That public folder permissions bug in Exchange 2013 RTM CU2 proved to be trickier than we all imagined when Microsoft first reported it on July 12. So much so that Microsoft has had to reissue a new build of Exchange 2013 RTM CU2. Which means that we have to reinstall CU2 on every server on which it runs, else the servers won't be supported. In other news, Office 365 has a new FastTrack on-boarding methodology that it hopes will accelerate progress in migration projects. The PowerPoint slides look very nice. We just have to wait to see how it works in practice.
As everyone knows, Microsoft released Exchange 2013 RTM CU2 on July 9. Three days afterward, Microsoft discovered a public folder permissions bug that forced them to say that they’d have to release an individual update (IU) to fix the problem. Now, Microsoft has decided that the permissions bug is severe enough that an IU won’t do the job and has instead released a completely new version of Exchange 2013 RTM CU2. For those who care about these things, the build number changes from 712.22 to 712.24 and the new software is available for download (KB2859928).
Clearly a permission problem is a serious matter. You can, after all, disclose confidential information to people if you get permissions wrong. People make mistakes with permissions all the time; this is the cut and thrust of operations. Software making mistakes is a different matter because you might not realize that an information hole has opened up. Indeed, the nature of software is that it can make more mistakes more quickly than any human being can. So getting permissions right is important and clearly Microsoft believes that it is important enough for them to re-release CU2.
The downside is that you have to reinstall CU2 on every server following the same procedure as you use to install any cumulative update. Why? First, if you don’t, then Microsoft will force you to do so if you hit another bug. The servicing model means that support is only provided if you run the latest available software. Second, any future security updates issued by Microsoft will only install properly on servers running 712.24. Given that CU2 has only been available for twenty or so days, I cannot imagine that it has been widely deployed into production, so the real impact is on labs and other evaluation environments.
I think that reissuing CU2 is the right course of action. Reinstalling is a royal pain in the rear end but it has the major benefit of laying down a new version of Exchange using a well-tried and tested installation process. The same might not be true of IUs. At least, I don’t have the same degree of confidence in installing a patch than I do when I run an upgrade installation.
Moving on to other things, I hear reports from the recent Microsoft’s Worldwide Partner Conference (WPC) that the FastTrack” and is intended to accelerate the adoption of Office 365 by providing customers with a three-point framework for migration. Apparently partners have spent far too much time planning and not enjoy time deploying, so the new story is:team is frustrated at their inability to onboard customers as fast as they’d like. The new approach is called “
- Run a pilot of 10-250 users by creating new Office 365 accounts in a new tenant domain. Users migrate their own data to Exchange Online via PSTs.
- Deploy DirSync and exploit its new ability to synchronize hashed passwords with Azure Active Directory to allow people to use the same credentials for on-premises and cloud services. This avoids the need to deploy Active Directory Federation Services on-premises. An idFix tool is used to identify and resolve problems in the on-premises Active Directory before migration commences. Mailbox migration is accomplished with a hybrid Exchange configuration based on deploying an Exchange 2010 SP3 or Exchange 2013 server on-premises. Alternatively, other migration tools like Binary Tree’s E2EComplete can be used.
- The “Enhance” stage then kicks in to add Lync and SharePoint and perhaps a more comprehensive single sign-on capability.
This simplified methodology doesn’t include any silver bullets. You still have to do the hard work of reconfiguring network connections to allow user traffic to flow freely to Office 365; migration of mailboxes will still be a pain and probably take longer than you think; setting up a hybrid configuration is still complex; and ongoing directory synchronization has many twists and turns. However, what FastTrack does deliver is the ability for an Office 365 pilot to start with a small group and evolve reasonably quickly through a set of logical steps. It will be interesting to see how well accepted it is in real life. Plans, after all, have a nasty habit of becoming entangled very soon after they transition from PowerPoint to real work.
Follow Tony @12Knocksinna