If you're like most IT departments or consulting firms, you've spent the last few weeks making sure everything is patched in time for Daylight Saving Time (DST) 2007. At first glance, my consulting firm thought it wouldn't be difficult to get all our clients' systems patched, but for such a simple change, it's been quite challenging. Here's a summary of what we had to do for our clients to get them prepared for the DST change. You can still apply the patches outlined here, which will prevent some headaches when the time changes again in November. If you don't patch your systems, you'll have to deal with this issue twice a year from now on. Also, there might be some items in the list that you weren't aware needed patching.
- Patch server OS. As a general rule, you should patch the servers first. If you're running Windows Server 2003 you can push out the patch, you can download at http://support.microsoft.com/kb/931836/en-us with Windows Server Update Services (WSUS), although for the servers, we preferred updating them manually. If you're running Windows 2000 Server you have to manually run the TZEdit tool, which is available here. Although the tech note indicates you can push out this change with a Group Policy Object (GPO), we couldn't get it to work on a consistent basis. When manually patching Win2K Server, make sure all users are logged off the server before you switch the server to a different time zone and back to the original time zone. If users are connected to the server when you make the time change, there is a chance they will get disconnected from the server, lose data, and corrupt files.
- Patch workstation OS. After you've patched the servers, make sure all your workstations have the patch. For XP you can install the time zone update available here. For Win2K computers, you need to run TZEdit.exe.
- Run the Exchange Calendar Update Tool. After you install the DST patch on your workstations, you probably noticed that any appointment scheduled between March 11, 2007 and April 1, 2007, is one hour later than it should be. Microsoft released the Exchange Calendar Update Tool, which you can download here. This tool will fix appointment times, although we've had mixed results using this tool. Here's a summary of the steps required to run the Exchange tool:
a. Get a good backup of Exchange. Don't skip this step. At one client, the update tools deleted all the recurring appointments on a CEO's schedule.
b. Create a dummy user. Although Microsoft provides a script that's supposed to grant the necessary rights to an existing user to run the Exchange tool, we could not get it to properly work. We decided to set up a dummy user account and grant the rights manually, run the tool, then delete the user after the updates were completed. Assuming the account is called calupd, complete the following instructions:
- Create the account calupd in Active Directory User and Computers.
- Create a mailbox for calupd on one of your Exchange Servers.
- Grant Full Control of the domain to calupd. Start Active Directory Users and Computers (make sure Advanced Features is enabled by clicking on the View Menu and selecting Advanced Features) right-click the domain, select Properties. Click the Security Tab, select Add, calupd. Click Full Control, and click OK.
- Using Exchange System Manager (ESM), Grant Full Exchange Administrator rights to calupd.
- Using the ESM, grant full rights to the calupd account on each Exchange server.
- On the workstation where you'll run the tool, make calupd a member of the Local Administrators Group.
c. Identify a workstation to run the tool. Install TZMove.exe, the TZMove Update file (KB933146), and MsExTmz.msi. The workstation must have Microsoft Office Outlook 2003 or Outlook 2007 and the .Net Framework 2.0 installed on it.
d. Configure an Outlook profile for calupd. Log in as calupd and create an Outlook Profile for calupd. Make sure that Outlook does not prompt for a profile when it starts.
e. Run c:\program files\MsExTmz\MsExTmzCfg.exe. This will extract the time zones for all users on the selected Exchange Server. The default path for tzmove.exe is c:\program files\Microsoft Office\Office12\Office Outlook Time Zone Data Update Tool\tzmove.exe.
f. Open c:\Program Files\MsExTmz\
\NonExistent.txt. Copy the entries from this file and paste it into c:\Program Files\MsExTmz\ \mailboxes_1.txt. Delete all the system mailbox entries. Place your cursor at the end of the user's mailbox information that has a server and time zone and press Shift+End, then Ctrl+C to copy the server and time zone information. Then go to the first mailbox that is missing the time zone information, go to the end of the line and press Ctrl+V to paste the server and time zone information for the user. Paste the server and time zone information for each remaining user that does not have this information. This is a tab-delimited file, so if you don't copy from an existing line that has the tabs, you will receive errors when you run the MsExTmz_1.bat file. If the server has users located in different time zones, make sure to place each user's mailbox in the correct time zone by manually editing the time zone.
g. Edit MSExTmz_1.ini. Optionally, edit this file to change any command-line parameters. Depending on when you patched the Exchange Server, you may want to add the command switch /onlycreatedprepatch to the CommandLine value in the MSExTmz_1.ini file.
h. Run MsExTmz_1.bat. Check the errors.txt file for any errors. After you run the tool, check appointments between March 11, 2007 and April 1, 2007 and verify that the tool updated the times correctly. If the times are correct, you can remove all of the rights granted to calupd and delete the account.
- Patch Exchange 2003. The Exchange patch only addresses issues with Collaboration Data Object (CDO) applications (e.g., Outlook Web Access--OAW--or Blackberry Enterprise Server). The OS patch handles all of the other Exchange time-related issues. There is a patch available for Exchange 2000, but Microsoft is charging $4,000 for the patch. For our clients that are still on Exchange 2000, we suggested that they stay on Exchange 2000, avoid scheduling items with OWA between March 11, 2007 and April 1, 2007, and upgrade to Exchange 2007 as soon as possible. If you're running Blackberry Enterprise Server, there is a Send As tool that should be run before you install the Exchange Patch. Alternatively, you can grant the Send As right at the Domain Level by following the instructions in http://support.microsoft.com/kb/912918/en-us. Even with this tool, you may experience difficulty sending messages from a Blackberry Device (BES) after you install the Exchange patch. This is because the KB926666 patch changes the behavior of store.exe. The BES account (typically BESAdmin) requires Send As/Receive As rights for all Blackberry users' mailboxes. With the Exchange patch there is a background process that checks for these rights and revokes the Send As right for any user that belongs to a group that has elevated privileges like Domain Admins or by a GPO that's assigned to a group of users or organizational unit (OU). Another symptom of this issue is when you manually grant the Send As/Receive As to the BESAdmin account and the rights disappear after an hour or so. The quick fix is to remove these Blackberry users from these groups/GPOs and reassign the Send As/Receive As rights to BESAdmin. After that, the user should be able to send from their Blackberry devices again.
- Patch Sharepoint 2003. If you're running Windows Sharepoint Services 2.0 or Sharepoint Portal Server 2003, you must install the patch located here.
- Patch firewalls. Many firewall vendors (SonicWALL, Watchguard, Cisco Systems) have released firmware updates or instructions on how to prepare for DST 2007. Check with your firewall vendor to see if your firewall requires a patch.
- Patch SQL Server 2005/2000 machines running Notification services. If you're running SQL Server with Notification Services you must install the patch located here.
- Update firmware on Windows Mobile Devices. Windows Mobile Devices require the patch located here
- Update firmware on Blackberry Devices. If you have a Blackberry, you must install a patch located here.
- Restore Missing Recurring Appointments with Exchange 2003. If the Exchange Calendar Update Tool happens to delete any recurring appointment information, you can recover it by restoring the Exchange Information Store to a Recovery Storage Group (RSG). For more information on RSG restores refer to http://www.windowsitpro.com/Article/ArticleID/48878/48878.html. After you get the mailbox copied to a pst file, you can use Outlook to extract the recurring appointment information.
a. In Outlook, open the .pst, and click the Calendar. Click Tools, Find, Advanced Find.
b. Click the Advanced tab.
c. Click the Field tab, All Appointment Fields, Recurring.
d. In the Condition Field, select equals.
e. In the Value Field, select Yes. f. Select Add to List. g. Click Find Now. h. Outlook should display all the recurring appointments.
Of course the updates for each company will vary. Any device that has a clock might require an update. Happy DST 2007 updating!
Tip – Double check the time zone on your Windows Mobile Device
If you have a Windows Mobile device or Windows smart phone and use Verizon Wireless as your carrier, check the time zone on your phone. After the time change on March 11, we noticed that the time zone was incorrect on our Palm 700w phones. We're in the Pacific Time zone, but all our phones were in the Arizona Time zone. It appears as though the Verizon Wireless Network is delivering the incorrect time zone to Windows Mobile devices. To disable the Verizon network from setting your phone to the wrong time zone, remove the battery from your phone and clear the Use Network Time Zone checkbox when the phone reboots. This problem happened with our phones and some of our clients' phones. To check the time zone on the phone, Select Start, Settings, System Tab and click Clock & Alarms. Verify your phone is in the correct time zone. If it is not, select the correct time zone from the drop down list box and click Ok. If your mobile device is in the wrong time zone and you schedule an appointment using the device, it may start one hour later than the correct time.