Exchange 2013

Items specifically related to Exchange 2013

11

Collected Links For Hafnium – March 2021 Exchange Security Issue

Posted on by Rhoderick Milne [MSFT]

The below are a series of links, tips and some very brief thoughts on Hafnium.  I will purposefully not include the content of the other locations as it is changing so rapidly, and there is no way to ensure that it would be updated here in a timely fashion.

 

 

If you read nothing else, please ensure that you install the update from an elevated CMD prompt if you are manually installing. 

FaiRead the rest “Collected Links For Hafnium – March 2021 Exchange Security Issue”

2

Out of Band Critical Exchange Security Updates–March 2021

Posted on by Rhoderick Milne [MSFT]

Security updates were released today for Exchange 2010, 2013, 2016 and 2019.  Attacks were detected which leveraged these vulnerabilities, so an out of band set of updates was released

This a remote code execution on TCP 443 and is already being exploited as a 0-Day attacks against on-premises Exchange servers.

Microsoft strongly recommends installing this update immediately.  Internet facing serverRead the rest “Out of Band Critical Exchange Security Updates–March 2021”

1

Exchange 2013 OnPremisesSmtpClientSubmission – Unhealthy After Disabling TLS 1.0 and TLS 1.1

Posted on by Rhoderick Milne [MSFT]

After going through the steps to disable TLS 1.0 and TLS 1.1, it was noted that Managed Availability was not happy with one particular component in Exchange 2013.  This was the OnPremisesSmtpClientSubmission probe and the monitor which was associated to it.  The below is a reproduction of the customer environment.

For reference, you can review Protocols in TLS/SSL (Schannel SSP) for a listing of wh… Read the rest “Exchange 2013 OnPremisesSmtpClientSubmission – Unhealthy After Disabling TLS 1.0 and TLS 1.1”

2

Exchange Managed Availability Error – OutlookRpcSelfTestProbe

Posted on by Rhoderick Milne [MSFT]

This case illustrates the "fun" with Managed Availability a particular customer had after making changes to their servers.  The servers were built back in 2014, and as such the default self signed certificates had expired and were previously replaced.  This is because the Exchange self signed certificates have a 5 year validity period.

It was noted that Managed Availability was not healthy in all r… Read the rest “Exchange Managed Availability Error – OutlookRpcSelfTestProbe”

1

Unable To Add Server to DAG Enabled Computer Object With The Given Name Already Exists

Posted on by Rhoderick Milne [MSFT]
Unable To Add Server to DAG Enabled Computer Object With The Given Name Already Exists

As we saw previously, Windows Server 2012 introduced some changes with regards to creating a Database Availability Group (DAG).  For example, you may have encountered this issue Add-DatabaseAvailabilityGroupServer – You Must Provide A Value For This Property.

The issue below is another example where the pre-work to create the underlying DAG computer network object (CNO) was not done fully.

Starting

Read the rest “Unable To Add Server to DAG Enabled Computer Object With The Given Name Already Exists”
3

A Tale of Two Certificates–SHA1 Certificate Created During Exchange 2016 Installation

Posted on by Rhoderick Milne [MSFT]

The security space is constantly evolving, and while a lot of the recent work has been on moving to TLS 1.2, a previous focus in the industry was to stop issuing SHA1 certificates and transition to SHA2 based certificates.  As a result, many will run security scans to review the presence of installed certificates and their properties.  In one such engagement, the security team noted their displeas… Read the rest “A Tale of Two Certificates–SHA1 Certificate Created During Exchange 2016 Installation”

2

Exchange Setup – Certificate Is Expired – Part Deux

Posted on by Rhoderick Milne [MSFT]
Exchange Setup Certificate Expired

Previously I managed to break one of my labs when replicating a customer situation and then had to fix it as noted in this post from 2017.

This time around though I really raised my game, and instead of one certificate being expired, all of them were.  Yup every cert was toast.  Trying to install the Exchange CU to update to the latest build did not go well at all.  As you see below, all of the cer… Read the rest “Exchange Setup – Certificate Is Expired – Part Deux”

0

Low Exchange Disk Space Monitors

Posted on by Rhoderick Milne [MSFT]
Low Exchange Disk Space Monitors

Exchange 2013 introduced us to the concept of Managed Availability.  This reduced the reliance on external entities such as System Center Operations Manager (SCOM) or other 3rd party monitoring tools.  Exchange became self aware, started to monitor itself and even perform certain recovery actions.

As an administrator we can review output of some of these monitoring actions using Exchange Management… Read the rest “Low Exchange Disk Space Monitors”

1

Exchange 2016 CAS Namespace Cutover Authentication Failure

Posted on by Rhoderick Milne [MSFT]

You have prepped for months, and tonight is the night!  It is the night of CAS namespace cutover to move the HTTPS namespaces from Exchange 2010 so that the point to Exchange 2013 or 2016.  DNS TTL was decremented.  Servers are all fully updated as are the Outlook clients and we are good to go.

The DNS change kicks in, and Outlook HTTPS traffic hits Exchange 2016 and we enter a spiral of never endi… Read the rest “Exchange 2016 CAS Namespace Cutover Authentication Failure”

3

QuickTip – Which Managed Availability Components Are Unhealthy?

Posted on by Rhoderick Milne [MSFT]
Exchange Managed Availability

Exchange 2013 introduced the Managed Availability feature, so Exchange can self monitor and perform recovery actions upon itself.  While this has greatly helped Exchange become more self-healing, one of the downsides is that there is no real UI for Managed Availability.  The only UI is the Managed Availability Event Logs.  All of the configuration inside of Exchange is done using PowerShell.  The … Read the rest “QuickTip – Which Managed Availability Components Are Unhealthy?”