Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Daylight Savings Time Patch
- Thread starter StevieM
- Start date
Do you have users sending/receiving calendar items to/from users in DST areas?
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
- Thread starter
- #3
WhoKilledKenny
MIS
Info we are getting from Microsoft support regarding Exchange 2003.
have summarised the steps below:
What is recommended sequence for applying updates ?
From KB 931667:
} Update the Operating System first
? Apply updates to Windows OS on Exchange Servers
? Apply updates to Windows OS on individual workstations
} Apply the CDO update to Exchange Servers
} Run the Exchange or Outlook update tool
? Run the Outlook or Exchange tool as soon after updating the OS as possible.
3 main components comprise the solution:
1)Windows patch to update the OS
2)Exchange patch to update CDO
3)Outlook Time Zone Data Update Tool (or the Exchange tool) to help adjust meetings and appointments that fall in the Extended DST period
Related KB to the above solution:
1) 2007 time zone update for Microsoft Windows operating systems
2) Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2 (First OWA servers and then Back – end servers and Exchange System Manager (management machines/BES servers)
After updating the 926666, you may have issues described in Information Store database does not mount with Event ID 9519 and 9518
Note This update is cumulative. Therefore, if you have not yet applied either of the security updates that are described in the following security bulletins, you may have to change the Send As permissions on your mobile device to make sure that the mobile device continues to function as you expect.
•
MS06-019 (Store.exe version 6.5.7233.69 or a later version of Store.exe)
•
MS06-029 (Store.exe version 6.5.7650.28 or a later version of Store.exe)
===========================================================================================
For more information about the steps that are required to appropriately update user permissions, click the following article numbers to view the articles in the Microsoft Knowledge Base:
912918 ( Users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003
907434 ( The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
The Send As right is delegated by modifying the security descriptor of a user object. Therefore, if the user is a member of a protected group, the change is overwritten in about one hour.
RECOMMENDED RESOLUTION:
1. Per article 907434 (referenced in article 912918 and also below), we (Microsoft) recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you require the rights that are afforded to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group and one user account that is used for e-mail purposes and at all other times. With this method you could logon as the "Admin" account and use "Run As" to open the Outlook Client.
2. If you opt to directly add the Send As permissions for the Blackberry Admin account at the AdminSDHolder object, it may take up to 2 hours for the users to see the desired functionality due to permissions cached at the Store level. Dismounting and Remounting an information store will flush this cache information immediately.
3. If you choose not to utilize separate accounts for users requiring administrative privileges, then you must prevent the AdminSDHolder from overwriting permissions that are granted to a BlackBerry Services account on protected groups. To do this, use the following command line with DSACLS:
dsacls "cn=adminsdholder,cn=system,dc=mydomain,dc=com" /G "BlackBerrySA:CA;Send As"
Note In this command, BlackBerrySA is a placeholder for the name of the BlackBerry Service account. Also, make sure that you do not add a space between BlackBerrySA and ":CA". Also, you will need to replace “mydomain” with the distinguished name (DN) of your domain.
To be certain you can launch ADSIEDIT and navigate to the AdminSDHolder and copy the "Distinguished name" attribute
Value.
To get there, in Adsiedit Expand the domain Node, expand the Domain folder "corp.amsworld.com", Expand "System" and Right click on "CN=AdminSDHolder" and go to the properties. Select the "Distinguished name" and choose Edit, And Copy the value. Once you have this you can just insert it into the command syntax. Just keep the Store Cache in mind. When you make the change we can see up to 2hrs before it Takes effect on the store.
Again, I must stress that we (Microsoft) recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you must have the rights that are given to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group, and one user account that is used for e-mail purposes and at all other times.
================================================================================================
1. Run the Exchange Time Zone Update Tool against all affected users/servers or Push out the Outlook Time Zone Data Update Tool to the clients and let the users update their own mailboxes.
} This tool is run from an Outlook client, not the server
} Requires full mailbox rights and Send As rights on the mailboxes you run it against
How to address daylight saving time by using the Exchange Calendar Update Tool
How to address the daylight saving time changes in 2007 by using the Time Zone Data Update Tool for Microsoft Office Outlook
Summary of RIM’s recommendations:
} If ESM 2003 is not installed on the BES server, install it.
} Apply the Exchange CDO patch from KB 926666.
} Apply BlackBerry device software update.
} If performing Intellisync USB Calendar Synchronization to sync Calendar items with BlackBerry, the Windows OS you are synchronizing with must have the DST patch.
have summarised the steps below:
What is recommended sequence for applying updates ?
From KB 931667:
} Update the Operating System first
? Apply updates to Windows OS on Exchange Servers
? Apply updates to Windows OS on individual workstations
} Apply the CDO update to Exchange Servers
} Run the Exchange or Outlook update tool
? Run the Outlook or Exchange tool as soon after updating the OS as possible.
3 main components comprise the solution:
1)Windows patch to update the OS
2)Exchange patch to update CDO
3)Outlook Time Zone Data Update Tool (or the Exchange tool) to help adjust meetings and appointments that fall in the Extended DST period
Related KB to the above solution:
1) 2007 time zone update for Microsoft Windows operating systems
2) Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2 (First OWA servers and then Back – end servers and Exchange System Manager (management machines/BES servers)
After updating the 926666, you may have issues described in Information Store database does not mount with Event ID 9519 and 9518
Note This update is cumulative. Therefore, if you have not yet applied either of the security updates that are described in the following security bulletins, you may have to change the Send As permissions on your mobile device to make sure that the mobile device continues to function as you expect.
•
MS06-019 (Store.exe version 6.5.7233.69 or a later version of Store.exe)
•
MS06-029 (Store.exe version 6.5.7650.28 or a later version of Store.exe)
===========================================================================================
For more information about the steps that are required to appropriately update user permissions, click the following article numbers to view the articles in the Microsoft Knowledge Base:
912918 ( Users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003
907434 ( The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
The Send As right is delegated by modifying the security descriptor of a user object. Therefore, if the user is a member of a protected group, the change is overwritten in about one hour.
RECOMMENDED RESOLUTION:
1. Per article 907434 (referenced in article 912918 and also below), we (Microsoft) recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you require the rights that are afforded to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group and one user account that is used for e-mail purposes and at all other times. With this method you could logon as the "Admin" account and use "Run As" to open the Outlook Client.
2. If you opt to directly add the Send As permissions for the Blackberry Admin account at the AdminSDHolder object, it may take up to 2 hours for the users to see the desired functionality due to permissions cached at the Store level. Dismounting and Remounting an information store will flush this cache information immediately.
3. If you choose not to utilize separate accounts for users requiring administrative privileges, then you must prevent the AdminSDHolder from overwriting permissions that are granted to a BlackBerry Services account on protected groups. To do this, use the following command line with DSACLS:
dsacls "cn=adminsdholder,cn=system,dc=mydomain,dc=com" /G "BlackBerrySA:CA;Send As"
Note In this command, BlackBerrySA is a placeholder for the name of the BlackBerry Service account. Also, make sure that you do not add a space between BlackBerrySA and ":CA". Also, you will need to replace “mydomain” with the distinguished name (DN) of your domain.
To be certain you can launch ADSIEDIT and navigate to the AdminSDHolder and copy the "Distinguished name" attribute
Value.
To get there, in Adsiedit Expand the domain Node, expand the Domain folder "corp.amsworld.com", Expand "System" and Right click on "CN=AdminSDHolder" and go to the properties. Select the "Distinguished name" and choose Edit, And Copy the value. Once you have this you can just insert it into the command syntax. Just keep the Store Cache in mind. When you make the change we can see up to 2hrs before it Takes effect on the store.
Again, I must stress that we (Microsoft) recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you must have the rights that are given to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group, and one user account that is used for e-mail purposes and at all other times.
================================================================================================
1. Run the Exchange Time Zone Update Tool against all affected users/servers or Push out the Outlook Time Zone Data Update Tool to the clients and let the users update their own mailboxes.
} This tool is run from an Outlook client, not the server
} Requires full mailbox rights and Send As rights on the mailboxes you run it against
How to address daylight saving time by using the Exchange Calendar Update Tool
How to address the daylight saving time changes in 2007 by using the Time Zone Data Update Tool for Microsoft Office Outlook
Summary of RIM’s recommendations:
} If ESM 2003 is not installed on the BES server, install it.
} Apply the Exchange CDO patch from KB 926666.
} Apply BlackBerry device software update.
} If performing Intellisync USB Calendar Synchronization to sync Calendar items with BlackBerry, the Windows OS you are synchronizing with must have the DST patch.
WhoKilledKenny
MIS
Try that again.... The copy and paste didnt seem to work out as sentences are running off the page.
I have summarised the steps below:
What is recommended sequence for applying updates ?
From KB 931667:
} Update the Operating System first
? Apply updates to Windows OS on Exchange Servers
? Apply updates to Windows OS on individual workstations
} Apply the CDO update to Exchange Servers
} Run the Exchange or Outlook update tool
? Run the Outlook or Exchange tool as soon after updating the OS as possible.
3 main components comprise the solution:
1)Windows patch to update the OS
2)Exchange patch to update CDO
3)Outlook Time Zone Data Update Tool (or the Exchange tool) to help adjust meetings and appointments that fall in the Extended DST period
Related KB to the above solution:
1) 2007 time zone update for Microsoft Windows operating systems
2) Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2 (First OWA servers and then Back – end servers and Exchange System Manager (management machines/BES servers)
After updating the 926666, you may have issues described in Information Store database does not mount with Event ID 9519 and 9518
Note This update is cumulative. Therefore, if you have not yet applied either of the security updates that are described in the following security bulletins, you may have to change the Send As permissions on your mobile device to make sure that the mobile device continues to function as you expect.
•
MS06-019 (Store.exe version 6.5.7233.69 or a later version of Store.exe)
•
MS06-029 (Store.exe version 6.5.7650.28 or a later version of Store.exe)
===========================================================================================
For more information about the steps that are required to appropriately update user permissions, click the following article numbers to view the articles in the Microsoft Knowledge Base:
912918 ( Users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003
907434 ( The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
The Send As right is delegated by modifying the security descriptor of a user object. Therefore, if the user is a member of a protected group, the change is overwritten in about one hour.
RECOMMENDED RESOLUTION:
1. Per article 907434 (referenced in article 912918 and also below), we (Microsoft) recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you require the rights that are afforded to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group and one user account that is used for e-mail purposes and at all other times. With this method you could logon as the "Admin" account and use "Run As" to open the Outlook Client.
2. If you opt to directly add the Send As permissions for the Blackberry Admin account at the AdminSDHolder object, it may take up to 2 hours for the users to see the desired functionality due to permissions cached at the Store level. Dismounting and Remounting an information store will flush this cache information immediately.
3. If you choose not to utilize separate accounts for users requiring administrative privileges, then you must prevent the AdminSDHolder from overwriting permissions that are granted to a BlackBerry Services account on protected groups. To do this, use the following command line with DSACLS:
dsacls "cn=adminsdholder,cn=system,dc=mydomain,dc=com" /G "BlackBerrySA:CA;Send As"
Note In this command, BlackBerrySA is a placeholder for the name of the BlackBerry Service account. Also, make sure that you do not add a space between BlackBerrySA and ":CA". Also, you will need to replace “mydomain” with the distinguished name (DN) of your domain.
To be certain you can launch ADSIEDIT and navigate to the AdminSDHolder and copy the "Distinguished name" attribute
Value.
To get there, in Adsiedit Expand the domain Node, expand the Domain folder "corp.amsworld.com", Expand "System" and Right click on "CN=AdminSDHolder" and go to the properties. Select the "Distinguished name" and choose Edit, And Copy the value. Once you have this you can just insert it into the command syntax. Just keep the Store Cache in mind. When you make the change we can see up to 2hrs before it Takes effect on the store.
Again, I must stress that we (Microsoft) recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you must have the rights that are given to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group, and one user account that is used for e-mail purposes and at all other times.
================================================================================================
1. Run the Exchange Time Zone Update Tool against all affected users/servers or Push out the Outlook Time Zone Data Update Tool to the clients and let the users update their own mailboxes.
} This tool is run from an Outlook client, not the server
} Requires full mailbox rights and Send As rights on the mailboxes you run it against
How to address daylight saving time by using the Exchange Calendar Update Tool
How to address the daylight saving time changes in 2007 by using the Time Zone Data Update Tool for Microsoft Office Outlook
Summary of RIM’s recommendations:
} If ESM 2003 is not installed on the BES server, install it.
} Apply the Exchange CDO patch from KB 926666.
} Apply BlackBerry device software update.
} If performing Intellisync USB Calendar Synchronization to sync Calendar items with BlackBerry, the Windows OS you are synchronizing with must have the DST patch.
I have summarised the steps below:
What is recommended sequence for applying updates ?
From KB 931667:
} Update the Operating System first
? Apply updates to Windows OS on Exchange Servers
? Apply updates to Windows OS on individual workstations
} Apply the CDO update to Exchange Servers
} Run the Exchange or Outlook update tool
? Run the Outlook or Exchange tool as soon after updating the OS as possible.
3 main components comprise the solution:
1)Windows patch to update the OS
2)Exchange patch to update CDO
3)Outlook Time Zone Data Update Tool (or the Exchange tool) to help adjust meetings and appointments that fall in the Extended DST period
Related KB to the above solution:
1) 2007 time zone update for Microsoft Windows operating systems
2) Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2 (First OWA servers and then Back – end servers and Exchange System Manager (management machines/BES servers)
After updating the 926666, you may have issues described in Information Store database does not mount with Event ID 9519 and 9518
Note This update is cumulative. Therefore, if you have not yet applied either of the security updates that are described in the following security bulletins, you may have to change the Send As permissions on your mobile device to make sure that the mobile device continues to function as you expect.
•
MS06-019 (Store.exe version 6.5.7233.69 or a later version of Store.exe)
•
MS06-029 (Store.exe version 6.5.7650.28 or a later version of Store.exe)
===========================================================================================
For more information about the steps that are required to appropriately update user permissions, click the following article numbers to view the articles in the Microsoft Knowledge Base:
912918 ( Users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003
907434 ( The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
The Send As right is delegated by modifying the security descriptor of a user object. Therefore, if the user is a member of a protected group, the change is overwritten in about one hour.
RECOMMENDED RESOLUTION:
1. Per article 907434 (referenced in article 912918 and also below), we (Microsoft) recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you require the rights that are afforded to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group and one user account that is used for e-mail purposes and at all other times. With this method you could logon as the "Admin" account and use "Run As" to open the Outlook Client.
2. If you opt to directly add the Send As permissions for the Blackberry Admin account at the AdminSDHolder object, it may take up to 2 hours for the users to see the desired functionality due to permissions cached at the Store level. Dismounting and Remounting an information store will flush this cache information immediately.
3. If you choose not to utilize separate accounts for users requiring administrative privileges, then you must prevent the AdminSDHolder from overwriting permissions that are granted to a BlackBerry Services account on protected groups. To do this, use the following command line with DSACLS:
dsacls "cn=adminsdholder,cn=system,dc=mydomain,dc=com" /G "BlackBerrySA:CA;Send As"
Note In this command, BlackBerrySA is a placeholder for the name of the BlackBerry Service account. Also, make sure that you do not add a space between BlackBerrySA and ":CA". Also, you will need to replace “mydomain” with the distinguished name (DN) of your domain.
To be certain you can launch ADSIEDIT and navigate to the AdminSDHolder and copy the "Distinguished name" attribute
Value.
To get there, in Adsiedit Expand the domain Node, expand the Domain folder "corp.amsworld.com", Expand "System" and Right click on "CN=AdminSDHolder" and go to the properties. Select the "Distinguished name" and choose Edit, And Copy the value. Once you have this you can just insert it into the command syntax. Just keep the Store Cache in mind. When you make the change we can see up to 2hrs before it Takes effect on the store.
Again, I must stress that we (Microsoft) recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you must have the rights that are given to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group, and one user account that is used for e-mail purposes and at all other times.
================================================================================================
1. Run the Exchange Time Zone Update Tool against all affected users/servers or Push out the Outlook Time Zone Data Update Tool to the clients and let the users update their own mailboxes.
} This tool is run from an Outlook client, not the server
} Requires full mailbox rights and Send As rights on the mailboxes you run it against
How to address daylight saving time by using the Exchange Calendar Update Tool
How to address the daylight saving time changes in 2007 by using the Time Zone Data Update Tool for Microsoft Office Outlook
Summary of RIM’s recommendations:
} If ESM 2003 is not installed on the BES server, install it.
} Apply the Exchange CDO patch from KB 926666.
} Apply BlackBerry device software update.
} If performing Intellisync USB Calendar Synchronization to sync Calendar items with BlackBerry, the Windows OS you are synchronizing with must have the DST patch.
Issue: the Windows XP download screen wants to run a Genuine Windows Checker. Which then wants to install the patch rather than letting one download it. If you wanted to use an automated solution to install it on the workstations...
How will this work with WSUS? I don't know anything about WSUS.
concerned Newbie
DougP, MCP, A+
How will this work with WSUS? I don't know anything about WSUS.
concerned Newbie
DougP, MCP, A+
Doug, it runs the Genuine Advantage check then takes you to another page that lets you download it. I downloaded it then linked it to a file server on our LAN, and had people click on a link to download off the server.
i.e. "Good morning newbie, IT dept wants you to click here"
where click here is actually a hyperlink to \\fileserver\patch.exe .
i.e. "Good morning newbie, IT dept wants you to click here"
where click here is actually a hyperlink to \\fileserver\patch.exe .
- Status
Similar threads