Update Rollup 1 for Exchange Server 2007 Service Pack 2 has been released

Published Nov 21 2009 11:11 AM 2,974 Views

EDIT 11/24/2009: Corrected the permissions needed in KB 970104 section.

It has been about a couple of months since we released Exchange Server 2007 Service Pack 2. About 3 years ago when we shipped Exchange Server 2007 we promised cumulative update rollups every couple of months. Keeping with that promise we have released Update Rollup 1 for Exchange Server 2007 Service Pack 2 (KB 971534) to the download center today. The release of the rollup via Microsoft Update will happen on November 24. Update rollups are service pack dependent, so you need to first upgrade to Exchange Server 2007 SP2 before deploying this Update Rollup.

While the bulk of the changes in this rollup are bug fixes we have also made some improvements to the experience when installing the patch. We laid the foundation for these improvements in the Exchange Server 2007 SP2 product MSI which also included requiring everyone to upgrade to Windows Installer 4.5. We are building upon it in this rollup and hope to improve your experience during installation of these patches.

1) Ability to cancel installation of a rollup - As most of you have noticed the cancel button in the rollup is disabled for most of the time. This is because the custom actions implemented in the patch did not have corresponding rollback versions. Hence a cancel of the install would have meant that the system state would not have been rolled back. We have redesigned this area of the code and enabled the administrators to cancel installation and rollback the system to the initial state whenever possible. Note that there are still some critical points during setup where we disable canceling, for example when we reach the end of the installation sequence where canceling install at that point would take longer than finishing up the rollup deployment.

2) Pre-installation checks for common issues faced by customers

a. We now check for the lack of internet connectivity, which can cause longer installation times due to the system trying to obtain the Certificate Revocation List from the HTTP URL specified in the signing certificate. If we detect the absence of internet connectivity we provide a warning (see below). The link points to the topic How to Install the Latest Service Pack or Update Rollup for Exchange 2007 in the Exchange Server 2007 TechCenter documentation which covers the steps to update the system configuration to not do the check under the section "When Exchange cannot connect to the Internet". We will also post a blog shortly on the technical details about this.

b. KB 970104 - We check if the user account initiating the install of the rollup has adequate permissions. If the user does not have Exchange Server Administrator permissions, the installation throws an error before making any changes to the system. The most common case of this is seen when users install the rollup using an account which is a local administrator and see that Outlook Web Access is not working because the user account did not have permissions to update the OWA component in Active Directory which requires running some cmdlets which require Exchange Server Administrator privileges.

3) Shorter downtime of Exchange Services during deployment of the rollup by doing a 2 step Native Image Generation. This is the place where the rollup installer seems to be stuck for a long time with the message "Creating native images for .NET assemblies. This process can take an extended period of time to complete." If NGEN is busy imaging non-Exchange .NET assemblies in the system due to a pending queue then Exchange services are down for a lot longer than they need to be.

a. Step 1 will keep Exchange services running while imaging non-Exchange .NET assemblies in the system.

b. Step 2 will stop Exchange services and then image the Exchange assemblies.

The advantage to this two step process is that if Step 1 takes a large chunk of the maintenance interval than expected, the administrator can cancel the rollup installation and reschedule the installation of the rollup to a future time.

4) Ability for Exchange administrators to execute custom PowerShell scripts before and after rollup installation to stop 3rd party services loading Exchange assemblies and causing a reboot. More on this in a blog post coming up soon.

Some of the other critical product bug fixes in this rollup which we would like to call out are

1) KB 971010 - Intermittent issue where a database does not mount when CCR failover happens due to missing temp log file

2) KB 941775 - Running Isinteg for the first time on a newly created DB fails with Error: FULLCHKMGR::EcReadRowCountGlobalFlag failed with error JET_wrnColumnNull

3) KB 972115 - Transport rule does not fire for Message Delivery Notifications if header is folded because the report-type is not evaluated

KB 971534 has more details about this release and a complete list of all fixes included in this rollup.

We welcome your feedback on the improvements we have made in this rollup. Also, a friendly reminder again that we will be watching our Exchange Software Updates forum which is available to provide assistance if you encounter issues when deploying the rollup.

- Exchange Customer Experience team

Not applicable
Are you aware that the rollup fails to install if you have installed KB 968930, which includes Powershell 2.0, at least on Windows Server 2008? You must first uninstall KB 968930 to get the rollup to complete.
Not applicable
Yes, Neil. We will look into this.

By the way, thank you for bringing it to our attention via the thread in the forums at http://social.technet.microsoft.com/Forums/en-US/exchangesoftwareupdate/thread/617ceb50-49ae-4b6e-b8....
Not applicable
Will there be an Update Rollup 10 for SP1 or is the SP1 train off the tracks?
Not applicable
Michael, there are no further Update Rollups for a particular service pack level once a successive service pack is released.  In other words, Update Rollup 9 was the last Update Rollup for Exchange 2007 SP1.
Not applicable
That must be a new policy then.

For example, on 7/8/2009, UR3 was released for SP1 and UR7 was released for RTM. See http://msexchangeteam.com/archive/2008/07/08/449161.aspx for details.
Not applicable
I'm also having installation issues within my test environment with the following error: The user who's currently logged on doesn't have sufficient permissions to install this package. You need at least Exchange Server Administrator permissions on the current computer to complete this task.

My permissions on the exchang server has not changed and I used the same credentials to install/upgrade to SP2 for EX2007.  I am not running PS v2.0, but still remain on 1.0 (KB926139)
Not applicable
Michael, I believe this was because UR7 (RTM) and UR7 (SP1) were released to address a critical security issue.  Since UR1 for SP1 does not seem to address any critical security issues, I doubt we will see it for any other version.  I will defer to the Exchange product team for confirmation.
Not applicable
I am very glad Neil reposted the issue here (even though the MSFT response was a bit odd and could have been taken negatively) as that would keep me from deploying PS 2.0 on Exchange 2007. I.E. The post here would hit a wider audience than a random post on the forums.

Also it's a shame MSFT doesn't have a little overlap on RUs for SPs so that people have a few months to test and deploy a new SP before MSFT cuts off RUs for the previous version. Supportting the various SPs is obviously a cost issue from MSFT, but it is also the case from a customers POV.
I am hopeful that if a new ciritical issue arrises on SP1 machines that MSFT would consider releasing another RU for it as they did in the past for the RTM version.
Not applicable
That makes sense then. Thanks Jeff!
Not applicable
Hi Team,
Did you not mean "...If the user does not have Exchange _Server_ Administrator permissions"?

Thanks for a great blog.
Not applicable
@Hotfix, @Michael
First of all thanks to Jeff from the community for his contributions. At this time, we do not have any plans for shipping Update rollups for Exchange 2007 SP1 for non-critical issues. We would like to encourage customers to upgrade to Exchange 2007 SP2 especially if they are not down that path already. I would like to clarify that Exchange 2007 SP1 is still a supported platform and will continue to be until the end of it’s lifecycle documented at http://support.microsoft.com/lifecycle/?p1=10926. As long as it is supported, customers running Exchange 2007 SP1 will still receive the same level of support when they call Microsoft Support and also receive critical updates like security related issues as an update rollup for Exchange 2007 SP1.

@Bo, you are correct. The sentence should be "...If the user does not have Exchange _Server_ Administrator permissions". We will fix the blog.
Not applicable
after installing the rollup1 sp2 on a german Ex version a lot of tool in the toolbox do not work anymore. Uninstalling rollup1 everything is ok
Not applicable
Anyone seen this kind of behavior?

Hi we have an working ex 2007 sp2 update rollup 1 enviroment running on an native 2008 ad. We would do an migration to exchange 2010 but on an new exchange 2010 (2008 sp2 + all hotfix's) server we can not mount an new database. See log below:

Summary: 2 item(s). 1 succeeded, 1 failed.
Elapsed time: 00:00:02

New test

Exchange Management Shell command completed:
new-mailboxdatabase -Server 'SP-EX03' -Name 'test' -EdbFilePath 'C:Program FilesMicrosoftExchange ServerV14Mailboxtesttest.edb' -LogFolderPath 'C:Program FilesMicrosoftExchange ServerV14Mailboxtest'

Elapsed Time: 00:00:01

Mount test

Couldn't mount the database that you specified. Specified database: test; Error code: An Active Manager operation failed. Error: The database action failed. Error: Operation failed with message: MapiExceptionNotFound: Unable to mount database. (hr=0x8004010f, ec=-2147221233)
[Database: test, Server: SP-EX03.xxxx.xx].

An Active Manager operation failed. Error: The database action failed. Error: Operation failed with message: MapiExceptionNotFound: Unable to mount database. (hr=0x8004010f, ec=-2147221233)
[Database: test, Server: SP-EX03.xxxx.xxx]

An Active Manager operation failed. Error: Operation failed with message: MapiExceptionNotFound: Unable to mount database. (hr=0x8004010f, ec=-2147221233)
[Server: SP-EX03.xxx.xxxx]

MapiExceptionNotFound: Unable to mount database. (hr=0x8004010f, ec=-2147221233)

Exchange Management Shell command attempted:
mount-database -Identity 'test'

Elapsed Time: 00:00:01

And we have allready installed second 2008 R2 based exchange 2010 and the same problem is there also.

Anyone has any clues?


Ok, now this is getting weird. Just done a manual powershell command:

new-mailboxdatabase -Server 'SP-EX03' -Name 'fii' -EdbFilePath 'C:Program FilesMicrosoftExchange ServerV14Mailboxfiifii.edb' -LogFolderPath 'C:Program FilesMicrosoftExchange ServerV14Mailboxfii'

Name                           Server          Recovery        ReplicationType
----                           ------          --------        ---------------
fii                            SP-EX03         False           None

And when I go to the folder where the edb should be the folder is empty, so no wonder it can not mount the databe.

Not applicable
We installed Rollup 1 for Service Pack 2. Now the troubleshooting-Tools are not working anymore.
Not applicable
Trying to install sp2 on our exchange 2007 failed
The organization consists of a couple of ex 2003 servers , 8 ex 2007 servers and a postfix server
The domain is non-authoritative so we can send emails to users with mailboxes on postfix but installing sp2 failed

and we had a 3 hours downtime :(

is there a way to install sp2 without the installer trying to fix the non-authoritative domain?

Not applicable
@tron, @Markus
We have identified the issue of troubleshooting tools not working any more to an over localization of the registry keys. We will be investigating the issue in more detail today and post a workaround.
Not applicable
Once again applying an Exchange 2007 Roll Up does not restart the Transport Service, in this case Exchange 2007 SP1 RU1. Can someone please explain why all the other services get restarted except for this one?

This is an issue for people using automatic updates for scenarios like a lab or small partially managed services. The server isn't asked to reboot by the update, nor does the update restart the Transport Service, so mail flow to the server is broken until manual intervention takes place.

If the policy is that manual intervention should always be used, then why are the updates released via Automatic Updates?
Not applicable
Correction - Exchange 2007 SP2 RU1 (I listed SP1 inaccurately). The issue has persisted for quite some time through 2007 SP1 RUs and probably before that.
Not applicable
Everyone that has issues launching Toolbox after SP2 RU1 is installed - please see the following:

Not applicable
Early in this thread it was reported that this rollup fails to install if you have installed KB 968930 (Powershell 2.0 and WinRM 2.0).
I haven't seen a resolution to this issue here or in the related Technet forum thread.  Is there a resolution or just the workaround ?

Not applicable
Dan, Can you share servicecontrol.log under D:ExchangeSetupLogs folder? You can upload it somewhere and give the link here.
Not applicable
I tried to install SP2 UR1 but it says the account I used to install the SP2 UR1 does not have sufficient priviliage. I used an account that is member of domain admin and exchange org admin.
Am I missing something?

Not applicable

Can you check the following thread in forums to see if you are running into the same issue?
Not applicable
I think I am hitting the 1 minute limit. It is a test server on ESX.
I tried it on a production server and it passed the permission test.

Not applicable
After installing RU1 for SP2 it is not listed in Add/Remove programs, or in the normal registry key where one finds Exchange patches.  This is true for about 12 test and production servers where I've installed RU1.

How can I verify that RU1 is installed?

Not applicable
After installing SP2 in a production environment the MSExchangeTransport service will not stay started.  I'm installing the RU1 now.

I hope this resolves the issue.  I have 4 events in the App log..

Not applicable
owa no longer working after installting KB971534. Clicking on "Continue to this website.." produces just a blanck page with the following errror:

Line : 7
Char: 1
Error: Syntax error
Code: 0
URL: https://....

Any idea?
Not applicable
If you are waiting on the fixes for MSExchangeREPL 2104 / MSExchangeREPL 2147 / MSExchangeREPL 2127

then its been delayed untill RU2.


Not applicable
I had a clean installation of exchange 2007.  Installed SP2.  Initial checks went without any errors.  Once it began the installation, i saw where it was removing the old exchange system files.  When it started installing the new files, it errored out.  So, I was without a running exchange server for sometime.  Thank goodness someone had an article on this on how to fix it.  I guess Microsoft is now under the belief that a rollback isn't needed anymore.  Thanks

Makes me worry about simple hotfixes and service pack 3 (if there will be one).
Not applicable

Blacktoe said:
I'm also having installation issues within my test environment with the following error: The user who's currently logged on doesn't have sufficient permissions to install this package. You need at least Exchange Server Administrator permissions on the current computer to complete this task.

I got the same problem and what I did to make it work was that I unchecked the   “Check for publisher’s certificate revocation” and
“Check for server certificate revocation" and it worked.

Turn off the Check for publisher’s certificate revocation option on the server that is being upgraded. Follow these steps:

In Windows Internet Explorer –> Tools –> Internet Options –> Advanced tab
In the Security section, uncheck or clear the box for below tow options

   “Check for publisher’s certificate revocation”
   “Check for server certificate revocation
Not applicable
ever since the exchange 2007 sp2 rollup 1 update I've been getting scom 'hub servers in retry alerts with value being '2147483648'. Maybe I' not understanding this perfmon object but I only have 3 HT servers in my environment.  I've confirm that the reported number with perfmon capture from the mail server itself.  Is anyone having similar experience?
Version history
Last update:
‎Jul 01 2019 03:48 PM
Updated by: