Tag: Microsoft

Security update available for Exchange 2007, 2010 and 2013

Microsoft has released a fix for Outlook Web App in all supported versions of Exchange.
In all cases, it comes to security issues that have been designated as Important.

Four security updates are also those offered by Microsoft Update, but here are the manually download links:

Rollup 15 for Exchange Server 2007 Service Pack 3
Rollup 8 for Exchange 2010 SP3
Security Update For Exchange Server 2013 SP1 (KB3011140)
Security Update For Exchange Server 2013 CU6 (KB3011140)
Cumulative Update 7 for Exchange Server 2013 (Provided not with Windows Update)

Versions that are not listed here are no longer supported or are not vulnerable. For more information read the security bulletin MS14-075: Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3,009,712)

Cumulative Update 7 for Exchange Server 2013

Today, Cumulative Update 7 for Exchange Server 2013 was released by the Exchange Team (KB2986485). This update raises Exchange 2013 version number to 15.0.1044.22.

Note: Customers that run backups of their Exchange databases are advised to upgrade to CU7 and perform a post-upgrade full backup. This is due to a race condition which could prevent proper restoration of pre-CU7 Exchange databases.

Notes:

  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
  • CU7 adds support for hierarchies containing 250,000 modern public folders. Consult this article for co-existence scenarios.
  • Be advised of OAB architectural changes introduced with CU5 which are documented here. If you are affected, it is recommended to update CAS servers prior to Mailbox servers.
  • If you have installed the Interim Update to fix Hybrid Configuration Wizard, you can install the Cumulative Update over it – there is no need to uninstall the IU prior to installing CU6.

This Cumulative Update includes schema and AD changes, so make sure you run PrepareSchema / PrepareAD. After updating, the schema version will be 15965.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM or Service Packs prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading servers is irrelevant, unlike with previous generations of Exchange.

Finally, for any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production.

You can download Exchange 2013 Cumulative Update 7 here; UM Language Packs can be found here.

This update resolves security issues that are described in December 2014 security update for Exchange Server 2013 Service Pack 1 and Cumulative Update 6.
Additionally, this update also resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

  • 3004235 Exchange Server meetings in Russian time zones as well as names of time zones are incorrect after October 26, 2014

  • 3012655 New-MailboxImportRequest causes unreadable characters when you import an ANSI format .pst file of Russian language

  • 3012652 CalendarProcessing cmdlet does not generate delegate permissions to universal security groups in Exchange Server 2013

  • 3009631 Advanced Find against the Sent Items folder in Outlook returns no result in Exchange Server 2013

  • 3009612 Outlook Web App shows organization details on the contact card beyond the scope of user ABP in Exchange Server 2013

  • 3009291 Shared mailbox cannot be opened in Outlook in an Exchange Server 2013 environment that has multiple domains

  • 3008453 Cannot edit or delete forms from the organizational forms library in Exchange Server 2013

  • 3008438 User who is trying to Log on to Exchange Admin Console is logged in to OWA instead

  • 3006672 Move request fails if the IsExcludedFromProvisioning option is true in Exchange Server 2013

  • 3005391 Exchange Server 2013 Cumulative Update 5 breaks free|busy lookup from Exchange Online to Exchange Server 2007

  • 3003986 RejectMessageReasonText in transport rule appears in the user section of a DSN in Exchange Server 2013

  • 3001217 TLS 1.0 is hardcoded for SMTP traffic encryption in Exchange Server 2013

  • 3001037 Distribution group cannot send email messages to a mail enabled public folder in an Exchange Server 2013 environment

  • 2999031 A cross-forest mailbox move from Exchange Server 2007 to Exchange Server 2013 finishes with CompletedWithWarnings status

  • 2998144 New-MoveRequest cmdlet with RemoteLegacy parameter cannot perform a cross-forest mailbox move

  • 2988553 Add-ADPermission and Remove-ADPermission can be run outside the management scope in Exchange Server 2013

  • 2981538 Exchange Control Panel crashes when you proxy from Exchange 2013 to Exchange 2010

  • 3014051 Cannot migrate mailboxes in a multiple domains environment in Exchange Server 2013

  • 3012986 ContentIndexRetryQueueSize value for a passive node never drops to zero in Exchange Server 2013 Cumulative Update 6

  • 3004011 Sound alerts do not work in Outlook Web App when new email or calendar notification is received in Exchange Server 2013

  • 3003580 Event ID 4999 and 4401 when the Microsoft Exchange Replication service crashes in Exchange Server 2013

  • 3003518 “550 5.7.1” NDR when you send messages to external recipients in an Exchange Server 2013 hybrid environment

  • 3003068 Cannot see online archive mailbox after you upgrade to Exchange Server 2013 Cumulative Update 6

  • 3000944 Subfolders under the Deleted Items folder are not visible in Outlook in an Exchange Server 2013 environment

  • 2997847 You cannot route ActiveSync traffic to Exchange 2007 mailboxes after you upgrade to Exchange 2013 CU6

  • 2997355 Exchange Online mailboxes cannot be managed by using EAC after you deploy Exchange Server 2013 CU6

  • 2997209 Exchange Server 2013 databases unexpectedly fail over in a co-existence environment with Exchange Server 2007

  • 2995263 OAB cannot be rebuilt if the .flt file is larger than two GB in Exchange Server 2013

  • 2994216 PublicFolderMoveRequest deletes all read or unread state in target mailbox for each user in Exchange Server 2013

  • 2993871 Resource Booking Assistant crashes after you upgrade to Exchange Server 2013 Cumulative Update 5

  • 2983216 Category setting on an item in Outlook jumps the selection to the top of the list in an Exchange Server 2013 environment

  • 2931223 MAPI virtual directory is missing from Default Web Site node

Rollup 8 v2 for Exchange Server 2010 SP3

Exchange Team released Rollup 8 for Exchange Server 2010 SP3

Update Rollup 8 for Exchange Server 2010 SP3 resolves security issues that are described in December 2014 security update for Exchange Server 2007 and Exchange Server 2010.
Additionally, this update resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

  • 3004235 Exchange Server meetings in Russian time zones as well as names of time zones are incorrect after October 26, 2014

  • 3009132 Hybrid mailbox moves to on-premises environment but finishes with CompletedWithWarnings status

  • 3008999 IRM restrictions are applied to incorrectly formatted .docx, .pptx, or .xlsx files in an Exchange Server 2010 environment

  • 3008370 Group members are not sorted by display name when HAB is used with OAB in Exchange Server 2010

  • 3008308 Public folder database migration issue in a mixed Exchange Server environment

  • 3007794 Hub Transport server cannot deliver messages when a database fails over to a cross-site DAG in Exchange Server 2010

  • 3004521 An Exchange server loses its connection to domain controllers if a public folder server is down in Exchange Server 2010

  • 2999016 Unreadable characters when you import ANSI .pst files of Russian language by using the New-MailboxImportRequest cmdlet

  • 2995148 Changing distribution group takes a long time in an Exchange Server 2010 environment

  • 2992692 Retention policy is not applied to Information Rights Management protected voice mail messages in Exchange Server 2010

  • 2987982 Issues caused by ANSI mode in Exchange Server 2010

  • 2987104 Email message is sent by using the “Send As” instead of “Send on Behalf” permission in Exchange Server 2010

  • 2982017 Incorrect voice mail message duration in Exchange Server 2013 and Exchange Server 2010

  • 2977279 You cannot disable journaling for protected voice mail in Exchange Server 2013 and Exchange Server 2010

Download: Rollup 8 v2 for Exchange Server 2010 SP3 (KB2986475)

Rollup 15 for Exchange Server 2007 SP3

Exchange Team released Update Rollup 15 for Exchange Server 2007 SP3

Update Rollup 15 for Exchange Server 2007 SP3 resolves security issues that are described in December 2014 security update for Exchange Server 2007 and Exchange Server 2010.
Additionally, this update resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

  • 3004235 Exchange Server meetings in Russian time zones as well as names of time zones are incorrect after October 26, 2014

  • 3008308 Public folder database migration issue in a mixed Exchange Server environment

Download the Exchange2007-KB2996150 package now.

Block iOS devices with Block-IOS-Devices.ps1 Script

Microsoft keeps a list of problems: Current issues with Microsoft Exchange ActiveSync and third-party devices

After some problems at a customer i looked deeper at these problems.
Most problems come’s with iOS devices (iPhone and iPad)

Sow I made a list of al iOS versions (6,7 and 8) and there problems.

To keep this simple i created a powershell script: Block-IOS-Devices.ps1 or you can download it from the Technet Script Libary: Block iOS devices with Block-IOS-Devices.ps1 Script

image

Rapid growth in transaction logs, CPU use, and memory consumption in Exchange Server 2010, Exchange 2013 and Office 365 when a user syncs a mailbox by using an iOS 6.1-based or iOS 6.1.1-based device

Yesterday i was at customer who had problem dat transaction logs Rapid growl.
It was on a Exchange 2013 Server with CU5.

For Exchange 2010 there was released a KB http://support.microsoft.com/kb/2814847

This is still a issue for Exchange 2010, Exchange 2013 and Office 365.

Microsoft has al ready blocked IOS 6.1 – 6.1.1 devices at Office 365.

Server was OK…. But When i run Get-EASDeviceReport.ps1 i saw some IOS 6.1 devices. Sow we going to block this IOS versions.

Powershell:
New-ActiveSyncDeviceAccessRule -querystring “iOS 6.1 10B141” -characteristic DeviceOS -accesslevel block
New-ActiveSyncDeviceAccessRule -querystring “iOS 6.1 10B142” -characteristic DeviceOS -accesslevel block
New-ActiveSyncDeviceAccessRule -querystring “iOS 6.1 10B143” -characteristic DeviceOS -accesslevel block
New-ActiveSyncDeviceAccessRule -querystring “iOS 6.1 10B144” -characteristic DeviceOS -accesslevel block
New-ActiveSyncDeviceAccessRule -querystring “iOS 6.1.1 10B145” -characteristic DeviceOS -accesslevel block

Fixing User Home Folder rights with Powershell

When i visit a lot of company’s i see many times that the home folder directory have not the right rights. To fix this that’s al lot of work. Sow it time to write about it. I wrote a nice powershell script to fix it and save me and you a lot of time.

Three steps :

1.  Set Share Permissions for the Everyone group to Full Control.

2.  Use the following settings for NTFS Permissions (http://support.microsoft.com/kb/274443):

  • CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only)
  • System – Full Control (Apply onto: This Folder, Subfolders and Files)
  • Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
  • Everyone – Create Folder/Append Data (Apply onto: This Folder Only)
  • Everyone – List Folder/Read Data (Apply onto: This Folder Only)
  • Everyone – Read Attributes (Apply onto: This Folder Only)
  • Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only)

Pay attention when configuring the home directory or folder redirection policies.  If you enable the setting to give the user exclusive access to the folder, you will override the inherited permissions and need to reset the ACL Winking smile

3. Run the Following script Repair-HomeFolderPermissions.ps1

________________________________________________________________________

#########################################################################
# Script: Repair-HomeFolderPermissions.ps1
# Author: Ward Vissers    http://www.wardvissers.nl
# Date: 20/11/2014
# Keywords:
# Comments:
# Pre-Requisites: Full Control over destination folder.
#
# +————+—–+———————————————————+
# |       Date | Usr | Description                                             |
# +————+—–+———————————————————+
# | 20/11/2014 | WV  | Initial Script                                          |
# |            |     |                                                         |
# +————+—–+———————————————————+
#
#   1. http://support.microsoft.com/kb/274443
#
#   2. Set Share Permissions for the Everyone group to Full Control.
#  
#   3.  Use the following settings for NTFS Permissions:
#
#   CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only)
#   System – Full Control (Apply onto: This Folder, Subfolders and Files)
#   Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
#   Everyone – Create Folder/Append Data (Apply onto: This Folder Only)
#   Everyone – List Folder/Read Data (Apply onto: This Folder Only)
#   Everyone – Read Attributes (Apply onto: This Folder Only)
#   Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only)
#
#
# DISCLAIMER
# ==========
# THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
# RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.
#############################################################################

$dirpath = “D:\Data\user”

# get list of all child directories, in the current directory
$directories = dir $dirpath | where {$_.PsIsContainer}

# iterate over the directories
foreach ($dir in $directories)
{
# echo out what the full directory is that we’re working on now
write-host Working on $dir.fullname using $dir.name

# setup the inheritance and propagation as we want it
$inheritance = [system.security.accesscontrol.InheritanceFlags]“ContainerInherit, ObjectInherit”
$propagation = [system.security.accesscontrol.PropagationFlags]“None”
$allowdeny=[System.Security.AccessControl.AccessControlType]::Allow

# get the existing ACLs for the directory
$acl = get-acl $dir.fullname

# add our user (with the same name as the directory) to have modify perms
$aclrule = new-object System.Security.AccessControl.FileSystemAccessRule($dir.name, “FullControl”, $inheritance, $propagation, “$allowdeny”)

# check if given user is Valid
$sid = $aclrule.IdentityReference.Translate([System.Security.Principal.securityidentifier])

# add the ACL to the ACL rules
$acl.AddAccessRule($aclrule)

# set the acls
set-acl -aclobject $acl -path $dir.fullname
}

__________________________________________________________________________

Tune and optimize performance of your Office 365 connection

Microsoft has published a new course on Office 365 Performance Management at the Microsoft Virtual Academy, which contains 11 modules across planning and troubleshooting areas including:

  1. Office 365 Performance Management Course Introduction
  2. Office 365 Datacenters and Network
  3. Planning for Office 365 Internet Capacity – Exchange Online
  4. Planning for Office 365 Internet Capacity – Lync Online
  5. Planning for Office 365 Internet Capacity – SharePoint Online
  6. The Baselining Model for Internet Capacity Planning
  7. Best Practices & Real Customer Projects Planning Internet Capacity
  8. Planning for Office 365 Firewalls Whitelisting
  9. Performance Troubleshooting Process and Tools Used
  10. Performance Troubleshooting Tests
  11. Troubleshooting SharePoint Online Customizations

MDT v.Next Coming….

New core tools

Windows 10 ADK supports Windows 7, Windows 8.1 and Windows 10 deployments.

Windows Image Configuration Designer (WICD), pronounced Wicked ?   🙂  Is supposed to be able to build a customized mobile or desktop image, and also create provisioning packages that allow you to customize a Windows device, without re-imaging.

Microsoft Deployment Toolkit v.Next (MDT) (standalone)

New upcoming version of MDT is in development, not much info presented yet, but a few items were mentioned in the session:

Windows 10 Deployment and Upgrade Support, as well as updated Task Sequence binaries

Removed deprecated components from Deployment Workbench, and making OSD more accessibility compliant.

MDT documentation will be on TechNet (removed legacy help file and DOCX)

Clean Up your template before Sysprep and Capture a reference image in MDT

When you create a reference Image it will in most cases it will be updated with patches. That will make the image bigger and bigger and there fore the deployment of that image will take longer and consume more network resources & unneeded disk space. That can be corrected by getting rid of superseded patches, junk, temp files and much more.

The Solution

Since MDT is the preferred method to create reference images you can download the script, import it as an application and then run the application just before the Sysprep and Capture step. The Script works for the following versions of Windows:

  • Windows 7 SP1
  • Windows 8
  • Windows 8.1 Update
  • Windows Server 2008 2 SP1
  • Windows Server 2012
  • Windows Server 2012 R2

To make this work in Windows 7 and Windows Server 2008 R2 you need to add a hotfix to Packages in MDT. http://support.microsoft.com/kb/2852386

Download the script

Download the script from here: Mirror Mirror 2

Action-CleanupBeforeSysprep Applicationimage

Task Sequenceimage

Created a Group Clean.
Add install a application –> Action-CleanUpBeforeSysprep
Restart Computer (Very Important) without it will not work

image

Source

Translate »