In the recently released Exchange 2007 Service Pack 3, there’s a version mismatch between the Outlook Web Access (OWA) S/MIME Control, an Active X control used to provide S/MIME support in OWA. After you install SP3, users who have the control installed will get prompted to install the latest version of the control.

The way this works – the code compares the “Version” property of the client S/MIME control (MIMECTL.DLL) on the user’s computer with the ProductVersion property of the MSI file (OWASMIME.MSI) on the Client Access Server.

During the released SP3 build, the version of the MSI file was incremented to 8.3.83.2. However, due to an error, the DLL file in the MSI retained its old version number (8.3.83.0). As a result, when Outlook Web Access users using Internet Explorer use S/MIME functionality, they get the same prompt to upgrade the S/MIME control even after they’ve upgraded.

Here are two ways to resolve this issue.

1. If you have the Orca.exe utility, you can change the version number of the MicrosoftExchange ServerClientAccessOwasmimeowasmime.msi file from 8.3.83.2 to 8.3.83.0.
2. Download and run the PatchMSIProductVersion.vbs script which changes the version number. Note, the download is named PatchMSIProductVersion.vbs_txt. Remove the _txt from the file extension before running it.

After you use either of the above methods, restart IIS. (Use the IISReset command.)

We apologize for any inconvenience this may have caused users.

NOTE: If your users don’t use the S/MIME control, no action is required. Some discussions in community forums include another possible workaround which suppresses the upgrade prompt by using the ForceSMIMEClientUpgrade registry key (see How to Manage S/MIME for Outlook Web Access in Exchange 2007 docs for details). Although this may work under the situation, we do not recommend using this method for this version mismatch issue on an ongoing basis.

Kind regards,

Catastrophic Failure “JV”

Source:
This post was taken from :MSExchange Team

By allowing remote access to Microsoft Exchange to users who are based outside the safety of the corporate network, an organization enables its employees to take full advantage of the technology their company provides. Remote access lets employees use many devices to communicate with their peers and customers from any place and at any time.

Allowing access to corporate resources from any location, perhaps using devices that are not controlled by the organization, presents additional risk to the security of the data and services being accessed. Therefore it’s critical to take measures to ensure that the data is being accessed securely, which means implementing technologies such as certificates, firewalls, enforcing pre-authentication, and device or endpoint validation. The key concept to understand is that applying security to any solution is a multi-layered task that includes identifying the threats, reducing the attack surface area, removing unnecessary access points, and enforcing authentication. The casual attacker will usually give up after a few failed attempts to access a resource.

When you publish Exchange, Microsoft offers two software-based options: Microsoft Forefront Threat Management Gateway 2010 (Forefront TMG) and Microsoft Forefront Unified Access Gateway 2010 (Forefront UAG). Both options offer publishing wizards and security features to provide secure access to Exchange when it’s accessed from outside the safety of the corporate network.

There are other ways to publish Exchange besides using Forefront TMG or Forefront UAG. This technical guide isn’t intended to provide the only information you use for a complex organization or one with special security constraints. Instead, it’s intended only as a walkthrough to help you publish Exchange on both these platforms, using basic configuration options. If you have a large organization, it’s likely that you’ll need additional applications or have to factor in additional security considerations. Such applications and security considerations are beyond the scope of this document.

This white paper provides detailed information about publishing Microsoft Exchange Server 2010 using Forefront TMG or Forefront UAG, including how to choose between them for different scenarios, and provides specific steps you can take to configure Forefront TMG and Forefront UAG to publish Exchange 2010.

The link to download the whitepaper is :

Download details: Publishing Exchange with Forefront
http://www.microsoft.com/downloads/details.aspx?FamilyID=894bab3e-c910-4c97-ab22-59e91421e022&displaylang=en

Kind regards,

Catastrophic Failure “JV”