I have been asked by a number of people lately about the following email from firstname.lastname@example.org:
In compliance with the email upgrade instructions from Microsoft Corporation and your email domain host, all unverified email accounts would be suspended for verification.
To avoid suspension of your email account, and also to retain all email contents, please perform a one time automatic verification by completing the online verification form.
Please CLICK HERE for the online verification form.
As a confirmation of complete and successful verification, you shall be automatically redirected to your email web page.
Please do this for all your email accounts.
Email Support Team.
© 2013 Microsoft Corporation.
NO – this is not from Microsoft!
NO – your account will not be suspended (not because of this anyway)!
YES – You will get in trouble (probably) if you do respond and fill in the form.
I have said it before and I say it again, if you have not called Microsoft, they won’t call you! And they will NEVER ask for you credentials.
I very often hear comments like “I don’t like certificates” and realizes that if you are not working with “certs” all day long it might be a hassle to get all the stuff you need in the right place. So I thought I give you some of my experiences with certificates and then a little “how to import” them.
The best way to think of what host names that should be in a cert (for Exchange) is to find out what names you are using for your different services. Below you see a table of all services in Exchange 2013 that could need a certificate.
|Service||Internal URL||External URL|
|Exchange Web Services||cas.mailmasterlab.se||mail.mailmasterlab.se|
|Outlook Web App||cas.mailmasterlab.se||mail.mailmasterlab.se|
|Offline Address Book||cas.mailmasterlab.se||mail.mailmasterlab.se|
|Exchange Control Panel||cas.mailmasterlab.se||mail.mailmasterlab.se|
Update: This issue have been fixed in CU2
As part of an Exchange 2013 deployment I used the Exchange Admin Center, EAC, to create a request a new certificate today. The whole process of doing that is described in numerous places on the web (like here) so I wont go into details about that but I will mention a fact that came as a bit of a surprise to me….
After all the “hard work” with getting all namespaces correct the only part left was to enter the details of the customer. In this part you type in information about Organization name, Department, where you are located and so on. Normally this doesn’t present a huge challenge for me but when I for the second time got the request file back from the certificate provider telling me to enter the organization name correct I asked my self if I had gone totally bananas… But as I soon discovered the wizard in Exchange 2013 actually switches two fields… What you enter in “Organization name” will in the request file be presented in “Department name” and vice versa.
So in the example below (picture taken from Digicert link above), “Your Company Inc” would in the request end up in the department feels and “IT” where your organization name should have been.
This error is present in Exchange 2013 RTM and CU1 but the team over in Redmond know about the issue so I expect this to be fixed in future releases.
So what is the real impact of this problem? I would say very little besides the fact that some certificate provider, like my customers today, maybe won’t issue a certificate if the check all the details carefully. Once you have your cert, even if it has the two fields mixed up, it will work just as expected so no huge issue but something to be aware about.
Update: I forgot to mention that this issue won’t happen if you generate your request from Exchange Management Shell! Thanks for the reminder Dave! And while I’m thanking I should say a thank you to TRUSTZONE as well who twice rejected our requests, wouldn’t have seen this other ways.
A great friend and fellow MVP, Anders Olsson, wrote a blog about how users in Outlook Web App get’s logged out after 5 minutes. Since Anders writes in Swedish we thought it would be a good idea to publish it in English as well so here it is.
More and more organizations are upgrading their Exchange solutions to Exchange 2013. Many of these organizations uses a Forefront Threat Management Gateway, TMG, to secure the messaging solution. In most cases this works perfectly well but some have ran into issues with dropped sessions after 5 minutes. This is a known problem when TMG and Exchange 2013 are communicating but it only affects a few customers and we have not yet found the common ground for these issues. Microsoft has not yet released a official fix for this but TMG has a feature that can be used to solve the problem.
Session timeout is normally based on a user choice when logging on. In the Forms based authentication form a user can choose between Public or private computer witch results in 10 or 360 minutes session timeout.
These timeout values can be set via “Advanced Form Options from Forms on each listener in TMG.
Changing the value of these settings has proven not to work for customers with these issues.
The solution to this problem is a feature in TMG called Credential Caching. From Advanced (Authentication Options) on the listener you will find Client Credentials Caching. The feature has a self explanatory name, it caches the credentials for a certain time and the default value is 300 seconds, witch of course is out 5 minutes. By changing this value we can raise the time clients stays logged on.
You should NOT change the timeout value if you don’t experience this specific issue!
More information about how to publish Exchange 2013 with TMG can be found on the Exchange Team blog.
Today Microsoft released Update Rollup 6 for Exchange Server 2010 Service Pack 2. I have installed it on two servers without any issues but I suggest you test all updates in your lab before you install.
A detailed description of fixes:
Update Rollup 6 for Exchange Server 2010 SP2 addresses the vulnerabilities that are described in Microsoft Security Bulletin MS13-012
This update also resolves the following issues:
2489941 The "legacyExchangeDN" value is shown in the "From" field instead of the "Simple Display Name" in an email message in an Exchange Server 2010 environment
2717453 You cannot move or delete a folder by using Outlook in online mode in an Exchange Server 2010 environment
2733608 Corrupted Japanese DBCS characters when you send a meeting request or post a reply to a posted item in a public folder in an Exchange Server 2010 environment
2734635 Folder-associated information (FAI) items are deleted when you run the New-InboxRule cmdlet or change Inbox rules in an Exchange Server 2010 environment
2737046 AutoPreview feature does not work when you use Outlook in online mode in an Exchange Server 2010 environment
2741117 High CPU utilization by Microsoft Exchange Replication service on Client Access servers in an Exchange Server 2010 environment
2746030 Incorrect ExternalURL value for EWS is returned by an Exchange Server 2010 Client Access server
2750188 Exchange Service Host service crashes when you start the service on an Exchange 2010 server
2751417 Synchronization fails if you sync an external device to a mailbox through EAS in an Exchange Server 2010 environment
2751581 OAB generation fails with event IDs 9126, 9330, and either 9338 or 9339 in an Exchange Server 2010 environment
2760999 "The signup domain ‘org’ derived from ‘<TenantDomainName>.org’ is not a valid domain" error message when you use the Hybrid Configuration wizard in an Exchange Server
2776259 Msftefd.exe process crashes if an email attachment has an unexpected file name extension or no file name extension in an Exchange Server 2010 environment
2779387 Duplicated email messages are displayed in the Sent Items folder in a EWS-based application that accesses an Exchange Server 2010 Mailbox server
2783586 Name order of a contact is displayed incorrectly after you edit the contact in an Exchange Server 2010 environment
2783631 User-Agent field is empty when you run the Get-ActiveSyncDeviceStatistics cmdlet in an Exchange Server 2010 SP2 environment
2783633 You cannot move or delete an email message that is larger than the maximum receive or send size in an Exchange Server 2010 environment
2783649 Private appointment is visible to a delegate in an Exchange Server 2010 environment
2783771 Mailbox on a mobile device is not updated when EAS is configured in an Exchange Server 2010 environment
2783772 Edgetransport.exe process crashes after a journal recipient receives an NDR message in an Exchange Server 2010 environment
2783776 You cannot perform a cross-premises search in a mailbox in an Exchange Server 2010 hybrid environment
2783782 Error message when you use Scanpst.exe on a .pst file in an Exchange Server 2010 environment
2784081 Store.exe process crashes if you add certain registry keys to an Exchange Server 2010 Mailbox server
2784083 Week numbers in the Outlook Web App and Outlook calendars are mismatched in an Exchange Server 2010 environment
2784093 SCOM alerts and event ID 4 in an Exchange Server 2010 SP2 organization that has Update Rollup 1 or later
2784566 Exchange RPC Client Access service crashes on an Exchange Server 2010 Mailbox server
2787023 Exchange Mailbox Assistants service crashes when you try to change a recurring calendar item or publish free/busy data in an Exchange Server 2010 environment
2793274 A new option is available that disables the PermanentlyDelete retention action in an Exchange Server 2010 organization
2793278 You cannot use the search function to search for mailbox items in an Exchange Server 2010 environment
2793279 Exchange Server 2010 does not restart when the Microsoft Exchange Replication service freezes
2793488 Internet Explorer freezes when you connect to the OWA several times in an Exchange Server 2010 environment
2810616 Email message delivery is delayed on a Blackberry mobile device after you install Update Rollup 4 for Exchange Server 2010 SP2
Today Microsoft released Update Rollup 10 for Exchange Server 2007 Service Pack 3. I have not yet installed it on any servers and I suggest you test all updates in your lab before you install.
A detailed description of fixes:
Update Rollup 10 for Exchange Server 2007 SP3 addresses the vulnerabilities that are described in Microsoft Security Bulletin MS13-012.
This update also resolves the issue that is described in the following Microsoft Knowledge Base article:
A hidden user is still displayed in the Organization information of Address Book in OWA in an Exchange Server 2007 environment
Update Rollup 10 for Exchange Server 2007 SP3 also includes new daylight saving time (DST) updates for Exchange Server 2007 SP3. For more information about DST, go to the following Microsoft website:
Update Rollup 4 for Exchange Server 2010 Service Pack 2 has been released and I already downloaded and installed it on a multi role server without issues. The only issue right now is that KB2706690 that describes all changes seems to be unavailable at the moment, but I guess that will be fixed soon.