Messaging

Items related to messaging services with a focus on Exchange Online (EXO) and Exchange server (on-premises)

0

How To Generate File Hash Using Certutil

Posted on by Rhoderick Milne [MSFT]
Create File Hash using Certutil

Windows has the ability to easily generate a hash for a given file using the Certutil.exe utility.  Administrators may have previously used to this tool when they need to generate TLS certificates or to perform other tasks against AD Certificate Services.  As an example of the former, this was a common task for AD FS certificates as described in this post.

To generate the file hash we will use the … Read the rest “How To Generate File Hash Using Certutil”

0

Unable To Access OWA Externally Via WAP 2019

Posted on by Rhoderick Milne [MSFT]
Unable To Access OWA - Still Working On It

After upgrading Web Application Proxy (WAP) to Windows Server 2019 you may run into an issue with certain applications that are published via WAP to the Internet.

In the below example the AD FS upgrade went well with no issues.  The AD FS farm and WAP servers were upgraded to Windows Server 2019 and all appeared to be going well.  Too well that was, as when the external tests were validated against… Read the rest “Unable To Access OWA Externally Via WAP 2019”

0

Exchange Unexpected InternalNLBBypass URL – RecoverServer

Posted on by Rhoderick Milne [MSFT]
Exchange Server Unexpected URL RecoverServer

Reviewing the output of an environement's CAS Namespaces showed that there was an unexpecte URL present for the version of Exchagne that was installed.  With Exchange 2013 onwards InternalNLBBypassURL is not something that we need to set.  That was an Exchange 2007 and 2010 thing.

In the environment below note that there are couple of things that pique my interest.

Any thoughts?

Exchange WebServices Showing InternalNLBBypassURL

What is interesting i… Read the rest “Exchange Unexpected InternalNLBBypass URL – RecoverServer”

0

How to Get Newer Version of PowerShellGet – Install, Don’t Upgrade

Posted on by Rhoderick Milne [MSFT]
Update PowerShellGet

Current versions of Windows come with a version of PowerShellGet pre-installed.  The PowerShellGet and PackageManagement modules originally were released in Windows PowerShell 5.0 which itself was part of the Windows Management Framework (WMF) 5.0 RTM.  This was back in early 2016. The PowerShellGet module is also integrated with the PackageManagement module as a provider.

The 1.0.0.1 version of Powe… Read the rest “How to Get Newer Version of PowerShellGet – Install, Don’t Upgrade”

0

Exchange 2019 CU13 Released (2023 H1)

Posted on by Rhoderick Milne [MSFT]
Exchange 2019 CU13 Download

Exchange 2019 CU13 has been released to the Microsoft Volume Licensing Center and the public Microsoft Download site!  Exchange 2019 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2019 and can be used to install a fresh server or to upd… Read the rest “Exchange 2019 CU13 Released (2023 H1)”

0

End of Exchange 2013 Support

Posted on by Rhoderick Milne [MSFT]
Exchange 2013 Support Lifecycle

Today Exchange 2013 reaches the end of the road and it will transition out of extended support.  Hopefully everyone has migrated to a newer version and/or Office 365.  But experience tells me that will not be the case.

Hopefully no one will have Exchange 2013 published to the Internet either, but again experience says otherwise…

Please note that Microsoft will not provide technical support, time zon… Read the rest “End of Exchange 2013 Support”

0

Out of SSPR Scope User Experience

Posted on by Rhoderick Milne [MSFT]

Azure AD Self Service Password Reset (SSPR) has the ability to restrict which group of users are able to perform SSPR tasks.  It is a slightly limited administrator control as only a single group can be selected.  Azure AD administrator roles are able to perform SSPR even if they are not in scope of the selected group.

They typical user experience is that the person goes to https://aka.ms/SSPR and … Read the rest “Out of SSPR Scope User Experience”

0

Configure On-Premises Exchange For EOP Spam Thresholds

Posted on by Rhoderick Milne [MSFT]
Exchange Online Anti Spam Threshold

A common issue when deploying Exchange Online Protection (EOP) and Microsoft Defender for Office 365 (MDO) with on-premises Exchange is making Exchange aware of the EOP spam filtering.  This is because EOP uses slightly different logic to stamp the spam results etc. into the message.  Exchange Server needs to be aware of this so that it can take action upon those settings.

On-Premises Spam Confiden

Read the rest “Configure On-Premises Exchange For EOP Spam Thresholds”
0

Kerberos Issues November 2022

Posted on by Rhoderick Milne [MSFT]
Kerberos Issues November 2022

The November 8, 2022 and later Windows updates address a  security bypass and elevation of privilege vulnerability with Authentication Negotiation by using weak RC4-HMAC negotiation.

This update will set AES as the default encryption type for session keys on accounts that are not marked with a default encryption type already.

To help secure your environment, install the Windows update that is dated … Read the rest “Kerberos Issues November 2022”

0

Updated Guidance On Exchange Server Extended Protection

Posted on by Rhoderick Milne [MSFT]
Extended Protection is set to Required on the OAB vDIR

Extended Protection (EP) was added to Windows back in 2009 as a new security feature. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).

The update itself does not directly provide protection against specific attacks such as credential forwarding, but allows applications to opt-in to Extended Protect… Read the rest “Updated Guidance On Exchange Server Extended Protection”