Common Unsupported Exchange 2007 Configurations

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This document summarizes common unsupported configurations and scenarios that you may experience when you deploy or maintain Microsoft Exchange Server 2007. For each issue, available workarounds or resolutions are suggested.

Important

This is not an exhaustive list of unsupported Exchange 2007 configurations. Instead, this list is a summary of some of the most common issues that Microsoft Customer Support Services (CSS), Microsoft Premier Support, and Microsoft Consulting Services handle with respect to the deployment and management operations of Exchange 2007. To reduce the likelihood that you may experience an issue with your Exchange deployment, we recommend that you review this list before you deploy Exchange 2007 in your organization. For more information about how to contact Microsoft, see Microsoft Knowledge Base article 295539, How and when to contact Microsoft Customer Service and Support.

This document is divided into the following sections:

  • Installation issues

  • Management issues

  • Networking issues

  • Database and backup issues

  • Clustering and Network Load Balancing issues

Installation Issues

You Cannot Perform an In-Place Upgrade from Windows Server 2003 to Windows Server 2008

Issue When you upgrade a computer that is running Exchange 2007 from Windows Server 2003 to Windows Server 2008, many Exchange-related services fail to start.

Cause This issue occurs because Exchange does not support an in-place upgrade from Windows Server 2003 to Windows Server 2008.

Resolution For information about how to work around this issue, and to restore Exchange functionality, see Microsoft Knowledge Base article 951402, Multiple Exchange Server 2007 services do not start when you upgrade a computer that is also running Windows Server 2003 to Windows Server 2008.

Forefront Security for Exchange Server Is Not Supported on a Computer That Is Running Exchange 2007 SP1

Issue You may be able to install Microsoft Forefront Security for Exchange Server on a computer that is running Exchange 2007 SP1 successfully. However, Forefront Security for Exchange Server may not run as expected.

Cause Although you may be able to successfully install the release version of Forefront Security for Exchange Server on a computer that is running Exchange 2007 SP1, this kind of installation is not supported.

Resolution To resolve this issue, install Forefront Security for Exchange Server Service Pack 1 (SP1). Forefront Security for Exchange Server SP1 is currently the only release of Forefront Security for Exchange that is compatible with Exchange 2007 SP1.

For more information, see Microsoft Knowledge Base article 946783, Things to consider before you install Forefront Security for Exchange Server Service Pack 1 on a computer that is running Exchange Server 2007 Service Pack 1.

Forefront Security for SharePoint Is Not Supported on a Computer That Is Running Exchange 2007 and SharePoint Server 2007

Issue When you try to perform a manual scan in Forefront Security for SharePoint, the scan fails.

Cause This issue occurs if the following two programs are installed on the server:

  • Microsoft Office SharePoint Server 2007

  • Microsoft Exchange Server 2007

Forefront Security for SharePoint does not support this configuration.

Resolution To resolve this issue, install Microsoft Forefront Security for Exchange Server instead of Forefront Security for SharePoint. For more information, see Microsoft Knowledge Base article 940875, A manual scan fails in Forefront Security for SharePoint and Microsoft Knowledge Base article 940874, Compatibility of Forefront Security for SharePoint with Exchange Server 2007.

You Cannot Install a 64-Bit Version of Exchange 2007 on a Computer That Has a 32-Bit Operating System

Issue When you try to install Exchange 2007, you receive the following error message:

The image file path\setup.exe is valid, but is for a machine type other than the current machine.

Cause The 64-bit version of Exchange is not supported on 32-bit operating systems.

Resolution To resolve this issue, install Exchange 2007 on a computer that has an x64-based version of Windows. Or, if you want to install only the Exchange 2007 administration tools, or you want only to prepare the Active Directory directory service for the installation of Exchange 2007, obtain the 32-bit version of Exchange 2007.

For more information, see Microsoft Knowledge Base article 937883, Error message when you try to install Exchange Server 2007: "The image file <path>\setup.exe is valid, but is for a machine type other than the current machine".

You Cannot Install Exchange 2003 in a Pure Exchange 2007 Environment

Issue When you try to install Microsoft Exchange Server 2003, you receive the following error message:

Setup failed while installing sub-component Microsoft Exchange Server-Level Objects with error code 0x80072030 (please consult the installation logs for a detailed description). You may cancel the installation or try the failed step again

Cause This problem occurs because a pure Exchange 2007 environment does not support the installation of Exchange 2003. The Exchange 2007 Setup program prepares the Active Directory schema for the installation of Exchange 2007. However, the Setup program does not create the CN=Active Directory Connections container in the CN=Microsoft Exchange container in Active Directory. Exchange 2003 requires this container.

Resolution Currently, there is no resolution for this issue. For more information, see Microsoft Knowledge Base article 937051, Error message when you try to install Exchange Server 2003: "Setup failed while installing sub-component Microsoft Exchange Server-Level Objects with error code 0x80072030".

You Cannot Install the Exchange Management Console on a Windows Vista-Based Computer

Issue When you try to install the Exchange Management Console on a Windows Vista-based computer, you receive the following error message:

Exchange 2007 cannot be used with the version of Windows operating system running on this computer.

Cause This issue occurs because the Exchange Management Console is not supported on the original release version of Windows Vista. You can install the Exchange Management Console on a computer that is running Windows Vista Service Pack 1 (SP1).

Resolution To work around this issue, use one of the following methods:

  • Use a remote desktop connection to connect to a server that is running the Exchange Server Management Tools.

  • Install Windows Vista SP1, and then install the Exchange Server Management Tools.

For more information, see Microsoft Knowledge Base article 931903, You cannot install the Exchange Management Console or the Exchange System Manager on a Windows Vista-based computer.

You Cannot Install Exchange 2007 SP1 into a Domain That Has a Single-Label DNS Name

Issue When you try to install Exchange 2007 SP1 in an Active Directory forest that contains a single-label domain name such as Contoso (instead of Contoso.com), you receive the following error message:

Microsoft Exchange Server 2007 setup cannot continue because this computer belongs to a domain that has a single-labeled DNS name. DNS domain name: XYZ

Cause The Exchange 2007 SP1 Setup program performs a prerequisite check and does not continue if the environment includes single-label DNS names. Single-label DNS names are DNS names that do not contain a suffix such as .com.

Resolution To resolve this issue, see Exchange 2007 Setup Stops Because the Domain Has a Single-Label DNS Name.

Issue When you try to install the Exchange 2007 Mailbox server role on a computer, the installation is unsuccessful. In this scenario, the Setup program fails when it tries to start the Microsoft Exchange System Attendant service.

Cause This issue occurs if the NWLink protocol is installed on the server. Exchange 2007 has not been tested in environments that have the NWLink protocol installed. Therefore, we do not support the installation of Exchange 2007 on computers that are running the NWLink protocol.

Resolution To resolve this issue, remove the NWLink protocol, and then restart the Exchange installation.

You Cannot Install the Original Release Version of Exchange 2007 on a Windows Server 2008-Based Computer

Issue The original release (RTM) version of Exchange 2007 is not supported for installation on a computer that is running Windows Server 2008.

Resolution To resolve this issue, install Exchange 2007 SP1. Exchange 2007 SP1 is supported by Windows Server 2008.

Manual Removal of Exchange 2007 Is Not Supported

Issue You may be unable to manually remove Exchange 2007 from a computer.

Cause Exchange 2007 is removed differently from earlier versions of Exchange. You cannot manually remove Exchange 2007 from a computer.

Resolution To remove Exchange 2007 and to remove the Exchange 2007 object from Active Directory, use one of the following methods:

  • Use the Add or Remove Programs item in Control Panel.

  • Use the Setup program on the Exchange 2007 media.

For more information, see Microsoft Knowledge Base article 927464, How to remove Exchange 2007 from a computer.

The Installation of a Client Access Server in a Perimeter Network Is Not Supported

Issue You may want to install an Exchange 2007 Client Access server in a perimeter network. However, this type of installation is not supported in Exchange 2007.

Cause The Exchange 2007 Client Access server role is not supported in any configuration in which a firewall is located between the Client Access server and a Mailbox server or a domain controller. This includes firewall devices, firewall programs, or any program or device that is designed to restrict traffic between two network locations.

For correct operation, Client Access servers require typical domain connectivity to domain controllers and global catalog servers. Because any devices or programs that restrict or reduce access to domain controllers or global catalog servers may affect the correct operation of the Client Access server, we do not support this type of configuration.

Resolution To resolve this issue, move the Client Access servers to the internal network. For more information about the ports that Exchange 2007 uses for various services, see Data Path Security Reference.

Exchange 2007 Does Not Support Outlook Anywhere in Web Sites Other than the Default Web Site on a Client Access Server

IssueYou may want to configure Outlook Anywhere on a Web site other than the Default Web Site on a Client Access server. However, this scenario is not supported in Exchange 2007.

Cause While both Windows Server 2003 and Windows Server 2008 support specifying different Web sites for the RPC Proxy component, Exchange 2007 does not support Outlook Anywhere in Web sites other than the Default Web Site on a Client Access server. Additionally, Windows and Exchange Server do not support RPC Proxy or Outlook Anywhere running on multiple Web sites on the same server.

Management Issues

The Hierarchical Address Book Is Only Supported for Japanese Versions of Exchange

Issue Although the Hierarchical Address Book (HAB) is tested in both the English and Japanese versions of Exchange 2007, the HAB is only supported for use with Japanese versions of Exchange.

Resolution To work around this issue, use the HAB only with Japanese versions of Exchange. For more information, see Microsoft Knowledge Base article 948810, Information about the support policy for the Hierarchical Address Book (HAB) feature in Exchange Server and in Outlook.

You Cannot Modify the Server Name After You Install the Exchange 2007 Edge Transport Role

Issue After you install the Edge Transport server role, you cannot change the server name.

Cause The Edge Transport role does not support modification of the server name.

Resolution To work around this issue, remove Exchange 2007, rename the server, and then reinstall Exchange. For more information, see How to Configure a DNS Suffix for the Edge Transport Server Role.

ISAPI Extensions or Filters to Modify Outlook Web Access Credentials Are Not Supported on a Server That Is Running Exchange 2007

Issue Microsoft does not support using ISAPI extensions or filters to modify Microsoft Office Outlook Web Access credentials on a server that is running Exchange.

Cause This scenario is not supported because of the adverse effect it can have on Outlook Web Access functionality. Additionally, there are no guidelines about how to correctly build an ISAPI filter that would change Outlook Web Access credentials.

Resolution Currently, there is no workaround for this issue. For more information, see Microsoft Knowledge Base article 938609, Microsoft does not support using ISAPI extensions or filters to modify Outlook Web Access credentials on a server that is running Exchange Server.

You Should Not Rename or Move the Exchange Administrative Group or the Exchange Routing Group in a Mixed-Mode Environment

Issue After you install Exchange 2007 in a mixed-mode environment, you must not rename or move the Exchange Administrative Group or the Exchange Routing Group.

Cause Moving objects that are contained in the Exchange Administrative Group or in the Exchange Routing Group is not supported in Exchange 2007. This is because Exchange 2007 uses the Exchange Administrative Group for configuration data storage. Exchange 2007 uses the Exchange Routing Group to communicate with earlier versions of Exchange Server.

Resolution Currently, there is no resolution for this issue. For more information, see Microsoft Knowledge Base article 931752, You must not rename or move the Exchange Administrative Group or the Exchange Routing Group after you install Exchange Server 2007 in a mixed-mode environment.

Moving an Exchange 2007 Server from One Domain to Another Domain Is Not Supported

Issue You cannot move an Exchange 2007 server from its current domain to a new domain.

Cause Moving an Exchange 2007 server from one domain to another domain is not supported. Additionally, running the setup /mode:recoverserver command against an Exchange computer object that was previously in a different domain is not supported.

Resolution Currently, there is no resolution or workaround for this issue. For more information, see Microsoft Knowledge Base article 925824, Moving an Exchange 2007 server to another domain is not supported.

You Cannot Rename a Windows 2003 Domain When Exchange 2007 Is Installed

Issue After you use the Rendom.exe tool to rename an existing Windows Server 2003 domain, the following services do not start on Exchange 2007-based computers:

  • Microsoft Exchange EdgeSync

  • Microsoft Exchange Information Store

  • Microsoft Exchange System Attendant

  • Microsoft Exchange Transport

Cause Domain rename operations are not supported when Exchange 2007 is installed in a Windows Server 2003 domain.

Resolution To work around this issue, use the Rendom.exe tool to rename the domain to its original name. For more information, see Microsoft Knowledge Base article 925822, The Microsoft Exchange System Attendant service does not start on a computer that is running Exchange Server 2007 after you rename a Windows Server 2003 domain.

You Cannot Move a Non-MAPI Public Folder Tree to an Exchange 2007 Server

Issue You may have more than one public folder tree in an Exchange 2003 environment. The second public folder tree is a non-MAPI tree, also known as an Application folder tree or a General Purpose folder tree. After you install Exchange 2007, you cannot move the non-MAPI public folder tree to an Exchange 2007 server.

Cause Exchange 2007 supports only one public folder tree. This is the default MAPI public folder tree. Therefore, you cannot move a non-MAPI public folder tree to an Exchange 2007 server.

Resolution Currently, there is no resolution for this issue. You must leave the non-MAPI public folder tree on an Exchange 2003 server. For more information, see Understanding Public Folders.

Networking issues

IPv4 Must Be Enabled in Windows Server 2008 for Exchange 2007 SP1 to Support IPv6

Issue By default, the IPv6 protocol and the IPv4 protocol are both installed and enabled in Windows Server 2008. You can remove the IPv4 protocol so that the server runs IPv6 exclusively. However, when you do this, you cannot configure IPv6 for Exchange 2007 SP1.

Cause To support using IPv6 in Windows Server 2008, Exchange 2007 requires both IPv4 and IPv6 to be installed on the Windows Server 2008-based computer.

Resolution To resolve this issue, install and enable IPv4 in Windows Server 2008. For more information, see IPv6 Support in Exchange 2007 SP1 and SP2.

Exchange 2007 Does Not Support IPv6 on Windows Server 2003-Based Computers

Issue On a server that is running Windows Server 2003, you may be able to enter IPv6 addresses in the Exchange Management Console or the Exchange Management Shell. However, you are unable to configure IPv6 for Exchange.

Cause IPv6 is not supported in any version of Exchange 2007 on a server that is running Windows Server 2003.

Resolution Currently, there is no resolution for this issue. For more information, see IPv6 Support in Exchange 2007 SP1 and SP2.

IPv6 Tunneling Over IPv4 Is Not Supported by Exchange 2007

Issue Windows Server 2008 supports tunneling IPv6 over IPv4. However, this type of configuration is not supported by Exchange 2007.

Resolution Currently, there is no resolution for this issue. For more information, see New High Availability Features in Exchange 2007 SP1.

Database and Backup Issues

Using ESENT APIs to Extract Data from Exchange 2007 Databases Is Not Supported

Issue To extract data from or to modify Exchange database files, some third-party applications use generic Extensible Storage Engine (ESE) application programming interfaces (APIs). Or, these applications reverse engineer database schema and semantics. ESE refers generically to any of the several versions of the Extensible Storage Engine. However, Microsoft does not support these tools for Exchange 2007 databases.

Cause The version of ESE that is used by Exchange differs significantly from ESENT. Microsoft does not publish APIs for the Exchange version of ESE. Additionally, Microsoft does not recommend the use of ESENT APIs with an Exchange database. The use of ESENT APIs with an Exchange database may cause irreversible damage that makes the database incompatible with the version of ESE that is used by Exchange. The only mode of access through published ESENT APIs that is guaranteed not to make any changes to the database is Read-Only access into a Clean-Shutdown state database.

Resolution To work around this issue, use a Microsoft-supported interface to extract data from or to modify an Exchange database. These interfaces include the following:

  • Client protocols and APIs that interact with the Microsoft Exchange Information Store process. These protocols include MAPI, POP3, Internet Message Access Protocol (IMAP), Collaboration Data Objects (CDO), WEB Distributed Authoring and Versioning (WebDAV), and the Microsoft online streaming backup and Visual Source Safe (VSS) backup APIs.

  • Utilities, such as the Eseutil.exe and Isinteg.exe utilities, that were created by Microsoft for the purpose of analyzing, repairing, or recovering an Exchange database.

For more information, see Microsoft Knowledge Base article 904845, Microsoft support policy for third-party products that modify or extract Exchange database contents.

You Cannot Compress Exchange Transaction Log Files

Issue You may want to use compressed folders to store transaction log files to save hard disk drive space. However, Microsoft does not support compressing log files or database files.

Cause As a best practice, we strongly recommend that you do not compress Exchange log files. Although we have not determined that compression corrupts log files, we have seen cases in which compressed log files have been damaged. Also, transaction log file replay times may increase when you compress the log files.

Note

We also strongly recommend against compressing Exchange database files.

Resolution To work around this issue, if you must compress logs to resolve a full disk situation, do not compress any of the following log files:

  • The current log file

  • The reserve log files

  • The *temp.log file, if it exists

Because compressing log files is not supported, we recommend that you move the files to another location instead of compressing them. For more information, see the Exchange Server Team Blog article More on Exchange logs.

Note

The content of each blog and its URL are subject to change without notice. The content within each blog is provided "AS IS" with no warranties, and confers no rights. Use of included script samples or code is subject to the terms specified in the Microsoft Terms of Use.

Clustering and Network Load Balancing Issues

You Cannot Use the Forefront Server Security Management Console to Manage Forefront Server Security for Exchange on an Exchange 2007 Single Copy Cluster (SCC)

Issue You cannot use the Microsoft Forefront Server Security Management Console (FSSMC) to manage a Forefront Server Security for Exchange installation in a Exchange 2007 Single Copy Cluster (SCC) configuration.

Resolution Currently, there is no resolution for this issue. This practice is not supported.

The Hub Transport Server Role Is Not Supported in a Cluster or NLB Configuration for the Purposes of Exchange Server Authentication

Issue When a computer that is running the Hub Transport server role is configured for Exchange server authentication among Hub Transport servers, you may experience host name lookup failures during certificate validation operations.

Cause This issue may occur if the Hub Transport server is running in a Network Load Balancing (NLB) configuration. The Hub Transport server role is not supported in a cluster or in a NLB configuration for the purposes of Exchange server authentication.

Resolution If the Exchange server is running in an NLB environment, a fully qualified domain name (FQDN) may be added unexpectedly during the certificate validation process. If you notice an unexpected domain, check the NLB configuration to see whether the unexpected domain is configured there. If the NLB configuration contains an unexpected FQDN, modify the NLB configuration so that it does not cause the certificate validation to fail. For more information about this issue, search for event ID 2019 in the Events and Errors Message Center.

The Client Access Server Role Is Not Supported on a Server Cluster

Issue The Client Access server role supports client applications for Outlook Web Access, Outlook Anywhere, Microsoft Entourage 2004 and Entourage 2008 for Mac, and Exchange ActiveSync. You must have at least one Client Access server in an Exchange 2007 organization. However, you cannot deploy a Client Access server in a clustered environment.

Cause You cannot install the Client Access server role on a computer that is a member of a server cluster. Additionally, installation of a Client Access server in a perimeter network is not supported.

Resolution To work around this issue, install the Client Access server role on a member server in the internal network. You can install the Client Access server role on an Exchange 2007 computer that is running any other server role except for the Edge Transport server role. For more information, see Planning for Client Access Servers.

Network Adapter Teaming Is Not Supported on the Private Interface of a Server Cluster

Issue You may want to install Exchange 2007 on a server cluster. In this situation, you must carefully consider how the cluster is configured. This is because Microsoft does not support using teaming network adapters on the private interfaces of a server cluster.

Cause The use of teaming on the private interconnect of a server cluster is not supported because of delays that could possibly occur in the transmission and receipt of heartbeat packets between the nodes.

Resolution To enable redundancy for the private interconnect, we recommend that you disable teaming on the private interface, and then use the available ports to form a second private interconnect. For more information, see Microsoft Knowledge Base article 254101, Network adapter teaming and server clustering.

You Cannot Install Exchange 2007 on a Domain Controller That Is Configured as a Cluster Node

Issue We strongly recommend that you do not install Exchange 2007 on a domain controller that is configured as a member of a server cluster. This includes third-party clustering solutions as well as Microsoft clustering solutions.

Cause During typical operation, Exchange is intended to run without problems on identically configured cluster nodes where each node is configured as a domain controller or as a global catalog server. However, if a problem occusr, this configuration can greatly limit the ability to troubleshoot or to correct problems without disrupting critical domain communications. Therefore, we do not support the use of Exchange on cluster node computers that are also configured as domain controllers.

Resolution To work around this issue, install Exchange 2007 on member servers that are configured as cluster nodes. For more information, see Microsoft Knowledge Base article 898634, Active Directory domain controllers are not supported as Exchange Server cluster nodes.

Exchange 2007 SP1 Cannot Be Installed on Windows Server 2008 Cluster Nodes That Are Members of Different Active Directory Sites

Issue When Exchange 2007 SP1 is installed on a Windows Server 2008-based failover cluster, the cluster nodes cannot be members of different Active Directory sites.

Resolution To work around this issue, deploy redundant Exchange servers in a single Active Directory site. For more information about how to deploy Exchange in a clustered configuration, see Site Resilience Configurations.

Exchange 2007 Cluster Continuous Replication Does Not Support Using the Distributed File System to Share the File Share Witness

Issue When you configure Exchange 2007 Cluster Continuous Replication (CCR), you may want to use the Distributed File System (DFS) to host the file share for the File Share witness. However, using DFS to host the File Share witness is not supported.

Resolution To work around this issue, host the File Share witness on any computer other than the computers running the Exchange CCR nodes. We recommend that you use a Hub Transport server in the same Active Directory site as the clustered Mailbox server to host the file share. For more information about how to deploy Exchange in a clustered configuration, see Cluster Continuous Replication.

Kerberos authentication for Client Access Servers in a Windows Network Load Balance cluster is not supported

Issue When you configure Exchange Server 2007 Client Access Servers in a Windows Network Load Balance cluster, Kerberos authentication to the CAS servers is not supported.

To work around this issue, use one of the following methods:

  • Use a Microsoft Internet Security and Acceleration Server server farm instead of NLB for the Exchange 2007 CAS servers. This provides an additional advantage because ISA can verify the availability of the nodes on the application level. For example, when NLB issues an HTTPS request to the /owa or /ews directory. it checks for availability only on the network level. However, this would also mean that you need to reconfigure your environment to use an ISA farm instead of NLB. You also must make sure that internal requests to the Microsoft Exchange Web Services virtual directory pass through the ISA server. Additionally, if the ISA servers are configured in a high availability solution, this scenario does not work. An ISA server farm is an example of a high availability solution.

  • For applications that require Kerberos authentication, use only one of the CAS node names instead of the Network Load Balance cluster name when you connect. This will allow Kerberos authentication. However, there will be no high availability.

  • If possible, use NTLM instead of Kerberos for authentication.

    Note

    You cannot work around this issue by changing the identity of the Application Pools that are used by Exchange. For more information, see An application pool is running under an incorrect identity.

Note

This issue also applies to Kerberos Constrained Delegation (KCD).