The release notes have been updated since Microsoft® Exchange Server 2003 shipped. For the most current information, see the version of this document posted on the Web at http://www.microsoft.com/exchange/library.
© 2003 Microsoft Corporation. All rights reserved.
About This Document |
Back to Top |
The release notes list important information you should know prior to deploying and using Exchange 2003, including known issues.
For detailed technical documentation on Microsoft Exchange Server 2003, see the Exchange Technical Library at http://www.microsoft.com/exchange/library.
Differences Between Standard Edition and Enterprise Edition |
Back to Top |
Exchange 2003 is available in two versions: Exchange Server 2003 Enterprise Edition and Exchange Server 2003 Standard Edition. This section highlights the differences between these versions, including which features are available only in Exchange Server 2003 Enterprise Edition, and specific limitations in Exchange Server 2003 Standard Edition.
You can use Exchange System Manager to quickly determine which version and edition of Exchange is installed on the servers in your organization.
To determine which version and edition is installed
The details pane lists information about the servers that are part of your Exchange organization. The Edition column shows whether the server is running Standard or Enterprise edition (Exchange 5.5 servers will always display Standard, even if they're running the Enterprise edition of Exchange Server 5.5). The Server Version column shows which version of Exchange is installed, as well as the build number and any service packs that are installed. Exchange Server 2003 is version 6.5.
The following feature enhancements are included in Exchange Server 2003 Enterprise Edition:
The following are limitations of Exchange Server 2003 Standard Edition:
Supported Environments for Exchange 2003 |
Back to Top |
This section explains the supported environments you can use to deploy Exchange 2003.
Several features of Exchange 2000, such as Instant Messaging, Chat, and Key Management Service are no longer included in Exchange 2003. Do not attempt to upgrade Exchange 2000 servers with these components installed. See the section Administration later in this document for more details.
Exchange 2003 runs on Microsoft Windows Server™ 2003 and Microsoft Windows® 2000 Server SP3 or later. Exchange 2003 has been optimized to run on Windows Server 2003, and several Exchange 2003 features require Windows 2003.
Exchange 2003 is supported in all Microsoft Active Directory® directory service forest environments: native Windows 2000, native Windows 2003, or mixed Windows 2000 and Windows 2003 forests.
Note While Exchange 2000 Service Pack 2 and later is supported in an environment with Windows Server 2003 domain controllers and global catalog servers, Exchange 2003 is the first version of Exchange that is supported when running on Windows Server 2003. Exchange 2000 is not supported on Windows Server 2003.
When running in an environment with Windows 2000 domain controllers and global catalog servers, the domain controllers and global catalog servers that Exchange 2003 uses must all be running Windows 2000 Service Pack 3 or later. Exchange 2003 will not use a Windows 2000 domain controller or global catalog server that is not running Windows 2000 Service Pack 3 or later. This requirement affects both Exchange 2003 servers and the Exchange 2003 version of Active Directory Connector (ADC). ADC will not work with domain servers or global catalog servers that are running a version of Windows 2000 earlier than Service Pack 3.
Exchange System Manager, Active Directory Users and Computers and other administrative tools do not filter out previous versions of Windows 2000. To ensure signed and sealed Lightweight Directory Access Protocol (LDAP) traffic with Exchange System Manager and other administrative tools, you must have all Windows 2000 Service Pack 3 or later domain controllers and global catalog servers in your Active Directory environment.
If you manually set a domain controller or global catalog server on the Directory Access tab in Exchange System Manager that is not Windows 2000 Service Pack 3 or later, the domain controller or global catalog server will not be used by Exchange and the following event will be logged:
Event #2116. The Domain Controller example-dc is running Windows 2000 Service Pack 1. DSAccess requires that Domain Controllers that run Windows 2000 have at least Service Pack 3 installed.
Note This event will be logged even if the server is not added manually if a server running Windows 2000 Service Pack 2 or earlier is found in the Active Directory environment. Exchange 2003 enforces signed LDAP connections between directory components. To ensure this signing occurs, all domain controllers and global catalog servers must be running Windows 2000 Service Pack 3 or later.
Exchange 2003 can coexist with Exchange 2000 and, when running in Exchange mixed mode, with Exchange 5.5 servers.
For Exchange 2000, Exchange 2003 supports in-place upgrades.
In-place upgrades are not supported for Exchange 5.5 servers. To upgrade from Exchange 5.5 to Exchange 2003, you must join an Exchange 2003 server to the Exchange 5.5 site, then move Exchange resources, such as mailboxes, to the Exchange 2003 server. Use the Exchange Server Deployment Tools to move from Exchange 5.5 to Exchange 2003.
Although Exchange 2000 did support in-place upgrade from Exchange 5.5, the move-resources scenario is the recommended Exchange 5.5 to Exchange 2000 upgrade path.
Exchange 2003 supports an in-place upgrade from previous versions of Exchange 2000. This section guides you through a high level overview, and explains known issues that you should be aware of before you perform your in-place upgrade.
Exchange 2003 Schema Preparation
Before your first Exchange 2000 server upgrade, ensure that Exchange 2003 ForestPrep has been run in the Active Directory forest, in the domain where the schema master resides (by default, the schema master runs on the first Windows domain controller installed in a forest). ForestPrep applies Exchange 2003 schema extensions to include Exchange 2003 specific classes and attributes.
Note If you used the schema manager to index Exchange 2000 schema attributes, you must verify and reapply any manual changes you made to the schema after Exchange 2003 ForestPrep updates the schema.
Exchange 2003 Domain Preparation
Before your first Exchange 2000 server upgrade, ensure that Exchange 2003 DomainPrep has been run in all the domains where you wish to upgrade your Exchange 2000 servers.
You will see the following dialog once you run domainprep:
"The domain "example.extest.microsoft.com" has been identified as an insecure domain for mail-enabled groups with hidden DL membership. Hidden DL membership will be exposed to members of the built-in "Pre-Windows 2000 Compatible Access" security group. This group may have been populated during the promotion of the domain with the intent of allowing permissions to be compatible with pre-Windows 2000 servers and application. To secure the domain, remove any unnecessary members from this group."
This does not mean that your Exchange domain is not secure or that your Exchange organization is running in mixed mode. If you are concerned about your Hidden DL memberships being exposed to the "Pre-Windows 2000 Compatible Access" security group, ensure that only your trusted users or groups are populated in this security group.
Exchange 2003 Upgrade Preparation
Note It is possible to mount an Exchange 2000 SP3 database on an Exchange 2003 server. Upon mounting, the store process automatically patches the database to the correct ESE level. You cannot, however, mount an Exchange 2003 database on an Exchange 2000 SP3 server.
Exchange 2003 Upgrade
You can administer Exchange servers from a Windows XP computer by installing just the Microsoft Exchange Management Tools.
If you have not installed an Exchange 2003 server in your organization, you must first run setup with the /ForestPrep switch. ForestPrep extends the Active Directory schema to include Exchange-specific classes and attributes, and creates the container object for the Exchange organization in Active Directory. Although Exchange System Manager installations are supported without Exchange 2003 servers in your organization, certain features will not work until you have an Exchange 2003 server deployed.
You can manage Exchange 2000 environments using the Exchange 2003 management tools, but certain Exchange 2003 features will not work. If you install the Exchange 2003 Management Tools on a workstation but have not yet installed any Exchange 2003 servers in your environment, the following features will not function correctly:
Administering Exchange 2003 features using Exchange 2000 System Manager is not recommended or supported. In a mixed environment that can include Exchange 5.5, Exchange 2000, and Exchange 2003 you should use the Exchange 2003 management tools with the following exceptions:
Several features of Exchange 2000, such as instant messaging, chat, and Key Management Service, are no longer supported in Exchange 2003. This causes the following issues when using Exchange 2003 to administer Exchange:
Default Security Settings |
Back to Top |
Some default settings for Exchange 2003 have been tightened in order to offer better security. Some of these settings affect the Exchange 2003 server itself, while others affect the entire Exchange organization. You should be aware of the following default security settings:
The default Sending message size and Receiving message size settings for the Exchange organization are set to 10240 KB. This default setting applies to new installations, or upgrades from Exchange 2000 in which no default size was set. If a default size is already specified for the organization, the existing setting is preserved.
Additionally, the Maximum item size limit on public folder stores is set to 10240 KB. As with the message size defaults, this setting applies to new installations, or upgrades in which there is no specified limit. Existing size limits are preserved on upgrade.
In Exchange 2000, the Everyone group has permissions to create top-level public folders. In Exchange 2003, the Create top level public folder access control entry (ACE) is not allowed for the Everyone group.
Known Issues |
Back to Top |
This section describes known issues for Exchange 2003. These issues may impede your ability to successfully deploy and use Exchange. You should familiarize yourself with all of the known issues listed here prior to installing the software.
Known issues are listed based on Exchange component. The following sections are included:
Setup |
Back to Top |
Exchange Server 2003 does not support organization names that contain the following characters in the legacy Exchange 5.5 DN:
?()*
If these characters exist in your Exchange 5.5 directory name, several Exchange services will not start, and your public folders view will not display correctly in Exchange System Manager. To solve this problem, create a new Exchange Server 2003 organization and migrate your users to this new organization.
This error can occur if either your Exchange 5.5 organization directory name or site directory name contains these invalid characters.
You can use the following characters in your new Exchange 2003 organization name:
You cannot use the following characters in your new Exchange 2003 organization name:
~`!@#$%^&*()_+={[}]|\:;"'<,>.?/
Exchange 2003 setup requires that you allow the installation of unsigned, non-driver files. If the server is running Windows 2000 Server and a local security policy has been set that disallows installation of unsigned, non-driver files, setup will be unable to continue.
Before running Exchange 2003 setup, change the local security policy to allow installation of unsigned, non-driver files by doing the following:
After you have completed Exchange 2003 installation, you can reinstate the local security policy.
Administration |
Back to Top |
Exchange System Manager provides remote management of NNTP virtual servers installed on any Exchange servers in your organization. If you run System Manager from a computer running Windows 2000, you will receive an Access Denied error when you try to manage an NNTP virtual server on a remote Exchange 2003 server, if the remote server is running Windows Server 2003. In order to manage NNTP virtual servers on Exchange servers running Windows Server 2003, you must run System Manager from a Windows Server 2003 computer.
When the store process starts, Exchange checks to make sure that certain memory settings are configured correctly. If these settings are not configured correctly, Exchange writes an event (9665) to the event log. This happens under the following circumstances:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\SystemPages
When running on Windows 2000, make sure that the decimal value of this key is between 24000 and 31000.
When running Exchange 2003 on a server with more than 1 GB of RAM, make sure that boot.ini contains the /3GB switch.
When running Exchange 2003 on Windows Server 2003 with the /3GB switch, make sure that boot.ini also contains the /userva switch, and that the value of the switch is set between 2970 and 3030.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\HeapDeCommitFreeBlockThreshold
When running on Windows Server 2003 with the /3GB switch, make sure that the hexadecimal value of this key is set to 0x00040000.
For additional information about these settings, see the following Knowledge Base articles:
Exchange 2000 System Manager cannot display the Directory Access tab for an Exchange 2003 server. Attempting to do this may result in the following error:
"The available memory is not sufficient. Close some applications or windows and try again. ID no: c10306a7 Exchange System Manager."
Exchange 2003 should not be managed from Exchange 2000 System Manager.
Clustering |
Back to Top |
If you install Exchange 2003 on a cluster node running Windows 2000 SP3 with Kerberos authentication enabled, users will not be able to log on to that server with Microsoft Outlook® Web Access.
There is a Windows hotfix that addresses this issue for Windows 2000 Server SP3. Apply this hotfix before installing Exchange 2003 on the cluster node. Additional information on this issue, including how to obtain the hotfix, is available in Knowledge Base article 329938.
Transport |
Back to Top |
Exchange 2003 includes a new feature with which you create query-based distribution groups (see the What's New in Exchange Server 2003 guide for more information on query-based distribution groups). Although query-based distribution groups that were created using Exchange 2003 will function in an Exchange 2000 SP3 and Exchange 2003 environment, they cannot be administered using Exchange 2000 administration tools. Using Exchange 2000 administration tools, such as the Exchange 2000 version of Active Directory Users and Computers, to administer query-based distribution groups is not supported. You must use the Exchange 2003 administration tools when managing query-based distribution groups.
Using the Exchange 2000 administration tools, such as Active Directory Users and Computers, to add a query-based distribution group to a user's mailbox delivery restrictions can cause the tool to crash. Use Exchange 2003 to administer query-based distribution groups.
GB 18030-encoded messages were not supported in Exchange 2000 SP3, although they could be successfully routed by a server running Exchange 2000 SP3 with Internet Explorer 6.0 Service Pack 1 (SP1) installed. Otherwise, GB 18030-encoded messages generated Non-Delivery Reports (NDRs) on servers running Exchange 2000 SP3.
Exchange 2003 supports GB 18030-encoded messages on servers with Internet Explorer 6.0 SP1 installed. If you are installing Exchange 2003 on a Windows 2000 server, make sure to install SP1 of Internet Explorer 6.0 if you want GB 18030-encoded messages to work. Internet Explorer 6.0 SP1 is installed by default on Windows Server 2003, so this issue only affects Exchange 2000 servers with an earlier version of Internet Explorer installed.
Clients |
Back to Top |
In order to be able to save or send items in Japanese using Outlook Web Access, the East Asian Language Pack must first be installed on all Exchange servers that will be accessed using Outlook Web Access.
To add the East Asian Language pack
For Exchange 2003, Internet Explorer versions prior to version 6 do not render Outlook Web Access correctly if the browser language is set to Arabic or Hebrew. Use Internet Explorer 6 when browsing Arabic or Hebrew Outlook Web Access for Exchange 2003.
Outlook Web Access allows you to enable specific sets of features on a server for individual users. For example, you can enable only Calendar and Messaging. To set this feature segmentation per user, you modify the msExchMailboxFolderSet attribute on the User object in Active Directory. The value of this attribute determines which features are available to the user.
In Exchange 2000, the decimal value for enabling all features on a per-user basis was published in certain locations as 1023 (or 0x3FF in hexadecimal). In fact, the value is 4294967295 (0xFFFFFFFF in hexadecimal). If you had previously enabled all features using feature segmentation based on the previous documentation, you will need to update the value of the msExchMailboxFolderSet attribute on the user object to this new value. If you do not update this value, users may not be able to use all new Outlook Web Access features.
By default, Windows Server 2003 includes Internet Explorer Enhanced Security Configuration, which locks down Internet Explorer to a more secure state. Users accessing Exchange with Outlook Web Access from a Windows Server 2003 computer will need to enter their domain name and password even if the user is an authenticated user for the trusted domain where the Exchange server is located.
Additionally, before accessing Exchange with Outlook Web Access, your users will need to add the Web site for Outlook Web Access Exchange to the "Trusted Sites" list in Internet Explorer.
To add a Web site to the Trusted Site zone
If you do not want users to have to enter their domain name and password when using Outlook Web Access from an Exchange Server 2003 computer, you must remove the Internet Explorer Enhanced Security Configuration component for Windows Server 2003. This feature can be removed from Add or Remove Programs.
After adding your Exchange server to the "Trusted Sites" list in Internet Explorer you will still get prompted that content from "about:blank" is getting blocked. If you click the close button, Outlook Web Access will resolve the addresses properly.
The IIS service does not interoperate correctly with some anti-virus scanning software. If you have enabled Outlook Web Access compression, you should ensure that the antivirus scanning software that is running on your Exchange server excludes the "IIS Temporary Compressed Files" subdirectory.
Additional information on this issue, including how to obtain the hotfix, is available in Knowledge Base article 817442.
Mobility |
Back to Top |
Some real-time monitoring software causes Microsoft Outlook Mobile Access to function improperly. If you are using real-time monitoring software, set the following directories and subdirectories to not be scanned:
ASP.NET is part of the .NET Framework. Version 1.1 or later of ASP.NET is required for certain Exchange 2003 features, such as Outlook Mobile Access, to function. Under certain circumstances, the Access Control Lists (ACLs) set by ASP.NET may be overridden and need to be restored. There are two primary ways this can occur:
The ASP.NET component of the .NET Framework is treated differently depending on whether the .NET Framework is installed on a Windows 2000 server or a Windows Server 2003. ASP.NET is installed as part of the .NET Framework on a Windows 2000 server. With Windows Server 2003, the ASP.NET component needs to be added using Add/Remove Windows Components. The Web Service Extension for ASP.NET should be allowed by default. You can double-check that it is enabled using the Web Service Extensions node in Internet Services Manager. The ASP.NET v1.1.xxxx Web Service Extension must be set to Allow.
When you promote a server to a domain controller, or upgrade from Windows 2000 to Windows Server 2003, the ACLs set by ASP.NET are overridden. This causes any applications that require ASP.NET to break. This means that if you install Exchange 2003 on a domain controller that was promoted after ASP.NET was installed, or if you install on a Windows Server 2003 that was upgraded from a Windows 2000 server with the .NET Framework installed, certain Exchange features will not work.
To avoid this problem, install ASP.NET after promoting a domain controller or upgrading from Windows 2000 to Windows Server 2003.
If the ACLs do become misconfigured, you can fix this problem by running the aspnet_regiis.exe script with the -i switch.
To run aspnet_regiis.exe
The script restores the necessary ASP.NET ACLs.
In order for users to be able to log on to Outlook Mobile Access using User Principle Name (UPN) in a cross-forest scenario (where the user account and user mailbox are located in separate Windows forests with a one-way forest level trust between the forests), both forests must be using Windows 2003 functional level mode. Windows 2003 will only support implicit UPN authentication for Outlook Mobile Access. For example, users can log on to Outlook Mobile Access in this scenario using username@companyname.corp.com on their device.
If you are using a pre-SP1 version of Internet Security and Acceleration (ISA) Server 2000 as a front-end for proxying Server ActiveSync® requests from Pocket PC devices, and you have not configured a registry key, synchronization will not work correctly. This is because ISA Server filters out some of the Options information needed by the client. Install SP1 of ISA Server if you are using ISA as a front-end, and configure the registry key as described in Knowledge Base article 304340.
Development |
Back to Top |
Exchange Web forms support Exchange Store views. The path for the view control has changed for Exchange 2003, so Web Form applications referencing the view control will stop working properly after upgrading to Exchange 2003. You must update any Web Form applications that reference the view control (wfview.htc) to point to the new location. The new location for wfview.htc is \Exchsrvr\exchweb\controls.
A Freedoc is any document in the Exchange store with a message class of IPM.Document.*. For example, a Microsoft Word document that has been saved directly in the store is a Freedoc.
Depending on security settings, public folders may allow access to post documents, including Freedocs. Because a Freedoc can potentially cause a client to handle its contents inappropriately, Exchange Server 2003 prevents direct access to Freedocs stored in public folders. An attempt to access a Freedoc in a public folder will generate a 403 Forbidden error. Alternatively, you can create non-public folders with permissions that allow access to Freedocs, which is the recommended practice.
This behavior will cause workflow applications that request Freedocs, such as a Web Forms application using the exwform.dll renderer, to not function correctly.
For additional information on this issue, including workarounds, see Knowledge Base article 818741.
Copyright |
Back to Top |
Information in this document, including URL and other Internet Web site references, is subject to change without notice and is provided for informational purposes only. The entire risk of the use or results of the use of this document remains with the user, and Microsoft Corporation makes no warranties, either express or implied. Unless otherwise noted, the example companies, organizations, products, people and events depicted herein are fictitious and no association with any real company, organization, product, person or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2003 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, ActiveSync, Outlook, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries.