Saturday, February 23, 2008

Upgrading to Exchange 2007 SP1 with Symantec Mail Security

*UPDATED - Read all updates before trying this - See Below*

I'd been holding off on applying SP1 for Exch 2007 for a while now until I had upgraded my backup exec to version 12 and to see if there were any issues with Symantec Mail Security which I have running on the exchange server. So after I got BE 12 up and running I figured it was time.

The download of SP1 was much larger than I was expecting as it was around 870MB. In fact after running this upgrade I'm under the impression that it pretty much just reinstalled the whole server while retaining all my settings and data. Make sure you perform the usual precautions like backing up your data and have a recovery plan in place before starting. And of course, stop all antivirus, backup exec, automatic update services, etc prior to starting. (leave the exchange and IIS services running)

The first machine you should upgrade is the server(s) with the Client Access Role installed. During my upgrade, the pre-requisite check failed with a "you must be a member of the exchange organization administrators group" which occured because the user I was installing it as was not a member of the Exchange Organization Group. To remedy this, go into the Exchange Mgmt Console and under Organization, click on Add Exchange Administrator and add in the account you are installing as. Then restart all exchange services for changes to take effect. After the pre-req tests pass, click Next and the upgrade will start. You'll see a lot of disturbing messages like 'uninstalling files', 'pre-compiling binaries', etc and wonder if you're running the right installer or not. Fear not, this is normal behavior for the service pack. My Front-End server took about 17 minutes. (Server specs: Win2k3 x64 SP2, dual 2.0Ghz, 4GB ram)

At this time, I went ahead and re-installed the backup exec agents on the server just as a precaution.

Now with that roaring success beneath our belts, we move onto the back end server. Now if you got that exchange organization admin error earlier, make sure you rebooted the back end server too for changes to take effect. Repeat the same precautions of backup up, stopping unnecessary services, etc.

After that's done, you may want to change a registry key for a feature that's disabled by default as part of Microsoft's new security initiatives. The downside is that by turning off "Remote Streaming Backup" is that programs like Backup Exec will have problems. To Enable this key, go into Regedit and navigate to:


Create a DWORD key - "Enable Remote Streaming Backup" with a value of 1. At this time, I went ahead and re-installed the backup exec agents on the server just as a precaution. Reboot.

My Symantec Mail Security 6 appears to still be working properly and I tested my smtp server and it's still accepting messages so we're looking stable.

SP1 has some nice improvements such as being able to export a .pst file (very useful for archiving ex-employees for evidence), the rewritten OWA interface with lots of new features like server side rules, personal distribution lists, office 2007 support, etc.

And now you can change Send-As and Full Access rights from the GUI for those days when you just don't fell PowerShell-ish.

For details on the new changes, go to:

Update 2/25/08: After applying SP1, the event logs are now starting to flood with Event ID:
8206 - EXCDO - "Calendaring agent failed with error code 0x8000ffff while saving appointmen". I went ahead and rebooted the server and that error went away. An odd issue occured with some recurring calendar entries. As users opened up invites and/or meeting entries in their calendar on monday, some of them ran into an error. This error triggered Exchange to do a repair/integrity check on their mailboxes and effectively locked them out of their calendar for a while. The corresponding error in the Application log looked like:

Event Type: Warning
Event Source: EXCDO
Event Category: General
Event ID: 8230
Date: 2/25/2008
Time: 4:49:12 PM
User: N/A
Computer: EXCHANGE_server_name_here
An inconsistency was detected in /Calendar/Pinpoint Testing for blah blah.EML. The calendar is being repaired. If a problem persists, please recreate the calendar or the containing mailbox.

For more information, see Help and Support Center at

Everything appears to go back to normal after the ExchangeIS process finishes checking the mailbox out.

If this persists for a few days, I may have to take the Information Store down and run a manual Eseutil /G integrity check.

Updated 2/27/08 - Calendar issues seem to have sorted themselves out during the first 2 days. Now I'm getting:
Unexpected error 0x50a occurred in "EcProcessVirusScanQueueItem"

After researching the web I see that it's not limited to Symantec as users of Trend, Forefront are also reporting the same error post SP1.


Joso said...

hi there,

what version of symantec mail security are you using? Is version 6.0 compatible with exhange 2007? Would you recommend going to forefront as i'm in the process of purchasing and will be doing the exchange 2007 with sp1 upgrade.


Gnawgnu said...

Currently using the Mail Security for Exchange 6 - february 08 build and I'm subscribed to the Brightmail Anti-Spam service which works pretty good. With SP1 I'm still trying to get rid of one last error that keeps popping up. I haven't tried out Forefront but it should be pretty comparable and has the benefit of being a Microsoft product so in theory it they'll address any issues with exchange faster than a third party company.