About Michel de Rooij

Michel is a Microsoft MVP for Office Server and Services, specializing on Exchange Server, Office 365 and with a PowerShell affection. He is the publisher of EighTwOne, and works as a consultant. Find Michel on Twitter, LinkedIn, Facebook or Google+.

Exchange Certificate Reporting

powershellA quick tip on retrieving the expiration of certificates configured on your Exchange servers. While some certificate providers like DigiCert will proactively notify you when certificates are expiring in the near future, you may want to run such a report yourself. Or perhaps you want to verify configured certificates on all your Exchange servers are aligned.

To accomplish this, you could use readily available scripts, such as this one published by fellow MVP Paul Cunningham. But with some PowerShell you could easily construct yourself a one-liner which will perform the same task. We will first show the one-liner, after we will dissect and talk you through it. Note that being a lazy typist, I used several aliases to make the whole command a bit shorter, but not a lot.

Command
A command to retrieve basic certificate reporting for Exchange servers in your environment is as follows (wrapped for readability):

$D=(Get-Date).AddDays(30); Get-ExchangeServer | %{$S=$_.Identity;$R=$_.ServerRole; Get-ExchangeCertificate -Server $S |
Sort NotAfter | Select @{n='Server';e={'{0} ({1})' -f $S,$R}},
@{n='CertSubject';e={($_.Subject -split '( , )*..=')[1]}},
@{n='Expires';e={'{0:MM/dd/yyyy}' -f $_.NotAfter}},
@{n='IssuedBy';e={($_.Issuer -split '(, )*..=')[1]}},
@{n='Domains';e={$_.CertificateDomains -join ','}},
@{n='Alert';e={' !'[(Get-Date $_.NotAfter) -le $D]}},*} |
ft -a Alert, CertSubject, Status, Expires, IsSelfsigned, IssuedBy,
Services, Thumbprint, Domains -GroupBy Server | Out-String -Width 8192

Sample output
image

Dissection

$D=(Get-Date).AddDays(30) | Get-ExchangeServer

First, we want get a visual indication of certificates expiring in the coming 30 days. The command is followed by a semi-colon, which can be used to separate commands on the same line. The first cmdlet in our pipeline is Get-ExchangeServer, which returns all Exchange server objects.

%{$S=$_.Identity;$R=$_.ServerRole; Get-ExchangeCertificate -Server $S | Sort NotAfter | Select @{n='Server';e={'{0} ({1})' -f $S,$R}}, @{n='CertSubject';e={($_.Subject -split '( , )*..=')[1]}}, @{n='Expires';e={'{0:MM/dd/yyyy}' -f $_.NotAfter}}, @{n='IssuedBy';e={($_.Issuer -split '(, )*..=')[1]}}, @{n='Domains';e={$_.CertificateDomains -join ','}},@{n='Alert';e={' !'[(Get-Date $_.NotAfter) -le $D]}},*}

We are passing every Exchange server object to ForEach (%). For each of these objects, we will perform the following tasks:

  • First, we store its current Identity ($S) and Serverrole ($R) property in variables for later usage. This, because if we create a calculated properties later on, we have no reference anymore to the Exchange object in the calculated field expression, as $_ will then contain the current object passed to Select (Select-Object).
  • Next, we retrieve all certificates from the Exchange server we are looking at using Get-ExchangeCertificate, and we pipe those certificate objects to sort to order them by expiration date.
  • We then create several calculated properties in the pipeline stream:
    • A property named Server will contain a formatted string consisting of the server Identity ($S) and its server roles ($R).
    • A property named CertSubject, containing the name of the subject, without the ‘CN=’ prefix.
    • A property expires with a formatted expiration string (NotAfter).
    • A property named Issues, containing the name of the issuer of the certificate, without the ‘CN=’ prefix.
    • A property Domains containing the SAN names of the certificate, separated by commas.
    • A property Alert, showing an exclamation mark when certificate expires (NotAfter) before the date determined earlier ($D).
    • All other certificate properties are also retained by finally selecting all properties (*).
ft -a Alert, CertSubject, Status, Expires, IsSelfsigned, IssuedBy, Services, Thumbprint, Domains -GroupBy Server | Out-String -Width 8192


Finally, we format the output by selecting and ordering properties using Format-Table (ft), auto-sizing (-a) columns. In addition to the previously added calculated properties, we also return the SelfSigned, Services and Thumbprint properties. Using the GroupBy parameter, we make Format-Table group the objects on a specific property, in this case Server. Because the output can be very wide we use Out-String, specifying a large width to generate output larger than the host session without wrapping or truncating output.

Exchange Updates – September 2017

Ex2013 LogoHoneymoon caused some backlog, and one of the things to post was that the Exchange Team released the September updates for Exchange Server 2013 and 2016. Like the previous Cumulative Updates for these Exchange versions, Exchange 2013 CU18 and Exchange 2016 CU7 require .NET Framework 4.6.2; NET Framework 4.7.1 is currently being tested (4.7 will be skipped), and support for 4.7.1 is expected for the December updates.

Version Build KB Article Download UMLP Schema Changes
Exchange 2016 CU7 15.1.1261.35 KB4018115 Download UMLP Yes
Exchange 2013 CU18 15.0.1347.2 KB4022631 Download UMLP No
  • KB 4040754 “Update UseDatabaseQuotaDefaults to false” error occurs when you change settings of user mailbox in Exchange Server 2016
  • KB 4040121 You receive a corrupted attachment if email is sent from Outlook that connects to Exchange Server in cache mode
  • KB4036108 Security update for Microsoft Exchange: September 12, 2017

Exchange 2013 CU18 fixes:

  • KB4040755 New health monitoring mailbox for databases is created when Health Manager Service is restarted in Exchange Server 2013
  • KB4040121 You receive a corrupted attachment if email is sent from Outlook that connects to Exchange Server in cache mode
  • KB4040120 Synchronization may fail when you use the OAuth protocol for authorization through EAS in Exchange Server 2013
  • KB4036108 Security update for Microsoft Exchange: September 12, 2017

Notes:

  • Exchange 2016 CU7 includes schema changes, but Exchange 2013 CU18 does not. However, Exchange 2013 CU17 may introduce RBAC changes in your environment. Where applicable, use setup /PrepareSchema to update the schema or /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers. To verify this step has been performed, consult the Exchange schema overview.
  • When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
  • Using Windows Management Framework (WMF)/PowerShell version 5 or later on anything earlier than Windows Server 2016 is not supported. Don’t install WMF5 on your Exchange servers running on Windows Server 2012 R2 or earlier.
  • NET Framework 4.7.1 is being tested by the Exchange Team, but .NET Framework 4.7.1 nor .NET Framework 4.7 are supported.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay at most one version behind (n-1).
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order in which you upgrade servers with Cumulative Updates is irrelevant.

Caution: As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

The UC Architects Podcast Ep64

iTunes-Podcast-logo[1]Episode 64 and last episode of The UC Architects podcast is now available. Contrary to the belief of some, people’s agendas rather than lack of contents made it more and more difficult to get sufficient people together for recording. Thanks for the great 5 year ride, people!

This episode is hosted by Pat Richard, who is joined by Tom Arbuthnot, Stale Hansen and John Cook. Editing was done by Andrew Price.

Topics discussed in this episode are:

  • 5 years of The UC Architects podcast.
  • What made it fun, the friendships, the guests, the topics, and how social media has changed how info gets disseminated about Skype for Business, Exchange, Office 365, Teams, and more.
  • We talk about what the crew are up to these days, and their involvement/sessions at Ignite.
  • Skype for Business v.Next and Teams.
  • Some of the issues that arise when deploying Skype for Business when there is no Exchange in the org.
  • The upcoming Ignite and UCDay events.

You can download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Skype for Business or related subjects.

Ignite 2017 Sessions

In about a month’s time, Microsoft Ignite 2017 – North America will kick off in the city of Orlando, Florida. Currently, the session catalog contains an amazing number of 1139 1161 sessions. With such a number, it can be hard to pick sessions depending on your areas of interest or expertise; the Ignite Session Scheduler can be a helpful tool to assist in this noble task.

However, when you want to perform more complex queries something more low-level might be appropriate. For this purpose I took my existing script IgniteDownloader.ps1, which could already be used to download Ignite contents such as videos and slide decks, and enhanced it so it can also be used to retrieve session information as PowerShell objects, allowing you to perform queries, reports etc. Because the script now suits more purposes, I renamed it to Get-IgniteSession.ps1 in the process.

Note that Get-IgniteSession leverages the online Microsoft Ignite session catalog, which is currently in the process of being finalized. You might find therefor the schedule is subject to change over the coming weeks, but also that you can no longer download contents from previous Ignite editions.

You can download the script from the TechNet Gallery here.

If you are attending Ignite, unlike me, some of the potential interesting sessions to look out for are (list subject to change):

Session Title Speaker(s)
BRK1005 Learn about the Microsoft global network and best practices for optimizing Office 365 connectivity Paul Collinge, Paul Andrew
BRK1053 Microsoft Office 365 adoption user group meetup Michael Blumenthal
BRK2195 Create engaging workflows inside Outlook and Microsoft Teams conversations with Actionable Messages David Claux, Shivakumar Seetharaman
BRK2203 Send secure email to anyone with Office 365 and Microsoft Azure Information Protection Praveen Vijayaraghavan
BRK2248 Microsoft Exchange: Through the eyes of MVPs (Panel discussion) Brian Reid, Michael Van Horenbeeck, Ingo Gegenwarth, Steve Goodman, Nicolas Blank, Tony Redmond
BRK2251 What’s new and what’s coming in the Microsoft Outlook family of apps JJ Cadiz, Alessio Roic
BRK2252 Group collaboration in Microsoft Outlook Krish Gali
BRK2374 Stop data exfiltration and advanced threats in Microsoft Office 365 and Azure
BRK2378 Understanding Multi-Geo Capabilities in Office 365 Sesha Mani, Sameer Sitaram
BRK2399 Delivering the modern workplace
BRK2401 Customer story: How to protect against security breaches and insider threats Edward Panzeter, Ian Lindsay
BRK2420 The road to hybrid cloud: Customer case studies optimizing Hyper-V, SQL Server, and Microsoft Azure
BRK3041 Key elements of Office 365 connectivity strategy base on real-life examples Paul Andrew, Jeff Mealiffe, Konstantin Ryvkin
BRK3051 Get your enterprise network ready for Office 365 Paul Andrew, Paul Collinge, Jeff Mealiffe
BRK3053 Troubleshooting Office 365 identity: How modern authentication works and what to do when it doesn’t Jonas Gunnemo
BRK3080 Build smarter apps with Office using the Microsoft Graph Yina Arenas
BRK3082 Anti-phishing with Office 365 Advanced Threat Protection Abhishek Agarwal
BRK3154 The epic Exchange preferred architecture debate Ross Smith IV, Lin Chen, Mike Cooper
BRK3155 Thrive as an enterprise organization in Microsoft Exchange Online Jeff Kizner
BRK3157 Exchange and Outlook mega “ask the experts” Brain Day, Greg Taylor, Jeff Mealiffe, Allen Filush, Scott Schnoll, Ross Smith IV, Julia Foran, JJ Cadiz, Alessio Roic, Meg Quintero, James Colgan, Steve Conn, Wey Love
BRK3158 Design your Exchange infrastructure right (or consider moving to Office 365) Boris Lokhvitsky, Robert Gillies
BRK3184 Deploying and using Outlook mobile in the Enterprise Ross Smith IV
BRK3185 Improvements and innovations in calendaring with Microsoft Outlook and Exchange Julia Foran
BRK3186 Running Exchange hybrid over the long term Michael Van Horenbeeck
BRK3222 Scott Schnoll’s Exchange tips and tricks Scott Schnoll
BRK3248 Exchange Online – spanning data center regions Brain Day
BRK3249 Modern authentication for Exchange Server on-premises Greg Taylor
BRK3259 Transitioning from distribution lists to Office 365 Groups in Outlook Shilpa Ranganathan
BRK3262 Implementing Exchange Online Protection for on-premises Exchange Brian Reid
BRK3263 Secure Exchange on-premises as well as Microsoft secures Exchange Online Andrew Higginbotham, Raji Dani
BRK3264 Troubleshooting complex Exchange operational issues Ingo Gegenwarth, Andrew Higginbotham
BRK3332 Ten critical areas for those moving from Exchange on-premises to Office 365 Tony Redmond
BRK3340 Use Microsoft Graph to reach on-premises users of Exchange 2016 deployments Deepak Singh
BRK3382 Securing, governing, and protecting your Office 365 investments Chris Bortlik
BRK3382R Securing, governing, and protecting your Office 365 investments (repeat) Chris Bortlik
BRK4021 Investigate tools and techniques for Exchange performance troubleshooting Nasir Ali, Jeff Mealiffe, Bob Samer, Justin Turner
BRK4022 Insights on Exchange storage, high availability, and data protection Lin Chen
BRK4029 Inside Exchange Online Matt Gossage
THR1014 What can you do with Office 365 Groups in Outlook?
THR1020 Tackling adoption as a service with Office 365 Richard Harbridge
THR1022 Bring your sales team together: Office 365 Groups, Teams & Microsoft Dynamics 365 in the real world Chris Johnson
THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager
THR1035 Prevent costly data leaks from Microsoft Office 365
THR1046 Using Digital Experience Management to Validate the Impact of IT Change
THR1068 Online virtual labs: The hidden gem for free hands-on learning, practice, and exploration CA Callahan
THR2026 Set up secure and efficient collaboration for your organization with Microsoft Office 365 Joe Davies, Brenda Carter
THR2041 Using groups in Outlook for education Krish Gali
THR2042 Collaborate with people outside your company with Office 365 Groups in Outlook
THR2043 Dive deeper into what’s new and what’s coming for Outlook for Windows JJ Cadiz, Jason Creighton
THR2044 Dive deeper into what’s new and what’s coming for Outlook for Mac James Colgan
THR2045 Dive deeper into what’s new and what’s coming for Outlook on the web Allen Filush
THR2046 Dive deeper into what’s new and what’s coming for Outlook for iOS and Android Meg Quintero
THR2062 Real-world advanced threat protection Brian Reid
THR2063 What is DMARC Brian Reid
THR2065 Groups and Teams: Friend or foe? Loryan Strant
THR2080 Tackling cross-tenant Office 365 integration and migrations: Three things you need to know
THR2086 What’s new with Microsoft Exchange Online Public Folders
THR2088 The top five PowerShell commands for Exchange Steve Goodman
THR2097 Developing a blueprint for your data in Microsoft Azure
THR2153 Improving calendaring in Microsoft Office 365 and Outlook
THR2173 Microsoft Office 365: Avoid the Icarus effect J. Peter Bruzzese
THR2181 The impact of digital literacy on Office 365 user adoption Tracy Van der Schyff
THR2203 Put your enterprise applications in the fast lane
THR2205 Delivering the borderless workplace
THR2214 Hybrid cloud activated: A customer case study optimizing on-premises and Azure performance and cost Mor Cohen
THR2229 Get the most from the Microsoft Dynamics 365 Mobile App
THR3022 Troubleshooting Exchange ActiveSync devices Ingo Gegenwarth
THR3023 PowerShell Desired State Configuration: Keep your service stable and stay on top of your config Ingo Gegenwarth
THR3034 Complete your collaboration practice: Voice & video solutions for Office 365 and Skype for Business
THR4000 Edge Transport servers and Hybrid: Why, or why not? Michael Van Horenbeeck

Exchange 2010-2016 Security Fixes

Ex2013 LogoMicrosoft released security updates to fix a remote code execution vulnerability in Exchange Server. The related knowledge base article is KB4018588.

More information is contained in the following Common Vulnerabilities and Exposures articles:

  • CVE-2017-8521 – Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8559 – Microsoft Exchange Cross-Site Scripting Vulnerability
  • CVE-2017-8560 – Microsoft Exchange Cross-Site Scripting Vulnerability

Depending on the lifecycle status of the product, fixes are made available either through a Rollup or as a security fix for the following product levels:

As you might notice, the security fix is made available for the N-1 builds of Exchange 2013 and Exchange 2016. This could imply the issue was addressed in the latest builds of those products. I hope to receive official confirmation on this soon.

The issue is deemed Important, which means organizations are advised to apply these updates at the earliest opportunity. However, as with any update, it is recommended to thoroughly test updates and fixes prior to deploying them in a production environment.

MVP’s around the World

imageIn July 2017 the new annual award cycle regime was put into effect for Microsoft MVP’s around the world. Earlier this year, to simplify the process and introduce new talent in the program more quickly, Microsoft switched to a monthly cycle for recognizing MVP’s, and changed the award review from a quarterly to an annual cycle. This meant MVP’s from April and July were going to be the first ones the be reviewed for June 2017; the January and October awardees got their review shifted to July 2018. That might look like dispensation, but it isn’t as their contributions will be evaluated over a longer period of time.

Looking at the publicly available statistics on MVP’s around the world could provide some insight in what the program – and thus Microsoft – has set their sights on. So with the introduction of the new cycle, I did a quick comparison of this and last month’s numbers. But first a small disclaimer: below numbers are taken from a public source, the Microsoft Valuable Professional portal. Also, there are a small number of anonymous MVP’s, which always puzzles me as being an MVP usually means that this person is visible online. And finally, note that MVP’s can be awarded in more than one category, which is the reason some numbers won’t add up.

To start with the total number of MVP’s, that went down from 4017 in June to 3410 (-15%). It also saw a new category being added to the program: Artificial Intelligence, or AI. The table below contains the number of awards per category, and the change from June to July:

Competence June-2017 July-2017 Change
Access 41 37 -10%
AI 0 1 100%
Business Solutions 236 193 -18%
Cloud and Datacenter Management 455 392 -14%
Data Platform 445 399 -10%
Enterprise Mobility 170 148 -13%
Excel 116 94 -19%
Microsoft Azure 342 311 -9%
Office Development 39 38 -3%
Office Servers and Services 532 449 -16%
OneNote 16 15 -6%
Outlook 14 14 0%
PowerPoint 36 36 0%
Visio 15 14 -7%
Visual Studio and Development Technologies 1100 901 -18%
Windows and Devices for IT 201 148 -26%
Windows Development 351 277 -21%
Word 25 23 -8%
Total 4134 3490 -16%

Overall, the numbers are down except for the new AI category and the number of Outlook and PowerPoint MVP’s.

Regarding the Office Servers and Services MVP’s, the number of awards per country is depicted in the following heath map and table. Note that anonymous MVP’s are not taken into account:

image

Country Number Country Count Country Count
Argentina 2 (0%) Hungary 4 (0%) Russia 8 (-12%)
Australia 21 (-25%) India 12 (-8%) Serbia 1 (0%)
Austria 1 (0%) Ireland 1 (-50%) Singapore 4 (0%)
Belarus 1 (0%) Israel 1 (-50%) Slovakia 1 (0%)
Belgium 7 (-13%) Italy 10 (-10%) Slovenia 2 (0%)
Bosnia-Herzegovina 3 (0%) Japan 18 (-10%) South Africa 4 (-20%)
Brazil 4 (-50%) Korea 9 (-25%) Spain 6 (-15%)
Brunei Darussalam 1 (0%) Kuwait 1 (0%) Sri Lanka 6 (-15%)
Bulgaria 2 (0%) Latvia 1 (0%) Sweden 8 (-20%)
Canada 38 (-18%) Macedonia F.Y.R.O 1 (-50%) Switzerland 5 (-29%)
Chile 1 (-50%) Malaysia 2 (-34%) Taiwan 0 (-100%)
China 15 (-25%) Mexico 3 (-25%) Thailand 1 (0%)
Colombia 2 (-34%) Myanmar 0 (-100%) The Netherlands 13 (0%)
Croatia 5 (0%) Nepal 1 (0%) Turkey 4 (0%)
Czech Republic 2 (0%) New Zealand 5 (-17%) Ukraine 2 (0%)
Denmark 4 (0%) Norway 5 (0%) United Arab Emirates 3 (-40%)
Egypt 2 (0%) Pakistan 1 (-50%) United Kingdom 21 (-20%)
Finland 2 (0%) Palestine 1 (0%) United States 103 (-11%)
France 16 (-16%) Peru 2 (0%) Uruguay 1 (0%)
Germany 17 (-6%) Poland 3 (0%) Vietnam 2 (-34%)
Greece 1 (0%) Portugal 4 (-20%) Total 429 (-16%)
Guatemala 0 (-100%) Romania 2 (0%)

Looking at the names that were not on the MVP portal per July, one may notice there are quite a number of long-standing MVP’s that were not re-awarded. Apart from being a big loss for the community, it is also an indication Microsoft is further looking ahead to the Cloud First, Mobile First, On First™ world, indiscriminately coming clean with the MVP population in the process.

For those that were not re-awarded, thank you for all your past contribution, some for being an inspiration long before I became one, your honest feedback to the program and other MVP’s. Don’t forget: Once an MVP, always an MVP!

Office 365 Engage 2017 Wrap-up

Last week the inaugural Office 365 Engage conference took place in the small but charming city of Haarlem, The Netherlands. With hotels for speakers and attendees close by, the event took place in the Philharmonie, a venue normally used for concerts and theater performances. This lead to some amazing shots on social media of sessions being held in “Room A” (the theater), “Room B” (with bar) and “Room E” (the concert hall).


“Room A”

With Tony Redmond being the chair for this non-Microsoft event, one of the few big Microsoft-technology related events remaining in Europe, organizer BWW Media Group managed to attract an amazing line-up of speakers. Amongst them were quite a number of Microsoft MVP’s, some like Paul Robichaux or Chris Goosen even flying in from overseas. Being sort of a home game to me, it was other speaker’s turn to having to cope with jetlag.

Sessions presented were on all things Office 365 related, such as Azure AD, Exchange Online, SharePoint Online, Groups and Teams, and also more dev-oriented sessions on things like the Graph API. Also, more generic topics were also put to the table, like the roadmap and coping with continuous development, GDPR or hybrid strategies.


“Room B”

On Monday, Jaap Wesselius and I held a full-day workshop on PowerShell for Office 365. The attendees were coming from all over Europe, which shows that there is a demand for an European event of this size on this topic. On Tuesday, I presented a session on Managing Exchange Online using PowerShell, Tips & Tricks. Pending feedback from evaluations, the workshop and session went very well. For those that attended our workshop on Monday, PowerShell for Office 365, or my session on Tuesday on Exchange Online and PowerShell Tips & Tricks, the slide decks will be made available later through the organizer. Sample code from the session is available from the TechNet Gallery here.

Image may contain: one or more people and indoor
“Room E”

Finally, a big thank you to BWW’s Megan Keller, their CEO George Coll, and all the other staff as well, who made speakers and attendees feel welcome at this event, which was small and intimate, a different experience from more massive events like Microsoft Ignite. Also a big thank you to the folks of Quadro-Tech for sponsoring the post-conference drinks.

With everything being walking distance, and with pleasant summer weather, the after-conference hours for catching up with peers and attendees were very enjoyable. BWW was also so kind to offer us speakers a boat trip, where we could experience Haarlem from the waterside, including the obligatory snapshots of windmills, fields and cows.

Note that the organizer is still looking for feedback on the event. Share with them what you like or didn’t like, so they can improve next year’s conference. I am really looking forward to next year’s event, to be held in June 2018, and would highly recommend it to anyone. Hope to see you there next year!

Exchange Updates – June 2017

Ex2013 LogoToday, the Exchange Team released the June updates for Exchange Server 2013 and 2016. Like the previous Cumulative Updates for these Exchange versions, Exchange 2013 CU17 and Exchange 2016 CU6 require .NET Framework 4.6.2.; NET Framework 4.7 has been tested by the Exchange team, but is still unsupported until further notice.

Exchange 2016 CU6 contains much awaited feature enhancements:

  • Sent Items Behavior Control. The implementation of Sent Items behavior in Exchange 2016 CU6 won’t be backported to earlier Exchange versions, as these have their own implementation.
  • Original Folder Item Recovery. This feature won’t be backported to previous versions of Exchange as well.

Apart from DST changes, check the lists below for changes contained in these updates.

Version Build KB Article Download UMLP Schema Changes
Exchange 2016 CU6 15.1.1034.26 KB4012108 Download UMLP Yes
Exchange 2013 CU17 15.0.1320.4 KB4012114 Download UMLP No
  • KB4024658 FIX: The EAS web.config file is not updated on the CAFE server during a build-to-build upgrade
  • KB4024654 POP/IMAP clients can’t log on with NTLM when Alias and SamAccountName are different in Exchange Server 2016
  • KB4024653 Active Monitoring probes fail when you use a new accepted domain as the default domain in Exchange Server 2016
  • KB4024652 Repeated IMAP SEARCH BODY requests may not return newly delivered messages in Exchange Server
  • KB4024651 The “MessageRetrievalMimeFormat” setting isn’t honored for plain text-only email messages in IMAP in Exchange Server
  • KB4024650 Emoji is displayed as question marks in iOS clients in an Exchange Server environment
  • KB4024649 The Read or Unread flag isn’t synchronized correctly after you turn off an ActiveSync device overnight in Exchange Server
  • KB4024648 FIX: A new contact created in OWA may be merged into an existing contact on Exchange Server 2016

Exchange 2013 CU17 fixes:

  • KB4024652 Repeated IMAP SEARCH BODY requests may not return newly delivered messages in Exchange Server
  • KB4024651 The “MessageRetrievalMimeFormat” setting isn’t honored for plain text-only email messages in IMAP in Exchange Server
  • KB4024650 Emoji is displayed as question marks in iOS clients in an Exchange Server environment
  • KB4024647 “The property is too long” error when you update the “Department” field of user mailbox in Exchange Server 2013
  • KB4024646 “Insufficient access rights” error when you run setup.exe as member of “Delegated Setup” group in Exchange Server 2013

Notes:

  • Exchange 2016 CU6 includes schema changes, but Exchange 2013 CU17 does not. However, Exchange 2013 CU17 may introduce RBAC changes in your environment. Where applicable, use setup /PrepareSchema to update the schema or /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers. To verify this step has been performed, consult the Exchange schema overview.
  • When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
  • Using Windows Management Framework (WMF)/PowerShell version 5 or later on anything earlier than Windows Server 2016 is not supported. Don’t install WMF5 on your Exchange servers running on Windows Server 2012 R2 or earlier.
  • NET Framework 4.7 is being tested by the Exchange Team, but is not supported until further notice.
  • Customers who have deployed Exchange in Hybrid or use Exchange Online Archiving need to stay current, or at least run the prior Cumulative Update version.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay at most one version behind (n-1).
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order in which you upgrade servers with Cumulative Updates is irrelevant.

Caution: As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

Exchange and .NET Framework 4.7

Ex2013 Logo A quick heads-up on that .NET Framework 4.7 has recently been released and will be made available through Windows Update channels. The current versions of Exchange Server are not supported with this version of the .NET Framework, and you should not install or update to this version.

Similar to the situation with .NET Framework 4.61 around a year ago, you can prevent  (accidental) upgrades of the .NET Framework by creating the following registry key on your Exchange servers:

HKLM:\Software\Microsoft\NET Framework Setup\NDP\WU\BlockNetFramework47 = 1 (REG_DWORD)

To report on the currently installed .NET Framework version on one or more computers, you can use this PowerShell script, Get-DotNetVersion.ps1. It will not only report the .NET Framework version information, but also if those registry entries to block .NET Framework 4.6.1 or .NET Framework 4.7 upgrades are present.

[PS] C:\> .\get-DotNetVersion.ps1 -ComputerName ex1,ex2 | ft -a

Computer Release NetFramework Net461Block Net47Block
-------- ------- ------------ ----------- ----------
ex1      461268  4.7          False       True
ex2      461268  4.7          False       False

The related article by the Exchange Team on this topic contains steps on how to recover the situation, in case you did upgrade. Of course, with all the dependencies on the .NET Framework by Exchange Server, you may prefer migrating contents to a new Exchange servers with a supported .NET Framework, and decommission servers where you had to remove the unsupported .NET Framework from.

More information can be found in KB4024204.

PS: The updated Unattended Exchange 2013 & 2016 Installation script will now also set the .NET Framework 4.7 blockade registry key.

The UC Architects Podcast Ep63

iTunes-Podcast-logo[1]Episode 63 of The UC Architects podcast is now available. This episode is hosted by Pat Richard, who is joined by Steve Goodman who’s joined by John Cook. Editing was done by Andrew Price.

Topics discussed in this episode are:

Exchange

  • Exchange 2007 was end of life on April 11th

Office 365

  • Microsoft Teams is GA
  • Microsoft Teams Bandwidth Calculator
  • Microsoft Advanced Threat Protection
  • Google Suite vs Office 365

Lync/Skype for Business

  • Skype for Business updates for Mac
  • Skype for Business Online Trusted Application API
  • Consult Transfer option
  • Lync 2013 CUs for March 2017
  • Skype for Business 2015 CUs
  • RUCT updated
  • Convert-SonusSBCConfigToWord

Events

  • MS Cloud UG
  • UC and Cloud Day UK
  • Office 365 Engage

You can download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Skype for Business or related subjects.