Back in September 2021, we released Exchange Server updates that contain the Exchange Emergency Mitigation Service (EEMS). The EEMS service on your Exchange Servers connects to Office Configuration Service (OCS) to read the current state of mitigations.
While we did not need to release any mitigations recently, we wanted to let you know of future change:
One of older certificate types in OCS is getting deprecated. A new certificate has already been deployed in OCS, and any server that is updated to any Exchange Server Cumulative Update (CU) or Security Update (SU) newer than March 2023 will continue to be able to check for new EEMS mitigations.
Impact
The EEMS running Exchange versions older than March 2023 is not able to contact OCS to check for and download new mitigation definitions. You might see an event like the following event logged in the Application log of the server:
Error, MSExchange Mitigation Service
Event ID: 1008
An unexpected exception occurred.
Diagnostic information: Exception encountered while fetching mitigations.
Additionally:
- The following will be logged to the EEMS log: FetchMitigation,S:LogLevel=Warning;S:Message=Connection attempted against untrusted endpoint
- Running the $exscripts\Get-Mitigations.ps1 script will fail with: WARNING: Connection with Mitigation Endpoint was not successful. To enable connectivity please refer: https://aka.ms/HelpConnectivityEEMS
Action required
If your servers are so much out of date, please update your servers ASAP to secure your email workload and re-enable your Exchange server to check for EEMS rules. It is important to always keep your servers up to date. Running Exchange Server Health Checker will always tell you what you need to do!
The Exchange Team
