Exchange 2010 SP3 RU12 & Exchange 2007 SP3 RU18

Exchange 2010 LogoThe Exchange Team released Rollup 12 for Exchange Server 2010 Service Pack 3 (KB3096066) as well as Rollup 18 for Exchange Server 2007 Service Pack 3 (KB3078672). These update raise version numbers to 14.3.279.2 and 8.3.445.0 respectively.

Apart from a Daylight Savings Time update, documented here, these Rollups contain the following fixes:

Exchange 2010 SP3 Rollup 12:

  • KB 3048372 Exchange Calendar items are shifted incorrectly when some Windows DST updates are applied
  • KB 3096125 CryptographicException error when Edge Transport service crashes in an Exchange Server 2010 environment
  • KB 3097219 Organizer’s name isn’t displayed in the subject of the recurring meeting requests in Exchange Server 2010
  • KB 3106421 Very long URLs in an email message don’t open in OWA in Internet Explorer
  • KB 3115809 Mailboxes can be accessed when the DefaultNetworkCredentials option is selected when you use Exchange Web Services Managed API to connect to Exchange Server

Exchange Server 2007 SP3 Rollup 18:

  • KB 3106421 Very long URLs in an email message don’t open in OWA in Internet Explorer

Notes:

    • If you want to speed up the update process for systems without internet access, follow the procedure described here to disable publisher’s certificate revocation checking.
    • If you got an Exchange 2010 DAG, and want to properly update the DAG members, check the instructions here.
    • As for any Hotfix, Rollup, Service Pack or Cumulative Update, apply this update to a acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a certain period and monitor the comments on the release article or TechNet forum for any issues.

Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you can apply the latest Rollup after installing a fresh installation of RTM or SPx version, for that product level.

You can download Exchange 2010 SP3 Rollup 12 here and Exchange 2007 SP3 Rollup 18 here.

Exchange 2010-2013 Migration and OAB

Ex2013 LogoLast year, Exchange fellows Andrew Higginbotham, Paul Cunningham as well as the Exchange Team reported on checking, and when necessary configuring, your Offline Address Book (OAB) in your current Exchange Server 2010 environment, prior to installing Exchange Server 2013. Not doing so could result in a complete download of the Offline Address Book created by Exchange Server 2013, titled ‘Default Offline Address List (Ex2013)’.

Today I received a report that there is a different symptom of configuration absence. In this case, the customer reported on the inability to download the offline address book, and upon further inspection the Autodiscover server did not report back on the offline address book URL to use. In other words, OAB information was absent from the Autodiscover response, and Outlook gets confused. Note that this issue was reported in Outlook 2010 after installing Exchange Server 2013 Cumulative Update 10. I’m not sure if this change in behavior was introduced in these later builds of Exchange 2013 or Outlook, but it’s still a good thing to know.

The remedy here of course is to configure any (Exchange 2010) mailbox database with unconfigured Offline Address Book setting, and point them to the default offline address book using:

Get-MailboxDatabase | Where-Object {$_.OfflineAddressBook -eq $Null} | Set-MailboxDatabase -OfflineAddressBook (Get-OfflineAddressBook | Where-Object {$_.IsDefault -eq $True})

Exchange 2013 CU10 & Exchange 2010 SP3 RU11

Ex2013 LogoThe Exchange Team released Cumulative Update 10 for Exchange Server 2013 (KB3078678) as well as Rollup 11 for Exchange Server 2010 Service Pack 3 (KB3078674). These version levels will be required for co-existence with Exchange Server 2016, which is to be released at a later date. The updates raise the version numbers to 15.0.1130.7 and 14.3.266.1, respectively.

Cumulative Update 10 contains the following fixes for Exchange Server 2013:

  • KB 3087126 MS15-103: Description of the security update for Exchange Server: September 8, 2015
  • KB 3094068 Permissions for a linked mailbox are added to an account in the wrong forest in an Exchange Server 2013 environment
  • KB 3093884 The link in a quarantined email shows an empty list for ActiveSync-enabled devices in Exchange Server 2013
  • KB 3093866 The number of search results can’t be more than 250 when you search email messages in Exchange Server 2013
  • KB 3088911 Inline attachments are sent as traditional when you smart forward an HTML email in an iOS device in Exchange Server 2013
  • KB 3087571 Can’t edit or resend a delayed delivery message when you open the message from the Outbox folder in Exchange Server 2013
  • KB 3087293 “550 5.6.0” NDR and duplicated attachments when an encrypted email is sent in Outlook in Exchange Server 2013
  • KB 3080511 HTML forms aren’t available when the DisableFilter parameter is enabled in Outlook Web App in Exchange Server 2013
  • KB 3080221 LegacyExchangeDN attribute is displayed when you use Outlook Web App to view an appointment in Exchange Server 2013
  • KB 3079217 Outlook Web App replies to the wrong email address when an email has more than 12 recipients in Exchange Server 2013
  • KB 3078966 Outlook 2011 for Mac client displays emails as they come from the same senders in Exchange Server 2013
  • KB 3078443 Incorrect results are displayed when you search for an email that has a certain attachment name in Exchange Server 2013
  • KB 3078438 Performance issues occur in an Exchange Server 2013 environment that’s running BlackBerry Enterprise Server 5
  • KB 3078404 Can’t access a shared mailbox after you migrate from Exchange Server 2010 to Exchange Server 2013
  • KB 3076257 EWS returns a Success response code even if a batch deletion request isn’t completed in Exchange Server 2013
  • KB 3074823 No Send As audit events are logged when you use Send As permission in Exchange Server 2013
  • KB 3071776 “A problem occurred” error when you access shared folders in Exchang Server 2013 mailbox by using Outlook Web App
  • KB 3069516 Mailbox size and quota information are reported incorrectly in Outlook and Outlook Web App in Exchange Server 2013
  • KB 3061487 “FailedToGetRootFolders” error when you run an eDiscovery estimate search for archive mailboxes in Exchange Server 2013
  • KB 3058609 Wrong recipient is specified in an inbox rule that has the ForwardTo or RedirectTo option in Exchange Server 2013
  • KB 3009631 Advanced Find against the Sent Items folder in Outlook returns no result in Exchange Server 2013
  • KB 2999011 Documents are partially indexed by Exchange search when they embed other documents in Exchange Server 2013
  • KB 2983161 Organization unite picker is missing when you create a Remote Mailbox in Exchange Admin Console in Exchange Server 2013
  • KB 3091308 Can’t install cumulative updates or service packs when MachinePolicy or UserPolicy is defined in Exchange Server 2013

For Exchange Server 2010 SP3, Rollup 11 contains the following fix:

  • KB 3092576 Exchange 2010 Information Store crashes randomly

Notes:

    • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
    • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
    • This Cumulative Update does include Active Directory changes when compared to the previous Cumulative Update. If you have deployed a version earlier than CU10, make sure you run setup /PrepareAD.
    • If you got an Exchange 2010 DAG, and want to properly update the DAG members, check the instructions here.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading Exchange 2013 servers is irrelevant, unlike with previous generations of Exchange. Exchange 2010 Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier updates.

You can download Exchange 2013 Cumulative Update 10 here and Exchange 2010 SP3 Rollup 11 here. The Exchange 2013 CU10 Language Packs are available here.

Exchange 2010 SP3 RU10 & Exchange 2007 SP3 RU17

Exchange 2010 LogoThe Exchange Team released Rollup 10 for Exchange Server 2010 Service Pack 3 (KB3049853) as well as Rollup 17 for Exchange Server 2007 Service Pack 3 (KB3056710). These update raises the version numbers to 14.3.248.2 and 8.3.417.1 respectively.

Rollup 10 contains the following fixes for Exchange Server 2010 SP3:

  • KB 3069055 Various DAG maintenance scripts do not work in an Exchange Server 2010 environment
  • KB 3057422 “MapiExceptionNoAccess: Unable to query table rows” error and some mailboxes cannot be moved
  • KB 3056750 Exchange ActiveSync application pool crashes in an Exchange Server 2010 environment
  • KB 3054644 “The item no longer exists” error when you access an archive mailbox in Outlook Web App in Exchange Server 2010
  • KB 3051284 Event ID 4999 is logged and MSExchangeServicesAppPool crashes in an Exchange Server 2010 environment
  • KB 3049596 Event ID 4999 is logged and remote procedure call Client Access service crashes in an Exchange Server 2010 environment
  • KB 2964344 MSExchangeRPC service stops working intermittently in Exchange Server 2010
  • KB 3055764 Exchange Server 2010 Address Book Service crashes with event ID 4999

For Exchange Server 2007 SP3, the Rollup 17 contains the following fix:

  • KB 3057222 “InvaIidOperationException” error and cannot open digitally signed or NDR messages in FIPS-enabled Exchange Server 2007

Notes:

  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • If you got an Exchange 2010 DAG, and want to properly update the DAG members, check the instructions here.
  • Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

You can download Exchange 2010 SP3 Rollup 10 here and Exchange 2007 SP3 Rollup 14 here.

Exchange 2010 SP3 Rollup 9

Exchange 2010 LogoToday the Exchange Team released Rollup 9 for Exchange Server 2010 Service Pack 3 (KB3030085). This update raises Exchange 2010 version number to 14.3.235.1.

In addition to DST changes, this Rollup contains the following fixes:

  • 3032153 Recurring events in Calendar over DST are not adjusted on all ActiveSync devices in all Exchange Server environments
  • 3029667 SMTP is not transported over TLS 1.1 or TLS 1.2 protocol in an Exchange Server 2010 environment
  • 3017297 Event ID 3091 is logged and public folder replication fails in an Exchange Server 2010 environment
  • 3011892 Exchange ActiveSync client displays an incorrect email address in an Exchange Server 2010 environment
  • 3004486 A default application pool becomes unresponsive in Exchange Server 2010 that has more than 64 multirole servers

Notes:

  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • If you got a DAG and want to properly update the DAG members, check the instructions here.
  • Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.
  • Exchange 2010 is in extended support.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production.
You can download Exchange 2010 SP3 Rollup 9 here.

Blocking Outlook App for iOS & Android

imageYesterday, Microsoft announced the immediate availability the Outlook for iOS and Outlook for Android preview. These apps are the former app named Acompli, which was acquired by Microsoft in December, last year. It is unlikely that Microsoft will develop and support two similar apps, so one can assume the new Outlook app will replace the current OWA for iOS and OWA for Android (or just OWA for Devices) apps.

The app isn’t without a little controversy:

  • The app stores credentials in a cloud environment from Amazon Web Services for e-mail accounts that don’t support OAuth authorization.
  • The app makes use of a service sitting between the app and your mailbox. This service acts as a sort of proxy (hence it requires those credentials), fetching, (pre)processing and sending e-mail. In some way this is smart, as it makes the app less dependent on back-end peculiarities, using a uniform protocol to communicate with the proxy service.
  • The app does not distinguish between devices (device identities are assigned to your account, which makes sense since the app uses a service to retrieve and process your e-mail).
  • The app does not honor ActiveSync policies, like PIN requirements. While true, this app is not an ordinary Exchange ActiveSync client.

You can read more about this here and here.

In all fairness, when the app was still named Accompli, nobody cried foul. But the app is now rebranded Outlook and property of Microsoft, so it seems this made the app fair game. I hope Microsoft is working behind the scenes to make the new Outlook app enterprise-ready, and I’m sure it won’t be long before we see the app’s services move from AWS to Azure. The whole outrage in the media also seems a bit misplaced, as Connected Accounts in Exchange Online, which will retrieve e-mail from a POP or IMAP mailbox, will also store credentials ‘in the cloud’.

It is recommended to treat the app as a consumer app for now, and you may want to block the app in your organization. I have written on how to accomplish blocking or quarantining faulty iOS updates before. However, in those articles I used the reported OS version to block or quarantine devices. The Outlook app proxy service reports itself as “Outlook for iOS and Android” as device model when querying your mailbox, allowing us to use the DeviceModel parameter for matching.

The cmdlet to block or quarantine the new Outlook app in Exchange 2010, Exchange 2013 or Office 365,  is:

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Block

or, to quarantine:

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Quarantine

For examples of alternative blocking methods using TMG or F5, check this article. If you need to specify the user agent string, use “Outlook-iOS-Android/1.0” (or partial matching on “Outlook-iOS-Android” to block future updates of the app as well).

As goes for all mobile devices in enterprise environments, as an organization it may be better to test and aprove devices and OS versions rather than to be confronted with mobile apps with possible faulty behavior after an update or which may violate corporate security policies.

End of Exchange 2010 Mainstream Support

Exchange 2010 LogoWith all the media attention for Windows 7 going out of mainstream support, one might forget today also marks the end of mainstream support for Exchange Server 2010.

Exchange 2010, which was released in October, 2009 (which seems centuries ago now), and which still has a very large installed base, is going into the extended support phase.

Depending on your support contract, this means Microsoft will no longer provide free support for this product. Patches for security issues will still be available, and owners of premier support contracts are eligible for non-security updates through extended hotfix support option.

Exchange Server 2010 will reach end-of-life on January 14th, 2020.

Exchange 2010 SP3 Rollup 8v2

Exchange 2010 Logo

UPDATE (December 12th, 2014): Exchange 2010 SP3 Rollup 8 v2 is released, addressing the issue mentioned below in the initially published version. The new version number is 14.3.224.2 (was 14.3.224.1). You can download RU8v2 here.

UPDATE (December 10th, 2014): Exchange 2010 SP3 Rollup 8 has been pulled after discovery of Outlook MAPI issues. It is currently recommended not to deploy RU8 and when you have installed RU8, to revert to RU7 to prevent walking into this issue. Other protocols, such as EAS or IMAP4, as unaffected which is why you might not encounter this problem immediately.

Today the Exchange Team released Rollup 8 for Exchange Server 2010 Service Pack 3 (KB2986475). This update raises Exchange 2010 version number to 14.3.224.1.

This Rollup contains a security update to fix a potential elevation of privilege issue (bulletin MS14-075), as well as the following fixes:

  • 3004235 Exchange Server meetings in Russian time zones as well as names of time zones are incorrect after October 26, 2014
  • 3009132 Hybrid mailbox moves to on-premises environment but finishes with CompletedWithWarnings status
  • 3008999 IRM restrictions are applied to incorrectly formatted .docx, .pptx, or .xlsx files in an Exchange Server 2010 environment
  • 3008370 Group members are not sorted by display name when HAB is used with OAB in Exchange Server 2010
  • 3008308 Public folder database migration issue in a mixed Exchange Server environment
  • 3007794 Hub Transport server cannot deliver messages when a database fails over to a cross-site DAG in Exchange Server 2010
  • 3004521 An Exchange server loses its connection to domain controllers if a public folder server is down in Exchange Server 2010
  • 2999016 Unreadable characters when you import ANSI .pst files of Russian language by using the New-MailboxImportRequest cmdlet
  • 2995148 Changing distribution group takes a long time in an Exchange Server 2010 environment
  • 2992692 Retention policy is not applied to Information Rights Management protected voice mail messages in Exchange Server 2010
  • 2987982 Issues caused by ANSI mode in Exchange Server 2010
  • 2987104 Email message is sent by using the “Send As” instead of “Send on Behalf” permission in Exchange Server 2010
  • 2982017 Incorrect voice mail message duration in Exchange Server 2013 and Exchange Server 2010
  • 2977279 You cannot disable journaling for protected voice mail in Exchange Server 2013 and Exchange Server 2010

Notes:

  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • If you got a DAG and want to properly update the DAG members, check the instructions here.
  • Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production.
You can download Exchange 2010 SP3 Rollup 8 here.

Exchange-Processor Query Tool: PowerShell Edition

powershellAnyone sizing for Exchange Server 2013 or even still Exchange Server 2010, using the Server Role Requirements Calculator, has to determine processor requirements at some point. This is accomplished by looking up the SPECint_rate2006 score of the planned processor configuration and matching that against the calculated number of required megacycles by the calculator. To account for fail-over situations, additional overhead needs to be added to the number of megacycles. The process as part of the overall sizing has been explained in detail by Jeff Mealiffe here.

The Exchange consultants’ Swiss army knife when determining SPECint rates is the Exchange Processor Query Tool, an Excel sheet designed by Scott Alexander from Microsoft, which allows you to easily look up and determine the SPECint_rate2006 value by inputting a processor model. While still useful, the tool has been out there since 2011. Also, it would be nice sometimes to see which systems are eligible for a certain sizing specification, rather than validating if the planned processor configuration meets the sizing requirements.

So, I wrote a PowerShell script which can query the SPECint rates for you. Because the rating scores are returned as objects, you can perform additional tasks using PowerShell functionality, such as:

  • Use additional criteria, such as vendor, min/max number of cores, etc.
  • Calculate the average SPECint2006 Rate Value for a certain CPU/cores configuration.
  • You can use the SPECint value calculated by the Server Role Requirements Calculator  to find hardware configurations which meet the required total megacycles requirements, optionally including a required overhead percentage.
  • You can select if you are sizing for Exchange Server 2010 or Exchange Server 2013.

Requirements
The script requires PowerShell and internet access to query the SPECint database.

Usage
The script is called Exchange-PQT.ps1, in honor of the Processor Query Tool (PQT).  The syntax is as follows:

Exchange-PQT.ps1 [-CPU <String>] [-Vendor <String>] [-System <String>] [-Overhead <Int32>] [-MinMegaCycles <Int32>] [-Type <String>] [-MinCores <Int32>] [-MaxCores <Int32>] [-MinChips <Int32>] [-MaxChips <Int32>] [<CommonParameters>]

The information returned and which you can use for post-processing is: Vendor, System, CPU (processor description), Cores, Chips (number of CPU’s), CoresPerChip (number of Cores per CPU), Speed, Result, Baseline, MCyclesPerCore (megacycles per core), MCyclesTotal (total megacycles), OS and Published. Note that megacycles calculations are based on the selected Exchange version, by default this is Exchange Server 2013.

A quick walk-through on the parameters:

  • CPU, Vendor or System can be used for partial matching on the respective attribute.
  • Type specifies what calculation to perform. Possible values are 2010 for Exchange Server 2010 and 2013 for Exchange Server 2013. Default value is 2013.
  • MinCores/MaxCores can be used to only return information for systems with this minimum or maximum number of cores. Note that you can not use MinCores and MaxCores at the same time.
  • MinChips/MaxChips can be used to only return information for systems with this minimum or maximum number of CPU’s. Note that you can not use MinChips and MaxChpis at the same time.
  • MinMegaCycles can be used to specify a treshold for the total megacycles value for returned items, using the specified Type for calculations.
  • Overhead can optionally be used to take into account a certain percentage for megacycles overhead. Default is 0 (0%).

Few notes:

  • MinCores/MaxCores and MinChips/MaxChips are mutually exclusive, because we can not specify both in the query against the SPECint database. However, you can use additional filtering on objects returned in the pipeline to distill information, e.g.
    Exchange-PQT.ps1 –MaxCores 32 –MaxChips 8 | Where { $_.Cores –ge 4 –and $_.Chips –ge 2}. 

    Do note that usage of these parameters is recommended when possibe, as it will minimize the result set from SPECint.

  • Make sure you set Type to 2010 when sizing for Exchange 2010.

Examples

Lookup the specifications of the server used by Jeff in his sizing example (Hewlett-Packard DL380p Gen8 server with Intel Xeon E5-2630 processors @2.30GHz). You will notice 25,481 is slightly off from Jeff’s 25,479, which is due to Jeff rounding numbers:

.\Exchange-PQT.ps1 -System 'DL380p Gen8'  -CPU 2630 | select System,MCycle*

Search all specs for systems from Dell containing x5470 processors and return megacycle information for Exchange 2010 calculations:

.\Exchange-PQT.ps1 -CPU x5470 -Vendor 'Dell Inc.' -Type 2010 | Select System,*cycle*

image

Calculate average SPECint 2006 rate values for  hex-core x5450 systems:

.\Exchange-PQT.ps1 -CPU x5470 | Where { $_.Cores -eq 8 } | Measure -Average Result

Search all specs for Dell systems using x5670 CPUs, with a minimum total of 16,000 megacycles and 20% megacycle overhead:

.\Exchange-PQT.ps1 –Vendor Dell -CPU x5670  -MinMegaCycles 16000 -Overhead 20 

image

Download
You can download the script from the TechNet Gallery page.

Feedback
Feedback is welcomed through the comments. If you got scripting suggestions or questions, do not hesitate using the contact form.

Revision History
See TechNet Gallery page.

Exchange 2010 SP3 Rollup 7

Exchange 2010 LogoToday the Exchange Team released Rollup 7 for Exchange Server 2010 Service Pack 3 (KB2961522). This update raises Exchange 2010 version number to 14.3.210.2.

This Rollup includes the following fixes:

  • 2983261 “HTTP 400 – Bad Request” error when you open a shared mailbox in Outlook Web App in an Exchange Server 2010 environment
  • 2982873 Outlook Web App logon times out in an Exchange Server 2010 environment
  • 2980300 Event 4999 is logged when the World Wide Web publishing service crashes after you install Exchange Server 2010 SP3
  • 2979253 Email messages that contain invalid control characters cannot be retrieved by an EWS-based application
  • 2978645 S/MIME option disappears when you use Outlook Web App in Internet Explorer 11 in an Exchange Server 2010 environment
  • 2977410 Email attachments are not visible in Outlook or other MAPI clients in an Exchange Server 2010 environment
  • 2976887 eDiscovery search fails if an on-premises Exchange Server 2010 mailbox has an Exchange Online archive mailbox
  • 2976322 Assistant stops processing new requests when Events in Queue value exceeds 500 in Exchange Server 2010
  • 2975988 S/MIME certificates with EKU Any Purpose (2.5.29.37.0) are not included in OAB in Exchange Server 2010
  • 2966923 Domain controller is overloaded after you change Active Directory configurations in Exchange Server 2010

Notes:

  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • If you got a DAG and want to properly update the DAG members, check the instructions here.
  • Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production.

You can download Exchange 2010 SP3 Rollup 7 here.