Microsoft’s Trustworthy Computing Policy states that customers should be able to rely on the availability and security of Microsoft products. In keeping with this policy, the company has recently released the third service pack for its popular Microsoft Exchange 2000 product. As you'll see, Exchange 2000 Service Pack 3 (SP3) contains numerous fixes and behavioral enhancements for Exchange 2000.
Like most of Microsoft’s service packs, Exchange 2000 SP3 is general purpose and cumulative. It does not require the installation of Exchange SP1 or SP2 since it incorporates all the fixes contained in those releases. Exchange 2000 SP3 does require the installation of Exchange 2000 on Windows 2000 Server. It also requires that Windows 2000 Service Pack 2 be installed.
In addition, the release of Windows 2000 SP3—which closely coincided with the Exchange 2000 SP3 release—is not only supported but highly recommended, as the combination of the two service packs increases security and reliability. In particular, the duo resolves a potential NDR problem related to an Exchange 2000 server querying a Global Catalog server that does not contain a complete copy of the Global Catalog (see Q304403).
Individuals installing Exchange 2000 SP3 must now have Exchange Full Administrator rights for the administrative group of the server being upgraded. This is a change from previous Exchange service packs that required only Exchange Administrator rights. If you don't have these rights, you will be notified at the beginning of the installation. If you're running Microsoft Exchange 2000 Conferencing Server, this service pack is not for you. Microsoft will be releasing a separate rollup fix just for Exchange 2000 Conferencing Server.
The good news is that organizations running a multirole Windows server (one that runs services other than Exchange) will not necessarily have to reboot following the installation of Exchange SP3. I say necessarily, because it depends on the method of installation and what programs are running. Using Terminal Services to install Exchange 2000 SP3 will definitely require a restart. Third-party software like antivirus or e-mail filtering will likely have DLL files used by Exchange locked or open. To reduce your chance of requiring a reboot, these programs should be stopped if possible.
The order in which you install Exchange 2000 service packs is the same as with previous service packs. Upgrade Exchange 2000 Active Directory Connector servers first, followed by front-end servers and then back-end servers. All bridgehead servers should have SP3 installed at relatively the same time to avoid bridgehead conflicts.
Finally, upgrade systems are running just the Enterprise Systems Manager (ESM) so you don't lose management functionality. Servers running Exchange 2000 SP3 can fully coexist with servers running Exchange 5.5, Exchange 2000, Exchange 2000 SP1, and Exchange 2000 SP2. However, you can't use an Exchange 2000, Exchange 2000 SP1, or Exchange 2000 SP2 front-end server to access an Exchange 2000 SP3 back-end server. The setup program ensures that front-end servers are upgraded to SP3 before back-end mailbox servers.
After installation, it is not possible to remove Exchange 2000 SP3. If you need to back out of the SP3 upgrade and revert to the original release of Exchange 2000, you must restore the original system state, file system, transaction log files, and databases. If you attempt to restore an SP2 database and log file set to an SP3 server, the database is automatically upgraded before it is mounted. However, if you attempt to restore a database that is older than Exchange 2000 SP2, the upgrade will fail.
When you apply SP3 to a server, the databases are upgraded to a newer version. For this reason, you should immediately back up your server after applying SP3. You should also perform a test run of your Exchange 2000 deployment strategy on a test network.
For large organizations with several Exchange servers, Microsoft's Exchange 2000 Deployment Guide is a must-read. This technical paper presents the best practices for deploying Microsoft Exchange 2000 Service Pack 3 and provides real-world tips for deployment.
If you want to verify that your Exchange 2000 server is running Service Pack 3, go to Exchange System Manager, click Servers, and check to see that the build stamp shows the server running build 6249.4.
Major fixes and enhancements
Microsoft has learned from past experience that integrating additional features in service packs can be dangerous. Good or bad, the folks at Redmond followed the safe approach and did not introduce any new features with SP3. However, it did implement a number of security and permissions changes. Microsoft refers to this new security approach as a Security and Permission Sweep.
All told, Exchange 2000 SP3 includes more than a 150 fixes and enhancements. I've outlined some of the most notable ones below. This short list is meant to give you an idea of the types of changes you can expect to see. You can refer to Microsoft Knowledge Base article Q311456 for the complete list.
Microsoft .NET support
SP3 enables you to have Exchange 2000 servers in Active Directory domains running Windows .NET DCs/GCs. But Exchange 2000 is still not supported on a Windows .NET server. This includes the ESM.
Global Catalog caching
Microsoft says that it has experienced a 15 to 20 percent reduction in Global Catalog load after the installation of Service Pack 3. This is made possible because of changes in the caching frequency of Exchange when querying a GC server, as well as changes in the way it requests the information.
Virtual memory fragmentation (Event 9582)
A heavily loaded Exchange 2000 server may generate 9582 Events or suffer performance problems as memory becomes fragmented. To help avoid such fragmentation, this fix changes the method by which memory is allocated at startup. Problems with 9582 fragmentation errors are virtually eliminated. See Microsoft Knowledge Base article Q324118.
Malformed mail attribute exhausts CPU resources
According to Microsoft Knowledge Base article Q320436: "A denial of service (DoS) vulnerability exists in Microsoft Exchange 2000 Server. A hacker who can successfully connect to an Exchange 2000 server and pass raw, hand-crafted mail messages directly to that server can exploit this vulnerability and cause the system to become unresponsive." SP3 resolves this problem.
System Attendant crashes
If all the domain controllers in a local site shut down, and the number of failover Global Catalog servers is less than the number of local Global Catalog servers, DSProxy could crash. SP3 contains a fix that stops the System Attendant process (Mad.exe) from crashing as well. See Microsoft Knowledge Base article Q318067.
Memory leak in Information Store degrades performance
According to Microsoft Knowledge Base article Q322125: "Over time, an Exchange 2000 server that is part of a mixed Exchange 5.5 and Exchange 2000 environment may gradually become unresponsive. Clients may also report an overall reduction in mail system performance. Exchange System Manager may not be able to connect the Information Store service and may display the database as offline."
IS does not respond to RPC requests
According to Microsoft Knowledge Base article Q322124: "The Information Store can cause undue memory pressure to a system that has a large number of users. This causes performance issues for Messaging Application Program Interface (MAPI) and non-MAPI users. In extreme cases, the Information Store may not respond to remote procedure call (RPC) requests."
Exchange 2000 Service Pack 3 (SP3) is a cumulative service pack that provides interoperability with Windows .NET Server domain controllers, fixes a number of customer-reported issues, and provides security updates based on the Microsoft Trustworthy Computing initiative. The service pack is essential for most Exchange 2000 installations. You can download it here.