Like Exchange 2007 Service Pack 1, Exchange 2007 Service Pack 2 is a slip-streamed version.

Exchange 2007 Service Pack 2 introduces several new features, but in order to utilize Exchange 2007 SP2, you must perform the following steps:

  1. Extend the Schema
  2. Prepare Active Directory
  3. Install Windows Installer 4.5
  4. Uninstall Interim Updates

Extend the Schema

In order to deploy Exchange 2007 SP2, you must first extend the schema. Depending on your environment's configuration, one of the following scenarios will happen:

  • If your Active Directory environment currently does not have any Exchange Server version deployed, then when you extend the schema, the schema changes included with Exchange 2000 through Exchange 2010 will be deployed in your environment.
  • If your Active Directory environment is currently Exchange 2000 and you are upgrading to Exchange 2007, then when you extend the schema, the schema changes included with Exchange 2003 through Exchange 2010 will be deployed in your environment.
  • If your Active Directory environment is currently Exchange 2003 and you are upgrading to Exchange 2007, then when you extend the schema, the schema changes included with Exchange 2007 through Exchange 2010 will be deployed in your environment.
  • If your Active Directory environment is currently Exchange 2007 and you are upgrading to Exchange 2007 SP2, then when you extend the schema, the Exchange 2010 schema changes will be deployed in your environment.

Question 1: Why is Exchange 2010 listed above?

For those of you that haven't been keeping abreast of the work we are doing in Exchange 2010, Exchange 2007 SP2 is required for coexistence with Exchange 2010. This enables support for coexistence like ensuring Exchange 2010 mailbox Autodiscover requests that are received by CAS2007 are redirected to the appropriate CAS2010 and enabling ActiveSync proxy support between CAS2010 and CAS2007.

Therefore, to minimize the number of times you have to perform a schema extension, we decided to include the Exchange 2010 RTM schema. For those of you that are planning to upgrade your Exchange 2007 environments to Exchange 2010, this will reduce the number of schema extensions you have to perform. Once you extend the schema with Exchange 2007 SP2, you will not have to extend the schema with Exchange 2010 RTM.

However there are direct benefits with deploying the Exchange 2010 schema with Exchange 2007 SP2. One of the new features in Exchange 2007 SP2 is the ability for administrators to control certain settings at the organization level that originally were configured via configuration files; the schema changes have enabled us to move some of these settings now into AD. Expect to hear more about this in a future blog post.

Question 2: How do I extend the schema?

In order to extend the schema you must meet all the pre-requisites:

  1. You must be running the Exchange 2007 setup with a domain account that is a member of the Schema Admins and Enterprise Admins security groups.
  2. The machine on which you run the Exchange 2007 setup schema extension process must be a member of the same domain and Active Directory site as the Schema Master.
  3. The machine on which you run the Exchange 2007 setup schema extension process must be:

a. Windows Server 2003 SP2 with Windows Installer 4.5 installed
b. Windows Server 2008 with Windows Installer 4.5 installed
c. Windows Server 2008 SP2

To extend the schema, you simply run this command from an administrative command line:

setup /PrepareSchema

Prepare Active Directory

In order to support the new Role Based Access Control (RBAC) model in Exchange 2010, a new security group was created, the Exchange Trusted Subsystem (ETS). The ETS is a highly-privileged universal security group (USG) that has read and write access to every Exchange-related object in the Exchange organization. In Exchange 2010 all Remote Powershell actions are run under the context of a CAS which is a member of the Exchange Trusted Subsystem. This means that for any action that acts against a local server resource, for example in enumerating the IIS virtual directories, to succeed the Exchange Trusted SubSystem needs sufficient rights to view or manipulate those local resources depending on the action.

In order to support coexistence with Exchange 2010, Exchange 2007 SP2 creates this security group in the Microsoft Exchange Security Groups organization unit during the AD preparation setup phase. This group is then added to the Exchange 2007 server's local administrators group during the installation of the SP2 binaries.

Question: How do I prepare Active Directory?

In order to prepare Active Directory you must meet all the pre-requisites:

  1. You must be running the Exchange 2007 setup with a domain account that is a member of the Enterprise Admins security group.
  2. The machine on which you run the Exchange 2007 setup schema extension process must be a member of the same domain and Active Directory site as the Schema Master.
  3. The machine on which you run the Exchange 2007 setup schema extension process must be:

a. Windows Server 2003 SP2 with Windows Installer 4.5 installed
b. Windows Server 2008 with Windows Installer 4.5 installed
c. Windows Server 2008 SP2

To extend the schema, you simply run this command from an administrative command line:

setup /PrepareAD

Install Windows Installer 4.5

Microsoft Windows Installer is a component of the Windows operating system. Windows Installer provides a standard foundation for installing and uninstalling software. Software manufacturers can create the setup of their products to use Windows Installer to help make software installation, maintenance, and uninstallation straightforward and easy. For more information, please see http://msdn.microsoft.com/en-us/library/cc185688(VS.85).aspx.

The Exchange 2007 and Exchange 2010 setup engine is an example of a product that leverages Windows Installer. Specifically we have a setup wrapper that launches and installs the product via an MSI file. Windows Installer also allows us to patch via MSP files.

However, several of our customers have experienced an issue due to Windows Installer and the way rollups are applied. Essentially the following could happen:

  1. You installed Exchange 2007 SP1 on a machine that does not have Windows Installer 4.5.
  2. You removed the setup media or disconnected the network share.
  3. You then applied SP1 RU4v1.
  4. You then uninstall SP1 RU4v1.
  5. During the uninstall you are now prompted for the source media (Exchange 2007 SP1).

This scenario was a result of a bug in the Installer setup experience, where if we ship a non-versioned file with a companion file in the main product setup MSI file (so in the Exchange 2007 SP1 media) and then and we patch the non-versioned file for the first time (so in the SP1 RU4v1 patch) then the uninstall of the patch prompts for original install media (because MSI has a bug where it does not make a backup of the non-versioned file when installing the patch). An example of a non-versioned file is the logon.aspx file for the forms-based authentication page in Outlook Web Access.

Question: How do I install Windows Installer 4.5?

For Windows Server 2003 SP2, Windows Vista SP1, and Windows Server 2008 RTM, to install Windows installer 4.5 you need to download the appropriate version from http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5a58b56f-60b6-4412-95b9-54d056d6f9f4.

Please note that if you are running Windows Vista SP2 or Windows Server 2008 SP2, Windows Installer 4.5 is already included.

Uninstall Interim Updates

Beginning with Exchange 2007, Sustained Engineering moved to model where we release public rollups on a routine basis as opposed to building individual hot-fixes that may or may not be publically accessible. This allows customers to get the latest code base fixes directly from Microsoft.com without requiring numerous hot-fixes to be up to date.

However, sometimes customers do experience issues that require them to run what we have termed an Interim Update because they cannot wait for the rollup to be released that contains the fix. Customers can obtain the Interim Update from Microsoft Support and deploy it to resolve their issue. Because it is an Interim Update, it does have certain requirements - they require a certain version of a rollup / service pack and due to our rollup architecture, Interim Updates must be uninstalled prior to installing the next rollup or service pack.

Conclusion

Hopefully the information included above will prepare you in upgrading to Exchange 2007 Service Pack 2. If you have any questions, please let us know.

-- Ross Smith IV