Comments on: Microsoft Issues Critical Security Updates for Exchange Server https://practical365.com/microsoft-issues-critical-security-updates-for-exchange-server/ Practical Office 365 News, Tips, and Tutorials Fri, 28 Jul 2023 00:31:20 +0000 hourly 1 https://wordpress.org/?v=6.3.2 By: Cedric https://practical365.com/microsoft-issues-critical-security-updates-for-exchange-server/#comment-236033 Wed, 21 Jul 2021 15:30:38 +0000 https://practical365.com/?p=50269#comment-236033 Successfully installed RU32 on both our Ex2010 Servers along with Visual C++ Redistributable.

Having intermittent issues with OWA and the EMC failing… stuck at ‘Adding snap-in console’ basically times out and won’t launch successfully. I’m not seeing any relevant event logs info.

I’ve done several uninstalls/re-installs of the update and reboots with no luck.

Any ideas on what could be causing the issue?

]]>
By: Tony Redmond https://practical365.com/microsoft-issues-critical-security-updates-for-exchange-server/#comment-234170 Mon, 05 Apr 2021 09:41:33 +0000 https://practical365.com/?p=50269#comment-234170 In reply to M Elyas.

If you are confident that your server is fully patched, you can allow OWA access.

]]>
By: M Elyas https://practical365.com/microsoft-issues-critical-security-updates-for-exchange-server/#comment-234167 Mon, 05 Apr 2021 07:53:57 +0000 https://practical365.com/?p=50269#comment-234167 Hi
I ask about opening OWA from outside after we install update its secure to open it??
so user can access Email over internet

]]>
By: Daniel Rita https://practical365.com/microsoft-issues-critical-security-updates-for-exchange-server/#comment-234143 Thu, 01 Apr 2021 21:42:26 +0000 https://practical365.com/?p=50269#comment-234143 Hi Tony,

I have a coexistence scenario between exchange 2010 SP3 and Exchange 2016, i’ve installed Rollup 32 in Exchange 2010 FE, and CU20 in the Exchange 2016, i’m getting an “invalid canary ” error when try to access to /ecp in the 2010 mailboxes, did anyone experienced the same?

Kind Regards,

]]>
By: Tony Redmond https://practical365.com/microsoft-issues-critical-security-updates-for-exchange-server/#comment-234045 Thu, 18 Mar 2021 23:30:39 +0000 https://practical365.com/?p=50269#comment-234045 In reply to Francis.

Why would you roll back the mitigations?

]]>
By: Francis https://practical365.com/microsoft-issues-critical-security-updates-for-exchange-server/#comment-234044 Thu, 18 Mar 2021 23:25:36 +0000 https://practical365.com/?p=50269#comment-234044 Hello, After running the all in one mitigation script and patching the servers (CU19). Should I roll back the mitigations?

]]>
By: Stuart https://practical365.com/microsoft-issues-critical-security-updates-for-exchange-server/#comment-234035 Thu, 18 Mar 2021 10:56:57 +0000 https://practical365.com/?p=50269#comment-234035 In reply to Tony Redmond.

Thanks Tony, that’s really helpful!

Great article by the way!

]]>
By: kash https://practical365.com/microsoft-issues-critical-security-updates-for-exchange-server/#comment-234020 Wed, 17 Mar 2021 13:38:45 +0000 https://practical365.com/?p=50269#comment-234020 Thanks for your response and advice

Upgraded fron Exchange 2016 CU17 to CU19 in a DAG environment took 5 hours from start to end

HAFNIUM patch took 45 mintues in DAG

Main point, it’s slow and cumbersome but paitence and lots of coffee.

]]>
By: Tony Redmond https://practical365.com/microsoft-issues-critical-security-updates-for-exchange-server/#comment-234018 Wed, 17 Mar 2021 13:02:17 +0000 https://practical365.com/?p=50269#comment-234018 In reply to Stuart Taylor.

https://docs.microsoft.com/en-us/exchange/plan-and-deploy/deployment-ref/network-ports?view=exchserver-2019 says that 443 is used for:

Encrypted web connections are used by the following clients and services:
• Autodiscover service
• Exchange ActiveSync
• Exchange Web Services (EWS)
• Offline address book (OAB) distribution
• Outlook Anywhere (RPC over HTTP)
• Outlook MAPI over HTTP
• Outlook on the web (formerly known as Outlook Web App)

If you don’t use those features, you can keep 443 off. EWS is used in hybrid deployments to access on-premises mailboxes for calendar data, but as you say, all mailboxes are in the cloud, so….

]]>
By: Stuart Taylor https://practical365.com/microsoft-issues-critical-security-updates-for-exchange-server/#comment-234015 Wed, 17 Mar 2021 10:30:38 +0000 https://practical365.com/?p=50269#comment-234015 Hi there,

We are running Exchange 2016 hybrid. Our on-premise Exchange server doesn’t host any mailboxes and is now fully patched. We’ve also temporarily blocked inbound access through 443 whilst the patching was being carried out and have confirmed that no malicious access or files have occurred.

Is there any reason why we need to unblock port 443? I’ve read that it’s needed for OWA, which we don’t use as all email is accessed via Exchange Online and also for Autodiscovery but I’m not sure if that’s something that we need if all our users access Office 365 Online.

Any advice greatly appreciated!

Thanks!

]]>