About Michel de Rooij

Michel de Rooij, with over 25 years of mixed consulting and automation experience with Exchange and related technologies, is a consultant for Rapid Circle. He assists organizations in their journey to and using Microsoft 365, primarily focusing on Exchange and associated technologies and automating processes using PowerShell or Graph. Michel's authorship of several Exchange books and role in the Office 365 for IT Pros author team are a testament to his knowledge. Besides writing for Practical365.com, he maintains a blog on eightwone.com with supporting scripts on GitHub. Michel has been a Microsoft MVP since 2013.

Official 70-341 and 70-342 Preparation Books

Posted on April 25, 2015 by Michel de Rooij

For those striving for Exchange certification, there is nothing like good written material to prepare you for the exam at hand. Of course, hands-on experience is invaluable, but it could be you don’t know where to start, and find TechNet contents great for reference but more written with the support audience in mind. In those cases, you may need more guidance through the exam subjects, as with a regular course.

In this situation, the following two recently released Microsoft Press titles may be of interest:

Exam Ref 70-341 Core Solutions of Microsoft Exchange Server 2013 (MCSE), by fellow Exchange MVP’s Paul Robichaux and Bhargav Shukla.
Exam Ref 70-342 Advanced Solutions of Microsoft Exchange Server 2013 (MCSE), by fellow Exchange MVP’s Steve Goodman and Brian Reid.

Both books are the official preparation material for the exams, and they written by authors with proper field experience. Also, both Bhargav and Reid teached on the Microsoft Certified Master (MCM/MCSM) program at Microsoft in Redmond. If getting certified for Exchange 2013 is on your personal roadmap, be sure to check out these titles.

On another note, fellow Exchange MVP’s Tony Redmond, Michael van Horenbeeck and Paul Cunningham, together Jeff Guillet in the role of technical editor, will self-publish an e-book-only title, called “Office 365 for Exchange Professionals”. Intention of self-publishing an e-book-only title is to be able to incorporate Office 365 service changes more often. They plan to have it ready before Microsoft Ignite in 2 weeks time.

If you are looking for titles on Exchange or Exchange-related subject such as PowerShell or Active Directory, be sure to check out my section of recommended titles here.

Mitigating MS15-034 exploit

Posted on April 20, 2015 by Michel de Rooij

Update: Made changes to reflect that IIS Request Filtering will not work.

This week, Microsoft released a security fix MS15-034 (KB3042553) for IIS which potentially allows for remote code execution on IIS, denial of service attacks (DOS) or bugchecking of servers. Since Exchange leverages IIS, Exchange servers are affected.

The vulnerability is easy to exploit, using an HTTP or HTTPS request and specifying a Range header with a value of 18446744073709551615 (maximum 64-bit unsigned integer). The Range header, introduced in the HTTP/1.1 specification, can be used by the requester to receive only a portion of data, for example the first few bytes of a JPG to determine its dimensions.The issue occurs when you specify out of bounds value. for example, when using cURL you can specify:

curl -v https://exchangeserver.contoso.com/iisstart.htm -H "Host: contoso.com" -H "Range: bytes = 0-8192" -k

Exchange-fellow Dave Stork did a nice write-up on the issue and how to prevent it from happening, i.e.

The most recommended solution is of course to install the KB3042553 security fix on servers running IIS, starting with servers that are internet-facing.
Filter requests on your reverse proxy, load balancer or IPS solution:
- KEMP has provided instructions how to accomplish this on their Loadmasters here.
- F5 has provided instructions here.
- ISC SANS institute provided instructions for SNORT here.
Disable IIS kernel caching, but this is not recommended due to negative impact on performance.

Unfortunately, Request Filtering is not an option so you can not prevent the exploit using IIS’ built-in Request Filtering feature. The Request Filtering will occur after parsing of the Range header, and it is in this parsing causing the issue.

Microsoft Ignite 2015 Countdown

Posted on April 20, 2015 by Michel de Rooij

In only 2 weeks, the Microsoft Ignite event will be held at Chicago, USA. With the demise of Microsoft Exchange Conference, this is the major Microsoft conference this year. Its the place where people involved with Exchange will get updated on next version of Exchange. It is also the place to be informed in related areas, such as Office 365, Office 2016 or Azure, or catch up with your peers.

Microsoft recently revealed a small glimpse of what’s coming in Exchange 2016, such as modern attachments in OWA, which will allow you to send links to attachments stored on OneDrive for Business instead of embedding them in the message. The article not only provides teasers as Exchange on-premises will – hopefully – be brought more up to par with the Exchange Online offering. It will also give many people peace of mind as there will be another version of Exchange on-premises.

In just 3 days, a whopping number of 82 sessions related to Exchange or Exchange Online will be held, so creating a schedule could be challenging. I expect these sessions t to reveal a lot more details on Exchange 2016 and its new features or enhancements. Million dollar question: will the IOPS requirement again change significantly? Be advised that the schedule is still not 100% fixed, so check back often for updates or plan for alternative sessions.

I am sure Microsoft will make this new consolidated conference a success. For those attending or presenting, I wish you a great time in Chicago at Ignite or one of the side events or at one of the many parties such as ENow’s Scheduled Maintenance. Unfortunately, I will not be attending Microsoft Ignite. For myself or others looking for session contents, Microsoft stated Ignite sessions will be recorded and be made available within 48 hours.

On another note, I will be at IT/DEV Connections later this year in Las Vegas. With Jaap Wesselius, I will be hosting a workshop on ‘Managing Exchange Online and Exchange On-Premises using Powershell’. If you plan to visit another conference this year, be sure to consider Connections, which will be held from September 14th-17th in Las Vegas, USA. Connections is independent, will have lots of sessions on Exchange on-premises as well as Office 365 topics. Sessions will be hosted by well-known speakers from the industry.

The UC Architects Podcast Ep51

Posted on April 16, 2015 by Michel de Rooij

Episode 51 of The UC Architects podcast is now available. This episode is hosted by Steve Goodman who is joined by Dave Stork and John Cook.. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

Exchange 2013 CU8
Exchange 2010 SP3 CU9
Exchange ActiveSync onboarding to Office 365
Exchange 2013 Hybrid Config Wizard
Office 2013 modern auth public preview
Staying informed of Office 365 changes
Office 2016 preview
Updates for Outlook for iOS
Azure AD Sync
Office 365 MDM
Questions from listeners
Lync Kerberos Account
Lync/Skype for Business Network Planning for Silk Code
Controlling Lync/Skype for Business with your arms
Get ready for Skype for Business
Updates and Skype for Business
Microsoft Ignite
UCBUG
UCDAY
UCExpo

You can download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

iOS 8.3 Exchange-related fixes

Posted on April 9, 2015 by Michel de Rooij

Today, Apple released an update for iOS which supposedly fixes, amongst other things, some Exchange-related issues. The release notes of iOS 8.3 mentions the following Exchange-related fixes:

Exchange out-of-office message can now be edited separately for external replies.
Improves recovery of Exchange accounts from temporary connection problems.
Fixes an issue that caused Exchange meetings with long notes to be truncated.

As for any update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to allowing access to your production environment. Apart from potentially blocking the new iOS, monitor the support forums from Apple and Microsoft for related issues. To block a specific version of iOS, consult this page.

More information on known issues with Exchange ActiveSync and 3rd party devices can be found in KB2563324.