Tag Archives: SP2

Forefront TMG 2010 SP2 Rollup 5

Posted on by
8

ForeFrontA short notice for those utilizing TMG in their environment on the release of Rollup 5 for Microsoft Forefront Threat Management Gateway (TMG) 2010, Service Pack 2 (KB2954173).

Changes in this update:

  • 2963805 Account lockout alerts are not logged after you install Rollup 4 for TMG 2010 SP2
  • 2963811 FIX: The TMG Firewall service (wspsrv.exe) may crash when the DiffServ filter is enabled
  • 2963823 “1413 Invalid Index” after you enable cookie sharing across array members
  • 2963834 HTTPS traffic may not be inspected when a user accesses a site
  • 2967726 New connections are not accepted on a specific web proxy or web listener in Threat Management Gateway 2010
  • 2965004 EnableSharedCookie option doesn’t work if the Forefront TMG service runs under a specific account
  • 2932469 An incorrect value is used for IPsec Main Mode key lifetime in Threat Management Gateway 2010
  • 2966284 A zero value is always returned when an average counter of the “Forefront TMG Web Proxy” object is queried from the .NET Framework
  • 2967763 The “Const SE_VPS_VALUE = 2” setting does not work for users if the UPN is not associated with a real domain
  • 2973749 HTTP Connectivity verifiers return unexpected failures in TMG 2010

TMG support will end on April 14th, 2015 and extended support will end on April 14th, 2020.

You can request Forefront TMG SP2 RU5 directly from support here.

Forefront TMG 2010 SP2 Rollup 4

Posted on by
Reply

ForeFrontA short blog on the release of Rollup 4 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 (KB2870877).

Changes in this update:

  • 2889345 Accounts are locked out beyond the AccountLockoutResetTime period in Forefront Threat Management Gateway 2010 SP2
  • 2890549 Incorrect Performance Monitor values when queried from a .NET Framework app in Forefront Threat Management Gateway 2010
  • 2890563 “URL” and “Destination Host Name” values are unreadable in the web proxy log of Forefront Threat Management Gateway 2010
  • 2891026 Firewall Service leaks memory if Malware Inspection is enabled in Forefront Threat Management Gateway 2010
  • 2888619 A password change is unsuccessful if a user’s DN attribute contains a forward slash and an Active Directory LDAP-defined special character in Forefront Threat Management Gateway 2010
  • 2863383 “Query stopped because an error occurred while it was running” when you run a non-live query in Forefront Threat Management Gateway 2010 SP2
  • 2899720 Threat Management Gateway 2010 incorrectly sends “Keep-Alive” headers when it replies to Media Player WPAD file requests
  • 2899716 Firewall service (Wspsrv.exe) crashes when a web publishing request is handled in Forefront Threat Management Gateway 2010
  • 2899713 Access to certain SSL websites may be unavailable when HTTPS Inspection is enabled in Forefront Threat Management Gateway 2010

This again shows TMG isn’t “dead” since it received it’s End-of-Life status.. yet. Note that TMG support will end on April 14th, 2015 and extended support will end on April 14th, 2020.

You can request Forefront TMG SP2 RU4 directly from support here.

Exchange 2010 SP3 Rollup 2 & SP2 RU7 (updated)

Posted on by
1

Exchange 2010 LogoNote that the installation of Exchange 2010 SP3 RU2 might prompt for the Service Pack files. Yes, you read that right. Exchange fellow Steve Goodman posted a blog on this issue here.

Today the Exchange Team released Rollup 2 for Exchange Server 2010 Service Pack 3 (KB2866475). This update raises Exchange 2010 version number to 14.3.158.1.

Here’s a list of fixes contained in this Rollup:

    • 2837926 Error message when you try to activate a passive copy of an Exchange Server 2010 SP3 database: “File check failed”
    • 2841150 Cannot change a distribution group that contains more than 1,800 members by using ECP in OWA in an Exchange Server 2010 environment
    • 2851419 Slow performance in some databases after Exchange Server 2010 is running continuously for at least 23 days
    • 2853899 Only the first page of an S/MIME signed or encrypted message is printed by using OWA in an Exchange Server 2010 environment
    • 2854564 Messaging Records Management 2.0 policy can’t be applied in an Exchange Server 2010 environment
    • 2855083 Public Folder contents are not replicated successfully from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010
    • 2859596 Event ID 4999 when you use a disclaimer transport rule in an environment that has Update Rollup 1 for Exchange Server 2010 SP3 installed
    • 2860037 iOS devices cannot synchronize mailboxes in an Exchange Server 2010 environment
    • 2861118 W3wp.exe process for the MSExchangeSyncAppPool application pool crashes in an Exchange Server 2010 SP2 or SP3 environment
    • 2863310 You cannot send an RTF email message that contains an embedded picture to an external recipient in an Exchange Server 2010 SP3 environment
    • 2863473 Users cannot access Outlook mailboxes that connect to a Client Access server array in an Exchange Server 2010 environment
    • 2866913 Outlook prompts to send a response to an additional update even though the response request is disabled in an Exchange Server 2010 environment
    • 2870028 EdgeTransport.exe crashes when an email message without a sender address is sent to an Exchange Server 2010 Hub Transport server
    • 2871758 EdgeTransport.exe process consumes excessive CPU resources on an Exchange Server 2010 Edge Transport server
    • 2873477 All messages are stamped by MRM if a deletion tag in a retention policy is configured in an Exchange Server 2010 environment

In addition to these fixes, this Rollup also includes a fix for the security issue described in Microsoft Security Bulletin MS13-061.

Notes:

  • As of Service Pack 2 Rollup 4, its no longer required to disable/re-enable ForeFront Protection for Exchange using the fscutility to be able to install the Rollup properly. However, if you want to remain in control, you can disable ForeFront before installing the Rollup using fscutility /disable and re-enable it afterwards using fscutility /enable;
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking;
  • If you got a DAG and want to properly update the DAG members, check the instructions here;
  • Rollups are cumulative, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production.

You can download Exchange 2010 SP3 Rollup 2 here.

Exchange 2010 SP2
For those still on Exchange 2010 SP2, Microsoft released Exchange 2010 SP2 Rollup 7. This Rollup only includes the MS13-061 security fix and raises Exchange 2010 SP2’s version number to 14.2.375.0, can be downloaded here; the related KB article is KB2874216.

Exchange 2010 SP2 Rollup 6

Posted on by
2

Today the Exchange Team released Rollup 6 for Exchange Server 2010 Service Pack 2 (KB2746164). This update raises Exchange 2010 version number to 14.2.342.3.

Here’s the list of changes included in this Rollup:

  • 2489941 The “legacyExchangeDN” value is shown in the “From” field instead of the “Simple Display Name” in an email message in an Exchange Server 2010 environment
  • 2717453 You cannot move or delete a folder by using Outlook in online mode in an Exchange Server 2010 environment
  • 2733608 Corrupted Japanese DBCS characters when you send a meeting request or post a reply to a posted item in a public folder in an Exchange Server 2010 environment
  • 2734635 Folder-associated information (FAI) items are deleted when you run the New-InboxRule cmdlet or change Inbox rules in an Exchange Server 2010 environment
  • 2737046 AutoPreview feature does not work when you use Outlook in online mode in an Exchange Server 2010 environment
  • 2741117 High CPU utilization by Microsoft Exchange Replication service on Client Access servers in an Exchange Server 2010 environment
  • 2746030 Incorrect ExternalURL value for EWS is returned by an Exchange Server 2010 Client Access server
  • 2750188 Exchange Service Host service crashes when you start the service on an Exchange 2010 server
  • 2751417 Synchronization fails if you sync an external device to a mailbox through EAS in an Exchange Server 2010 environment
  • 2751581 OAB generation fails with event IDs 9126, 9330, and either 9338 or 9339 in an Exchange Server 2010 environment
  • 2760999 “The signup domain ‘org’ derived from ‘<TenantDomainName>.org’ is not a valid domain” error message when you use the Hybrid Configuration wizard in an Exchange Server
  • 2776259 Msftefd.exe process crashes if an email attachment has an unexpected file name extension or no file name extension in an Exchange Server 2010 environment
  • 2779387 Duplicated email messages are displayed in the Sent Items folder in a EWS-based application that accesses an Exchange Server 2010 Mailbox server
  • 2783586 Name order of a contact is displayed incorrectly after you edit the contact in an Exchange Server 2010 environment
  • 2783631 User-Agent field is empty when you run the Get-ActiveSyncDeviceStatistics cmdlet in an Exchange Server 2010 SP2 environment
  • 2783633 You cannot move or delete an email message that is larger than the maximum receive or send size in an Exchange Server 2010 environment
  • 2783649 Private appointment is visible to a delegate in an Exchange Server 2010 environment
  • 2783771 Mailbox on a mobile device is not updated when EAS is configured in an Exchange Server 2010 environment
  • 2783772 Edgetransport.exe process crashes after a journal recipient receives an NDR message in an Exchange Server 2010 environment
  • 2783776 You cannot perform a cross-premises search in a mailbox in an Exchange Server 2010 hybrid environment
  • 2783782 Error message when you use Scanpst.exe on a .pst file in an Exchange Server 2010 environment
  • 2784081 Store.exe process crashes if you add certain registry keys to an Exchange Server 2010 Mailbox server
  • 2784083 Week numbers in the Outlook Web App and Outlook calendars are mismatched in an Exchange Server 2010 environment
  • 2784093 SCOM alerts and event ID 4 in an Exchange Server 2010 SP2 organization that has Update Rollup 1 or later
  • 2784566 Exchange RPC Client Access service crashes on an Exchange Server 2010 Mailbox server
  • 2787023 Exchange Mailbox Assistants service crashes when you try to change a recurring calendar item or publish free/busy data in an Exchange Server 2010 environment
  • 2793274 A new option is available that disables the PermanentlyDelete retention action in an Exchange Server 2010 organization
  • 2793278 You cannot use the search function to search for mailbox items in an Exchange Server 2010 environment
  • 2793279 Exchange Server 2010 does not restart when the Microsoft Exchange Replication service freezes
  • 2793488 Internet Explorer freezes when you connect to the OWA several times in an Exchange Server 2010 environment
  • 2810616 Email message delivery is delayed on a Blackberry mobile device after you install Update Rollup 4 for Exchange Server 2010 SP2

In addition to these fixes, this Rollup also includes a fix for the security issue described in Microsoft Security Bulletin MS13-012.

As of Rollup 4, its no longer required to disable/re-enable ForeFront Protection for Exchange using the fscutility to be able to install the Rollup properly. However, if you want to remain in control, you can disable ForeFront before installing the Rollup using fscutility /disable and re-enable it afterwards using fscutility /enable.

If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.

If you got a DAG and want to properly update the DAG members, check the instructions here.

Note that Rollups are cumulative, i.e. they contain fixes released in earlier Rollups for the same product level (RTM, SPx). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup.

As with any Hotfix, Rollup or Service Pack, I’d recommend to thoroughly test this rollup in a test and acceptance environment first, prior to implementing it in production.

You can download Exchange 2010 SP2 Rollup 6 here.

Forefront TMG 2010 SP2 Rollup 3

Posted on by
1

ForeFrontA short blog on the release of Rollup 3 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2.

For Exchange, this Rollup fixes unexpected authentication prompts when using OWA published using Forefront Threat Management Gateway (TMG) 2010 in conjunction with RSA authentication and Forms-based Authentication (FBA). For a full list of changes, consult knowledgebase article kb2735208.

This again proves TMG isn’t “dead” since it received it’s End-of-Life status. So again, when you got TMG, don’t panic: For TMG, support will end on April 14th, 2015 and extended support will end on April 14th, 2020. You have some time to look into alternatives.

You can request Forefront TMG SP2 RU3 directly from support here.