Blog Post

Exchange Team Blog
6 MIN READ

Released: July 2021 Exchange Server Security Updates

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Jul 13, 2021
Microsoft has released security updates for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 All versions (Cumulative Update levels) are impacted. ...
Updated Aug 05, 2021
Version 15.0
announcements
Exchange 2013
exchange 2016
exchange 2019
security
setup
MassimoPascucci's avatar
MassimoPascucci
Copper Contributor
Jul 27, 2021

Hello The_Exchange_Team, the problem with OWA/ECP just happened today to me on a freshly-built Exchange 2016 CU21 server; as described, the problem was fixed (after several hours) by regenerating the Microsoft Exchange Server Auth Certificate.

 

However, the existing certificate was definitely not missing or expired, having been created by the Exchange installer a couple hours before applying the July security update.

 

The only possible reason I could find for this is, the Exchange installer created the Auth Certificate using SHA1; when I regenerated it, SHA256 was used; this is the only difference I could find between the two certificates.

 

So, it looks like the problem can happen even if the Auth Certificate is present and very much not expired; the Exchange installer should definitely be fixed to generate a certificate that will remain usable after applying the July security update.