Basic Authentication Deprecation in Exchange Online – News !

Yusuf Ustundag 5 Comments

As you know, the “Basic Authentication” configuration was turned off last month.
Organizations using Exchange Online are now protected from the vulnerabilities of legacy authentication.

However, this closure process will continue On December 31, 2022, with exemptions.

Microsoft says ;
Once Basic auth for Outlook, Exchange ActiveSync and Exchange Web Services has been permanently disabled in your tenant, there’s really no reason to keep Autodiscover enabled for Basic auth. So, we’re turning off Autodiscover next.

For more details ; Basic Authentication Deprecation in Exchange Online – What’s Next

Have a nice day !

October 2022 Exchange Server Security Updates

Yusuf Ustundag Leave a comment

Microsoft Exchange Servers security updates have been released for October 2022.

These updates are available for the following specific versions of Exchange Server:

Exchange Server 2013 CU23
Exchange Server 2016 CU22 and CU23
Exchange Server 2019 CU11 and CU12

The recommendation is to install these updates immediately to protect your environment.
In the scenario where you do a Cumulative Update(CU), you need to make security updates. Otherwise, remember that you have to do the Cumulative Update(CU) first and then the Security Update(SU).

The following update paths are available:

 

These vulnerabilities only affect Exchange Server.
Exchange Online customers are already protected from the vulnerabilities addressed.

Note: Don't double-click the 'MSP file' to run it. Run Command Prompt (not Powershell) as an Administrator.

 

Additional Action Require!

As you know, we were doing /PrepareSchema and /PrepareAD operations before CU operations.
There is a new difference in the updates released in May.

The following actions should be taken in addition to the application of May 2022 security updates:

After doing cumulative update and security update then run the following Command Prompt command once using Setup.exe in your Exchange Server installation path "\Program Files\Microsoft\Exchange Server\v15\Bin"

"Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /P"

Microsoft says that the step is necessary “because of additional security hardening work for CVE-2022-21978,” which is one of the vulnerabilities addressed by the updates.

When running a Database Availability Group, do not forget to put the Exchange Server Cluster(DAG) in maintenance mode.

 

Have a nice day!

Microsoft Ignite : The Microsoft Learn Cloud Skills Challenge

Yusuf Ustundag Leave a comment

There are 7 challenges available to choose from, select one that’s right for you. Once you complete that challenge you will earn a free Microsoft Certification exam that can be applied to your choice from a select list of options.

Important Reminders

No matter how many Microsoft Learn Cloud Skills Challenges you complete, you can only earn one free Microsoft Certification exam.

If you earn a free Microsoft Certification exam, you will be notified via email when it becomes available. It will be delivered to the contact email for notifications associated with your Microsoft Learn profile. Confirm or add a contact email here to ensure emails are delivered.

Your free Microsoft Certification exam offer will be delivered by November 18, 2022 and will expire on February 15, 2023. You must complete your exam before this date. We highly recommend booking your exam at least one week in advance. To see the full list of eligible exams please refer to the official rules.

Preview and Register Now

The Microsoft Learn Cloud Skills Challenge

Microsoft Ignite: Intelligent Cloud Challenge
Microsoft Ignite: Cloud App Maker Challenge
Microsoft Ignite: AI Automation Challenge
Microsoft Ignite: Modern Work Challenge
Microsoft Ignite: Field Service Automation Challenge
Microsoft Ignite: Protect Everything Challenge
Microsoft Ignite: Cloud Developer Challenge

 

Have a nice day !

How to Install HPE Oneview Global Dashboard ?

Yusuf Ustundag 2 Comments

Hello,
I will briefly explain how to install HPE Oneview Global Dashboard, what this application does, and what conveniences it provides.

 

What is the HPE Oneview Global Dashboard?

HPE Oneview Global Dashboard helps us manage your HPE servers centrally.

With this appliance, you provide warnings, health notifications, and management of your essential resources, along with a unified view.

You can centrally manage the following hardware with “HPE Oneview Global Dashboard”

HPE BladeSystem C7000
HPE ProLiant Servers
HPE Synergy
HPE BladeSystem
HPE Apollo
HPE Alletra
HPE 3PAR
HPE Primera
HPE Superdome
HPE Superdome Flex Systems

HPE Global Dashboard is updated instantly. It is a free product. It facilitates centralized management.

If any of your hardware has warnings, errors, etc.; Updates and accurately display resource changes as soon as they happen.

By integrating with LDAP into your domain environment, you can give user privileges as you wish.

HPE OneView Global Dashboard allows you to manage up to 75 HPE OneView or HPE Synergy instances and 20,000 servers across data centers.

If you use HPE products extensively in your infrastructure, you should definitely use the “HPE Oneview Global Dashboard” centralized management tool.

 

Global Dashboard Installation

HPE Oneview Global Dashboard is an appliance application. Therefore, for this you need to install a VM (Virtual Machine) by downloading the ova, ovf template on the page.
You can install it on Hyper-V and Vmware. You can download.

After your download is complete, we install the OVF file on our Vmware ESX host. After we say Register VM, we say deploy, then we deploy the ova file we have downloaded.

The appliance will start to be installed on the Global Dashboard starting screen.


Then a user agreement will appear in front of you. You will accept this and continue

The HPE Oneview Global Dashboard default username and password on the first login are as follows.

Global Dashboard User: Administrator
Global Dashboard Password: admin

You can then change the password.

After making the hostname and network settings, you can access the product via the internet browser.

If you have Oneview in your environment, you can add it from Appliances. After adding, you can view all the information, health status and alarms of your devices.

In its simplest form, installation and summary of the product.

Have a nice day !

How to In-Place Upgrade Windows Server 2016 to Windows Server 2019 ?

Yusuf Ustundag 3 Comments

What is the in-place upgrade?
In the simplest terms, it is the process of upgrading your Windows operating system without losing your data.

If you are going to do this on a physical server, it is useful to check the hardware compatibility first.
Hardware requirements for Windows Server

You can also see the version transitions of the operating systems in the table below.

If your server is located on a virtual platform, it is useful to take a snapshot/checkpoint before doing the in-place upgrade.

After connecting the “Windows Server 2019” .iso file to your server with the “Windows Server 2016” operating system, "setup.exe" should be run.

On the next screen, we are asked whether to install the updates. The recommended action here is to make updates, and we continue by ticking this option.

Select the windows version.

Select Accept to accept the terms of your licensing agreement

Attention! Since our preference is an in-place upgrade, we continue with the "Keep personal files and apps" option.

Depending on the size of your data, the in-place upgrade process may take an average of 30 minutes to 1 hour.

 

If you have a server with the "Windows Server 2012 R2" operating system, you can’t upgrade directly to “Windows Server 2019”.
You will upgrade  "Windows Server 2016" first, then you can upgrade to "Windows Server 2019".

 

Ps: Disable UAC before starting the in-place upgrade, then enable it again.

Have a nice day!

 

Basic Authentication Deprecation Reminder and Final Update in Exchange Online

Yusuf Ustundag 6 Comments

Starting October 1, Microsoft will begin to randomize tenants and disable basic authentication access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell.
As you know, SMTP AUTH will not be affected by the changes made.

On the day of the change, Microsoft will notify each tenant through the Service Status Dashboard.

Microsoft 365 Admin Center

If you’re not ready to make these changes, You can do a One-Time Re-Enablement one last time as decided by Microsoft.

For all the details; Basic Authentication Deprecation in Exchange Online – September 2022 Update

 

Have a nice day !

Exchange Server 2019 ECP/OWA Not Working

Yusuf Ustundag 2 Comments

Study this article if you can’t access Exchange Server 2019 ECP(Exchange Control Panel) or OWA(Outlook Web Access).

In your Exchange Server Infrastructure, if your ECP/OWA console doesn’t open and you encounter EventID:1309 in the Application Log, the root cause of the problem is the missing SharedWebConfig file.
You can see this in the “Application Virtual Path” – “Application Path” in Event ID 1309.

ECP Not Working

To resolve this issue follow these steps:

  • Access the server with the problem.
  • Generate the missing file:
    • Run cd %ExchangeInstallPath%\bin to change the current directory to the bin folder that’s under the Exchange installation path.
    • Use the DependentAssemblyGenerator.exe tool
    • If the file is missing from C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy, run the following command:
      • DependentAssemblyGenerator.exe -exchangePath "%ExchangeInstallPath%\bin" -exchangePath "%ExchangeInstallPath%\FrontEnd\HttpProxy" -configFile "%ExchangeInstallPath%\FrontEnd\HttpProxy\SharedWebConfig.config"

 

  • IISReset

 

You can now access ECP!

P.S: If you encounter EventID:1309, carefully check its contents.
Because in the problem I mentioned above, the issue was related to the ECP.
EventID contents; “Application Virtual Path: /ecp” and “Application Path: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ecp

If these contents are as follows;

  • Application Virtual Path: /owa
  • Application Path: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\

To resolve this issue follow these steps:

  • Access the server with the problem.
  • Generate the missing file:
    • Run cd %ExchangeInstallPath%\bin to change the current directory to the bin folder that’s under the Exchange installation path.
    • Use the DependentAssemblyGenerator.exe tool
    • If the file is missing from C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess, run the following command:
      • DependentAssemblyGenerator.exe -exchangePath "%ExchangeInstallPath%\bin" -exchangePath "%ExchangeInstallPath%\ClientAccess" -configFile "%ExchangeInstallPath%\ClientAccess\SharedWebConfig.config"
  • IISReset

 

You can now access OWA!

Have a nice day !

How to Enable Multi-Factor Authentication (MFA) Office 365 with Powershell ?

Yusuf Ustundag 1 Comment

You can use Microsoft’s free Multi-Factor Authentication (MFA) application to further increase the security of your Office 365 users in your organization.
Of course, for this, your organization must have minimum Azure AD, Microsoft 365 and Microsoft 365 license types.

For more, you can visit the addresses below;

Secure user sign-in events with Azure AD Multi-Factor Authentication
Set up multifactor authentication for Microsoft 365
Multifactor authentication for Microsoft 365
Features and licenses for Azure AD Multi-Factor Authentication

If you want to enable MFA for all or some of your users in your organization, you can follow the steps below;
Method 1: You can access the MFA area via the console and take action for users.
Login to Office 365 Admin Center –> Active Users –> Multi-factor authentication

 

Method 2: You can do it using Connect-MsolService cmdlet powershell commands.
You can use three different methods, “EnablePerUserMFA”, “BulkImportEnable” and “EnableAllUserMFA”.

#ConnectMsolService Connect-Msolservice #EnablePerUserMFA $user = "alias@domainname"
$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = "Enabled"
$sta = @($st) Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta

If you want to enable MFA for more than one user or certain departments;
First we organize your users in csv file type

UserPrincipalName
alias1@domainname
alias2@domainname
alias3@domainname
alias4@domainname
alias5@domainname
alias6@domainname
#BulkImportEnable $users = Import-Csv "C:\Temp\MFAEnable.csv" foreach ($user in $users) { $st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $st.RelyingParty = "*" $st.State = "Enabled" $sta = @($st) Set-MsolUser -UserPrincipalName $user.UserPrincipalName -StrongAuthenticationRequirements $sta } Write-Host "Script is Running.." Read-Host -Prompt "Script is Completed, Press Enter to Exit."
#EnableAllUserMFA $st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $st.RelyingParty = "*" $st.State = "Enabled" $sta = @($st) Get-MsolUser -All | Set-MsolUser-StrongAuthenticationRequirements $sta

Have a nice day !

Microsoft Exchange Community (MEC) Technical Airlift 2022

Yusuf Ustundag 2 Comments

MEC is Back !

What is MEC ?

MEC has been known as the Microsoft Exchange Conference but this year it was renamed the Microsoft Exchange Community. As the name suggests, it is a Microsoft Exchange Family specific event. MEC features experts from Microsoft and elsewhere talking about Exchange Online, Exchange Hybrid, and Exchange Server.

The first MEC was held in San Diego, California in 1997.
After San Diego, in Boston (1998), Atlanta, Hamburg, and Tokyo (1999), Dallas, Singapore, Nice, and Tokyo (2000), Orlando and Nice (2001), and Anaheim (2002).

This is a free, digital event for IT professionals who work with Exchange Online and/or Exchange Server day-to-day, and ISVs and developers who make solutions that integrate with Exchange, which will take place Sept 13-14, 2022!

The Exchange Online and Exchange Server engineering teams have a lot of great content for customers and partners.

Register now for this free digital event to:

Exchange Server Roadmap

Exchange Server Feature Review

Delighting Exchange Online Admins

Expanding Usage and Security of Email in Exchange Online

Exchange Online Transport Future Initiatives: Bulk Mail and Exchange Transport Rules

Basic Auth Deprecation in Exchange Online

Exchange Online Support for Continuous Access Evaluation

Customer Key in Exchange Online

Prepare yourself for two days jam-packed with networking, unparalleled access to Exchange engineers and MVPs and, of course, the most in-depth information on Exchange you’ll find anywhere.

Thanks for bringing these MEC back !

How to Fix Exchange Server “421 4.3.2 Service not available”

Yusuf Ustundag 2 Comments

When I examined the receive connector logs to identify the problem with the mail traffic I was experiencing on one of my Exchange servers, I saw that the error “421 4.3.2 Service not available” was constantly repeated.

When I followed the mail flow in the log, I observed that the steps continued successfully, but at the last stage it gave the error “421 4.3.2 Service not available“.

auth login,
334 authentication response,
SMTPSubmit SMTAccept,
235 2.7.0 Authentication Successful,
Mail From : <…@…>,
421 4.3.2 Service not available,
Remote(SocketError)

I checked the ServerComponentState of the server, and saw that the HubTransport was Draining.

Get-ServerComponentState (hostname)

To fix this situation, we need to use the following command.

Set-ServerComponentState ExchServerName -Component HubTransport -State Active -Requester Maintenance

Check again Get-ServerComponentState (hostname)

Have a nice day !