Exchange Server 5.5 has been available since November 1997. It's stable and robust, and administrators understand its quirks. However, service packs are part of keeping a messaging infrastructure running, and now with the release of Service Pack 4 (SP4) for Exchange Server 5.5, systems administrators must decide whether to apply this Microsoft update.
From discussions at the recent Exchange conferences in Dallas and Nice, I gather that many companies are going through the process of Active Directory (AD) planning now with the intention of deploying Exchange 2000 Server later. Therefore, you must keep Exchange Server 5.5 servers running as smoothly as possible while you plan for the eventual migration.
Exchange Server 5.5 SP1 appeared soon after the release to manufacturing (RTM) version and included message journaling. SP2 came about 6 months later with a wide range of bug fixes. SP3 added features such as the Mailbox Manager and the Move Server Wizard. SP3 also incorporated several enhancements (e.g., support for paged results) for Lightweight Directory Access Protocol (LDAP) to help smooth synchronization with AD through the Active Directory Connector (ADC). SP3, which is the release that Windows 2000 formally supports, is an important stepping-stone to Exchange 2000 because the migration path requires that you upgrade an Exchange server running on Win2K to SP3 before you can upgrade it to Exchange 2000.
Upgrade or Not?
But what should you do about SP4? Unlike its predecessors, SP4 is simply a collection of fixes for known problems and contains no new functionality. A full list of the fixes is available in the Microsoft articles "XGEN: List of Bugs Fixed in Exchange Server 5.5 Service Pack 4 (Part 1)" (http://support.microsoft.com/support/kb/articles/q274/8/32.asp) and "XGEN: List of Bugs Fixed in Exchange Server 5.5 Service Pack 4 (Part 2)" (http://support.microsoft.com/support/kb/articles/q274/8/33.asp). You can't expect Microsoft to deliver new features for Exchange Server 5.5 now because Microsoft's focus is firmly set on the new Exchange 2000 code base.
As you do with any product, you need to weigh whether the trouble you go through to install the service pack is worth the benefit gained. The most compelling reason to upgrade to SP4 is that it provides fixes for known bugs and problems. The problems range from small to very serious, including security errors. For example, a malicious user could send a message to an Exchange server to cause the Information Store (IS) service to fail when it attempts to read and process some of the formatting instructions contained in the MIME header fields on an incoming message. This bug doesn't put data at risk because an intruder can't exploit an error in MIME processing to get to messages or other information. However, someone could exploit the bug in a straightforward Denial of Service (DoS) attack, so you need to address the problem on any server that hosts the Internet Mail Service (IMS). You can find details about the bug in the Microsoft article "Microsoft Security Bulletin (MS00-082): Frequently Asked Questions" (http://www.microsoft.com/technet/security/bulletin/fq00-082.asp). SP4 includes the fix for the problem; if you decide to stay on SP3, you can obtain a patch to upgrade the IS to build number 2653.22 at http://www.microsoft.com/downloads/release.asp?releaseid=25443. This fix is cumulative and incorporates several other fixes previously made to the IS since the release of SP3. The Microsoft article "XADM: Exchange Server 5.5 Post-SP3 Information Store Fixes Available" (http://support.microsoft.com/support/kb/articles/q248/8/38.asp) explains the fixes in this patch.
Preparing for Win2K is the second obvious reason for keeping Exchange Server 5.5 up-to-date. You need only SP3 to support Win2K, so if you're running SP3 and have a stable environment with no obvious problems that require one of the fixes contained in SP4, then staying with your current software is probably fine. However, if you're running an earlier Exchange Server 5.5 service pack or an earlier Exchange version, consider moving to SP4 as soon as you can.
Installing SP4 lets you avoid the "dance of versions" with Microsoft Product Support Services (PSS), whose opening gambit for support calls often requests administrators to install the latest service pack. From PSS's perspective, this request is reasonable because the service pack might well address the reported problem. However, you can't be sure that the service pack includes the fix, and installation takes time and effort to perform.
The risk of disrupting a stable environment is the most important reason for not installing a service pack. Changing any part of the environment implies some risk because there's no guarantee that the installation will go smoothly or that your combination of software and hardware won't reveal a unique bug. For this reason, you need to test any service pack in a configuration that mimics your production environment for at least a couple of weeks before you touch a production server.
For example, since SP4's introduction, several postings to Internet mailing lists have reported that upgraded systems have had problems with the Message Transfer Agent (MTA). The MTA is at the heart of Exchange Server 5.5 (although that functionality changes in Exchange 2000); therefore, all administrators want a properly functioning MTA. Check with your local Microsoft office and other sources, such as the Internet mailing list on http://www.swynk.com, for hints, tips, and other information about potential problems that others have had with SP4 before you rush to install it.
Before you upgrade, you also need to test the interaction between third-party products and Exchange. In some instances, a product depends on a particular build of an Exchange component and won't work if the component is updated. For example, Sybari Software's Antigen antivirus product checks the build number of ese.dll when it starts up, and if the build number isn't the build that Antigen expects, the antivirus agent won't start. Sybari designed Antigen to work in conjunction with ese.dll, which contains the basic function calls for the database engine that Exchange uses; therefore, Antigen performs this check to ensure that its code works in a known configuration. You can obtain an update for Antigen from Sybari at http://www.sybari.com.
Any software installation creates some disruption for users because you must take the servers offline during the installation. Before you run Setup, you must make a full backup; you also must make a full backup of both databases and the Exchange code after Setup is complete. The backup before the installation lets you revert to a known state if you need to, and the backup afterward ensures that you've captured all changes to software configurations so that you won't have to redo work if a hardware problem occurs.
Keep Up-to-Date
In general, I favor early installation of service packs as long you perform the necessary testing and preparation. The bug fixes in SP4 are a welcome sign that Microsoft isn't going to force everyone to migrate to Exchange 2000 in a hurry. You can take your time to do the work to prepare your AD, synchronize with the ADC, and perform all the other details required to migrate, safe in the knowledge that Exchange Server 5.5 keeps the mail flowing.
