ExBPA 2.6 released – many great changes!

We wanted to announce the new major build of ExBPA that we released today: v2.6 (U.S. English).


We did a lot of work to improve usability of the tool in this release. Here are the major differences and improvements that we have made since ExBPA v2.5:


1. Tabbed reporting interface instead of a drop-down control. Viewing reports is now much more intuitive with this cool reporting structure.


2. Scan types are presented through radio buttons, so the different scan types available are much more obvious.


3. Group by "Issue" option when viewing list reports. For example, if you find that multiple servers are showing the same Error, you can now easily display a list of all servers affected rather than having to manually go through the entire list of items.


4. An ExBPA shell extension which allows you to right-click on an XML in Explorer (or apps like WinZip) and "View with Exchange Server Best Practices Analyzer".


5. ExBPA now works through proxy servers that require authentication.


6. New 'Permission Structure Check' scan type. This iterates through both the domain naming context and Exchange section of the configuration naming context and will notify you if inheritance has been blocked at any level. In addition, ExBPA will also check for inheritance blocks in the configuration naming context during a regular 'Health Check'.


7. Better reporting of cluster resources and groups. In the detailed view, you will now see a great hierarchical display of:


           - Cluster resource groups with current owner

                   - Cluster resources and properties

                             - Dependent resources

                             - Antecedent resources

                             - Possible owners


We have also implemented dependency checks. For example, if the System Attendant is not dependent on every physical disk resource in the same resource group, a warning will be displayed.


8. Very latest rule set, including all the updates made to v2.5, which include the IIS metabase / transport event sink checks. In addition, we have introduced some new rules including:

- If you look in the "Information Items" report, the very first info rule details the version of ExBPA that was used to capture and analyze the data.


- A new object processor that uses DsGetSiteName to ascertain the AD site membership of the Exchange server and all DC/GCs in the DSAccess topology.


- Certificate checking. For every SMTP domain defined, we attempt to obtain the SSL cert. If we find it, we'll check that the principal matches the host name and if the cert is close to expiry (or has already expired).


- For connectivity errors, ExBPA now displays the underlying exception (e.g. Access Denied) in the Error rule itself. You no longer need to manually go through the Run Time log to see the actual error string.

9. All XML files are digitally signed to improve security and prevent tampering/spoofing. On startup, ExBPA will check that a valid signature (and Microsoft certificate) is on each XML. If the XML has been modified, a popup error will be seen and ExBPA will refuse to run.


As usual, to get ExBPA, please go here or just go to www.exbpa.com! The direct download is here.


- Paul Bowden

Comments (23)
  1. Anonymous says:

    Looks like the Exchange team has been busy lately.  Here’s a list of new/updated downloads…

  2. Anonymous says:

    Enhanced support for clusters, and other little ‘nice touches’ that make this program even more of a ‘must have’ for anyone doing Exchange work. Worth more than the price of admission (free) and catches a lot of problems before they impact your organizat

  3. Great! Until up to now EXBPA is not only my "Tool of the year 2005", no, it is also my "Tool of the year 2006". Well, until up to now… *g* Please continue the excellent work!

  4. GeneK says:

    Paul Bowden, you are my favorite Microsoft Program Manager!

    Thanks for the most useful Exchange tool!

  5. shawn says:

    I got this error after installing and trying to launch the new version:

    "The configuration file C:Program FilesExBPAenExBPA.Transport.xml could not be loaded because it has an invalid signature."

  6. Well, I thought EXBPA were my "Tool of the year 2006". I ran it at a customer site today… And I was not very amused. EXBPA reports critical errors where no errors exist. For example: There are three cluster running at the customer site. EXBPA reports an error because of a name mismatch between the computername in the registry and the actual computername! ? Hey, this is a cluster! It is normal that the virtual name differs from the host name of the node! Another example: EXBPA complains that the DHCP Client Service is not running on all the servers. But it is running! I didn’t get those errors with V2.5… Maybe Paul Bowden can clarifiy on these things… Thnanks! I’d like to have my "Tool of the year 2006" back *g*

  7. Darth says:

    I also get the "The configuration file C:Program FilesExBPAenExBPA.Transport.xml could not be loaded because it has an invalid signature."

    error on startup.  You would think that these issues would be worked out before they threw this over the wall, but it just seems more and more that MS just doesn’t care anymore….

    At least the earlier version worked.

  8. GeneK says:

    The upgrade worked for me without any errors.

    Did you try to uninstall it and the install it again?

  9. Darth says:

    Uninstall and re-install corrected the issue…..

  10. Paul Bowden [MSFT] says:

    Thanks everyone for your feedback. We’ve received a few reports about the invalid signature on ExBPA.Transport.xml. Not everyone is hitting this, and we’re still investigating as to how this issue occurs. The file that’s causing a problem is a remnant from the last update for ExBPA v2.5. However, what should happen is that the v2.6 MSI overwrites the older v2.5 file as part of the update. It appears that this is not the case on some machines out there.

    Christian – From the errors that you’re seeing, it sounds as if we’re hitting a WMI problem on the server in question. If you look at the Run-Time Log, it should give you the underlying errors that are occurring. Feel free to e-mail me at pbowden@microsoft.REMOVETHIS.com if you want to discuss the problem.

  11. NavSysEng says:

    Great tool!  Only problem is it’s not allowing me choices of my printers — only "non" printers.  So far haven’t been able to get this changed; so I’m not able to print the reports.

  12. Paul Bowden [MSFT] says:

    NavSysEng …can you elaborate further please? Or if it’s easier, please send me a screenshot (pbowden@microsoft.REMOVETHIS.com)

  13. NavSysEng says:

    I believe it’s due to the fact that I’m using a domain ID to run on my general desktop and though that ID should have all printers listed, it’s not showing any.  Once the tool is finished, I will double-check.  Thanks.

  14. Gary says:

    I just attemped to download this new version but when I got the MSI file in hand, it was still the old version?????  I look at the properites and the timestamp of the signature as well the subject line are the same as the old download (included the old version number in the subject line).  Was the newer version download pulled or something?

  15. Paul Bowden [MSFT] says:

    We now understand what’s going on with the ‘invalid signature’ error that some people are seeing. Under some conditions, the ExBPA.Transport.xml file that was provided in the last v2.5 web update (~3 weeks ago) does not get overwritten by the v2.6 installer, causing an incompatibility. Not everyone will be affected by this, it really depends on the speed of the network connection. The repro is a little obscure, but if the last v2.5 web update took >1sec to download and store the 18Kb XML file, then you hit the problem with the v2.6 upgrade.

    We have a fix for the v2.6 installer underway, and should testing complete successfully, we’ll re-release the v2.6 MSI file. For anyone who’s successfully upgraded already, there is no action to take, as the bug is in the installer, not the tool itself.

    My sincere apologies to those people who have hit this problem. We certainly do take issues like this very seriously.

    Kind Regards, Paul.

  16. Scott Bueffel says:

    You recommend setting the TarpitTime if BPA detects that Recipient Filtering is enabled.  But this is only applicable if you also have the "Filter recipients who are not in the Directory" option checked.  You should update BPA to check for both settings before recommending setting the tar pit value.

  17. Anonymous says:

    "The" weekly list, this time on schedule.

    Microsoft Exchange Server Profile Analyzer Web Release 2.5…

  18. Anonymous says:

    Well, although I started this blog with the best intentions, I have been very bad at keeping it regular. …

  19. Anonymous says:





    Are Smart Cards the New Way of Life? – Solving the…

  20. Anonymous says:





    Are Smart Cards the New Way of Life? – Solving the…

  21. Bob Hyatt says:

    I love ExBPA.  What is weird is that it does recommend that I set up tarpitting on my SMTP bridgehead servers when I have neither the recipient policy applied on my SMTP virtual servers (that I can see) nor the "Filter recipients who are not in the Directory" option checked.  I tried enabling the recipient filter on the virtual servers (click apply) then disabling it (click apply), but that didn’t help.  I even removed the one address from the recipient filter list that was there but not really being used (that I can tell).

    A bigger question that I would ask is this: From a spam standpoint, which is better, setting up tarpitting and rejecting messages for users not in the directory or just accepting everything and then having Exchange [try to] deliver a failure notice to the spammer?

    Cheers!  Thanks for ExBPA!

Comments are closed.

Skip to main content