Home

Today the Exchange CXP team released the following update rollups to the Download Center. All three releases cover Security Bulletin MS12-080. Because this is a security release, the updates will also be available on Microsoft Update.

Update Rollup 5-v2 for Exchange Server 2010 SP2

This update contains a number of customer reported and internally found issues. For a list of updates included in this rollup, see KB 2785908 Description of Update Rollup 5 version 2 for Exchange Server 2010 Service Pack 2. We would like to specifically call out the following fixes which are included in this release:

Note: Some of the following KB articles may not be available at the time of publishing this post.

  • 2748766 Retention policy information does not show "expiration suspended" in Outlook Web App when the mailbox is set to retention hold in an Exchange Server 2010 environment
  • 2712595 Microsoft Exchange RPC Client Access service crashes when you run the New-MailboxExportRequest cmdlet in an Exchange Server 2010 environment
  • 2750847 An Exchange Server 2010 user unexpectedly uses a public folder server that is located far away or on a slow network

For DST Changes: http://www.microsoft.com/time

Exchange Team

97 Comments
Not applicable

I for one find the product teams decision to fix security vulnerabilities only in Update Rollups completely unacceptable and at odds with many other products in the Microsoft product line. A security vulerability should be addressed by a small hotfix that addresses the vulnerability rather than part of a much wider rollup which includes additional functionallity and a much braoder change to the code base. For those in coprorate environments testing a large rollup is at odds with security patching.

The number of re-issues for rollups in the last year or so also reinforces the need not to be an early adopter and effectively test updates which is at odds with covering an exploit.

I wish you would review this methodology.

Paul

Not applicable

I agree with Paul and am very concerned with the quality assurance testing that goes into these roll-ups.  I have a policy that I don't touch Roll-ups for a month to wait and see if a recall is going to happen.

Not applicable

I recently completed the transition from Exchange 2007 to Exchange 2010. My testing and planning included RU 4 and then RU4-v2.

However, after reading of many problems experienced after either or these RUs, the majority of who roll-backed to RU3, I proceed with just RU3. As RU5 only just came out, I decided to wait a month or so for any fallout.

The quality assurance of these RU is of some concern and this stage, will have to stick with RU3 until a stable RU is released.

Not applicable

When compared to the original version, the following fix went MIA in EX2010SP2RU5v2:

2748870 Declined meeting request is added back to your calendar after a delegate opens the request by using Outlook 2010

Not applicable

Didn't work for me. Just wanted to let you guys know. Tried disabling Forefront manually, but that didn't help.

Action 23:33:18: CA_CUSTOMER_PREPATCH_INSTALL.

CAQuietExec:  Error 0x80070001: Command line returned an error.

CAQuietExec:  Error 0x80070001: CAQuietExec Failed

CustomAction CA_CUSTOMER_PREPATCH_INSTALL returned actual error code 1603 but will be translated to success due to continue marking

Action 23:33:19: CA_ROLLBACK_SAVEDATA_STOP_SERVICES.

Action 23:33:19: CA_START_WMI_SERVICES_ROLLBACK.

Action 23:33:19: CA_ENABLE_WMI_SERVICES_ROLLBACK.

Action 23:33:19: CA_SAVEDATA_STOP_SERVICES. Stopping services

CAQuietExec:  Error 0x80070001: Command line returned an error.

CAQuietExec:  Error 0x80070001: CAQuietExec Failed

CustomAction CA_SAVEDATA_STOP_SERVICES returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

Action ended 23:33:31: InstallExecute. Return value 3.

Not applicable

@deiruch - what did you try installing, on which kind of server (roles etc.)?

Not applicable

Note that it's no longer required to restart ForeFront service manually since Exchange 2010 SP2 RU4. See KB 2743871 Microsoft Exchange Transport service does not restart automatically after an Exchange update is installed.

Not applicable

Has this fixed the problem whereby moving mailboxes sits retrying 5 times every 60 seconds at the end of the move before stating that it failed to clean up the source mailbox. This was introduced in update 3 for SP2 and is extremely infuriating during migrations. Big thread on technet forums about it.

Not applicable

@Nino: I tried installing Exchange2010-KB2785908-v2-x64-en.msp on Version 14.2 (Build 247.5). All roles are installed (Hub Transport, Client Access, Mailbox, Unified Messaging), though UM is not in use. Can't install KB2756485 (RU4-v2) because of the same problem. All other (previous) WU-distributed updates are installed. Everything on 2008R2 SP1. I checked kb981474 too, only LocalMachine is set to "RemoteSigned".

Not applicable

We've had three versions of rollup 8 (ex2k7) and 2 versions of rollup 4 (ex2k10). Rollup 5 was pulled as well. When does the madness stop?

This is ridiculous beyond belief. There are too many bugs being found in these releases. As the first poster in this thread, Paul Bendall, points out - Microsoft needs to STOP with these rollups that add additional functionality. You're constantly breaking things constantly. Are things really this pathetic at Microsoft?

Test your rollups and SP's THOROUGHLY before releasing them. This is crazy embarrassing.

Not applicable

Same issue as Deiruch, down to identical errors in the log files. Installing on  Hub, CAS & Mailbox standalone. No Forefront installed.

Not applicable

Please stop releasing Security Updates only through RU´s!!!!!

Not applicable

Exchange 2010 SP2 UR4 mailbox move to another DB on the same server with newly created databases gives warning/error:

The Microsoft Exchange Mailbox Replication service completed request <mailbox> with warnings.

Warning: Failed to clean up the source mailbox after the move.

Error details: MapiExceptionUnexpectedMailboxState: Unable to delete mailbox. (hr=0x80004005, ec=2634)

Is this solved with UR5v2?

Not applicable

all in all Exchange still works great and has broad functionality. Groupw#?! is even worse, believe me. What is really emberassing, is the fact that TMG 2010 is abandoned - this was a great mistake and sympathy for Microsoft is declining. Some other bad decisions will accelerate this process.

Not applicable

Someone has to stop this RU Versioning mess immediately! I can't belive that the biggest software company in the world makes such a poor job in QA. What's going on? Hey, wake up!

Not applicable

Using an Update Rollup to deploy a security update is really poor practice, given the past history on the quality of Update Rollup releases. Please separate out security updates from Update Rollups.

Not applicable

Stop deploying security patches in combination with roll ups NOW!!! Security patches need to be applyed quickly - but roll ups needs testing AT MICROSOFT and on the customer side.

Not applicable

Re the disabling Forefront thing, see my blog post here:

www.rebee.clara.net/.../entry_199.html

Simple, effective, one less thing to worry about, even if it isn't strictly needed anymore.

On the subject of 'security updates in roillups only', I have some sympathy with Microsoft on this one.  It means just one security patch (in the rollup) and not a different patch for every flavour, e.g. one each for SP2, SP2 RU1, SP2 RU2, SP2 RU3, SP2 RU4, SP2 RU4-2, SP2 RU5, and SP2 RU5-2.  That's asking for trouble.

Not applicable

I agree with everyone else here. What the hell is going on with the QA for Exchange development these days? UR's should be separate from security hotfixes, or the logic behind joining them should be explained clearly.

If they must be joined, then higher levels of QA *must* be done before release. This constant pulling and re-issuing nonsense has got to stop. The number of re-releases over the past 3 years is absurd for a company of Microsoft's resources.

I've had to adopt a policy of waiting 60-90 days to install these updates just so I'm not introducing major bugs into my environment. Unfortunately, it means I'm missing out on security fixes in the meantime.

Not applicable

If releasing quality updates means delaying release of said update - then delay the release of the update!!!

I used to look up to the Exchange team at Microsoft. They used to be the best coders in the world, hands down. Nowadays they seem to released half-finished code. The latest spat of versioning all the rollups is downright unacceptable. Looks like it is going to be even worse with 2013 because it won't integrate with current 2010/2007 installations, and there are features missing left and right (ex. message tracking missing from GUI, etc).

Get your act together at Microsoft! Exchange is going way downhill nowadays and this is not acceptable. You need to push back any RTM until a proper job can be done testing your products. The onld joke of "you can't deploy a Microsoft product until at least SP1" is really ringing true lately.

Not applicable

Calm down folks.

With an email system such as Exchange that has the largest market share, it's impossible to test EVERY possible problem that may arise.

I do think the security updates should be separate, but depending on the components in Exchange that is affected it may easier to streamline it through a UR.

Not applicable

I'm curious about the 5-try post-migration mailbox cleanup and the "Failed to clean up the source mailbox after the move." issues.  They've been around for a while now, and while the "Failed to clean..." message is potentially harmless, it's like "Crying wolf"; I'll ignore these messages and the ONE TIME I get a legitimate one it will go unnoticed.  

The 5-try thing just adds additional time to a mailbox migration which is unnecessary and tedious.  

Not applicable

We're on Exchange 2007. Recently we decided to update to Rollup 8. Then, Microsoft recalled that rollup and issued a V2. We were like, okay, well, mistakes happen. Then they recalled that one and issued a v3. At this point we were all WTF is going on with QA at Microsoft? Now we find out that we can't buy Exchange 2007 or 2010 SA licenses anymore because 2013 has hit RTM. The catch is that we can't implement 2013 until 6 months from now when Microsoft decides to implement a patch that co-exists with their own products. We all (all 9 admins at my company) think Microsoft is losing it and the quality of their products are starting to decline.

I'm sure within a week we'll hear that this new rollup 9 was recalled and a v2 of it was released as well. We're getting scared to deploy updates now. What is going on in Redmond that is causing all these problems?

Not applicable

Where is the rollup for Exchange 2010 SP3? What, no love for people running the latest service pack?

Not applicable

At the rate things are going lately, I fully expect to see these rollups removed and replaced in a few weeks with another incremental version update. Eventually MS will need to start implementing a new numbering scheme. I fully expect the future to bring "Exchange Service Pack 2, Rollup 9 version 3.4" or something along those lines. Seems like the Exchange team is completely FUBAR on their rollup testing Q and A.

Not applicable

Is there a Rollup 5 available and you forgot to include it in the above list, are the updates already included in rollup 4v2 and we don't need to worry about it, or did you forget about the majority of your customers running the latest service pack and rollup?

Not applicable

Enough already, I agree with Paul Bendall

Not applicable

@Exchange 2010 SP3 rollup 5 is missing from the list: Exchange 2010 SP3 is not released yet. The above list includes all Exchange versions + Service Packs currently supported - Exchange 2010 SP2, Exchange 2010 SP1, and Exchange 2010 SP3.

Note, the vulnerability mentioned in security bulletin MS12-080 does not impact Exchange 2013, so there is no security update for Exchange 2013.

Not applicable

Microsoft should NOT be releasing rollups that introduce new features along with critical security updates. The constant releasing then pulling rollups is getting to the point where we are all starting to roll our eyes when a rollup is available wondering when they'll eventually pull it and re-release it again.

Not applicable

Shouldn't Microsoft be spending all their time on fixing Exchange 2013 deficiencies, rather than continually playing the three card Monty rollup shuffle every few weeks?

IMO Microsoft should stop everything they are doing and move up the Exchange 2007 and Exchange 2010 integration patches for co-existence with Exchange 2013. Then, they should focus all their effort on fixing all the items they left out of the RTM. The only thing that Microsoft should be doing with rollups now is fixing bugs, not implementing new features that have obviously not been tested thoroughly enough. Paul Bendall is exactly spot on correct.

Not applicable

about security fixes in rollups or not - I protect lot's of Exchange Servers with TMG 2010 and it's worthmentioning pre-authentication and NIS-Protection. Believe me, have an eye on this!

Not applicable

Oh great. Another round of patching the broken patches. Now, we have patches for the patches that fix the broken patches. Brilliant!

Not applicable

MS wants everyone on Office 365, but just 3 weeks ago Office 365 was DOWN 13 hours.

Why not focus on giving us WORKABLE RUs for On-Premises instead of focusing on Office 365 so much.............

Not applicable

OK, whether we like it or not, wer'e stuck with the current release situation.

I'm interested to hear from anyone who has actually installed the new Rollups and how they got on.

Cheers.

Not applicable

TheExchange 2007sp3ru9 not finish install after 3 hours. Fortunate on a server with no mailboxes. Exchange IS and SA refuse to run errors in log. we are calling the phone with PSS.

Way screw up Exchange RU! DO NOT UPDATE!!!!! WARNING!!!!!

Not applicable

We're having the exact same problem with RU5v2 that we had with the original RU5. The store.exe is crashing. Good thing we decided to test this on a restored VM. Microsoft, what is the problem with getting these rollups right? You are seriously sucking lately.

Not applicable

@Same Problem

Not seeing any issues here with RU5 V2, so you may have some obscure local DB corruption issue?

Not applicable

my concern for these Rollup is .net image takes way too long.  Anyway to speed that up?  

Not applicable

This update does not install. Gives an error. Anyone else have this issue?

Not applicable

Has anyone installed this rollup who is having the mailbox moving issue?  I am curious to see if this rollup addresses it or not.  I jsut opened a case with MSFT support and their email to me last night said that the only workaround is to roll back to RU2 and wait for SP3.  Something just isnt right here

Not applicable

Do we still need to install MS12-080 if we already implemented the workaround  below?

Set WebReadyDocumentViewingOnPublicComputersEnabled to $False

Set WebReadyDocumentViewingOnPrivateComputersEnabled to $False

Not applicable

For people having problems to install those rollups, verify that you didn't install Windows Management Framework 3.0 (Powershell 3.0)

eightwone.com/.../caution-kb2506146-and-kb2506143

theessentialexchange.com/.../windows-management-framework-3-0-powershell-3-0-and-exchange.aspx

Not applicable

@AHWC you can shutoff CRL checking through the browser (in IE Tools>Internet Options>Advanced under security section uncheck the box next to check for publisher's certificate revocation)

Not applicable

So, what do we do if we've installed the PS3.0 update? Do we need to remove that before we can install these new updates? Can we re-apply the powershell 3.0 update afterwards?

This is just crazy that updates are being recalled and republished, updates are breaking other updates, and we have to manually disable certificate revocation checking. No offense, but this is crazy.

Not applicable

I've just installed Rollup 8 for Exchange 2010 SP1 on an SBS2011 server using WSUS, and it went fine.  Took about 15 minutes to do the update, then required a reboot to complete.  Good luck to anyone else.

Not applicable

Wasn't this vulnerability in Webready document the same as Microsoft Security Advisory 2737111 ?

Back then, the "fix" was to disabled the webreadyvieweing, works fine for my an my 4000 mailboxes. Gladly running Exchange 2010 SP1 UR6, and i have no intentions to put my exchange user base, to the mercy of bad quality and testing from Microsoft again, I was going to go to SP2 finally, until i saw we're back to issues instead of fixes..

Come on Microsoft, i still have faith, but geez, it doesn't seem the high level managers are reading this blog, how can they let the coders release a patch that is supposed to improve the exchange environment, introducing issues different than the ones the patch is supposed to fix, and not once, which would be ok, not twice, (which should raise flags with Q&A managers, but as many times you guys have released an RU. Are the high level managers this blind at Redmon ? is anybody at redmon reading this blog, listening to us, and doing something to prevent this "little mistakes" ? Dear Microsoft,  we're beeing forced to install an Exchange RU and a security update in the same package, you bet is going to break stuff up. , this is unacceptable for us , should be unacceptable for Q&A at Microsoft, Please, Please fix this RU's once a for all, don't release another one until you guys get the next one straight.

In the meantime, can we get away with the webreadydocument disabled ? my users don't mind this feature at all. And my environemnt would be happy i'm not installing another nightware Exchange RU

This is the simple PS command i ran months ago, and it seems it would stay this way until who knows when.

Get-OwaVirtualDirectory | where {$_.OwaVersion -eq 'Exchange2007' -or $_.OwaVersion -eq 'Exchange2010'} | Set-OwaVirtualDirectory -WebReadyDocumentViewingOnPublicComputersEnabled:$false -WebReadyDocumentViewingOnPrivateComputersEnabled:$false

Not applicable

To the commenters here: Exchange never had GDR/QFE branching, so Exchange 2003 security updates are similar, just they do it at the file level instead of the product level.

Not applicable

This has been asked MULTIPLE times now and no answer - HAS THE 5 RETRY UPON MAILBOX MOVES BEEN FIXED?  Or are MS even looking at it?  3 rollups later a major bug still exists and it affects mailbox moves.  How can this not be on a list of things to fix or at least acknowledge in a KB article?  Seriously?

Not applicable

@ANSWER THE QUESTION -

It doesn't appear it has been fixed. I loaded the latest rollup in our lab, moved some test mailboxes, and still noticed the same retry problem. Apparently Microsoft is ignoring this issue/bug - or at least they have not placed very much importance on it being fixed.

Not applicable

I'd say it has already almost been fixed. In your MSExchangeMailboxReplication.exe.config you can set the "MaxCleanupRetries" to 1 (instead of 5).

We tried with 1 and 2.

Result: Lots of move errors.

So we switched back to 5.

Why do you call it a "major bug"? Compared to what M$ is delivering at the moment (v2s, FW3.0) it's a negligible glitch...

Klaus