Tag Archives: Exchange 2019

Open attachment in Shared Mailbox using OWA

Last September Microsoft released their quarterly Cumulative Updates for Exchange, Exchange 2016 CU18 and Exchange 2019 CU7. This was quickly followed by a security update, KB4581424 that addresses the CVE-2020-16969 Microsoft Exchange Information Disclosure vulnerability.

Unfortunately, the Exchange 2016 CU18 and Exchange 2019 CU7 contain a nasty bug. If you use OWA, open a shared mailbox and try to access an attachment, OWA redirects to Office 365 instead of the on-premises Exchange 2016/2019 server to download it. This happens in an hybrid environment, but also in a pure on-premises Exchange deployment without any Office 365 connection.

The error message reads:

Hmmm… can’t reach this page
It looks like the webpage at
https://outlook.office365.com/owa/sharedmailbox@contoso.com/services.svc/s/GetAttachmentDownloadToken?redirect=%2fowa%sharedmailbox%40contoso.com%fservices.svc%2fservices.svc%2fsGetFileAttachment….

Microsoft is aware of this issue and it will be fixed in the next Cumulative Updates for Exchange 2016 and Exchange 2019. Looking at the quarterly cadence this should be by the end of this year.

If you have a Microsoft Premier support contract and this is an issue that impacts your business you can open a support ticket and request a fix for this. This service is available for Premier support customers only.

This fix is a replacement for the KB4581424 security update, as such it contains all the fixes in KB4581424, plus the OWA Attachment hotfix. If you are a Premier support customer and do have this fix available, make sure that you uninstall the KB4581424 first before installing this update.
One workaround that I’ve seen in a newsgroup is not to open the Shared Mailbox as “Open another mailbox” but as “Add shared folder”. This should work also, but I have not tested it. I do have a customer with a Premier support contract, I can confirm the problem is fixed in the interim update.

OCTOBER SECURITY UPDATE FOR EXCHANGE 2013, 2016 AND 2019

On October 13, 2020 Microsoft released a security update for Exchange 2013, Exchange 2016 and Exchange 2019 that addresses the Microsoft Exchange information Disclosure Vulnerability as discussed in CVE-2020-16969 | Microsoft Exchange Information Disclosure Vulnerability

An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.

To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems.

The security update corrects the way that Exchange handles these token validations.

Please be aware that the updates are CU specific. The fact that an update for Exchange 2013 is released indicates the importance of this Security Update.

When installing, start the Security Update from an elevated command prompt (Run As Administrator) and as always, test the security update thoroughly.

ProductKB ArticleDownload
Microsoft Exchange Server 2013 Cumulative Update 23KB4581424Security Update
Microsoft Exchange Server 2016 Cumulative Update 17KB4581424Security Update
Microsoft Exchange Server 2016 Cumulative Update 18KB4581424Security Update
Microsoft Exchange Server 2019 Cumulative Update 6KB4581424Security Update
Microsoft Exchange Server 2019 Cumulative Update 7KB4581424Security Update

Exchange 2019 CU7 Exchange 2016 CU18

On September 15 Microsoft released two updates for their on-premises Exchange servers:

  • Exchange 2019 Cumulative Update 7
  • Exchange 2016 Cumulative Update 18

Note. This is the second-last Cumulative Update for Exchange 2016! As Microsoft has announced earlier, Exchange 2016 will be out of mainstream support this October. The last Cumulative Update is expected in December 2020.

Both updates contain security and nonsecurity updates, the recently released security update for Exchange 2016 and Exchange 2019 that addresses the CVE-2020-16875 vulnerability is also included in these CU’s.

Both updates also contain the latest Daylight Saving Time (DST) Updates.

In earlier posts it was mentioned that no changes in Active Directory are introduced, so there was no need to run Setup with the /PrepareAD and /PrepareDomain option. However, when you check the Microsoft documentation you’ll notice that AD and Domain versions are increased, so this time there is a need to run /PrepareAD and /PrepareDomain. If you run the /PrepareAD, make sure you have sufficient permission to execute this command (member of the Enterprise Admins Security Group).

The same is true when upgrading for Exchange 2016. you must run Setup.exe /PrepareSchema, Setup.exe /PrepareAD or Setup.exe /PrepareDomain.

Autodiscover EventID 1 can occur after installing Exchange 2019 CU3 or after installing Exchange 2016 CU14. I’ve blogged about this before on EventID 1 MSExchange Autodiscover. I am not sure if this still is the case 😉.

Downloads

More information

Updated on October 30, 2020

Exchange 2016 CU15 and Exchange 2019 CU4 released

On December 17, 2019 Microsoft has released its quarterly updates for Exchange Server:

  • Exchange 2016 CU15.
  • Exchange 2019 CU4 (only available via Volume License).

There are a couple of things that are worth noting:

  1. Both Exchange server versions need the .NET Framework 4.8. If you are running an older version of Exchange (much older) consult Michel de Rooij’s blogpost Upgrade Paths for CU’s and .NET.
  2. If you are running an Exchange Hybrid version there’s the n-1 policy. This means your on-premises versions of Exchange should be Exchange 2016 CU14 or Exchange 2019 CU3 at minimum.
  3. There’s an update on the Exchange calculator which is now version 10.3.
  4. There are no schema changes compared to the previous version so there’s no need to run Setup.exe /PrepareSchema. I always recommend running Setup.exe /PrepareAD to make sure any additional features or changes like (for example) RBAC are applied correctly.

So now real new features which is in line with Microsoft’s strategy. If you need the latest and greatest then Exchange Online is the way to go. If you need a stable on-premises environment you’re good with Exchange 2016 or Exchange 2019.

More information

Released: December 2019 Quarterly Exchange Updates
Exchange 2016 CU15 Download: https://www.microsoft.com/en-us/download/details.aspx?id=100780
Exchange 2016 CU15 UM Pack: https://www.microsoft.com/en-us/download/details.aspx?id=100781

 

Exchange 2019 on Windows Server Core disk management

When installing an Exchange 2019 Edge Transport server on Windows 2019 Server core I realized there’s no disk management MMC snap-in, so all disk configuration needs to be done using PowerShell.

For this blogpost I added a 20GB disk to my Windows 2019 Server Core server which I want to use as a D:\ drive for my SMTP queue.

You can use the Get-Disk command to retrieve the server’s disk configuration, and you can pipe this disk object into the Initialize-Disk command to bring it online and assign a new partition:

Get-Disk –Number 1 | Initialize-Disk –PartitionStyle GPT New-Partition –DiskNumber 1 –UseMaximumSize

Initialize-Disk

By default, Windows installs on drive C:\ and the DVD is mounted as drive D:\. You can use the Get-WmiObject and the Set-WmiInstance commands to assign it a different drive letter, for example drive Z:\

Get-WmiObject -Class Win32_volume -Filter ‘DriveType=5′ | Select -First 1 | Set-WmiInstance -Arguments @{DriveLetter=’Z:’}

The next step is to assign drive letter D:\ to the newly added disk:

Add-PartitionAccessPath -DiskNumber 1 -PartitionNumber 2 –AccessPath “D:\”

And finally format it using NTFS file system and a block size of 64KB:

Get-Partition –Disknumber 1 –PartitionNumber 2 | Format-Volume –FileSystem NTFS –NewFileSystemLabel “Queue” -AllocationUnitSize 65536 –Confirm:$false

format-disk

Now you can continue with the standard installation procedure for an Exchange 2019 Edge Transport server (which does not differ from an Exchange 2013 or Exchange 2016 Edge Transport server)