Because of Microsoft’s Trustworthy Computing initiative (an initiative to improve customer’s experience in the areas of security, privacy, reliability, and business integrity) it comes as no surprise that Windows XP SP2 follows this route as well. Because of the many security enhancements in SP2 quite a few applications (especially third party) experience loss of functionality when they’re run on a Windows XP SP2 computer, for a detailed list see MS KB article: 884130 - Programs that are known to experience a loss of functionality when they run on a Windows XP Service Pack 2-based computer.
In this article I will show you some of the caveats you run into when deploying Windows XP SP2 in an organization where your users rely on the Outlook Web Access (OWA) 2003 client, and because many of the security enhancements included in Windows XP SP2 have been made to Internet Explorer (IE) there are plenty. The most infamous is probably the new IE Pop-up blocker issue (although this has been an issue for ages with third party pop-up blockers such as the one included in the Google Toolbar) where most new windows opened in OWA is blocked by default, see table 1 below for a specific list of OWA windows which are blocked:
The New Folder action.
The Attachments dialog box.
The New Message button in the Find Names dialog box.
The Send Mail to Contact button on the Contact form.
Reminders and new e-mail notifications.
The following commands on the shortcut menu for mailbox items:
Table 1: A list of OWA features which are blocked by the new IE pop-up blocker
In addition there are issues with script errors when a user selects Properties of a user name by double-clicking on it in the Find Names dialog box as shown in figure 1:
Figure 1: Script error when selecting Properties of a user name by double-clicking on it in the Find Names dialog box
Clicking Check Names on the Edit Rule form, and if any name cannot be resolved also results in a script error, see figure 2:
Figure 2: Script error when clicking Check Names on the Edit Rule form, when a name cannot be resolved
In addition if a user double-clicks a resolved user name and then clicks Show Blocked Pop-up, she receives the warning message similar to the one shown in figure 3:
Figure 3: Security warning received when clicking Show Blocked Pop-up on a resolved user name
You not only receive the above message but clicking OK will actually replace the active window with the Properties window meaning you will lose any changes that you made since the last time that you saved!
Fixing Most of the Problems
So what can you do in order to get the rid of these rather annoying problems? Well you have four options (listed in priority):
- Add the URL for OWA access to the Allowed Sites list in the Pop-up blocker Settings (see figure 4)
Figure 4: Adding the OWA URL to the Allowed Sites of the Pop-up Blocker Settings in IE
- Have your users use the OWA Basic client instead of the Premium client
- Lower the Filter level under the Settings of the IE Pop-up blocker (see figure 4)
- Turn off the Pop-up blocker completely (see figure 5 below)
Figure 5: Turning off the IE Pop-up blocker
For further details be sure to checkout MS KB article: 883575 - Description of the known issues with using Outlook Web Access on a Windows XP SP2-based computer
OWA S/MIME Control Problem
Now that you have followed the above instructions you might think you’re ready to roll! But unfortunately I have to disappoint you, as there’s still one more issue left to deal with. More specifically an issue related to loading the OWA Secure/Multipurpose Internet Mail Extension (S/MIME) control component. Because Windows XP SP2 restricts the components that are supported by the S/MIME component function call it’s not possible to install it properly, even though figure 6 and 7, for users who haven’t downloaded and installed the S/MIME component before, indicates it’s behaving as expected.
Figure 6: Downloading and Installing S/MIME Control
Figure 7: Installing OWA S/MIME
In detail you experience the following symptoms:
On the OWA Options page the E-mail Security area indicates that the S/MIME control is not installed and only the Download button is available. Normally you would expect to see the Encrypt contents and attachments for outgoing messages check box and as well the Add a digital signature to outgoing messages check box.
When you open a new e-mail message click the Options button, the E-mail Security section doesn’t appear. Normally you expect to see the Encrypt message contents and attachments and Add a digital signature to this message check boxes.
You also cannot drag attachments to a new Compose Message form
The only way to solve the OWA S/MIME control problem is to download and install the HotFix mentioned in MS KB article: 883543 - The S/MIME control does not load in OWA when you are running the Exchange Server 2003 OWA client on a Windows XP Service Pack 2-based computer, but before you do please read the warning below.
Be aware the HotFix at the time of this writing breaks SBS 2003 Forms-based Authentication page (so that you have to authenticate with domain\username instead of user name only) as well as the solution provided in one of my earlier articles: Outlook Web Access 2003 Forms-based Authentication and the default domain dilemma, so if you’re either running SBS 2003 or have implemented the solution in my article be patient, some of you might remember it took approximately 2 months before Microsoft released an update (MS KB 843539) back when Exchange 2003 SP1 broke the SBS 2003 Forms-based authentication page.
OWA 5.5 and 2000
Even though I don’t mention anything about OWA 5.5 and 2000 in this article there are several problems with these as well (especially OWA 2000) for details I recommend you checkout Messageware’s splendid White Paper.
I hope you learned something from this article, if you should have any feedback please don’t hesitate to contact me either through my e-mail address or by posting a question on the message board.