Microsoft releases updates for Exchange 2007, 2010, 2013

Today, Microsoft released its latest updates for Exchange 2007, 2010 and 2013.

The updates for Exchange 2007 and 2010 mostly evolve around the Daylight Saving Time changes and a bunch of fixes for the latter version.

Cumulative Update 6 for Exchange 2013 doesn’t introduce any new feature or feature changes, but I’m happy to see that the Hybrid Configuration Wizard bug – which caused the HCW to fail – is now included by default. An Interim Update was already available, but it’s nice to see it included into the full build.

Along with a bunch of other fixes, Cumulative Update 6 now also closes the gap with Office 365 when it comes to Public Folder performance and scalability: you can now also deploy up to 100,000 public folders on-premises. Along with this change, there are some other (minor) behavioral changes which Microsoft outlined beautifully here.

For more information on these updates, have a look at the following announcements for Microsoft:

Exchange 2013

Microsoft releases Exchange 2013 Cumulative Update 5 and Exchange 2010 Update Rollup 6

Today, Microsoft released Cumulative Update 5 for Exchange 2013 and Update Rollup 6 for Exchange 2010.

Exchange 2013 Cumulative Update 5

Next to a ton of bug fixes, Microsoft made changes to a few components including:

  • Offline Address Book generation
  • Hybrid Configuration Wizard

Except for the above changes, it looks like CU5 will mostly consist of fixes. By the looks of it and as Tony Redmond already pointed out CU5 promises to be a stable release. Whether it will stay that way is something only time will tell…

Installing Cumulative Update 5

Installing CU5 is no different from older versions. You can also immediately upgrade from any previous version of Exchange 2013 to CU5. There is no requirement to install SP1 (a.k.a. CU4) first.

After installation, Microsoft warns there might be a Managed Availability probe which went into overdrive and repeatedly restarts a newly added service called the Microsoft Exchange Shared Cache Service. However, this service isn’t used in CU5 (planned for the future?) and as such there is no impact at all.

However, if you are worried about your application log filling up with events from Managed Availability, you can disable the probe. More information can be found here.

This update also includes Active Directory changes, so you will be required to extend the AD schema. Given that you’re used to it by now, this shouldn’t present much of a problem. For more information on how to deploy a Cumulative Update, I suggest you have a look at the following article by ExchangeServerPro: 

Installing Cumulative Updates and Service Packs for Exchange Server 2013

You can download Cumulative Update 5 from here. The original release announcement is here.

Exchange 2010 Update Rollup 6

This update seems mainly to be a routine update to Exchange 2010. As expected, there are no major revelations except for a bunch of updates and fixes:

  • 2960652 Organizer name and meeting status field can be changed by EAS clients in an Exchange Server 2010 environment
  • 2957762 “A folder with same name already exists” error when you rename an Outlook folder in an Exchange Server 2010 environment
  • 2952799 Event ID 2084 occurs and Exchange server loses connection to the domain controllers in an Exchange Server 2010 environment
  • 2934091 Event ID 1000 and 7031 when users cannot connect to mailboxes in an Exchange Server 2010 environment
  • 2932402 Cannot move a mailbox after you install Exchange Server 2010 SP3 RU3 (KB2891587)
  • 2931842 EWS cannot identify the attachment in an Exchange Server 2010 environment
  • 2928703 Retention policy is applied unexpectedly to a folder when Outlook rule moves a copy in Exchange Server 2010
  • 2927265 Get-Message cmdlet does not respect the defined write scope in Exchange Server 2010
  • 2925273 Folder views are not updated when you arrange by categories in Outlook after you apply Exchange Server 2010 Service Pack 3 Update Rollup 3 or Update Rollup 4
  • 2924592 Exchange RPC Client Access service freezes when you open an attached file in Outlook Online mode in Exchange Server 2010
  • 2923865 Cannot connect to Exchange Server 2010 when the RPC Client Access service crashes

You can download Rollop Update 6 from here.

Microsoft’s original release announcements can be found here.

Blog Exchange Exchange 2013 News

Windows Server 2012 R2 ADFS ‘alternative login ID’, removes the need to have an internet-routable UPN

Recently, Microsoft released an update to Windows Server 2012 R2 which – next to a bunch of bug fixes – also includes new features to some of the Operating System’s components. Amongst these new features there’s one that I found particularly interesting, more specifically the update to the AD FS 3.0 component which enables customers to use a different attribute to identify federated uses in Windows Azure AD. The feature itself is better known as “Alternate Login ID”.

As the TechNet documentation on this topic describes, it would now be possible to use a different attributed from the User Principal Name to identify federated users in Office 365. This helps customers who aren’t able to change their UPNs from the current value (like e.g. domain.local or domain.corp) to an internet-routable domain (like domain.com). Even though that in many situations changing the UPN isn’t a big of a deal, some customers leverage the existing UPN in third party applications and therefore might not be able to make this change easily.

If you want to deploy this feature, you’ll have to figure some things out by yourself. The documentation that is currently available doesn’t explain all the steps. At least, that is if you want to implement it right away. I expect the documentation to become available shortly. Also mind that I haven’t seen any official statement that the use of “Alternate Login ID” is already supported by Office 365 today, but the documentation certainly hints to it and if I recall correctly, it was also announced at the Microsoft Exchange Conference, last week.

The configuration itself requires you to jump through a few hoops, including modifying DirSync to refer to the new attribute you’ve selected as being the Alternate Login ID instead of the UPN. Personally, I would still recommend changing the UPN – if possible. But there’s an alternative now and having alternative is always good thing, isn’t it?

I’ll definitely have a go at this later this week and will post my findings here.

-Michael

[Update 04/14/2014] Here’s the KB article describing the update I reference in this article: http://support.microsoft.com/kb/2927690

 

ADFS Blog Exchange Exchange 2013 Hybrid Exchange News Office 365

What’s new in Exchange Server 2013 SP1 (CU4)?

Along With Exchange Server 2010 SP3 Update Rollup 5 and Exchange Server 2007 SP3 Update Rollup 13, Microsoft released Cumulative Update 4 for Exchange Server 2013  – also known as Service Pack 1 – just moments ago. Although much more detail will follow in the days to come, below is already a short summary of what’s new and what’s changed in this release. In the upcoming weeks we’ll definitely be taking a closer/deeper look at these new features, so make sure to check back regularly!

Goodbye RPC/HTTP and welcome MAPI/HTTP

With Service Pack 1, the Exchange team introduced a new connectivity model for Exchange 2013. Instead of using RPC/HTTP (which has been around for quite a while), they have now introduced MAPI/HTTP. The big difference between both is that RPC is now cut away and therefore allow for a more resilient / lenient way to connect to Exchange. HTTP is still used for transport, but instead of ‘encapsulating’ MAPI in RPC packets, it’s now transported directly with the HTTP stream.

To enable MAPI/HTTP, run the following command:

Set-OrganizationConfig –MapiHttpEnabled $true

As you can see from the cmdlet, deploying MAPI/HTTP is an “all-or-nothing” approach. This means that you have to plan the deployment carefully. Switching from ‘traditional’ RPC/HTTP to MAPI/HTTP involves users restarting their Outlook (yes, the dreadful “Your Administrator has made a changed…”-dialog box is back). Luckily, the feature will – for now? – only work on Office 2013 Service Pack 1. Anyone who isn’t using this version will continue to use RPC/HTTP and will not be required to restart. Just keep it in mind when you upgrade your clients so that you don’t create a storm of calls to your helpdesk…

Anyway, because the feature is disabled by default – and because it traditionally takes a while before new software gets deployed – I don’t expect this feature to be widely used any time soon though.

Exchange Admin Center Command Logging

This is one of the most-wanted features ever since Exchange 2013 was released. Previously the Exchange 2010 logged all the cmdlets that it executed when you performed a task through the Management Console. However, because of the move from the EMC to the new web-based Exchange Admin Center (EAC), this feature disappeared which caused a lot of protest.

Now, in SP1, the feature – somewhat – returns and gives you the ability to capture the cmdlets the EAC executes whenever you’re using it. The feature itself can be found in the top-right corner of the EAC, when clicking the question mark button:

image

Support for Windows Server 2012 R2

Another long-awaited and much-asked-for feature is the support for Windows Server 2012 R2. This means that you will be able to deploy Exchange 2013 SP1/CU4 on a server running Microsoft’s latest OS. At the same time, the support for Domain Controllers running Windows Server 2012 R2 was also announced. This effectively means that you no longer have to wait to upgrade your Domain Controllers!

S/MIME support for OWA

Another feature that existing in Exchange 2010, but didn’t make the bar for the RTM release of Exchange 2013 is S/MIME support for OWA. Now, however, it’s available again.

The return of the Edge Transport Server Role

It looks like the long lost son made its way back into the product. The Edge Transport Server role, that is. Although – honestly – the Edge Transport Server isn’t a much deployed server role – at least not in the deployments I come across, it is a features which is used quite a bit in hybrid deployments. This is mainly because it’s the only supported filtering solutions in a hybrid deployment. Any other type of filtering device/service/appliance [in a hybrid deployment] will cause you to do more work and inevitably cause more headaches as well.

This is definitely good news. However, there are some things to keep in mind. First of all, the Edge Transport server doesn’t have a GUI. While this is not much of an issue for seasoned admins, people who are new to Exchange might find the learning curve (PowerShell-only) a little steep.

General Fixes and Improvements

As with every Cumulative Update, this one probably also contains a bunch of improvements and fixes. More information to the download and the updates can be found here.

Support for SSL Offloading

Now, there’s also support again for SSL Offloading. This means that you are no longer required to re-encrypt traffic coming from e.g. a load-balancer after it decrypted it first. Although many customers like to decrypt/re-encrypt, there are deployments where SSL Offloading makes sense. Additionally, by offloading SSL traffic you spare some resources on the Exchange Server as it no longer has to decrypt traffic. The downside – however – is that traffic flows unencrypted between the load balancer and the Exchange Servers.

DLP Policy Tips in OWA

Data Loss Protection was one of the new features in Exchange 2013 RTM and was very well received in the market. It allows you to detect whenever sensitive data is being sent and take appropriate actions if so. Although DLP policies worked just fine in OWA, you wouldn’t get the Policy Tips (Warnings) as they were displayed in Outlook 2013. These tips are – in my opinion – one of the more useful parts of the DLP feature and that’s why I find it great they’ve finally added it into OWA. Now, you’re no longer required to stick to Outlook to get the same experience!

DLP Fingerprinting

As mentioned above, DLP allows you to detect whenever sensitive information is sent via email. However, detecting sensitive information isn’t always easy. Until now, you had to build (complex) Regular Expressions which would then be evaluated against the content being sent through Exchange. With the DLP Fingerprinting feature, you can now upload a document to Exchange which will then use that document as a template to evaluate content against. It is a great and easy way to make Exchange recognize certain files / type of files without having to code everything yourself in RegEx!

The DLP Fingerprinting feature can be found under Compliance Management > Data losse preventsion > Manage Document Fingerprints

image

A more detailed overview of what DLP Fingerprinting is, has already been published on the EHLO Blog from the MS Exchange team: http://blogs.technet.com/b/exchange/archive/2014/02/25/data-loss-prevention-in-exchange-just-got-better.aspx

Rich text editing in OWA

Outlook Web App is already one of the best web-based email clients available. In search of brining more features to OWA to make it even better, the Exchange team now added also some – maybe less visible – but very welcome improvements to OWA. The rich text editing features is one of them.

For example, you have now more editing capabilities and you can easily add items like tables or embedding images:

image

Database Availability Group without IP (Administrative Access Point)

Leveraging the new capabilities in Windows Server 2012 R2 (Failover Clustering), you can now deploy a DAG without an administrative Access Point (or IP Address). This should somehow simplify the deployment of a Database Availability Group.

Deploying Service Pack 1

The process for deploying Service Pack 1 isn’t different from any other Cumulative Update. In fact, Service Pack 1 is just another name for Cumulative Update 4. Basically, upgrading a server will do a back-to-back upgrade of the build which means that any customizations you have made to configuration files will most likely to be lost. Make sure to backup those changes and don’t forget to re-apply them. This is especially important if you have integrated Lync with Exchange 2013 as this (still) requires you to make changes to one of the web.config files!

After you have upgraded the servers, I would suggest that you reboot them. Because the way Managed Availability works, you might sometimes find the Frontend Transport Service not to work as expected for a while. Typically a reboot solves the ‘issue’ right away.

Other views

By the time I published this overview, some of the other MVPs already put some thoughts out there. Make sure to check them out:

Tony Redmond: http://windowsitpro.com/blog/exchange-2013-sp1-mixture-new-and-completed-fixtures

Have fun with it and make sure to check back in the following days as I’ll be zooming in into some of the features I discussed in this article!

-Michael

Blog Exchange 2013 News

Exchange 2013 Cumulative Update 3 and Exchange 2010 SP3 RU3 released

Microsoft just released it’s quarterly software updates for Exchange Server 2010 and Exchange Server 2013. You can download the latest updates through the following links:

Exchange 2013 Cumulative Update 3

After some issues with Cumulative Update 2, which had to be pulled and re-released, Microsoft put more effort into testing and validating CU3 before releasing it to the public. That is one of the reasons why it took a little longer than expected for CU3 to be available. A good thing which hopefully pays of in a stable update without any (major) issues! CU3 introduces a bunch of new features to Exchange 2013, amongst which are:

  • Improved experience for Group Management in EAC
  • Integration with Online RMS for on-premises-only deployments
  • Improved Admin Audit Logging

As you can see, there’s quite some new – and interesting – stuff in CU3, which makes it definitely worth taking a closer look at. I’m particularly interested in finding out more about the RMS Online integration (which is a good thing!). Next to a bunch of new features, there are also some important bug fixes in CU3:

  • KB2888315 Event 2112 or 2180 is logged when you try to back up a database in an Exchange Server 2013 environment
  • KB2874216 Security issue that is described in Security Bulletin MS13-061 is resolved by an Exchange Server update
  • KB2902929 You cannot forward an external meeting request in an Exchange Server 2013 environment
  • KB2890814 No redirection to the Outlook Web App URL for Exchange Online users in an Exchange hybrid deployment
  • KB2883203 Exchange Server 2013 restarts frequently after Cumulative Update 2 is installed

A complete list of the most important bug fixes can be found here.

Deploying CU3

Deploying CU3 is similar to deploying previous CUs. Just like these previous CUs, CU3 also includes Active Directory schema updates. For more information on how to deploy a Cumulative Update, have a look at Paul Cunningham’s blog here.

How about Exchange 2013 Service Pack 1?

As a side-note to the release is that Microsoft previously announced that Exchange Server 2013 Cumulative Update 4 would be released as Service Pack 1. Taking the three-month cadence in which Cumulative Updates are expected to be released, puts Service Pack 1 to be released around the February/March 2014 timeframe – that is assuming the CU release cadence is respected. This is a little earlier than I anticipated, to be honest. I expected SP1 not to be released until at the Microsoft Exchange Conference in April (which – now I come to think of it is merely a month later). I, for one, am looking forward to “SP1”, usually this is a milestone that many companies wait for before deploying a new server product like Exchange. Traditionally, Service Packs were used to introduce a bucket of new features to the product along with some other improvements. Given that each Cumulative Update so far has added functionality, I wonder if SP1 (Cumulative Update 4) will generate the same impact as it has done with previous releases…

Exchange 2010 SP3 Update Rollup 3

This latest Update Rollup for Exchange 2010 Service Pack 3 contains a rather long list of bug fixes. Amongst these fixes, I found the following ones to stand out, mainly because I faced them a few times, myself:

  • KB2839533 RPC Client Access service freezes in an Exchange Server 2010 environment
  • KB2887609 Hybrid Configuration wizard does not display the Domain Proof of Ownership list in an Exchange Server 2010 SP3 environment

A complete list of the most important fixes, can be found here. (note: content of this link may not yet be available) Have fun!

Blog Exchange 2013 News

Microsoft rereleases MS13-061 Security Update for Exchange 2013

After last weeks debacle where the Security Update MS13-061 went (really) bad and had to be pulled, Microsoft rereleased the update today. This new version – let’s call it v2 for a change (notice the sarcasm here) – contains a minor change; albeit one that makes a huge difference…

The initial version caused some registry settings to be overwritten incorrectly whereas this version corrects that and keeps the registry settings (as it should). The details of these registry settings can be found here: KB 2879739

The update can be found below:

For more information, please consult the original announcement by the Exchange Product Team.

Exchange 2013

Microsoft releases a bunch of Rollup- and Security updates for Exchange

Moments ago, Microsoft released a bunch of Rollup Updates and (critical) security updates for Exchange:

  • Update Rollup 11 for Exchange Server 2007 SP3
  • Update Rollup 7 for Exchange Server 2010 SP2
  • Update Rollup 2 for Exchange Server 2010 SP3
  • Exchange Server 2013 RTM CU1 MSRC Security bulletin MS13-061
  • Exchange Server 2013 RTM CU2 MSRC Security bulletin MS13-061

By now, you should be familiar with the “traditional” way of how the Rollup Updates work for Exchange 2007 and 2010. New, however, are the security updates for Exchange 2013. As announced before, these security updates only have a limited scope within which they are supported.

As such, you’ll have to make sure that you are running either of the following Exchange 2013 versions:

  • Exchange 2013 RTM CU1
  • Exchange 2013 RTM CU2 v2

In case you’ve missed it: Yes, you need version 2 of CU2 for Exchange 2013 installed.

For more information on the updates, have a look at the original announcement here

Security Update MS13-061

It seems that Oracle is once to blame for the critical security update, which has already been announced a few days ago. As described on the Security Bulletin page, the vulnerability would allow to remotely execute code on your Exchange Servers.

In fact, there are multiple vulnerabilities of which 2 again have to do with WebReady Document viewing (just like earlier this year). The third vulnerability is because the feature called “Outside In” is used in DLP.

I haven’t had the opportunity to read more about it, but if you want the original announcement has been updated with more information:

Happy updating…!

Exchange 2013