Today, Microsoft released its latest updates for Exchange 2007, 2010 and 2013.
The updates for Exchange 2007 and 2010 mostly evolve around the Daylight Saving Time changes and a bunch of fixes for the latter version.
Cumulative Update 6 for Exchange 2013 doesn’t introduce any new feature or feature changes, but I’m happy to see that the Hybrid Configuration Wizard bug – which caused the HCW to fail – is now included by default. An Interim Update was already available, but it’s nice to see it included into the full build.
Along with a bunch of other fixes, Cumulative Update 6 now also closes the gap with Office 365 when it comes to Public Folder performance and scalability: you can now also deploy up to 100,000 public folders on-premises. Along with this change, there are some other (minor) behavioral changes which Microsoft outlined beautifully here.
For more information on these updates, have a look at the following announcements for Microsoft:
Today, Microsoft released Cumulative Update 5 for Exchange 2013 and Update Rollup 6 for Exchange 2010.
Exchange 2013 Cumulative Update 5
Next to a ton of bug fixes, Microsoft made changes to a few components including:
Offline Address Book generation
Hybrid Configuration Wizard
Except for the above changes, it looks like CU5 will mostly consist of fixes. By the looks of it and as Tony Redmond already pointed out CU5 promises to be a stable release. Whether it will stay that way is something only time will tell…
Installing Cumulative Update 5
Installing CU5 is no different from older versions. You can also immediately upgrade from any previous version of Exchange 2013 to CU5. There is no requirement to install SP1 (a.k.a. CU4) first.
After installation, Microsoft warns there might be a Managed Availability probe which went into overdrive and repeatedly restarts a newly added service called the Microsoft Exchange Shared Cache Service. However, this service isn’t used in CU5 (planned for the future?) and as such there is no impact at all.
However, if you are worried about your application log filling up with events from Managed Availability, you can disable the probe. More information can be found here.
This update also includes Active Directory changes, so you will be required to extend the AD schema. Given that you’re used to it by now, this shouldn’t present much of a problem. For more information on how to deploy a Cumulative Update, I suggest you have a look at the following article by ExchangeServerPro:
Recently, Microsoft released an update to Windows Server 2012 R2 which – next to a bunch of bug fixes – also includes new features to some of the Operating System’s components. Amongst these new features there’s one that I found particularly interesting, more specifically the update to the AD FS 3.0 component which enables customers to use a different attribute to identify federated uses in Windows Azure AD. The feature itself is better known as “Alternate Login ID”.
As the TechNet documentation on this topic describes, it would now be possible to use a different attributed from the User Principal Name to identify federated users in Office 365. This helps customers who aren’t able to change their UPNs from the current value (like e.g. domain.local or domain.corp) to an internet-routable domain (like domain.com). Even though that in many situations changing the UPN isn’t a big of a deal, some customers leverage the existing UPN in third party applications and therefore might not be able to make this change easily.
If you want to deploy this feature, you’ll have to figure some things out by yourself. The documentation that is currently available doesn’t explain all the steps. At least, that is if you want to implement it right away. I expect the documentation to become available shortly. Also mind that I haven’t seen any official statement that the use of “Alternate Login ID” is already supported by Office 365 today, but the documentation certainly hints to it and if I recall correctly, it was also announced at the Microsoft Exchange Conference, last week.
The configuration itself requires you to jump through a few hoops, including modifying DirSync to refer to the new attribute you’ve selected as being the Alternate Login ID instead of the UPN. Personally, I would still recommend changing the UPN – if possible. But there’s an alternative now and having alternative is always good thing, isn’t it?
I’ll definitely have a go at this later this week and will post my findings here.
With Service Pack 1, the Exchange team introduced a new connectivity model for Exchange 2013. Instead of using RPC/HTTP (which has been around for quite a while), they have now introduced MAPI/HTTP. The big difference between both is that RPC is now cut away and therefore allow for a more resilient / lenient way to connect to Exchange. HTTP is still used for transport, but instead of ‘encapsulating’ MAPI in RPC packets, it’s now transported directly with the HTTP stream.
To enable MAPI/HTTP, run the following command:
Set-OrganizationConfig –MapiHttpEnabled $true
As you can see from the cmdlet, deploying MAPI/HTTP is an “all-or-nothing” approach. This means that you have to plan the deployment carefully. Switching from ‘traditional’ RPC/HTTP to MAPI/HTTP involves users restarting their Outlook (yes, the dreadful “Your Administrator has made a changed…”-dialog box is back). Luckily, the feature will – for now? – only work on Office 2013 Service Pack 1. Anyone who isn’t using this version will continue to use RPC/HTTP and will not be required to restart. Just keep it in mind when you upgrade your clients so that you don’t create a storm of calls to your helpdesk…
Anyway, because the feature is disabled by default – and because it traditionally takes a while before new software gets deployed – I don’t expect this feature to be widely used any time soon though.
Exchange Admin Center Command Logging
This is one of the most-wanted features ever since Exchange 2013 was released. Previously the Exchange 2010 logged all the cmdlets that it executed when you performed a task through the Management Console. However, because of the move from the EMC to the new web-based Exchange Admin Center (EAC), this feature disappeared which caused a lot of protest.
Now, in SP1, the feature – somewhat – returns and gives you the ability to capture the cmdlets the EAC executes whenever you’re using it. The feature itself can be found in the top-right corner of the EAC, when clicking the question mark button:
Support for Windows Server 2012 R2
Another long-awaited and much-asked-for feature is the support for Windows Server 2012 R2. This means that you will be able to deploy Exchange 2013 SP1/CU4 on a server running Microsoft’s latest OS. At the same time, the support for Domain Controllers running Windows Server 2012 R2 was also announced. This effectively means that you no longer have to wait to upgrade your Domain Controllers!
S/MIME support for OWA
Another feature that existing in Exchange 2010, but didn’t make the bar for the RTM release of Exchange 2013 is S/MIME support for OWA. Now, however, it’s available again.
The return of the Edge Transport Server Role
It looks like the long lost son made its way back into the product. The Edge Transport Server role, that is. Although – honestly – the Edge Transport Server isn’t a much deployed server role – at least not in the deployments I come across, it is a features which is used quite a bit in hybrid deployments. This is mainly because it’s the only supported filtering solutions in a hybrid deployment. Any other type of filtering device/service/appliance [in a hybrid deployment] will cause you to do more work and inevitably cause more headaches as well.
This is definitely good news. However, there are some things to keep in mind. First of all, the Edge Transport server doesn’t have a GUI. While this is not much of an issue for seasoned admins, people who are new to Exchange might find the learning curve (PowerShell-only) a little steep.
General Fixes and Improvements
As with every Cumulative Update, this one probably also contains a bunch of improvements and fixes. More information to the download and the updates can be found here.
Support for SSL Offloading
Now, there’s also support again for SSL Offloading. This means that you are no longer required to re-encrypt traffic coming from e.g. a load-balancer after it decrypted it first. Although many customers like to decrypt/re-encrypt, there are deployments where SSL Offloading makes sense. Additionally, by offloading SSL traffic you spare some resources on the Exchange Server as it no longer has to decrypt traffic. The downside – however – is that traffic flows unencrypted between the load balancer and the Exchange Servers.
DLP Policy Tips in OWA
Data Loss Protection was one of the new features in Exchange 2013 RTM and was very well received in the market. It allows you to detect whenever sensitive data is being sent and take appropriate actions if so. Although DLP policies worked just fine in OWA, you wouldn’t get the Policy Tips (Warnings) as they were displayed in Outlook 2013. These tips are – in my opinion – one of the more useful parts of the DLP feature and that’s why I find it great they’ve finally added it into OWA. Now, you’re no longer required to stick to Outlook to get the same experience!
As mentioned above, DLP allows you to detect whenever sensitive information is sent via email. However, detecting sensitive information isn’t always easy. Until now, you had to build (complex) Regular Expressions which would then be evaluated against the content being sent through Exchange. With the DLP Fingerprinting feature, you can now upload a document to Exchange which will then use that document as a template to evaluate content against. It is a great and easy way to make Exchange recognize certain files / type of files without having to code everything yourself in RegEx!
The DLP Fingerprinting feature can be found under Compliance Management > Data losse preventsion > Manage Document Fingerprints
Outlook Web App is already one of the best web-based email clients available. In search of brining more features to OWA to make it even better, the Exchange team now added also some – maybe less visible – but very welcome improvements to OWA. The rich text editing features is one of them.
For example, you have now more editing capabilities and you can easily add items like tables or embedding images:
Database Availability Group without IP (Administrative Access Point)
Leveraging the new capabilities in Windows Server 2012 R2 (Failover Clustering), you can now deploy a DAG without an administrative Access Point (or IP Address). This should somehow simplify the deployment of a Database Availability Group.
Deploying Service Pack 1
The process for deploying Service Pack 1 isn’t different from any other Cumulative Update. In fact, Service Pack 1 is just another name for Cumulative Update 4. Basically, upgrading a server will do a back-to-back upgrade of the build which means that any customizations you have made to configuration files will most likely to be lost. Make sure to backup those changes and don’t forget to re-apply them. This is especially important if you have integrated Lync with Exchange 2013 as this (still) requires you to make changes to one of the web.config files!
After you have upgraded the servers, I would suggest that you reboot them. Because the way Managed Availability works, you might sometimes find the Frontend Transport Service not to work as expected for a while. Typically a reboot solves the ‘issue’ right away.
By the time I published this overview, some of the other MVPs already put some thoughts out there. Make sure to check them out:
After some issues with Cumulative Update 2, which had to be pulled and re-released, Microsoft put more effort into testing and validating CU3 before releasing it to the public. That is one of the reasons why it took a little longer than expected for CU3 to be available. A good thing which hopefully pays of in a stable update without any (major) issues! CU3 introduces a bunch of new features to Exchange 2013, amongst which are:
Improved experience for Group Management in EAC
Integration with Online RMS for on-premises-only deployments
Improved Admin Audit Logging
As you can see, there’s quite some new – and interesting – stuff in CU3, which makes it definitely worth taking a closer look at. I’m particularly interested in finding out more about the RMS Online integration (which is a good thing!). Next to a bunch of new features, there are also some important bug fixes in CU3:
KB2888315 Event 2112 or 2180 is logged when you try to back up a database in an Exchange Server 2013 environment
KB2874216 Security issue that is described in Security Bulletin MS13-061 is resolved by an Exchange Server update
KB2902929 You cannot forward an external meeting request in an Exchange Server 2013 environment
KB2890814 No redirection to the Outlook Web App URL for Exchange Online users in an Exchange hybrid deployment
KB2883203 Exchange Server 2013 restarts frequently after Cumulative Update 2 is installed
A complete list of the most important bug fixes can be found here.
Deploying CU3 is similar to deploying previous CUs. Just like these previous CUs, CU3 also includes Active Directory schema updates. For more information on how to deploy a Cumulative Update, have a look at Paul Cunningham’s blog here.
How about Exchange 2013 Service Pack 1?
As a side-note to the release is that Microsoft previously announced that Exchange Server 2013 Cumulative Update 4 would be released as Service Pack 1. Taking the three-month cadence in which Cumulative Updates are expected to be released, puts Service Pack 1 to be released around the February/March 2014 timeframe – that is assuming the CU release cadence is respected. This is a little earlier than I anticipated, to be honest. I expected SP1 not to be released until at the Microsoft Exchange Conference in April (which – now I come to think of it is merely a month later). I, for one, am looking forward to “SP1”, usually this is a milestone that many companies wait for before deploying a new server product like Exchange. Traditionally, Service Packs were used to introduce a bucket of new features to the product along with some other improvements. Given that each Cumulative Update so far has added functionality, I wonder if SP1 (Cumulative Update 4) will generate the same impact as it has done with previous releases…
Exchange 2010 SP3 Update Rollup 3
This latest Update Rollup for Exchange 2010 Service Pack 3 contains a rather long list of bug fixes. Amongst these fixes, I found the following ones to stand out, mainly because I faced them a few times, myself:
KB2839533 RPC Client Access service freezes in an Exchange Server 2010 environment
KB2887609 Hybrid Configuration wizard does not display the Domain Proof of Ownership list in an Exchange Server 2010 SP3 environment
A complete list of the most important fixes, can be found here. (note: content of this link may not yet be available) Have fun!
After last weeks debacle where the Security Update MS13-061 went (really) bad and had to be pulled, Microsoft rereleased the update today. This new version – let’s call it v2 for a change (notice the sarcasm here) – contains a minor change; albeit one that makes a huge difference…
The initial version caused some registry settings to be overwritten incorrectly whereas this version corrects that and keeps the registry settings (as it should). The details of these registry settings can be found here: KB 2879739
Moments ago, Microsoft released a bunch of Rollup Updates and (critical) security updates for Exchange:
Update Rollup 11 for Exchange Server 2007 SP3
Update Rollup 7 for Exchange Server 2010 SP2
Update Rollup 2 for Exchange Server 2010 SP3
Exchange Server 2013 RTM CU1 MSRC Security bulletin MS13-061
Exchange Server 2013 RTM CU2 MSRC Security bulletin MS13-061
By now, you should be familiar with the “traditional” way of how the Rollup Updates work for Exchange 2007 and 2010. New, however, are the security updates for Exchange 2013. As announced before, these security updates only have a limited scope within which they are supported.
As such, you’ll have to make sure that you are running either of the following Exchange 2013 versions:
Exchange 2013 RTM CU1
Exchange 2013 RTM CU2 v2
In case you’ve missed it: Yes, you need version 2 of CU2 for Exchange 2013 installed.
For more information on the updates, have a look at the original announcement here
It seems that Oracle is once to blame for the critical security update, which has already been announced a few days ago. As described on the Security Bulletin page, the vulnerability would allow to remotely execute code on your Exchange Servers.
In fact, there are multiple vulnerabilities of which 2 again have to do with WebReady Document viewing (just like earlier this year). The third vulnerability is because the feature called “Outside In” is used in DLP.
I haven’t had the opportunity to read more about it, but if you want the original announcement has been updated with more information:
A few hours ago, Microsoft (finally) released Cumulative Update 1 (CU1) for Exchange 2013 RTM. Many of us have been waiting for this update as it was the last prerequisite standing in the way of upgrading to Exchange 2013 when you already had Exchange running prior.
I’m pretty sure that over the course of the next few weeks, we will be seeing lots of interesting new information coming out. For now, we’ll have to settle with Microsoft’s promise to publish the release notes + updated documentation anytime soon. As Bharat Suneja already mentioned, it’s scheduled to be release on the 3rd of April:
Where to get it?
First things, first. The newer bits are available from the following link:
Yes, you’re not dreaming. It’s 1.3GB. How is that possible? Simple. Cumulative Updates are quite different from Update Rollups. They are entire new builds of the product that don’t require a prior version to be installed. Hence the size. For more information on this new “update strategy”, have a look here.
The CU is “huge”. And I don’t mean that literally (although it’s literally huge as well). Next to a lot of fixes (that should’ve made it in RTM to be honest), will definitely make your life running Exchange 2013 a lot easier.
Next to that, there are some things that have changed and have been added. To name a few:
There’s a schema and other AD updates in CU1. Run Setup.exe /PrepareSchema, /PrepareAD and PrepareDomain (or /PrepareAllDomains) before installing.
If you are upgrading from a previous version of Exchange, mind the default OAB. Exchange 2013 will create a new OAB and if you didn’t configure your mailbox database to point to a specific OAB, all your clients might end up downloading the new OAB… Could cause some issues if you’ve got a lot of clients or clients connecting of a link with limited bandwidth. Check this article for more info!
There’s a limited support for Public Folders in OWA now. Basically, OWA will allow access to “favorite” Public Folders. However, still no access to the entire tree…
You can now configure Groups to manager Groups again. In RTM only a user could be configured to be “manager” of e.g. a Distribution Group.
Mailbox sizes are reported more accurately (not really a CU1 feature). Why should you care? 1. It’s more accurate, 2. mailbox sizes are likely to grow when moving to Exchange 2013 > keep an eye on your configured quota’s!
If you *are* upgrading, than you should run the following command:
Note as a CU is a build-to-build upgrade, changes you made to web.config files will be overwritten. This means that if you had integrated Lync with Exchange prior to the upgrade, you’ll have to make the changes to the web.config file again!
What are other saying?
As always, many peers from the Exchange community have been busy with providing as much as information that is already available. Make sure to check them out!
Microsoft just released the long-anticipated release of Service Pack 3 for Exchange 2010. Many of you have been waiting impatiently for this Service Pack as it brings you one step closer to deploying Exchange 2013!
It seems that Service Pack 3 will also update the database schema of your databases. Once a database schema has been updated to SP3 you can no longer mount them on a pre-SP3 Mailbox Server. This means that you have to be particularly careful when updating Mailbox server that are part of a Database Availability Group!
Make sure to review the release notes before upgrading in your production environment:
Today, Microsoft released the following updates for Exchange 2007 and Exchange 2010:
Exchange 2010 Service Pack 2 Update Rollup 6 (KB2746164)
Exchange 2007 Service Pack 3 Update Rollup 10 (KB2788321)
Exchange 2010 Service Pack 2 Update Rollup 6
This updates contains many, many fixes amongst some quite important ones! However it’s still not the Exchange 2013 coexistency-update you have all been waiting for! Rumors are, however, that Service Pack 3 is waiting just around the corner…
I’ve highlighted some of my personal favorite fixes in this release by going through the list. I will dive deeper into it when I had the chance to review them more thoroughly.
Fixes/updates included in the Update Rollup are:
2489941 The "legacyExchangeDN" value is shown in the "From" field instead of the "Simple Display Name" in an email message in an Exchange Server 2010 environment
2717453 You cannot move or delete a folder by using Outlook in online mode in an Exchange Server 2010 environment
2733608 Corrupted Japanese DBCS characters when you send a meeting request or post a reply to a posted item in a public folder in an Exchange Server 2010 environment
2734635 Folder-associated information (FAI) items are deleted when you run the New-InboxRule cmdlet or change Inbox rules in an Exchange Server 2010 environment
2737046 AutoPreview feature does not work when you use Outlook in online mode in an Exchange Server 2010 environment
2741117 High CPU utilization by Microsoft Exchange Replication service on Client Access servers in an Exchange Server 2010 environment
2746030 Incorrect ExternalURL value for EWS is returned by an Exchange Server 2010 Client Access server
2750188 Exchange Service Host service crashes when you start the service on an Exchange 2010 server
2751417 Synchronization fails if you sync an external device to a mailbox through EAS in an Exchange Server 2010 environment
2751581 OAB generation fails with event IDs 9126, 9330, and either 9338 or 9339 in an Exchange Server 2010 environment
2760999 "The signup domain ‘org’ derived from ‘<TenantDomainName>.org’ is not a valid domain" error message when you use the Hybrid Configuration wizard in an Exchange Server
2776259 Msftefd.exe process crashes if an email attachment has an unexpected file name extension or no file name extension in an Exchange Server 2010 environment
2779387 Duplicated email messages are displayed in the Sent Items folder in a EWS-based application that accesses an Exchange Server 2010 Mailbox server
2783586 Name order of a contact is displayed incorrectly after you edit the contact in an Exchange Server 2010 environment
2783631 User-Agent field is empty when you run the Get-ActiveSyncDeviceStatistics cmdlet in an Exchange Server 2010 SP2 environment
2783633 You cannot move or delete an email message that is larger than the maximum receive or send size in an Exchange Server 2010 environment
2783649 Private appointment is visible to a delegate in an Exchange Server 2010 environment
2783771 Mailbox on a mobile device is not updated when EAS is configured in an Exchange Server 2010 environment
2783772 Edgetransport.exe process crashes after a journal recipient receives an NDR message in an Exchange Server 2010 environment
2783776 You cannot perform a cross-premises search in a mailbox in an Exchange Server 2010 hybrid environment
2783782 Error message when you use Scanpst.exe on a .pst file in an Exchange Server 2010 environment
2784081 Store.exe process crashes if you add certain registry keys to an Exchange Server 2010 Mailbox server
2784083 Week numbers in the Outlook Web App and Outlook calendars are mismatched in an Exchange Server 2010 environment
2784093 SCOM alerts and event ID 4 in an Exchange Server 2010 SP2 organization that has Update Rollup 1 or later
2784566 Exchange RPC Client Access service crashes on an Exchange Server 2010 Mailbox server
2787023 Exchange Mailbox Assistants service crashes when you try to change a recurring calendar item or publish free/busy data in an Exchange Server 2010 environment
2793274 A new option is available that disables the PermanentlyDelete retention action in an Exchange Server 2010 organization
2793278 You cannot use the search function to search for mailbox items in an Exchange Server 2010 environment
2793279 Exchange Server 2010 does not restart when the Microsoft Exchange Replication service freezes
2793488 Internet Explorer freezes when you connect to the OWA several times in an Exchange Server 2010 environment
2810616 Email message delivery is delayed on a Blackberry mobile device after you install Update Rollup 4 for Exchange Server 2010 SP2
Have a look at the following page for the official announcement: