Exchange 2000 Server, Exchange 2000 Enterprise Server Release Notes

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Updated : June 14, 2001

Includes Web Addendum

On This Page

About this Document
Active Directory Connector
Upgrading from Exchange 5.5
Setup/Install
Migration
Outlook Web Access
Public Folders
Routing and Connectors
Clustering
Chat, Instant Messaging, and Multimedia Messaging
Security
Virtual Servers
Web Storage System
Application Converter for Lotus Notes
Addendum
Microsoft Exchange 2000 Server, Microsoft Exchange 2000 Enterprise Server Release Notes

About this Document

This document lists critical issues that can potentially impede you from successfully installing or deploying Exchange 2000 in your environment. The issues listed in this document do not include Exchange 2000 Conferencing Server release notes.

• For the most current Exchange 2000 Server deployment information, see Exchange 2000 Deployment Resources, located at https://www.microsoft.com/exchange/techinfo/deployment/2000/default.asp. Exchange Up-To-Date is a series of web articles that provide installation and upgrade procedures necessary for successful deployment, as well as best practices for getting the most out of Exchange 2000.

• For issues that are related to special cases or require very detailed explanations, see the Knowledge Base articles at the following URL: https://support.microsoft.com/

Windows 2000 SP1 is required to be on your server before installing Exchange 2000.

In addition, it is strongly recommended that you also install Windows 2000 SP1 and the Windows 2000 hotfix 257357 on your domain controllers.

Active Directory Connector

ADC Requires An Exchange 5.5 Server Running SP3

To run Active Directory Connector (ADC), you must connect to a computer running Exchange 5.5 Service Pack 3 (SP3). If you are running multiple versions of Exchange Server 5.0 or earlier within a site, you must first upgrade at least one server to Exchange 5.5 SP3. Each Exchange site must have at least one server running Exchange 5.5 SP3 or later.

Merging Account Descriptions with Active Directory Account Cleanup Wizard

Active Directory Connector will create new accounts in Active Directory for mailboxes that are not already associated with an Active Directory account. Mailboxes usually do not have an associated account because the associated account is still on Windows NT version 4.0. When an account is created by Active Directory Connector, the account is disabled and a description is set to "Disabled Windows User Account" to signify that the account is disabled. If this disabled account is later merged by Active Directory Account Cleanup Wizard into an active account that does not have a description, then the account will become active, but will continue to have a description set to "Disabled Windows User Account." To resolve this conflict, simply delete the description of accounts after they are merged using Active Directory Account Cleanup Wizard.

Installing Active Directory Connector in a Child Domain

If you want to install Active Directory Connector (ADC) into a child domain, you must first extend the Active Directory schema by running the Active Directory Connector setup from a command line in the domain where the schema master is located and using the /schemaonly flag. The root domain is used by default. Then after information is replicated to the child domain, you can run the Active Directory Connector setup in the child domain using a user account from the child domain.

Upgrading from Exchange 5.5

SSL Certificates Not Upgraded

After you upgrade from Exchange Server version 5.5, Secure Sockets Layer (SSL) will not function because the certificate information is not upgraded. To enable SSL, you can either request a new certificate, or use the existing Exchange 5.5 certificate. To use your existing certificate, you can use Key Manager (Keyring.exe) to create a backup file. To install a backup file, on the Access tab, select Certificate, and then import a certificate from a Key Manager backup file.

Manually Configure Message Journaling After Upgrade

Per-server message journaling, as described in the Exchange 5.5 Service Pack 1 Release Notes, is no longer configured per-message transfer agent (MTA). Instead, it is configured per-mailbox store. When upgrading an Exchange 5.5 server, the message journaling settings are not upgraded. You must manually configure message journaling (called "message archival" in Exchange 2000) on the mailbox store object.

Setup Progress Indicator May Appear to Hang During Upgrade

During the upgrade process, the progress indicator may appear to hang for some period of time at 85 percent and then at 100 percent complete. The amount of time the progress indicator appears to hang will be proportional to the size of the database being upgraded. If you experience this, do not restart your server or terminate the Setup process. This is expected behavior during these portions of the upgrade.

The Last Exchange 5.5 Server Uninstalled in a Mixed Site Topology is Not Deleted from Active Directory

After you uninstall the last Exchange 5.5 server from a mixed site topology, the server you uninstalled will still appear in the Exchange 2000 server's Active Directory, and in any other Exchange 5.5 server's directory. You must use Exchange 5.5 Administrator to delete the uninstalled server from all other Exchange servers. To install Exchange 5.5 Administrator, use Exchange 2000 Setup, select Custom, and then select Install for Exchange 5.5 Administrator. Use Exchange 5.5 Administrator to connect to the Site Replication Service (SRS) on an Exchange 2000 server that is in the same site as the server you uninstalled. Delete the entry for the uninstalled server from the list of site servers. Once removed from the SRS, Active Directory Connector (ADC) will replicate the change to Active Directory. Verify if that this change has replicated to Active Directory before making the topology changes.

Configuring the Home Public Server Attribute to Correct Offline Folder Synchronization Errors

In Exchange 2000 there are multiple public and private stores. In a mixed environment that contains both Exchange version 5.5 and 2000 servers, you must ensure that all databases for private stores residing on the server have the Home Public Server attribute configured identically. Incorrect settings may result in offline folder (.ost) synchronization errors.

Upgrading a Topology That Uses NTLM Authentication for SMTP

If your existing topology is configured so that Exchange 5.5 SMTP servers communicate using Windows Integrated Authentication (NTLM), and you upgrade an Exchange 5.5 server to Exchange 2000, NTLM sessions will fail. You must upgrade both servers simultaneously or remove the NTLM authentication to interconnect the systems.

Limited Support for Exchange 5.5 Move Server Wizard

After Exchange 2000 has been added to an Exchange 5.5 organization, Exchange 5.5 Move Server Wizard should only be used to move servers between organizations. For example, you can use the wizard to move an Exchange 5.5 server from Organization One/Site One to Organization Two/Site One. It is not recommended that you use the wizard to move servers within an organization.

Granting Site Replication Service Rights to New Administrator Accounts

When Site Replication Service (SRS) is enabled during installation, or after installation in Exchange System Manager, SRS administrator rights are granted to the user enabling SRS. All Exchange Administrators created after initially enabling SRS do not have any administrative rights to SRS. After enabling SRS, whenever you use Delegation Wizard to create a new Exchange Administrator account, you must manually grant SRS rights to that new account. If you do not manually grant SRS administrator rights to that account, the newly created Exchange administrator will not be able to perform SRS administrative tasks, such as disabling or reinstalling the Exchange server.

To manually assign permissions to newly delegated Exchange Administrator accounts:

1. On a server running Exchange Administrator 5.5, where the current user has rights to modify the SRS, open Exchange Administrator 5.5.

2. On the File menu, select Connect, and then choose the name of the Exchange 2000 server running SRS.

3. Click the local SRS site, and then on the File menu, choose Properties. On the Permission tab, click Add, and then select the new Exchange administrator account. To a full administrator, assign Service Account Administrator rights. To any other type of administrator, assign Administrator rights.

4. Repeat these steps for the local site's Configuration container.

5. Repeat these steps for the organization.

6. If the newly delegated administrator is an administrative group-level administrator, repeat the first five steps for the site corresponding to that administrative group. Only one SRS per site must be configured, because intra-site replication will copy the changes to the other Site Replication Services.

7. If the newly delegated administrator is an organization-level administrator, repeat the first five steps for all sites. Only one SRS per site must be configured, because intra-site replication will copy the changes to the other Site Replication Services.

Check Permission Consistency Before Upgrading

Before upgrading from Exchange 5.5 to Exchange 2000, run DS/IS Consistency Adjuster on the server you are upgrading. Select only the options necessary to verify that all users deleted in Exchange 5.5 do not retain permissions on mailboxes and public folders. If this is not done, when you upgrade to Exchange 2000, folders that give permissions to unknown user accounts will only be accessible to the owner of the folder, and event logs will be generated to alert you to the inconsistency.

To check permission consistency:

1. In Exchange Administrator 5.5, click the server you are upgrading, and then from the File menu choose Properties.

2. On the Advanced tab, select the Consistency Adjuster check box.

   Verify that only the following check boxes are selected:

   • Remove unknown user accounts from mailbox permissions

   • Remove unknown user accounts from public folder permissions

3. On the dialog that warns you of public folder rehoming, click OK. If you did not select the Synchronize with the directory and reset the home server value for public folders homed in unknown sites option, public folders will not be rehomed.

Note: Only the permission options need to be checked. Consistency Adjuster will warn you that public folder rehoming needs to be done, you do not need to rehome public folders to correct permission settings for deleted users. Fixing permissions for unknown user accounts will not cause a need for public folder rehoming.

Using Exchange Event Service with Exchange 2000

Exchange Event Service is provided in Exchange 2000 for backward-compatibility with Exchange 5.5 event scripts. New applications written specifically for Exchange 2000 should use native Web Storage System Events instead of Exchange Event Service, as described in Exchange 2000 Software Development Kit (SDK). To use Event Service on an Exchange 2000 server, complete the following steps regardless of whether you are upgrading an existing Exchange 5.5 server or installing a new Exchange 2000 server.

To use Exchange Event Service:

1. In Active Directory Users and Computers, right-click the domain user account under which Event Service will run, and then select Properties.

2. On the Member Of tab, if Event Service will run on a member server, add the domain account user to the built-in group Administrators. If Event Service runs on a domain controller, add the user to Domain Administrators.

3. To allow full access to all Exchange resources, add the user to the Exchange Domain Servers group in the server's domain. You can also allow full access to selective Exchange resources by opening the properties of each public and private store where event scripts may be installed, and on the Security tab, grant the user Full Control permissions.

4. You must also grant Owner permissions to any public folder which contains an event script. You cannot grant ownership permissions on a root folder, such as the default Public Folder node. To grant ownership rights on a specific folder, right-click any folder below the root folder, and then choose Properties. On the Permissions tab, click Client Permissions, select the domain account administrator, and in Roles, select Owner.

5. Click Start, click Run, click Programs, click Administrative Tools, and then click Services.

6. Right-click Microsoft Exchange Event Service, and then click Properties.

7. On the Log On tab, in Logon, type the user name of the account used by Event Service. In Password, type the password.

8. By default, Event Service is set to Manual startup. To ensure Event Service is always available, set Event Service to Automatic startup by clicking OK.

9. In Services, right-click Event Service, and then click Start.

Verify the Connected Routing Setting is Upgraded Properly

If you're installing the first Exchange 2000 server in a site, and it's an upgrade from Exchange 5.5, Exchange 5.5 Directory Service may use incorrect data for these connectors if the following conditions apply:

• The server has an X.400 connector, or an Internet Mail Connector (IMC) connector with connected sites or domain names.

• The default code page on the server is set to Traditional Chinese, Simplified Chinese, or Korean.

To check if your upgraded connector is corrupt:

1. In Exchange System Manager, right-click on a connector, and then click Properties.

2. On the Connected Routing Groups tab, click on each routing group. If the Administrative Group name is incorrect, you must manually correct the settings for the connector.

To fix the incorrect settings:

1. In Exchange System Manager, right-click on a corrupt connector, and then click Properties.

2. On the Connected Routing Groups tab, click a routing group to open the Properties dialog for the routing group.

3. On the General tab, update any incorrect settings to reflect the correct routing group.

4. On the Routing Address tab, in E-mail domain, update the domain information, and in Cost, update the cost information.

NNTP Requires the Internet Newsgroups Folder to Appear in English

In Exchange 5.5 Server, you could localize the Internet Newsgroups folder to the language of the server, such as French. With Exchange 2000, the folder must appear in English to allow Network News Transfer Protocol (NNTP) access to these folders. After upgrading an Exchange 5.5 server to Exchange 2000, you must rename the Internet Newsgroups folder so that it appears in English.

Update ActiveSync for Pocket PCs and Handheld PCs Running Windows Before Attempting to Synchronize a User's Inbox to These Devices with Exchange 2000

You must download the ActiveSync update for Pocket PCs and Handheld PCs running Windows from https://www.microsoft.com/windowsmobile/downloads/default.mspx before synchronizing a user's inbox with Exchange 2000.

For more information, see Knowledge Base articles 266085 and 266086.

Setup/Install

Special Characters Are Not Supported in Organization and Administrative Group Names

The name of an Exchange organization and its administrative groups cannot contain any of the following special characters: ~`!@#$%^&*()_+={[}]|\:;"'<,>.?/. Unicode and double-byte character set (DBCS) strings are acceptable, as are an embedded spaces (" ") and hyphens ("-"). Exchange 2000 Setup and Exchange System Administrator will enforce these naming rules for new installations of Exchange 2000, as well as upgrades from Exchange 5.5. If you are upgrading to Exchange 2000 and have an organization or site name that contains these characters, you will need to change the display name of the affected object before running Exchange 2000 Setup. While not prevented in other object names, the use of special characters should be avoided whenever possible.

DomainPrep Does Not Prompt for the Recipient Update Server

By default, when running DomainPrep, the first Exchange 2000 server installed in the domain is the Recipient Update Server (RUS).

Planning and Installation Guide Incomplete

Installation information in Exchange 2000 Server Planning & Installation Guide does not contain the most complete and current information. Do not make this chapter your only resource when installing Exchange 2000 in your organization. For the most current installation and upgrade information, see Exchange Up-To-Date, available at https://www.microsoft.com/exchange.

Configuring Windows 2000 Domain Controller and Global Catalog to Support International Clients

For Exchange Server to support multilingual Outlook clients two things need to be done. First, the Windows 2000 server where the global catalog is installed must have language support installed. To install language support, in the Regional Options control panel, click the General tab, and then under Language settings for your system, select the languages that you want to support.

To support multilingual Outlook clients, you must also add a registry key to support international sorting in Active Directory for MAPI clients. By default, Active Directory will only support English sort orders. A sort order can be added by adding the locale ID values to a registry key on the Windows 2000 server where the global catalog is installed.

To set the registry key on the server:

1. On the Start menu, click Run.

2. In Open, type regedit.

3. Navigate to the following key: HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/NTDS/LANGUAGE.

4. Right-click Language, point to New, and then click String Value.

5. Type a name for the string, and then press ENTER.

6. Right-click the string value you just created, and then click Modify.

7. In Value data, type the value of the locale ID that you want to support.

Differences Between Standard and Enterprise Editions

On Standard Editions of Exchange 2000, storage is limited to 16 gigabytes (GB) per mailbox store, but storage is unlimited on application stores. Standard editions support one mailbox store, but multiple application stores are supported. Servers running Standard edition cannot be front-end servers, but they can be back-end servers.

Modifications Required If Server Has More Than 1GB of Physical RAM

Exchange 2000 requires some manual steps to be taken if the server has over 1 gigabyte of physical RAM. For information, see Knowledge Base article 266096.

Global Character Set is Based on the Language of the First Exchange Server Installed

The default Internet Message format character set is based on the language of the first Exchange 2000 server installed. For example, if you install a Japanese version of Exchange 2000 on a server running an English version of Windows 2000, the default Internet Message format character set will be Japanese. If you want your default character set for Internet messages to be different, you must change it manually.

To change the default character set manually:

1. In Exchange System Manager, double-click Global Settings.

2. Click Internet Message Formats, right-click Default, and then click Properties.

3. On the Message Format tab, under Character sets, in MIME and NonMIME, select the desired character sets.

Default Offline Address Book Is Displayed in the Language of the First Exchange Server Installed

In multinational organizations with multiple language servers, the default offline address book will be displayed only in the language of the first Exchange server installed.

Default Character Sets Used for POP3 and IMAP4 Virtual Servers Are the Same as the Server Language

For the POP3 and IMAP4 virtual servers, the default character set is the same as the default language setting used by the Exchange server. If you are installing a version of Exchange 2000 that uses a different language than the language used by Windows 2000, the default character set will be based on the Exchange language and not the windows 2000 language. You can change the default character set for POP3 and IMAP4 servers manually. See the Exchange 2000 Server documentation for details on how to change the character sets.

Exchange 5.5 Internet Mail Service May Need Post-Service Pack 3 Hotfix

If you are using Exchange 5.5 Internet Mail Service (IMS) to send mail outside of your Exchange organization, you may need to apply a hotfix later than Exchange 5.5 Service Pack 3 to those servers. The hotfix corrects a problem with mail sent from Exchange 2000 to a distribution list that contains a contact that is an external SMTP address and is delivered through an Exchange 5.5 IMS. In these cases the external SMTP recipient address can be stripped from the mail. If this scenario applies to your environment, contact product support for hotfix 265138.

Create the Exchsrvr Directory on a Volume with Enough Space to Store the SMTP Queue Directory and Message Tracking Logs

The SMTP queue directory and the Message Tracking log directory are created beneath the Exchsrvr directory during setup. It is recommended that during setup the Exchsrvr directory be created on a volume (preferably a RAID array), that can handle the disk throughput of the SMTP queue and the Message Tracking log. There is no automated way to move either of these directories after setup has completed.

Migration

Creating Mailbox Folders in Other Languages During Migration

When migrating users to Exchange 2000, the default folders created by Exchange will be in the language equivalent to the user locale ID set on the Windows 2000 (Server or Professional) that is used for migration. To change the default locale ID, open the Regional Settings control panel. On the General tab, in Settings for the current user, in Your locale, change the locale settings for the current user.

Active Directory Replication Delays and Using Migration Wizard

Migration Wizard updates accounts in Active Directory or creates new accounts, and migrates e-mail into new Exchange 2000 mailboxes. In order for e-mail to be migrated into a new Exchange 2000 mailbox, the Exchange 2000 server must be able to access e-mail information in the account that is created or updated by Migration Wizard. If the Exchange server used an Active Directory domain controller that has not yet been updated with the recipient account changes made by Migration Wizard, the mailbox can not be accessed and e-mail can not be migrated. To fix this problem, run Migration Wizard once, only migrate directory information, and then wait for directory replication to complete. Replication can be validated by attempting to access migrated accounts with a MAPI client such as Outlook. Once the account information has replicated to Active Directory and the accounts can be accessed, run Migration Wizard a second time to migrate messaging information.

Must Rename cc:Mail version 8.5 Import.exe and Export.exe Files Before Migration

Before you migrate from cc:Mail version 8.5, you must copy the cc:Mail files Import32.exe and Export32.exe to the Exchsrvr\Bin directory, or to the directory where you have installed Migration Wizard. Then you must rename Import32.exe to Import.exe, and rename Export32.exe to Export.exe. Then, copy the following files to the Exchsrvr\Bin directory: Cfw803.dll, Ciw803.dll, CDMW800.dll, and Mew803.dll.

Novell GroupWise 5.x Migration Requires Additional Client Configuration

To migrate from GroupWise 5*.x* to Exchange 2000 you must install the GroupWise 5*.x* client on the Exchange 2000 server that performs the migration. Migration Wizard uses the GroupWise client to access message items in GroupWise. When the client is installed, an e-mail profile called Novell Default Settings is created, and the profile automatically adds Microsoft Exchange Server as one of its information services. Because of this, the client prompts you for an Exchange logon for each migrating user, which halts migration. To prevent this, you must remove the Microsoft Exchange Server service from the e-mail profile used by GroupWise.

To remove the service:

1. Run the GroupWise client.

2. In Address Book, click File, and then click Services.

3. Remove Exchange Server from the list of installed services.

Migrating from Microsoft Mail for PC Networks

During installation of Exchange 2000, the correct msfs32.dll file for the language version you are installing is copied to the "winnt\system32" directory. However, MSMail migration supports more than the six languages (French, German, Italian, Spanish, Japanese, and English) that Exchange is translated into. To migrate from MSMail Post Office in languages other than the ones supported by Exchange 2000, you must have appropriate language version of msfs32.dll in "winnt\system32 directory".

To fix this conflict you must:

1. Temporarily rename the existing msfs32.dll file on your server in the "winnt\system32" directory to something similar to msfs32.tem.

2. Manually copy the msfs32.dll file for the appropriate language from the "migrate\msmail", located on CD, to the "winnt\system32" on your server.

3. After performing migration, delete the msfs32.dll file from the "winnt\system32" directory on your server.

4. Rename the temporary file, msfs32.tem, to msfs32.dll in "winnt\system32" directory on your server.

Migrating Disabled Windows 2000 Accounts

If the Migration Wizard matches a mailbox you are migrating to a disabled Windows account, or you manually match a mailbox to a disabled account, Migration Wizard will create a mailbox for that account. However, Migration Wizard might not import e-mail into the newly created mailbox. To fix this problem, you should temporarily enable only the accounts that Migration Wizard did not import e-mail for. After enabling only the necessary accounts, you should allow enough time for the changes to be replicated before running Migration Wizard again. When the changes have replicated, run Migration Wizard again to import e-mail into the accounts.

Outlook Web Access

Outlook Web Access Uses IIS to Enable Password Changes

To allow users to change Outlook Web Access passwords through Internet Information Services (IIS), perform the following steps on each IIS server that Exchange users are redirected to:

1. Install and configure SSL on the server.

2. Click Run, point to Programs, point to Administrative Tools, and then select Internet Services Manager.

3. Right-click the default Web Site, point to New, and then select Virtual Directory.

4. In Virtual Directory Creation Wizard, in Alias, type IISADMPWD, and then click Next.

5. In Directory, type <default drive>\:winnt\system32\inetsrv\iisadmpwd, and then click Next.

6. Verify that only the Read and Run scripts (such as ASP) check boxes are selected, click Next, and then click Finish.

Public Folders Must Exist on an Exchange 2000 Server

In order to access public folders with Outlook Web Access, a replica of each folder must exist on an Exchange 2000 server. Unless Outlook Web Access is accessed through an Exchange 2000 front-end server, the Outlook Web Access user's Default public store setting should be set to an Exchange 2000 server.

Mailboxes Must Have SMTP E-mail Addresses That Conform to the Default Recipient Policy

An upgraded or moved user may not have an SMTP e-mail address that matches the Default Recipient Policy. In order for a user to access their mailbox using Outlook Web Access or Web Folders, an SMTP e-mail address matching the Default Recipient Policy must be added to the user object. To add an SMTP e-mail address to the user object, start the Active Directory Users and Computers MMC snap-in, open the relevant user's properties, select the E-mail Addresses tab, select the SMTP address, and then click the Edit button. Then verify that the SMTP address matches the SMTP address in the Default Recipient Policy.

Non-ASCII Attachment Names May Be Incorrect When Downloaded

Due to inherent limitations in the Hypertext Transfer Protocol (HTTP) version 1.1 implementation of the Multipurpose Internet Mail Extensions (MIME) standard, double-byte characters in file attachment names may appear incorrectly when downloaded.

Digest Authentication is Not Supported for Outlook Web Access

Even though it is an option in the Internet Information Services (IIS) Administrator MMC snap-in, Digest Authentication is not supported for Outlook Web Access.

Internet Explorer 5.0 Issues with Extended Characters

Combinations of certain characters can cause the corruption of non-ASCII characters when replying to or forwarding messages with Internet Explorer 5.0. This issue is fixed in Internet Explorer 5.01, which can be downloaded from https://www.microsoft.com/windows/ie/default.asp.

Message Body Blank in S/MIME Encrypted or Signed Messages

Outlook Web Access does not support reading messages that were Secure/Multipurpose Internet Mail Extensions (S/MIME) encrypted or opaque-signed by the sender. The body of these messages will appear blank. When replying to or forwarding an S/MIME clear-signed message, the body of the message will not appear in the sent item.

Do Not Set Default Document on Mailbox Root

Setting DAV:defaultdocument on the root of a user's mailbox prevents many Outlook Web Access features from functioning correctly, such as User Options and Find Names.

Outlook Web Access Does Not Require Office CD

If you install the multimedia extensions for Outlook Web Access, and do not install HTML Source Edit when you install Office 2000, the first time you use Outlook Web Access the Office 2000 installer program will prompt you to insert the Office 2000 CD. However, you do not need to do this. Outlook Web Access and Office 2000 will work correctly. To close the installer, click Cancel.

Calendar Views Do Not Print Correctly

Daily, weekly, and monthly calendar views do not appear correctly when printed from Outlook Web Access.

Running Exchange 5.5 Outlook Web Access in a Mixed Environment

To use an Exchange 5.5 Outlook Web Access stand-alone server with an Exchange 2000 back-end server, the Exchange 5.5 Outlook Web Access servers must be updated to Exchange 5.5 Service Pack 4 (SP4) or later. For more information, refer to https://www.microsoft.com/exchange.

Missing Inline Images When Replying or Forwarding E-mail with Internet Explorer 5.0 on Windows 95, 98, and NT 4.0.

When replying to or forwarding e-mail with Internet Explorer 5.0 running on Windows 9.x or Windows NT 4.0, images in the body of the message will not load. However, the image will show up correctly in the message once delivered to the recipient's Inbox. This issue does not occur with Windows 2000 Internet Explorer.

Internet Explorer 5.0 Issues with Spanish, Czech, Slovak, and Vietnamese Language Clients

Internet Explorer 5.0 uses the locale of the client computer for several features. If Internet Explorer 5.0 is used for Outlook Web Access by clients with Spanish (Spain) - Traditional Sort, Czech, Slovak, and Vietnamese locales, errors will occur when moving and copying messages, as well as when checking attendee availability in Schedule+ Free/Busy. The Spanish (Spain) - International Sort locale does not exhibit this issue. To fix this problem you can change client locales, or go to the MDAC Downloads section on MSDN at https://msdn.microsoft.com/data/downloads/updates/default.aspx and download version 2.6 of the Microsoft XML parser, which is included in the Microsoft Data Access Components package. If this does not resolve the issue, contact Microsoft Exchange Product Support Services for updates related to this issue.

To change client locales:

1. Click Start, point to Settings, and then click Control Panel.

2. Double-click Regional Settings.

3. On the General tab, in Your locale, select any locale except Spanish (Spain, Traditional Sort), Czech, Slovak, or Vietnamese.

Public Folders

The Public Folder Inter-Organizational Replication Tool Only Works for MAPI Public Folder Trees

The public folder inter-organizational replication tool consists of two applications, one to configure replication (Exscfg.exe), and one to use with Exchange (Exssrv.exe). These tools are provided on the Microsoft Exchange 2000 Server CD in the directory /support/Exchsync. The two applications that make up the public folder inter-organizational replication tool only work for the default MAPI public folder tree.

No Quota Warning is Sent For General Purpose Public Folder Tree Folders

All new public folder tree folders you create, that exist outside of the default MAPI public folder hierarchy, are called general purpose public folder trees. If you set the option Issue Warning At (kb) on a general purpose public folder tree, no warning message will be sent to the administrator if the posting limit is met or exceeded. In addition, once the quota is reached, new items cannot be created.

Issues with Alternate Public Folder Hierarchies in a Mixed Environment

In Exchange 2000, you can create new public folder hierarchies, and each folder hierarchy can be represented by its own database in Web Storage System. However, the alternate public folder databases are not replicated in a mixed environment if the replication messages are sent at any point through an Exchange 5.5 Internet Mail Connector. Additionally, e-mail will not be delivered to a public folder in an alternate public folder hierarchy if the public folder does not have a replica in your local site or administrative group, and if your sites use any Exchange 5.5 connectors.

Adding Non Mail-Enabled Users or Groups to a Public Folder ACL Hides Content

If you add an access control list (ACL) on a MAPI public folder hierarchy that grants access to a user or group that is not mail-enabled, and the hierarchy is replicated to an Exchange 5.5 server, users will not be able to see the contents of the MAPI public folder. To allow users to see the contents of the MAPI public folder hierarchy, remove the non mail-enabled user from the ACL.

To check permission consistency:

1. In Exchange Administrator 5.5, right-click the server you are upgrading, and then choose Properties.

2. On the Advanced tab, select the Consistency Adjuster check box.

   Verify that only the following check boxes are selected:

   • Remove unknown user accounts from mailbox permissions

   • Remove unknown user accounts from public folder permissions

3. On the dialog that warns you of public folder rehoming, click OK. If you did not select the Synchronize with the directory and reset the home server value for public folders homed in unknown sites option, public folders will not be rehomed.

Public Folder Store Replication Settings Not Preserved

After upgrading a public folder server from Exchange 5.5 to Exchange 2000, customized replication schedules and limit setting are lost. If you configured your Exchange 5.5 server to use the customize replication settings of Replicate always interval or Replication message limit, you will need to manually reset these settings in Exchange Server Manager.

To reset replication limits:

1. In Exchange System Manager, navigate to the public folder store.

2. Right-click the public folder store, and then click Properties.

3. On the Replication tab, under Limits, in Replication interval for always and Replication message size limits, add your custom settings.

Limiting the Creation of Top Level Public Folders

By default, all users in the Exchange Organization can create top level public folders. You can manually change these permissions in ADSI Edit.

To deny all users the right to create top level folders:

1. Click Start, point to Programs, point to Windows 2000 Support Tools, point to Tools, and then click ADSI Edit.

   Note: ADSI Edit, a Windows 2000 support tool, is available in the support\tools directory, on the Windows 2000 CD in the support\tools directory. For more information on ADSI Edit, see the Windows 2000 documentation.

2. In ADSI Edit, double-click Configuration Container, double-click Services, double-click Microsoft Exchange, right-click the container with the appropriate organization name, and then click Properties.

3. On the Security tab, click Advanced.

4. In Name, click Everyone, and then for the Create top level public folder option, click the Deny check box.

Only Set Public Folder ACLs in Exchange System Manager

Although Exchange 2000 allows you to set security on public folders in the public folder heirarchy and using Exchange System Manager, Outlook, and the Windows 2000 version of Windows Explorer, the tools are not interchangeable. This is because Windows Explorer uses the Windows 2000 access control list (ACL) format to set security permissions on the MAPI public folder heirarchy, and Exchange System Manager and Outlook use the MAPI ACL format. Exchange Web Storage System can correctly interpret both ACL formats, but the tools are not interchangeable. For this reason, you should only use Exchange System Manager when editing security on the MAPI public folder hierarchy. This problem does not exist on general purpose, or application folder, heirarchies. For example, if you originally use Windows Explorer to set permissions on a public folder, and then try to use Outlook or Exchange System Manager to change the settings, you will not be able to change public folder security until you follow the work around steps provided below. Then you should only use Exchange System Manager to set ACLs on public folders.

If the folder in question is a subfolder of Public Folders (Public Folders\TopLevelFolder), complete the following steps so that Exchange System Manager can be used to modify permissions.

To allow ACLs to be set in Exchange System Manager:

1. In Windows Explorer, right-click the appropriate folder, and then select Properties.

2. On the Security tab, in Name, select an account, and then click Remove. Repeat this step for all accounts.

3. Click to clear the Allow inheritable permissions from parent to propagate to this object, and then click Remove on the confirmation dialog.

4. To save the changes, click OK.

5. In Windows Explorer, right-click the folder again, and then click Properties.

6. On the Security tab, select the Allow inheritable permissions from parent to propagate to this object check box.

7. To save the changes, click OK.

If the folder in question is a 2nd level folder of Public Folders (Public Folders\TopLevelFolder\SecondLevelFolder), complete the following steps so that Exchange System Manager can be used to modify permissions.

To allow ACLs to be set in Exchange System Manager:

1. Complete the steps above for the TopLevelFolder.

2. Complete perform the steps above for the SecondLevelFolder.

Routing and Connectors

Connector Names

Do Not Use Some Characters in Connector Display Names in Pure Exchange 2000 Administrative Groups in Mixed-Mode Organizations

If you create an SMTP, X.400, or Routing Group Connector in a new pure Exchange 2000 administrative group and the Exchange organization is in mixed-mode, the connector name can include only US ASCII alpha-numeric characters, embedded spaces, one or more of the following characters: !"%&()+-,./:<>=?@[]_| and some of the upper ASCII diacritical characters. This restriction does not apply if the administrative group previously contained Exchange 5.5 servers. If you have already created a connector with restricted characters in the name, you can safely delete it and then recreate it using only the allowable characters.

If it is necessary for you to include characters outside this range in the names of SMTP, X.400, or Routing Group Connectors, it is possible to configure Exchange to support this. Use a directory editor, such as ADSI Edit or LDP.exe, to modify the "legacyExchangeDN" attribute on each connector with restricted characters in its name.

First, discover the new "legacyExchangeDN" value to be set on the connector by using your directory editor to read the attributes of the connector from an Exchange 5.5 Directory Service or from the Exchange 2000 Site Replication Service. The value you need to copy is contained in the "Obj-Dist-Name" attribute on the connector.

Next, use your directory editor to modify the "legacyExchangeDN" attribute of the connector in the Windows 2000 Active Directory. Replace the existing value of this attribute with the new value obtained from the previous step. After a period of time governed by Active Directory replication latency and Exchange 2000 directory caching, mail will be able to flow over this connector. To reduce this period, perform the modification on an Active Directory that is used for configuration information by one of the Exchange 2000 servers hosting this connector.

Connector Restriction Checking is Disabled by Default

If you need to apply a distribution list-based restriction to a connector, you must manually enable the checking of these restrictions. Restriction checking is controlled by a registry key that must be set on the Exchange 2000 bridgehead that is the source for the connector being checked. To enable restriction checking, in HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Resvc/Parameters/ create a REG_DWORD key, name it CheckConnectorRestrictions, and then set it to "1". If you specify a restriction, but do not create the registry key, the restriction will not be checked.

Connecting to Foreign Systems

Exchange 2000 Does Not Support Dynamic RAS Connector

If you use a Dynamic RAS Connector in Exchange 5.5, you must remove it and the associated transport stack (RAS MTA Transport Stack) before upgrading to the released version of Exchange 2000. Exchange 2000 does not include this connector or the associated transport stack. Specific details and upgrade recommendations will be available in KB articles, as well as upgrade and migration documentation. One recommended alternative is to perform an in-place upgrade.

To perform an in-place upgrade of Exchange 5.5:

• Upgrade the server's operating system to Microsoft Windows 2000, if it hasn't been done already.

  Create replacement connectors in Exchange 5.5 Administrator:

  • Install and configure Internet Mail Service to use Dial-Up and your current phonebook entries, and/or

  • Create/configure X.400 Connectors to use Routing and Remote Access (RRAS). This requires that RRAS be installed.

• Remove the unsupported RAS connectors.

• Remove the unsupported RAS MTA transport stack.

• Upgrade the server to the released version of Exchange 2000.

Simple Mail Transfer Protocol

SMTP Connector Not Required For Internet Mail Capabilities

Exchange 2000 can send and receive Internet e-mail by default. All servers can connect directly to any external Simple Mail Transfer Protocol (SMTP) addresses if all servers can reach the Internet, and if you have set the domain name servers on all network connections. The only reason to create an SMTP connector is to route all outbound SMTP mail through a particular server or set of gateway servers.

Set Smart Host After Internet Mail Service Upgrade

If you used the Internet Mail Service to connect to another Exchange 5.5 site in the same organization, you must manually set the smart host field on the Exchange 2000 SMTP connector that is created as a result of the upgrade. In Exchange 5.5, the destination host information was commonly put on the Routing Address tab of the remote site information. In Exchange 2000, that information must be entered as the smart host of the connector. If you previously used Internet Mail Service to connect to multiple sites, you must create multiple SMTP connectors, each with one connected routing group entry and the appropriate smart host. You can set the smart host either on the Delivery tab of the SMTP virtual server or on the General tab of the SMTP connector.

If both sides of the connection are Exchange 2000 servers, consider replacing the Internet Mail Service with a Routing Group connector, which is much simpler to configure and will use the SMTP protocol if both sides of the connection are Exchange 2000 servers.

Content Configurations Set on Internet Mail Service Need to be Manually Moved When Using Exchange 2000 as an SMTP Bridgehead

In Exchange 5.5, if you have specified a per-domain content configuration on an Internet Mail Service (for example, all messages in your domain are formatted in rich text and all attachments are formatted in MIME) you must manually enter those content configuration settings into the Exchange 2000 System Manager. Additionally, Exchange 5.5 allowed you to set the content configurations on each instance of Internet Mail Service, so you might have different settings on each instance of Internet Mail Service, while Exchange 2000 consolidates all settings in one global container per organization. All settings from all Internet Mail Services need to be migrated to the Exchange 2000 System Manager. This must be done even if you have only one SMTP connector outside of your Exchange organization hosted on an Exchange 2000 server.

To view the settings on an Exchange 5.5 server:

1. Using the Exchange 5.5 Administrator program, select a site, click Connections, and then double-click the Internet Mail Service to be modified.

2. Click the Internet Mail tab, and then click the E-Mail Domain button.

3. To view each domain that has been configured, double-click the domain.

To enter settings in Exchange System Manager:

1. Navigate to the Global Settings node.

2. In the Console tree, double-click Global Settings, and then select the Internet Message Formats node. Note that there is one default format in the right-hand pane.

3. To create a new format for a specific domain, right-click Internet Message Formats, select New, and then select Domain.

4. In the Properties dialog box, type the setting values.

Need to Manually Upgrade Some IMS Configuration Data

Some Exchange 5.5 Internet Mail Service (IMS) configuration data is not upgraded when a server is upgraded from Exchange 5.5 to Exchange 2000. To view the configuration state of the Exchange 5.5 IMS before it was upgraded, use Exchange 5.5 Administrator to connect to another Exchange 5.5 server in the same organization. Open the properties of the newly upgraded connector. The Extension-Data attribute remains in the Exchange 5.5 directory and Exchange 5.5 Administrator can use it to display the Exchange 5.5 configuration details. After viewing the pre-upgrade configuration, you can then upgrade the Exchange 2000 configuration accordingly, through Exchange System Manager or the Internet Information Services MMC snap-in.

Clustering

A Cluster Server Cannot be a Front-end Server

Since clustering provides Exchange mailbox servers failover capability if they are connected to shared storage, and front-end servers only relay Internet client protocol commands to mailbox servers, there is no benefit to using a cluster server as a front-end server. However, front-end servers can be made more fault tolerant by using multiple front-end servers and a load balancing scheme.

Installing Outlook on a Clustered Node with Exchange 2000 Prevents Schedule+ Free/Busy from Working Correctly

When Outlook is installed on a clustered node with Exchange 2000, it changes the HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Exchange \Exchange Provider\Rpc_Binding_Order key value to "ncalrpc". This causes Schedule+ Free/Busy to stop working. To fix this, after installing Outlook you must change the key back to the original values used.

To set the registry key on the server:

1. On the Start menu, click Run.

2. In Open, type regedit.

3. Navigate to the following key: HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Exchange \Exchange Provider\Rpc_Binding_Order.

4. Right-click Rpc_Binding_Order, and then click Modify.

5. In Value data, type ncacn_ip_tcp,ncacn_spx,ncacn_np,NETBIOS.

Configuring Recipient Update Service On a Cluster

The network name resource for an Exchange server must be available to designate that server as the owner for a Recipient Update Service. If the server's network name resource is not available, or the server name is no longer registered with Domain Name System (DNS), attempting to designate a server as the owner will fail with an error stating "the network name was not found." If this error occurs, you can either select another server, which may or may not be a cluster, as your Recipient Update Service server or make sure that the network name resource of the cluster virtual server group is available before you select Cancel or OK.

Message Transfer Agent

Do Not Remove the MTA From the Original Exchange Virtual Server in a Mixed-Mode Environment

Exchange virtual servers include several resources, one of which is the Message Transfer Agent (MTA). Do not remove the MTA resource from the original Exchange virtual server that it was created in while the server is in a mixed-mode environment. Note that you cannot delete the original virtual server with the MTA resource unless it is the last virtual server in the cluster. If the original virtual server with the MTA resource is deleted, you must add a replacement Exchange virtual server back to the cluster, using the same network name as the original virtual server. Then you must move all users from the replacement server, before removing all other applications and data from the cluster again.

Event Viewer

Event Viewer May Contain an Incorrect Server Name on Clusters

If you use Event Viewer to read an event message generated by Web Storage System, the server name listed in the Computer field may be incorrect. To view the correct server where the event message was generated, use the description of the event message. The correct server name is listed in the database path displayed in the description of the message.

Protocol Virtual Servers

Protocol Virtual Servers on a Cluster Must Accept Connections from Their Own IP Address

All protocol virtual servers, including Hypertext Transfer Protocol (HTTP), Simple Mail Transfer Protocol (SMTP), Post Office Protocol version 3 (POP3), and Internet Message Access Protocol (IMAP), allow you to reject all connections from all servers. If a protocol virtual server is configured to reject all connections, the protocol virtual server will reject the IsAlive calls from exres.dll. Each protocol virtual server must accept connections from its own Internet Protocol (IP) address. To verify a protocol server can accept connections from its own IP address, open the Properties dialog box for the protocol virtual server. On the Access Tab, click Connection. If the option to accept connections from Only the list below is selected, verify that the Exchange Virtual Server's IP address is listed.

Using Secure Sockets Layer on Clusters

To use Secure Sockets Layer (SSL) with protocols on a cluster, you must install a certificate with Exchange System Manager and an Exchange virtual server on the same node. After installing the first certificate, failover the virtual server to the second node, and then use Exchange System Manager on the second node to install another certificate.

Installing Exchange 2000 on a Cluster Requires a Physical Disk Resource

Exchange 2000 does not work on all cluster hardware and requires a disk resource of type "Physical Disk." Do not upgrade or install Exchange 2000 on a cluster that does not have a disk resource named "Physical Disk." Unless your cluster hardware uses the NT cluster resource "Physical Disk" do not install or upgrade your cluster to Exchange 2000.

Chat, Instant Messaging, and Multimedia Messaging

Chat

Exchange 2000 Chat Service Can Run on Exchange Chat Service 5.5 SP1 or Later

To migrate configuration data to the Exchange 2000 Chat Service, you must have Chat Service version 5.5 Service Pack 1 (SP1) or later installed on the server that will be running Exchange 2000 Chat Service. Although it is recommended that only one version of Chat Service be running on one server at a time, you can run both versions simultaneously to migrate data. To run both versions of the Chat Service, the Profanity and Transcription server extensions must be enabled on only one version. In addition, each version of the Chat Service must use a different client port number. By default the Chat Service uses port 6667, so you must change one version of the service to use an alternative port.

Instant Messaging

Uninstall Instant Messaging Virtual Servers Before Removing an IIS Server

If you want to remove an Internet Information Services (IIS) server that is associated with an Instant Messaging virtual server, you must first delete the Instant Messaging virtual server, and then delete the IIS server. If you delete the IIS server first, the Instant Messaging virtual server cannot be deleted from Exchange System Manager. Instead, the Instant Messaging virtual server must be removed from the directory using an Active Directory editing tool. For more information regarding this manual removal process, contact Product Support Services.

Users with Double-Byte Character Set Display Names are Unable to Log On

Instant Messaging user display names cannot contain any double-byte character set (DBCS) characters. You must configure an ASCII Simple Mail Transfer Protocol (SMTP) address before enabling the user for Instant Messaging. If an ASCII SMTP address is not set, the user will not be able to log on to the Instant Messaging server.

Users Must Supply a Password to Authenticate by Digest

To log on to an Instant Messaging server, a user must supply a user name and password when authenticating with the server by Digest Authentication. The server allows two authentication methods: Windows Integrated Authentication (NTLM) and Digest Authentication. Windows Integrated authentication will accept blank passwords, but Digest authentication will not. If the user is authenticating by Digest, they must type a password in the Log On dialog box, or authentication will fail and the user will not be allowed to log on to the server.

Uninstalling Instant Messaging

To uninstall Instant Messaging, you must first remove all Instant Messaging virtual servers from your organization. After successfully removing virtual servers, all users assigned to these servers are automatically disabled for instant messaging. If you do not remove an instant messaging virtual server, then you need to manually disable the associated users for instant messaging. If this is not done, users will still be enabled for Instant Messaging if a reinstallation takes place.

Changing the Instant Messaging Database Location

To change the location of the Instant Messaging data files, you must change the database location, and then restart the associated service.

To change the location of the Instant Messaging database and log files:

1. In Exchange System Manager, double-click Servers, select a server, double-click Protocols, right-click Instant Messaging (RVP), and then select Properties.

2. On the General tab, in Database Location, type or browse to the new location for the database, and then in Logfile Location, type or browse to the new location for the log files.

3. To verify that the new locations are being used, in Services, right-click World Wide Web Publishing service, and then select Restart.

Disabling Promotional Banners

To disable the promotional banners that are displayed at the bottom of the Instant Messaging client, the following two registry settings need to be set:

Note: The following combinations of registry settings will also disable MSN Messenger connectivity.

• HKEY_LOCAL_MACHINE \Software \Microsoft \MessengerService \Policies \DisableCrossPromo needs to be set to a non-zero binary value.

• HKEY_LOCAL_MACHINE \Software \Microsoft \MessengerService \Policies \ExchangeConn must be set to "10" in binary.

Home Servers Must Have an FQDN in Multiple Domain Environments

If you have multiple domains that host Instant Messaging users, you must use Fully Qualified Domain Names (FQDN) for all home servers. For example, instead of naming a home server InstMsgServer1, include the entire domain name, such as InstMsgServer1.microsoft.com. If you do not use an FQDN, your domain's Domain Name System (DNS) server will not able to determine the correct server to use when querying for a home server in a different domain. Additionally, if Integrated Windows authentication is being used, the client's proxy exclusion list should include all home servers in each domain.

To add home servers to the client proxy exclusion list:

1. In Internet Explorer, on the Tools menu, select Internet Options.

2. On the Connections tab, click LAN Settings.

3. In the Local Area Network LAN Settings dialog box, in Proxy server, click Advanced, and then in Exceptions, type the addresses of the home servers.

Multimedia Messaging

Configuring VPIM Inbound and Outbound Conversion

Exchange 2000 supports the VPIM message format by converting VPIM version 2 messages to the Microsoft Multimedia Message format. This operation can be performed inbound by converting inbound VPIM messages to Microsoft Multimedia Message format, or outbound by converting Microsoft Multimedia Message to VPIM, if the message is sent to a VPIM recipient. By default, the conversion in both directions is disabled. If your users will be communicating with VPIM users, you can enable conversion using a directory editor, such as ADSI Edit or LDP.exe. For each Exchange server that you want to enable VPIM conversion on, you must set the following attributes, which are located on every msExchExchangeServer object in Active Directory.

• For inbound VPIM to Microsoft Multimedia Message conversion, set msExchVPIMConvertInbound to TRUE.

• For outbound Microsoft Multimedia Message to VPIM conversion, set msExchVPIMConvertOutbound to TRUE.

Install Outlook 2000 Extensions to Enable Exchange Multimedia Messaging

Users need to install Outlook 2000 extensions for Exchange Multimedia Messaging. These extensions can be found at https://MachineName/Exchweb/Bin/Emsetup.asp. The Outlook 2000 extensions for Exchange Multimedia Messaging enable users to record audio and video messages with Exchange 2000 controls in the Outlook 2000 user interface. Each piece of multimedia is rendered in the message as a bookmark, which a recipient can click to start the playback of the audio or video message. Users also have the option of integrating this multimedia information with text.

Windows 98 First Edition and Non-USB Cameras Not Supported for Multimedia Messaging

Outlook 2000 and Outlook Web Access multimedia extensions are supported with USB cameras on Windows 98 Second Edition and Windows 2000 Professional. Non-USB camera devices are not supported. Windows 98 First Edition is not supported.

Security

Key Management Service

Publishing Certificates Requires a Global Catalog in Every User Domain

Before enrolling users in security through Key Management Service, a global catalog must exist in the same domain as the users, or clients will not be able to publish certificates into the directory. Additionally, a registry entry must be set on every client computer in order for clients to publish to that global catalog.

To set the registry key:

1. On the Start menu, click Run.

2. In Open, type regedit.

3. Navigate to the following key: HKEY_Local_Machine \Software \Microsoft \Exchange \Exchange Provider.

4. Right-click Exchange Provider, point to New, and then click String Value.

5. Type ds server, and then press ENTER.

6. Right-click ds server, and then click Modify.

7. In Value data, type the name of the global catalog server.

Outlook Client Needs Specific Registry Key to Use Certification Revocation List Distribution Points

Outlook does not use Certification Revocation List Distribution Points by default. You must set a registry key to allow Outlook to locate a valid Certification Revocation List when it receives secure e-mail and does not already have a valid Certification Revocation List for the issuer. Setting the registry key will allow Outlook to use the Certification Revocation List Distribution Points in the certificate to get a valid Certification Revocation List for the issuer, providing that the certificate includes a Certification Revocation List Distribution Point.

Create the following registry key on the client: HKEY_LOCAL_MACHINE \Software \Microsoft \Cryptography{7801ebd0-cf4b-11d0-851f-0060979387ea} PolicyFlags=dword:0x00010000

Key Management Service Needs a Server Registry Key to Publish Certification Revocation Lists After Upgrading to Exchange 2000

If you have an Exchange 5.5 certificate authority (CA) with the Exchange policy module installed, the CA does not add the Certification Revocation List Distribution Point extension to certificates. If a user is enrolled in security through an Exchange 5.5 version of Key Management Service, their certificates will not have a Certification Revocation List Distribution Point. A valid Certification Revocation List can still be located, as long as the Key Management Service version is Exchange 5.5. This is because in Exchange 5.5 Key Management Service published Certification Revocation Lists, and Outlook will by default check the CA object for Certification Revocation Lists. If a CA that previously had the Exchange 5.5 Key Management Service policy module installed has been upgraded to the Exchange 2000 version of Key Management Service, you must set a registry key on the server to allow Key Management Service to publish Certification Revocation Lists. This registry key can contain multiple CAs, and Key Management Service will publish the Certification Revocation Lists for all listed.

To set the registry key on the server:

1. On the Start menu, click Run.

2. In Open, type regedit.

3. Navigate to the following key: HKEY_LOCAL_MACHINE \Software \Microsoft \Exchange \KMServer.

4. Right-click KMServer, point to New, and then click String Value.

5. Type V3CaConfigStrings, and then press ENTER.

6. Right-click V3CaConfigStrings, and then click Modify.

7. In Value data, type the Config String of all CAs you want to publish Certification Revocation Lists for.

Key Management Service Database Must Be Backed Up Locally

For security reasons, the Key Management Service database cannot be backed up from a remote computer. NT Backup will only allow backup of the Key Management Service database from the local server.

Key Management Service Administration in a Mixed Environment

The Key Management object in Exchange 2000 is administered only by an Exchange 2000 Key Management Service. The certification authority object in Exchange 5.5 is only administered from an Exchange 5.5 Key Management Service. The Encryption Configuration object in Exchange 2000, known as a Site Encryption object in Exchange 5.5, is administered from Exchange 2000's System Manager in all instances except in a pure Exchange 5.5 site. In a pure Exchange 5.5 site, the Site Encryption object is administered from the Exchange 5.5 Administrator.

Administrator Rights

Domain Administrators Assign Security Permissions to Administer Exchange

Administrative rights for managing user and contact objects are assigned by domain administrators and are separate from the Exchange Administrator rights. If you are not given permissions to manage Exchange objects, you will not be able to make your groups, contacts, and users mail-enabled. If you do not have permissions to manage Exchange objects, you can still create a new user. However, you cannot create an e-mail address for that user. To create a new user, group, or contact without an e-mail address, in Active Directory Computers and Users, in New Object Wizard, click to clear the Create an Exchange Mailbox check box.

Virtual Servers

HTTP Virtual Servers

Double-Byte Character Sets Not Supported in Virtual Directory Names

Exchange 2000 does not support double-byte character sets (DBCS) in virtual directory alias names. In Exchange System Manager, you can create virtual directories for a virtual server. When you are creating the path or the folder used by the virtual directory, DBCS characters, also known as extended characters, should not be used.

IMAP Virtual Servers

IMAP Message Format is Set to HTML by Default

In Exchange 2000, the default for converting MAPI messages to MIME format has been changed to HTML. If you have users who are using an Internet Message Access Protocol (IMAP) client that does not handle HTML, such as Microsoft Pocket Outlook, you must change this message format on either the server or on a per-user basis. For more information on changing the message format, see the Exchange 2000 online documentation.

NNTP Virtual Servers

To Use NNTP to Post Messages to a Moderated Newsgroup Requires Windows 2000 Service Pack 2

NNTP posts to a moderated newsgroup will fail and a "441 Article Rejected" error message will be returned to the NNTP client. Windows 2000 Service Pack 2 (SP2) must be applied to the Exchange 2000 NNTP server to correct this problem. Contact Microsoft Exchange Product Support Services for updates related to this issue.

Web Storage System

Event Sinks Set to Run as "Launching User" Have System Account Privileges

Sinks for Web Storage System events are implemented as Component Object Model (COM) components, either as a COM dynamic-link library (DLL) hosted in a Microsoft Transaction Server (MTS) package, or as a COM executable. If an MTS package or COM executable is set to run as "launching user," the System account will be used because this is the user context of the Web Storage System process. An event sink running under the System account will have access to all data in all stores, including any user's mailbox.

Recovering a Database After a Disaster

After you run Setup in disaster recovery mode, and before using Ntbackup.exe to restore a database, you must verify that there are no files with the .log or .chk extension in the storage group where you want to restore a backup. The presence of either type of file results in failure during recovery if the log signatures on the existing logs do not match the signatures on the backup logs. These types of files can be created if you create a new database in a new storage group and cancel the creation of the .edb file.

Restore Must Complete Before Using the Temporary Log Directory for Another Restore

If you want to restore two databases successively from the same storage group at the same time, choose different directories to save the temporary logs. Otherwise, if you successively restore two databases that are part of the same storage group to the same temporary log directory, the first restore must be complete before starting a second restore of another database in the same storage group. To complete a restore, in NT Backup, you must click the Last Backup Set check box, and then the log file replay must complete. To verify that the restore and log file replay is complete, check the Application Log.

Deleting a Persisted Search Folder Through IFS Deletes All Referenced Items

A persisted search folder can be programmatically created using HTTP/DAV. If you delete a persisted search folder through IFS, all referenced items in the search folder are deleted. Persisted search folders are not created by default, and must be manually created in custom code.

Safely Deleting a Database to Avoid Impacting E-mail that Is In Transit

If you want to delete a database on a server, you need to complete the following steps to ensure that you will not accidentally delete any e-mail that is in transit to or from any database on the server. These steps are necessary because the Exchange 2000 server's transport and message transfer agent (MTA) components may be using the database to transfer all messages on the server to and from Web Storage System. If that is the case, deleting the database will result in the deletion of any messages in transit on that server, and no non-delivery reports will be generated.

To delete the database:

1. In Exchange System Manager, right-click the appropriate database, and then click Properties.

2. On the Database tab, click to clear Do not mount the store at startup.

3. Restart all Exchange services.

4. In Exchange System Manager, right-click the database, and then click Mount Store.

   Note: You must wait for all previously-sent messages that are still in transit from the database and destined for the database to be delivered. By default this will either happen within two days or else these messages will non-deliver. Typically this will happen within a couple of hours.

5. In Exchange System Manager, right-click the database, and then click Delete.

Application Converter for Lotus Notes

MXOCX2 Queries Do Not Support the Currency Data Type

If you create a form that uses the MXOCX2 query method, and you use the currency data type in the query, you will receive an error stating that the query contains incompatible data types. Queries containing currency data type are not supported in MXOCX2.

Public Folder Items May Not Replicate Correctly to Lotus Notes

If you add items to public folders using message classes that have no Lotus Notes counterpart, such as Discussions or Tasks, those items will not replicate to Lotus Notes correctly. The From and Subject fields will appear in the replicated item, but the body content will not.

Insufficient Memory Causes Replication to Fail

You may experience replication failures when replicating an Exchange public folder with a Lotus Notes folder (or visa versa) than has a large number of messages (tens to hundreds of thousands). To prevent this problem, allocate more memory to the Exchange server or Lotus Notes server.

Cannot Directly Upgrade from Previous Versions of ASN Tools

You cannot directly upgrade previous versions of Microsoft Exchange Application Converter (ASN) for Lotus Notes. This is because the upgraded Application Converter combines functionality from two previous products, Application Conversion Assistant and Application Connector. You do not need to upgrade Application Conversion Assistant because the Outlook forms it generates are unaffected by installation of the new Application Converter. However, you must upgrade Application Connector. The connector, which replicates data periodically between Lotus Notes databases and Exchange folders, is replaced by the Connection Manager component of Application Converter.

To update Application Connector to Connection Manager:

1. Stop Application Connector Service, and then uninstall it.

2. Install the new Application Connector.

3. For each existing connection, copy the .pft file into the directory where Application Converter is installed.

   Use Connection Manager to make a new connection between the same Lotus Notes database and Exchange folder, and complete the following:

   • Specify the location of the .pft file you copied.

   • Configure your replication settings.

Need to Reset the JIT Debugger After Notes Client Setup

You should reset the Just-in-Time (JIT) debugger setting after installing a Lotus Notes client on an Exchange server. This will allow Connectivity Controller to restart a Lotus Notes e-mail connector process if it failed to handle an exception, and to continue with normal operation. Otherwise, after installation, Lotus Notes uses its "Quincy" utility to handle an exception, and this requires administrator intervention for termination of the failed process.

To reset the debugger setting:

1. On the Start menu, click Run.

2. In Open, type regedit.

3. Remove the following key: HKEY_LOCAL_MACHINE \Software \Microsoft \Windows NT\CurrentVersion\AeDebug.

MXCheck, MXRadio, and MXCombo Queries Fail on the Server

Queries submitted using the MXCheck, MXRadio, and MXCombo controls provided in MXOCX2.Dll, will fail if they are run on an Exchange 2000 server.

Errors When Installing Application Converter for Lotus Notes on a Windows 2000 Computer

If you install Application Converter for Lotus Notes on a computer running Windows 2000, before you install Microsoft Office 2000 or Outlook 2000, setup may fail and the following error may occur when you run Office Setup: "Internal Error 2343." To prevent this error from occurring, install Microsoft Office 2000 or Outlook 2000 before you install Application Converter for Lotus Notes, or use an Office utility to fix the problem after you install Application Converter for Lotus Notes.

The following Knowledge Base articles contain details on this problem and the utility:

• 228668 (https://support.microsoft.com/default.aspx?scid=kb;en-us;228668&sd=tech )

• 234435 (https://support.microsoft.com/default.aspx?scid=kb;en-us;234435&sd=tech )

Addendum

Microsoft Exchange 2000 Server, Microsoft Exchange 2000 Enterprise Server Release Notes

This document is a supplement to the Release Notes provided with Exchange 2000 Server and lists critical issues that can potentially impede you from successfully installing or deploying Exchange 2000 in your environment.

Forcing an Installation of Exchange Conferencing Server

Before Exchange Conferencing Server is installed, Setup runs prerequisite checks to locate a valid server to install Exchange Conferencing Server onto. If the Fully Qualified Domain Name (FQDN) and the domain name do not match, Setup will not be able to recognize a valid installation server, and you will not be allowed to install Conferencing Server. If this problem occurs, you must set up a register key override before you are allowed to install Conferencing Server.

To bypass the prerequisite check, set the appropriate registry key:

1. On the Start menu, click Run.

2. In Open, type regedit.

3. Navigate to the following key: HKEY Local Machine\SOFTWARE\Microsoft\Exchange Conferencing\Parameters.

4. Right-click Parameters, point to New, and then click DWORD.

5. Type a name of Setup Prerequisites, and then press ENTER.

6. Right-click Setup Prerequisites, and then click Modify.

7. In Value name, make sure it says Setup Prerequisites.

   In Base, select Hexadecimal, and in Value data, enter one of the following values depending on your situation:

   • To force a valid FIRST installation of Conferencing with IIS installed, type in 1A7.

   • To force a valid SECOND+ installation of Conferencing with IIS installed, type in 1BF.

   • To force a valid FIRST installation of Conferencing without IIS installed, type in 27.

   • To force a valid SECOND installation of Conferencing without IIS installed, type in 3F.

Key Management Server and Global Catalogs

If you are using Exchange 2000 Key Management Server and you are enrolling users that are located in a separate domain, then you should apply Windows 2000 hotfix 272378 on the server running the Key Management Server. Without this hotfix you may experience problems enrolling new users.

Deleting a Public Folder Database Can Impact E-Mail Flow

Problems with e-mail flow can arise when a deleted database is still referenced as the default public folder store for an Exchange 2000 Private Store database. To ensure that mail flow is not impacted, before deleting the database, ensure that no Exchange 2000 databases use the database to be deleted. If not caught before the database is deleted, this issue can result in messages being removed from the queues without notification or logging. The missing messages can be replayed once the situation is resolved.