Topic Last Modified: 2008-11-17

See the "Legal Notice" section later in this document for important information.

Welcome to Microsoft Exchange Server 2007 Service Pack 1 (SP1).

This document contains the following sections:

Features Available in Exchange 2007 SP1

Exchange 2007 SP1 adds several new features to the already robust set of Exchange 2007 features. For detailed information about how to use these new features, see What's New in Exchange Server 2007 SP1 in the Exchange 2007 SP1 online Help.

You can also read information about these features in the Exchange 2007 SP1 Help that is included with Exchange 2007 SP1. To access the Exchange 2007 SP1 Help, use one of the following methods:

  • Open Setup for Exchange 2007 SP1. In the Setup wizard, click Read about Microsoft Exchange Server 2007 SP1.

  • If you have not installed Exchange 2007 SP1, access the Exchange 2007 Help file (exchhelp.chm) from the following location on your SP1 source:<AMD64 or I386>\Setup\ServerRoles\Common.

  • If you have installed Exchange 2007 SP1, open the Exchange Management Console, and then click the Help icon on the toolbar.

    Note:
    The Exchange 2007 SP1 client features for Microsoft Office Outlook Web Access are not documented in the Exchange 2007 SP1 Help. They are only documented in the Outlook Web Access Help. For information about these new Outlook Web Access features, see "Outlook Web Access Client Features" later in this document.

Installing Exchange 2007 SP1

You can upgrade an existing Exchange 2007 computer to Exchange 2007 SP1, or you can perform a clean installation of Exchange 2007 SP1.

For detailed information about the requirements that you must meet and procedures that you must follow when you install Exchange 2007 SP1, see the following topics in the Exchange 2007 SP1 online Help:

Installation Overview

Consider the following when you deploy Exchange 2007 SP1:

  • You can install Exchange 2007 SP1 from the command line or by using the Exchange 2007 Setup wizard.

  • You can use any of the following three methods when you install Exchange 2007 SP1:

    • Run Setup in upgrade mode to perform an in-place upgrade from the original release (RTM) version of Exchange 2007 to Exchange 2007 SP1.

    • You can run Setup in upgrade mode to perform an in-place upgrade from Exchange 2007 SP1 Beta 2 to Exchange 2007 SP1. Because there are Active Directory schema changes between Exchange 2007 SP1 Beta 2 and Exchange 2007 SP1, you must prepare the Active Directory directory service and domains before you perform the first installation of Exchange 2007 SP1 in your Exchange organization.

      Note:
      Upgrading from Exchange 2007 SP1 Beta 2 to Exchange 2007 SP1 will be supported for members of the Exchange 2007 Technology Adopter Program (TAP) or an RDP program. If you are not a member of the Exchange 2007 TAP program or an RDP program, you will only be able to upgrade to Exchange 2007 SP1 from the RTM version of Exchange 2007.
    • You can perform a clean installation of Exchange 2007 SP1.

  • You must prepare Active Directory and each of your domains before you perform the first installation of Exchange 2007 SP1 in your Exchange organization. This process includes updating the Active Directory schema for Exchange 2007 SP1. For information about the required permissions and steps that you must follow to complete this process, see How to Prepare Active Directory and Domains in the Exchange 2007 SP1 online Help.

    After you have prepared Active Directory and each of your domains, you can install Exchange 2007 SP1 by using an account that has been delegated the Exchange Organization Administrator role.

  • To install or upgrade the first instance of a given Exchange 2007 server role in an Exchange organization, you must have been delegated the Exchange Organization Administrator role. After you have installed or upgraded Exchange 2007 SP1 on a computer in your Exchange organization that has a given server role installed, you can perform later installations or upgrades of Exchange 2007 SP1 servers. To do this, the account you use must have been delegated the Exchange Server Administrator role on the computer on which you will install or upgrade.

    Note:
    This permissions requirement does not apply when you are installing the Edge Transport server role or the Exchange 2007 management tools. You can install and upgrade the Edge Transport server role or the management tools by using an account that has local administrator rights on the computer.
  • It is not supported to upgrade your operating system to Windows Server 2008 and then upgrade Exchange 2007 to Exchange 2007 SP1. It is also not supported to upgrade Exchange 2007 to Exchange 2007 SP1 and then upgrade your operating system to Windows Server 2008. To deploy Exchange 2007 SP1 on Windows Server 2008, you must install Windows Server 2008 on a computer that does not have Microsoft Exchange installed, and then install Exchange 2007 SP1.

  • You cannot uninstall Exchange 2007 SP1. After you install SP1, the only way to remove it is to uninstall Exchange 2007 from the computer, and then reinstall the original release (RTM) version of Exchange 2007.

  • Exchange 2007 Setup requires that all installation source files be located on a resource that is local to the computer on which Setup is being performed. The local resource can be either a local hard drive or DVD drive attached to the system. During Setup, if the installation files are detected on a resource that is not local to the computer, Setup will create a local copy of the installation files in the system temporary files folder and remove them after Setup has completed.

    Using local files is required because Exchange 2007 Setup is a .NET Framework application. This ensures that all installation files are from secure and trusted resources. In some cases, Setup will determine that there is not sufficient disk space to continue. In determining disk space requirements, Setup will include buffer space to meet data storage requirements. The amount of buffer space will vary depending on the server role or roles that are being installed. After Setup has completed, you will notice that the installation consumed less space than was requested.

  • If you are using any third-party applications or hardware on the computers on which you are going to install Exchange 2007 SP1, check with each vendor to verify whether any updates are needed when you are running Exchange 2007 SP1. You should also verify application and hardware compatibility with Windows Server 2008 if you are planning to install Exchange 2007 SP1 on a computer that is running Windows Server 2008.

    Note:
    Before you run the Exchange 2007 SP1 Setup program, you should stop any third-party applications that are integrated with Microsoft Exchange.
  • Exchange 2007 is not supported in environments that use single-label DNS names. Single-label DNS names are DNS names that do not contain a suffix such as .com, .corp, .net, or .org. Exchange 2007 SP1 Setup performs a prerequisite check and will not continue if your environment includes single-label DNS names. For more information about single-label DNS names, see Microsoft Knowledge Base article 300684, Information about configuring Windows for domains with single-label DNS names.

Upgrading the Original Release Version of Exchange 2007 to Exchange 2007 SP1

Consider the following when you upgrade from Exchange 2007 RTM to Exchange 2007 SP1:

Note:
You can also upgrade from Exchange 2007 SP1 Beta 2 to Exchange 2007 SP1.
  • If you install Exchange 2007 SP1 on a computer that is running the RTM version of Exchange 2007, all server roles are upgraded to Exchange 2007 SP1. You cannot choose which server roles you want to upgrade to Exchange 2007 SP1.

  • If you want to add a server role to a computer after you upgrade to Exchange 2007 SP1, you must run the Exchange 2007 SP1 Setup program. This differs from the process that you must follow with earlier versions of Microsoft Exchange. For example, when you add a component to a Microsoft Exchange Server 2003 installation, you must run the Exchange 2003 Setup program to change the installation, and then reapply the service pack.

  • We recommend that you upgrade your servers that are running the Mailbox server role after you upgrade your servers that are running the Client Access, Unified Messaging, Hub Transport, or Edge Transport server roles. Upgrade your computers in the following order:

    1. Client Access servers

    2. Unified Messaging servers

    3. Hub Transport servers

    4. Edge Transport servers

    5. Mailbox servers

    If you upgrade your servers in this order, you may avoid potential service interruptions.

  • We recommend that you upgrade your Client Access servers that reside in Internet-facing sites before you upgrade your Client Access servers that reside in sites without Internet connectivity. For more information, see "Known Issues in Web Services" later in this document.

  • If you are running the Edge Transport server role in your Exchange organization and have created an Edge Subscription, all transport servers that participate in the EdgeSync process must be running the same version of Exchange 2007. You must upgrade all the subscribed Edge Transport servers and all the Hub Transport servers in the Active Directory site to which the Edge Transport servers are subscribed within 15 days of the first upgrade to Exchange 2007 SP1 of any transport server that participates in the Edge Subscription process. For more information, see "Known Issues in Transport” later in this document.

Consider the following when you upgrade servers that are running the RTM version of Exchange 2007 together with Microsoft Forefront Security for Exchange Server.

  • The original release (RTM) version of Forefront Security for Exchange Server is incompatible with Exchange 2007 SP1.

  • You must either remove Forefront Security for Exchange Server or upgrade it to a later version before you can upgrade. The Exchange 2007 SP1 Setup application will not pass prerequisites if the computer is running the RTM version of Forefront.

    Note:
    To obtain a trial version of Forefront Security for Exchange Server that you can use with Exchange 2007 SP1, visit the Microsoft Forefront Security for Exchange Server Web site.
  • If you are running the latest version of Forefront Security for Exchange Server, you must stop all Forefront services before you run Exchange 2007 SP1 Setup.

Consider the following when you install Exchange 2007 SP1 on clustered mailbox servers:

To upgrade an existing Exchange 2007 server to Exchange 2007 SP1 by using the graphical user interface

  1. Run Setup.exe from the Exchange 2007 SP1 installation folder. This will start the Exchange 2007 Setup wizard. The Setup application will detect that you want to upgrade your Exchange 2007 installation to a later version of Exchange 2007.

  2. Under Install, click Install Microsoft Exchange Server 2007. Follow the Setup wizard to complete the installation. Accept all default options when you follow the steps in the Setup wizard. You cannot specify which server roles you want to upgrade to Exchange 2007 SP1.

To upgrade an existing Exchange 2007 server to Exchange 2007 SP1 from the command line

At a command prompt, connect to the AMD64 or I386 directory of your Exchange 2007 SP1 source, and then run Setup.com /mode:upgrade. Accept all default options when you perform the steps by using the command line.

Performing a Clean Installation of Exchange 2007 SP1

You perform a clean installation of Exchange 2007 SP1 much as you would perform an installation of Exchange 2007 RTM. This is because the Exchange 2007 SP1 updates are rolled directly into the bits of the original release version of Exchange 2007. Both the high-level deployment procedures and the specific installation steps are the same. The steps that you must follow will depend on the complexity of the Exchange deployment that you want to create.

Known Issues

In this release of Exchange 2007 SP1, known issues are described in the following sections:

  • Setup   Issues related to Exchange 2007 SP1 Setup.

  • Client Access   Issues related to the Client Access server role

  • Mailbox   Issues related to the Mailbox server role

  • Edge Transport and Hub Transport   Issues related to the Hub Transport and Edge Transport server roles

  • Unified Messaging   Issues related to the Unified Messaging server role

Known Issues in Setup

  • Exchange 2007 SP1 Setup may fail when preparing a domain.

    After you run the Setup /PrepareDomain command in Exchange 2007 SP1, an error message that resembles the following may be logged:

    Directory operation failed on <Domain Name>. This error is not retriable. Additional information: The specified user does not exist.

    This error may appear when you have multiple domains in your Active Directory forest, and you run the Setup /PrepareDomain command in a domain that is not in the same Active Directory site as your forest root domain. For example, this may occur if you run the Setup /PrepareDomain command in a child domain that is in a different Active Directory site than the root domain.

    To resolve this issue, wait for replication between the current Active Directory site and the Active Directory site of the forest root domain, and then run the Setup /PrepareDomain command in the current domain again.

    Note:
    This issue also exists in Exchange 2007 RTM. However, in Exchange 2007 RTM, the error message is different. The error message that you receive when you are running Exchange 2007 RTM resembles the following:

    PrepareDomain for domain <DomainName> has partially completed. Because of the Active Directory Site configuration, you must wait for forest-wide replication to occur, and run PrepareDomain for <DomainName> again.
  • You may receive an "Only build-to-build upgrade mode is available" error message when you try to install Exchange Server 2007 SP1.

    When you run the Setup program to install Exchange 2007 SP1, you may receive the following error message:

    The Exchange binary files are not installed but the backup registry key is present. Only build-to-build upgrade mode is available.

    This issue may occur if the Exchhelp.chm file is missing from the Exchange Server\Bin folder on the Exchange server. To resolve this issue, copy the Exchhelp.chm file from the Exchange 2007 SP1 installation files to the Exchange Server\Bin folder on the server.

    For more information about how to do this, see You Receive a Message That States That Only the Build-Build Upgrade Mode Is Available When You Install Exchange 2007 Service Pack 1.

Known Issues in Client Access

Consider the issues in this section when you install the Client Access server role.

Known Issues in Outlook Web Access

  • The S/MIME feature is supported only for Outlook Web Access Premium users who are running Internet Explorer 7.

  • If you want to let your Outlook Web Access users use the S/MIME feature in Outlook Web Access from a shared computer (for example, a kiosk computer) that is running Windows Vista, you must consider that personally identifiable information about the user can remain in the certificate cache on the shared computer after they log off of Outlook Web Access. This information cannot be used to impersonate the user.

    To make sure that the personally identifiable information is cleared after each Outlook Web Access session on the shared computer, you must modify NTFS file system permissions by running Icals.exe. From a command prompt, run the following command one time using an account that has Administrator privileges on the shared computer:

    Copy Code
    icacls %USERPROFILE%\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates /setintegritylevel L
    
    Icacls.exe is included with the latest service pack of Windows Server 2003. For more information about Icacls.exe, see Microsoft Knowledge Base article 919240, The Icacls.exe utility is available for Windows Server 2003 with Service Pack 2.

Caution:
Although personally identifiable information is also cleared after a session if the Outlook Web Access user runs Internet Explorer by using an account that has Administrator privileges on the shared computer, running Internet Explorer by using an account that has Administrator privileges is generally not recommended.
  • Server-side rules may be deleted in some scenarios when an Exchange client uses both Outlook Web Access and Outlook. Specifically, disabled rules in Outlook may be deleted if an Outlook Web Access user modifies any rule by using Outlook Web Access.

    Note:
    Outlook lets you to create rules and keep them in your configuration in a disabled state. Similarly, Outlook Web Access lets you create rules and leave them in a disabled state if the Client Access server is running Exchange 2007 SP1. To disable a rule, the user clears the check box next to the rule in the provided user interface.
  • Server-side rules that include Unicode characters will not work in some scenarios. The problem may occur if the following conditions are true:

    • An Outlook Web Access client creates or modifies a server-side rule that includes Unicode characters within the rule name, conditions, or exceptions.

    • The user who uses Outlook Web Access to connect to Microsoft Exchange also connects to Microsoft Exchange by using Microsoft Office Outlook 2007 under an operating system that uses a non-Unicode system locale (for example, English).

      In this situation, opening the rule that contains Unicode characters from an Outlook 2007 client that is running the non-Unicode system locale may cause the rule to become corrupted.

  • WebReady Document Viewing in Outlook Web Access does not support the viewing of some features of documents that were created by using the 2007 Microsoft Office release. WebReady Document Viewing enables Outlook Web Access users to view specific types of attachments as HTML. WebReady Document Viewing does not support the viewing of the following features of documents created by using the 2007 Microsoft Office release:

    • SmartArt graphics   SmartArt graphics do not correctly display in Word 2007, Excel 2007, or PowerPoint 2007. Specifically, only the text within those graphics is displayed.

    • Charts   Most chart graphics do not display in Word 2007, Excel 2007, or PowerPoint 2007. However, Base Line Charts do display correctly.

    • Equations   Equations will not display in Word 2007 documents.

    • Shapes   Some shape graphics will not display in PowerPoint 2007 documents.

Known Issues in POP3 and IMAP4

  • Settings for Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4rev1 (IMAP4) are reset to the default settings after you upgrade to Exchange 2007 SP1. For example, the default setting for POP3 protocol logging and IMAP4 protocol logging is that logging is disabled. Therefore, if POP3 protocol logging or IMAP4 protocol logging was enabled when you upgraded to Exchange 2007 SP1, you must reapply those respective settings to resume protocol logging after the Exchange 2007 SP1 installation is complete.

    To keep any POP3 and IMAP4 configuration settings that you have customized, you must reapply the respective configuration settings after you upgrade to Exchange Exchange 2007 SP1. The easiest way to reapply these settings is to back up the respective configuration files before upgrading to Exchange 2007 SP1, upgrade to Exchange 2007 SP1, and then use the configuration information from the backup to reapply the settings. For more information about how to back up and restore POP3 and IMAP4 configuration settings, see POP3 and IMAP4 May Not Work As Expected After You Upgrade to Exchange Server 2007 SP1.

Known Issues in Exchange Web Services

  • Upgrade your Client Access servers in Internet-facing sites to Exchange 2007 SP1 before you upgrade your Client Access servers in sites that do not have Internet connectivity.

    When you upgrade from Exchange 2007 RTM to Exchange 2007 SP1, we recommend that you first upgrade your Client Access servers that reside in Internet-facing sites, and then upgrade your Client Access servers that reside in sites that do not have Internet connectivity. However, because of the new Exchange 2007 SP1 HTTP Proxy feature for Exchange Web Services, requests that are generated by custom applications that use Exchange Web Services and sent to an Exchange 2007 SP1 Client Access server in a site that differs from the mailbox being accessed will no longer be accepted by Exchange Web Services until all Client Access servers inside both Internet-facing sites and internal sites are upgraded to Exchange 2007 SP1.

    To avoid downtime for your custom applications during the upgrade process, make sure that you are using the Autodiscover service so that your users can obtain the appropriate URL for the Client Access servers that are located in the same site as their mailbox. For more information about the Autodiscover service, see White Paper: Exchange 2007 Autodiscover Service in the Exchange 2007 SP1 online Help. For more information about how to use the Autodiscover service in custom applications, see Autodiscover Reference in the Exchange 2007 SDK.

Known Issues in Outlook Anywhere

  • Consider modifying Outlook Anywhere authentication settings after you upgrade to Exchange 2007 SP1.

    In Exchange 2007 RTM, both Basic authentication and NTLM authentication were always enabled on the /rpc virtual directory, even though Outlook 2007 uses only one authentication method, either Basic or NTLM authentication. Additionally, it was not possible configure only a single authentication method, because the Exchange Services Host service would automatically configure both Basic and NTLM authentication methods every 15 minutes.

    For new installations of Exchange 2007 SP1, Outlook Anywhere now lets you choose the authentication methods that will be enabled on the /rpc virtual directory in Internet Information Services (IIS). This means that you can configure the authentication method on the /rpc virtual directory in IIS to be either Basic or NTLM authentication or both authentication methods.

    When you upgrade from an existing Outlook Anywhere topology in Exchange 2007 RTM, both the NTLM and Basic authentication methods will be enabled. However, we recommend that you disable one of the authentication methods by running the Set-OutlookAnywhere cmdlet with the IISAuthenticationMethods parameter.

    For more information, see Set-OutlookAnywhere in the Exchange 2007 Help.

Known Issues in Exchange ActiveSync

  • Exchange ActiveSync may not work for certain users who have mailboxes on computers that are running Exchange Server 2003 if they are configured to synchronize through Client Access servers that are running Exchange 2007 SP1.

    Exchange ActiveSync will not work when the following conditions are true:

    • The user has a mailbox on an Exchange 2003 server.

    • The client is configured to synchronize through a Client Access server that is running Exchange 2007 SP1.

    • The SMTP address built by combining the user's SamAccountName and the default logon domain specified on the /exchange virtual directory of the Exchange Server 2003 mailbox server (for example: <SamAccountName>@default.login.<Domain Name>.com) matches the SMTP address of another user whose mailbox is hosted on a server other than the one with which the user trying to synchronize.

    For information about proxying and redirection, see Understanding Proxying and Redirection in the Exchange 2007 Help.

  • Exchange 2007 SP1 introduces new Exchange ActiveSync policy settings. The policy settings introduced in Exchange 2007 Service Pack 1 require Windows Mobile 6.1, or a later version, or other compatible mobile phone operating systems. Windows Mobile 6.0 and earlier versions only support the Exchange ActiveSync policy settings available in the original release (RTM) version of Exchange 2007. For more information about the additional Exchange ActiveSync policy settings, see New Client Access Features in Exchange 2007 SP1.

Known Issues in Mailbox

Exchange 2007 SP1 Will Not Support the Searching of Content Within Office 2007 Attachments in Messages Until the Respective Office 2007 Search Filters are Available

Because Exchange 2007 SP1 does not include the search filters from the 2007 Microsoft Office release, Exchange 2007 SP1 cannot index Office 2007 attachments in mailboxes. Therefore, users who have mailboxes on Exchange 2007 SP1 Mailbox servers will not be able search their mailboxes for content within Office 2007 attachments in their messages. However, as soon as the Office 2007 search filters are available, installed, and integrated with your Exchange SP1 installations, this search functionality will be supported.

When the Office 2007 filters are publicly released, Microsoft Knowledge Base article 944516, Enabling Exchange Server 2007 to search Office 2007 attachments, will be published. This Knowledge Base article will describe the steps that are required to download and integrate the Office 2007 search filters with Exchange 2007.

Note:
The release date for the Office 2007 filters and for this Knowledge Base article have not been determined. To implement the searching of content within Office 2007 attachments in messages, search the Microsoft Knowledge Base for "944516" periodically until the article is released. Use the information that is provided in the article to enable the feature.

You Must Add the WMI Service to the Firewall Exception List on Mailbox Servers That are Running On the Windows Server 2008 Operating System

If you include the Mailbox server role when you install Exchange 2007 SP1 on a Windows Server 2008 computer, you must add the Windows Management Instrumentation (WMI) service to the firewall exception list. If you do not perform this procedure, you will be unable to remotely create Exchange databases on that Mailbox server.

Note:
Windows Firewall is enabled by default on a computer that is running Windows Server 2008. If you do not have Windows Firewall enabled on your Mailbox servers, you do not have to perform this procedure.

You must perform this procedure after you install the Mailbox server role on a computer that is running the Windows Server 2008 operating system. 

To add the WMI service to the firewall exception list:

  1. In Control Panel, double-click Windows Firewall.

  2. In the Windows Firewall dialog box, click Change Settings.

  3. On the Exceptions tab, under To enable an exception, select this check box, select Windows Management Instrumentation (WMI).

  4. Click OK.

Streaming Backups Are Disabled By Default in SP1

As part of the continuing Microsoft security initiatives, Exchange 2007 SP1 introduces a behavior change that is designed to reduce the attack surface on your Exchange messaging system. This change directly affects remote streaming backups.

In the RTM version of Exchange 2007, remote streaming backup was enabled by default. This default configuration is less secure because it allows anyone in the domain who has sufficient backup rights to back up an Exchange server. Moreover, data that is backed up remotely is not encrypted, and backups are frequently performed over a public, client-accessible network.

In compliance with the Microsoft "Secure by Default" initiative, in Exchange 2007 SP1 the remote streaming functionality is disabled by default. A manual override in the form of the following registry value must be enabled to restore this functionality:

Caution:
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.
Copy Code
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
Name: Enable Remote Streaming Backup
Type: DWORD
Value:  0 = default behavior (remote backup disabled); 1 = remote backup enabled 

There are two cases in which enabling remote streaming backups is required, as follows:

  • Cluster continuous replication (CCR) environments require remote streaming backup for seed operations, for example, when you use the Update-StorageGroupCopy cmdlet.

  • Third-party applications may require remote streaming backup functionality. Contact your application vendor to determine whether the application requires remote streaming backup capabilities.

Important:
This registry key override is for computers that are running Windows Server 2003. Windows Server 2008 does not support remote streaming backup and restore operations.

For information about how to use Backup to back up and restore Microsoft Exchange data, see Using Backup to Back Up and Restore Exchange Data in the Exchange 2007 SP1 online Help.

Known Issues with High Availability Features in Exchange 2007 SP1

The following are known issues with high availability features in Exchange 2007 SP1:

  • The Standby cluster must use the same installation path as the production cluster.

  • The Enable Remote Streaming Backup registry value described earlier must also be configured to enable local streaming restores on clustered mailbox servers.

  • SCR cannot be deployed across multiple operating systems. In Exchange 2007 SP1, the operating system of the SCR source must match the operating system of all SCR targets. Therefore, an SCR source that is running on Windows Server 2003 cannot deploy SCR targets that are running on Windows Server 2008, and an SCR source that is running on Windows Server 2008 cannot deploy SCR targets running on Windows Server 2003.

Known Issues in Transport

Consider the following issues when you upgrade computers that are running the Edge Transport and Hub Transport server roles.

  • Mail may not be correctly delivered if you upgrade your Mailbox servers before you upgrade all Hub Transport servers. To avoid mail delivery issues during the upgrade to Exchange 2007 SP1, upgrade all Hub Transport servers before you upgrade the Mailbox servers.

  • In Exchange 2007 SP1, a change to the EdgeSync credential renewal process requires that all transport servers that participate in the EdgeSync process are running the same version of Exchange 2007. Therefore, if you upgrade any Edge Transport server that has an Edge Subscription or any Hub Transport server in an Active Directory site to which an Edge Transport server is subscribed to Exchange 2007 SP1, you must also upgrade all other transport servers that are part of that Edge Subscription to Exchange 2007 SP1. 

    If you do not upgrade all the Edge Transport servers and all the Hub Transport servers in the Active Directory site to which the Edge Transport servers are subscribed within 15 days of the first upgrade, the next EdgeSync credential renewal process will fail and EdgeSync synchronization will not work. This failure will occur between 15 and 30 days after the first upgrade to Exchange 2007 SP1.

    Therefore, if you create an Edge Subscription in your organization, you must upgrade all the subscribed Edge Transport servers and all the Hub Transport servers in the subscribed Active Directory site within 15 days and not more than 30 days after the first upgrade to Exchange 2007 SP1. If you do not complete the upgrade of these servers within 15 days, the current EdgeSync credentials will expire and EdgeSync synchronization will stop working.

  • In Exchange 2007 SP1, journal reports that are sent outside the Exchange 2007 organization are sent by using the mail format settings that are configured in your organization. By default, these settings are set to MIME in Exchange 2007 SP1, unlike the RTM version of Exchange 2007 in which journal reports sent outside the Exchange 2007 organization are sent in TNEF format only.

    After you upgrade to Exchange 2007 SP1, if you want to continue to send messages in TNEF format to recipients outside the Exchange 2007 organization, you must manually configure the mail-enabled contact to send messages in TNEF format. Or, you can use remote domains to control the mail format settings. For more information, see TNEF Conversion Options in the Exchange 2007 Help file.

Known Issues in Unified Messaging

Consider the following issues when you upgrade Unified Messaging servers that are running the RTM version of Exchange 2007 to Exchange 2007 SP1.

Important:
To successfully integrate your Unified Messaging servers with Microsoft Office Communications Server 2007, you must understand and follow the planning and deployment information that is provided in the following documents at the Microsoft Download Center:

The following are known issues when your Exchange 2007 Unified Messaging environment includes Exchange 2007 SP1. You must consider these issues even if Unified Messaging is not interoperating with Communications Server 2007:

  • Before you upgrade any localized builds of Exchange 2007 RTM to Exchange 2007 SP1, you must first uninstall any localized Unified Messaging language packs. For example, if you have a computer that has the German version of the Exchange 2007 Unified Messaging server role installed, both the English and the German language packs are installed on that server. You must uninstall the German language pack before you upgrade to Exchange 2007 SP1. For information about how to remove an Exchange 2007 language pack, see How to Remove a Unified Messaging Language Pack from a Unified Messaging Server in the Exchange 2007 Help. To ensure that the upgrade is successful, you must perform the following steps:

    1. Before you perform the upgrade to Exchange 2007 SP1 on the Unified Messaging server, remove all language packs that are installed on the server that you will be upgrading to SP1. However, do not remove the en-US UM language pack from the Unified Messaging server.

    2. Install Exchange 2007 SP1 on the Unified Messaging server.

    3. When you install Exchange 2007 SP1 on a localized version of Windows Server 2003, the Unified Messaging language pack in the same language will be installed by default as a part of the upgrade process. After you install Exchange 2007 SP1, you must manually configure the default language on each dial plan. For information about how to configure language packs, see How to Configure a Unified Messaging Dial Plan with a Default Language in the Exchange 2007 Help.

  • If you are using mutual TLS or if you are integrating Exchange Unified Messaging with Office Communications Server 2007, you must deploy the Exchange 2007 SP1 Unified Messaging server role on a dedicated computer.

    Installing other Exchange 2007 server roles on the same computer as the computer on which the Unified Messaging server role is installed may cause the Microsoft Exchange Unified Messaging service to choose the incorrect certificate and be unable to use mutual TLS to encrypt traffic. This occurs because of limitations related to the subject alternative names found in certificates.

  • Unified Messaging configuration files are overwritten during the Exchange 2007 SP1 upgrade process.

    During the installation of Exchange 2007 SP1, all Unified Messaging configuration data is overwritten. Unified Messaging editable configuration data is contained in the following files: Globcfg.xml and UMRecyclerConfig.xml.

    If you are upgrading the RTM version of Exchange 2007 to Exchange 2007 SP1, we recommend that you archive the Globcfg.xml and UMRecyclerConfig.xml files before you install Exchange 2007 SP1. Referring to these configuration files from Exchange 2007 RTM may help as you perform deploy or administer Exchange 2007 SP1.

    To archive the Globcfg.xml and UMRecyclerConfig.xml configuration data files, do the following:

    1. Locate the Globcfg.xml and UMRecyclerConfig.xml files in the \bin folder in the directory in which you installed Exchange 2007. The default location is C:\Program files\Microsoft\Exchange Server\bin.

    2. Copy the files to an archive location that will not be overwritten when you install Exchange 2007 SP1.

    3. Rename the files. For example, rename the files to Globcfg_OLD.xml and UMRecyclerConfig_OLD.xml.

  • The Microsoft Exchange Unified Messaging service will not start after you upgrade to Exchange 2007 SP1 if you have manually configured the RecordingIdleTimeout parameter to a value larger than 10. The RecordingIdleTimeout parameter determines the number of seconds of silence that the system allows when a voice message is being recorded before the call is ended. The default value for the RecordingIdleTimeout parameter is 5 seconds. Although the supported range for this parameter was 2 to 16 seconds for the RTM release of Exchange 2007, the supported range for this parameter in Exchange 2007 SP1 is 2 to 10 seconds.

    If you have manually configured the RecordingIdleTimeout parameter to a value larger than 10, use the Set-UMDialplan cmdlet in the Exchange Management Shell to change the value to between 2 and 10. For more information, see Set-UMDialplan.

  • You cannot request a certificate by using the Windows Server 2003 Certificate Services Web enrollment pages on a Windows Server 2008 computer if the certification authority is running on Windows Server 2003 Service Pack 1 (SP1) or Service Pack 2 (SP2).

    Exchange 2007 SP1 will be supported on both Windows Server 2003 and on Windows Server 2008. The Unified Messaging server role in Exchange 2007 SP1 is not supported on beta builds of Windows Server 2008 in a production environment. However, this release note applies to cases in which the Unified Messaging server role in Exchange 2007 SP1 is installed on a beta version of Windows Server 2008 in a nonproduction lab environment.

    The Unified Messaging server role in Exchange 2007 supports the Transport Layer Security (TLS) protocol. In this context, both self-signed certificates and certificates that are signed by a certification authority (CA) are supported.

    If the CA is running on Windows Server 2003 SP1 or SP 2, a certificate cannot be requested from a Windows Server 2008 computer by using the Certificate Services Web enrollment pages. The Windows Server 2003 Certificate Services Web enrollment functionality relies on an ActiveX control that is named Xenroll. This ActiveX control is available in Microsoft Windows 2000 Server and in later versions of Windows Server. However, Xenroll has been deprecated. For more information, see Microsoft Knowledge Base article 922706, How to use Certificate Services Web enrollment pages together with Windows Vista.

  • Federal Information Processing Standards (FIPS) support in Exchange Unified Messaging SP1.

    The National Institute of Standards and Technology (NIST) issues standards and guidelines that are known as FIPS. FIPS are standards that are either recommended or mandated for use in IT systems that are operated by the United States federal government. FIPS 140-2 is a statement of the Security Requirements for Cryptographic Modules. It specifies which encryption algorithms and which hashing algorithms can be used and how encryption keys are to be generated and managed. Unified Messaging in Exchange 2007 SP1 can be configured and run in a way that is compliant with FIPS 140-2. To do this, you must install the Unified Messaging server role on an operating system that is FIPS 140-2-certified. Windows Server 2003 is FIPS 140-2 certified.

    For the Exchange 2007 SP1 release, enabling FIPS on the Windows Server 2003 computer that is running the Unified Messaging role is supported only when Unified Messaging is interoperating with Communications Server 2007. Enabling FIPS when Unified Messaging interfaces with IP gateways or IP PBXs is not supported in Exchange 2007 SP1.

The following known issues are only applicable when your environment includes Exchange 2007 SP1 interoperating with Office Communications Server 2007:

  • The only environments that are supported are environments that are running Exchange 2007 SP1 and Communications Server 2007.

  • A/V Authentication Service configuration with regard to outbound calls

    When Unified Messaging and Communications Server 2007 are installed together and Interactive Connectivity Establishment is configured in the topology, Unified Messaging traffic may flow through the A/V Edge server if the Communications Server 2007 endpoint is located outside the firewall. For this to occur, Exchange 2007 Unified Messaging must obtain a token from the A/V Authentication Service that is servicing the corresponding Communications Server 2007 pool. The A/V Authentication Service is a Communications Server 2007 service that runs on the A/V Edge server. Exchange 2007 Unified Messaging receives the A/V Authentication Service token at the time that it receives the first inbound call from that Communications Server 2007 pool. This implies that outbound calls (including Play-on-Phone calls to either listen to a voice message, listen to an Out of Office or regular greeting, or to change an Out of Office or regular greeting) to Communications Server 2007 endpoints that are located outside the firewall through a particular Communications Server 2007 server will succeed as long as an inbound call (from inside or outside the firewall) has been received from that particular Communications Server 2007 pool.

    To minimize or eliminate the probability that any outbound calls to outside the firewall will fail, we strongly recommend that you associate each UM dial plan with multiple Communications Server 2007 pools. These Communications Server 2007 pools appear as UM IP Gateway objects.

    Also, for each dial plan, enable only one of these UM IP Gateway objects for outbound calls. The UM IP Gateway object that you select for outbound calls should be the one from which maximum incoming calls are expected. This will ensure that, before an outbound call to a Communications Server 2007 endpoint outside the firewall is made through a specified IP gateway, an inbound call will likely have been received. If an inbound call has been received, Unified Messaging will have the A/V Authentication Service token from the A/V Edge server that is servicing the specified Communications Server 2007 pool and the outbound call will be successful.

    By default, outbound calling is enabled from each UM IP Gateway object. Outbound calling through an IP gateway can be disabled from the Exchange Management Shell by running the following command: Set-UMIPGateway <IP gateway name> -OutcallsAllowed $false. Or, you can disable a UM IP Gateway object in the Exchange Management Console, as follows:

    1. Open the UM IP Gateway object properties.

    2. On the General tab, clear the Allow outgoing calls through this UM IP gateway check box.

  • When your environment includes Exchange 2007 SP1 interoperating with Communications Server 2007, the Test-UMConnectivity cmdlet will work only if you run it from the Unified Messaging server.

    The Test-UMConnectivity cmdlet works only from the Unified Messaging server because Communications Server 2007 can only interface with a computer with which it has a trust relationship. When Unified Messaging interfaces with Communications Server 2007 and the Test-UMConnectivity cmdlet is used, the call goes to the Office Communications Server 2007 computer and comes back to the Unified Messaging server. It does not touch the Public Switched Telephone Network (PSTN) network.

    Note:
    In Unified Messaging environments where the Unified Messaging server interfaces with a Session Initiation Protocol (SIP) gateway or an IP PBX, the Test-UMConnectivity cmdlet can be run from any computer that has the Exchange administrator tools installed.
    For more information about the Test-UMConnectivity cmdlet, see Test-UMConnectivity in the Exchange 2007 Help.

  • Voice mail messages that are located in the Outlook voice mail search folders named "Voice Mail" cannot be accessed after you upgrade to Exchange 2007 SP1.

    If a user had a search folder named "Voice Mail" before they were enabled for Unified Messaging on Exchange 2007 SP1, they will be unable to see their voice mail messages that were created by Unified Messaging when they click that search folder in Outlook.

    To work around this, the user must delete or rename the old search folder and then log on through Outlook Voice Access. If the user uses Cached Exchange Mode in Outlook, they may have to restart Outlook with the /cleanfinders switch before logging on through Outlook Voice Access.

  • When your environment includes Exchange 2007 SP1 interoperating with Communications Server 2007, the Unified Messaging server can use a Communications Server 2007 user attribute to resolve caller IDs to a user name. This is useful when a user in one dial plan calls a user in another dial plan. The attribute is called msRTCSIP-Line and belongs to the Active Directory schema installed by the Communications Server 2007 computer. To enable this call resolution feature, the Unified Messaging server must have at least read rights to that attribute. Because the Unified Messaging server runs from the LocalSystem account, the Active Directory computer object for the Unified Messaging server must be granted at least read access to the msRTCSIP-Line attribute on all the Unified Messaging and Communications Server 2007 user objects in Active Directory.

Outlook Web Access Client Features

This section of the release notes is provided to help you use Outlook Web Access client features in Exchange 2007 SP1. This client information is not published in the Exchange 2007 SP1 Help.

Outlook Web Access (General)

Personal distribution lists   This feature enables Outlook Web Access clients to create new personal distribution lists and edit existing ones.

To create a new personal distribution list:

  1. On the Outlook Web Access toolbar, click the arrow to the right side of the New button, and then click Distribution List.

  2. In the Untitled Distribution List dialog box, in List Name, type a name for the distribution list.

  3. In the Members text box, type the name of the user who you want to add, and then click Add to List. Or, you can click Members, and then use the Address Book dialog box to specify the members that you want to add.

To edit or send e-mail to an existing personal distribution list:

  1. Click Address Book on the Outlook Web Access toolbar.

  2. In the Address Book dialog box, under Contacts, click Distribution Lists, and then do one of the following:

    • To edit a distribution list, select the list that you want, and then click Edit.

    • To send e-mail to a distribution list, select the personal distribution list to which you want to send a message, and then click New Message at the top of the Address Book dialog box.

Users create and edit server-side rules   This feature enables Outlook Web Access users to create and edit server-side rules.

To create a new server-side rule or edit an existing rule:

  1. On the Outlook Web Access toolbar, click Options, and then click Rules.

  2. Use the user interface that is provided to create new rule or edit existing rules. For more information about the limitations of this feature in Exchange 2007 SP1, see "Known Issues in Outlook Web Access" earlier in this document.

The 2007 Microsoft Office system file format converter   This feature enables Outlook Web Access users to view the most common 2007 Microsoft Office system file attachments as HTML documents. Converting file formats works for Microsoft Office Word 2007 (.docx), Microsoft Office Excel 2007 (.xslx), and Microsoft Office PowerPoint 2007 (.pptx) file types.

To open an Office 2007 attachment as an HTML document:

  1. Locate the message that contains the attachment that you want to view.

  2. On the message, under Attachments, click Open as a Web page.

Deleted item recovery   This feature enables Outlook Web Access users to recover items that have been deleted from the Deleted Items folder. Recovered items will be moved back to the user's Deleted Items folder.

To recover a deleted item:

  1. On the Outlook Web Access toolbar, click Options, and then click Deleted Items.

  2. Select the item or items that you want to recover, and then click Recover to Deleted Items Folder.

  3. Use the provided user interface to recover selected items to the Deleted Items folder. After the process is complete, a confirmation message will appear at the top of the page that states The recovery was successful.

Public folders   This feature enables Outlook Web Access users to access, post, post a reply to, and search public folders.

To access public folders:

  1. In the navigation pane, click Public Folders. The public folder hierarchy replaces the user's mailbox hierarchy and is displayed in the navigation pane.

  2. After the public folder hierarchy is displayed, users can do the following:

    • Post to a public folder   To do this, locate the folder that you want, and then, on the Outlook Web Access toolbar, click New. Type the message that you want to post, and then click Post.

    • Post reply to an existing post   To do this, select the message to which you want to post a reply, and then click Reply.

    • Browse and create appointments in calendar public folders   To do this, locate the calendar that you want to edit, and then create appointments or perform other calendar tasks in the same manner as you would in a private calendar.

    • Search the public folder hierarchy   To do this, click the Search button on the toolbar to show the Search window. You may have to widen the list of items in the public folder to see the Search button. Use the available options to specify the criteria that you want to use for the search. In the user interface below where you configured your search criteria, click Search to start the search.

      When you use Outlook Web Access to search public folders, the search engine does not perform full-text searches of documents and attachments in public folders. Full-text indexing is not implemented in public folders.

Outlook Web Access S/MIME

Secure/MIME (S/MIME) is the Exchange 2007 SP1 feature that enables Outlook Web Access users to read and compose messages that are digitally signed or encrypted.

To install the S/MIME control:

  1. On the Outlook Web Access toolbar, click Options, and then click E-mail Security.

  2. On the E-mail Security page, click Download the Outlook Web Access 2007 S/MIME control.

After you install the S/MIME control, the following features with specific limitations are supported in Exchange 2007 SP1. For more information about the limitations of the S/MIME control and the features that are associated with it, see "Known Issues in Outlook Web Access" earlier in this document.

Read signed and encrypted e-mail   After a user installs the S/MIME control, they can open and then read signed or encrypted e-mail messages and see the security settings for the messages. The security settings for a secure message are displayed in the infobar at the top of the message.

Compose and send signed or encrypted messages   After you install the S/MIME control, all mail messages will be composed in the S/MIME form. The form resembles the non-S/MIME form, except for two new buttons that enable the user to sign and encrypt messages. If you pause on the button to sign a message, the tooltip that appears says Add a digital signature to this message. If you pause on the button to encrypt a message, the tooltip that appears says Encrypt message contents and attachments.

To send a signed or encrypted message:

  1. Open and then compose a new message.

  2. Sign or encrypt the message by using the appropriate button on the message form's toolbar, and then click Send.

Or, you can sign or encrypt the message by using the Message Options dialog box, as follows:

  1. Open a new message, and then click Options.

  2. In the Message Options dialog box, configure secure message options and other options that you want to apply to the message.

Reinstall the S/MIME control   After you install the S/MIME control, the E-mail Security page provides an option for you to reinstall the S/MIME control.

To reinstall the S/MIME control:

  1. Click Options, and then click Secure E-mail.

  2. On the E-mail Security page, click Reinstall the Outlook Web Access S/MIME control.

Configure the default settings for outgoing messages   After the S/MIME control has been installed, you can configure the default S/MIME security options for outgoing messages. By default, outgoing messages are not signed or encrypted.

To change the default secure message options:

  1. On the E-mail Security page, click Encrypt contents and attachments of all outgoing messages or Add digital signature to all outgoing messages.

  2. After you select the settings that you want, click Save.

Legal Notice

This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2007 Microsoft Corporation. All rights reserved.

Microsoft, MS-DOS, Windows, Windows Media, Windows Mobile, Windows NT, Windows PowerShell, Windows Server, Windows Vista, Active Directory, ActiveSync, Entourage, Excel, Forefront, Internet Explorer, Outlook, PowerPoint, SharePoint, SmartScreen, Visual Basic, Xbox, Xbox 360, the Xbox sphere logo, Zune and the Zune logo are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.

"Portions Copyright © 2006 World Wide Web Consortium, (Massachusetts Institute of Technology, Institut National de Recherche en Informatique et en Automatique, Keio University). All Rights Reserved. http://www.w3.org/Consortium/Legal/"

WebReady Document Viewing technology: Outside In® HTML Export © 1991-2006 Stellent Chicago, Inc. All rights reserved.

Danish speller: Copyright © Lingsoft, Inc. 2005.

Two-Level Compiler: Copyright © Xerox Corporation 1994.

All rights reserved.

Dansk stavekontroll: Copyright © Lingsoft Ab 2005.

Two-Level Compiler: Copyright © Xerox Corporation 1994.

Alle rettigheder forbeholdt.

German speller: Copyright © Lingsoft, Inc. 2005.

Two-Level Compiler: Copyright © Xerox Corporation 1994.

All rights reserved.

Deutsche Rechtschreibprüfung: Copyright © Lingsoft, Inc. 2005.

Two-Level Compiler: Copyright © Xerox Corporation 1994.

Alle Rechte vorbehalten.

Norwegian (bokmål) speller: Copyright © Lingsoft, Inc. 2005.

Norwegian works: Copyright © J. W. Cappelens Forlag A·S 1996, 1997:

Norsk ordbok: Bokmål: Copyright © J. W. Cappelens Forlag A·S 1996.

CAPLEX: Copyright © J. W. Cappelens Forlag A·S 1997.

Two-Level Compiler: Copyright © Xerox Corporation 1994.

All rights reserved.

Norsk (Bokmål) stavekontroll: Copyright © Lingsoft Ab 2005.

Norske verk: Copyright © J. W. Cappelens Forlag A·S 1996, 1997:

Norsk ordbok: Bokmål: Copyright © J. W. Cappelens Forlag A·S 1996.

CAPLEX: Copyright © J. W. Cappelens Forlag A·S 1997.

Two-Level Compiler: Copyright © Xerox Corporation 1994.

Alle rettigheter forbeholdt.

Norwegian (nynorsk) speller: Copyright © Lingsoft, Inc. 2005.

February 1998 electronic version of Nynorskordboka: Copyright © University of Oslo and The Norwegian Language Council 1998.

Two-Level Compiler: Copyright © Xerox Corporation 1994.

All rights reserved.

Norsk (nynorsk) stavekontroll: Copyright © Lingsoft Ab 2005.

Februar 1998 elektronisk versjon av Nynorskordboka: Copyright © Universitetet i Oslo og Norsk Språkråd 1998.

Two-Level Compiler: Copyright © Xerox Corporation 1994.

Dei nemnde rettshavarane har alle rettar.

Finnish speller: Copyright © Lingsoft, Inc. 2005.

Two-Level Compiler: Copyright © Xerox Corporation 1994.

All rights reserved.

Suomen oikeinkirjoituksen tarkistus: Copyright © Lingsoft Oy 2005.

Two-Level Compiler: Copyright © Xerox Corporation 1994.

Kaikki oikeudet pidätetään.

Swedish speller: Copyright © Lingsoft, Inc. 2005.

Two-Level Compiler: Copyright © Xerox Corporation 1994.

All rights reserved.

Svensk stavningskontroll: Copyright © Lingsoft Ab 2005.

Two-Level Compiler: Copyright © Xerox Corporation 1994.

Alla rättigheter förbehålles.

"Portuguese Spell Checker © 1995-2005 Priberam Informática, Lda. All rights reserved."

Revisor Ortográfico e Hifenização para Língua Portuguesa, Versão 8, Itautec Philco SA, 2004

Tesauro para Língua Portuguesa, Versão 8, Itautec Philco SA, 2004

Revisor Gramatical para Língua Portuguesa, Versão 8, Itautec Philco SA, 2004

Speller for Brazilian Portuguese, Version 8, Itautec Philco SA, 2004

Controllo ortografico (con tecnologia Cogito) © 1994-2006 Expert System Modena. Tutti i diritti riservati.

Spelling checker (with Cogito technology) © 1994-2006 Expert System Modena. All rights reserved.

Hebrew Speller ©2005 Melingo. All rights reserved.

Outside In® HTML Export Version 8.0 Copyright © Stellent Chicago Sales, Ins.