run, to take a look at those connection agreements with schedule set to Never.

After you've created a number of connection agreements with an activation style of Never, you'll find that it's kind of a hassle to back through the GUI and set the schedule to Always. If you have a dozen or two dozen connection agreements, it can be a hassle to go through them one at a time. So the next item listed here, new in Service Pack 1, is this Activate_Cas.vbs file. This is a script that makes it quite simple to update your activation style from Never to Always.

(Slide 9) What's new in Outlook Web Access, let's talk about that. There are several new Outlook Web Access spelling check languages. The list is on the screen here: Arabic, Danish, Dutch, Finnish, Hebrew, several Norwegian languages, and Swedish.

There is something new with Exchange 2003 Service Pack 1 clustering. In Exchange, we can now have multiple MAPI public folder stores per cluster. Previously, what would happen is that if we had a cluster with two nodes, four nodes, even eight nodes, you could only have a single MAPI public folder store, in the MAPI public folder tree, in that cluster.

Now, in Service Pack 1, is if you have clusters that have more than two nodes, we will allow you to create additional MAPI public folder stores per cluster, one per Exchange virtual server. This is because in Exchange Server 2003, as in Exchange Server 2000, if you have a cluster with three or more nodes, we do not allow more than one Exchange virtual server to run concurrently on the same node at the same time.

In the two-node active/active case, you may have more than one Exchange virtual server running on one node at the same time. That is the scenario where multiple MAPI public folder stores would not work. So in Exchange 2003 Service Pack 1, we've removed that block of creating multiple MAPI public folder stores, as long as you have more than two nodes in your cluster. A three-node, four-node, five-node, six-node, seven-node, or eight-node cluster will now have this new ability to create multiple MAPI public folder stores per cluster.

(Slide 10) Mobility and Lotus Notes connector: We've added some additional languages to Outlook Mobile Access. Again, they're on this slide. You'll see we now have support for Czech, Hungarian, Polish, Russian, Basque, Catalan, Finnish, Greek, Norwegian, Turkish, and Swedish.

Device Update #4, an additional device update for Outlook Mobile Access, ships with Exchange Server 2003 Service Pack 1. It adds support for additional Outlook Mobile Access devices.

From the Lotus Notes connector, we have now added support for the Lotus Notes R6 client.

(Slide 11) ESE is the database that is used for Exchange Server. In Exchange Server 2003 Service Pack 1, we've made a change to the ESE format to deal with a fairly common scenario. We now support error correction, ECC, of single-bit checksum errors.

Commonly, you'll experience this as a -1018 error. That's the common symptom that you'll see that indicates you have a checksum error. Generally, in almost all cases, these errors are caused by hardware problems, either impending hardware failure or problems with firmware and that sort of thing.

Previously, any checksum failures that led to a -1018 required that you either repair or restore your Exchange database that encountered that symptom, no matter how bad the error was. It could be a single-bit error. It could be many, many bits in error. It didn't matter; you had to do either a repair or a restore.

In Exchange Server 2003 Service Pack 1, we have changed the checksum format so that we can now not only detect, but also correct errors that affect only a single-bit in the database page. That means the database is comprised of a number of 4-KB pages throughout, and each and every 4-KB page has an independent checksum. And now Service Pack 1 has an independent ECC as well. So if you have an error that would lead to a -1018 prior to SP1, we may well be able to repair that error with SP1.

This is important. Some research that we had come back, looking through -1018 cases, indicated that of the -1018 errors we see in PSS, something like 40 percent of these errors were single-bit errors that would have been correctable with this updated error correction code. This is wonderful. It means that you will potentially be able to survive the beginning stages of a hardware malfunction, without having to repair or restore the database and incur downtime. At the same time, it will still give you notification that you are having problems and that it was able to correct the problems. So you'll have indications that there is an impending hardware failure.

The database automatically will upgrade to the new version. It won't happen all at once. The individual pages will only be upgraded as they are written back into the database. When you read back the page and make a change to it by changing the message or sending a new message, for instance, these things will all cause the new pages to be written with the updated error correction code. You can force the whole database to be upgraded all at once by doing an offline defrag in the database.

(Slide 12) There are some other ESE database changes in Exchange 2003 Service Pack 1. One big change is we have faster log file replay. This means that if you perform a very large restore, and you have potentially thousands of transaction log files that need to be replayed, when you finish that restore and it tries to begin replaying those log files, you will see that the process of playing through the log files is now both faster overall, as well as more consistent in its speed. So this can make a very big difference, in terms of potentially a 10-fold increase in performance, while restoring thousands and thousands of log files.

Also, you'll want to know that the database cache is now allocated as private bytes instead of mapped bytes. This means that the Store.exe process will look like it's using more memory. All of the database cache lives within that Store.exe virtual address space. The algorithm that's used depends somewhat on the physical memory that's in your machine. But potentially you'll see the Store.exe process using up to 900+ MB of additional memory.

If you have monitoring programs that are triggering based on Store.exe private byte memory usage, you'll potentially hit thresholds and throw alerts due to this change. I know, for instance, we saw this with SBS, which had some monitoring built in that triggers based on the increase that we see with Service Pack 1.

(Slide 13) Moving on, that's pretty much the overview of the SP1 features that we're going to talk about. Let's talk now about some of the Web Release 1 features.

The original Exchange Web release was released at the same time as the release of Exchange Server 2003 RTM, about a year ago. WR1 provides several additional new tools and updates to several existing tools.

The first tool we're going to talk about is the Exchange Domain Rename Fixup tool. This lets in a Windows Server 2003 forest. You can now run the RENDOM utility. This is the domain rename tool provided by Windows Server. After running this tool, the Exchange Domain Rename Fixup tool will let you fix the various attributes in the Active Directory that Exchange needs to have modified after the domain rename.

There are some limitations to this. For instance, it's Exchange Server 2003 only, and it requires native mode Exchange. It runs after most of the domain rename has been fully completed. So as you run through the Windows domain rename process, toward the end of that process, after you've actually done the domain rename, any time after that point, you can run the Exchange Domain Rename Fixup tool.

It can't be run if any Exchange Server is installed on a domain controller. So there are some limitations to this. You'll want to take a look at the documentation that ships with the Exchange Domain Rename Fixup tool in the Web download. You may also want to see Steve Schiemann's WebCast for more details. You can refer to that WebCast at KB article 838623.

(Slide 14) In Outlook Web Access, with the release of Exchange Server 2003, there are many new registry settings that control Outlook Web Access settings. There are many new Outlook Web Access settings, like the S/MIME control and the spelling checker. There are just a whole bunch of different things that were released with Exchange Server 2003 RTM. And there are some new ones in SP1 as well.

What we've done for the Web Release 1 is we've provided a Web administration tool to configure Outlook Web Access settings per server. We did this because it's scary and inconvenient to set these various settings using Regedit. There were several dozen different settings that could be configured, and to configure them you'd have to go in with Regedit. So this new tool puts a Web-based interface on the process of setting these registry keys. That way you can ensure that you're setting the right registry key and putting the right value into the registry key.

Principally, there are a bunch of different things you can set with this Web administration tool, but two of the big things that you may be interested in looking at are that you can set server default themes. These are enforced mandatory themes per server through the interface. Also, you can use this interface to configure server-wide feature supports, also known as server-wide segmentation. This is if you wanted to disable the spelling checker for all users on a server, or something like that. It lets you control the various features at a per-server level.

(Slide 15) Next is the Auto Accept Agent. The Auto Accept Agent is a new tool that automatically processes meeting requests sent to a resource mailbox. It will accept or decline these meeting requests automatically. The decision of whether to accept or decline these meeting requests sent to a resource mailbox is based on the calendar data, not Free/Busy. So it's more accurate than some methods out there.

It's higher performance and more flexible than the legacy Exchange event scripts running in the Exchange event script service. There are a number of different ways to do resource booking with Exchange Server, from Exchange 5.5 straight up through Exchange 2003, and each of them have some positives and some negatives. And this Auto Accept Agent is produced so that we can try to eliminate as many of the negatives as possible and provide a very flexible, powerful, and scalable tool to do resource booking on an Exchange 2003 server.

There's a very good deployment guide that's available for the Auto Accept Agent. So if you're considering this tool, you may want to have a look at that deployment guide to get familiar with the features.

(Slide 16) There are some new transport features in the 2003 Web release. The first one listed here is badmail deletion and archiving. This is a script, Badmailadmin.wsf. It has some command-line options. This script lets you automatically delete or archive files in the Badmail directory of your SMTP virtual servers.

As you may know, the Badmail directory will just keep building up and up and up until it takes up as much space as it needs. Nothing ever gets deleted from the Badmail folder, unless it is manually done.

This script gives you a great deal of flexibility in scheduling. You can schedule it as a task. You can control a number of different aspects of the badmail deletion or archiving. It will let you schedule an automated process that will keep that Badmail directory under control, so that it won't keep growing and growing.

There's also e-mail journaling advanced configuration. This is functionality that captures recipients on expanded distribution lists and BCC recipients. When using the envelope journaling functionality and Exchange Server 2003 Service Pack 1, it will let you journal the information. The envelop journaling functionality will collect all the information on the various recipients of the message, attach the original message as an attachment, and then journal it.

There is a "Journaling Exchange Server 2003" guide in the Exchange 2003 technical library (http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/default.mspx). That will talk in more detail about how to set this up and what it's useful for. Part of setting that up now, with the Web release, is an updated tool that will configure part of it for you.

(Slide 17) Another important feature that released with the Exchange Server 2003 Web release, at the end of May, is the Intelligent Message Filter. This is a filter that will work together with the various other filtering methods, principally introduced in Exchange Server 2003, to prevent receipt of unsolicited commercial e-mail, otherwise referred to as spam.

The other filtering methods, of course, would be things like connection filtering, recipient filtering, or sender filtering. The Intelligent Message Filter, sometimes referred to as content filtering, is designed to work in tandem with these other filtering methods.

IMF should be loaded on your mail bridgeheads. These are the servers that take the mail inbound from the Internet. Those are the servers where the IMF should be loaded. It does not need to be loaded on your mailbox servers. There is a server-side, mailbox store-side action, but you don't need to have the IMF loaded on the mailbox store to make that work. We'll talk about that in a minute.

The IMF processes the content of the messages as messages arrive from the Internet. IMF stamps a Spam Confidence Level (SCL) onto the inbound messages. If you look at the SCL, low SCL numbers like 1, 2, or 3, tell you that the message is unlikely to be unsolicited commercial e-mail. A high SCL value means that the message is quite likely to be unsolicited commercial e-mail. That would be a 7, 8, or 9 SCL, potentially.

Just so you know, SCL is the Spam Confidence Level, and it is defined in MSDN®, if you'd like more information on it. It's not specific to IMF.

(Slide 18) After we've processed the content of the message inbound from the Internet and we've stamped an SCL on the message, there are two different thresholds that can be configured through the IMF interface. There is a gateway threshold. The gateway threshold will allow you to, based on the comparative value of the SCL and the threshold, if the SCL exceeds the threshold or equals the gateway threshold-for instance, if your threshold is set to 8 for the gateway, and your SCL comes in as 8 or 9-then you can configure a gateway action.

There are four different gateway actions that are available through the interface. You can delete the message. In that case, you're telling the sender that you're accepting the message, and then you just delete it without delivering it. You can archive the message to a directory in the file system. So you tell the sender you'll receive the message and then send it to the file system. You can reject the message, which will tell the sender that we don't want the message; we're not willing to accept it. Or you can take no action, in which case we just stamp the SCL on the message, and let it pass on through the rest of your organization.

By default, the settings are gateway, threshold of 8, and an action setting of no action. So nothing will happen at the gateway, apart from stamping that SCL on the message with the default configuration.

If the message makes it past the gateway, and it transits the rest of your network until it hits the mailbox store, if it is an Exchange 2003 or Exchange 2003 Service Pack 1 store, then when it hits the Inbox of the recipient, it will be evaluated again by an extended rule inside that Inbox. And depending on the configuration setting for the store threshold, if the SCL stamped on the message exceeds the store threshold, it will be moved into the Junk E-mail folder. If it is less than or equal to the store threshold, it will be dumped in the Inbox.

It's important to note that the GUI is misleading and wrong on this one. The GUI implies that if it is greater than or equal to the store threshold, it will move the message to the Junk e-mail folder. In fact, it is actually based on being simply greater than. Equal to does not meet the criteria.

Note that this is done by a server-side extended rule, which is not part of the 32-KB rules used within Outlook. It does, however, require some interaction with Outlook, and we'll talk about that on the next slide.

If you are using the Archive action-there was a posting to the Exchange blog, the link for which we'll have at the end in the references-there is a tool that's been put together called the IMF Archive Manager (IMFAM) tool. That tool lets you take a look at all of the messages that have been dumped into your Archive directory. You can resubmit the messages. You can send them for reporting, if you have a spam vendor that you work with for message reporting. It will let you review those messages through a nice tree view interface, before deleting or resubmitting them.

Note also that you can save an x-scl header on the messages in the Archive directory, if you configure the ArchiveSCL registry key. This registry key, along with other configuration information, is discussed in the IMF deployment guide, which is available for download in the same place as the IMF tool.

(Slide 19) I mentioned earlier, Outlook 2003 Junk E-mail settings interoperate with IMF a bit. If you configure Outlook 2003 Junk E-mail settings, you can potentially override the store action threshold. It will have no effect on the gateway threshold. But on the store action threshold, for instance, if you configure Safe Senders, that will override the server-side store action settings. Similarly, if you configure these things within Outlook Web Access 2003, you can configure the Junk E-mail settings.

Note that the Junk E-mail settings won't work unless you've connected and enabled the junk e-mail filtering with either Outlook 2003 or with Outlook Web Access 2003. They also won't work if your back-end server is not an Exchange 2003 or newer server. So if your mailbox store is an Exchange 2000 mailbox store, then you won't be able to do the server-side filtering.

It gets a little confusing, because there is also Outlook 2003 client-side filtering, which is totally separate and doesn't rely on the SCL setting determined by the IMF. So depending on which configuration you have, in terms of Outlook client version and Exchange client version, you may see slightly different behavior.

Inside the Microsoft Exchange Intelligent Message Filter Deployment Guide, there is a section that recommends how to set your thresholds based on Performance Monitor counters. What you'll want to do is follow the steps inside that deployment guide to determine what the appropriate thresholds are for your environment. Basically, the gist of it is to make sure that the threshold is set above the highest SCL of legitimate messages. That way you won't be causing any false positives, messages that are not spam but that it believes are spam. You want to make sure that those all get through.

Note also that the Performance Monitor counters only appear after messages have been processed by the IMF. So if you install the IMF and immediately look for the Performance Monitor counters, you will not find them.

There is a frequently asked questions Knowledge Base article about the IMF. I anticipate it coming out fairly soon. There are a number of things that people have seen. We've seen these in the newsgroups, and they've been reported to PSS. So we'll talk about a couple of them quickly.

When you install the IMF, it sets some configuration settings inside the Active Directory. These configuration settings won't be read by the store until the store is restarted, if they were not already present in the Active Directory. So if you install your first IMF and you've never configured the IMF before, the store won't behave correctly, in terms of the store action threshold, until you've restarted that store. And it can re-read those settings from the Active Directory.

Also, currently it doesn't work with the POP3 connector for SBS. You'll find that the way that the POP3 submits messages bypasses the IMF. Also, it's good to know that with connection filtering, one of the other filtering options provided with Exchange Server 2003, you can actually configure a specific list of allowed IP addresses. These allowed IP addresses will be white-listed for IMF. IMF won't scan the messages that come from these IP addresses intentionally.

(Slide 20) Some additional resources; we've referred to a number of these throughout the presentation. At the same time that Exchange Server 2003 Service Pack 1 released, along with the Web Release 1, there were a number of updated and some new Exchange 2003 documents added to the Exchange 2003 technical library (http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/default.mspx). So if you haven't taken a look at the top four, the planning guide, the administration guide, the deployment guide, and the what's new guide, take a look at those. They've been updated for additional information with regard to Service Pack 1.

Additionally, there are a number of new documents, like the high-availability guide. There's a new disaster recovery guide for Exchange 2003. There are several documents out there that have been either updated or added at this point. So you may want to take a look at that set of documentation. There's a lot of good information in there.

Also, another good resource, the Exchange product development team has been running a blog now for several months. The blog is the http://blogs.msdn.com/exchange location. This blog gets fairly regular postings. Sometimes the postings are great, historical "Why this decision was made" sorts of information, and sometimes it's great technical insight into a problem that you may be having. So I highly recommend that you take a look at the Exchange blog, if you get an opportunity.

The final reference link listed here is the list of fixes in Exchange Server 2003 Service Pack 1. It's a big, long link. You may want to download the PowerPoint and cut and paste it, if you don't find this link elsewhere. This link, in addition to KB article 843363, will provide you information on the various fixes that are in Exchange Server 2003 Service Pack 1.

You'll see that most of the things we talked about today are not listed in there. The things that we talked about today are principally the features. You may also notice that the list is kind of short. It's a fairly abbreviated list. The KB articles about the various fixes are still slowly trickling out, so you'll see that get longer as the days go on, after Service Pack 1 is released.

That leads us to the very end of the event, and into the question-and-answer session.

Zherina Salamanca: At this point we'd like to hear from you, our listeners, about this topic on Microsoft Exchange Server 2003 SP1. Nino Bilic will be joining us to answer questions as well.

If you find that you need more complex technical assistance that might be outside of the scope of this discussion, go to support.microsoft.com/, or call Microsoft Product Support Services directly to speak to a support professional.

If you would like more information on future Support WebCasts, or to review any of our sessions on-demand, visit our main Support WebCast site at support.microsoft.com/webcasts/. For this particular session, you'll find a downloadable version of the slides and on-demand streaming media within 24 hours, and a full written transcript within three weeks. The KB article number for this session is 839816. With that, let's answer some questions submitted during the slide presentation.

Our first question is: When will a list of bugs fixed in SP1 be made available? It looks like this person saw some articles on our Microsoft Support site on the Exchange 2003 SP1 page.

Evan: I can address that. Basically, the list is already out there. The reference on the last slide lists some of them, and there is the KB article that I mentioned as well. It's 843363. Those are the official lists of bug fixes that are included in Service Pack 1. There are a number of things listed in there right now, and it's an ever-growing list. So you'll see that more and more things are coming along. If there's a specific feature that you're interested in knowing whether or not it's included, perhaps you can submit another question and we can get back to you with that information directly.

Zherina: We have a listener who asks: Many sites are apparently getting an error during the upgrade, while registering the E2kdsn.dll. Is this a known issue?

Evan: I haven't specifically heard of that issue, but one thing that may be causing that is sometimes when we do have problems registering various .dll files during a service pack upgrade, it's because there is an old .dll in a wrong directory, in the path somewhere. In this customer's case, I'd suggest that you verify that there is no Exchmem.dll. There are several core .dll files that are used by a lot of other .dll files. Make sure that there is no older version of these core .dll files sitting in, say, the System32 directory or something. But specifically, no, I haven't seen a widespread issue with that.

Zherina: Does DU4 need to be installed manually, or is it part of the SP1 installation?

Evan: DU4 is actually part of the SP1 installation.

Zherina: Is the managed RPC/HTTP topology the only feature of Exchange 2003 SP1 that cannot be configured for a single-server environment? Or do all features require separate front-end and back-end servers?

Evan: I believe the only thing that explicitly requires the front-end/back-end for it to function is the managed topology. And that's because there's that separation of roles between the front-end server and the back-end server. I can't think of anything else offhand that has that firm requirement. Although, some of the things like IMF, for instance, may have the recommendation that they be separated out to a front-end server.

Nino, can you think of anything?

Nino Bilic: No. I would definitely agree with you.

Zherina: We have a listener who wants to know: How do you get the notification you referred to as event logging?

Evan: I'm not sure I understand that question.

Zherina: Can that listener resubmit or clarify your question? Then we'll see if we can have Evan and Nino answer that.

I'm not quite sure what the listener is asking here. He has a question about an error, SDPROP Event ID: 2008, and the system is in native mode.

Evan: It sounds to me like perhaps the customer is having a specific issue. You may want to call PSS with that one. I haven't heard of any widespread issues that relate to that event ID. If you have more detail, you could resubmit the question and perhaps we could address it.

Zherina: Regarding ADC tools, do we need to update the tool on our DC/GC if we have them established? And if so, will our existing CAs need to be re-created?

Evan: I think this question is asking is about updating the ADC version to Service Pack 1. The ADC doesn't have to run, of course, on a DC/GC, but potentially, if that's where it's running, you don't have to do it, unless you're doing things like site consolidation, which we didn't talk about at all in this WebCast.

But there are some advantages to upgrading your ADC to SP1. There are a number of fixes inside the ADC and the ADC tools, particularly the feature we talked about with regard to creating your CAs. But if you already have established connection agreements, that may or may not be a benefit to you. There are some additional fixes in the ADC, in Service Pack 1, that may be worthwhile. And you would want to probably update that if you had a choice.

As to whether or not you'd have to re-create your CAs: no, you wouldn't. If you have existing CAs that are properly configured, then it would simply be a matter of running the setup for the ADC and choosing the reinstall option with the Service Pack 1 binaries. It would overwrite your binaries with the updated version.

Zherina: During the recent domain rename WebCast, I believe this listener is referring to WebCast KB article 838623, with Steve Schiemann on June 8, the presenter said the XDR-Fixup utility is independent of SP1. Is this true, or does the XDR-Fixup utility requires SP1?

Evan: That's an excellent observation, and it bears talking about for a moment. The domain rename tool, along with pretty much all of the other Web release tools, are independent of Service Pack 1. So if you were using the domain rename tool, the Auto Accept Agent, the IMF, all of these various Web release tools are not tied to Service Pack 1.

If you want to download those tools and use them with Exchange 2003, the original RTM release from a year ago, it will work in those environments as well. So to the customer's specific question, it does not require Service Pack 1. It only requires Exchange 2003.

Zherina: What ports need to be open on the firewall between the front-end and back-end Exchange 2003 servers, both with SP1, if the front-end server is an OS server?

Evan: There is a KB article that talks about the various ports that need to be opened, but I would just like to interject a comment on this. The guidance on separating front-end servers and back-end servers with a firewall has sort of changed over the last couple of years. I don't believe it's recommended, at this point, to have front-end servers separated from your production network by a firewall. I believe the prescribed way of doing that now is to put a reverse proxy in the perimeter network, and keep the front-end server and back-end server on your production network. Is that what you recall, Nino?

Nino: Yes. We do have some documentation that talks about different scenarios for how the front-end and back-end can be deployed. I would suggest checking the Using Microsoft Exchange 2000 Front-End Servers white paper that has recently been updated (326276).

It talks about several scenarios, and one of them is the front-end server in a perimeter network, which means that it has a firewall on both sides. Generally speaking, yes, reverse proxy is a better solution. But it might be a little bit outside of what the question was.

Zherina: Does the Auto Accept Agent require the individual booking a meeting to have edit permissions to the calendar?

Evan: No it doesn't, and that's actually one of the advantages of the Auto Accept Agent. The Auto Accept Agent has its own set of permissions to the resource mailbox. What those permissions are depends on several different things that you determine while you're configuring the Auto Accept Agent. But generally, the organizer of the meeting doesn't require specific permissions on the resource mailbox.

Zherina: Then we have a listener asking for specific documentation for the SP1 Auto Accept Agent. Where can I find a single article describing all SP1 changes in detail?

Evan: It sounds like that's actually two different questions. The first question, specific documentation for the SP1 Auto Accept Agent, that's going to be in the Auto Accept Agent Deployment and Administration Guide. There are links to it, I believe, both from the download for the Auto Accept Agent tool as well as directly from the Exchange Server 2003 technical library (http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/default.mspx). It's a very good guide that goes over the deployment of the tool, the configuration of the tool, and administration of the tool.

Then to the question, where can I find a single article? There isn't really a single KB article, for instance, that describes all of the SP1 changes in detail. There is a reference that we mentioned in the resources slide that talks about KB 843363; that's the list of fixes. That's, like I said, an ever-growing list of fixes, as the KB articles become public.

If you're looking for just more specific information on the features, I would highly recommend that you take a look at the four core documents in the Exchange Server 2003 technical library. That would be the planning guide, deployment guide, administration guide, and particularly the what's new guide, where there is a bit of information on pretty much all of the things we've talked about today.

Zherina: [Is there] any spam filter and virus protection that Microsoft would recommend, preferably that already has hooks in the program? Do you have any ideas about that?

Evan: Obviously, the spam filter that I would recommend would be the Intelligent Message Filter that we talked about at the end of the presentation today. There are a lot of other solutions out there from third-party vendors. I can't really say one way or the other what's good and what's not. But there are a lot of other solutions out there you may want to consider.

Zherina: Does the spam filtering that's built in learn from the badmail journaling?

Evan: No. What the individual is asking is if the spam filtering in the IMF adjusts based on messages in the Badmail folder, and it does not. It uses Microsoft Research SmartScreen™ spam filtering technology. It's the same basic technology that's used by MSN®, Hotmail ®, and Outlook. It's used across the various Microsoft products to deal with spam identification.

Zherina: Why isn't IMF supported on clusters?

Evan: There are two different answers to this question. It's not supported on clusters from a technical standpoint, because the way the SMTP protocol virtual server works, uncluster is different than the nonclustered server, and the bindings are incompatible.

I guess at even a higher level, it doesn't work on clustering because in most cases, customers would not be running clustered servers as their bridgeheads, and IMF is designed to run on bridgehead servers rather than on mailbox servers.

Zherina: How do I read or consult the SCL rating of a particular message?

Evan: There are a couple of different ways to do that. If you are doing gateway archiving, you can configure that ArchiveSCL registry key, which will attach the SCL value to the message in the archive directory. That will, however, only show you messages that exceed the gateway threshold.

You may also want to have a look at the Exchange blog in http://blogs.msdn.com/exchange. Back at the end of May, right about the time Service Pack 1 and Web Release 1 came out, there were several postings on the blog that walked you through, step-by-step, how to configure Outlook or Outlook Web Access to view the SCL on messages that have arrived into your Inbox or junk mail folder.

Zherina: Is WR1 part of SP1? What's the difference?

Evan: WR1 is sort of a parallel release to SP1. Again, Service Pack 1 is the core Exchange binaries in the ADC. It updates the Exchange System Manager, the store, the directory components, all of the various core functions of Exchange. That's the same sort of service pack that we've always released for Exchange.

The Web release tools are separate downloads that are not necessarily dependent on Service Pack 1. For instance, the Exchange Domain Rename Fixup tool, it's not really SP1. It just released on the same schedule as SP1. The Auto Accept Agent, it's not part of SP1; it just released on the same schedule.

These are traditionally things that would have released on the CD. But, as you may recall, starting with Exchange Server 2003, they don't ship on the CD any longer. They're now available for download over the Web, so that they can be updated more dynamically.

Zherina: Will client certificates ever be supported for RPC/HTTP to authenticate the machine in addition to the user?

Evan: I can't really say in terms of the future support. It doesn't let you do that now. But perhaps it will in the future. I don't know.

Zherina: This listener says: How can I configure RPC/HTTP on a single server? Do you have any articles on that?

Evan: I believe that's covered in the RPC over HTTP Deployment Scenarios Guide. We can verify that and confirm, and post whatever links we can find into the transcript.

Follow-up answer: RPC/HTTP single server is covered in the RPC-over-HTTP scenarios guide (http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3rpc.mspx).

Zherina: We'll take that question offline. Can we know what devices have been added for Device Update 4 on OMA?

Evan: That's another one. Let's take a note to see if we can get information on that into the transcript. I don't have the list at my fingertips.

Follow-up answer: A device list is available at: http://www.microsoft.com/exchange/techinfo/outlook/OWA_Mobile.asp.

Zherina: The next question: Does Exchange Server 2003 SP1 provide any enhancements like RPC thread prioritization for prioritizing RPC requests from online MAPI clients over a background sync or requests from cache-mode clients?

Evan: Do you have any thoughts on that one, Nino?

Nino: I actually do not know. I have not heard of this. I think we're going to have to follow up.

Evan: I don't believe that it does, but let's get an absolute answer for the transcript.

Zherina: What is a best practice setup for IMF on a single Exchange 2003 server?

Evan: There are a couple of different ways to take that question. It's actually quite simple if you have a single Exchange 2003 server, because if you just have a single Exchange 2003 server, that server will most likely function both as your Internet gateway and as your mailbox store, so all of the configuration would be local on that box. You could probably just install the IMF, and you'd follow the same guidance in terms of setting your gateway and store thresholds, and your gateway action that you would follow if you had multiple servers. You'd want to consult the IMF deployment guide to get to those exact steps.

Zherina: We have a listener who says: I had McAfee SpamKiller installed on my Exchange 2003 server. After installing IMF, no junk e-mail was moved to the user's Junk E-mail folder. Is IMF compatible with third-party spam filtering solutions?

Evan: It's intended to be compatible, and if it's not, you may want to open a support incident either with Microsoft or with McAfee, or both, to try to figure out what's going on in your specific case. I haven't heard that that's the case, broadly.

Zherina: Does the IMF use a blocklist to update ACLs?

Evan: In terms of IMF, it was probably referring to SCLs. I guess the question, reworded, is "Does the IMF use a blocklist or update dynamically to deal with SCLs?" And it doesn't. The IMF uses the Microsoft Research SpamScreen technology, which is kind of a black box in terms of how it actually works. It's not updated dynamically based on the machine learning.

Zherina: In what order do you add the SP1 and WR1 releases to Exchange 2003?

Evan: SP1 is going to be the consolidated upgrade for Service Pack 1. When and which Web release downloads you would apply would depend on your environment. You could install the Auto Accept Agent, for instance, before you install SP1, or after. It's immaterial. You would only install the Web release components that you would be using, however; whereas you'd apply the whole of SP1.

Zherina: I noticed that when I added SP1 to my clustered environment, it erased my certificates. Do you have any ideas about that?

Evan: That's one that I have not heard. I know that in at least some environments the upgrade to Service Pack 1 has proceeded without that being the case. There are, potentially, a lot of things that might have gone on that caused it to either affect the search or appear to affect the search, and it depends on things that we probably can't get into, in the scope of this WebCast. You may want to open an incident with PSS to see if they can help you troubleshoot that.

Zherina: Is IMF only included in WR1? And if so, can you apply IMF to the non-Web release of SP1?

Evan: IMF is only available for download as a Web release tool. So if you go out to the Web site, you'll find it listed under the Web release. It doesn't have any sort of dependency on any of the other Web release tools.

Remember, Service Pack 1 is the consolidated service pack, and the Web release tools are a bunch of independent tools that you can choose individually, ad hoc, to apply to your various servers. There are no prerequisites that certain Web release tool be installed to use, say, IMF.

Zherina: The OWA Web admin allows the configuration of OWA via the Web. What about allowing it to general Exchange admins, that is Exchange System Manager, be a Web. Will that ever be available?

Evan: I can't really speak, again, to the future plans for the product. It's something that I know people have requested. What I would suggest that you do, if that's something that would aid you in troubleshooting and administering your server, is send that information to the mswish@microsoft.com, so it can be evaluated by the product group.

Zherina: Where can I find the new OWA admin tools?

Evan: The new OWA admin tools are actually available for download from the Web release. So if you go out to www.microsoft.com/exchange, in the right panel there will be an Exchange Server 2003 tools link. There are several ways to get to it. But at the end you'll find a list of all of the Web release tools that are available, some of which have been updated, some of which have not at the same time as Service Pack 1. And the OWA admin tool is out in that list.

Zherina: Does SP1 include the tools in the ExAll in one toolset? It looks like he's referring to ExAllTools.exe.

Evan: Again, the tools that are in the ExAllTools download, that's basically a rollup of all of the Web release tools. So if you download the ExAllTools, what you're really doing is downloading all of the individual Web release tools as a single download. Because the Service Pack 1 release is independent, and the Web Release 1 files are independent of Service Pack 1, SP1 doesn't include any of the tools that are in that ExAllTools. That's just a shortcut to download all of the Web release tools, instead of having to click each one individually.

Zherina: I noticed that Mailbox Manager will send user notification even if no messages are moved. This differs from Exchange 5.5, where user notification was only sent if messages were actually moved. Do you have any ideas about that?

Evan: I'm not sure about that one. Nino, have you seen that behavior?

Nino: No, I'm not sure. But I believe this is actually the same behavior that we've been seeing in Exchange 2000. We can look into if there is some specific documentation on it, but I don't think this has changed with SP1.

Evan: Yes. I don't think it's new in SP1.

Nino: We could follow-up on the second part of the question offline.

Zherina: Okay. How do you install a Windows XP client to get the new System Manager tool?

Evan: I guess the question here is about the Exchange System Manager for Service Pack 1. If you have a Windows XP client, you would need to install the Exchange 2003 Exchange System Manager from a year ago, from the RTM, and that should install just fine. At one time there was an issue with installing Exchange 2000 System Manager, but Exchange 2003 System Manager will install just fine on Windows XP clients. Then you'll just run the Update.exe to update the Exchange System Manager files to Service Pack 1, just like you would on a server.

Zherina: Can SP1 be slipstreamed to install a new server?

Evan: No, it can't. It's the same exact behavior that we had with Exchange 2000 service packs. You'll need to apply the Exchange 2003 release, and then follow it up with whatever the latest service pack is.

Zherina: Then we have a listener who asks: Is this product going to be user friendly? It looks like he's a beginning server developer, and he was wondering if someone, for example his brother, could just go out and pick this product up and begin using it. Or would a person need to be fairly knowledgeable with Microsoft Exchange Server 2003?

So how user-friendly is it going to be?

Evan: I would say I consider it quite user friendly, but perhaps that's a bit biased. The Service Pack 1 release isn't going to be dramatically better or worse than the RTM, the release from a year ago. A couple of the features that we talked about, things like the Recover Mailbox Data Wizard that's been integrated into the Exchange System Manager GUI, things like that will make it potentially more user friendly. But it's going to be roughly equivalent to what you'd see with Exchange 2003.

Zherina: Can you talk about the ADC upgrade and any attributes added to either Exchange 5.5 or Active Directory after the upgrade?

Evan: If this is referring perhaps to schema changes, there aren't any schema changes in Service Pack 1. So whatever we had with Exchange Server 2003 would be the equivalent with Exchange Server 2003 Service Pack 1.

Zherina: Are there any snapshot/shadow copy enhancements being made with SP1?

Evan: Absolutely, and that's a good point. There is one change that we have in Service Pack 1 with VSS snapshots, the ability to now snapshot differential and incremental backups. Whereas with Exchange Server 2003, it was only copies and normal full backups. With Service Pack 1, with VSS, we can now do differential and incremental snapshots.

Zherina: I have been getting many errors regarding the offline address book after migrating from Exchange 2000. Are there known issues with this?

Evan: In fact, in Exchange Server 2003, and even more in Exchange 2003 Service Pack 1, there were a number of changes to the way offline address book generation works. But perhaps the issue is with the download. We'd really need more information to go on to try and troubleshoot that. But there's nothing specific that has gotten worse, that I'm aware of, in Exchange 2003 or SP1. In both cases, it should be more reliable in Exchange 2003 and SP1.

Zherina: Microsoft advertises that SP1 will fix -1018 errors by flipping bits, but is it wise to leave with a -1018 error in your database? Does is really fix it, or is it more tolerant?

Evan: That's actually an excellent point. If you're getting -1018 errors in your database, whether or not the updates in Service Pack 1 are able to resolve that issue for you, whether we can correct it by fixing the single-bit error, you still have a hardware problem.

What the functionality in Service Pack 1 allows you to do is realize that you have a problem before any data has been lost. So, again, that's what I was saying in that section of the presentation. If you get errors that indicate that we have found single-bit errors and corrected them, consider that your warning that something is going wrong.

The advantage with the Service Pack 1 is that it will allow you to still get good backups and still get correct access to your data, as long as it's only single-bit corruption. But if you're getting single-bit corruption, that is a likely indicator that there is something going wrong with your hardware, and you should you probably begin doing the diagnostics sooner rather than later.

Nino: If I could add one thing to this, there are some new events that we're going to be logging that you can also monitor. In the case that the database engine notices that there is a problem with the page, it will actually log an Event ID 398. If the database engine corrects the page using this new mechanism, we're going to be logging Event ID 399. So this is something that can also be used as an indication, and can be monitored, in case you start getting 398s and 399s. This is something that previous to SP1 would potentially take your database down. But in this case, the database can keep going if there were a single-bit problem. However, you know that you now have to do something about it.

Evan: Yes. I believe that the MOM Management Pack for Exchange Server 2003, which was also updated and is available as a Web release download, has been updated to account for these new events. So if you're using MOM for your monitoring, you'll be notified that you're having these single-bit failures.

Zherina: Has the IPM.Note/IPM.Post issue in public folders been addressed in SP1?

Evan: I believe this is the issue where messages that arrive in public folders come in as posts, if they're coming from the Internet, rather than as notes. So they don't look like messages, they look like posts. The fix that was introduced in Exchange 2003 post-SP3 did not make it in time for the Exchange Server 2003 release. But that fix has now been integrated into Exchange 2003 SP1. So if you're using that registry key to override the behavior and make those messages come in as notes, then that will now work with SP1.

Nino: Check Knowledge Base article 832492, because that is the Knowledge Base article that talks about the exact registry key that Evan mentioned.

Zherina: Will RPC/HTTP ever be available to Windows 2000 Professional clients?

Evan: It's hard to say with any certainty. It's sort of like the other futures questions that I couldn't really answer earlier. I highly doubt it, but anything is possible.

Zherina: Is there a recommended order for applying SP1, that is front-end first, back-end second, etc? What about SRS servers and servers running ADCs?

Evan: The only one that we actually enforce, of the list that was asked, is the front-end server first. Just like we had a limitation in Exchange 2000, if you have front-end servers in the same administrative group as some back-end servers, we're going to require that you upgrade your front-end servers to Service Pack 1 before you upgrade your back-end servers.

For all the other things, it doesn't really matter. It will kind of depend on what scenario you're trying to accomplish. For instance, if you're trying to perform site consolidation, you would have some incentive to upgrade your ADC servers perhaps earlier than some of your other servers. But there is no hard enforcement on which things are upgraded, apart from the front-end/back-end servers.

Nino: One more thing that I wanted to mention here is, and this has been mentioned before, it is important to understand that even if Exchange 2000 Server is running the ADC service, you still have to run the separate ADC SP1 setup to actually update the ADC component. So just running the SP1 for Exchange 2003 will upgrade your Exchange 2003 components, but it will not upgrade your ADC. You're going to have to run a separate ADC setup, which you will get after you download SP1 for Exchange 2003, to upgrade the ADC.

Evan: The interface is sometimes confusing if you haven't done it before. To upgrade the ADC, you'll need to run that setup inside the ADC folder, and then choose the reinstall option. The reinstall option will replace the released version of Exchange 2003 with the SP1 version of Exchange 2003.

Zherina: This listener has a question about any memory management improvements. I'm seeing paged pool exhaustion issues on a server that has heavy OWA usage, 1,000+ concurrent OWA users. OWA is running at /3gb /Userva=3030.

Evan: It sounds like this individual has gone through at least some of the tuning for virtual memory that we prescribe. There is a KB article that talks about all the various tuning recommendations. I don't have that article offhand. Nino, if you don't have it, we can make sure to add it in the transcript.

Nino: We're going to have to. I don't have it either.

Evan: We can add that in the transcript. There are some changes to memory management in Exchange 2003 Service Pack 1, but I don't have the specific changes offhand.

Zherina: What ports need to be open for Exchange 2003 to work in Active Directory, if the machine is in DMZ/firewall?

Evan: This is essentially the same question that we had earlier with regard to the front-end server being inside a DMZ. There is a KB article that talks about this, as well as the white paper that Nino referenced earlier.

Follow-up answer: Article 280132 talks about which ports to open to allow Exchange to function when separated from your production network by a firewall. Note that this is not the recommended configuration. Article 287646 talks about ways of using ISA as a reverse-proxy to provide more effective access to the services while still ensuring appropriate levels of security. This is generally much more effective than poking dozens of holes through your firewall.

Zherina: What is the required Exchange server setup to install Intelligent Message Filter on a server in the DMZ? This is referring to having a separate Exchange store on the LAN.

Evan: There are actually two parts to this. Obviously, for the IMF to work on a server in the DMZ, that server in the DMZ would also have to work. So that would be essentially the same as the question we just talked about a moment ago, in terms of which ports need to be open.

It's actually quite straightforward. After you have the IMF server installed on that gateway inside the DMZ, all of the store-side actions will pick up as soon as you restart the information store on the back end, if it's Exchange Server 2003 or SP1.

Zherina: SP1 came out with a suite of migration tools. Can you explain a little about these tools and how they compare to third-party migration tools that already exist?

Evan: I presume the migration tools that we're talking about are the cross-site mixed-mode site consolidation migration tools. We're going to have a whole, separate WebCast to talk just about that topic, because it's pretty big. It's too big a topic to cram into a couple of slides in this WebCast.

Zherina: How often will the IMF technology be updated? Will it be updated like virus-scanning software, as new spam techniques are discovered?

Evan: Nothing has really been announced one way or the other in terms of the IMF updates, how, when, and all that. There hasn't really been any announcement on that, so I'm not sure that I can answer that question.

Nino: My guess, and again, this is just a guess, is that IMF technology will be updated at certain points in time. But you should realize that IMF is not a "signature-based" scanner. So it does not have to be updated as new spam comes out; it's not like when a new virus would come out, and then your antivirus needs to be updated to actually recognize that particular virus. IMF doesn't use that kind of signature-based scanning, so it's not going to be updated as often as maybe some comparable product that's out on the market would have to be.

Zherina: Is there a new document for deploying Exchange 2003 SP clusters?

Evan: In the four core documents that we have in the Exchange technical library, particularly the deployment guide, because we're talking about deploying the clusters, there is an entire chapter on Exchange clustering deployment. In terms of deployment, Service Pack 1 doesn't really change too much from the way we did deployment with Exchange 2003, at least in terms of upgrading to Exchange 2003. So the deployment guide has a chapter on it that talks about some of the steps, and there's also a high-availability guide that talks about clustering, but it does not have quite as much technical information about the deployment, perhaps.

Specifically, there's a KB article that is in production right now. It should be out very shortly. It talks about the steps to perform the clustered upgrade from Exchange Server 2003 to Exchange Server 2003 Service Pack 1. The principal thing to be aware of is that the process of upgrading changed with Exchange Server 2003. When you do build upgrades to Exchange 2003, the release a year ago, we now have a new context menu option inside the Exchange cluster administrator tool that allows you to upgrade the Exchange virtual server. And the same function will need to be done for the Service Pack 1 upgrade.

So when you apply Service Pack 1 binaries to one of the nodes, you'll need to go through the process of moving the resources over. Some of the resources are online, some of the resources are offline, and you'll choose that "upgrade virtual server" option. It's going to be the same basic set of steps that you would perform if you were upgrading to Exchange Server 2003. Like I said, there will be a KB article on this very shortly, and it's been blogged about a bit out there. So the information is out there.

Zherina: By default, resource mailboxes can be configured for meeting conflict resolution. We've been doing this since running Outlook 2000 on Exchange 5.5. What improvements does the Auto Accept Agent offer? Is this agent part of the core Exchange software?

Evan: The Auto Accept Agent actually provides a couple of potential improvements over the direct booking feature. There are some issues in terms of what permissions need to be granted to the mailbox. There are some issues in terms of client versions that are required to make it work. And those are not a factor with the Auto Accept Agent.

If the direct booking is working for you today, then perhaps that would be the way that you'd want to continue going, and the Auto Accept Agent may not be appropriate for you. But the Auto Accept Agent is highly scalable and it is highly configurable. It eliminates some of the negatives that historically have plagued the direct booking.

As to whether it's part of the core Exchange software, it's actually a Web release component, which means that it's not part of the service pack. It's not a core Exchange binary, but it is supported. It's a supported release developed by the product group. So if there are problems with it, they'll be able to provide hotfixes for it and that sort of thing. We can presume that it will be kept up-to-date, but there is no way that we could say for certain if that's the case.

Nino: I guess the best answer on functionality, in your specific situation, is to test the functionality of Auto Accept Agent, as opposed to what you have now, and see if the Auto Accept Agent brings in new functionality that is better for your organization.

Zherina: You talked about a script for badmail cleanup. Is this part of Web Release 1?

Evan: The badmail deletion and archiving script is part of the Web Release 1. So yes, if you go out to the Exchange tools download Web site (http://www.microsoft.com/exchange/downloads/2003.asp), you'll see that the Badmail Deletion and Archiving script is available for download.

Zherina: About RPC/HTTP, does SP1 support UPN authentication, or will it be supported in the future? Do you know anything about that?

Evan: My understanding about the UPN authentication is that it's not a limitation of Exchange. It's a limitation of the client-side operating system. I believe that is something that is fixed with Windows XP SP2.

Nino: I believe you are correct, Evan, but I think I read something about that, too, but I guess we can follow-up on that one.

Evan: Yes. There is nothing specific in Exchange 2003 Service Pack 1 that will make it start working. It's actually a change in the client-side operating system, and we'll confirm that for the transcript.

Zherina: Is it possible to have users log on to one OWA and get access to their mailbox, even if the user's mailbox is on another Exchange server?

Evan: I think what this is talking about is the front-end/back-end scenario. Potentially, yes, if your mailbox is on a back-end server, and you want to be able to talk to a different server to get your OWA - for instance, if you only want to expose one server to the Internet or something along those lines - what the front-end/back-end scenario would let you do is configure this one specific server to be a front-end server that has no mailboxes on it. Then when you talk to that server, it will proxy your Outlook Web Access to the back-end server. So then you would talk just to that front-end server, even though your mailbox is on a different back-end.

Nino: That would hold true even if the mailboxes are moved between back-end servers. At that point, it doesn't really matter. The front-end server is going to take care of where the mailbox is. So the mailboxes do not have to stay on the same servers.

Zherina: Will SP1 help full-text indexing to work better with Outlook 2003 cached mode? When Outlook is in cached mode, it doesn't use FTI properly.

Evan: I'm not sure about that one. Nino, do you have any thoughts?

Nino: I was just searching to try to find some information on this, and I couldn't find any. I'm not sure. This is just not something that we have necessarily run into. I couldn't find anything. I would suggest maybe opening up a case on this to see what is going on. I couldn't find anything on it right now.

Zherina: With Exchange 2003 SP1, it should be possible to migrate a multi-site Exchange 5.5 network, 75 sites, through a single-site connection to Exchange 2003 SP1 server directory services. Is there further information how to do this on the Web?

Evan: I'm presuming that this question is in reference to the site consolidation, cross-site moves. Again, we're going to have a WebCast on this coming up in about a month or so. There is some information out there about this already. There are some KB articles that are slowly trickling out. Specifically, there is some information in the planning guide and in the deployment guide. They each have a chapter that talks about both the planning and the deployment for cross-site consolidation. Those are both inside the Exchange 2003 technical library (http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/default.mspx).

Zherina: Is the Exchange Profile Update Tool, Exprofre.exe, only included in WR1, and how does it differ from the Profmod.exe tool?

Evan: ExProfRe is included in Web Release 1. I'm not sure what the focus of the question is, saying, "Only included in WR1." That's the only way that I'm aware of that you can get it right now, is through the Web download.

It differs from the Profmod tool principally because it's very focused on either cross-forest or cross-site moves. I'm not tremendously familiar with the Profmod tool, so I can't speak to exactly what it does. But what the Profile Redirector tool does is update your existing profile. It doesn't create any new profiles. And it will update your profile to take into account the fact that your mailbox has moved to either a different site or a different organization.

We'll talk some more about the Exchange Profile Redirector tool soon, because we do use that tool for site consolidation. So we'll talk about that a little bit more in the site consolidation WebCast.

Zherina: What is the Exchange 2003 SP1 equivalent for SBS 2003?

Evan: If you're running Exchange 2003 on your SBS 2003 server, you can apply Exchange 2003 Service Pack 1 to it. There are a few known issues that you'll need to take into account when you do that. There's some good information on the Internet about that in the newsgroups, and also in some blogs. I don't have any of that information presently, but you can apply Exchange 2003 Service Pack 1 to your SBS 2003 server.

SBS has their own set of service packs. So at some point, SBS will come out with a service pack that may or may not include the Exchange features, or it may just include the SBS features. I can't really comment too much on that, because I'm not sure.

Zherina: Can Exchange 2003 OWA be set to view the Global Address List when composing new e-mail messages, without having to do find for the user, similar to what you have in Outlook? Ideally, I would like to be able to list all users in the GAL when composing new e-mail messages in OWA.

Evan: I don't believe so. Nino, do you happen to know if there is any way to do that?

Nino: No, I don't believe so. It is just simply a completely different mechanism they use for querying the GAL. I'm not aware of this functionality coming anytime soon, or being available in any way.

Zherina: What are the key requirements to do a cross-administration group user move with SP1?

Evan: There are actually a number of requirements. There are some prerequisites in terms of diversion of the ADC, in terms of diversion of the target, in terms of some hotfixes that need to be applied. All that information is out there in one of three places, basically. It's in the planning guide, which is in the technical library for Exchange 2003; there's a chapter on it in there. In the deployment guide for Exchange 2003, there's a chapter in there. Or in the updated Exchange deployment tools, which are available as a Web release download. They have the step-by-step process for doing cross-site moves. Again, we'll be talking about the site consolidation process and all the prerequisites in about a month, when we do that WebCast.

Zherina: Speaking about hotfixes: What hotfixes for Windows Server 2003 are required to install Exchange 2003 SP1?

Evan: If you install your Exchange 2003 SP1 on a Windows Server 2003 computer, when you try to do the update, it's going to stop you if you haven't applied hotfix 831464, and this is the hotfix for IIS that resolves some GZIP compression issues that can cause problems in OWA. So it won't let you proceed to do the upgrade unless you have that hotfix applied to your Windows Server 2003 computer. It is not, however, a hotfix that is required if you're installing on Windows 2000 Server.

Zherina: In SBS 2003, I am having a problem where the messages stop flowing and the queues just build. The only resolution is to restart the machine. Trying to restart the SMTP service will lock up the computer. Will SP1 fix this? It happens on two of the five installs I have.

Evan: I haven't heard of anything along those lines. In fact, that sounds pretty serious. If trying to restart SMTP locks up the computer, there may be something much larger going on, at perhaps a hardware level or something along those lines. I'd strongly suggest, if you're having that sort of behavior, and particularly if you can reproduce it very readily, that you open up a call with PSS on that, and see if there is something going on, either something particular to your environment or something larger within the product.

Zherina: Our next question is: I'm running Windows Server 2003 Enterprise Edition with Exchange 2003, and I have 5 GB of RAM in my server. Is this a waste, or are there any switches besides the /3gb /Userva=3030 switch that can help utilize this extra RAM? I only see references to machines that have 4 GB of RAM and no more.

Evan: Because of the way Exchange uses memory, there is generally no benefit to having more than 4 GB of RAM inside your server. If you're running other applications on the server apart from Exchange, you may find that there is some benefit to doing it. But if you have a dedicated Exchange server, generally 4 GB of RAM will get you the best performance. Do you know anything additional that he could do, Nino?

Nino: No. I'm not aware of anything else. I believe that's correct. It's really the limitation of how Exchange is designed. It's just that the design of the product will not let us address more. At this point, 4 GB is really all that you need. However, as Evan mentioned, some other applications that are running on the server, if there are other applications, might benefit from it.

Zherina: Are there improvements in ADC after SP1, while using a one-way connection agreements from AD to Exchange 5.5?

Evan: I'm not aware of anything along those lines, which isn't to say that there isn't, but I'm not aware specifically of anything close to SP1, particularly with regard to one-way connection agreements.

Nino: I have not heard of anything either. I'm not sure. We can probably answer that one offline, just to make sure.

Zherina: Can you install Exchange SP1 on a Windows Small Business Server 2003 standard server?

Evan: Yes, absolutely. If you install Exchange 2003 Service Pack 1 on your SBS 2003 server, it will upgrade the Exchange portion of the SBS server. Like I said, there are several known issues that have been discussed on SBS newsgroups and on some SBS blogs out there. So if you do have an SBS server and you're considering applying SP1, I'd strongly suggest that you take a look at some of this information that's out there, to see if any of these problems will affect you. But, in general, it should work just fine in a lot of cases to do that upgrade to SP1.

Zherina: Is Exchange 2003 intrasite server-to-server SMTP message routing encrypted over the wire?

Evan: I know between Exchange 2003 servers within the site we do 8-bit rather than 7-bit sizing on the messages, but I'm not sure in terms of encryption. Do you happen to know that answer?

Nino: I don't think it is encrypted. If you wanted to have that encrypted, I think you would have to do something like IPSec between the machines. But I do not think that they are encrypted. I know that some of it is signed. But as far as I know, there's no encryption.

Evan: I don't think it's encrypted either. You can use either TLS or you can configure IPSec, and that would give you encryption.

Zherina: Does Exchange 2003 or Outlook have any future plans for multiple public store trees available to Outlook, versus only MAPI?

Evan: That's a hard question to answer. If there are such plans, I'm not aware of them, but certainly anything is possible. Again, like I answered a similar question earlier, if that's something that you think would be a big benefit to your use of Outlook and Exchange, you may want to send that information to mswish@microsoft.com.

Zherina: Are there any issues with moving Exchange 5.5 mail to Exchange 2003 servers if users are still on Windows NT® 4.0 in another trusted domain?

Evan: That is definitely a core scenario of migration, is potentially having a trusted Windows NT 4.0 domain with the security principals. The ADC will then create disabled accounts in the Active Directory and link them back to the security principal in the NT domain. It pretty much works, but there are certainly things that you'll want to be aware of, like delegation. There are a couple of different things that can be unexpected behavior in that scenario, and you'll want to probably take a look through the core guides that are out in the technical library. The planning guide and deployment guide, for example, will cover some of those scenarios for you, so that you can better prepare for that process.

Zherina: What kinds of issues have you had with SP1, as far as the functionality of Exchange 2003? How much should we test this in another computer before installing it?

Evan: The answer to that question probably depends more on your environment than on something that Nino or I could answer for you. If you have very stringent testing rules, of course you'd want to make sure to abide by that. With that said, a lot of time and effort went into making SP1 very, very solid. It's intended to continue the very high-quality release that we had with Exchange Server 2003.

Because SP1 released at the end of May 2003, I haven't heard of any really horrible, dire issues with it. It's pretty solid in my experience, and I think that may be something you'd want to take into account when deciding whether or not to upgrade, and when to upgrade to SP1.

Zherina: Does Intelligent Message Filter need to be installed on a front-end server?

Evan: No. It needs to be installed on whatever your Internet gateway is. Whether that's a front-end server or not, that's the server it would need to be installed on. But there's no requirement that IMF be installed on a server that's actually configured as an Exchange 2003 front-end server, like we have with the managed topology configuration.

Zherina: On an Exchange 2003 cluster, active/passive, with Symantec antivirus loaded on each node, fail-over takes a long time and usually fails. I generally stop the antivirus service to do this. Is there an improvement in SP1 that handles fail-over better?

Evan: There aren't any changes that I'm aware of in SP1 that would specifically address this. Typically, the things that cause fail-over to take a long time between cluster nodes are that the SMTP resource takes a while to go offline, or that the store takes a while to go offline. Potentially, if it's an antivirus scanner that hooks into the store, that antivirus scanner is getting in the way of the store resource going offline.

If you have a scenario where this is pretty frequently happening, you may want to contact Symantec, and perhaps contact Microsoft PSS as well, to see if you can find out if there is actually an issue with the Symantec software interfacing into the store.

Zherina: You covered a lot of this in your presentation, but it looks like a listener asks: What are the benefits of installing SP1, and what major problems does it fix? I ask this because I am currently having major problems with meetings disappearing from people's calendars.

Evan: There are a lot of different benefits that we covered throughout the slides and some in the Q&A, so I won't go back and talk about that. But with regard to the disappearing meetings in people's calendars, that's an interesting question. The last time that I really remember seeing that sort of behavior was related to virus scanning drive M. Apart from that, there could be something else going on in your environment that is corrupting those messages or changing the views. There could be a bunch of different scenarios. You may want to talk PSS and see if there is something specific going on in your environment, unless Nino has some ideas.

Nino: I just wanted to say that I would definitely recommend opening up a case, because there could be, and this is not always the case, some cases where problems can happen because people are scanning their mailboxes with their Pocket PCs, or a Palm Pilot device, or things like that. So there are multiple reasons why things like this could happen. I'm really not aware of any specific fix in SP1 that has addressed any of this. So this will require some troubleshooting in trying to figure out the root cause, so I would definitely suggest a PSS case, too.

Zherina: Why does Store.exe take so much memory? I have 100 mailboxes and the Store.exe is taking 650 MB of RAM.

Evan: This is a very good question, and it's one that we get a lot in PSS. The question that I would have for the listener is, how much physical memory do you have in your machine? What store will do is it will take as much memory as it can get to make it perform better. It puts the database cache, all the database buffers, into memory. In fact, it's also worth talking about the difference between physical memory and virtual memory.

What the store actually does is allocate a bunch of virtual memory, up to 3 GB, if you use the /3GB switch. Even if you only have 1 GB of memory, it will still allocate 3 GB of virtual memory, potentially. And that memory will be paged in and out of physical memory as needed. The store does a very good job of releasing all that excess memory that it's trying to use, if anybody else needs it. So if you have 1 GB of memory in your machine, and store is taking 650 MB of memory, that's probably intentional. It's probably not causing a performance problem. In fact, it's probably aiding performance, because it's making use of that extra memory that would otherwise be sitting idle.

Nino: Just to add to that, just the increase in the memory itself as seen in the Task Manager or maybe in the PerfMon, as far as store utilization is concerned, is not necessarily the problem itself. I guess if there are any other memory-related issues on the server, or the server starts performing sluggishly, or you're starting to get pop-ups out of memory when trying to launch applications, or other applications are complaining that they cannot get RAM from the system or whatever, then we definitely have a problem.

However, typically when you start or restart the store, you will see the gradual increase as the store is figuring out that it can take more and more RAM. However, it should always return RAM to the OS if asked it to do so. So typically, just the utilization itself is not necessarily a problem, as Evan mentioned.

Zherina: It looks like we only have five minutes left, so I'm only going to take a couple of questions here, and anything that is left in the queue we'll take those offline.

Does Exchange 2003 SP1 provide for using a one-way connection agreement between Exchange 5.5 sites and a new Exchange 2003 site? It's necessary for us to buy time to clean up Exchange 5.5.

Evan: Yes. The same functionality, in terms of one-way and two-way connection agreements, is still supported in the Exchange Server 2003 Server Pack 1 ADC. When you start talking about some of the more complicated environments, like a site consolidation, for instance, some of those requirements change. You would need to have two-way CAs in that case. But in general, if you have an existing one-way CA in your environment today, with Exchange Server 2003 ADCs, that will continue working just the same with a Exchange 2003 Service Pack 1 ADC.

Zherina: This is a follow-up question: Wouldn't such large use of private bytes not mask potential memory leaks in Store.exe?

Evan: I wouldn't think so. If you have a memory leak inside Store.exe, you would see that it continues to increase. Whereas with the private bytes, they're used in Service Pack 1, you'll see that they're allocated in big chunks and deallocated by the store. Whereas if you had a leak, you'd see it climbing up gradually over time.

Zherina: Our last question: What has changed with SP1 on how to configure RPC over HTTP on the global catalog servers - that is, ncacn_http registry entries?

Evan: Because of the managed topology in Service Pack 1, we configure only the front-end and back-end servers, and the back-end servers refer to DSProxy rather than through global catalog server. The configuration settings on the global catalog server become sort of irrelevant at that point. What you need to do is make sure that your DSProxy is configured correctly on the back-end server, and that you have the back-end server properly configured inside the valid ports registry key. After that's in place, there isn't really a need to deal with the global catalog servers.

Zherina: Just really quickly, if you know: Where do we find a full list of all the changes and fixes in SP1?

Evan: Again, that's something where you have two different ways to go about it. You can go to the References slide. The easiest way is to probably cut and paste that huge support link that points you to the canned Web site on Service Pack 1 fixes (http://support.microsoft.com/common/canned.aspx?H=Microsoft%20Exchange%202003%20SP1&Query=kbExchange2003sp1fix&CDID=EN-US-KB&LCID=1033&product=exch2003). That will give you one view of the list.

You can take a look at the KB article that lists the Service Pack 1 fixes, and that is 843363. Like I said earlier, both of those lists are small, but increasing in size right now, as more and more of the articles get finished and become public.

Zherina: That was the end of all of our questions. With that, I'd like to wrap up this session. I wanted to thank Evan Dodds and Nino Bilic for joining us in our discussion today. Of course we'd like to thank you, our listeners, for attending today's session.

We welcome any feedback on the sessions we produce and the topics you'd like to see covered in the future. Visit our Contact Us page at support.microsoft.com/servicedesks/webcasts/feedback.asp and select the WebCast comments link.

We hope this presentation has been helpful to you and your business, and we look forward to your participation in upcoming WebCasts.

Thank you, and have a great day, everyone.