I wanted to share some of my findings with running Exchange 2007 SP1 on Server
2008. I’ve noticed and heard of several issues and information that I believe
people should be cognizant about.
Here are the issues and general information I have heard of and experienced so
far that seems to be valuable to share. If you disagree with anything I am
sharing, have found it works in a different way for you, and/or want to include
your findings and any tidbits of information you may have, please feel free to
comment.
* Hub Transport Server Role fails when IPv6 is disabled on that server
o If IPv6 is disabled prior to the installation of Exchange Server 2007, when
installing the Hub Transport Server role, your Hub Transport Server role will
fail to install
o If IPv6 is disabled after the installation of Exchange Server 2007, you may
experience some Exchange services failing to start
* Outlook Anywhere is broken under certain conditions
o Outlook Anywhere is not working for Outlook 2007 with IPv6 enabled (More
information can be found from the Microsoft site. I’m not sure if this also
happens with previous versions of Outlook. The first link refers to Outlook 2007
while the second link refers to Outlook. I would figure this would be for all
Outlook versions since RPC over HTTP proxy is not Outlook version specific. I
can’t think of anything that would cause this to fail via Outlook 2007 and not
previous versions of Outlook. But from what I’ve heard, this is definitely
happening with Outlook 2007. More information below.
o This bug consists of the fact that IPv6 is not listening on the loopback port
6004 (RPC/HTTP Proxy Service). This is causing Outlook Anywhere to fail with
Outlook 2007. Not sure if this happens with previous versions of Outlook. The
reason for this is because Server 2008 prefers communication using IPv6 over
IPv4. Since IPv6 is not listening on port 6004, Outlook Anywhere will fail.
TCP 0.0.0.0:6001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:6002 0.0.0.0:0 LISTENING
TCP 0.0.0.0:6004 0.0.0.0:0 LISTENING
TCP [::]:6001 [::]:0 LISTENING
TCP [::]:6002 [::]:0 LISTENING
o People have been disabling IPv6 within the registry to ensure that IPv6 is not
active at all so Outlook Anywhere will use IPv6 which is listening on IPv6. The
problem with disabling IPv6, is if the CAS is also on the HTS, HTS will fail. So
in this case, there are several options. The first being deal with the bug. The
second being separate the CAS and the HTS so you can disable IPv6 on the CAS and
leave IPv6 on the HTS on. The third option is presented in the second URL above
which includes making some modifications to your host file.
o Microsoft has stated this has been added to the QFE list for SP2
* NTLM seems to be very buggy with Outlook Anywhere. There are lots of reports
of Outlook Anywhere NTLM Authentication not being functional when using Server
2008. More information can be found from the following URL: http://blog.aaronmarks.com/?p=65.
* There is an HP Document (http://h71028.www7.hp.com/ERC/downloads/4AA1-5675ENW.pdf)
which goes over some testing with varying network latencies using CCR over an
OC3 link with a network latency simulator. I wanted to give an overall summary
of their findings.
o 20 ms latency – All the log files were shipped over properly and all CCR
databases auto-mounted properly
o 30-40 ms latency – Some manual mounting will be required to mount all your
databases as the latency will prevent all logs to be shipped over fast enough
for automatic mounting
o 50+ ms latency – Log shipping mechanism was out of control
* In regards to SCR and the network latency topic. SCR is a manual failover
mechanism. Because of this, CCR is a lot more dependent on network latency due
to its automatic failover mechanism. Microsoft does provide recommendations on
how to tune SCR for latency on the Exchange Technet Library which can be found
here. The problem here is the article is geared for Server 2003 Networking. As
for real world SCR scenarios, I have been told that a mailbox server that
contains ~6,000 mailboxes has been successfully failed over to an SCR target
across the world over a 200 ms link.
Update 1: There has been an update in regards to NTLM Authentication issues from
the Microsoft Exchange Team Blog here.
Sid quoted the following:
As promised, here’s an update on the reprompting issue that many of you have
encountered.
The gist of the issue is that IIS7 uses kernel mode windows authentication by
default. Turning this off will fix reprompting. I will post a detailed update
once I dig through some more and talk to the IIS PD, but for now I wanted to
provide this update so you can give
it a shot and let me know if (no, “that”) it works for you.
Here’s the command that needs to be run on the CAS boxes ->
%Windows%\inetsrv\appcmd.exe set config /section:system.webServ
er/security/authentication/windowsAuthentication /useKernelMode:false
Update 2: From the same blog article in Update 1 here, you will find updated
guidance on disabling IPv6 depending on what roles you have on your server.
Microsoft Offers certifications like
MCP The
Microsoft Certified Professional (MCP)
credential is for professionals who have the skills to successfully implement a
Microsoft product or technology as part of a business solution in an
organization.
