Service Pack 3 breaks S/MIME in OWA because of a version mismatch between the client mimectl.dll and the PropertyVersion on the MSI file owamime.msi on the CAS server. Here is Microsoft's technet article about it. http://blogs.technet.com/b/schadinio/archive/2010/07/10/exchange-2007-sp3-and-owa-s-mime-version-mismatch.aspx. And here is a link to the Exchange Team blog about the issue. http://msexchangeteam.com/archive/2010/07/09/455445.aspx?CommentPosted=true#commentmessage.
SP3 Rollup 1 fixes the S/MIME but breaks more. After installing Rollup 1, the Exchange Management Console (EMC) throws errors when trying to manage Exchange Cluster or the CAS server. The error message is:
Retrieving the COM class factory for remote component with CLSID
{2B72133B-3F5B-4602-8952-803546CE3344} from machine
failed due to the following error: 800706ba.
This error is related to dynamic RPC ports not being open on the firewall. I have read that you can create inbound firewall rules on each CCR node to resolve the error, but this did not work for me. Follow these steps to try that.
1. New inbound rule in the Windows Firewall with Advanced Security.
2. Rule Type: Custom
3. Program: All Programs
4. Protocol and Ports: type: "TCP"; Local port: "Dynamic RPC"; Remote ports: "All ports"
5. Scope: Any for both local and remote or you can try entering your specific IPs
6. Action: Allow connection
7. Profile: "Domain"
8. Name: Call it what you want like "Dynamic RPC Ports"
The other issue with SP3 seems to be related to backups. If you are using Microsoft Data Protection Manager 2007 for backups, log truncating on CCR nodes is broken. DPM still reports successful backups but log files are not truncated. I read a post where someone using BackupExec had a similar problem.
Rollup 1 supposedly fixes this but it was broken for me after the install of RU1. It wasn't until after I did the following workaround and then refreshed the Protection Group that the backups started truncating the logs again.
You can set the backup to run against the active node instead of the passive as a workaround.
http://social.technet.microsoft.com/Forums/en-US/exchangesvravailabilityandisasterrecovery/thread/2b5de9de-7c7e-4398-8793-8a6c397f2195
