Elan Shudnow’s Blog

I wanted to share some of my findings with running Exchange 2007 SP1 on Server 2008. I’ve noticed and heard of several issues and information that I believe people should be cognizant about.

Here are the issues and general information I have heard of and experienced so far that seems to be valuable to share. If you disagree with anything I am sharing, have found it works in a different way for you, and/or want to include your findings and any tidbits of information you may have, please feel free to comment.

• Hub Transport Server Role fails when IPv6 is disabled on that server
  • If IPv6 is disabled prior to the installation of Exchange Server 2007, when installing the Hub Transport Server role, your Hub Transport Server role will fail to install
  • If IPv6 is disabled after the installation of Exchange Server 2007, you may experience some Exchange services failing to start

• Outlook Anywhere is broken under certain conditions
  • Outlook Anywhere is not working for Outlook 2007 with IPv6 enabled (More information can be found from the following URLs: http://blog.aaronmarks.com/?p=65 and http://www.buit.org/2008/01/04/outlook-anywhere-is-broken-on-ipv6-in-windows-server-2008). I’m not sure if this also happens with previous versions of Outlook. The first link refers to Outlook 2007 while the second link refers to Outlook. I would figure this would be for all Outlook versions since RPC over HTTP proxy is not Outlook version specific. I can’t think of anything that would cause this to fail via Outlook 2007 and not previous versions of Outlook. But from what I’ve heard, this is definitely happening with Outlook 2007. More information below.
  • This bug consists of the fact that IPv6 is not listening on the loopback port 6004 (RPC/HTTP Proxy Service). This is causing Outlook Anywhere to fail with Outlook 2007. Not sure if this happens with previous versions of Outlook. The reason for this is because Server 2008 prefers communication using IPv6 over IPv4. Since IPv6 is not listening on port 6004, Outlook Anywhere will fail.

  TCP 0.0.0.0:6001 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:6002 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:6004 0.0.0.0:0 LISTENING
  TCP [::]:6001 [::]:0 LISTENING
  TCP [::]:6002 [::]:0 LISTENING

  • People have been disabling IPv6 within the registry to ensure that IPv6 is not active at all so Outlook Anywhere will use IPv6 which is listening on IPv6. The problem with disabling IPv6, is if the CAS is also on the HTS, HTS will fail. So in this case, there are several options. The first being deal with the bug. The second being separate the CAS and the HTS so you can disable IPv6 on the CAS and leave IPv6 on the HTS on. The third option is presented in the second URL above which includes making some modifications to your host file.
  • Microsoft has stated this has been added to the QFE list for SP2

• NTLM seems to be very buggy with Outlook Anywhere. There are lots of reports of Outlook Anywhere NTLM Authentication not being functional when using Server 2008. More information can be found from the following URL: http://blog.aaronmarks.com/?p=65.
• OAB Generation fails on Server 2008 Clusters.  More information can be found from the following URL: http://www.spyordie007.com/blog/index.php?mode=viewid&post_id=25

• There is an HP Document (http://h71028.www7.hp.com/ERC/downloads/4AA1-5675ENW.pdf) which goes over some testing with varying network latencies using CCR over an OC3 link with a network latency simulator. I wanted to give an overall summary of their findings.
  • 20 ms latency – All the log files were shipped over properly and all CCR databases auto-mounted properly
  • 30-40 ms latency – Some manual mounting will be required to mount all your databases as the latency will prevent all logs to be shipped over fast enough for automatic mounting
  • 50+ ms latency – Log shipping mechanism was out of control

• In regards to SCR and the network latency topic. SCR is a manual failover mechanism. Because of this, CCR is a lot more dependent on network latency due to its automatic failover mechanism. Microsoft does provide recommendations on how to tune SCR for latency on the Exchange Technet Library which can be found here. The problem here is the article is geared for Server 2003 Networking. As for real world SCR scenarios, I have been told that a mailbox server that contains ~6,000 mailboxes has been successfully failed over to an SCR target across the world over a 200 ms link.

Update 1: There has been an update in regards to NTLM Authentication issues from the Microsoft Exchange Team Blog here.

Sid quoted the following:

As promised, here’s an update on the reprompting issue that many of you have encountered.

The gist of the issue is that IIS7 uses kernel mode windows authentication by default. Turning this off will fix reprompting. I will post a detailed update once I dig through some more and talk to the IIS PD, but for now I wanted to provide this update so you can give
it a shot and let me know if (no, “that”) it works for you.

Here’s the command that needs to be run on the CAS boxes ->

%Windows%\inetsrv\appcmd.exe set config /section:system.webServ

er/security/authentication/windowsAuthentication /useKernelMode:false

Update 2: From the same blog article in Update 1 here, you will find updated guidance on disabling IPv6 depending on what roles you have on your server.  You can also read the official Technet Documentation here.

Update 3: NTLM Authentication issues have been resolved in Release Update 4 for SP1 here.

Update 4: Microsoft has an interim  hotfix for the OAB issue.  Contact Premiere Support Services (PSS) for this hotfix.

Elan Shudnow :: May.22.2008 :: Exchange, Server 2008, Windows :: 1 Comment »

Trackback this post | Feed on Comments to this post