2022 H1 Cumulative Updates for Exchange Server

In the previous post, I shared that Microsoft has changed the update service for exchange servers.

It has been announced that the updates will now be released as H1 and H2, at which point the updates for the first 2021 H1 have been released.

It is reported that the new released cumulative updates(CUs) include previous security updates(SUs) and fixes for customer reported.

These updates are available for the following specific builds of Exchange Server:

Exchange Server 2019 CU12
Exchange Server 2016 CU23 (The latest cumulative update package of Exchange 2016 won’t be H2 ! )

Please check knowledge base articles for known issues via CU12 or CU23

Further Information and Guidance
Exchange Team Blog
Upgrade Exchange to the latest Cumulative Update
Exchange Updates Step-by-Step Guide
How to Find Exchange Version and Build Number

Have a nice day !

Exchange Server Update Servicing Model Changed !

Microsoft announced in the bulletin it shared yesterday that it has changed the update model for the Exchange Server.

Updates published quarterly (March, June, September, and December) were changed after feedback from customers. And they announced that they have commissioned a new update service.

In the announcement, two CU’s per year – will releasing in H1 and H2 of each calendar year, with general target release dates of March and September (these dates may change).

Next CU will be released in H2 of 2022 only for Exchange 2019, has ended CU’s for Exchange Server 2013 and Exchange Server 2016, only SUs will be released.

Have a nice day !

Exchange Server Cluster(DAG) Maintenance

If you are planning to make cumulative updates to your Exchange Servers, you must first put the server on which you will install the update into maintenance mode.
To perform maintenance on Exchange Servers, follow these steps:

  • First of all, if you are using a load-balancer, make sure that there is no mail traffic to the server you will maintain.
  • Pre-Check 1 – Get-ServerComponentState ExchServerName | ft Component,State -Autosize
  • Pre-Check 2 – Get-MailboxServer ExchServerName | ft DatabaseCopy* -Autosize
  • Pre-Check 3 – Get-ClusterNode ExchServerName| fl
  • Pre-Check 4 – Get-Queue
  • Maintenance 1 – Set-ServerComponentState ExchServerName -Component HubTransport -State Draining -Requester Maintenance
  • Maintenance 2 – Restart-Service MSExchangeTransport
  • Maintenance 3 – Get-Queue
  • Maintenance 4 – CD $ExScripts
    .\StartDagServerMaintenance.ps1 -serverName ExchServerName -MoveComment Maintenance -PauseClusterNode
  • Maintenance 5 – Redirect-Message -Server ExchServerName -Target OtherServerName
  • Maintenance 6 – Suspend-ClusterNode ExchServerName
  • Maintenance 7 – Set-MailboxServer ExchServerName -DatabaseCopyActivationDisabledAndMoveNow $True
  • Maintenance 8 – Set-MailboxServer ExchServerName -DatabaseCopyAutoActivationPolicy Blocked
  • Maintenance 9 – Set-ServerComponentState ExchServerName -Component ServerWideOffline -State Inactive -Requester Maintenance
  • Control 1 – Get-ServerComponentState ExchServerName | ft Component,State -Autosize
  • Control 2 – Get-MailboxServer ExchServerName | ft DatabaseCopy* -Autosize
    Get-ClusterNode ExchServerName | fl
    Get-Queue

By the way, if you have made changes to the configuration files (Web.config,Edgetransport.exe.config etc) before starting the update process, it is recommended to backup them, because the changes you made after the update will return to their default settings.

You can now update the server.

After completing the update process we need to take the server out of maintenance mode.

  • After 1 – Set-ServerComponentState ExchServerName -Component ServerWideOffline -State Active -Requester Maintenance
  • After 2 – CD $ExScripts
    .\StopDagServerMaintenance.ps1 -serverName ExchServerName
  • After 3 – Set-ServerComponentState ExchServerName -Component HubTransport -State Active -Requester Maintenance
  • After 4 – Restart-Service MSExchangeTransport
  • After 5 – Get-ServerComponentState ExchServerName | ft Component,State -Autosize

 

If you have specific configuration backups, you can compare them with your backups and rearrange them. (Don’t forget to restart the server)

Now you can add your server to the load-balancer again and include it in the mail traffic.

 

Have a nice day !

Issue fix “MicrosoftExchangeServiceHost” Crash : March 2022 Security Update

Some Exchange systems after installing the March 2022 Security Update, you may receive errors related to the “Microsoft Exchange Service Host” service may crash repeatedly.

Event ID 4999 (Application Log)
Watson report about to be sent for process id: 4564, with parameters: E12IIS, c-RTL-AMD64, 15.01.2375.024, M.Exchange.ServiceHost, M.Exchange.Diagnostics, M.E.D.ChainedSerializationBinder.LoadType, M.E.Diagnostics.BlockedDeserializeTypeException, c0e9-dumptidset, 15.01.2375.024.

Root Cause; If there are any expired certificates or certificates nearing expiration on the Exchange Server.
Workaroud; Replace any expired certificates and, if you are on Exchange Server 2016 or Exchange Server 2019, follow these steps:

  • Must have temporary full access to the arbitration mailbox
    Get-Mailbox -Arbitration "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" | Add-MailboxPermission -User AdminAccount -AccessRights FullAccess
  • Run the Remove Expiry Notification script from Exchange Management Shell (user with full permission assigned to arbitration mailbox)
    Remove-CertExpiryNotifications.ps1 -Server ExchangeServer -Confirm:$false
  • Check all the messages are deleted , again run script it should report that there are no messages present in the folder
    Remove-CertExpiryNotifications.ps1 -Server ExchangeServer -WhatIf
  • Start the MSExchangeServiceHost service and confirm that it is not crashing
  • Revoke the full access permission
    Get-Mailbox -Arbitration "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" | Remove-MailboxPermission -User AdminAccount -AccessRights FullAccess
  • Renew any certificates that expire

Have a nice day !

March 2022 Exchange Server Security Updates

Microsoft Exchange Servers security updates have been released for March 2022.

These updates are available for the following specific builds of the Exchange Server:

Exchange Server 2013 CU23
Exchange Server 2016 CU21 and CU22
Exchange Server 2019 CU10 and CU11

The recommendation is to install these updates immediately to protect your environment.
You can installation security patches if you are in the specified Cumulative Update(CU) versions.

If you aren’t in the specified cumulative updates, you must first installation cumulative updates.

Note : Don't double-click the 'MSP file' to run it. Run Command Prompt (not powershell) as an Administrator.

Further Information and Guidance
Exchange Team Blog
Exchange Updates Step-by-Step Guide
Determine Which Updates are Needed
Security Update Guide

Have a nice day !

Exchange Recipient Type Values

I don’t know where and when this information will be useful to you, but I needed these values in a few problems I had, maybe you will need them one day.

There are three critical recipient values used by Exchange Server;

  • msExchRecipientDisplayType
  • msExchRecipientTypeDetails
  • msExchRemoteRecipientType

There is the only supported way to change these values is using the Exchange Admin Center or using the Exchange Management Shell.

msExchRecipientDisplayType Value (Decimal)
MailboxUser 0
DistributionGroup 1
PublicFolder 2
DynamicDistributionGroup 3
Organization 4
PrivateDistributionList 5
RemoteMailUser 6
ConferenceRoomMailbox 7
EquipmentMailbox 8
ArbitrationMailbox 10
MailboxPlan 11
LinkedUser 12
RoomList 15
SyncedMailboxUser -2147483642
SyncedPublicFolder -2147483130
SyncedDynamicDistributionGroup -2147482874
SyncedRemoteMailUser -2147482106
SyncedConferenceRoomMailbox -2147481850
SyncedEquipmentMailbox -2147481594
SecurityDistributionGroup 1043741833
RBAC Role Group 1073741824
msExchRecipientTypeDetails Value (Decimal)
UserMailbox 1
LinkedMailbox 2
SharedMailbox 4
LegacyMailbox 8
RoomMailbox 16
EquipmentMailbox 32
MailContact 64
MailUser 128
MailUniversalDistributionGroup 256
MailNonUniversalGroup 512
MailUniversalSecurityGroup 1024
DynamicDistributionGroup 2048
PublicFolder 4096
SystemAttendantMailbox 8192
SystemMailbox 16384
MailForestContact 32768
User 65536
Contact 131072
UniversalDistributionGroup 262144
UniversalSecurityGroup 524288
NonUniversalGroup 1048576
Disable User 2097152
MicrosoftExchange 4194304
ArbitrationMailbox 8388608
MailboxPlan 16777216
LinkedUser 33554432
RoomList 268435456
DiscoveryMailbox 536870912
RoleGroup 1073741824
RemoteUserMailbox 2147483648
RemoteRoomMailbox 8589934592
RemoteEquipmentMailbox 17179869184
RemoteSharedMailbox 34359738368
PublicFolderMailbox 68719476736
Team Mailbox 137438953472
RemoteTeamMailbox 274877906944
MonitoringMailbox 549755813888
GroupMailbox 1099511627776
LinkedRoomMailbox 2199023255552
AuditLogMailbox 4398046511104
RemoteGroupMailbox 8796093022208
SchedulingMailbox 17592186044416
GuestMailUser 35184372088832
AuxAuditLogMailbox 70368744177664
SupervisoryReviewPolicyMailbox 140737488355328
msExchRemoteRecipientType Value (Decimal)
ProvisionedMailbox (Cloud Mailbox) 1
ProvisionedArchive (Cloud Archive) 2
ProvisionedMailbox, ProvisionedArchive (Cloud Mailbox & Cloud Archive) 3
Migrated 4
Migrated, ProvisionedArchive (Migrated Mailbox & Cloud Archive) 6
DeprovisionMailbox 8
ProvisionArchive, DeprovisionMailbox 10
DeprovisionArchive 16
ProvisionMailbox, DeprovisionArchive 17
DeprovisionArchive, Migrated 20
ProvisionMailbox, Migrated, DeprovisionArchive 21
DeprovisionMailbox, DeprovisionArchive 24
RoomMailbox 32
ProvisionMailbox, RoomMailbox 33
ProvisionMailbox, ProvisionArchive, RoomMailbox 35
Migrated, RoomMailbox 36
ProvisionArchive, Migrated, RoomMailbox 38
ProvisionMailbox, DeprovisionArchive, RoomMailbox 49
Migrated, DeprovisionArchive, RoomMailbox 52
EquipmentMailbox 64
ProvisionMailbox, EquipmentMailbox 65
ProvisionMailbox, ProvisionArchive, EquipmentMailbox 67
Migrated, EquipmentMailbox 68
ProvisionArchive, Migrated, EquipmentMailbox 70
ProvisionMailbox, DeprovisionArchive, EquipmentMailbox 81
Migrated, DeprovisionArchive, EquipmentMailbox 84
SharedMailbox 96
ProvisionMailbox, SharedMailbox 97
Migrated, SharedMailbox 100
ProvisionArchive, Migrated, SharedMailbox 102
Migrated, DeprovisionArchive, SharedMailbox 116

Have a nice day !

Office 365 Mailbox Not Showing In On-Premises Exchange Server

If you create your user’s mailbox directly from the Office 365 management console, you will not be able to see the newly created mailbox on your On-Premises Exchange server.

The recommended method is to create the mailbox on the On-Premises Exchange server.

In order to solve the problem of the mailbox created directly on Office365 not appearing on Hybrid Exchange in our scenario above, you should run the following commands on the On-Premises Exchange according to the mailbox you are having trouble with.

$uid = read-host "Please enter username"
$mailnick = read-host "Please enter username"
$tempmail = $uid+"@company.mail.onmicrosoft.com"
$primarymail = $mailnick+"@company.com"

Set-ADUser $uid -Clear homemdb, homemta, msExchHomeServerName, msExchPoliciesExcluded
Set-ADUser $uid -Add @{msExchRemoteRecipientType="4"}
Set-ADUser $uid -Add @{mailNickname="$mailnick"}
Set-ADUser $uid -Add @{msExchProvisioningFlags="0"}
Set-ADUser $uid -Add @{msExchModerationFlags="6"}
Set-ADUser $uid -Add @{msExchAddressBookFlags="1"}
Set-ADUser $uid -Replace @{targetaddress="$tempmail"}
Set-ADUser $uid -Replace @{msExchRecipientDisplayType="-2147483642"}
Set-ADUser $uid -Replace @{msExchRecipientTypeDetails="2147483648"}
Set-RemoteMailbox $uid -PrimarySMTPAddress $primarymail

Have a nice day!

Minimum Outlook for Windows version requirements for Microsoft 365

After November 1, 2021, only Outlook 2013 Service Pack 1 (with latest fixes) and later will be able to connect to Microsoft 365 services.

Not supported versions;

  • Outlook 2007
  • Outlook 2010
  • Office 2013 versions earlier than 15.0.4971.1000
  • Office 2016 versions earlier than 16.0.4600.1000

Outlook 2007 or Outlook 2010 is blocked from connecting to Exchange Online.
Users can immediately start using Outlook on the web through a browser.

If you want to find the outlook version information used in your tenant organization, you can use the “Microsoft 365 Reports in the admin center – Email apps usage.

Have a nice day !

How to Fix Exchange Server EventID 15021 HttpEvent

If you get “Connection to remote server” / “ClientAccessServer = EXCHANGE, BackEndServer = EXCHANGE” error while opening Exchange Management Shell on your Exchange Servers and the Management Shell connects to another server that is a member of Exchange DAG.

If you get Event: 15021, HttpEvent error in the event logs like the following;

Open IIS Manager –> Sites –> Exchange Back End Sites

Check you https protocol “Exchange Back End” Binding

There is a must be self-signed “Microsoft Exchange” certificate here, if not here , it may have expired and you need to renew it on the Exchange ECP console or MMC console.

Have a nice day!

May 2021 Exchange Server Security Updates

Microsoft Exchange Servers security updates have been released for May 2021.

These updates are available for the following specific builds of Exchange Server:

Exchange Server 2013 CU23
Exchange Server 2016 CU19 and CU20
Exchange Server 2019 CU8 and CU9

Recommendation is to install these updates immediately to protect your environment.
You can installation security patches if you are in the specified Cumulative Update(CU) versions.

If you aren’t in the specified cumulative updates, you must first installation cumulative updates.

Note : Don't double-click the 'MSP file' to run it. Run Command Prompt (not powershell) as an Administrator.

Further Information and Guidance
Exchange Team Blog
Vulnerabilities and Exposures
Security Update Guide
Cumulative Update “Tell me the steps

Have a nice day!