Exchange 2013 Cumulative Update 8

Ex2013 LogoToday, Cumulative Update 8 for Exchange Server 2013 was released by the Exchange Team (KB3030080). This update raises Exchange 2013 version number to 15.0.1076.9.

This Cumulative Update introduces changes in the following areas:

  • Calendar and Contact Modern Public Folders favorites added in Outlook are now accessible in OWA.
  • Batch Migration of Public Folders to 2013 improves migration throughput and PF migration experience.
  • Increased support limits for Public Folders with Exchange on-premises deployments (500,000 for co-existence, or 1,000,000 for CU8-only deployments). Number of supported PF mailboxes stands at 100 though, with a per-PF mailbox limit of 100,000 Public Folders.
  • Supported EAS clients are now redirected to Office 365 upon successful Hybrid migration.

Next to DST corrections, this Cumulative Update introduces the following fixes:

  • 3045301 SMTP is not transported over TLS 1.1 or TLS 1.2 protocol in an Exchange Server 2013 environment
  • 3040681 MapiExceptionTimeout error during a hierarchy synchronization process of multiple public folders in Exchange Server 2013
  • 3037417 Outlook cannot download an OAB file in an Exchange Server 2013 environment that mixes Exchange Server 2010
  • 3037291 Can’t add members to Outlook contact group by using MAPI over HTTP
  • 3036952 Mailbox quota warning messages are not sent out after you migrate from Exchange Server 2010 to Exchange Server 2013
  • 3036374 Incorrect NDR size limit message is displayed for German localization in an Exchange Server 2013 environment
  • 3036365 “The specified address is not recognized or does not exist” error message in an Exchange Server 2013 environment
  • 3032153 Recurring events in Calendar over DST are not adjusted on all ActiveSync devices in all Exchange Server environments
  • 3031133 Default folders are duplicated after you migrate mailboxes to Exchange Server 2013
  • 3031069 Mails are spoofed in Office 365 or in an Exchange Server 2013 environment
  • 3030629 Outlook cannot open a shared folder on which a group you attend has the Reviewer permission in Exchange Server 2013
  • 3018518 Garbled text in the Japanese “From” field in a forwarded DBCS message
  • 3016440 Public folder mailbox quarantined
  • 3012266 Update to increase availability address spaces to 200 in Exchange Server 2013
  • 3011579 SaveChanges fails and generates a MAPI_E_NOT_FOUND error message on a large message body in Exchange 2013 CU6
  • 3006861 “The SMTP address has no mailbox associated with it” error when you access a user’s mailbox by using EWS application
  • 3003974 Improved support for MSG files in an Exchange Server 2013 environment where OPENTEXT products are used
  • 2988060 Cannot see the auditing results for an HttpModule-based extension for MAPI over HTTP protocol in Exchange Server 2013
  • 2986941 “An Active Directory error 0x51 occurred” error when you run the “Setup /PrepareAD” command from a DC in Exchange 2013
  • 2961741 Exchange Server 2013 delegated setup fails when the setup account is a member of Domain Admins

Notes:

  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
  • Previously released CU7 introduced changes to prevent restoration of pre-CU7 databases. Pre-CU7 users are advised to perform a full backup post-upgrade to CU7 or later.
  • Previously released CU7 added support for hierarchies containing 250,000 modern public folders. Consult this article for co-existence scenarios.
  • Previously released CU5 introduced OAB architectural changes which are documented here. If you are affected, it is recommended to update CAS servers prior to Mailbox servers.

This Cumulative Update does not include schema or Active Directory changes when compared to Cumulative Update 7. If you have deployed a version earlier than CU7, make sure you run PrepareSchema /PrepareAD.  If you want to speed up the Cumulative Update installation process, you can temporarily disable certificate revocation checking as described here.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM or Service Packs prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading servers is irrelevant, unlike with previous generations of Exchange.

Finally, and I can’t emphasize this enough: For any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a week or two and monitor the comments on the release article or TechNet forum for any issues.

You can download Exchange 2013 Cumulative Update 8 here; UM Language Packs can be found here.

Exchange 2010 SP3 Rollup 9

Exchange 2010 LogoToday the Exchange Team released Rollup 9 for Exchange Server 2010 Service Pack 3 (KB3030085). This update raises Exchange 2010 version number to 14.3.235.1.

In addition to DST changes, this Rollup contains the following fixes:

  • 3032153 Recurring events in Calendar over DST are not adjusted on all ActiveSync devices in all Exchange Server environments
  • 3029667 SMTP is not transported over TLS 1.1 or TLS 1.2 protocol in an Exchange Server 2010 environment
  • 3017297 Event ID 3091 is logged and public folder replication fails in an Exchange Server 2010 environment
  • 3011892 Exchange ActiveSync client displays an incorrect email address in an Exchange Server 2010 environment
  • 3004486 A default application pool becomes unresponsive in Exchange Server 2010 that has more than 64 multirole servers

Notes:

  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • If you got a DAG and want to properly update the DAG members, check the instructions here.
  • Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.
  • Exchange 2010 is in extended support.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production.
You can download Exchange 2010 SP3 Rollup 9 here.

The UC Architects Podcast Ep50

iTunes-Podcast-logo[1]Episode 50 of The UC Architects podcast is now available. This episode is hosted by Pat Richard, who is joined by John A Cook and Ståle Hansen. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

  • Network ports for clients and mail flow in Exchange 2013
  • iOS 8.2 has been released
  • Using the Hybrid Configuration Wizard in Exchange Server 2013 (Part 2)
  • How and when to decommission Exchange Hybrid
  • The Office 2016 Mac Preview is here!
  • The Exchange Server 2013 Management Pack for System Center Operations Manager has been updated
  • A Guide to PowerShell for Lync and Exchange Online
  • Be the first to learn what’s next for Exchange and Office 365 at Microsoft Ignite
  • Free Load Balancer – KEMP Virtual LoadMaster
  • Use Windows PowerShell cmdlets to enable OneDrive sync for domains that are on the safe recipients list
  • Office 365 for Exchange Professionals
  • Office 365 Partner Admin app
  • Making Clutter in Office 365 even better
  • Azure AD Premium (and EMS) available for partner use
  • Getting rate limiting warnings for auto-discovered partners on your #Lync edge (event id 14603)
  • March 2015 update for #Lync for Mac 2011 14.0.11 (KB3037358)
  • How do I control the Lync and Skype UI with the Skype for Business client
  • Managing the Skype Client UI in Skype for Business
  • Set up Two-Armed Kemp VLM as Reverse Proxy/HLB for Lync 2013
  • Latest Visual C++ 2012 update (11.0.61030) won’t let #Lync Resource Kit or Debugging Tools install
  • March 10, 2015 update for #Lync 2013 (KB2956174)
  • Lync Monitoring Reports Decoder
  • Updates Lync Server 2013 Management Pack
  • LS Storage Service event 32054 after you enable Lync 2013 Mobility in an Exchange 2010 environment
  • Measure your conferencing adoption today with SQL
  • QoS Calculator v1.2
  • Update to Lync 2013 mobile app (v5.8, secure app settings, bug fixes)
  • Lync 2012 Database Mirror Manager update
  • Being a UC Superhero with Lync QoE Superpowers
  • LyncPro: Call Monitor Pro for Skype for Business & Lync: Enhancements and Extensibility
  • Book – Lync Server Cookbook
  • Ignite
  • EventZero/The UC Architects party at Ignite
  • LyncDay becomes SkypeDays
  • UCBUG meeting 05/13/2015
  • UCDAY UK meeting 09/28/2015

More information on the podcast including references and a link to download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

iOS 8.2 fixes Exchange-related issues

iPhone iOSToday, Apple released an update for iOS which supposedly fixes, amongst other things, some Exchange-related issues. The release notes of iOS 8.2 mention the following Exchange-related fixes:

  • Fixes stability of Mail
  • Addresses an issue that caused certain events in a custom reoccurring meeting to drop from Exchange calendar
  • Fixes an certificate error that prevented configuring an Exchange account behind a third-party gateway
  • Fixes an issue that could cause an organizer’s Exchange meeting notes to be overwritten
  • Resolves an issue that prevented some Calendar events from automatically showing as “busy” after accepting an invite.

However, some existing complaints are not resolved by this update, such as the WiFi performance issue.

It is a natural law that for every bug that is fixed, new ones are introduced. So, some organizations may therefor want to test and accept this iOS update before giving it the green light for their Exchange environment. To block a specific version of iOS, consult this page.

More information on current issues with Exchange ActiveSync and 3rd party devices can be found in support article KB2563324.

The UC Architects Podcast Ep49

iTunes-Podcast-logo[1]Episode 49 of The UC Architects podcast is now available. This episode is hosted by Steve Goodman, who is joined by Dave Stork, Pat Richard, John A Cook and myself. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

  • PIN lock and other updates to Outlook for iOS and Android
  • Exchange 2013 and Exchange 2010 Coexistence with Kerberos Authentication
  • Training Course: High Availability for Exchange Server 2013
  • Broken IMAP on Exchange 2013 and how to fix it
  • Windows Mobile does not support your new SSL certificate
  • Introducing New-ExchangeWebsite for Exchange 2013
  • A quick look at the Sunrise Calendar app
  • RBAC Manager R2 for Exchange
  • BitTitan offers Nuix-as-a-service
  • PowerShell for MigrationWiz updated
  • Sign in page branding and cloud user self-service password reset for Office 365
  • A better way to recover a mailbox
  • Automated Hybrid Troubleshooting Experience
  • Shared Mailbox Sent Items Changes Coming to Office 365
  • How Groups could be so much better
  • Using the Hybrid Configuration Wizard in Exchange Server 2013
  • Office 365: Deployment Content Moving
  • Azure AD Sync Service Updated
  • Pausing Music When On A #Lync Call – Using the Client SDK
  • Lync Client 2013 – Disable Customer Experience Improvement Program
  • New update for Lync Environment Report now supports custom Word document templates
  • Lync Server 2013 Control Panel crashes when you access the Route tab under the Voice Routing tab
  • Lync client may connect to a non federated partner, even if you though it should not
  • Persistent Chat – December 2014 CU – 500 Internal Server Error
  • Lync / Skype for Business Photo Editor Version 1.0 available now!
  • Do you need a Lync Server license for every Lync Server role–or is this just a Lync licensing myth?
  • Enabling Group Paging on Polycom VVX Phones for Lync or Skype
  • Issues with Unified Contact Store in combination with Lync on-premises & Exchange Online
  • Deep Dive into Set-CsPinSendCAWelcomeMail
  • Skype for Business and Lync troubleshooting 101
  • Update to Skype for Business / Lync Validator KHI reader. Longer list of counters + graphs
  • Book – Deploying and Managing Exchange 2013 HA
  • Book – Exam Ref 70-342 Advanced Solutions of Microsoft Exchange Server 2013
  • Book – Lync Server Cookbook
  • Ignite
  • Stale Hansen – Speaking at Ignite
  • UCBUG Meeting May 13th
  • UCDAY UK – 28th Sept by by Andrew P, Steve, Jason Wynn, Iain Smith, Adam Gent and Tom A

More information on the podcast including references and a link to download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

The UC Architects Podcast Ep48

iTunes-Podcast-logo[1]Episode 48 of The UC Architects podcast is now available. This episode is hosted by Pat Richard, who is joined by John A Cook, Johan Veldhuis, Justin Morris and Tom Arbuthnot. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

  • Exam ref 70-342 – Advanced Solutions of Exchange 2013 MCSE is available
  • Download An End-to-end Experience with Groups
  • Considering updating your Domain functional level from Windows 2003?
  • Single-Click Mailbox Conversion
  • Access Exchange 2013 public folders in a hybrid setup
  • Some things to do after leaving Windows Server 2003 (from an Exchange perspective)
  • Multiple OWA Virtual Directories in Exchange 2013
  • Office 365 – Two Azure AD Premium Features Coming To All Subscribers
  • What’s new in Office 365: January 2015
  • February 10, 2015 update for #Lync 2013 (KB2920744)
  • Leveraging SEFAUtil for #Lync Shared Line Appearance (Boss-Admin) Delegate Configuration
  • What to do when you can only hear yourself think while using Jabra Evolve 80
  • What’s New in LyncValidator
  • Introducing #Lync #Skype4B User Manager
  • Automatic Fortune Cookie Utility/ Local & Site-tosite dial plan GUI script
  • Lync Server Cookbook | PACKT Books
  • Skype for Business Notes from Microsoft Office365 Summit | The Lync Dude
  • Connecting IFTTT to Lync – getting IMs when stuff happens
  • Lync Server 2010 CU15 Link 1 Link 2
  • Lync Regions and assigning Dial-In Conference Number
  • Ignite and Enterprise Connect Events

More information on the podcast including references and a link to download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

Role-based Access Control

security officer RBACIt has been over 5 years (wait, what?) since I wrote an article on Role-based Access Control, or RBAC, in Exchange 2010. At that time, RBAC was a big architectural change in Exchange 2010 over Exchange 2007.

Present day, RBAC is still a much neglected topic in many Exchange organizations. It must be said that most organization can happily live with the default RBAC configuration. They have no need to dive in this versatile model to set up granular permissions in their organization. In bigger organizations, this configuration can also easily become quite complex.

For TechTarget I started writing few articles on the topic of RBAC, starting with the base components. There you can find Part 1, Part 2, and Part 3.

The UC Architects Podcast Ep47

iTunes-Podcast-logo[1]Episode 47 of The UC Architects podcast is now available,which was recorded at the Norwegian Lync Day. This episode is hosted by Steve Goodman, who is joined by John A Cook and Ståle Hansen. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

  • Outlook for iOS and Android
  • Microsoft Ignite Session Catalog
  • Blocking Outlook App for iOS & Android
  • Planning and Migrating a Small Organization from Exchange 2003 to Exchange 2013
  • AWS Quick Start Reference Deployment – Exchange Server 2013
  • Considering an Exchange 2013 DAG without AAP?
  • Using a Microsoft Azure VM as a DAG witness server: Exchange 2013 Help
  • Securing Exchange and Lync 2013 with Multi-Factor Authentication
  • Exchange Server 2010 Reaches the End of Mainstream Support
  • Office for Android
  • Azure AD Improvements
  • Amazon Workmail
  • Setting up a multi-forest Azure AD Sync deployment
  • Office 365 Exchange Online Message Size Onboarding Limit Increased to 150mb
  • Drive Shipping and Network Based Data Import for Office 365
  • Skype for Business Video Interoperability Server (VIS)
  • Cumulative Update 10 for Lync Server 2013 released December 31, 2014
  • Fix for Google Chrome, stability
  • Lync 2013 Standard Automatic APP CU 10 December 2014
  • Lync SDN For Dummies – Part 2.1
  • Lync Admin Tools (free): make configuration, administrative and troubleshooting of Lync easier
  • Video calling between Skype and Lync is temporarily disabled
  • What’s New in Skype4B: SILK is default codec for P2P sessions Synchronize Lync Presence with Skype – Lync Exchange – UC Blog
  • Lync Dude: Simple Understanding of Lync Windows Fabric  Failover
  • Lync and Skype video calling is coming to your Android and iOS Devices
  • Passive Auth for Lync 2013 Android mobile client
  • Events

More information on the podcast including references and a link to download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

Blocking Outlook App for iOS & Android

imageYesterday, Microsoft announced the immediate availability the Outlook for iOS and Outlook for Android preview. These apps are the former app named Acompli, which was acquired by Microsoft in December, last year. It is unlikely that Microsoft will develop and support two similar apps, so one can assume the new Outlook app will replace the current OWA for iOS and OWA for Android (or just OWA for Devices) apps.

The app isn’t without a little controversy:

  • The app stores credentials in a cloud environment from Amazon Web Services for e-mail accounts that don’t support OAuth authorization.
  • The app makes use of a service sitting between the app and your mailbox. This service acts as a sort of proxy (hence it requires those credentials), fetching, (pre)processing and sending e-mail. In some way this is smart, as it makes the app less dependent on back-end peculiarities, using a uniform protocol to communicate with the proxy service.
  • The app does not distinguish between devices (device identities are assigned to your account, which makes sense since the app uses a service to retrieve and process your e-mail).
  • The app does not honor ActiveSync policies, like PIN requirements. While true, this app is not an ordinary Exchange ActiveSync client.

You can read more about this here and here.

In all fairness, when the app was still named Accompli, nobody cried foul. But the app is now rebranded Outlook and property of Microsoft, so it seems this made the app fair game. I hope Microsoft is working behind the scenes to make the new Outlook app enterprise-ready, and I’m sure it won’t be long before we see the app’s services move from AWS to Azure. The whole outrage in the media also seems a bit misplaced, as Connected Accounts in Exchange Online, which will retrieve e-mail from a POP or IMAP mailbox, will also store credentials ‘in the cloud’.

It is recommended to treat the app as a consumer app for now, and you may want to block the app in your organization. I have written on how to accomplish blocking or quarantining faulty iOS updates before. However, in those articles I used the reported OS version to block or quarantine devices. The Outlook app proxy service reports itself as “Outlook for iOS and Android” as device model when querying your mailbox, allowing us to use the DeviceModel parameter for matching.

The cmdlet to block or quarantine the new Outlook app in Exchange 2010, Exchange 2013 or Office 365,  is:

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Block

or, to quarantine:

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Quarantine

For examples of alternative blocking methods using TMG or F5, check this article. If you need to specify the user agent string, use “Outlook-iOS-Android/1.0″ (or partial matching on “Outlook-iOS-Android” to block future updates of the app as well).

As goes for all mobile devices in enterprise environments, as an organization it may be better to test and aprove devices and OS versions rather than to be confronted with mobile apps with possible faulty behavior after an update or which may violate corporate security policies.

Ignite 2015 Session Catalog is here!

ignite ButtonA short heads-up as the session catalog for Microsoft Ignite has been published. So, if you are still undecided or already want to pick ‘must see’ sessions for your schedule, you can check the session catalog here.

The session catalog contains 275 sessions, covering products like Exchange (49), Office 365 (85) and Skype for Business (26). It will be the first major Microsoft event where details will emerge on the next version of Exchange, Exchange v.Next.

The Exchange team published a blog on the Exchange-related Ignite sessions here. The blog contains a nice video featuring Greg Taylor and Jeff Mealiffe talking about what to expect at Ignite.

Also, on Febuary 3rd, the team behind Ignite as well as several speakers will be available on Twitter to answer any questions you may have on Ignite. Use the hashtag #IgniteJam to participate, or follow @MS_Ignite for any updates.

More information on Ignite, pre-day sessions, the session catalog and the #IgniteJam in the original post on Channel 9 here.