It's been a little over a month (where does the time go?) since Exchange Server 2003 SP2 was released. Now that I've deployed it to a few systems, I wanted to take a moment to share some of the potential snags and gotchas you might encounter as you're looking at deploying SP2.
As always, you need to read the release notes carefully. And of course you would never think about performing na upgrade of your Exchange servers until you've performed a full backup of all servers, just to give yourself a fallback position.
Note: you should also perform another full backup -- Exchange databases, system state, system and boot partitions -- after applying the service pack. If you have to recover later, this at least gives you a post-upgrade recovery point so you don't have to further clutter up a bad day by doing the upgrade again. As a personal note of karma, the only times I've had a service pack application go badly were the times I didn't perform a backup first. So learn from me and don't forget the backups; your Exchange karma may smile more kindly upon you.
As always, SP2 is a cumulative release. You can apply it on top of SP1 or the release version of Exchange. You can also apply it on top of the Community Technology Preview (CTP) version of SP2 -- and you should, since the CTP release was only supported for evaluation purposes and has expired.
Without further ado, let me share the potential roadbumps I've found so far.
Deployment:
- Don't apply SP2 unless your servers are running Windows 2000 Server SP4 or Windows Server 2003. If you are running Windows Server 2003, Microsoft recommends that you install Windows 2003 SP1 first; it is required if you want the SMTP tarpitting feature to work.
- Upgrade all of your front-end servers before upgrading your back-end servers.
- If you have NLB front-end server clusters, you should try to take all servers in the cluster offline, upgrade them all, then bring the cluster back online at the same time. This prevents mobile clients from having synchronization key errors. If you can't do this, your mobile users will see these errors during the transition period until all of your load-balanced front-end servers are upgraded.
- If your server is running Windows 2003 SP1 or has security update MS05019 installed, you need to install fotfix 898060, Installing security update MS05-019 or Windows Server 2003 Service Pack 1 may cause network connectivity between clients and servers to fail.
- If you plan to use Sender ID filtering, apply hotfix 905214, Windows Server 2003 may stop responding when you enable Sender ID filtering on an SMTP virtual server in Exchange Server 2003 SP2. You'll need to contact PSS to get the hotfix; it's not available for download. If you need the Windows 2000 version, you'll need to contact your Microsoft account rep.
- You can use Sender ID filtering even if the Exchange server is not the initial server to handle incoming mail for your organization. If you are using Sender ID to reject messages, be aware this may cause an additional queue load on your gateway server.
- If you have Entourage users in your organization, SP2 contains the fix for the Exchange permissions issue fixed by Entourage 2004 SP2. The required server-side hotfix is included in SP2, so if you have been waiting to deploy the Entourage service pack, updating to Exchange 2003 SP2 removes this roadblock.
- With the release of SP2, Microsoft now has a Support policy for Exchange Server 2003 running on hardware virtualization software.
Intelligent Message Filter:
- Intelligent Message Filter (IMF) v2 is now included in SP2 and replaces the version that is separately downloadable. If you have IMF v1 installed, the installer will flag it and you must uninstall it before installing SP2.
- Once you've installed SP2, do not install IMF v1 again.
- After SP2 is installed, IMF will not be enabled. You should manually enable it on each virtual server that you will be running it on. Do this as soon as possible to minimize the window during which spam filtering will be offline.
- IMF cannot be run on Exchange servers in a clustered configuration. It can be installed on NLB clusters deployed as front-end servers or SMTP gateways.
- IMF reqiures the presence of the Cn=UCE Content Filter,cn=Message Delivery,cn=Global Settings,cn=<organization name>,cn=Microsoft Exchange,cn=Services,cn=configuration,dc=<root domain> container within Active Directory. Your first upgrade to SP2 requires you to have either the Exchange Full Administrator or the Exchange Administrator role at the organization level so that the installer can create this container if it doesn't already exist (it won't exist yet if this is your first installation of any version of IMF). Once the container is present, further upgrades only required a more restricted permission set (the Exchange Administrator role at the administrative group or higher).
- IMF requires the presence of the HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter registry key for certain advanced functions. This key only exists if you previously had IMF v1 installed. If it is not present, create it manually and restart the SMTP service to enable the extended functionality.
- IMF v2 introduces the Custom Weighting feature, which allows you to fine-tune the IMF by adding entries to an XML file. These entries define phrases in the subject or body of the incoming messages. The release notes contain more instructions on how to use this feature, as well as an example XML file.
Storage:
- There's been a lot of talk about how SP2 increases the maximum database limit for Standard Edition from 16GB to 75GB. This doesn't happen automatically (and for good reason; in many deployments, the drive that hosts the database files is smaller than 75GB, so automatically increasing the limit could result in Exchange exhausting available hard drive space. The Exchange Team Blog has More details on Standard DB limit size increase in Exchange 2003 SP2.
Mobility:
- In order to change the membership of the policy exemption list, your administrators should be a member of the Account Operators group.
- The Direct Push functionality requires longer firewall timeouts for connections to the Exchange server; Microsoft recommends a minimum of 15 minutes.
I hope this helps you have a straightforward upgrade to SP2.