Exchange Updates – March 2017

Ex2013 LogoToday, the Exchange Team released the March updates for Exchange Server 2013 and 2016, as well as Exchange Server 2010 and 2007. The latter will receive its last update, as Exchange 2007 will reach end-of-life April 11, 2017.

As announced in December updates, Exchange 2013 CU16 and Exchange 2016 CU5 require .NET 4.6.2. The recommended upgrade paths:

  • If you are still on .NET 4.6.1, you can upgrade to .NET 4.6.2 prior of after installing the latest Cumulative Update.
  • If you are on .NET 4.52, upgrade to Exchange 2016 CU4 or Exchange 2013 CU15 if you are not already on that level, then upgrade to .NET 4.6.2, and finally upgrade to the the latest Cumulative Update.

The Cumulative Updates also include DST changes, which is also contained in the latest Rollups published for Exchange 2010 and 2007.

For a list of fixes in these updates, see below.

Exchange 2016 CU5 15.1.845.34 KB4012106 Download UMLP
Exchange 2013 CU16 15.0.1293.2 KB4012112 Download UMLP
Exchange 2010 SP3 Rollup 17 14.3.352.0 KB4011326 Download
Exchange 2007 SP3 Rollup 23 8.3.517.0 KB4011325 Download
  • KB4015665 SyncDelivery logging folders and files are created in wrong location in Exchange Server 2016
  • KB4015664 A category name that has different case-sensitivity than an existing name is not created in Exchange Server 2016
  • KB4015663 “The message content has become corrupted” exception when email contains a UUE-encoded attachment in Exchange Server 2016
  • KB4015662 Deleted inline picture is displayed as attachment after you switch the message to plain text in Exchange Server 2016
  • KB4015213 Email is still sent to Inbox when the sender is deleted from the Trusted Contacts list in Exchange Server 2016
  • KB4013606 Search fails on Exchange Server 2016 or Exchange Server 2013
  • KB4012994 PostalAddressIndex element isn’t returning the correct value in Exchange Server 2016

Exchange 2013 CU16 fixes:

  • KB4013606 Search fails on Exchange Server 2016 or Exchange Server 2013

Exchange 2010 SP3 RU17 fixes:

  • KB4014076 Migration ends and errors reported when you on-board or off-board a mailbox through Exchange Online in an Exchange Server 2010 hybrid environment
  • KB4014075 UNC path does not open in OWA when the path contains non-ASCII characters in an Exchange Server 2010 environment
  • KB4013917 You cannot search in a shared mailbox through OWA in an Exchange Server 2010 Service Pack 3 (Update Rollup 15 or 16) environment
  • KB4012911 Culture element is added in the wrong order when you use the ResolveNames operation in EWS in Exchange Server 2010

Notes:

  • Exchange 2016 CU5 doesn’t include schema changes, however, Exchange 2016 CU5 as well as Exchange 2013 CU16 may introduce RBAC changes in your environment. Where applicable, use setup /PrepareSchema to update the schema or /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers. To verify this step has been performed, consult the Exchange schema overview.
  • When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Do note that upgrading, before installing the Exchange binaries, setup will put the server in server-wide offline-mode.
  • Using Windows Management Framework (WMF)/PowerShell version 5 on anything earlier than Windows Server 2016 is not supported. Don’t install WMF5 on your Exchange servers running on Windows Server 2012 R2 or earlier.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are allowed to stay at least one version behind (n-1).
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order of upgrading servers with Cumulative Updates is irrelevant.

Caution: As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

Exchange Updates – December 2016

Ex2013 LogoToday, the Exchange Team released the December updates for Exchange Server 2013 and 2016, as well as Exchange Server 2010 and 2007.

Changes introduced in Exchange Server 2016 CU4 are an updated OWA composition window, and on Windows Server 2016, KB3206632 needs to be present before CU4 can be deployed. This KB fixes – among other things – the problem with DAG members experiencing crashing IIS application pools. Be advised that the KB3206632 update for Windows Server 2016 is a whopping 1 GB. You can download this update here.

The biggest change for Exchange Server 2013 is support for .NET 4.6.2. Be advised organizations running Exchange 2016 or 20103 on .NET 4.6.1 should start testing with and planning to deploy .NET 4.6.2, as the March updates will require .NET 4.6.2, which is currently still optional.

Both Cumulative Updates introduce an important fix for indexing of Public Folder when they were in the process of being migrated. To ensure proper indexing, it is recommended to move public folder mailboxes to a different database so they will get indexed properly.

The Cumulative Updates also include DST changes, which is also contained in the latest Rollups published for Exchange 2010 and 2007.

For a list of fixes in these updates, see below.

Exchange 2016 CU4 15.1.669.32 KB3177106 Download UMLP
Exchange 2013 CU15 15.0.1263.5 KB3197044 Download UMLP
Exchange 2010 SP3 Rollup 16 14.3.339.0 KB3184730 Download
Exchange 2007 SP3 Rollup 22 8.3.502.0 KB3184712 Download
  • KB 3202691 Public folders indexing doesn’t work correctly after you apply latest cumulative updates for Exchange Server
  • KB 3201358 Set-Mailbox and New-Mailbox cmdlets prevent the use of the -Office parameter in Exchange Server 2016
  • KB 3202998 FIX: MSExchangeOWAAppPool application pool consumes memory when it recycles and is marked as unresponsive by Health Manager
  • KB 3208840 Messages for the health mailboxes are stuck in queue on Exchange Server 2016
  • KB 3186620 Mailbox search from Exchange Management Shell fails with invalid sort value in Exchange Server 2016
  • KB 3199270 You can’t restore items to original folders from Recoverable Items folder in Exchange Server 2016
  • KB 3199353 You can’t select the receive connector role when you create a new receive connector in Exchange Server 2016
  • KB 3193138 Update to apply MessageCopyForSentAsEnabled to any type of mailbox in Exchange Server 2016
  • KB 3201350 IMAP “unread” read notifications aren’t suppressed in Exchange Server 2016
  • KB 3209036 FIX: “Logs will not be generated until the problem is corrected” is logged in an Exchange Server 2016 environment
  • KB 3212580 Editing virtual directory URLs by using EAC clears all forms of authentication in Exchange Server 2016

Exchange 2013 CU15 fixes:

  • KB 3198092 Update optimizes how HTML tags in an email message are evaluated in an Exchange Server 2013 environment
  • KB 3189547 FIX: Event ID 4999 for a System.FormatException error is logged in an Exchange Server 2013 environment
  • KB 3198046 FIX: The UM mailbox policy is not honored when UM call answering rules setting is set to False in an Exchange Server 2013 environment
  • KB 3195995 FIX: Event ID 4999 with MSExchangerepl.exe crash in Exchange Server 2013
  • KB 3208886 Send As permission of a linked mailbox is granted to a user in the wrong forest in Exchange Server 2013
  • KB 3188315 Messages are stuck in outbox when additional mailboxes are configured in Outlook on Exchange Server 2013
  • KB 3202691 Public folders indexing doesn’t work correctly after you apply latest cumulative updates for Exchange Server
  • KB 3203039 PostalAddressIndex property isn’t returning the correct value in Exchange Server 2013
  • KB 3198043 Shadow OAB downloads don’t complete in Exchange Server 2013
  • KB 3208885 Microsoft.Exchange.Store.Worker.exe process crashes after mailbox is disabled in Exchange Server 2013
  • KB 3201966 MSExchangeOWAAppPool application pool consumes excessive memory on restart in Exchange Server 2013
  • KB 3209041 FIX: An ActiveSync device becomes unresponsive until the sync process is complete in an Exchange Server environment
  • KB 3209013 FIX: The LegacyDN of a user is displayed incorrectly in the From field in the Sent Items folder on an ActiveSync device
  • KB 3209018 FIX: Results exported through the eDiscovery PST Export Tool never finishes in an Exchange Server environment
  • KB 3199519 Inconsistent search results when email body contains both English and non-English characters in Exchange Server 2013
  • KB 3211326 “ConversionFailedException” error when emails are sent on the hour in Exchange Server 2013

Notes:

  • Exchange 2016 CU4 doesn’t incldue schema changes compared to CU4, however, Exchange 2016 CU4 as well as Exchange 2013 CU15 may introduce RBAC changes in your environment. Where applicable, use setup /PrepareSchema to update the schema or /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers. To verify this step has been performed, consult the Exchange schema overview.
  • When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Do note that upgrading, before installing the Exchange binaries, setup will put the server in server-wide offline-mode.
  • Using Windows Management Framework (WMF)/PowerShell version 5 on anything earlier than Windows Server 2016 is not supported. Don’t install WMF5 on your Exchange servers running on Windows Server 2012 R2 or earlier.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are allowed to stay at least one version behind (n-1).
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order of upgrading servers with Cumulative Updates is irrelevant.

Caution: As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or TechNet forum for any issues.

Exchange Updates – March 2016

Ex2013 LogoToday, the Exchange Team released one big wave of Exchange updates for Exchange 2016 down to Exchange 2007.

Changes in contained in these updates:

  • Exchange 2016 CU1 is an uncompressed ISO file. If bandwidth is scarce where you will be deploying, be sure to download this 6GB file upfront.
  • Mailbox Anchoring, introduced with the previous CU for Exchange 2013 and Exchange 2016, is reverted.
  • Exchange 2010 supports stand-alone Exchange 2010 Hybrid wizard.
  • All updates will introduce updated OWA/Ootw S/MIME control.

For a list of fixes in these updates, see below.

Exchange 2016 Cumulative Update 1 15.1.396.30 KB3134844 Download UML
Exchange 2013 Cumulative Update 12 15.0.178.4 KB3108023 Download UML
Exchange 2010 Service Pack 3 Rollup 13 14.3.294.0 KB3141339 Download
Exchange 2007 Service Pack 3 Rollup 19 8.3.459.0 KB3141352 Download

Exchange 2016 CU1 fixes:

  • KB 3139730 Edge Transport service crashes when you view the properties of a poison message in Exchange Server 2016
  • KB 3135689 A custom SAP ODI URI is removed by ActiveSync from an email message in an Exchange Server environment
  • KB 3135688 Preserves the web.config file for Outlook Web App when you apply a cumulative update in Exchange Server 2016
  • KB 3135601 Cyrillic characters are displayed as question marks when you run the “Export-PublicFolderStatistics.ps1” script in an Exchange Server 2016 environment
  • KB 3124242 Mailbox quota is not validated during migration to Exchange Server 2013 or Exchange Server 2016

Exchange 2013 CU12 fixes:

  • KB 3143710 “Failed Search or Export” error occurs when an eDiscovery search in the Exchange Admin Center finishes
  • KB 3138644 Messages are stuck in the Submission queue until NDRs are returned or the server is restarted
  • KB 3137585 OAuth authentication fails in a proxy scenario between Exchange Server 2013 hybrid on-premises and Office 365
  • KB 3137581 An eDiscovery search of all mailboxes or some Distribution Groups fails when you use the Exchange Administration Center
  • KB 3137390 “DeviceId cannot contain hyphens” warning occurs when you use the Exchange Management Shell or the Exchange Administration Center to remove the associations in Exchange Server
  • KB 3137384 Error occurs when you remove an ActiveSync device in the Exchange Management Shell or from the Exchange Administration Center
  • KB 3137383 CafeLocalProbe fails if the Health Mailbox UPN doesn’t match its Active Directory domain name
  • KB 3137380 Both read receipts and Non-read receipts are generated when an email is read through IMAP or POP in Exchange Server 2013
  • KB 3137377 MSExchange FrontEnd Transport service crashes when email messages are processed that contain a null “X-OriginatorOrg” message header
  • KB 3136694 Calendar items are not synced correctly when you use Exchange ActiveSync on a mobile device
  • KB 3136404 Searching by Furigana in Outlook’s address book is unsuccessful in an Exchange Server 2013 environment
  • KB 3135689 A custom SAP ODI URI is removed by ActiveSync from an email message in an Exchange Server environment
  • KB 3135334 Cannot set Title in Exchange Admin Center (ECP) if it contains more than 64 characters
  • KB 3135269 Event ID 4999 with MSExchangerepl.exe and MSExchangeDagMgmt.exe crash in Exchange Server 2013 environment
  • KB 3135018 Cannot remove devices when the DeviceType property includes a forward slash
  • KB 3134952 EdgeTransport.exe crashes when you view details of messages in the poison message queue
  • KB 3134918 An IRM-protected message sent to an external contact isn’t returned in a search or discovery results when journaling is implemented in an Exchange Server 2013 environment
  • KB 3134894 The “Search-Mailbox” cmdlet together with the “Attachment” property keyword lists all items that contain the query string of “attachment”
  • KB 3128706 HttpProxy overloads a downlevel Client Access Server in an Exchange Server 2013 co-existence environment
  • KB 3124248 Managed Availability responders fail because of invalid WindowsService names in an Exchange Server 2013 environment
  • KB 3124242 Mailbox quota is not validated during migration to Exchange Server 2013 or Exchange Server 2016
  • KB 3124064 Event ID 1009 is logged and no Health Manager alerts on failed content indexes during migration in Exchange Server 2013
  • KB 3118902 Resource Booking Assistant doesn’t update the subject of a recurring meeting in Exchange Server 2013
  • KB 3109539 Exchange Management Shell doesn’t return the correct number of Exchange Server 2013 Enterprise CALs license
  • KB 3108415 Logon for POP3 client disconnects randomly in an Exchange Server 2013 environment
  • KB 3106236 The “Export-PublicFolderStatistics.ps1” cmdlet exports Russian (Cyrillic) characters as question marks
  • KB 3098561 “Error executing child request for /owa/auth/errorFE.aspx” when you browse to /ECP in Exchange Server 2013

Notes:

  • Exchange 2016 CU1 includes schema changes, and Exchange 2013 CU12 may introduce RBAC changes in your environment. When applicable, make sure you run PrepareSchema /PrepareAD before deploying. To verify this step has been performed, consult the Exchange schema overview.
  • If you have deployed KB3097966 on your Exchange server running on Windows Server 2012 R2, you may want to manually recompile the .NET assemblies before upgrading Exchange to significantly speed up the process. To accomplish this, run the following on every Exchange server on Windows Server 2012 R2:
    “%windir%\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update”
    Don’t get upset by the messy output and any error messages; if the result of this command shown in the output is ‘0’ you’re good to go.
  • Be advised .NET Framework 4.6.1 is still not supported; make sure you don’t install this .NET update on your Exchange servers.
  • The Windows Management Framework (WMF)/ PowerShell version 5 is not supported. Don’t install this on your Exchange servers.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order of upgrading servers with Cumulative Updates is irrelevant.
  • Rollups are cumulative per service pack level, meaning you can apply the latest Rollup for Service Pack X to a Service Pack X installation.

Finally, as always for any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a week or two and monitor the comments on the original article or TechNet forum for any issues.

 

Exchange 2010 SP3 RU12 & Exchange 2007 SP3 RU18

Exchange 2010 LogoThe Exchange Team released Rollup 12 for Exchange Server 2010 Service Pack 3 (KB3096066) as well as Rollup 18 for Exchange Server 2007 Service Pack 3 (KB3078672). These update raise version numbers to 14.3.279.2 and 8.3.445.0 respectively.

Apart from a Daylight Savings Time update, documented here, these Rollups contain the following fixes:

Exchange 2010 SP3 Rollup 12:

  • KB 3048372 Exchange Calendar items are shifted incorrectly when some Windows DST updates are applied
  • KB 3096125 CryptographicException error when Edge Transport service crashes in an Exchange Server 2010 environment
  • KB 3097219 Organizer’s name isn’t displayed in the subject of the recurring meeting requests in Exchange Server 2010
  • KB 3106421 Very long URLs in an email message don’t open in OWA in Internet Explorer
  • KB 3115809 Mailboxes can be accessed when the DefaultNetworkCredentials option is selected when you use Exchange Web Services Managed API to connect to Exchange Server

Exchange Server 2007 SP3 Rollup 18:

  • KB 3106421 Very long URLs in an email message don’t open in OWA in Internet Explorer

Notes:

    • If you want to speed up the update process for systems without internet access, follow the procedure described here to disable publisher’s certificate revocation checking.
    • If you got an Exchange 2010 DAG, and want to properly update the DAG members, check the instructions here.
    • As for any Hotfix, Rollup, Service Pack or Cumulative Update, apply this update to a acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a certain period and monitor the comments on the release article or TechNet forum for any issues.

Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you can apply the latest Rollup after installing a fresh installation of RTM or SPx version, for that product level.

You can download Exchange 2010 SP3 Rollup 12 here and Exchange 2007 SP3 Rollup 18 here.

Exchange 2010-2013 Migration and OAB

Ex2013 LogoLast year, Exchange fellows Andrew Higginbotham, Paul Cunningham as well as the Exchange Team reported on checking, and when necessary configuring, your Offline Address Book (OAB) in your current Exchange Server 2010 environment, prior to installing Exchange Server 2013. Not doing so could result in a complete download of the Offline Address Book created by Exchange Server 2013, titled ‘Default Offline Address List (Ex2013)’.

Today I received a report that there is a different symptom of configuration absence. In this case, the customer reported on the inability to download the offline address book, and upon further inspection the Autodiscover server did not report back on the offline address book URL to use. In other words, OAB information was absent from the Autodiscover response, and Outlook gets confused. Note that this issue was reported in Outlook 2010 after installing Exchange Server 2013 Cumulative Update 10. I’m not sure if this change in behavior was introduced in these later builds of Exchange 2013 or Outlook, but it’s still a good thing to know.

The remedy here of course is to configure any (Exchange 2010) mailbox database with unconfigured Offline Address Book setting, and point them to the default offline address book using:

Get-MailboxDatabase | Where-Object {$_.OfflineAddressBook -eq $Null} | Set-MailboxDatabase -OfflineAddressBook (Get-OfflineAddressBook | Where-Object {$_.IsDefault -eq $True})

Exchange 2013 CU10 & Exchange 2010 SP3 RU11

Ex2013 LogoThe Exchange Team released Cumulative Update 10 for Exchange Server 2013 (KB3078678) as well as Rollup 11 for Exchange Server 2010 Service Pack 3 (KB3078674). These version levels will be required for co-existence with Exchange Server 2016, which is to be released at a later date. The updates raise the version numbers to 15.0.1130.7 and 14.3.266.1, respectively.

Cumulative Update 10 contains the following fixes for Exchange Server 2013:

  • KB 3087126 MS15-103: Description of the security update for Exchange Server: September 8, 2015
  • KB 3094068 Permissions for a linked mailbox are added to an account in the wrong forest in an Exchange Server 2013 environment
  • KB 3093884 The link in a quarantined email shows an empty list for ActiveSync-enabled devices in Exchange Server 2013
  • KB 3093866 The number of search results can’t be more than 250 when you search email messages in Exchange Server 2013
  • KB 3088911 Inline attachments are sent as traditional when you smart forward an HTML email in an iOS device in Exchange Server 2013
  • KB 3087571 Can’t edit or resend a delayed delivery message when you open the message from the Outbox folder in Exchange Server 2013
  • KB 3087293 “550 5.6.0” NDR and duplicated attachments when an encrypted email is sent in Outlook in Exchange Server 2013
  • KB 3080511 HTML forms aren’t available when the DisableFilter parameter is enabled in Outlook Web App in Exchange Server 2013
  • KB 3080221 LegacyExchangeDN attribute is displayed when you use Outlook Web App to view an appointment in Exchange Server 2013
  • KB 3079217 Outlook Web App replies to the wrong email address when an email has more than 12 recipients in Exchange Server 2013
  • KB 3078966 Outlook 2011 for Mac client displays emails as they come from the same senders in Exchange Server 2013
  • KB 3078443 Incorrect results are displayed when you search for an email that has a certain attachment name in Exchange Server 2013
  • KB 3078438 Performance issues occur in an Exchange Server 2013 environment that’s running BlackBerry Enterprise Server 5
  • KB 3078404 Can’t access a shared mailbox after you migrate from Exchange Server 2010 to Exchange Server 2013
  • KB 3076257 EWS returns a Success response code even if a batch deletion request isn’t completed in Exchange Server 2013
  • KB 3074823 No Send As audit events are logged when you use Send As permission in Exchange Server 2013
  • KB 3071776 “A problem occurred” error when you access shared folders in Exchang Server 2013 mailbox by using Outlook Web App
  • KB 3069516 Mailbox size and quota information are reported incorrectly in Outlook and Outlook Web App in Exchange Server 2013
  • KB 3061487 “FailedToGetRootFolders” error when you run an eDiscovery estimate search for archive mailboxes in Exchange Server 2013
  • KB 3058609 Wrong recipient is specified in an inbox rule that has the ForwardTo or RedirectTo option in Exchange Server 2013
  • KB 3009631 Advanced Find against the Sent Items folder in Outlook returns no result in Exchange Server 2013
  • KB 2999011 Documents are partially indexed by Exchange search when they embed other documents in Exchange Server 2013
  • KB 2983161 Organization unite picker is missing when you create a Remote Mailbox in Exchange Admin Console in Exchange Server 2013
  • KB 3091308 Can’t install cumulative updates or service packs when MachinePolicy or UserPolicy is defined in Exchange Server 2013

For Exchange Server 2010 SP3, Rollup 11 contains the following fix:

  • KB 3092576 Exchange 2010 Information Store crashes randomly

Notes:

    • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
    • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
    • This Cumulative Update does include Active Directory changes when compared to the previous Cumulative Update. If you have deployed a version earlier than CU10, make sure you run setup /PrepareAD.
    • If you got an Exchange 2010 DAG, and want to properly update the DAG members, check the instructions here.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading Exchange 2013 servers is irrelevant, unlike with previous generations of Exchange. Exchange 2010 Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier updates.

You can download Exchange 2013 Cumulative Update 10 here and Exchange 2010 SP3 Rollup 11 here. The Exchange 2013 CU10 Language Packs are available here.

Exchange 2010 SP3 RU10 & Exchange 2007 SP3 RU17

Exchange 2010 LogoThe Exchange Team released Rollup 10 for Exchange Server 2010 Service Pack 3 (KB3049853) as well as Rollup 17 for Exchange Server 2007 Service Pack 3 (KB3056710). These update raises the version numbers to 14.3.248.2 and 8.3.417.1 respectively.

Rollup 10 contains the following fixes for Exchange Server 2010 SP3:

  • KB 3069055 Various DAG maintenance scripts do not work in an Exchange Server 2010 environment
  • KB 3057422 “MapiExceptionNoAccess: Unable to query table rows” error and some mailboxes cannot be moved
  • KB 3056750 Exchange ActiveSync application pool crashes in an Exchange Server 2010 environment
  • KB 3054644 “The item no longer exists” error when you access an archive mailbox in Outlook Web App in Exchange Server 2010
  • KB 3051284 Event ID 4999 is logged and MSExchangeServicesAppPool crashes in an Exchange Server 2010 environment
  • KB 3049596 Event ID 4999 is logged and remote procedure call Client Access service crashes in an Exchange Server 2010 environment
  • KB 2964344 MSExchangeRPC service stops working intermittently in Exchange Server 2010
  • KB 3055764 Exchange Server 2010 Address Book Service crashes with event ID 4999

For Exchange Server 2007 SP3, the Rollup 17 contains the following fix:

  • KB 3057222 “InvaIidOperationException” error and cannot open digitally signed or NDR messages in FIPS-enabled Exchange Server 2007

Notes:

  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • If you got an Exchange 2010 DAG, and want to properly update the DAG members, check the instructions here.
  • Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

You can download Exchange 2010 SP3 Rollup 10 here and Exchange 2007 SP3 Rollup 14 here.

Exchange 2010 SP3 Rollup 9

Exchange 2010 LogoToday the Exchange Team released Rollup 9 for Exchange Server 2010 Service Pack 3 (KB3030085). This update raises Exchange 2010 version number to 14.3.235.1.

In addition to DST changes, this Rollup contains the following fixes:

  • 3032153 Recurring events in Calendar over DST are not adjusted on all ActiveSync devices in all Exchange Server environments
  • 3029667 SMTP is not transported over TLS 1.1 or TLS 1.2 protocol in an Exchange Server 2010 environment
  • 3017297 Event ID 3091 is logged and public folder replication fails in an Exchange Server 2010 environment
  • 3011892 Exchange ActiveSync client displays an incorrect email address in an Exchange Server 2010 environment
  • 3004486 A default application pool becomes unresponsive in Exchange Server 2010 that has more than 64 multirole servers

Notes:

  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • If you got a DAG and want to properly update the DAG members, check the instructions here.
  • Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.
  • Exchange 2010 is in extended support.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production.
You can download Exchange 2010 SP3 Rollup 9 here.

Blocking Outlook App for iOS & Android

imageYesterday, Microsoft announced the immediate availability the Outlook for iOS and Outlook for Android preview. These apps are the former app named Acompli, which was acquired by Microsoft in December, last year. It is unlikely that Microsoft will develop and support two similar apps, so one can assume the new Outlook app will replace the current OWA for iOS and OWA for Android (or just OWA for Devices) apps.

The app isn’t without a little controversy:

  • The app stores credentials in a cloud environment from Amazon Web Services for e-mail accounts that don’t support OAuth authorization.
  • The app makes use of a service sitting between the app and your mailbox. This service acts as a sort of proxy (hence it requires those credentials), fetching, (pre)processing and sending e-mail. In some way this is smart, as it makes the app less dependent on back-end peculiarities, using a uniform protocol to communicate with the proxy service.
  • The app does not distinguish between devices (device identities are assigned to your account, which makes sense since the app uses a service to retrieve and process your e-mail).
  • The app does not honor ActiveSync policies, like PIN requirements. While true, this app is not an ordinary Exchange ActiveSync client.

You can read more about this here and here.

In all fairness, when the app was still named Accompli, nobody cried foul. But the app is now rebranded Outlook and property of Microsoft, so it seems this made the app fair game. I hope Microsoft is working behind the scenes to make the new Outlook app enterprise-ready, and I’m sure it won’t be long before we see the app’s services move from AWS to Azure. The whole outrage in the media also seems a bit misplaced, as Connected Accounts in Exchange Online, which will retrieve e-mail from a POP or IMAP mailbox, will also store credentials ‘in the cloud’.

It is recommended to treat the app as a consumer app for now, and you may want to block the app in your organization. I have written on how to accomplish blocking or quarantining faulty iOS updates before. However, in those articles I used the reported OS version to block or quarantine devices. The Outlook app proxy service reports itself as “Outlook for iOS and Android” as device model when querying your mailbox, allowing us to use the DeviceModel parameter for matching.

The cmdlet to block or quarantine the new Outlook app in Exchange 2010, Exchange 2013 or Office 365,  is:

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Block

or, to quarantine:

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Quarantine

For examples of alternative blocking methods using TMG or F5, check this article. If you need to specify the user agent string, use “Outlook-iOS-Android/1.0” (or partial matching on “Outlook-iOS-Android” to block future updates of the app as well).

As goes for all mobile devices in enterprise environments, as an organization it may be better to test and aprove devices and OS versions rather than to be confronted with mobile apps with possible faulty behavior after an update or which may violate corporate security policies.

End of Exchange 2010 Mainstream Support

Exchange 2010 LogoWith all the media attention for Windows 7 going out of mainstream support, one might forget today also marks the end of mainstream support for Exchange Server 2010.

Exchange 2010, which was released in October, 2009 (which seems centuries ago now), and which still has a very large installed base, is going into the extended support phase.

Depending on your support contract, this means Microsoft will no longer provide free support for this product. Patches for security issues will still be available, and owners of premier support contracts are eligible for non-security updates through extended hotfix support option.

Exchange Server 2010 will reach end-of-life on January 14th, 2020.