Exchange 2016
Exchange 2019:- Rollback CVE-2023-21709 PowerShell script workaround
In the August 2023 Security update (SU) for Exchange Server 2016 and Exchange Server 2019, there was a work around that had to be put in place to remove the Token Cache Module in IIS to mitigate a vulnerability. Microsoft provided the script and you could apply it to...
Exchange 2016:- Event ID 4002 after performing migrations to Office 365 and invalid certificate
Sometimes the event logs on Exchange servers throw up errors or warnings that do not appear again. The event ID, 4002 for MSExchange Availability is a broad error/warning/informational alert. Looking a the error below, a Proxy request failed with an HTTP status code...
Exchange 2016:- LSA Event ID 6037 – could not authenticate to target autodiscover URL
As everything relies heavily on DNS and the ability to resolve names to IP's etc., if your DNS upstream is not working or something firewall/internally is not working, things do not always function as they should and you are presented with false positives. A friend of...
Exchange 2016:- Event ID 12000 – Deserialization Log for PowerShell Process
In one of my lab machines I was sifting through the log files and came across Event ID 12000 as shown below. As this lab machine does not have internet access at all, the error was a bit strange and no other alerts were raised. Nothing out of the ordinary was done...
Exchange 2013/2016/2019:- How NMAP reveals Exchange Server information.
Over the past few years, Microsoft Exchange Server has come under heavy attack and with each new Cumulative Update (CU) and Security Update (SU), CVE's are addressed and closed. The problem comes in when organisations do not patch servers (as mentioned in a few of my...
Exchange 2016 – Applying June 2023 Security update to CU23
We all know about the ongoing attacks on Exchange Servers and it is vitally important that you keep up-to-date with patching of your environments, even if it is standalone servers that are just performing management functions. Each Cumulative update (CU) and Security...
Exchange 2013/2016/2019:- Are you over exposing your server to the internet?
If you are new to Exchange, let me bring you up to speed with how attacks have increased since 2020 and Exchange servers that are published to the internet are vulnerable if not locked down. Back in the day, Admins would not patch anything because "it worked" and why...
Exchange 2016/2019 :- Apply the October 2022 Security update
The October 2022 security updates for the different Exchange versions are out and it is advisable to update your servers. In my lab, I am running different versions of Exchange servers but I updated my 2019 Exchange servers today. I added a few screenshots to show you...
Exchange 2013/2016 – Updated support for Active Directory environments
At the MEC event that recently took place, it was announced that you can now introduce Windows Server 2022 domain controllers if you are using the latest Cumulative Updates for Exchange 2013 and Exchange 2016. Below is a snippet from the supportability matrix on the...
Exchange 2013/2016/2019:- Health Checker a must have for Exchange Admins
In March 2020 when we had many Exchange servers world wide attacked, the Team at Microsoft put together a nice PowerShell script that provides plenty of output but the most important part is it gives you an overview of CVE vulnerabilities on the Exchange Server. The...