Issues with July Updates of Windows

Posted on July 18, 2018 by Michel de Rooij

Last Update July 19th: Corrected Update information.

About a week ago, Microsoft released the July Updates for Windows systems. Unfortunately, something must have gone wrong in quality control, because people were reporting all sorts of issues, mostly related to IIS and Exchange servers.

The issue is created at the operating system level, probably due to changes in networking as mentioned in the July update notes. Therefor, symptoms can be experienced on systems running Exchange Server 2016 or even back to Exchange Server 2007.

Some of the symptoms are:

The World Wide Web Publishing Service – W3SVC – won’t come up, remains in a “stopping” state, but cannot fully stop or it cannot be restarted.
Exchange Transport and SMTP services becomes unresponsive or stops, causing mail flow issues (Source).

The issues were serious enough to have the Exchange PG publish a notice.

Meanwhile, Microsoft has released a superseding update for Windows Server 2016, and updates for older operating systems. However, looking at the information provided with updates for older operating systems, there are fixes for the original security updates, and (previews of) Monthly Rollups for the July updates. Replacements and updates may manifest themselves in Windows Update only after installing the original – faulty – update, meaning you might have to go through more than one Windows Update cycle (and possibly reboot) for the updates to become visible and installable. This applies to the Monthly Rollups as well.

The table below contains information on the original rollups and updates, the update you need to apply, and the type of update.

Operating System	Original Update	Update	Type	Comments
Windows Server 2016	KB4338814	KB4345418	Monthly Rollup	Replacement
Windows Server 2012 R2	KB4338815	KB4338831	Monthly Rollup	Replacement
Windows Server 2012 R2	KB4338824	KB4345424	Security Update	Update for v1
Windows Server 2012	KB4338830	KB4338816	Monthly Rollup	Replacement
Windows Server 2012	KB4338820	KB4345425	Security Update	Update for v1
Windows Server 2008 R2	KB4338823	KB4345459	Security Update	Update for v1
Windows Server 2008 R2	KB4338818	KB4338821	Monthly Rollup	Replacement
Windows Server 2008	KB4295656	KB4345397	Security Update	Update for v1

Finally, apart from adopting a less aggressive updating strategy, this again shows unfortunately that having a separate production environment next to your test environment is no frivolous luxury.

MVP’s around the World

Posted on July 2, 2018 by Michel de Rooij

Updated July 3rd: Includes newly registered awardees and awardees who changed category. Added overview of Office Servers and Services numbers over last couple of years.

With the latest annual award cycle, one might be curious which impact it had on the MVP population. I performed a similar exercise last year to compare the impact of the start of the new award cycle. This year, all the MVP’s previously on the January and October cycles were also included in the reviews, making this year the first one where MVP leads and others had to perform the dauntless task of reviewing community contributions of over 3,500 people.

For comparison, I had a look at the public MVP statistics of July 1st against those of June 26th, to exclude significant noise from the monthly awardees. To start, let us first have a look at the total population of MVP’s. From the numbers, it is clear some type of correction took place, as the total number of MVP’s went down from 3,815 last month to 3,025 now (-21%).

As big changes might be a result of change of focus, the following table contains the changes per award category from June 2018 to July 2018. Note that the total number of MVP’s doesn’t equal the total number of awardees, as people can be awarded in more than one category; there are 50 MVP’s with multiple award categories.

Competence	Jun2018	July2018	Change
Access	39	29	-26%
AI	28	58	107%
Business Solutions	221	184	-17%
Cloud and Datacenter Management	410	302	-26%
Data Platform	442	366	-17%
Enterprise Mobility	159	122	-23%
Excel	103	84	-18%
Microsoft Azure	370	368	-1%
Office Development	44	33	-25%
Office Servers and Services	490	383	-22%
OneNote	15	12	-20%
Outlook	14	11	-21%
PowerPoint	40	34	-15%
Visio	15	10	-33%
Visual Studio and Development Technologies	1043	780	-25%
Windows and Devices for IT	136	87	-36%
Windows Development	273	186	-32%
Word	23	19	-17%
Total	3865	3066	-21%

Except for the AI MVP’s, all the numbers are down. Way down. Word is quite a number of long-standing MVP’s have not been re-awarded this cycle. One could only guess for the motivation (only Microsoft knows), but it could be due to the ongoing shift from on-premises technology to cloud-based technology.

When zooming in on the Office Servers and Services MVP’s category, the awards per country is shown in the following heath map and table. Be advised that MVP’s that are anonymous or have profiles without location (~23 for Office Servers and Services), are not taken into account since their location is unknown.

Country	Number	Country	Number	Country	Number
Argentina	0 (-100%)	Ireland	1 (0%)	Saudi Arabia	1 (0%)
Australia	17 (-40%)	Israel	0 (-100%)	Serbia	1 (0%)
Austria	2 (0%)	Italy	8 (-20%)	Singapore	3 (-25%)
Belgium	8 (0%)	Japan	11 (-45%)	Slovakia	1 (0%)
Bosnia-Herzegovina	2 (0%)	Jordan	1 (0%)	Slovenia	1 (-50%)
Brazil	2 (-34%)	Korea	6 (-15%)	South Africa	4 (-20%)
Bulgaria	1 (0%)	Latvia	1 (0%)	Spain	5 (-17%)
Canada	29 (-24%)	Macedonia F.Y.R.O	2 (0%)	Sri Lanka	4 (-43%)
Chile	1 (0%)	Malaysia	1 (-50%)	Sweden	6 (-25%)
China	14 (-13%)	Mexico	2 (-50%)	Switzerland	5 (0%)
Colombia	2 (0%)	Nepal	1 (0%)	Thailand	1 (0%)
Croatia	5 (-17%)	New Zealand	4 (-20%)	The Netherlands	13 (-8%)
Czech Republic	3 (-25%)	Norway	5 (-17%)	Turkey	4 (-20%)
Denmark	2 (-50%)	Pakistan	2 (0%)	Ukraine	1 (-50%)
Egypt	1 (-50%)	Peru	1 (-50%)	United Arab Emirates	1 (-50%)
Finland	2 (0%)	Poland	2 (0%)	United Kingdom	23 (-15%)
France	15 (-12%)	Portugal	3 (-25%)	United States	90 (-19%)
Germany	16 (-20%)	Romania	1 (-50%)	Uruguay	1 (0%)
Greece	1 (0%)	Russia	5 (-50%)	Vietnam	0 (-100%)
Hungary	2 (-50%)			TOTAL	383 (-22%)
India	12 (-8%)

As shown, some countries have lost their Office Servers and Service MVP’s completely. Looking at the total number of Office Servers and Services MVP’s over the year, the number went a little up again due to monthly awardees, but with the July cycle, the number of Office Servers and Services MVP’s went from 490 to 383 (-22%).

The number of Office Servers and Services and total number of MVP’s over the last years (since award restructuring).

Month	oct2016	jan2017	jun2017	jul2017	jan2018	jun2018	jul2018
OSS	538	505 (-7%)	532 (+5%)	449 (-16%)	480 (+6%)	490 (+2%)	383 (-21%)
Total	N/A	N/A	4134	3490 (-16%)	3747 (+7%)	3815 (+2%)	3030 (-21%)

Unfortunately, I have no data on the other categories from before june 2017.

If you have questions or comments, please discuss in the comments.

2018-2019 Microsoft MVP Award

Posted on July 1, 2018 by Michel de Rooij

With great joy and honor I can announce that I have been awarded the Microsoft Most Valuable Professional Award in the category Office Servers and Services (localized e-mail):

MVP awards are given to individuals by Microsoft in recognition of their contributions to the community, such as:

Writing blogs, articles, books.
Speaking engagements or podcasts.
Supporting others, e.g. forum or TechCommunity contributions.
Code contributions.
Product feedback.

This is my 5th consecutive year as an MVP. I used to be an “October MVP”, which meant my award was up in October every year. After the award cycle changed to a yearly one for everyone, this year was the first time all MVP’s who fell under the old quarterly cycles, were being up for renewal. It also meant, contributions of a longer period of time were being evaluated. So lots of kudos to the MVP leads and other folks that had to go through the monstrous task of reviewing thousands of contributions for this cycle.

Many thanks to the community, readers, followers, fellow MVP’s and friends, peers, product groups and other Microsoft employees for their encouragement, inspiration and support over all those years.

My MVP profile can be found here.

Exchange Updates – June 2018

Posted on June 20, 2018 by Michel de Rooij

The Exchange Team released the June updates for Exchange Server 2013 and 2016, and an additional Rollup 22 for Exchange Server 2010 Service Pack 3.

Apart from fixes and time zone changes, these updates contain the following important changes and notes:

As announced earlier, Exchange 2013 CU21 and Exchange 2016 CU10 require .NET Framework 4.7.1.
All three updates require the VC++ 2013 runtime library, because it is needed by a 3rd component in WebReady Document Viewing in Exchange 2010/2013 and Data Loss Prevention in Exchange 2013/2016. Exchange 2010 SP3 RU22 will force installation of this VC++ runtime.
Updates include a critical security patch for Oracle Outside In libraries. More about the issue in MSRC advisory ADV180010.
Exchange 2013 CU21 and Exchange 2016 CU10 introduce support for directly creating and enabling remote shared mailboxes, e.g.
```
New-RemoteMailbox [-Shared] [-Name remoteMailboxName]
Enable-RemoteMailbox [-Identity user] [-Shared] [-RemoteRoutingAddress user@domain]
Set-RemoteMailbox [-Name user] [-Type Shared]
```
You need to run setup /PrepareAD to see these changes. More information in KB4133605.
This is the last planned Cumulative Update for Exchange 2013 as it enters Extended Support.
Exchange 2010 SP3 RU22 adds support for Windows Server 2016 Domain Controllers.

Version	Build	KB Article	Download	UMLP	Schema Changes
Exchange 2016 CU10	15.1.1531.3	KB4099852	Download	UMLP	No
Exchange 2013 CU21	15.0.1395.4	KB4099855	Download	UMLP	No
Exchange 2010 SP3 RU22	14.3.411.0	KB4295699	Download

Exchange 2016 CU10 fixes:

4056609 Event ID 4999 and mailbox transport delivery service won’t start with Exchange Server 2016 CU7 installed
4133605 Cmdlets to create or modify a remote shared mailbox in an on-premises Exchange environment
4133620 “HTTP 500 due to ADReferralException” error when a user tries to view detail properties of mailboxes in a child domain in Exchange Server
4095974 “System.InvalidOperationException” occurs when the “Enable-MailPublicFolder” cmdlet is run against a public folder in Exchange Server
4095973 Set-ServerComponentState cmdlet does not honor the write scope defined in the RBAC management scope in Exchange Server
4095993 HTTP 500 error when an administrator tries to manage regional settings in ECP on Windows Server 2016
4294209 Cannot clear the “Maximum message size” check box for Send messages or Receive messages in EAC in Exchange Server 2016
4294208 “TooManyObjectsOpenedException” error when you run the “Get-PublicFolderMailboxDiagnostics” cmdlet in Exchange Server
4294212 Cannot send VBScript-created messages in the Outlook 2016 client
4294211 Cannot run “Set-CalendarProcessing” cmdlets after you apply CU8 or CU9 for Exchange Server 2016
4294210 Cannot edit an email attachment in OWA in an Exchange Server 2016 environment
4294204 Changing “IsOutOfService” to “False” in an earlier Exchange Server version does not immediately update in a later Exchange Server environment
4092041 Description of the security update for Microsoft Exchange Server 2013 and 2016: May 8, 2018

Exchange 2013 CU20 fixes:

4133605 Cmdlets to create or modify a remote shared mailbox in an on-premises Exchange environment
4133604 User can’t log on to a POP/IMAP account by using NTLM authentication in Exchange Server 2013
4133618 Unexpected error occurs when running the Get-DatabaseAvailabilityGroupNetwork cmdlet in Exchange Server 2013
4133620 “HTTP 500 due to ADReferralException” when a user tries to view detail properties of mailboxes in a child domain in Exchange Server
4058473 An Office 365 primary mailbox user cannot be assigned full access permissions for an on-premises mailbox in Exchange Server
4094167 The MSExchangeRPC service crashes with a System.NullReferenceException exception in Exchange Server 2013
4095974 “System.InvalidOperationException” occurs when the “Enable-MailPublicFolder” cmdlet is run against a public folder in Exchange Server
4092041 Description of the security update for Microsoft Exchange Server 2013 and 2016: May 8, 2018
4294205 POP3 services intermittently stop in an Exchange Server 2013 environment
4294204 Changing “IsOutOfService” to “False” in an earlier Exchange Server version does not immediately update in a later Exchange Server environment

Exchange 2010 Rollup 22 fixes:

4295751 EWS impersonation not working when accessing resource mailboxes in a different site in Exchange Server 2010 SP3

Notes:

Exchange 2016 CU8 and Exchange 2013 CU18 do not contain schema changes compared to their previous Cumulative Update. However, they introduce RBAC changes in your environment. Use setup /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers.
When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay at most one version behind (n-1).
If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
The order in which you upgrade servers with Cumulative Updates is irrelevant.

Caution:

As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

Automation, DevOps and the Evolution of the IT Pro

Posted on June 16, 2018 by Michel de Rooij

iTunes-Podcast-logo[1] Recently, Simon Waight and I were invited by fellow MVP Chris Goosen from Cloud Architects to come chat a little on Automation, DevOps and the evolution of the IT Professional.

With the bridge narrowing between development and infrastructure on a daily basis, and infrastructure becoming code, the DevOps culture is becoming more and more important to be knowledgeable about for IT Professionals with a background in infrastructure.

You can listen to the podcast recording here, or you can subscribe to the Cloud Architects podcast.

Security Updates for Exchange 2016, 2013 and 2010

Posted on May 31, 2018 by Michel de Rooij

A quick heads-up for those that missed it that earlier this month, as Microsoft released security updates for supported releases of Exchange Server 2016 and 2013 as well as Exchange Server 2010.

The security updates patch issues as reported in the following Microsoft Common Vulnerabilities and Exposures:

CVE-2018-8151 – Microsoft Exchange Memory Corruption Vulnerability
CVE-2018-8154 – Microsoft Exchange Memory Corruption Vulnerability
CVE-2018-8159 – Microsoft Exchange Elevation of Privilege Vulnerability
CVE-2018-8153 – Microsoft Exchange Spoofing Vulnerability
CVE-2018-8152 – Microsoft Exchange Server Elevation of Privilege Vulnerability

You can download the security updates here:

Exchange Server 2016 CU9 (v15.1.1466.8, KB4092041)
Exchange Server 2016 CU8 (v15.1.1415.7, KB4092041)
Exchange Server 2013 CU20 (v15.0.1367.6, KB4092041)
Exchange Server 2013 CU19 (v15.0.1365.7, KB4092041)
Exchange Server 2013 Service Pack 1 (v15.0.847.62, KB4092041)
Exchange Server 2010 SP3 Rollup 21 (v14.3.399.2, KB4091243)

You may notice that Exchange 2013 Service Pack 1 is still in there, but this is because Cumulative Updates and Service Packs are on a different servicing model. Every Cumulative Update is supported for three months after the release of the next Cumulative Update; Exchange 2013 SP1 entered extended support early April, and will only receive critical updates such as this one.

Be advised that for Exchange 2013 and 2016, Security Updates are Cumulative Update level specific. While the downloaded security updates may carry the same name, the files are different and you cannot apply the downloaded security update file for Exchange 2016 CU8 to Exchange 2016 CU9. I suggest adding some form of identification of the Cumulative Update to the file name when you save it, e.g. Exchange2016-KB4092041-x64-en-CU9.msp.

As with any patch or update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production.

Exchange & .NET Framework 4.7.2

Posted on May 9, 2018 by Michel de Rooij

A quick blog on the recent release of .NET Framework 4.7.2. In the past I blogged about the tight relationship between Exchange versions and the .NET Framework, and the supported combinations of those two to deploy and run Exchange. Shortly after publishing that article, Microsoft revised its support statement:

“When upgrading Exchange from an unsupported CU to the current CU and no intermediate CUs are available, you should upgrade to the latest version of .NET that’s supported by Exchange first and then immediately upgrade to the current CU. This method doesn’t replace the need to keep your Exchange servers up to date and on the latest, supported, CU. Microsoft makes no claim that an upgrade failure will not occur using this method, which may result in the need to contact Microsoft Support Services”.

Now while 4.7.2 is a minor release, it is not mentioned in the Exchange supportability matrix at this moment. As such, it is not a validated combination, and you will be in uncharted territory with an unsupported configuration. The revised support statement only mentions upgrading Cumulative Update directly to a recent release as many customers were faced with a two-step upgrade process coming from old Cumulative Updates, basically ignore the supportability matrix. However, it does not mention anything about upgrading to the latest .NET Framework version at this moment. So don’t.

To block (accidental) installation of .NET Framework 4.7.2, you can configure the following registry key on your current Exchange servers to block its installation:

HKLM\Software\Microsoft\NET Framework Setup\NDP\WU\BlockNetFramework472= 1 (REG_DWORD)

or using PowerShell code:

$Version='472'
$RegKey= 'HKLM:\Software\Microsoft\NET Framework Setup\NDP\WU'
$RegName= ('BlockNetFramework{0}' -f $Version)
If( -not (Test-Path $RegKey -ErrorAction SilentlyContinue)) {
    New-Item -Path (Split-Path $RegKey -Parent) -Name (Split-Path $RegKey -Leaf) -ErrorAction SilentlyContinue | out-null
}
New-ItemProperty -Path $RegKey -Name $RegName -Value 1 -ErrorAction SilentlyContinue| out-null
If( ( Get-ItemProperty -Path $RegKey -Name $RegName -ErrorAction SilentlyContinue)) {
    Write-Output ('Installation blockade for .NET Framework {0} set' -f $Version)
}
Else {
    Write-Error ('Unable to set registry entry {0}\{1}' -f $RegKey, $RegName)
}

Exchange Updates – March 2018

Posted on March 21, 2018 by Michel de Rooij

The Exchange Team released the March updates for Exchange Server 2013 and 2016, and these Cumulative Updates contain a ton of fixes. Like the earlier Cumulative Updates for Exchange 2013 and Exchange 2016, and in addition to the fixes – see below – these Cumulative Updates contain the following important changes:

Support for .NET Framework 4.7.1. Be advised that .NET Framework 4.7.1 will be required for the next cycle of quarterly updates, which will be released in June 2018.
Full support for TLS 1.2. More information and guidance here.

On a smaller note, Exchange 2010 Service Pack 3 Rollup 20 was also released, which contains two security fixes CVE-2018-0924 and CVE-2018-0940, as well as DST changes.

Version	Build	KB Article	Download	UMLP	Schema Changes
Exchange 2016 CU9	15.1.1466.3	KB4055222	Download	UMLP	No
Exchange 2013 CU20	15.0.1367.3	KB4055221	Download	UMLP	No
Exchange 2010 SP3 RU20	14.3.389.1	KB4073537	Download

Exchange 2016 CU9 fixes:

4054513 Mailbox usage status bar in OWA displays incorrect mailbox usage
4055433 User is added to an entire series when accepting a single instance through Exchange ActiveSync
4057216 Health mailbox’s password is exposed in logs for a failed probe in Exchange Server 2016 and 2013
4058373 “A parameter cannot be found” error when you run Install-AntiSpamAgents.ps1 in Exchange Server 2016 CU7
4058379 All cross-forest meeting updates have to be accepted again in Exchange Server 2016 and 2013
4058383 Exchange Control Panel (ECP) redirection fails in Exchange Server 2016
4058384 Get-CalendarDiagnosticAnalysis shows DateTime in 12-hour clock in Exchange Server 2016 and 2013
4058399 Disabling a mailbox can’t remove legacyExchangeDN from user’s properties in Exchange Server 2016
4073094 Emails outside a UID range are returned when you request for emails by using IMAP
4073095 “550 5.6.0 CAT.InvalidContent.Exception” and email isn’t delivered in Exchange Server 2016 and 2013
4073104 PIN can be reset on a Unified Messaging (UM)-enabled mailbox for a user outside a scoped OU
4073103 The Enable-Mailbox cmdlet doesn’t block migrated users from provisioning in Exchange Server 2016
4073107 Language can’t be changed when a user from a child domain tries to change language in OWA
4073111 Can’t access a CAS website such as OWA/ECP/Autodiscover in Exchange Server 2016
4073110 You can’t access OWA or ECP after you install Exchange Server 2016 CU8
4073109 Search-MailboxAuditLog -ShowDetails not showing all messages in Exchange Server 2016
4073114 “ADOperationException” error when OWA text verification fails in Exchange Server 2016
4073214 Can’t enable OWA offline access in Exchange Server 2016
4073531 CultureNotFoundException when selecting a LCID 4096 language in OWA for Exchange Server 2016
4076520 MatchSubdomains isn’t usable for Set-AcceptedDomain in Exchange Server 2016
4076741 Incorrect NDR when an administrator deletes a message from a queue in Exchange Server 2016
4077655 Event ID 258 “Unable to determine the installed file” after you uninstall Windows PowerShell 2.0
4057290 Incorrect user is returned in the ECP when one user’s display name matches another user’s alias
4058372 Blank page in Exchange Admin Center Audit Log in Exchange Server 2016
4058382 Can’t retrieve time slot information about private calendar items as a delegate on another user’s account in Exchange Server 2016
4058401 Administrator audit logging does not record Set-ServerComponentState cmdlet details in Exchange Server 2013 or 2016 environment
4073097 Monitoring probes of ECP.Proxy health checks fail on all CAS roles in Exchange Server 2013 and 2016
4073098 The ETS and EXS groups are incorrectly granted “SeDebugPrivilege” in Exchange Server 2016 on-premises
4073108 “There was a problem loading your options” error when a user accesses OWA Voice Mail options in Exchange Server 2016
4077924 Store Worker process crashes when you move, restore, or repair mailboxes that have issues with the logical index within the database in Exchange Server 2016
4091453 Update improves linguistics features and CJK handling for search in Exchange Server 2016
4073392 Description of the security update for Microsoft Exchange: March 13, 2018

Exchange 2013 CU20 fixes:

4073392 Description of the security update for Microsoft Exchange: March 13, 2018
4073094 Emails outside a UID range are returned when you request for emails by using IMAP
4073097 Monitoring probes of ECP.Proxy health checks fail on all CAS roles in Exchange Server 2013 and 2016
4057216 Health mailbox’s password is exposed in logs for a failed probe in Exchange Server 2016 and 2013
4058384 Get-CalendarDiagnosticAnalysis shows DateTime in 12-hour clock in Exchange Server 2016 and 2013
4057290 Incorrect user is returned in the ECP when one user’s display name matches another user’s alias
4055433 User is added to an entire series when accepting a single instance through Exchange ActiveSync
4058401 Administrator audit logging does not record Set-ServerComponentState cmdlet details in Exchange Server 2013 or 2016 environment
4073095 “550 5.6.0 CAT.InvalidContent.Exception” and email isn’t delivered in Exchange Server 2016 and 2013
4058379 All cross-forest meeting updates have to be accepted again in Exchange Server 2016 and 2013
4073093 Save issues occur when you use the plain Text Editor in OWA of Exchange Server 2013
4073096 Emails sent from a shared mailbox aren’t saved in Sent Items when MessageCopyForSentAsEnabled is True

Notes:

Exchange 2016 CU7 and later requires Forest Functionality Level 2008R2 or later.
Exchange 2016 CU8 and Exchange 2013 CU18 do not contain schema changes compared to their previous Cumulative Update. However, they may introduce RBAC changes in your environment. Use setup /PrepareSchema to manually update the schema, or use /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers. To see if you need to update the schema compared to your version or verify the update has been performed, consult the Exchange schema overview.
When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
Using Windows Management Framework (WMF)/PowerShell version 5 or later on anything earlier than Windows Server 2016 is not supported. Don’t install WMF5 on your Exchange servers running on Windows Server 2012 R2 or earlier.
When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay at most one version behind (n-1).
If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
The order in which you upgrade servers with Cumulative Updates is irrelevant.

Caution:

Exchange Mailboxes and Signatures

Posted on March 16, 2018 by Michel de Rooij

vote! One of the longest standing requests of the community regarding Exchange features is the request to have the ability to share e-mail signatures between Outlook for desktop, Outlook Web Access (OWA) and mobile clients like Outlook for iOS. Several 3rd party vendors have been filling this gap with solutions with the possibility of adding standardized signatures on the transport layer or through application add-ins for the WYSIWYG approach.

The Outlook products don’t share signatures; Outlook Web Access does store the signature in a so-called Folder Associated Item (FAI) in the mailbox, making the signature persist when moving the mailbox around. But that unfortunately is only for Outlook Web Access; Outlook for desktop signatures are stored in files in one’s user profile, and Outlook for iOS only allows you to configure a single line, which often is used to apologize for any typos in the message, more common when using mobile devices, by setting it to ‘Mail sent using mobile’ or text of similar nature.

However, after a recent discussion with the relevant product groups by Jeff Guillet, the product groups challenged MVPs that there is indeed a significant demand for this feature by getting people to vote on UserVoice. Jeff with the MVPs designed a functional specification for this feature, which will be shared with the product groups at a later date. There is no reason why we can’t expect this feature to work for both Exchange Online as well as Exchange on-premises. Part of the request will also be to be able to manage the signature through PowerShell, similar to how the Outlook Web Access signature can now be managed using Set-MailboxMessageConfiguration.

So, power to the community and get your voice heard if you want this feature. You can vote on UserVoice here. Thank you.

Comparing Sets of Cmdlets

Posted on March 12, 2018 by Michel de Rooij

powershell With the speed of development in Office 365, it is sometimes hard to track which changes have been made to your tenant. Of course, there is the roadmap and message board which you can use to keep up to date, but those are in general high level descriptions. Sometimes you may want to see what are the changes at the cmdlet level in your tenant, between tenants, or Azure Active Directory module. And there is also the occasional gem in the form of a yet undocumented cmdlet or parameter which could hint at upcoming features.

For this purpose I have created a simple script which has two purposes:

Export information on the current cmdlets available through Exchange Online or Azure Active Directory.
Compare two sets of exported information, and display changes in a readable way.

The script is in PowerShell (of course), and is called Compare-Cmdlets.ps1. To export information, you need to be already connected to either Exchange Online or Azure Active Directory (or both).

To export cmdlet information, use:

.\Compare-Cmdlets.ps1 –Export

For Exchange Online and Azure Active Directory, separate export files are created. The files are prefixed with a timestamp and postfixed with the Exchange Online build or Azure Active Directory module version, e.g. 201803121814-ExchangeOnline-15.20.548.21.xml or 201803121815-AzureAD-2.0.0.137.xml.

After a few days/week, or when connected to another tenant or using a new Azure Active Directory PowerShell module, run the export again. You will now have 2 sets of Exchange Online or Azure Active Directory cmdlets, which you can compare using the following sample syntax:

Compare-Cmdlets.ps1 -ReferenceCmds .\201801222108-ExchangeOnline-15.20.428.21.xml -DifferenceCmds .\201803120926-ExchangeOnline-15.20.548.21.xml

A progress bar is shown as comparison might take a minute. When the script has finished checking the two sets, you will see output indicating changes in cmdlets, parameters or switches, e.g.