Nick's Unified Communications and Scripting Blog : Exchange 2007 SP1 Upgrade ‘Gotchas’

News

Disclaimer: These postings are provided "AS IS" with no warranties and confer no rights. They do not represent the views of Microsoft.

Bloggers

Archives

Exchange 2007 SP1 Upgrade ‘Gotchas’

ActiveSync Default Policy

Exchange 2007 RTM would allow you to assign ActiveSync policies on a per user level. Exchange 2007 SP1 added the ability to define an ActiveSync policy as a default policy for all users. You can read more about this and other changes to ActiveSync in SP1 on the “What's New for Exchange ActiveSync Mailbox Policies in Exchange Server 2007 SP1?" post on the Exchange team blog.

However, if your environment does not utilize ActiveSync policies you should be aware that the default policy will be applied to all users after upgrading to SP1. The default policy is pretty vanilla and would not really impose any configuration changes on mobile devices. However, users will be prompted to apply required security settings before syncing. The following Exchange Management Shell command can be used to prevent the default policy from being applied to all users, thus preventing the prompt on mobile phones.

Set-ActiveSyncMailboxPolicy Default -IsDefaultPolicy:$false

**Note: Each time a CAS server is upgraded this policy will be re-enabled as the default.

Load Balancer SSL Offloading

If you have multiple CAS servers and are using SSL offloading on your hardware load balancers you should be aware that installing SP1 will re-enable the SSL requirement at the root level of the “Default Web Site”. This will likely prevent the ‘http listener’ form detecting that your CAS servers are available and OWA access will be unavailable.

To resolve this, edit secure communications on the Directory Security tab of the “Default Web Site”. Uncheck the Require secure channel (SSL) checkbox.

**Note: The option is also re-enabled when running the Enable-ExchangeCertificate cmdlet to apply a new certificate to IIS.

Posted: Sunday, February 10, 2008 2:46 AM by karsmith

Filed under: Exchange 2007, PowerShell

Comments

BioSensorAB » Exchange 2007 SP1 Upgrade ???Gotchas??? said:

PingBack from http://www.biosensorab.org/2008/02/09/exchange-2007-sp1-upgrade-%e2%80%98gotchas%e2%80%99/

# February 9, 2008 11:01 PM

Nuno said:

Hi there Nick, I have installed SP1 on a server running Exchange 2007.

However when I apply any device policies or advanced policies either those policies are not applied to the device or I start getting an error when trying to sync saying the user has no permission.

At the moment I am using the console, but I think I will have to take a deep dive into powershell for EAS.

Regards

Nuno

# February 27, 2008 3:27 PM

karsmith said:

Nuno,

I have not experienced the problems you mentioned. Although, I'd be happy to point you in the right direction if you can get me some more information.

What is the exact error message you are getting when applying the policy? Is the mobile device running Windows Mobile 6? Is SP1 installed on both the CAS server and the mailbox server the user is hosted on? Were you enforcing policies on mobile devices before SP1? What policies are you trying to enforce?

As far as the policy not applying, I would suggest that you check the policy is enabled on the user. This can be done with the Get-CASMailbox cmdlet. It might also take a while for the policy to take effect depending on your AD topology and the amount of time it may take for global catalog replication.

--Nick

# March 2, 2008 8:22 PM

New Comments to this post are disabled

Nick's Unified Communications and Scripting Blog

Recent Posts

Tags