Deploying Exchange Server 2007 Service Pack 3

by [Published on 21 Sept. 2010 / Last Updated on 21 Sept. 2010]

Installing Exchange Server 2007 Service Pack 3 on Windows Server 2008 R2, and Windows 7. We will also check out a new feature that allows you to change users’ expired passwords through OWA.

Introduction

Microsoft has just released Exchange Server 2007 Service Pack 3, and in this new release the product expands its support to new operating systems, namely; Windows Server 2008 R2 and Windows 7 whilst also introducing a feature that was only available for customers using ISA Server (Change Expired Passwords Feature) before.

This article is aimed at demonstrating the new features and capabilities of Service Pack 3. If you want to upgrade to Service Pack 3 you can follow the same procedures of this MSExchange.org article.

A few key points that you should keep in mind before installing Service Pack 3 are:

  • If you have SCOM on the Exchange Server computer, you can save a restart after installing SP3 just by stopping the SCOM Health Service first. If you want to user PowerShell, you can use; Stop-ServicehealthService. Don’t forget to put your Server in maintenance mode during the process.
  • If Service Pack 3 is installed manually a restart is not required. However, if it is installed by Microsoft Update then a restart will be required.
  • ForeFront Security for Exchange Server RTM is not supported alongside Service Pack 3. You can upgrade your ForeFront prior to the Service Pack or remove it.
  • All ForeFront services must be stopped before running the Service Pack 3 setup program.

Within Service Pack 3 we have other improvements, such as: Schema Changes, Search Functionality upgrade, support for right-to-left languages in the Transport Rules where now the text written on those languages is shown properly in Outlook.

One last thing before checking out some of the new features in this article, here is the link where you can find the Service Pack 3 download, in case you need it. 

Installing Exchange Server 2007 on Windows Server 2008 R2

If your company is moving towards Windows Server 2008 R2 and you still have to support and maintain Exchange Server 2007 you could use Service Pack 3 to start deploying new Exchange Server 2007 on the new operating system besides of the regular reason of installing a Service Pack.

In order to install Exchange Server 2007 SP3 on top of Windows Server 2008 R2 you have to make sure that is a new installation. You may be thinking that if you upgrade Exchange Server 2007 SP3 on a Windows Server 2003 and afterwards upgrade to Windows Server 2008 R2 it would work, well the answer is simple: no! Keep it simple and start from scratch on your new Windows Server 2008 R2. If you have a single server or just want to move away from Windows Server 2003/2008 you could just install a new server and start moving objects and Exchange settings (OAB, Public Folders and etc).

When we run the setup from Exchange Server 2007 SP3 on a Windows Server 2008 R2, all additional software portions are built-in automatically on the Operating System (Figure 1), so we just need to start the installation process by clicking on Step 5: Install Microsoft Exchange Server 2007 SP3.


Figure 1

The installation is pretty straight forward and depending on the role that you choose some Windows Server features will be required and they will be displayed during the readiness check portion of the setup.

Since we are using Windows Server 2008 R2 now we can take advantage of the Add-WindowsFeature cmdlet to add Windows features to the current operating system we will be using a simple script to install those features based on the server role. The script was created based on a prerequisite installation script that was developed initially for Exchange Server 2010 RTM and the original script was created by Pat Richards, Bhargav Shukla and myself actually they have done all hard work and cool features! The current version of the script is 2.0 and you can check this out here.

The script created for this article is really simple and it’s just to save us some time to install all OS prerequisites required by Exchange Server 2007 SP3 on top of Windows Server 2008 R2, basically just run ./Ex2007sp3-prereqs.ps1 and we will be able to select which role we will be installing (Figure 2), and after that just start the Installation process and you won’t be stopped at Readiness Check.


Figure 2

The script was created using a hit and miss strategy. Basically, what I did was to select which role to install and have all missed components displayed by the Readiness page. The script source code is displayed below:

if (-not((Get-WMIObject win32_OperatingSystem).OSArchitecture -eq '64-bit') -and (Get-WMIObject win32_OperatingSystem).Version -eq '6.1.7600'){
       Write-Host "This script requires a 64bit version of Windows Server 2008 R2, which this is not." -ForegroundColor Red -BackgroundColor Black
       Exit
}
Import-Module ServerManager
$opt = "None"
Do { 
       clear
       if ($opt -ne "None") {write-host "Last command: "$opt -foregroundcolor Yellow}
       write-host
       write-host Exchange Server 2007 Sp3 on Windows Server 2008 R2- Prerequisites script
       write-host Please, select which role you are going to install..
       write-host
       write-host '1) Hub Transport'
       write-host '2) Client Access Server'
       write-host '3) Mailbox'
       write-host '4) Unified Messaging'
       write-host '5) Edge Transport'
       write-host '6) Typical (CAS/HUB/Mailbox)'
       write-host '7) Client Access and Hub Transport'
       write-host
       write-host '8) Restart the Server'
       write-host '10) Quit'
       write-host
       $opt = Read-Host "Select an option.. [1-10]? "
       switch ($opt)    {
              1 { Add-WindowsFeature RSAT-ADDS,Web-Metabase,Web-Lgcy-Mgmt-Console; $opt=10}
              2 { Add-WindowsFeature RSAT-ADDS,Web-Server,Web-Metabase,Web-Lgcy-Mgmt-Console,Web-Dyn-Compression,Web-Windows-Auth,Web-Basic-Auth,Web-Digest-Auth,RPC-Over-HTTP-Proxy; $opt=10}
              3 { Add-WindowsFeature RSAT-ADDS,Web-Server,Web-ISAPI-Ext,Web-Metabase,Web-Lgcy-Mgmt-Console,Web-Basic-Auth,Web-Windows-Auth; $opt=10 }
              4 { Add-WindowsFeature RSAT-ADDS,Web-Metabase,Web-Lgcy-Mgmt-Console,Desktop-Experience; $opt=10 }
              5 { Add-WindowsFeature RSAT-ADDS,ADLDS; $opt=10 }
              6 { Add-WindowsFeature RSAT-ADDS,Web-Server,Web-Metabase,Web-Lgcy-Mgmt-Console,Web-Dyn-Compression,Web-Windows-Auth,Web-Basic-Auth,Web-Digest-Auth,RPC-Over-HTTP-Proxy; $opt=10}
              7 { Add-WindowsFeature RSAT-ADDS,Web-Server,Web-Metabase,Web-Lgcy-Mgmt-Console,Web-Dyn-Compression,Web-Windows-Auth,Web-Basic-Auth,Web-Digest-Auth,RPC-Over-HTTP-Proxy; $opt=10 }
              8 { Restart-Computer }
              10 {break}
              default {write-host "You haven't selected any of the available options. "}
       }
 }
while ($opt -ne 10)

Installing Exchange Management Tools on Windows 7

This new release allows us to install Exchange Management Console and Exchange Management Shell on Windows 7. By default Windows 7 already has PowerShell installed, we just need to install some prerequisites on the Operating System and we are good to go. In this article we are going to use a fresh installation of Windows 7 Enterprise and after running the setup.exe of Service Pack 3 we will see the main installation wizard page, as shown in Figure 3, you will notice that the first 4 steps are already included which means that any additional software is required.


Figure 3

Before going any further we need to install some windows features required to install Exchange Management Tools. We could install such features either using windows GUI (Start, Control Panel, Programs, and then Turn Windows Features on or off), as shown in Figure 4. The two Windows Features required are IIS 6 Management Console and IIS Metabase and IIS 6 configuration Compatibility.


Figure 4

If you want to automate the installation process you could use a couple of options on Windows 7, such as; OCSetup or dism.exe. We are going to use dism.exe on this article to automate the process. This utility is mainly used to manage Windows 7 images but there is a switch /online which allows us to play with the current Operating System features and/or packages.

We can use the following lines to install all prerequisites and avoid any Error during Exchange Setup Readiness Check page, we could also save it as .BAT or .CMD file to automate even more the process.

dism.exe /online /enable-feature /Featurename:IIS-WebServerRole
dism.exe /online /enable-feature /Featurename:IIS-WebServerManagementTools
dism.exe /online /enable-feature /Featurename:IIS-IIS6ManagementCompatibility
dism.exe /online /enable-feature /Featurename:IIS-Metabase
dism.exe /online /enable-feature /Featurename:IIS-LegacySnapIn

After using either of the methods that we have just seen to install the prerequisites, we can go ahead with the installation process. In the Installation Type page we have to select Custom Exchange Server Installation (as shown in Figure 5), and then just select Management Tools (Figure 6) and continue using default settings to complete the installation process.


Figure 5


Figure 6

Allowing end-users to change their expired passwords using OWA (Outlook Web Access)

Now that we went through the process of installing Exchange Management Tools on Windows 7 and also on Windows Server 2008 R2, we can check one of the new features introduced in this new release which is the Exchange Server 2007 SP3 Password Reset Tool.

This tool is only for Exchange Server 2007 using IIS 7.x because SP3 creates a new module for that purpose on IIS 7 only. Bear in mind that this feature is only for the Client Access Server roles, if you have a NLB make sure to enable all of them with the steps that we will list in this article.

Before explaining the feature let's understand the context where this new feature can help the end-users. Basically when we create a new user or when a user password is reset and the option User must change password at next logon is selected (Figure 7), if the user tries to log on using OWA the user will receive the following error message: The user name or password that you entered is not valid. Try entering it again.

http://www.andersonpatricio.org/Tutoriais/Exchange2007/ap991_02.png
Figure 7

If you have ISA Server in order to publish your OWA you may not need to change anything since ISA has this feature built-in to fix the issue described previously. However, if you don’t have ISA, you have to publish Exchange Server using a different firewall make sure that the internal OWA is able to change expired passwords, then this new feature will help you.

Note:
If you are an ISA customer and want to validate if you are using a similar feature, this page can help you out. 

Okay, let’s go to the fun stuff. In order to enable OWA to change expired passwords, we can use the following steps:

  1. Logged on the Client Access Server
  2. Click on Start, Run and type in regedit and click on OK
  3. Expand HKEY_LOCAL_Machine
  4. Expand System
  5. Expand CurrentControlSet
  6. Expand Services
  7. Click on MSExchange OWA
  8. Right-click on the right side, and click on New  and then DWORD (32 bit) value
  9. Let’s name the key as ChangeExpiredPasswordEnabled and its value will be 1, as shown in Figure 08

http://www.andersonpatricio.org/Tutoriais/Exchange2007/ap991_03.png
Figure 8

After changing the registry information we need to restart IIS, we can use IISReset /noforce and then we will be ready to start testing. The test is not a big deal, just create a new user and try to log on in OWA, the user will receive a new OWA form asking for the current password and the new password, as shown in figure 09.

http://www.andersonpatricio.org/Tutoriais/Exchange2007/ap991_04.png
Figure 9

After typing new passwords and hitting the Submit button, a new page will appear with the information that the password has been changed will be displayed. The user just needs to click OK (Figure 10) and then type in again the user name and the new password to access its OWA.

http://www.andersonpatricio.org/Tutoriais/Exchange2007/ap991_05.png
Figure 10

As you may have noticed, this article is showing some ways to automate the process. If you want to enable the feature described previously you can save the following lines in a file and save it as .ps1 and run it from a PowerShell session.

Write-Host "Adding ChangeExpiredPasswordEnable key in the registry..." 
New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\services\MSExchange OWA" -Name "ChangeExpiredPasswordEnabled" -Value 1 -PropertyType "DWord" 
Write-Host "Restarting IIS using /noforce option.." 
IISReset /noforce

Note:
You may have to use Set-ExecutionPolicy unrestricted in order to run the script.

Conclusion

In this article we validated the installation process of Exchange Server 2007 SP3 on top of the new Operating System supported by the product and also how to enable the Reset Password feature.

More information:

Featured Links