SuperTekBoy

Practical Help for Exchange & Office 365

Exchange

Add external sender disclaimer in Office 365

By 36 Comments

Share
Tweet
Share

UPDATE 8/2/23: Another way to accomplish this is to enable the built-in external tags now supported by M365 Apps (Build 2211 and greater), Outlook on the Web, and Outlook Mobile. Note that this external tag will not work in older versions of Outlook or M365 Apps (prior to build 2211), so you may still need the original solution listed in this article.

If you are on M365 Apps, you can connect to Exchange Online PowerShell and run the following command: Set-ExternalInOutlook -Enabled $true

For more information, check Microsoft’s article Native external sender callouts on email in Outlook

Adding an external sender notification to the top of an email is an important distinction for many companies. This disclaimer quickly identifies its end users when a message is sourced from an external sender. This eliminates the guesswork for internal users, helping them to identify potential phishing attacks, but also a great reminder when it comes to data loss prevention as they reply.

Companies approach this disclaimer in many different ways. Two common examples are a disclaimer prepended at the top of the email or adding a keyword in the message subject.

Thankfully, adding this is a simple process in Office 365 (and also Exchange on-premises – the instructions are identical).

For this article, our example company, Time Travel Research, wishes that all inbound email from external senders is prepended with a disclaimer stating the sender is external to the organization. Time Travel Research wants to ensure that every instance of an external email, even those in the same email chain, is prepended with this disclaimer.

Let’s get started!

Add an external sender disclaimer to all inbound email

Log in to the Exchange Admin Center. Once logged in, navigate to Mail Flow >> Rules. Click the New (Excchange 2016 New) button.

From the drop-down menu, you will notice several choices. These choices are predefined rule templates. We will create a rule from scratch. Select Create a new rule.

Create a new transport rule in Office 365
[Read more…] about Add external sender disclaimer in Office 365

Exchange December 2019 Updates

By 2 Comments

Share
Tweet
Share
Exchange 2016 Cumulative Update 15

This week was a big week for Exchange. Microsoft released its fourth cumulative update for Exchange 2019 as well as a cumulative update for Exchange 2016. At the time of writing, there is no cumulative update for Exchange 2013.

As always, test these updates in a lab first! I recommend checking out this 7-part guide on configuring Exchange in your lab. It doesn’t take much to get one going.

The updates are as follows:

Exchange Logo Mini

Exchange 2019 Cumulative Update 4 (VLSC)| KB4522149

Exchange 2013 Cumulative Update 9

Exchange 2016 Cumulative Update 15 | KB4522150 | UM Language Pack

Exchange 2010 support extended

Back in September, the Exchange Team announced that is was extending support for Exchange 2010 by nine months. Exchange 2010 now shares the same end-of-life date as Office 2010 and SharePoint 2010, which is October 13th, 2020.

While this extension allows for a little more breathing room, it does not extend support for Windows Server 2008 R2, which is the underlying operating system for many Exchange 2010 installations. Server 2008 R2 will still go end of life on January 14th, 2020.

The Exchange Team has provided this extension to allow companies more time to migrate to a newer email platform, such as Office 365, or, Exchange 2016.

Unfortunately, there is no direct path to Exchange 2019 from 2010. If you do plan to stay on-prem, you will need to migrate to either 2013 or 2016 (I’d recommend 2016 as 2013 is now in extended support). From there you can migrate to 2019.

For more information on migrating from Exchange 2010 to 2016, check out this recent blog article from the Exchange Team: Exchange On-Premises Best Practices for Migrations from 2010 to 2016

So, what’s new in these Cumulative Updates?

In this series of cumulative updates, Microsoft has resolved a number of security and non-security issues. You can read more about those in KBs 4522149 and 4522150.

Most notably this fixes an issue I had run into myself in both Exchange 2016 CU13 and CU14. The issue was after running the Hybrid Configuration Wizard you could no longer modify the Outbound to Office 365 send connector if your source servers were Edge Transport servers.

Attempting any modifications to the send connector would result in the errors: Error 0x5 (Access is denied) from cli_GetCertificate or Error 0x6ba (The RPC server is unavailable) from cli_GetCertificate. This error was caused because the Exchange organization was attempting to access the certificates on the Edge Transport servers. I can confirm CU15 resolved this error for me.

Error 0x5 Access is denied from cli_GetCertificate Exchange 2016 Edge Transport

Note: Error 0x5 (Access is denied) from cli_GetCertificate was also reported in Exchange 2019 CU2 and CU3. It has been resolved in CU4.

[Read more…] about Exchange December 2019 Updates

Missing Address Lists in Exchange

By Leave a Comment

Share
Tweet
Share

Ran into a strange issue recently where all the default address lists were missing in Exchange. Running a Get-AddressList in the Exchange Management Shell returned zero results. The address lists were also absent in the Exchange Admin Center as well.

When we attempted to recreate the missing address lists using the same name (for example, “All Users”) we received an error that the address list already existed.

 C:\> New-AddressList "All Users" -Included Recipients MailboxUsers
Active Directory operation failed on dc1.skaro.local. The object 'CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=SKARO,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=skaro,DC=local' already exists.
+CategoryInfo : Not specified (0:Int32) [New-AddressList], ADObjectAlreadyExistsException

If we attempted to modify this address list (or remove it) it reported it could not be found.

 C:\> Set-AddressList "All Users" -Included Recipients MailboxUsers
The operation couldn't be performed because object 'All Users' couldn't be found on 'dc1.skaro.local'.

Similarly, if we tried to create a brand new address list that we knew never existed in the environment previously this also failed.

 C:\> New-AddressList "Brand New List" -Included Recipients MailboxUsers
The operation couldn't be performed because object 'CN=Brand New List,CN=All Address Lists,CN=Address Lists Container,CN=SKARO,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=skaro,DC=local' couldn't be found on 'dc1.skaro.local'.

These address lists were also missing when we used ADSI Edit to examine the Address Lists Container.

ADSI Edit Address List Container Empty
[Read more…] about Missing Address Lists in Exchange

MSExchangeFrontEndTransport – The address is already in use

By 3 Comments

Share
Tweet
Share

I recently ran into an issue where the Microsoft Exchange FrontEnd Transport service refused to stay started. As a result, no external mail was being delivered to the Exchange server.

From the Services app, I could start the service, but it would stop within a couple of seconds.

MSExchangeFrontEndTransport starts and then stops

When reviewing the Application logs in the Event Viewer I ran into a few separate errors with a source of MSExchangeFrontEndTransport. The first error was merely a symptom of a broken Front End Transport and not the root cause. We ignored this one and moved on.

Inbound direct trust authentication failed for certificate %1. The source IP address of the server that tried to authenticate to Microsoft Exchange is [%2]. Make sure EdgeSync is running properly.
MSExchangeFrontEndTransport 1036 Application

The second error gave us the clue we needed. This error indicated something else was already listening to port 25.

The address is already in use. Binding: 0.0.0.0:25.
[Read more…] about MSExchangeFrontEndTransport – The address is already in use

Error ‘MSExchangeHM failed to stop’ when installing Exchange updates

By Leave a Comment

Share
Tweet
Share

When installing an Exchange update you may run into the error; Service: MSExchangeHM failed to stop.

Exchange 2019 CU1 MSExchangeHM Failed to Stop
[ERROR] The following error was generated when "$error.Clear(); 
& $RoleBinPath\ServiceControl.ps1 -Operation:DisableServices -Roles
($RoleRoles.Replace('Role','').Split(',')) -SetupScriptsDirectory:$RoleBinPath;
& $RoleBinPath\ServiceControl.ps1 -Operation:Stop -Roles:
($RoleRoles.Replace('Role','').Split(',')) -IsDatacenter:([bool]$RoleIsDatacenter)" was run:
"Microsoft.Exchange.Configuration.Tasks.ServiceStopFailureException: 
 Service 'MSExchangeHM' failed to stop due to error:'Cannot stop MSExchangeHM service on computer '.'.'. 
---> System.InvalidOperationException:  Cannot stop MSExchangeHM service on computer  '.'. 
---> System.ComponentModel.Win32Exception:  The service has not been started   
    --- End of inner exception stack trace ---
    at System.ServiceProcess.ServiceController.Stop()

The MSExchangeHM service is part of the Managed Availability feature in Exchange. Managed Availability performs monitoring and self-healing to ensure Exchange stays up and running. This is a service you want to ensure stays running during normal operation, but in this particular scenario, we need to terminate the service so our cumulative update can complete.

[Read more…] about Error ‘MSExchangeHM failed to stop’ when installing Exchange updates

Exchange September 2019 Updates

By Leave a Comment

Share
Tweet
Share
Exchange 2019 Cumulative Update 3

This week was a big week for Exchange. Microsoft released its third cumulative update for Exchange 2019 as well as a cumulative update for Exchange 2016. At the time of writing, there is no cumulative update for Exchange 2013.

As always, test these updates in a lab first! I recommend checking out this 7-part guide on configuring Exchange in your lab. It doesn’t take much to get one going.

The updates are as follows:

Exchange Logo Mini

Exchange 2019 Cumulative Update 3 (VLSC)| KB4514141

Exchange 2013 Cumulative Update 9

Exchange 2016 Cumulative Update 14 | KB4514140 | UM Language Pack

Exchange 2010 Mini

Exchange 2010 SP3 Rollup 29 | KB4509410 (Released in July)

Exchange 2010 support extended

In a recent blog post, the Exchange Team announced that is was extending support for Exchange 2010 by nine months. Exchange 2010 now shares the same end-of-life date as Office 2010 and SharePoint 2010, which is October 13th, 2020.

While this extension allows for a little more breathing room, it does not extend support for Windows Server 2008 R2, which is the underlying operating system for many Exchange 2010 installations. Server 2008 R2 will still go end of life on January 14th, 2020.

The Exchange Team has provided this extension to allow companies more time to migrate to a newer email platform, such as Office 365, or, Exchange 2016.

Unfortunately, there is no direct path to Exchange 2019 from 2010. If you do plan to stay on-prem, you will need to migrate to either 2013 or 2016 (I’d recommend 2016 as 2013 is now in extended support). From there you can migrate to 2019.

For more information on migrating from Exchange 2010 to 2016, check out this recent blog article from the Exchange Team: Exchange On-Premises Best Practices for Migrations from 2010 to 2016

So, what’s new in these Cumulative Updates?

In this series of cumulative updates, Microsoft has resolved a number of security and non-security issues. You can read more about those in KBs 4514141 and 4514140. In addition, this set of cumulative updates addresses changes to daylight savings.

[Read more…] about Exchange September 2019 Updates