diff --git a/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerExchangeInformation.ps1 b/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerExchangeInformation.ps1
index 6fa3c4a2e5..5857857f54 100644
--- a/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerExchangeInformation.ps1
+++ b/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerExchangeInformation.ps1
@@ -116,6 +116,8 @@ function Invoke-AnalyzerExchangeInformation {
if ($null -ne $exchangeInformation.BuildInformation.KBsInstalled) {
Add-AnalyzedResultInformation -Name "Exchange IU or Security Hotfix Detected" @baseParams
+ $problemKbFound = $false
+ $problemKbName = "KB5029388"
foreach ($kb in $exchangeInformation.BuildInformation.KBsInstalled) {
$params = $baseParams + @{
@@ -123,6 +125,32 @@ function Invoke-AnalyzerExchangeInformation {
DisplayCustomTabNumber = 2
}
Add-AnalyzedResultInformation @params
+
+ if ($kb.Contains($problemKbName)) {
+ $problemKbFound = $true
+ }
+ }
+
+ if ($problemKbFound) {
+ Write-Verbose "Found problem $problemKbName"
+ if ($null -ne $HealthServerObject.OSInformation.BuildInformation.OperatingSystem.OSLanguage) {
+ [int]$OSLanguageID = [int]($HealthServerObject.OSInformation.BuildInformation.OperatingSystem.OSLanguage)
+ # https://learn.microsoft.com/en-us/windows/win32/cimwin32prov/win32-operatingsystem
+ $englishLanguageIDs = @(9, 1033, 2057, 3081, 4105, 5129, 6153, 7177, 8201, 10249, 11273)
+ if ($englishLanguageIDs.Contains($OSLanguageID)) {
+ Write-Verbose "OS is english language. No action required"
+ } else {
+ Write-Verbose "Non english language code: $OSLanguageID"
+ $params = $baseParams + @{
+ Details = "Error: August 2023 SU 1 Problem Detected. More Information: https://aka.ms/HC-Aug23SUIssue"
+ DisplayWriteType = "Red"
+ DisplayCustomTabNumber = 2
+ }
+ Add-AnalyzedResultInformation @params
+ }
+ } else {
+ Write-Verbose "Language Code is null"
+ }
}
}
diff --git a/Shared/Get-ExchangeBuildVersionInformation.ps1 b/Shared/Get-ExchangeBuildVersionInformation.ps1
index f56292d33f..4aa68a9d92 100644
--- a/Shared/Get-ExchangeBuildVersionInformation.ps1
+++ b/Shared/Get-ExchangeBuildVersionInformation.ps1
@@ -127,6 +127,7 @@ function Get-ExchangeBuildVersionInformation {
$cuReleaseDate = "05/03/2023"
$supportedBuildNumber = $true
}
+ (GetBuildVersion $ex19 "CU13" -SU "Aug23SUv2") { $latestSUBuild = $true }
(GetBuildVersion $ex19 "CU13" -SU "Aug23SU") { $latestSUBuild = $true }
{ $_ -lt (GetBuildVersion $ex19 "CU13") } {
$cuLevel = "CU12"
@@ -134,6 +135,7 @@ function Get-ExchangeBuildVersionInformation {
$supportedBuildNumber = $true
$orgValue = 16760
}
+ (GetBuildVersion $ex19 "CU12" -SU "Aug23SUv2") { $latestSUBuild = $true }
(GetBuildVersion $ex19 "CU12" -SU "Aug23SU") { $latestSUBuild = $true }
{ $_ -lt (GetBuildVersion $ex19 "CU12") } {
$cuLevel = "CU11"
@@ -221,6 +223,7 @@ function Get-ExchangeBuildVersionInformation {
$cuReleaseDate = "04/20/2022"
$supportedBuildNumber = $true
}
+ (GetBuildVersion $ex16 "CU23" -SU "Aug23SUv2") { $latestSUBuild = $true }
(GetBuildVersion $ex16 "CU23" -SU "Aug23SU") { $latestSUBuild = $true }
{ $_ -lt (GetBuildVersion $ex16 "CU23") } {
$cuLevel = "CU22"
@@ -693,15 +696,16 @@ function GetExchangeBuildDictionary {
"Nov22SU" = "15.1.2375.37"
})
"CU23" = (NewCUAndSUObject "15.1.2507.6" @{
- "May22SU" = "15.1.2507.9"
- "Aug22SU" = "15.1.2507.12"
- "Oct22SU" = "15.1.2507.13"
- "Nov22SU" = "15.1.2507.16"
- "Jan23SU" = "15.1.2507.17"
- "Feb23SU" = "15.1.2507.21"
- "Mar23SU" = "15.1.2507.23"
- "Jun23SU" = "15.1.2507.27"
- "Aug23SU" = "15.1.2507.31"
+ "May22SU" = "15.1.2507.9"
+ "Aug22SU" = "15.1.2507.12"
+ "Oct22SU" = "15.1.2507.13"
+ "Nov22SU" = "15.1.2507.16"
+ "Jan23SU" = "15.1.2507.17"
+ "Feb23SU" = "15.1.2507.21"
+ "Mar23SU" = "15.1.2507.23"
+ "Jun23SU" = "15.1.2507.27"
+ "Aug23SU" = "15.1.2507.31"
+ "Aug23SUv2" = "15.1.2507.32"
})
}
"Exchange2019" = @{
@@ -780,19 +784,21 @@ function GetExchangeBuildDictionary {
"Mar23SU" = "15.2.986.42"
})
"CU12" = (NewCUAndSUObject "15.2.1118.7" @{
- "May22SU" = "15.2.1118.9"
- "Aug22SU" = "15.2.1118.12"
- "Oct22SU" = "15.2.1118.15"
- "Nov22SU" = "15.2.1118.20"
- "Jan23SU" = "15.2.1118.21"
- "Feb23SU" = "15.2.1118.25"
- "Mar23SU" = "15.2.1118.26"
- "Jun23SU" = "15.2.1118.30"
- "Aug23SU" = "15.2.1118.36"
+ "May22SU" = "15.2.1118.9"
+ "Aug22SU" = "15.2.1118.12"
+ "Oct22SU" = "15.2.1118.15"
+ "Nov22SU" = "15.2.1118.20"
+ "Jan23SU" = "15.2.1118.21"
+ "Feb23SU" = "15.2.1118.25"
+ "Mar23SU" = "15.2.1118.26"
+ "Jun23SU" = "15.2.1118.30"
+ "Aug23SU" = "15.2.1118.36"
+ "Aug23SUv2" = "15.2.1118.37"
})
"CU13" = (NewCUAndSUObject "15.2.1258.12" @{
- "Jun23SU" = "15.2.1258.16"
- "Aug23SU" = "15.2.1258.23"
+ "Jun23SU" = "15.2.1258.16"
+ "Aug23SU" = "15.2.1258.23"
+ "Aug23SUv2" = "15.2.1258.25"
})
}
}
diff --git a/Shared/Tests/Get-ExchangeBuildVersionInformation.Tests.ps1 b/Shared/Tests/Get-ExchangeBuildVersionInformation.Tests.ps1
index 62a8a3782b..4261426631 100644
--- a/Shared/Tests/Get-ExchangeBuildVersionInformation.Tests.ps1
+++ b/Shared/Tests/Get-ExchangeBuildVersionInformation.Tests.ps1
@@ -173,14 +173,24 @@ Describe "Testing Get-ExchangeBuildVersionInformation.ps1" {
ForEach-Object { [System.Version]$_ } |
Sort-Object -Descending |
Select-Object -First 2
+
+ # RegEx to find if the latest is a v* version. Then we assume what we have set is correct and we don't test them.
$latestSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[0]
$latestSU.Supported | Should -Be $true
$latestSU.LatestSU | Should -Be $true
+ $notSecondVersionSU = $null -eq ($latestSU.FriendlyName | Select-String "\D{3}\d{2}SUv\d")
- if ($latest2SUs.Count -eq 2) {
+ if ($latest2SUs.Count -eq 2 -and
+ $notSecondVersionSU) {
$latestSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
$latestSU.Supported | Should -Be $true
$latestSU.LatestSU | Should -Be $false
+ } elseif ($latest2SUs.Count -eq 2) {
+ $secondSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
+ $secondSU.Supported | Should -Be $true
+ $latestSU.FriendlyName.Substring(0, $latestSU.FriendlyName.Length - 2) | Should -Be $secondSU.FriendlyName
+ # This test could change depending on the reason for the v2 release.
+ $secondSU.LatestSU | Should -Be $true
}
}
}
@@ -201,11 +211,19 @@ Describe "Testing Get-ExchangeBuildVersionInformation.ps1" {
$latestSupportedSU = Get-ExchangeBuildVersionInformation -FileVersion $latestSupportedSUs[0]
$latestSupportedSU.Supported | Should -Be $true
$latestSupportedSU.LatestSU | Should -Be $true
+ $notSecondVersionSU = $null -eq ($latestSupportedSU.FriendlyName | Select-String "\D{3}\d{2}SUv\d")
- if ($latestSupportedSUs.Count -eq 2) {
+ if ($latestSupportedSUs.Count -eq 2 -and
+ $notSecondVersionSU) {
$latestSupportedSU = Get-ExchangeBuildVersionInformation -FileVersion $latestSupportedSUs[1]
$latestSupportedSU.Supported | Should -Be $true
$latestSupportedSU.LatestSU | Should -Be $false
+ } elseif ($latestSupportedSUs.Count -eq 2) {
+ $secondSU = Get-ExchangeBuildVersionInformation -FileVersion $latestSupportedSUs[1]
+ $secondSU.Supported | Should -Be $true
+ $latestSupportedSU.FriendlyName.Substring(0, $latestSupportedSU.FriendlyName.Length - 2) | Should -Be $secondSU.FriendlyName
+ # This test could change depending on the reason for the v2 release.
+ $secondSU.LatestSU | Should -Be $true
}
$latestUnsupportedSUs = (GetExchangeBuildDictionary)["Exchange2019"][$unSupportedCU.CU].SU.Values |
@@ -240,9 +258,19 @@ Describe "Testing Get-ExchangeBuildVersionInformation.ps1" {
$latestSU.Supported | Should -Be $true
$latestSU.LatestSU | Should -Be $true
- $previousSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
- $previousSU.Supported | Should -Be $true
- $previousSU.LatestSU | Should -Be $false
+ $notSecondVersionSU = $null -eq ($latestSU.FriendlyName | Select-String "\D{3}\d{2}SUv\d")
+
+ if ($notSecondVersionSU) {
+ $previousSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
+ $previousSU.Supported | Should -Be $true
+ $previousSU.LatestSU | Should -Be $false
+ } else {
+ $previousSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
+ $previousSU.Supported | Should -Be $true
+ $latestSU.FriendlyName.Substring(0, $latestSU.FriendlyName.Length - 2) | Should -Be $previousSU.FriendlyName
+ # This test could change depending on the reason for the v2 release.
+ $previousSU.LatestSU | Should -Be $true
+ }
(Get-ExchangeBuildVersionInformation -FileVersion $latest2CUs[1]).Supported | Should -Be $false
}
diff --git a/docs/Emerging-Issues.md b/docs/Emerging-Issues.md
index 5d9263efe8..871b058386 100644
--- a/docs/Emerging-Issues.md
+++ b/docs/Emerging-Issues.md
@@ -9,9 +9,10 @@ This page lists emerging issues for Exchange On-Premises deployments, possible r
|**Updated on** | **Update causing the issue**| **Issue**| **Workaround/Solution**
|-|-|-|-|
+8/15/2023|[Non-English August 2023 Security Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/ba-p/3892811) for Exchange 2016, Exchange 2019 | When you install the Microsoft Exchange Server 2019 or 2016 August 2023 Security Update (SU) on a Windows Server-based device that is running a non-English operating system (OS) version, Setup suddenly stops and rolls back the changes. However, the Exchange Server services remain in a disabled state. |The latest SUs have been released that do not require a workaround to install. If you used a workaround to install KB5029388, it is highly recommend to uninstall the KB5029388 to avoid issues down the line. For more information please check out [this KB](https://support.microsoft.com/topic/exchange-server-2019-and-2016-august-2023-security-update-installation-fails-on-non-english-operating-systems-ef38d805-f645-4511-8cc5-cf967e5d5c75).
6/15/2023|[January 2023 Security Update](https://www.microsoft.com/en-us/download/details.aspx?id=104914) for Exchange 2016, Exchange 2019 | When you try to uninstall Microsoft Exchange Server 2019 or 2016 on servers, that had January 2023 Security Update for Exchange Server installed at any point, the Setup fails with following error message:
[ERROR] The operation couldn't be performed because object '' couldn't be found on ''. |Install Exchange Security Update June 2023 or higher to resolve the issue. Check [this KB](https://support.microsoft.com/help/5025312) for more details
6/15/2023|Extended protection enabled on Exchange server | Changing the permissions for Public Folders by using an Outlook client will fail with the following error, if Extended Protection is enabled:
`The modified Permissions cannot be changed.`| Install Exchange Security Update June 2023 or higher to resolve the issue. Check [this KB](https://support.microsoft.com/en-us/topic/extended-protection-doesn-t-support-public-folder-client-permissions-management-through-outlook-bd2037b5-40e0-413a-b368-746b3f5439ee) for more details
-|3/16/2023| [Outlook client update for CVE-2023-23397 released](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397)| These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action **other than updating Exchange servers in their environment, and if applicable, installing the security update for Outlook on Windows described on the link on the right.**
More details about specific CVEs can be found in the [Security Update Guide](https://msrc.microsoft.com/update-guide/) (filter on Exchange Server under Product Family).
**Awareness: Outlook client update for CVE-2023-23397 released**
There is a critical security update for Microsoft Outlook for Windows that is required to address [CVE-2023-23397](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397). To address this CVE, **you must install the Outlook security update, regardless of where your mail is hosted (e.g., Exchange Online, Exchange Server, some other platform).** | **Please check [this page](https://aka.ms/OLKCVEFAQ) for FAQs about the [Outlook CVE-2023-23397](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397)**
+|3/16/2023| [Outlook client update for CVE-2023-23397 released](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397)| These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action **other than updating Exchange servers in their environment, and if applicable, installing the security update for Outlook on Windows described on the link on the right.**
More details about specific CVEs can be found in the [Security Update Guide](https://msrc.microsoft.com/update-guide/) (filter on Exchange Server under Product Family).
**Awareness: Outlook client update for CVE-2023-23397 released**
There is a critical security update for Microsoft Outlook for Windows that is required to address [CVE-2023-23397](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397). To address this CVE, **you must install the Outlook security update, regardless of where your mail is hosted (e.g., Exchange Online, Exchange Server, some other platform).** | **Please check [this page](https://aka.ms/OLKCVEFAQ) for FAQs about the [Outlook CVE-2023-23397](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397)**
3/14/2023|[February 2023 Security Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-february-2023-exchange-server-security-updates/ba-p/3741058) for Exchange 2016, Exchange 2019, Exchange 2013 | After installing February 2023 security update, customers are seeing EWS application pool crash with Event ID 4999 with following error
E12IIS, c-RTL-AMD64, 15.01.2507.021, w3wp#MSExchangeServicesAppPool, M.Exchange.Diagnostics, M.E.D.ChainedSerializationBinder.EnforceBlockReason, M.E.Diagnostics.BlockedDeserializeTypeException, 437c-dumptidset, 15.01.2507.021.
The issue is causing connectivity issues to EWS based clients (Outlook for Mac) | **Update on 3/14/2023**
The issue is fixed in [March 2023 security update for Exchange servers](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2023-exchange-server-security-updates/ba-p/3764224)
Please follow the steps in [this KB](https://support.microsoft.com/help/5024257)
3/14/2023|[February 2023 Security Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-february-2023-exchange-server-security-updates/ba-p/3741058) for Exchange 2016, Exchange 2019, Exchange 2013 | Some customers are reporting issues with Outlook/OWA add-ins, like add-in not listing in EAC or with the Get-App command. Additionally, they may notice EWS application pool crash with Event ID 4999 in the application log of the Exchange server. | **Update on 3/14/2023**
The issue is fixed in [March 2023 security update for Exchange servers](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2023-exchange-server-security-updates/ba-p/3764224)
3/14/2023|[January 2023 Security Update](https://www.microsoft.com/en-us/download/details.aspx?id=104914) for Exchange 2016, Exchange 2019 |The Exchange toolbox may start crashing on launch after [certificate Serialization for PowerShell](https://aka.ms/HC-SerializedDataSigning) is enabled. The error noticed is "Deserialization fails: System.Reflection.TargetInvocationException".
The issue happens only on Exchange 2016 and Exchange 2019| **Update on 3/14/2023**
The issue is fixed in [March 2023 security update for Exchange servers](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2023-exchange-server-security-updates/ba-p/3764224)