Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 8-15-23 #1811

Merged
merged 6 commits into from
Aug 16, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -116,13 +116,41 @@ function Invoke-AnalyzerExchangeInformation {

if ($null -ne $exchangeInformation.BuildInformation.KBsInstalled) {
Add-AnalyzedResultInformation -Name "Exchange IU or Security Hotfix Detected" @baseParams
$problemKbFound = $false
$problemKbName = "KB5029388"

foreach ($kb in $exchangeInformation.BuildInformation.KBsInstalled) {
$params = $baseParams + @{
Details = $kb
DisplayCustomTabNumber = 2
}
Add-AnalyzedResultInformation @params

if ($kb.Contains($problemKbName)) {
$problemKbFound = $true
}
}

if ($problemKbFound) {
Write-Verbose "Found problem $problemKbName"
if ($null -ne $HealthServerObject.OSInformation.BuildInformation.OperatingSystem.OSLanguage) {
[int]$OSLanguageID = [int]($HealthServerObject.OSInformation.BuildInformation.OperatingSystem.OSLanguage)
# https://learn.microsoft.com/en-us/windows/win32/cimwin32prov/win32-operatingsystem
$englishLanguageIDs = @(9, 1033, 2057, 3081, 4105, 5129, 6153, 7177, 8201, 10249, 11273)
if ($englishLanguageIDs.Contains($OSLanguageID)) {
Write-Verbose "OS is english language. No action required"
} else {
Write-Verbose "Non english language code: $OSLanguageID"
$params = $baseParams + @{
Details = "Error: August 2023 SU 1 Problem Detected. More Information: https://aka.ms/HC-Aug23SUIssue"
DisplayWriteType = "Red"
DisplayCustomTabNumber = 2
}
Add-AnalyzedResultInformation @params
}
} else {
Write-Verbose "Language Code is null"
}
}
}

Expand Down
46 changes: 26 additions & 20 deletions Shared/Get-ExchangeBuildVersionInformation.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -127,13 +127,15 @@ function Get-ExchangeBuildVersionInformation {
$cuReleaseDate = "05/03/2023"
$supportedBuildNumber = $true
}
(GetBuildVersion $ex19 "CU13" -SU "Aug23SUv2") { $latestSUBuild = $true }
(GetBuildVersion $ex19 "CU13" -SU "Aug23SU") { $latestSUBuild = $true }
{ $_ -lt (GetBuildVersion $ex19 "CU13") } {
$cuLevel = "CU12"
$cuReleaseDate = "04/20/2022"
$supportedBuildNumber = $true
$orgValue = 16760
}
(GetBuildVersion $ex19 "CU12" -SU "Aug23SUv2") { $latestSUBuild = $true }
(GetBuildVersion $ex19 "CU12" -SU "Aug23SU") { $latestSUBuild = $true }
{ $_ -lt (GetBuildVersion $ex19 "CU12") } {
$cuLevel = "CU11"
Expand Down Expand Up @@ -221,6 +223,7 @@ function Get-ExchangeBuildVersionInformation {
$cuReleaseDate = "04/20/2022"
$supportedBuildNumber = $true
}
(GetBuildVersion $ex16 "CU23" -SU "Aug23SUv2") { $latestSUBuild = $true }
(GetBuildVersion $ex16 "CU23" -SU "Aug23SU") { $latestSUBuild = $true }
{ $_ -lt (GetBuildVersion $ex16 "CU23") } {
$cuLevel = "CU22"
Expand Down Expand Up @@ -693,15 +696,16 @@ function GetExchangeBuildDictionary {
"Nov22SU" = "15.1.2375.37"
})
"CU23" = (NewCUAndSUObject "15.1.2507.6" @{
"May22SU" = "15.1.2507.9"
"Aug22SU" = "15.1.2507.12"
"Oct22SU" = "15.1.2507.13"
"Nov22SU" = "15.1.2507.16"
"Jan23SU" = "15.1.2507.17"
"Feb23SU" = "15.1.2507.21"
"Mar23SU" = "15.1.2507.23"
"Jun23SU" = "15.1.2507.27"
"Aug23SU" = "15.1.2507.31"
"May22SU" = "15.1.2507.9"
"Aug22SU" = "15.1.2507.12"
"Oct22SU" = "15.1.2507.13"
"Nov22SU" = "15.1.2507.16"
"Jan23SU" = "15.1.2507.17"
"Feb23SU" = "15.1.2507.21"
"Mar23SU" = "15.1.2507.23"
"Jun23SU" = "15.1.2507.27"
"Aug23SU" = "15.1.2507.31"
"Aug23SUv2" = "15.1.2507.32"
})
}
"Exchange2019" = @{
Expand Down Expand Up @@ -780,19 +784,21 @@ function GetExchangeBuildDictionary {
"Mar23SU" = "15.2.986.42"
})
"CU12" = (NewCUAndSUObject "15.2.1118.7" @{
"May22SU" = "15.2.1118.9"
"Aug22SU" = "15.2.1118.12"
"Oct22SU" = "15.2.1118.15"
"Nov22SU" = "15.2.1118.20"
"Jan23SU" = "15.2.1118.21"
"Feb23SU" = "15.2.1118.25"
"Mar23SU" = "15.2.1118.26"
"Jun23SU" = "15.2.1118.30"
"Aug23SU" = "15.2.1118.36"
"May22SU" = "15.2.1118.9"
"Aug22SU" = "15.2.1118.12"
"Oct22SU" = "15.2.1118.15"
"Nov22SU" = "15.2.1118.20"
"Jan23SU" = "15.2.1118.21"
"Feb23SU" = "15.2.1118.25"
"Mar23SU" = "15.2.1118.26"
"Jun23SU" = "15.2.1118.30"
"Aug23SU" = "15.2.1118.36"
"Aug23SUv2" = "15.2.1118.37"
})
"CU13" = (NewCUAndSUObject "15.2.1258.12" @{
"Jun23SU" = "15.2.1258.16"
"Aug23SU" = "15.2.1258.23"
"Jun23SU" = "15.2.1258.16"
"Aug23SU" = "15.2.1258.23"
"Aug23SUv2" = "15.2.1258.25"
})
}
}
Expand Down
38 changes: 33 additions & 5 deletions Shared/Tests/Get-ExchangeBuildVersionInformation.Tests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -173,14 +173,24 @@ Describe "Testing Get-ExchangeBuildVersionInformation.ps1" {
ForEach-Object { [System.Version]$_ } |
Sort-Object -Descending |
Select-Object -First 2

# RegEx to find if the latest is a v* version. Then we assume what we have set is correct and we don't test them.
$latestSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[0]
$latestSU.Supported | Should -Be $true
$latestSU.LatestSU | Should -Be $true
$notSecondVersionSU = $null -eq ($latestSU.FriendlyName | Select-String "\D{3}\d{2}SUv\d")

if ($latest2SUs.Count -eq 2) {
if ($latest2SUs.Count -eq 2 -and
$notSecondVersionSU) {
$latestSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
$latestSU.Supported | Should -Be $true
$latestSU.LatestSU | Should -Be $false
} elseif ($latest2SUs.Count -eq 2) {
$secondSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
$secondSU.Supported | Should -Be $true
$latestSU.FriendlyName.Substring(0, $latestSU.FriendlyName.Length - 2) | Should -Be $secondSU.FriendlyName
# This test could change depending on the reason for the v2 release.
$secondSU.LatestSU | Should -Be $true
}
}
}
Expand All @@ -201,11 +211,19 @@ Describe "Testing Get-ExchangeBuildVersionInformation.ps1" {
$latestSupportedSU = Get-ExchangeBuildVersionInformation -FileVersion $latestSupportedSUs[0]
$latestSupportedSU.Supported | Should -Be $true
$latestSupportedSU.LatestSU | Should -Be $true
$notSecondVersionSU = $null -eq ($latestSupportedSU.FriendlyName | Select-String "\D{3}\d{2}SUv\d")

if ($latestSupportedSUs.Count -eq 2) {
if ($latestSupportedSUs.Count -eq 2 -and
$notSecondVersionSU) {
$latestSupportedSU = Get-ExchangeBuildVersionInformation -FileVersion $latestSupportedSUs[1]
$latestSupportedSU.Supported | Should -Be $true
$latestSupportedSU.LatestSU | Should -Be $false
} elseif ($latestSupportedSUs.Count -eq 2) {
$secondSU = Get-ExchangeBuildVersionInformation -FileVersion $latestSupportedSUs[1]
$secondSU.Supported | Should -Be $true
$latestSupportedSU.FriendlyName.Substring(0, $latestSupportedSU.FriendlyName.Length - 2) | Should -Be $secondSU.FriendlyName
# This test could change depending on the reason for the v2 release.
$secondSU.LatestSU | Should -Be $true
}

$latestUnsupportedSUs = (GetExchangeBuildDictionary)["Exchange2019"][$unSupportedCU.CU].SU.Values |
Expand Down Expand Up @@ -240,9 +258,19 @@ Describe "Testing Get-ExchangeBuildVersionInformation.ps1" {
$latestSU.Supported | Should -Be $true
$latestSU.LatestSU | Should -Be $true

$previousSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
$previousSU.Supported | Should -Be $true
$previousSU.LatestSU | Should -Be $false
$notSecondVersionSU = $null -eq ($latestSU.FriendlyName | Select-String "\D{3}\d{2}SUv\d")

if ($notSecondVersionSU) {
$previousSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
$previousSU.Supported | Should -Be $true
$previousSU.LatestSU | Should -Be $false
} else {
$previousSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
$previousSU.Supported | Should -Be $true
$latestSU.FriendlyName.Substring(0, $latestSU.FriendlyName.Length - 2) | Should -Be $previousSU.FriendlyName
# This test could change depending on the reason for the v2 release.
$previousSU.LatestSU | Should -Be $true
}

(Get-ExchangeBuildVersionInformation -FileVersion $latest2CUs[1]).Supported | Should -Be $false
}
Expand Down
3 changes: 2 additions & 1 deletion docs/Emerging-Issues.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,10 @@ This page lists emerging issues for Exchange On-Premises deployments, possible r

|**Updated on** | **Update causing the issue**| **Issue**| **Workaround/Solution**
|-|-|-|-|
8/15/2023|[Non-English August 2023 Security Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/ba-p/3892811) for Exchange 2016, Exchange 2019 | When you install the Microsoft Exchange Server 2019 or 2016 August 2023 Security Update (SU) on a Windows Server-based device that is running a non-English operating system (OS) version, Setup suddenly stops and rolls back the changes. However, the Exchange Server services remain in a disabled state. |The latest SUs have been released that do not require a workaround to install. If you used a workaround to install KB5029388, it is highly recommend to uninstall the KB5029388 to avoid issues down the line. For more information please check out [this KB](https://support.microsoft.com/topic/exchange-server-2019-and-2016-august-2023-security-update-installation-fails-on-non-english-operating-systems-ef38d805-f645-4511-8cc5-cf967e5d5c75).
6/15/2023|[January 2023 Security Update](https://www.microsoft.com/en-us/download/details.aspx?id=104914) for Exchange 2016, Exchange 2019 | When you try to uninstall Microsoft Exchange Server 2019 or 2016 on servers, that had January 2023 Security Update for Exchange Server installed at any point, the Setup fails with following error message: <BR><BR>[ERROR] The operation couldn't be performed because object '<ServerName>' couldn't be found on '<DomainControllerName>'. |Install Exchange Security Update June 2023 or higher to resolve the issue. Check [this KB](https://support.microsoft.com/help/5025312) for more details
6/15/2023|Extended protection enabled on Exchange server | Changing the permissions for Public Folders by using an Outlook client will fail with the following error, if Extended Protection is enabled: <BR><BR>`The modified Permissions cannot be changed.`| Install Exchange Security Update June 2023 or higher to resolve the issue. Check [this KB](https://support.microsoft.com/en-us/topic/extended-protection-doesn-t-support-public-folder-client-permissions-management-through-outlook-bd2037b5-40e0-413a-b368-746b3f5439ee) for more details
|3/16/2023| [Outlook client update for CVE-2023-23397 released](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397)| These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action **other than updating Exchange servers in their environment, and if applicable, installing the security update for Outlook on Windows described on the link on the right.**<br>More details about specific CVEs can be found in the [Security Update Guide](https://msrc.microsoft.com/update-guide/) (filter on Exchange Server under Product Family).<br>**Awareness: Outlook client update for CVE-2023-23397 released**<br>There is a critical security update for Microsoft Outlook for Windows that is required to address [CVE-2023-23397](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397). To address this CVE, **you must install the Outlook security update, regardless of where your mail is hosted (e.g., Exchange Online, Exchange Server, some other platform).** | **Please check [this page](https://aka.ms/OLKCVEFAQ) for FAQs about the [Outlook CVE-2023-23397](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397)**
|3/16/2023| [Outlook client update for CVE-2023-23397 released](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397)| These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action **other than updating Exchange servers in their environment, and if applicable, installing the security update for Outlook on Windows described on the link on the right.**<br>More details about specific CVEs can be found in the [Security Update Guide](https://msrc.microsoft.com/update-guide/) (filter on Exchange Server under Product Family).<br>**Awareness: Outlook client update for CVE-2023-23397 released**<br>There is a critical security update for Microsoft Outlook for Windows that is required to address [CVE-2023-23397](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397). To address this CVE, **you must install the Outlook security update, regardless of where your mail is hosted (e.g., Exchange Online, Exchange Server, some other platform).** | **Please check [this page](https://aka.ms/OLKCVEFAQ) for FAQs about the [Outlook CVE-2023-23397](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397)**
3/14/2023|[February 2023 Security Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-february-2023-exchange-server-security-updates/ba-p/3741058) for Exchange 2016, Exchange 2019, Exchange 2013 | After installing February 2023 security update, customers are seeing EWS application pool crash with Event ID 4999 with following error <BR><BR> E12IIS, c-RTL-AMD64, 15.01.2507.021, w3wp#MSExchangeServicesAppPool, M.Exchange.Diagnostics, M.E.D.ChainedSerializationBinder.EnforceBlockReason, M.E.Diagnostics.BlockedDeserializeTypeException, 437c-dumptidset, 15.01.2507.021. <BR><BR> The issue is causing connectivity issues to EWS based clients (Outlook for Mac) | **Update on 3/14/2023** <BR> The issue is fixed in [March 2023 security update for Exchange servers](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2023-exchange-server-security-updates/ba-p/3764224) <BR> Please follow the steps in [this KB](https://support.microsoft.com/help/5024257)
3/14/2023|[February 2023 Security Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-february-2023-exchange-server-security-updates/ba-p/3741058) for Exchange 2016, Exchange 2019, Exchange 2013 | Some customers are reporting issues with Outlook/OWA add-ins, like add-in not listing in EAC or with the Get-App command. Additionally, they may notice EWS application pool crash with Event ID 4999 in the application log of the Exchange server. | **Update on 3/14/2023** <BR> The issue is fixed in [March 2023 security update for Exchange servers](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2023-exchange-server-security-updates/ba-p/3764224)
3/14/2023|[January 2023 Security Update](https://www.microsoft.com/en-us/download/details.aspx?id=104914) for Exchange 2016, Exchange 2019 |The Exchange toolbox may start crashing on launch after [certificate Serialization for PowerShell](https://aka.ms/HC-SerializedDataSigning) is enabled. The error noticed is "Deserialization fails: System.Reflection.TargetInvocationException". <BR><BR> The issue happens only on Exchange 2016 and Exchange 2019| **Update on 3/14/2023** <BR> The issue is fixed in [March 2023 security update for Exchange servers](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2023-exchange-server-security-updates/ba-p/3764224)
Expand Down