Blog Post

Exchange Team Blog
6 MIN READ

Released: July 2021 Exchange Server Security Updates

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Jul 13, 2021
Microsoft has released security updates for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 All versions (Cumulative Update levels) are impacted. ...
Updated Aug 05, 2021
Version 15.0
announcements
Exchange 2013
exchange 2016
exchange 2019
security
setup
JG's avatar
JG
Copper Contributor
Jul 15, 2021

I'm running Exchange Server 2013. Ran the updates last night. All seemed to go well until some users reported the OWA issue but renewing the certificate resolved that.

 

When I run the HealthChecker it tells me:

 

Security Vulnerabilities	CVE-2021-34470 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-34470 for more information.

 So did some digging and found the bit about have to also to the PrepareSchema.

 

 

When I try to run Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms  (per the instructions in the article) I get the following error messages:

 

Microsoft Exchange Server 2013 Cumulative Update 23 Unattended Setup

Performing Microsoft Exchange Server Prerequisite Check

Prerequisite Analysis FAILED
The Active Directory schema isn't up-to-date, and this user account isn't a member of the 'Schema Admins' and/or 'Enterprise Admins' groups.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.SchemaUpdateRequired.aspx

I have tried doing it as the domain admin at an elevated command prompt.

 

 

 

Setup encountered a problem while validating the state of Active Directory:
The Active Directory schema version (15317) is higher than Setup's version (15312). Therefore, PrepareSchema can't be executed. See the Exchange setup log for more information on this error.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx

Does that mean I'm patched because the schema version is higher than necessary? We have two Server 2016 domain controllers and two Server 2012 R2 domain controllers

 

 

 

The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx

Triple checked this. Domain functional level is at: Windows Server 2012 R2 and Forest functional level is at Windows Server 2008 R2

 

 

 

Either Active Directory doesn't exist, or it can't be contacted.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.CannotAccessAD.aspx

It exists, and I would guess it can be contact otherwise why would I be getting the error message about the schema being to high already?