We encountered a big problem after applying the Rollup Package 3 for Exchange 2007 SP1. After installing the update on our frontend and backend servers the OWA website suddenly stopped working. (blank page at owalogon.asp)

After uninstalling the update everything worked again.

This problem is re-producible and I’ve already heard of some other companies who had the same problem. Therefore I don’t suggest to install the Rollup at least until the next package comes out.

If everyone experiences the problem, that the SMTP service on a Windows Server 2008 is not logging, despite it is activated, then here is a solution which I found on Steve Schofields Weblog under this address:

http://weblogs.asp.net/steveschofield

The logging functionality is depended on the “ODBC Logging Module” Role Service and it doesn’t work without it.

1. Install the ODBC Logging Module (use the Server Manager to add it as a Role Service)

2. Stop / Start the SMTP Service

3. Verify your SMTP service is configured for logging. It’s not activated by default.

4. Simulate SMTP traffic by using the telnet console. See http://support.microsoft.com/kb/153119 for how to use telnet for simulating SMTP commands.

5. Check your logging folder

This article describes the necessary steps for how to export “Windows Server 2003″-based DNS zones and import them to a “Windows Server 2008″-based DNS server.

Export procedure on Windows Server 2003

• Open the Registry Editor (regedit.exe) and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones
• Export that key to a file by right clicking it and selecting “Export”
• Open the Windows Explorer and locate the following path: %windir%\system32\dns
• Copy all *.dns files to a temporary folder

Import procedure on Windows Server 2008

•  If this is a fresh DNS server installation you need to create a temporary DNS zone which can be deleted later. I currently don’t know why this has to be done but otherwise it won’t display the imported DNS zone later
• Import the *.reg file with the exported Registry keys by simply double clicking it
• Copy the saved *.dns files to the directory %windir%\system32\dns. Please note, that this path is the same on the 64bit variant of Windows Server 2008.
• Restart the DNS server service
• All DNS zones should now be visible in the DNS Managent Consolein the “Server Manager”

We had several problems setting up “Outlook Anywhere” on a Windows Server 2008 with Exchange 2007 SP1.

When configuring the Exchange 2007 server for the “Client Access” feature from within the Exchange Management Console, everything like OWA or Server Active Sync worked at once but when trying to access a users mailbox via Outlook 2007 using the “Outlook Anywhere” feature, the former RPC-over-HTTP, user’s always got the logon screen and weren’t able to authenticate.

When configuring the authentication manually in IIS it automatically switched back to the old setting after 30 minutes. This behavior is caused by the Authentication setting for Outlook Anywhere in the Exchange 2007 Management Console. When “Basic Authentication” is set it will delete the IIS setting for integrated Windows Authentication and vice versa. After setting it to “NTLM Authentication” the problem was solved because we set NTLM in our Outlook installations.

However I still don’t know why Microsoft doesn’t allow both authentication types and enforces only one. With our former Exchange 2003 frontend we allowed both authentication types.

My project, the “A-G-DL-P Directory Creator”, is now available on Sourceforge.

I took this step because I wanted to create an easy and public way for users to discuss features or problems.

The corresponding website can be found here: http://sourceforge.net/projects/directorycreato

I’ve written a small program which will assist you at creating directories on your fileserver and will automatically create and group all corresponding domain local and global groups in Active Directory.

After creating those groups it also links the domain local groups to the created directories.

If you are interested in that program (don’t worry, it’s freeware :)) please let me know and send me an E-Mail to blog@gold-nuggets.net

You can view a screenshot here: screenshot

According to the Microsoft Partner Newsletter and Heise.de Microsoft has finally released Service Pack 1 for Windows Vista. However, it is currently not clear if the problems which arised after the first release in February have been fixed in the new release. Some customers experienced problems after the installation of SP1 (repeated installation after every reboot…). Due to Microsoft some drivers were responsible for that failure but they haven’t published a list of the faulty drivers yet.

Therefore it is currently not clear if these drivers have been fixed or not. Microsoft recommends every user to make a backup prior to installing the Service Pack.

I have decided to wait a few weeks longer until I update my system because I have been one of the lucky persons who had problems with the February release.

Currently it’s not possible to directly secure Exchange RPC-over-HTTP with RSA SecurID because Outlook has it’s own logon screen for that service and there is no RSA plugin available which could replace that window.

However here’s a possible workaround I’m currently testing. Maybe it’s giving some of you ideas for your own solution.

Since it is not possible to directly secure RPC-over-HTTP with RSA SecurID (or a similar product), it would be possible to secure a website with it.

Therefore you could set up a website with an RSA login which, after successfully logging in, enables the user to access the internal RPC-over-HTTP frontend server. Such a setup would be possible for example with Cisco WebVPN or Cisco SSL VPN (I’ve heard of companies who also use a Checkpoint firewall for such a setup). However if you published OWA and RPC-over-HTTP and both services reside on the same server, you need to make sure that the RPC-over-HTTP service  will be blocked for direct access. Such a setup would be possible with Microsoft’s ISA Server where you can specify published resources by their URL.

I”’ keep you informed about any experiences I make in my test environment and whether this will be a practical solution.

On 29th February 2008 Microsoft published a new knowledge base article which provides a fix for the problem that Certificate Enrollment Pages on a Windows Server 2003 can’t be properly used from a Windows Vista / Windows Server 2008 machine.

The full article is available here: http://support.microsoft.com/kb/922706

Due to some experiences I made in the last week I’m seriously asking myself the question if Microsoft has lost some of it’s strength while testing new Service Packs before their release.

That is because

• we had problems with the first release of Windows Vista Service Pack 1 after which Microsoft withdrew it from deployment (and hasn’t come up with a new release date, yet, leaving alone MSDN subscribers)

• we had very serious problems after applying Service Pack 3 for Sharepoint 2003 which has resulted in a “Access Denied” message for users not having Administrator permissions. It took Microsoft nearly 4 months to come up with Knowledge Base article KB948919 where they released a post-SP3 update which finally solved this problem.

I know that it gets more difficult to test Service Packs for new products because the variety of usage gets more complex with each product release, so no offense guys.
But being affronted with two Service Pack failures in one week makes me mad.

However I still think that Microsoft does a great job, especially when looking at their new Server and Office products.

And: Mistakes only make us more human, right?