Exchange 2003 Service Pack 2 BETA (build 7623.0) Exposed
Exchange 2003 SP2 is more than just an ordinary Service Pack which fixes a couple of bugs; it contains numerous bug fixes as well as several feature enhancements and completely new features. The most noticeable are:
- Database limit size increased from 16GB to 75GB
- Public Folder Management improved
- Offline Address Book (OAB) enhancements
- Outlook MAPI access allowed/blocked on per user basis
- Improved protection against SPAM (Sender ID implemented etc.)
- Mobility enhancements
This article is based on the latest Exchange 2003 SP2 BETA build, which at the time of this writing was build 7623.0. When I wrote the final words of the article, Microsoft released a special Exchange 2003 SP2 Community Technology Preview (CTP), luckily this version is build version 7623.0 as well (see Figure 1 below which is a screenshot taken from the System Manager on an Exchange 2003 Server with the CTP version applied.)
Figure 1: Exchange 2003 SP2 Build Number
If you don’t think the figures in this article does enough to suit your appetite, you could install the CTP version in your lab and checkout the different new features and enhancements, actually I recommend you do so as this will give you a much better understanding of the different features in Exchange 2003 SP2. But bear in mind the CTP version is a pre-release evaluation which isn’t supported by Microsoft Support Services. Therefore it’s strongly recommended you only install this version in your test labs and not on any production server(s). It’s also worth noting that you can’t uninstall an Exchange Service pack, so if you apply Exchange 2003 SP2 to a production server, you won’t be able to uninstall it afterwards (you would instead need to restore form the most recent backup). Any modified OWA forms-based authentication logon pages you have modified will also be overwritten, when applying Exchange 2003 SP2, so remember to back up any modified logon.asp pages before you begin.
Database Limit Size Increased
One of the really interesting changes that comes with Exchange 2003 SP2, is the new database size limit in Exchange 2003 Standard Edition. As many of you know the Standard edition has a hard-coded 16GB limit which with Exchange 2003 SP2 is changed to 75 GB! Yes you heard me right finally Microsoft reacts to years of yielding from frustrated Exchange Administrators. If you ask me this was something that should have been changed back when Exchange 5.5 SP4 was released. Come on when you think about it 16GB is the limit on our MP3 player’s disk these days, and should definitely not be a limit to fight against on your Exchange Server(s).
In order to protect your Exchange 2003 Standard edition server from unintentional rapid growth, Exchange 2003 SP2 by default sets the limit to 18GB. You can then control what the limit size should be using the a DWORD registry key named Database Size Limit in GB, which should be added under the following location HKLM\System\CurrentControlSet\Services\MSExchangeiS\ParametersSystem in the registry.
It’s worth mentioning that it’s not only the Mailbox Store limit size that are increased, but also the Public Store, so if you add them together you now have 150GB database storage available. Not bad.
This new database limit’s also applies to SBS 2003 Servers with Exchange 2003 SP2 applied.
Public Folder Management Enhancements
Although Microsoft is planning to remove Public Folders from the Exchange product, this won’t happen before we see the release of E13, yes you read that right E13 (the version that’s to be released after E12). Although Public Folders are to be removed from Exchange, Microsoft still spends a considerably amount of time enhancing the way Public folders work, and fortunately several of the enhancements have made it into Exchange 2003 SP2. One of the goals with Exchange 2003 SP2 is to make administration of Public Folders more efficient; the primary reason here fore is to eliminate the high number of support calls Microsoft Support Services receives on Public Folder issues.
The biggest change when speaking Public Folders is the removal of the Propagate Settings option from the Public Folder context menu, shown in Figure 2 below.
Figure 2: Public Folder Propagate Settings
Exchange 2003 SP2 replaces it with a new Manage Settings option (see Figure 3), as too many Exchange administrators have had a hard time understanding the real function of the Propagate Settings feature. The Propagate Settings options let’s an Exchange administrator copy particular properties of a selected Public Folder to the subfolders underneath it, but a general misunderstanding is this option also propagates changes made to Access Control Lists (ACLs).
Figure 3: Public Folder Mange Settings Option in Context Menu
When selecting Manage Settings by right-clicking a Public Folder containing a subfolder in the Exchange System Manager, we’re presented with the screen shown in Figure 4 below.
Figure 4: Manage Public Folders Settings Wizard Welcome Message
As you can see a new Manage Public Folders Settings Wizard is opened, when clicking Next, we can choose between three options Modify client permissions, Modify lists of replica servers and Overwrite settings as shown in Figure 5.
Figure 5: Specifying the Respective Type of Modification
If selecting the first option in Figure 6, we have the option of adding a user, removing a user, modifying a user, or replacing a user.
Figure 6: Specifying Permissions Actions
If selecting the second option in the first screen (Figure 5), which is Modify lists of replica servers, we can add, remove or replace a server from the replica list as shown in Figure 7.
Figure 7: Specifying Replica Server Actions
If we select the third option in the first screen (Figure 5), which is Overwrite settings, we have the option of choosing between eleven different types of options to overwrite (see Figure 8).
Figure 8: Public Folder Overwrite Settings
When you have made the respective selections through the Manage Public Folders Settings Wizard, you get a summary screen showing what will be changed (see Figure 9). You can then click Finish.
Figure 9: Completing the Manage Public Folders Settings Wizard
Another Public Folder related change is that you no longer can delete a Public Folder store that contains data not yet replicated (including System Folders!); you first need to move all existing replicas to another server or delete the unnecessary individual folder(s). Doing so via the new Manage Public Folder Settings Wizard would require a lot of work, so Microsoft will with Exchange 2003 SP2 let you right-click the Public Folder store itself, where you can select a new context option – Move All Replicas as can be seen in Figure 10.
Figure 10: Move All Replicas
With this option you can with a few clicks move all content from one Public folder store to another.
Other Public Folder enhancements in Exchange 2003 SP2 includes Logging of public folder deletions, the option of stopping and resuming Public Folder content replication on the fly (see Figure 11 below).
Figure 11: Stopping Public Folder Content Replication by right-clicking the Exchange organization
Offline Address Book (OAB) Enhancements
Exchange 2003 SP2 also introduces Offline Address Book version 4 (OAB 4.0), which is a new type of OAB that was designed to help remove most of the OAB download related problems many of us have or still are experiencing, as well as improve performance. The OAB Version 4 folder can be found at the same location as OAB version 2 and 3, that is under Folders > Public Folders (System Folders) > Offline Address Books in the Public Store in the System Manager. See Figure 12 below.
Figure 12: Offline Address Book folder in the System Manager
Among the enhancement introduced with OAB 4.0 are improved logging, reduction of the size of OAB files (up to 30%), differential OAB update files using a new generic binary compression technology known as BinPatch and OAB indexing based on locale setting (language and country).
In order to make use of the improvements in OAB 4.0, the Outlook 2003 client will need to have SP2 applied.
Outlook MAPI Access Allow/Deny on per User Basis
Exchange 2003 SP2 introduces a new method with which you can allow or deny Outlook MAPI access on a per user basis. This is a welcome addition especially to Exchange shared hosting providers, who often provides different types of subscription packages – such as one allowing OWA access, another allowing OWA and Outlook MAPI access etc.
MAPI access will be controlled via a new ProtocolSettings attribute string, which is set on a mailbox-enabled AD user object for example by using ADSIEdit. You can also control whether an Outlook MAPI client running in non-cached mode should be allowed access or not.
The MAPI access ProtocolSettings attribute string doesn’t apply, when a mailbox is accessed via delegation.
Enhanced Protection against SPAM
There are several enhancements in Exchange 2003 SP2 when it comes to protection against SPAM, most noticeable are the new version 2 of the Intelligent Message Filter and the Sender ID implementation.
Perimeter IP List and Internal IP Range Configuration
When Exchange 2003 SP2 has been applied you will have the option of entering the IP address for any servers deployed in the organizations perimeter network (aka DMZ), as well as the range of IP addresses within the organization see Figure 13). Specifying these IP addresses is necessary if you enable either Sender ID or Connection filtering behind the perimeter network.
Figure 13: Perimeter IP List and Internal Range Configuration
Sender ID Filtering
As many of you already know Sender ID is an e-mail industry initiative invented by Microsoft and a few other industry leaders. The purpose of Sender ID is to help counter spoofing, which is the number one deceptive practice used by spammers. Sender ID works by verifying every e-mail message indeed originates from the Internet domain from which it was sent. This is accomplished by checking the address of the server sending the mail against a registered list of servers that the domain owner has authorized to send e-mail.
Exchange 2003 SP2 adds a Sender ID Filtering tab (see Figure 14) which helps defend against spam and phishing schemes. As you can see it’s possible to choose from three different options of which Accept is default selected.
Figure 14: Sender ID Filtering
In order to use Sender ID filtering you need to enable Sender ID filtering on all SMTP virtual servers accepting mail from the Internet, but it’s not necessary to enable the option on the Exchange mailbox servers in your organization.
Intelligent Message Filtering Version 2
The SmartScreen-based Intelligent Message Filter (IMF) which was developed by Microsoft Research and which also is used with the Hotmail product and Outlook 2003 is with Exchange 2003 SP2 an integrated part of the System Manager. This means you no longer need to install IMF separately when deploying new Exchange 2003 Servers in your Exchange organization. The included version is version 2, which will replace IMF version 1 approximately 6 months after Exchange 2003 SP2 is released.
Figure 15: Intelligent Message Filter Integrated in System Manager
IMF version 2 will also support a new anti-phishing technology, which will use a so called Phishing Confidence Level (PCL) value to impact the Spam Confidence Level (SCL) ratings further. In addition expect IMF version 2 updates to be released on a more frequent basis than what’s been the case with version 1.
When upgrading an Exchange 2003 Server to Exchange 2003 SP2, it’s important you uninstall IMF version 1 from the server first.
One of the biggest additions to Exchange 2003 SP2 is without a doubt the new mobile device enhancements.
Direct Push over HTTP(s)
When taking Properties of the Mobile Services object in the System Manager, the first change you notice is Direct Push over HTTP(s) option (see Figure 16).
Figure 16: Mobile Services
Direct Push is a new technology which ensures a mobile device always is up to date with the content of the mailbox. With Exchange 2003 RTM or SP1 you need to specify pre-defined intervals (the most frequent being 5 minutes) at which the mobile device will update with any new content available in the mailbox (messages, calendar appointments, tasks and contacts etc.).
You can also configure your Windows 2003 Mobile devices to use a feature called Always-up-to-date (AUTD), which basically notifies you of updates to your mailbox, by sending a “new e-mail” SMS message notification is sent to you’re your mobile device. But based on customer feedback regarding the limitations of using SMS to notify a mobile device, Microsoft took the step to develop the Direct Push technology.
Direct Push keeps a constant open connection to the server via IP, this means that as soon as a change is made to the mailbox a trigger will be sent to the mobile device, which then will be updated almost instantly. As Direct Push uses HTTP(s) it works over GPRS as well as WIFI networks.
The Direct Push technology is only supported by mobile devices running Windows Mobile 5.0.
Not all the mobility features which are to be included in the final version of Exchange 2003 SP2 is included in build 7623.0, as they’re pending for availability of Windows Mobile 5.0 devices that have the Messaging & Security Feature Pack installed. Also features such as an administration tool for the remote wipe feature will be released as a separate web release, as has previously been the case the Intelligent Message Filter (IMF), OWA Admin, and Exchange Best Practices Analyzer (ExBPA) etc.
Mobile Device Security enhancements
Let’s see what hides under the Device Security button. With Exchange 2003 SP2 it will be possible to set a central policy on the mobile devices used by the Exchange users within the organization. As you can see in Figure 17 below, you can set all sorts of different policies such as minimum password length, whether the password should be complex, inactivity for number of minutes, wipe device after x number of failed attempts (this erases the devices completely), refresh settings in hours as well as whether access should be allowed to devices that doesn’t support password settings.
Figure 17: Mobile Device Security Settings
You can even specify a list of user accounts that should be excluded from the specified policy; this is done by clicking on the Exceptions button which will bring us to the screen shown in Figure 18.
Figure 18: Device Security Policy Exception List
Exchange 2003 SP2 will also support certificate-based authentication in order to eliminate the need of storing corporate credentials on a mobile device. In addition Exchange 2003 SP2 will support Secure/Multipurpose Internet Mail Extensions (S/MIME) to sign and encrypt messages coming to and from mobile devices, just as is the case with OWA.
Exchange 2003 SP2 in conjunction with Windows Mobile 5.0 will also be able to do Exchange Global Address List (GAL) lookups. Expect the feature to be similar to Microsoft Global Contact Access that was released back in July 2005. This means you will be able to see the Properties of a recipient in the GAL!
There’s also been made a significant change to how an Exchange ActiveSync (EAS) user authenticates to the Exchange Server. As some of you might know the default way Exchange authenticates EAS users is by taking the primary SMTP address, strip out the left hand side (LHS) of the address and then use that as the mailbox name. But as some of you may know (especially Exchange share hosting providers) this can cause problems when hosting multiple companies in your Exchange organization. Fortunately the SMTPProxy registry key takes care of most of the EAS authentication problems, as it can check all SMTP Proxy addresses of a particular user.
But Exchange 2003 SP2 will use the SMTP mailbox addressing scheme (which is the schemes OWA uses when Exchange 2003 SP1 has been applied). This scheme makes it possible to use the full e-mail address specified as part of the URL, instead of the mailbox name. The benefit of this “new” scheme is that it let’s you host multiple companies with each their domain, and having all of them use sync with EAS without the need to create additional virtual folders etc. - a very welcome addition.
I won’t list all the bug fixes included in Exchange 2003 SP2 in this article, for a list I instead recommend you checkout the Exchange 2003 SP2 CTP Release Notes, which are available by clicking here.
Exchange 2003 SP2 is a huge service pack which is packed with both completely new features as well as enhancements to existing features. As you have seen in this article especially the anti-spam, public folder administration and mobile devices features has been on top of the list when Exchange 2003 SP2 was developed. Exchange 2003 SP2 is expected to be released later this year, and since Microsoft’s plan is to release Exchange 12 (E12) in the end of 2006, we can be pretty sure this will be the last service pack for Exchange Server 2003, but if we look at what’s included in Exchange 2003 SP2 there’s really not that many things to miss until the next major release – Exchange 12 (E12)!