Please be aware that Exchange 2013, Exchange 2016 and Exchange 2019 security updates were released as part of the December 2020 patch Tuesday release. The overall rating is critical, and the update resolves multiple issues.
Details for these, and previously released updates can be found in the Security Update Guide. Also note that Exchange 2010 SP3 RU31 was also released.
For all of th… Read the rest “Exchange December 2020 Security Updates”
After going through the steps to disable TLS 1.0 and TLS 1.1, it was noted that Managed Availability was not happy with one particular component in Exchange 2013. This was the OnPremisesSmtpClientSubmission probe and the monitor which was associated to it. The below is a reproduction of the customer environment.
For reference, you can review Protocols in TLS/SSL (Schannel SSP) for a listing of wh… Read the rest “Exchange 2013 OnPremisesSmtpClientSubmission – Unhealthy After Disabling TLS 1.0 and TLS 1.1”
In most enterprise customers there is a segregation of duties between multiple teams. This could be networking and desktop. Or Windows Server platform and messaging. It was the split in these roles, and especially a dearth of communication which led to this tale of woe with TLS 1.2 and Exchange.
The reasons for moving to TLS 1.2 and avoiding SSL2, SSL3, TLS 1.0 and TLS 1.1 should be well underst… Read the rest “Exchange Managed Availability Broken With TLS 1.2 Changes”
This case illustrates the "fun" with Managed Availability a particular customer had after making changes to their servers. The servers were built back in 2014, and as such the default self signed certificates had expired and were previously replaced. This is because the Exchange self signed certificates have a 5 year validity period.
It was noted that Managed Availability was not healthy in all r… Read the rest “Exchange Managed Availability Error – OutlookRpcSelfTestProbe”
As we saw previously, Windows Server 2012 introduced some changes with regards to creating a Database Availability Group (DAG). For example, you may have encountered this issue Add-DatabaseAvailabilityGroupServer – You Must Provide A Value For This Property.
The issue below is another example where the pre-work to create the underlying DAG computer network object (CNO) was not done fully.
The security space is constantly evolving, and while a lot of the recent work has been on moving to TLS 1.2, a previous focus in the industry was to stop issuing SHA1 certificates and transition to SHA2 based certificates. As a result, many will run security scans to review the presence of installed certificates and their properties. In one such engagement, the security team noted their displeas… Read the rest “A Tale of Two Certificates–SHA1 Certificate Created During Exchange 2016 Installation”
Previously I managed to break one of my labs when replicating a customer situation and then had to fix it as noted in this post from 2017.
This time around though I really raised my game, and instead of one certificate being expired, all of them were. Yup every cert was toast. Trying to install the Exchange CU to update to the latest build did not go well at all. As you see below, all of the cer… Read the rest “Exchange Setup – Certificate Is Expired – Part Deux”
After preparing AD and installing the first Windows Server 2019 DC into an existing AD environment, it was noted that there were unresolved SIDs listed at the root of the domain. This was corelated to the AD 2019 upgrade as permissions had been audited and cleaned up prior due to previous issues in the environment. Previously all DCs were Windows Server 2012 R2 with all updates installed.
After r… Read the rest “Unresolved RID 526 and 527 After ADPrep”
Exchange 2013 introduced us to the concept of Managed Availability. This reduced the reliance on external entities such as System Center Operations Manager (SCOM) or other 3rd party monitoring tools. Exchange became self aware, started to monitor itself and even perform certain recovery actions.
As an administrator we can review output of some of these monitoring actions using Exchange Management… Read the rest “Low Exchange Disk Space Monitors”
When you try to install a PowerShell module or connect to the PowerShell Repository you may get the below error messages:
WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''.
WARNING: Unable to download the list of available providers. Check your internet connection.
For make most glorious benefit engine of search:
PackageManagement\Install-Packag… Read the rest “Unable To Install PowerShell Modules – Unable To Download From URI Error”