Exchange 2013 SP1 is out! And now?
Yesterday the Exchange Team finally released Exchange 2013 Service Pack 1 (SP1). And even as promised within early 2014! Nothing like a major release to get those blog writing blocks lifted .
Download SP1 here and see their blog here. Be sure to check out the release notes and the What’s New page.
So, what now? Hopefully many of you have installed previous Cumulative Updates (CU). But even if you haven’t (although I hope you’re not still stuck with CU1 or Zeus forbid RTM), you could right away install SP1 on top of your Exchange 2013 servers without installing previous intermediate cumulative updates (the name really is a clear hint isn’t it?). And although this update is called Service Pack 1, it’s technically Cumulative Update 4.
Can we expect some new features? Sure! Let’s take a closer look to some of the features:
- Windows Server 2012 R2 Support
Now we can install Exchange 2013 SP1 directly on Windows Server 2012 R2. Not only that, it is now also supported to have 2012R2 domain controllers and a 2012R2 Forest Functional level. But remember: in-place upgrade from 2012 RTM to 2012 R2 when Exchange is installed is not supported (way way back with Exchange 2000 and 2003 was the last time that was possible). If you want 2013 SP1 on 2012R2 you need to re-install it. When you do that, also remember that Exchange servers in a DAG (Database Availability Group) should be of the same Windows OS (even if Exchange 2013 can support different builds within a DAG).
- Edge Transport Servers
Back again! This is not something I was very eager for, I haven’t installed much Edge transport servers with 2007 and 2010. But if you had one of those, now you can upgrade it so all Exchange servers can be a 2013 build.
- Junk Email Reporting in OWA
OWA (Outlook Web App) users can now report junk mail or false positives in OWA and the Microsoft Spam Analysis Team will analyze and take action accordingly. You will only benefit from this if you use Exchange Online Protection with your on-premises Exchange 2013 SP1 servers. I do wonder whether this information is also used by SafeList aggregation.
- S/MIME for Message Signing and Encryption
Never had the pleasure of implementing this security feature, but now the world is becoming more conscience about prying eyes I think it is a welcome addition. However, I think that Office 365 Message Encryption is more admin and user friendly (sender and receiver) but not all organizations can implement that (due legal restrictions etc.). Still only for Internet Explorer though…
- Data loss prevention (DLP) improvements
There are several improvements, most visible is the inclusion of Policy Tips in OWA and OWA for Devices which was a important downside IMHO. Document Fingerprinting is also an interesting addition.
- AD FS claims-based authentication with OWA and EAC
Now multi-factor authentication solutions for OWA and EAC (Exchange Admin Center) are possible due to the integration with Active Directory Federated Services (AD FS). However, this is only possible with Exchange 2013 SP1 servers, no co-existence is possible even with Exchange 2013 RTM.
- SSL Offloading in Exchange 2013
Finally official support for SSL offloading on all virtual directories. Especially those with Load Balancers with encryption accelerators will be happy, although if you use Content Switching in your load balancer (see my or Michael van Horenbeecks excellent post) it is also a very welcome addition! Unfortunately, configuration is not possible via EAC or EMS (Exchange Management Shell). You need to use appcmd, except for Outlook Anywhere (Set-OutlookAnywhere) and Mailbox Replication Proxy (MRSProxy, for cross-forest mailbox moves. It has no offloading, you need to use SSL Bridging).
- DAG without an administrative access point, Dynamic Quorum/Witness
Tired of creating CNO’s by hand? Do you also forget to provide a static IP to you DAG? Well, that’s over now with Exchange 2013 SP1 on Window Server 2012R2. There are also some other improvements due to enhancements made in 2012R2. If you have a DAG with 2013, be sure to check out Scott Schnoll’s excellent post about the changes.
- MAPI over HTTP
A new communication protocol designed for this new (mobile) age. Even though Outlook Anywhere has got us this far, it’s an old protocol designed to work around downsides of the RPC protocol. It’s not enabled per default and for now only Outlook 2013 Service Pack 1 supports it. Check out Tony Redmond’s very clear and informative post about this new change and why you might want to enable it. I hope that Outlook 2013 RT on my Surface RT will support it
- Command Logging
Not to be confused with Audit Logging. In Exchange 2010 you had a very educational and helpful (documentation) feature in the EMC, a PowerShell preview in which you could see, learn and copy cmdlets and one-liners. Unfortunately with the introduction with the web based EAC, that feature was gone. Although it’s not a preview, this Command Logging is still a welcome addition. See a post about it from Jaap Wesselius and Jetze Mellema (dutch).
Seeing this list of new features, it’s easy to forget there are also bug fixes. See a list here. I won’t go into them, but I have encountered some issues that are now resolved. Pfffeeuw
You might be very eager to install it right away, but I would take the path of caution. It’s still possible some nasty bugs are present in SP1, even though the Exchange Team has undoubtedly done is best to prevent those. But it has happened. So, I tend to wait for about two weeks and keep watching the blogosphere. When possible I also use that time to test SP1 in a lab environment, preferable as close as production environment as possible.
So, ready to install? What do you need to know? Basically it’s the same as with every 2013 CU. As always, check out the Release Notes there is helpful information present. I’ll highlight some of the most important gotcha’s below.
With this update, an Active Directory Schema Update is required. Plan this accordingly, especially if you have separate responsibilities.
Unfortunately the web.config files are still overwritten (insert sigh). So if you have customized them, which is the case when you have Lync IM integration in OWA, you need to re-apply those changes after updating Exchange. Do NOT reuse the previous configuration file, as with each update there are also crucial additions which otherwise would be lost. Edit the new configuration file.
Don’t forget to update (non US) UM Language files if you are using UM. You’ll probably triggered while trying to install SP1 as it prompts to remove them to continue. But still better to be prepared. Download the necessary Exchange 2013 SP1 Language UM files here.
Please note that mail flow can be “broken” after SP1 installation. You can restart the Microsoft Exchange Frontend Transport service, but I feel more confortable to restart the server after a CU or in this case SP1 installation. For more information about this issue see the posts from Paul Cunningham and Michel de Rooij.
When you are finished with the Exchange bit, don’t forget to update Office 2013 to SP1 (for MAPI over HTTP) and Office Web Apps Server 2013 with it’s SP1 if (when) you use it with the Exchange 2013 OWA Web Preview. The same goes for SharePoint Server 2013 which also saw it’s SP1 released, although I haven’t seen any changes regarding Site Mailboxes. Be sure to check this blog post of the Microsoft Office Sustained Engineering Team with all the Office updates and links.
In a related note; Microsoft also released Exchange 2007SP3 RU13 and 2010SP3 RU5. For 2007SP3RU13 it’s a minor fix mentioned in KB2917522 (Edge 2007 publishing issue with Exchange 2010). The list for 2010SP3RU5 is a bit longer as listed in KB2917508.
Download Exchange 2013 Service Pack 1 (SP1)
Download Exchange 2013 Service Pack 1 (SP1) UM Language Packs
Download the Microsoft Office 2013 SP1 32-bit package
Download the Microsoft Office 2013 SP1 64-bit package
Download SharePoint Server 2013 Service Pack 1 (SP1)
Download Office Web Apps Server 2013 Service Pack 1