Exchange Server 2013 Service Pack 1: New Features
Three months after the release of Exchange 2013 CU3, Microsoft announced the release of Exchange 2013 SP1, which could be called CU4. Without a doubt, the announcement of SP1 became a balm for those who are sure that you should not install Microsoft server products before the release of the first service pack. Although those who adhere to the principle of “haste - make people laugh” have a hard time in the cloudy world, which implies quarterly installation of updates on corporate products, it is not so easy to give up the old habit. In any case, build 847.32, or, more simply, Exchange 2013 SP1, is available for download.
So that those who are still working with previous versions of the product do not feel forgotten, Exchange 2007 SP3 RU13 with Exchange 2010 SP3 RU5 also came out at the same time.
I do not want to bore you with the details of the installation, because, at least for me, the update from CU3 was painless. However, I remind you that in order to support new cmdlets and changes in RBAC, you will need to update the ADDS schema, so be sure to include this step in your installation plan. Time-tested precautions remain in force, such as transferring a DAG member to Maintenance Mode and stopping EMS and EAC before upgrading. In our case, the update did not end with injuries, which was an unexpected pleasant surprise. One small warning - check that all services have started after the upgrade, as there may be a catch with transport services.
UPD . Microsoft has published an article KB2938053 devoted to this issue.
')
The update package includes both improvements to the old functionality and new features. The return of S / MIME support to OWA can be an example of the first, and the appearance of important information in the DLP subsystem of fingerprinting settings - the second. Full list of updated and added functionality just below. Where possible and appropriate, the same features are included in Office 365. In fact, given the specifics of the current update release process, new features are deployed in the cloud several weeks before they are offered to corporate customers as an update, such as for example SP1. It is possible that you are already using the new features, although this was not noticed.
So, for me, the most interesting changes included in SP1 are the following:
The emergence of the protocol "MAPI over HTTP" (aka "alchemy") as a mechanism for interaction between Outlook and Exchange. While RPC over HTTP is still used to serve clients other than Outlook 2013 SP1, MAPI over HTTP is likely to become the preferred, and later on, the only protocol to connect to Exchange. RPC is an outdated mechanism that makes it difficult to cope with an unstable network connection (for example, in public Wi-Fi networks), and refusing to use it will make client connections more reliable. MAPI over HTTP using HTTPS is based on HTTP 1.1, and now clients use the POST command to communicate with the server. As a result, Outlook connected using MAPI over HTTP works the same way as EWS, EAS or OWA, which allows you to better handle (hopefully) scenarios such as hibernation exit, switching between networks or network adapters, network failures, and so on. For me, perhaps it will even allow you to no longer use OWA Offline. It is important to keep in mind that the only email client that supports MAPI over HTTP is Outlook 2013 SP1, so you need a lot of time for organizations to fully switch to using the new protocol. You will also need to perform one-time customization in your Exchange organization to enable the use of MAPI over HTTP, fortunately this will not disrupt the network exchange with RPC clients. In the near future, Microsoft plans to include (if it has not yet enabled) a new protocol in Office 365, and new customers will switch to using it automatically. Microsoft does not plan to disable RPC over HTTP for Office 365, but it is not surprising if this happens within a few years.
OWA and OWA for Devices now display DLP warnings . Quite an important change, since earlier Outlook 2013 was the only client that supports DLP. Often this became a blocking factor when deploying DLP in the enterprise.
At the same time, you can now add any documents as a set of information controlled by DLP policies on clients or using transport rules. To do this, you must create a so-called "fingerprint" (fingerprint) of controlled information. I note that the DLP templates supplied with Exchange 2013 SP1 now cover more countries and regions.
Cmdlet logging returned to the Exchange Administrative Center (EAC) . The graphical MMC snap-in Exchange Management Console for Exchange 2007 or Exchange 2010 provided three different ways to see which cmdlets (and with what parameters) would be executed when performing a particular action. This feature is indispensable for those who want to study in detail the syntax and parameters of the cmdlets used. Finally, in Exchange 2013 SP1, you can now enable logging and display a log of cmdlets executed by EAC in a separate window.
Windows 2012 R2 has been added to the list of supported operating systems . Now you can install Exchange 2013 SP1 on servers running Windows 2012 R2, use domain controllers and global catalogs based on Windows 2012 R2, and also raise the level of the domain and forest to Windows 2012 R2.
By the way, for Exchange 2007 SP3 RU13, Exchange 2010 SP3 RU5 also added support for domain controllers and global catalogs based on Windows 2012 R2, but the domain and forest level of Windows 2012 R2 is not supported, as is not supported by installing the product on Windows 2012 R2.
Simplified DAG Deployment If the DAG is deployed on Windows 2012 R2, you can create a “DAG without a dedicated IP address” (or, in Microsoft terms, “DAG without a Cluster Administrative Access Point). This is a continuation of the evolution of the DAG model, in which an increasing part of the responsibility for managing all aspects of the DAG is transferred to Exchange. The new model assumes that all DAG management is performed by Exchange tools, and the Failover Cluster Management, CNO snap-in, network name and DNS records for the cluster are no longer used. I will tell about this extremely convenient change simplifying administration in the near future. Let me just remind you that all DAG members must work on the same version of the operating system, so if you want to switch to using Windows 2012 R2, the existing DAG will have to be recreated.
S / MIME support returned to OWA (for IE9 + only, not Chrome, Firefox and Safari). This functionality has been removed due to changes to the OWA architecture to support various types of displays. Exchange 2013 SP1 S / MIME is supported in Outlook, OWA, and Exchange ActiveSync. To enable S / MIME support, you must use the Set-OWAVirtualDirectory cmdlet.
The Edge Transport role is returned , but in a modified form. Before Exchange 2013 SP1, you could only use Exchange 2010 to deploy Edge servers (typically used to directly receive mail from the Internet). Because the configuration and administration of the Edge in Exchange 2013 SP1 is performed exclusively using PowerShell, the configuration is essentially differs from setting up a similar role in Exchange 2007 or Exchange 2010, so this process should be given special attention and all the necessary testing and evaluation should be done before the role is deployed. Some will complain about the lack of a GUI and the need to manage Edge using PowerShell, but in any case, the configuration process is quite straightforward, and if you can't cope with several PowerShell commands, you may not need to deploy a server that serves as a security boundary when receiving mail ?
The model for creating additional applications now supports applications in “edit” mode . Simply put, if earlier you could use additional applications to process data while reading e-mail messages (such as retrieving an address and displaying it on Bing cards), then applications can also be used during the creation of a new e-mail message.
SSL offloading support returned . Again, you can transfer SSL encryption tasks to CAS servers to the balancer.
As in any large package of updates, there are other changes in SP1, addressed not to the widest audience, but, nevertheless, being critical for certain groups of users. An example would be support for authorization using smart cards of the US Department of Defense. Undoubtedly, in the near future on blogs we will see details of many other changes and details of the use of new cmdlets. For those who care about the details, Exchange 2013 SP1 includes 981 cmdlets, while RTM - 958.
Since Exchange SP1 is at the same time a cumulative update, it includes many bug fixes identified during testing and operation. Therefore, you should be very careful when testing a service pack before deployment.
In the next few weeks, I will continue to talk about some of the new features mentioned (at least I will try to move in this direction, as many other things that require immediate attention violate my writing plans). In the meantime, I’m sure you’ll hear a lot of comments soon if you need to deploy Exchange 2013 SP1 or not. In my opinion it is worth it.
So that those who are still working with previous versions of the product do not feel forgotten, Exchange 2007 SP3 RU13 with Exchange 2010 SP3 RU5 also came out at the same time.
I do not want to bore you with the details of the installation, because, at least for me, the update from CU3 was painless. However, I remind you that in order to support new cmdlets and changes in RBAC, you will need to update the ADDS schema, so be sure to include this step in your installation plan. Time-tested precautions remain in force, such as transferring a DAG member to Maintenance Mode and stopping EMS and EAC before upgrading. In our case, the update did not end with injuries, which was an unexpected pleasant surprise. One small warning - check that all services have started after the upgrade, as there may be a catch with transport services.
UPD . Microsoft has published an article KB2938053 devoted to this issue.
')
The update package includes both improvements to the old functionality and new features. The return of S / MIME support to OWA can be an example of the first, and the appearance of important information in the DLP subsystem of fingerprinting settings - the second. Full list of updated and added functionality just below. Where possible and appropriate, the same features are included in Office 365. In fact, given the specifics of the current update release process, new features are deployed in the cloud several weeks before they are offered to corporate customers as an update, such as for example SP1. It is possible that you are already using the new features, although this was not noticed.
So, for me, the most interesting changes included in SP1 are the following:
The emergence of the protocol "MAPI over HTTP" (aka "alchemy") as a mechanism for interaction between Outlook and Exchange. While RPC over HTTP is still used to serve clients other than Outlook 2013 SP1, MAPI over HTTP is likely to become the preferred, and later on, the only protocol to connect to Exchange. RPC is an outdated mechanism that makes it difficult to cope with an unstable network connection (for example, in public Wi-Fi networks), and refusing to use it will make client connections more reliable. MAPI over HTTP using HTTPS is based on HTTP 1.1, and now clients use the POST command to communicate with the server. As a result, Outlook connected using MAPI over HTTP works the same way as EWS, EAS or OWA, which allows you to better handle (hopefully) scenarios such as hibernation exit, switching between networks or network adapters, network failures, and so on. For me, perhaps it will even allow you to no longer use OWA Offline. It is important to keep in mind that the only email client that supports MAPI over HTTP is Outlook 2013 SP1, so you need a lot of time for organizations to fully switch to using the new protocol. You will also need to perform one-time customization in your Exchange organization to enable the use of MAPI over HTTP, fortunately this will not disrupt the network exchange with RPC clients. In the near future, Microsoft plans to include (if it has not yet enabled) a new protocol in Office 365, and new customers will switch to using it automatically. Microsoft does not plan to disable RPC over HTTP for Office 365, but it is not surprising if this happens within a few years.
OWA and OWA for Devices now display DLP warnings . Quite an important change, since earlier Outlook 2013 was the only client that supports DLP. Often this became a blocking factor when deploying DLP in the enterprise.
At the same time, you can now add any documents as a set of information controlled by DLP policies on clients or using transport rules. To do this, you must create a so-called "fingerprint" (fingerprint) of controlled information. I note that the DLP templates supplied with Exchange 2013 SP1 now cover more countries and regions.
Cmdlet logging returned to the Exchange Administrative Center (EAC) . The graphical MMC snap-in Exchange Management Console for Exchange 2007 or Exchange 2010 provided three different ways to see which cmdlets (and with what parameters) would be executed when performing a particular action. This feature is indispensable for those who want to study in detail the syntax and parameters of the cmdlets used. Finally, in Exchange 2013 SP1, you can now enable logging and display a log of cmdlets executed by EAC in a separate window.
Windows 2012 R2 has been added to the list of supported operating systems . Now you can install Exchange 2013 SP1 on servers running Windows 2012 R2, use domain controllers and global catalogs based on Windows 2012 R2, and also raise the level of the domain and forest to Windows 2012 R2.
By the way, for Exchange 2007 SP3 RU13, Exchange 2010 SP3 RU5 also added support for domain controllers and global catalogs based on Windows 2012 R2, but the domain and forest level of Windows 2012 R2 is not supported, as is not supported by installing the product on Windows 2012 R2.
Simplified DAG Deployment If the DAG is deployed on Windows 2012 R2, you can create a “DAG without a dedicated IP address” (or, in Microsoft terms, “DAG without a Cluster Administrative Access Point). This is a continuation of the evolution of the DAG model, in which an increasing part of the responsibility for managing all aspects of the DAG is transferred to Exchange. The new model assumes that all DAG management is performed by Exchange tools, and the Failover Cluster Management, CNO snap-in, network name and DNS records for the cluster are no longer used. I will tell about this extremely convenient change simplifying administration in the near future. Let me just remind you that all DAG members must work on the same version of the operating system, so if you want to switch to using Windows 2012 R2, the existing DAG will have to be recreated.
S / MIME support returned to OWA (for IE9 + only, not Chrome, Firefox and Safari). This functionality has been removed due to changes to the OWA architecture to support various types of displays. Exchange 2013 SP1 S / MIME is supported in Outlook, OWA, and Exchange ActiveSync. To enable S / MIME support, you must use the Set-OWAVirtualDirectory cmdlet.
The Edge Transport role is returned , but in a modified form. Before Exchange 2013 SP1, you could only use Exchange 2010 to deploy Edge servers (typically used to directly receive mail from the Internet). Because the configuration and administration of the Edge in Exchange 2013 SP1 is performed exclusively using PowerShell, the configuration is essentially differs from setting up a similar role in Exchange 2007 or Exchange 2010, so this process should be given special attention and all the necessary testing and evaluation should be done before the role is deployed. Some will complain about the lack of a GUI and the need to manage Edge using PowerShell, but in any case, the configuration process is quite straightforward, and if you can't cope with several PowerShell commands, you may not need to deploy a server that serves as a security boundary when receiving mail ?
The model for creating additional applications now supports applications in “edit” mode . Simply put, if earlier you could use additional applications to process data while reading e-mail messages (such as retrieving an address and displaying it on Bing cards), then applications can also be used during the creation of a new e-mail message.
SSL offloading support returned . Again, you can transfer SSL encryption tasks to CAS servers to the balancer.
As in any large package of updates, there are other changes in SP1, addressed not to the widest audience, but, nevertheless, being critical for certain groups of users. An example would be support for authorization using smart cards of the US Department of Defense. Undoubtedly, in the near future on blogs we will see details of many other changes and details of the use of new cmdlets. For those who care about the details, Exchange 2013 SP1 includes 981 cmdlets, while RTM - 958.
Since Exchange SP1 is at the same time a cumulative update, it includes many bug fixes identified during testing and operation. Therefore, you should be very careful when testing a service pack before deployment.
In the next few weeks, I will continue to talk about some of the new features mentioned (at least I will try to move in this direction, as many other things that require immediate attention violate my writing plans). In the meantime, I’m sure you’ll hear a lot of comments soon if you need to deploy Exchange 2013 SP1 or not. In my opinion it is worth it.
Source: https://habr.com/ru/post/214393/
All Articles