Exchange 2013 RTM CU2 (improved version) and the new Office 365 FastTrack methodology

That public folder permissions bug in Exchange 2013 RTM CU2 proved to be trickier than we all imagined when Microsoft first reported it on July 12. So much so that Microsoft has had to reissue a new build of Exchange 2013 RTM CU2. Which means that we have to reinstall CU2 on every server on which it runs, else the servers won't be supported. In other news, Office 365 has a new FastTrack on-boarding methodology that it hopes will accelerate progress in migration projects. The PowerPoint slides look very nice. We just have to wait to see how it works in practice.

As everyone knows, Microsoft released Exchange 2013 RTM CU2 on July 9. Three days afterward, Microsoft discovered a public folder permissions bug that forced them to say that they’d have to release an individual update (IU) to fix the problem. Now, Microsoft has decided that the permissions bug is severe enough that an IU won’t do the job and has instead released a completely new version of Exchange 2013 RTM CU2. For those who care about these things, the build number changes from 712.22 to 712.24 and the new software is available for download (KB2859928).

Clearly a permission problem is a serious matter. You can, after all, disclose confidential information to people if you get permissions wrong. People make mistakes with permissions all the time; this is the cut and thrust of operations. Software making mistakes is a different matter because you might not realize that an information hole has opened up. Indeed, the nature of software is that it can make more mistakes more quickly than any human being can. So getting permissions right is important and clearly Microsoft believes that it is important enough for them to re-release CU2.

The downside is that you have to reinstall CU2 on every server following the same procedure as you use to install any cumulative update. Why? First, if you don’t, then Microsoft will force you to do so if you hit another bug. The Exchange 2013 servicing model means that support is only provided if you run the latest available software. Second, any future security updates issued by Microsoft will only install properly on servers running 712.24. Given that CU2 has only been available for twenty or so days, I cannot imagine that it has been widely deployed into production, so the real impact is on labs and other evaluation environments.

I think that reissuing CU2 is the right course of action. Reinstalling is a royal pain in the rear end but it has the major benefit of laying down a new version of Exchange using a well-tried and tested installation process. The same might not be true of IUs. At least, I don’t have the same degree of confidence in installing a patch than I do when I run an upgrade installation.

Moving on to other things, I hear reports from the recent Microsoft’s Worldwide Partner Conference (WPC) that the Office 365 team is frustrated at their inability to onboard customers as fast as they’d like. The new approach is called “FastTrack” and is intended to accelerate the adoption of Office 365 by providing customers with a three-point framework for migration. Apparently partners have spent far too much time planning and not enjoy time deploying, so the new story is:

  1. Run a pilot of 10-250 users by creating new Office 365 accounts in a new tenant domain. Users migrate their own data to Exchange Online via PSTs.
  2. Deploy DirSync and exploit its new ability to synchronize hashed passwords with Azure Active Directory to allow people to use the same credentials for on-premises and cloud services. This avoids the need to deploy Active Directory Federation Services on-premises. An idFix tool is used to identify and resolve problems in the on-premises Active Directory before migration commences. Mailbox migration is accomplished with a hybrid Exchange configuration based on deploying an Exchange 2010 SP3 or Exchange 2013 server on-premises. Alternatively, other migration tools like Binary Tree’s E2EComplete can be used.
  3. The “Enhance” stage then kicks in to add Lync and SharePoint and perhaps a more comprehensive single sign-on capability.

This simplified methodology doesn’t include any silver bullets. You still have to do the hard work of reconfiguring network connections to allow user traffic to flow freely to Office 365; migration of mailboxes will still be a pain and probably take longer than you think; setting up a hybrid configuration is still complex; and ongoing directory synchronization has many twists and turns. However, what FastTrack does deliver is the ability for an Office 365 pilot to start with a small group and evolve reasonably quickly through a set of logical steps. It will be interesting to see how well accepted it is in real life. Plans, after all, have a nasty habit of becoming entangled very soon after they transition from PowerPoint to real work.

Follow Tony @12Knocksinna

Discuss this Blog Entry 9

on Jul 30, 2013

Another example ... this is not a trivial bug as you have mentioned. Out of curiosity was there anything in original CU that would fast track it into production in your opinion ?
As far as Office365 push in my opinion this will intensify. I would focus on anyone running old versions of Exchange, but I have not seen any tools or methodology from MS. Those on prem customers are most likely to look for alternatives.

on Jul 30, 2013

@keruzam, you seem to have a general down on Exchange and anything Microsoft produces. Do you work for Google? In any case, you have to put bugs into context. Yes, it's a permissions bug and that's bad, but given the relatively small number of customers who have put modern public folders into production, I think that the bug will not have a serious impact. If this happened in a year or so when people have had a chance to deploy modern public folders, the consequences and impact would have been much more serious. TR

on Jul 30, 2013

@Tim_IT, it would be interesting to see the data that you use to make the assessment that "many.. projects such as Office 365 have been cancelled". Some have been cancelled due to PRISM, some slowed, but I don't see "many", simply because the economics of using a cloud service like Office 365 are so compelling, especially if you are running an outdated Exchange 2003 server and don't have the budget, time, or expertise to perform a migration to Exchange 2010 or 2013. TR

on Jul 31, 2013

Disregard. This is comment spam.

on Jul 31, 2013

I have to agree with Tony. I think that some migrations were canceled in the heat of the moment.
Having cloud service working flawlessly would be a great benefit to both customers and MS. No middle man so MS gets more and customers get more. If MS can improve the experience soon they will win.
On the other hand if Google would be less stubborn with proper integration of their cloud and MS Office apps we will really have alternatives. This can only benefit customers.

on Jul 30, 2013

Tony - I don't work for Google (yet :)) ...
As far as "down" ... well I do and I don't.
They can do better Tony and I hope they will ... I really do.

on Jul 30, 2013

@keruzam, everyone can do better. The point is that we should condemn Microsoft when they make a bad decision or issue code that has a really bad effect on end users. In this case, they took the right decision and put their hands up very quickly to tell people that an issue existed, and then they issued a comprehensive fix after they tested the problem. So that's good. And on the other point, there is no evidence that the problem had a huge impact on the installed base. Don't worry - I am not slow at saying when things have been done badly; some would say that I do this too often. I just think that in this case the issue was handled as well as it could have been.

on Jul 30, 2013

@Tim_IT, I don't know if I buy the statement that the economy is not relevant to companies. Certainly, if a company can get a better email service from Office 365 at a reduced cost than they can provide internally, then it is in their interest to seriously consider that approach. And if they are a U.S. company, they come under the aegis of the Patriot Act anyway, so PRISM is kind of a non-event in some respects. I can certainly accept that some consulting companies have seen a reduction in Office 365 projects, but my guess is that over the long term this will prove to be a blip. And I am not sure that you can compare a couple of VMs to Office 365, even if the most talented AD/Exchange/Lync/BES/etc. consultant is available...

on Aug 8, 2013

I think NSA PRISM is a major event for US-Based companies. We (in US) never had documentations that showed us about a program that has direct access to Public Cloud servers.

Please or Register to post comments.

What's Tony Redmond's Exchange Unwashed Blog?

On-premises and cloud-based Microsoft Exchange Server and all the associated technology that runs alongside Microsoft's enterprise messaging server.


Tony Redmond

Tony Redmond is a senior contributing editor for Windows IT Pro. His latest books are Office 365 for Exchange Professionals (eBook, May 2015) and Microsoft Exchange Server 2013 Inside Out: Mailbox...
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×