Microsoft Exchange Server 2013 will reach its end of support on April 11, 2023.
This means that Microsoft will no longer provide security updates, technical assistance, or online technical content updates for the product. It is highly recommended that organizations using Exchange Server 2013 upgrade to a newer version of Exchange.
After that date, Microsoft will no longer provide:
Security fixes for vulnerabilities that are discovered and that may make the server vulnerable to security breaches
Bug fixes for issues that are discovered and that may impact the stability and usability of the server
Technical support for problems that may occur
Time zone updates
Even if the product continues to work after this date, It’s recommended to start “Exchange Server 2013” to “Exchange Online” or “Exchange Server 2019” migration as soon as possible.
The recommendation is to install these updates immediately to protect your environment.
In the scenario where you do a Cumulative Update(CU), you need to make security updates. Otherwise, remember that you have to do the Cumulative Update(CU) first and then the Security Update(SU).
If you have a server running Microsoft Exchange Server 2013 in your environment, we recommend that you don’t turn on serialization payload signing for now.
In the first stage of rollout, this new feature must be manually enabled by an Exchange Server admin due to feature dependencies.
You can use to validate/create the required auth certificate
Note: Don't double-click the 'MSP file' to run it. Run Command Prompt (not Powershell) as an Administrator.
As you know, Microsoft had released a possible memory leak in the “Local Security Authority Subsystem Service (LSASS.exe)” in various Windows Server versions as of November 2022 and confirming the memory leak in “Local Security Authority Subsystem Service (LSASS.exe)“.
The update information is as follows;
Windows Server 2019: Update KB5019966
Windows Server 2016: Update KB5019964
Windows Server 2012 R2: Update KB5020023, Update KB5020010
Windows Server 2012: Update KB5020009, Update KB5020003
Windows Server 2008 R2 SP1: Update KB5020000, Update KB5020013
Windows Server 2008 SP2: OOB-Update KB5021657
The problem can be mitigated with a workaround but issue was resolved in KB5021235.
If you used the above workaround, please see KB5020805:
How to manage Kerberos protocol changes related to CVE-2022-37967 for further information on how to configure KrbtgtFullPacSignature.
Possible memory leak in Local Security Authority Subsystem Service (LSASS.exe) for Windows Server 2016
Possible memory leak in Local Security Authority Subsystem Service (LSASS.exe) for Windows Server 2019
As you know, the “Basic Authentication” configuration was turned off last month.
Organizations using Exchange Online are now protected from the vulnerabilities of legacy authentication.
However, this closure process will continue On December 31, 2022, with exemptions.
Microsoft says ; Once Basic auth for Outlook, Exchange ActiveSync and Exchange Web Services has been permanently disabled in your tenant, there’s really no reason to keep Autodiscover enabled for Basic auth. So, we’re turning off Autodiscover next.
Microsoft Exchange Servers security updates have been released for October 2022.
These updates are available for the following specific versions of Exchange Server:
Exchange Server 2013 CU23
Exchange Server 2016 CU22 and CU23
Exchange Server 2019 CU11 and CU12
The recommendation is to install these updates immediately to protect your environment.
In the scenario where you do a Cumulative Update(CU), you need to make security updates. Otherwise, remember that you have to do the Cumulative Update(CU) first and then the Security Update(SU).
The following update paths are available:
These vulnerabilities only affect Exchange Server.
Exchange Online customers are already protected from the vulnerabilities addressed.
Note: Don't double-click the 'MSP file' to run it. Run Command Prompt (not Powershell) as an Administrator.
Additional Action Require!
As you know, we were doing /PrepareSchema and /PrepareAD operations before CU operations.
There is a new difference in the updates released in May.
The following actions should be taken in addition to the application of May 2022 security updates:
After doing cumulative update and security update then run the following Command Prompt command once using Setup.exe in your Exchange Server installation path "\Program Files\Microsoft\Exchange Server\v15\Bin"
Microsoft says that the step is necessary “because of additional security hardening work for CVE-2022-21978,” which is one of the vulnerabilities addressed by the updates.
When running a Database Availability Group, do not forget to put the Exchange Server Cluster(DAG) in maintenance mode.
There are 7 challenges available to choose from, select one that’s right for you. Once you complete that challenge you will earn a free Microsoft Certification exam that can be applied to your choice from a select list of options.
Important Reminders
No matter how many Microsoft Learn Cloud Skills Challenges you complete, you can only earn one free Microsoft Certification exam.
If you earn a free Microsoft Certification exam, you will be notified via email when it becomes available. It will be delivered to the contact email for notifications associated with your Microsoft Learn profile. Confirm or add a contact email here to ensure emails are delivered.
Your free Microsoft Certification exam offer will be delivered by November 18, 2022 and will expire on February 15, 2023. You must complete your exam before this date. We highly recommend booking your exam at least one week in advance. To see the full list of eligible exams please refer to the official rules.
Microsoft Ignite: Intelligent Cloud Challenge Microsoft Ignite: Cloud App Maker Challenge Microsoft Ignite: AI Automation Challenge Microsoft Ignite: Modern Work Challenge Microsoft Ignite: Field Service Automation Challenge Microsoft Ignite: Protect Everything Challenge Microsoft Ignite: Cloud Developer Challenge
Hello,
I will briefly explain how to install HPE Oneview Global Dashboard, what this application does, and what conveniences it provides.
What is the HPE Oneview Global Dashboard?
HPE Oneview Global Dashboard helps us manage your HPE servers centrally.
With this appliance, you provide warnings, health notifications, and management of your essential resources, along with a unified view.
You can centrally manage the following hardware with “HPE Oneview Global Dashboard”
HPE BladeSystem C7000 HPE ProLiant Servers HPE Synergy HPE BladeSystem HPE Apollo HPE Alletra HPE 3PAR HPE Primera HPE Superdome HPE Superdome Flex Systems
HPE Global Dashboard is updated instantly. It is a free product. It facilitates centralized management.
If any of your hardware has warnings, errors, etc.; Updates and accurately display resource changes as soon as they happen.
By integrating with LDAP into your domain environment, you can give user privileges as you wish.
HPE OneView Global Dashboard allows you to manage up to 75 HPE OneView or HPE Synergy instances and 20,000 servers across data centers.
If you use HPE products extensively in your infrastructure, you should definitely use the “HPE Oneview Global Dashboard” centralized management tool.
Global Dashboard Installation
HPE Oneview Global Dashboard is an appliance application. Therefore, for this you need to install a VM (Virtual Machine) by downloading the ova, ovf template on the page.
You can install it on Hyper-V and Vmware. You can download.
After your download is complete, we install the OVF file on our Vmware ESX host. After we say Register VM, we say deploy, then we deploy the ova file we have downloaded.
The appliance will start to be installed on the Global Dashboard starting screen.
Then a user agreement will appear in front of you. You will accept this and continue
The HPE Oneview Global Dashboard default username and password on the first login are as follows.
Global Dashboard User: Administrator Global Dashboard Password: admin
You can then change the password.
After making the hostname and network settings, you can access the product via the internet browser.
If you have Oneview in your environment, you can add it from Appliances. After adding, you can view all the information, health status and alarms of your devices.
In its simplest form, installation and summary of the product.
You can also see the version transitions of the operating systems in the table below.
If your server is located on a virtual platform, it is useful to take a snapshot/checkpoint before doing the in-place upgrade.
After connecting the “Windows Server 2019” .iso file to your server with the “Windows Server 2016” operating system, "setup.exe" should be run.
On the next screen, we are asked whether to install the updates. The recommended action here is to make updates, and we continue by ticking this option.
Select the windows version.
Select Accept to accept the terms of your licensing agreement
Attention! Since our preference is an in-place upgrade, we continue with the "Keep personal files and apps" option.
Depending on the size of your data, the in-place upgrade process may take an average of 30 minutes to 1 hour.
If you have a server with the "Windows Server 2012 R2" operating system, you can’t upgrade directly to “Windows Server 2019”.
You will upgrade "Windows Server 2016" first, then you can upgrade to "Windows Server 2019".
Ps: Disable UAC before starting the in-place upgrade, then enable it again.
Starting October 1, Microsoft will begin to randomize tenants and disable basic authentication access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell. As you know, SMTP AUTH will not be affected by the changes made.
On the day of the change, Microsoft will notify each tenant through the Service Status Dashboard.
If you’re not ready to make these changes, You can do a One-Time Re-Enablement one last time as decided by Microsoft.
Study this article if you can’t access Exchange Server 2019 ECP(Exchange Control Panel) or OWA(Outlook Web Access).
In your Exchange Server Infrastructure, if your ECP/OWA console doesn’t open and you encounter EventID:1309 in the Application Log, the root cause of the problem is the missing SharedWebConfig file. You can see this in the “Application Virtual Path” – “Application Path” in Event ID 1309.
To resolve this issue follow these steps:
Access the server with the problem.
Generate the missing file:
Run cd %ExchangeInstallPath%\bin to change the current directory to the bin folder that’s under the Exchange installation path.
Use the DependentAssemblyGenerator.exe tool
If the file is missing from C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy, run the following command:
P.S: If you encounter EventID:1309, carefully check its contents. Because in the problem I mentioned above, the issue was related to the ECP. EventID contents; “Application Virtual Path: /ecp” and “Application Path: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ecp“
