Home

Like Exchange 2007 Service Pack 1, Exchange 2007 Service Pack 2 is a slip-streamed version.

Exchange 2007 Service Pack 2 introduces several new features, but in order to utilize Exchange 2007 SP2, you must perform the following steps:

  1. Extend the Schema
  2. Prepare Active Directory
  3. Install Windows Installer 4.5
  4. Uninstall Interim Updates

Extend the Schema

In order to deploy Exchange 2007 SP2, you must first extend the schema. Depending on your environment's configuration, one of the following scenarios will happen:

  • If your Active Directory environment currently does not have any Exchange Server version deployed, then when you extend the schema, the schema changes included with Exchange 2000 through Exchange 2010 will be deployed in your environment.
  • If your Active Directory environment is currently Exchange 2000 and you are upgrading to Exchange 2007, then when you extend the schema, the schema changes included with Exchange 2003 through Exchange 2010 will be deployed in your environment.
  • If your Active Directory environment is currently Exchange 2003 and you are upgrading to Exchange 2007, then when you extend the schema, the schema changes included with Exchange 2007 through Exchange 2010 will be deployed in your environment.
  • If your Active Directory environment is currently Exchange 2007 and you are upgrading to Exchange 2007 SP2, then when you extend the schema, the Exchange 2010 schema changes will be deployed in your environment.

Question 1: Why is Exchange 2010 listed above?

For those of you that haven't been keeping abreast of the work we are doing in Exchange 2010, Exchange 2007 SP2 is required for coexistence with Exchange 2010. This enables support for coexistence like ensuring Exchange 2010 mailbox Autodiscover requests that are received by CAS2007 are redirected to the appropriate CAS2010 and enabling ActiveSync proxy support between CAS2010 and CAS2007.

Therefore, to minimize the number of times you have to perform a schema extension, we decided to include the Exchange 2010 RTM schema. For those of you that are planning to upgrade your Exchange 2007 environments to Exchange 2010, this will reduce the number of schema extensions you have to perform. Once you extend the schema with Exchange 2007 SP2, you will not have to extend the schema with Exchange 2010 RTM.

However there are direct benefits with deploying the Exchange 2010 schema with Exchange 2007 SP2. One of the new features in Exchange 2007 SP2 is the ability for administrators to control certain settings at the organization level that originally were configured via configuration files; the schema changes have enabled us to move some of these settings now into AD. Expect to hear more about this in a future blog post.

Question 2: How do I extend the schema?

In order to extend the schema you must meet all the pre-requisites:

  1. You must be running the Exchange 2007 setup with a domain account that is a member of the Schema Admins and Enterprise Admins security groups.
  2. The machine on which you run the Exchange 2007 setup schema extension process must be a member of the same domain and Active Directory site as the Schema Master.
  3. The machine on which you run the Exchange 2007 setup schema extension process must be:

a. Windows Server 2003 SP2 with Windows Installer 4.5 installed
b. Windows Server 2008 with Windows Installer 4.5 installed
c. Windows Server 2008 SP2

To extend the schema, you simply run this command from an administrative command line:

setup /PrepareSchema

Prepare Active Directory

In order to support the new Role Based Access Control (RBAC) model in Exchange 2010, a new security group was created, the Exchange Trusted Subsystem (ETS). The ETS is a highly-privileged universal security group (USG) that has read and write access to every Exchange-related object in the Exchange organization. In Exchange 2010 all Remote Powershell actions are run under the context of a CAS which is a member of the Exchange Trusted Subsystem. This means that for any action that acts against a local server resource, for example in enumerating the IIS virtual directories, to succeed the Exchange Trusted SubSystem needs sufficient rights to view or manipulate those local resources depending on the action.

In order to support coexistence with Exchange 2010, Exchange 2007 SP2 creates this security group in...

Question: How do I prepare Active Directory?

In order to prepare Active Directory you must meet all the pre-requisites:

  1. You must be running the Exchange 2007 setup with a domain account that is a member of the Enterprise Admins security group.
  2. The machine on which you run the Exchange 2007 setup schema extension process must be a member of the same domain and Active Directory site as the Schema Master.
  3. The machine on which you run the Exchange 2007 setup schema extension process must be:

a. Windows Server 2003 SP2 with Windows Installer 4.5 installed
b. Windows Server 2008 with Windows Installer 4.5 installed
c. Windows Server 2008 SP2

To extend the schema, you simply run this command from an administrative command line:

setup /PrepareAD

Install Windows Installer 4.5

Microsoft Windows Installer is a component of the Windows operating system. Windows Installer provides a standard foundation for installing and uninstalling software. Software manufacturers can create the setup of their products to use Windows Installer to help make software installation, maintenance, and uninstallation straightforward and easy. For more information, please see http://msdn.microsoft.com/en-us/library/cc185688(VS.85).aspx.

The Exchange 2007 and Exchange 2010 setup engine is an example of a product that leverages Windows Installer. Specifically we have a setup wrapper that launches and installs the product via an MSI file. Windows Installer also allows us to patch via MSP files.

However, several of our customers have experienced an issue due to Windows Installer and the way rollups are applied. Essentially the following could happen:

  1. You installed Exchange 2007 SP1 on a machine that does not have Windows Installer 4.5.
  2. You removed the setup media or disconnected the network share.
  3. You then applied SP1 RU4v1.
  4. You then uninstall SP1 RU4v1.
  5. During the uninstall you are now prompted for the source media (Exchange 2007 SP1).

This scenario was a result of a bug in the Installer setup experience, where if we ship a non-versioned file with a companion file in the main product setup MSI file (so in the Exchange 2007 SP1 media) and then and we patch the non-versioned file for the first time (so in the SP1 RU4v1 patch) then the uninstall of the patch prompts for original install media (because MSI has a bug where it does not make a backup of the non-versioned file when installing the patch). An example of a non-versioned file is the logon.aspx file for the forms-based authentication page in Outlook Web Access.

Question: How do I install Windows Installer 4.5?

For Windows Server 2003 SP2, Windows Vista SP1, and Windows Server 2008 RTM, to install Windows installer 4.5 you need to download the appropriate version from http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5a58b56f-60b6-4412-95b9-54d0....

Please note that if you are running Windows Vista SP2 or Windows Server 2008 SP2, Windows Installer 4.5 is already included.

Uninstall Interim Updates

Beginning with Exchange 2007, Sustained Engineering moved to model where we release public rollups on a routine basis as opposed to building individual hot-fixes that may or may not be publically accessible. This allows customers to get the latest code base fixes directly from Microsoft.com without requiring numerous hot-fixes to be up to date.

However, sometimes customers do experience issues that require them to run what we have termed an Interim Update because they cannot wait for the rollup to be released that contains the fix. Customers can obtain the Interim Update from Microsoft Support and deploy it to resolve their issue. Because it is an Interim Update, it does have certain requirements - they require a certain version of a rollup / service pack and due to our rollup architecture, Interim Updates must be uninstalled prior to installing the next rollup or service pack.

Conclusion

Hopefully the information included above will prepare you in upgrading to Exchange 2007 Service Pack 2. If you have any questions, please let us know.

-- Ross Smith IV

66 Comments
Not applicable
I was running Exchange 2007 SP1 and upgraded directly to SP2, without upgrading schema or directory. The Security Group for ETS was created. During the setup, I noticed that the first process does something like preparing the AD. Do I still have to manually run setup /PrepareSchema and setup /PrepareAD or it was automatically done in the setup?

Regards,
Julián

PS: The new sp setup is great! :)
Not applicable
Hi Julian, the schema was upgraded when you ran SP2, no need to re-run anything.
Not applicable
MS don't support Exchange 2007 SP2 running on Windows 2008 R2.
Not applicable
Trying to upgrade 2007 SP1 but get this error. Same if I try to prepare schema from command line. Any idea?

Organization Preparation
Failed

Error:
An error occurred when executing 'ldifde.exe' to import schema file 'C:E2K7_SP2SetupServerRolesCommonSetupDataPostExchange2003_schema3.ldf'. Error code: 8202.
Elapsed Time: 00:00:06
Preparing Setup
Cancelled

Not applicable
SP2 install was fantastic! Best MS upgrade to date.

One question though. I was running SP1 on our x64 2003 server. Like others I didn't do anything other than download the 4.5 installer and run the update. I never touched the schema or AD, yet all completed without error.

I want to confirm that everything was applied and upgraded  correctly. What can I look for to be sure? Is there a version number that I should see?

Thanks.
Not applicable
We have Exchange 2003 with SP2 and we tried to install Exchange Server 2007 with SP2 CAS and Hub Transport Server and completed successfully. But while trying to install Exchange 2007 with SP2 Mailbox (CCR cluster), it failed and thrown the below error
"Service 'MSExchangeTransportLogSearch' failed to reach status 'Running on this server.
Cannot start service MSExchangeTransportLogSearch on computer '.'.
The service did not respond to the start or control request in a timely fashion"

I tried on the passive node,  but same error there as well. Manulay tried to start the service also failed. Tried couple of uninstall and install but no luck. Then I tried with the Exchange 2007 with SP1 which worked well, I guess some issues with the SP2 for CCR

Have anyone come across with such scenario?
Not applicable
@Goran Topalovic:

As far as I know it's due to Server 2008 R2 having a new version of IIS (7.5) and PowerShell (2).
Not applicable
Hi,



I tried installing SP2, but it failed running /prepareAD. The setup.log says:


[ERROR] Active Directory operation failed on dc1.company.intra. The object 'CN=Folder Hierarchies,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=COMPANY,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company,DC=intra' already exists.



I tried renaming the object using ADSI Edit, but that's not allowed.



Any suggestions on how to troubleshoot this issue?

Not applicable
@ Vinu,

With the exception of having to forcibly move the Quorum owner role over to the active node* my upgrade went smoothly.

* I had to do this for each server in the cluster.
Not applicable
I am curious to why it is impossible to install Exchange 2007 SP2 in an Exchange 2010 environment. Is there nothing you can do or any scripts you can run because this article basically says they run on the same schema so....
Not applicable
@Liam
To install Exchange 2010 into an environment running 2007, the 2007 box needs to have SP2.
Also,
"After you deploy a new Exchange 2010 organization, you can't add servers that are running earlier versions of Exchange to the organization. The addition of earlier versions of Exchange to an Exchange 2010–only organization is not supported."
Not applicable
@Mike

I understand they are not supported. But I am wondering why earlier servers cannot be placed into an Exchange 2010 only schema. Isn't it the same schema as 2007 SP2?
Not applicable
An issue no one brings up is that if you have upgraded your domain level to Server 2008 R2 and try to install the schema updates they fail the tests and won't let you continue. To get around this, I had to use the Exchange server 2010 adprep with the schema updates in SP2. Its a major bug and needs to be resolved. I am NOT installing on server 2008 R2, just have all DCs that are Server 2008 R2 and am at a forest / domain level of server 2008 R2. I wish this had been tested more throughly.
Not applicable
Hi,

why does every documentation on SP2 and also this blog post mention that you should first prepare the schema and AD before actually running setup while setup itself also does these actions if you haven't done this manually? There's no mention anywhere that simply running setup also prepares the schema.

Franc.
Not applicable
I have already upgraded one test CAS server to SP2 in the organization. I'd like to know if I can also upgrade other test servers without upgrading the live CAS/HT/MBX servers first. Will this cause trouble?
Not applicable
@Franc
It is best practice to split up Schema Admin and Exchange Admin roles, so you would typically have your schema person do the extension, and then you do the install.  The GUI is suitable for shops that do not follow this best practice.

@Richard
It is best practice to have all of your exchange servers running the same service pack level.  However if you do not do this you shouldn’t experience any problems.

@Liam
I am not sure why Microsoft supports some things and not others.  I wonder if maybe exchange 2010 makes schema extension decisions based on the presence (or lack thereof) of older exchange servers.  Meaning the environment isn’t suitable for older versions of exchange if they weren’t first there.  This support model is the same for Exchange 2007 and 2000/3 as well, so I am not surprised to see this.
Not applicable
Same problem with Vinu Kumar T K posted before.
Any one have the problem to clean install Exchange 2007 SP2 CCR
Service 'MSExchangeTransportLogSearch' failed to reach status
I have just sucessed to setup CCR using SP1.
Not applicable
@Vinu & Cyrus
You should post this problem here for this type of discussion:
http://social.technet.microsoft.com/Forums/en-US/exchangesoftwareupdate/threads
Not applicable
Regarding teh question about the greenfield deployment scenario and the ability to install legacy versions of Exchange.  Whether you deploy a greenfield Exchange 2010 environment or upgrade to Exchange 2010 from previous versions (E2000 -> E2003 -> E2007 -> E2010), the schema is the same.  What isn't the same, however, is the forest preparation (e.g. configuration partition) via /PrepareAD.  We made the decision back in E2007 to not carry forward certain aspects that were deprecated (e.g. Active Directory Connector settings/configuration).

Ross
Not applicable
Unable to apply the Sp2 update...

Exchange server running W2k8 x64 Sp2, domain controller running W2k8 x64 R2 with forest level to R2. Org check complaining that at least one DC must be running W2k3 sp1..... :-(

Bug or not supported ? (I think running R2 as DC should not be an issue)
Not applicable
I am curious about John and Loic's question as well, because I have all 2008 R2 domain controllers (domain and forest functional level are reported as 2008 and cannot be raised, so I assume there is no such thing as R2 domain and forest functional level?)
Not applicable
Sorry - edit...  Domain/forest functional level are 2008 but I am planning to up to 2008 R2 soon.  It sounds like perhaps I should wait!!!
Not applicable
@pesos
Yes you should at least until you apply the Schema updates. I spent two nights banging my head against a wall trying to figure out how to get this to run. I'm probably not supported now because of the way i had to do things but MS decided not to test this scenario at all otherwise they would easily know the problem exists.
Not applicable
I have a quick question. We are running Exchange 2003. We extended the scheme for Exchange 2007 and then Exchange 2010 was announced a week later. We decided not to move forward with Exch2007 and just wait for 2010. So we still have only Exch2003 servers. Should we use Exchange 2007 SP2 to extend the scheme again or just wait for Exch2010's schema extensions?
Not applicable
If I apply Exchange 2007 SP2 will the schema/AD extensions stop any future Exchange 2007 servers from being added to the Organization?
Not applicable
Goran Topalovic...  Translation = ducha portátil
Not applicable
@ Mike R - No.

@ Sloan - You can wait or do it now, either way. The schema is the same.

@ Loic Lambiel - a bug, we are working on it.
Not applicable
Are there any best practices when planing schema updates for Server 2008 R2 and Exchange 2007 SP2? We have the Exchange 2007 SP1 schema up to date, and were planning on Server 2008 R2 Schema updates next, ought we do the EX2K7SP2  updates first? Does it matter?
Not applicable
Im also having the same issue as Loic. Running 2008 R2 DC and forest level is a R2. hope there is a fix for this.
Not applicable
I'm curious to know whether Exchange 2007 SP2's PrepareAD is the same as the PrepareAD in Exchange 2010 RC1. Specifically, does the PrepareAD in 2007 SP2 add the same ACEs to the AdminSDHolder object as 2010 RC1?

I assume you are aware of the fact that one of the ACEs added by 2010's PrepareAD (Write Property for Member) allows members of the new Exchange group to elevate their AD privileges with a couple of mouse clicks - http://policelli.com/blog/?p=449.
Not applicable
After running the setup.exe i got a few errors and attempted to run the setup /prepareAD command.  This is what i got back:

C:SP2>setup /prepareAD

Welcome to Microsoft Exchange Server 2007 Unattended Setup

Preparing Exchange Setup

No server roles will be installed

Performing Microsoft Exchange Server Prerequisite Check

   Organization Checks              ......................... COMPLETED

Configuring Microsoft Exchange Server

   Organization Preparation         ......................... FAILED
    An error occurred. The error code was 3221685941. The message was The inter
face is unknown..


The Exchange Server Setup operation did not complete. For more information, visi
t http://support.microsoft.com and enter the Error ID.

Exchange Server setup encountered an error.







Same error ID as i got when i ran the setup.  Any ideas?
Not applicable
@Grant:

What is your OS?

If I remember correctly, I had the similar string of numbers when I started setup on Windows 2008 R2.
Not applicable
@ John Policelli - the answer is no; E2007 SP2 does not do this, so no matter what the E2010 Beta situation is - it is NOT the same in E2007 SP2.
Not applicable
Hi,

I just want to know, from where should we start upgrading to Exchange SP2. i mean shall we start from Hub transport or from CAS server or From Mailbox server.
Not applicable
Goran,
I'm running Windows server 2003 R2
Not applicable
Gordan,

Apologies, it's Windows Server 2003 R2 x64
Not applicable
Gordan,

Thanks for your reply.  Their is no way to get this to work without reinstalling the OS?  The main function i'm trying to get is for the update on the iphone for exchange to work with the new calender options... which requires at least rollup 4 on SP1.  Ideally instead of installing 4 rollups i could just install the SP2, but if i cant do it then that's life i suppose.

Any other suggestions?  
Not applicable
setup /ps
ok
setup /PrepareAD
error

# Tasks for 'Transport Global AD Configuration' component
# [ID = a08f4bfe, Wt = 1, isFatal = True] "Creating DSN Customization container."
install-Container -Name:"Transport Settings","DSN Customization" -DomainController $RoleDomainController
# [ID = bb39d0fe, Wt = 1, isFatal = True] "Configuring message classifications container."
install-Container -Name:"Transport Settings","Message Classifications" -DomainController $RoleDomainController | add-adpermission -user AU -AccessRights ListChildren -DomainController $RoleDomainController
# [ID = 850c40fe, Wt = 1, isFatal = True] "Creating default message classifications container."
install-Container -Name:"Transport Settings","Message Classifications","Default" -DomainController $RoleDomainController
# [ID = f422243e, Wt = 1, isFatal = True] "Configuring system message classification."
install-SystemMessageClassification
# [ID = 963917fe, Wt = 1, isFatal = True] "Creating the rules container."
install-Container -Name:"Transport Settings","Rules" -DomainController $RoleDomainController
# [ID = 655217fe, Wt = 1, isFatal = True] "Creating Message Hygiene container."
install-Container -Name:"Transport Settings","Message Hygiene" -DomainController $RoleDomainController
# [ID = 510d0abe, Wt = 1, isFatal = True] "Creating sender reputation object."
new-SenderReputationConfig -Name:"Transport Settings","Message Hygiene","Sender Reputation" -DomainController $RoleDomainController
# [ID = 29302bfe, Wt = 1, isFatal = True] "Creating containers for DSN-supported languages."
foreach ($lcid in (get-DsnSupportedLanguages)) { $lcidStr = $lcid.ToString([System.Globalization.NumberFormatInfo].InvariantInfo); install-Container -Name:"Transport Settings","DSN Customization",$lcidStr -DomainController $RoleDomainController; install-Container -Name:"Transport Settings","DSN Customization",$lcidStr,"Internal" -DomainController $RoleDomainController; install-Container -Name:"Transport Settings","DSN Customization",$lcidStr,"External" -DomainController $RoleDomainController; }



any ideas?
thz
Not applicable
Resolved
I had installed powershell v2 on windows 2008 stardard edition 64 bit

Not applicable
All of our Exchange 2007 servers have been upgraded to SP2 except one. It gives us an error.

This computer is running Windows Server 2003 and has not been assigned an IPv4 address. Check the network configuration. IPv6 is only supported in Exchange Server 2007 Service Pack 2 when it is installed on a Windows Server 2008 computer that has both IPv4 and IPv6 enabled.

This server has a static IPv4 address and IPv6 is not installed.
Not applicable
Can MS please expand on the statement in the SP2 release notes that states "PowerShell Version 2 is supported on all Exchange 2007 SP2 server roles. PSv2 is the preferred solution for PowerShell on Windows Server 2008 servers and servers" ?

After SP2 is installed can the Powershell V2 release candidate be installed on the Exchange 2007-SP2 server ?  If not what is it that we are waiting for, the RTM of Powershell 2.0 for Windows 2008 ?  Another post-SP2 update to Exchange 2007 that will support Powershell V2 ?  Please advise.  Thank You.

Sam
Not applicable
I had my AD admin update the schema using setup.com, no issues reported.  When I run setup.exe to install SP2 under my ID, it says that updates need to be made to AD and that I dont' have permissions? So, even though Schema has been updated, do I need to have Schema master permissions to run the setup?
Not applicable
So is R2 only an issue for the domain controllers?
My situtation:
DC's are 2003 SP2 (ops masters are x64, rest are x32)
Exchange servers are Exchange 2007 SP1 running on 2003 R2-SP2-x64

So Exhange is R2 but no DC's are R2....do I need to run any prep or just update exchange to sp2 ?
Not applicable
JJ - it sounds like you are running Windows 2003 R2 - the "R2" problem (taked about here: http://msexchangeteam.com/archive/2009/09/02/452284.aspx) is with Windows 2008 R2 domain controllers. There are no known issues related to Windows 2003 R2 and Exchange that I know of, in any combination (DCs, running on or both).
Not applicable
Has anyone been able to run SP2 setup without having Schema Admin, and Enterprise Admin permissions
Not applicable
Hi Joe,

I get an error similar to yours, about not having enough permissions.  Logged in as the domain admin....have Schema Admin & Enterprise Admin permissions, but still no joy.

Running Windows 2008 x64 & Exchange 2007 SP1 x64

Here's the log from the command "setup /PrepareAD".  Any ideas anyone ?

Preparing Exchange Setup

No server roles will be installed

Performing Microsoft Exchange Server Prerequisite Check

   Organization Checks              ......................... COMPLETED

Configuring Microsoft Exchange Server

   Organization Preparation         ......................... FAILED
    Active Directory operation failed on myserver.mydomain.com. This error is not r
etriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03152492, problem 4003 (INSUFF
_ACCESS_RIGHTS), data 0



The Exchange Server Setup operation did not complete. For more information, visit http://support.microsoft.com and enter the Error ID.

Exchange Server setup encountered an error.
Not applicable
Ugh - Installing Installer 4.5 requires a reboot? That's nuts.
Not applicable
So is anybody able to launch the SP2 setup even after the Schema has been updated? In some organizations Exchange admins don't have Enterprise/Schema Admin permissions.  So is that a requirement in Sp2 event to launch the setup, or is this a bug?
Not applicable
OK, lots of comments above so I hope I am not repeating something already covered.  I have a few HUB/CAS servers and a CCR cluster doing SCR to a recovery server (paranoid I know).  Any tips to the order I should perform my upgrade in?  Should I:

1.  upgrade my CAS and HUB transport
2.  then upgrade my SCR target (as a passive node) as per the documentation.
3.  then do a CCR upgrade as per the cluster documentation.

Any thoughts, the SCR thing is a new configuration for my infrastructure and part of providing a "nice" RTO for the organisation.
Not applicable
So to make it a bit more complicated, my TAM tells me I should go straight to roll up 1 for SP2.  Should I deploy this with the SP or wait until the full SP 2 installation is finished, and then go back to the beginning and start again?

Last but not least, what about ForeFront for Exchange.  Any prerequisites there I should be aware of?