Microsoft Exchange and Active Directory Blog
A single user was no longer able to access his mailbox after a database failure due to a full log file partition. The problem only affected one user, while all other users were able to access the mailboxes in the database again. A general problem with the database could therefore be ruled out. The settings of the ... Read more
During a server migration, the problem occurred that a certificate could not be exported. During the migration, only the operating system was to be replaced with a current version and the certificate was to continue to be used if possible. In this specific case, it was a wildcard certificate, but the setting "Private key ... Read more
On an Exchange 2016 server that had configured its certificate from Let's Encrypt with the WIN-ACME client, the installation of a CU was aborted with an error at step 16 of 18: Here is the full test of the error message: Error: The following error was generated when "$error.Clear(); Install-ExchangeCertificate -services "IIS, POP, IMAP" -DomainController $RoleDomainController if ($RoleIsDatacenter ... Read more
After the update is before the update. Today, Microsoft released the Cumulative Updates for Exchange Server 2016 and 2019. Both CUs contain the previous security updates from 02.03.21. CU 20 is the penultimate CU for Exchange Server 2016, after which only security updates will be released. For Exchange 2016, the last ... Read more
Microsoft provides the tool "Exchange On-premises Mitigation Tool (EOMT) to secure unpatched Exchange servers for download: https://github.com/microsoft/CSS-Exchange/tree/main/Security EOMT first secures the Exchange server against the vulnerability CVE-2021-26855 using URL rewrite and then downloads the Microsoft Safty Scanner to check the server for a successful attack. However, EOMT does not install the available updates ... Read more
In the case of successfully attacked Exchange servers with the HAFNIUM exploit, the directory permissions may be changed, resulting in affected Exchange servers reporting an error message when installing updates. Here is an example of a directory where the permissions have been changed: As can be seen in the screenshot, the permissions for the principal ... Read more
The exploit for the Exchange vulnerabilities is now publicly available and, as was to be expected, is spreading even further. Initially, the exploit was blocked on GitHub, which naturally resulted in the exploit being published on various sites. In the meantime, the exploit is also available again on GitHub, only on other ... Read more
Due to the severity of the HAFNIUM exploit, Microsoft has released further updates for older Exchange Server versions. However, the updates cannot be obtained via Windows Update, but must be downloaded and installed manually. Further information on the updates can be found here: March 2021 Exchange Server Security Updates for older Cumulative Updates of Exchange Server Some ... Read more
Many admins are currently reporting a successful attack on their Exchange server. Many are finding evidence of unauthorized access or even an installed web shell. Many are now unsure what to do or how to proceed. Some are now implementing IIS rewrite rules or deactivating the UM services, for example, as described in this article by ... Read more
Many people have already noticed and reported that the newsletter no longer works. It wasn't actually a newsletter, but rather a notification of new posts. Unfortunately, the WordPress plugin I had been using no longer worked reliably and sending the emails also caused problems. Many ... Read more
