Released: July 2021 Exchange Server Security Updates

Published Jul 13 2021 10:32 AM 168K Views

Microsoft has released security updates for vulnerabilities found in:

  • Exchange Server 2013
  • Exchange Server 2016
  • Exchange Server 2019

All versions (Cumulative Update levels) are impacted. Updates are available for the following specific builds of Exchange Server:

IMPORTANT: If manually installing security updates, you must install .msp from elevated command prompt (see Known Issues in update KB article).

  • Exchange Server 2013 CU23
  • Exchange Server 2016 CU20 and CU21
  • Exchange Server 2019 CU9 and CU10

The July 2021 security updates for Exchange Server address vulnerabilities responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately to protect your environment.

These vulnerabilities affect on-premises Microsoft Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange Online customers are already protected and do not need to take any action.

More details about specific CVEs can be found in Security Update Guide (filter on Exchange Server under Product Family).

Latest /PrepareSchema needed for full effect

Because of additional security hardening work for CVE-2021-34470, the following actions should be taken in addition to application of July 2021 security updates:

The latest version of Exchange installed

Additional steps needed to extend AD schema

Exchange 2016 CU21 or
Exchange 2019 CU10

Nothing; schema was extended during installation of June 2021 CUs.

Exchange 2016 CU20 or
Exchange 2019 CU9

Extend the schema using June 2021 CUs.

Exchange 2013 CU23

- Install July 2021 Security Update for Exchange 2013

- Extend the Active Directory schema using the elevated Command prompt. Command will be similar to the following:

“Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms” using the setup.exe from location “c:\Program Files\Microsoft\Exchange Server\V15\Bin\setup.exe” (use the folder for the installation location of your Exchange server)

NOTES:

- For Exchange 2013 only, schema version will not change after this.

- In case of Schema Master existing in an empty root domain, consider installing Exchange CU23 Management Tools on Windows 2012 R2 in the same domain, installing July SU and then running \prepareschema from that workstation.

Older versions of Exchange (earlier than 2013)

 

Or

 

Exchange no longer installed in the forest

How to update AD schema to address CVE-2021-34470 if Exchange is very old or no longer installed

Known issues in July 2021 security updates

During the release of April 2021 SUs, we received some reports of issues after installation. The following issues reported for April 2021 SUs also apply to July SUs and have the following workarounds:

  • Administrator/Service accounts ending in ‘$’ cannot use the Exchange Management Shell or access ECP. The only workaround at this time is to rename Admin accounts or use accounts with no ‘$’ at the end of the name.
  • Some cross-forest Free/Busy relationships based on Availability address space can stop working (depending on how authentication was configured) with the error: “The remote server returned an error: (400) Bad Request.” Please see this KB article for how to solve this problem.
  • Cmdlets executed against the Exchange Management Console using an invoked runspace might fail with the following error message: The syntax is not supported by this runspace. This can occur if the runspace is in no-language mode. Please see this KB article for more information.
  • Installing June 2021 Cumulative Updates for Exchange 2016 or 2019 might fail with the error: 

    System.NullReferenceException: Object reference not set to an instance of an object. Please see this KB article for resolution.

  • Starting with July 2021 updates, users might be redirected back to the login page when using OWA/ECP if organization uses Load Balancing. You should avoid running mixed pools (servers with the latest SU applied together with servers which have not yet received the update). Please see this KB article for more information.
  • Prior to installing the Security Update (SU), we recommend you check if a valid Microsoft Exchange Server Auth Certificate is present on every Exchange server (except Edge Transport servers). The easiest way to do this is to run the Exchange Health Checker and check for the Auth Certificate output:

July2021SUs03.jpg

You can also run the following PowerShell command to check if the Auth Certificate is available on your system:

Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint

If there is no Auth Certificate or it has expired, then follow the steps outlined here to configure it correctly.

Please note: In some environments, it may take an hour for the OAuth certificate to be published. If you have a hybrid setup, you have to run the Hybrid Configuration Wizard again to update the changes to Azure Active Directory (Azure AD). If this certificate is missing or is expired, users may face issues logging in to OWA/ECP with HTTP 500 error after application of July updates. KB article is here.

Update installation

Because of the recommended schema update requiring the latest set of June 2021 CUs, there are several scenarios that you might need to follow:

July2021SUs02.jpg

Inventory your Exchange Servers / determine which updates are needed

Use the Exchange Server Health Checker script (use the latest release) to inventory your servers. Running this script will tell you if any of your Exchange Servers are behind on updates (CUs and SUs).

Update to the latest Cumulative Update

Go to https://aka.ms/ExchangeUpdateWizard and choose your currently running CU and your target CU. Then click the “Tell me the steps” button, to get directions for your environment.

If you encounter errors during or after installation of Exchange Server updates

If you encounter errors during installation, see the SetupAssist script. If something does not work properly after updates, see Repair failed installations of Exchange Cumulative and Security updates.

FAQs

My organization is in Hybrid mode with Exchange Online. Do I need to do anything?
While Exchange Online customers are already protected, the July 2021 security updates do need to be applied to your on-premises Exchange Servers, even if they are used only for management purposes. You do not need to re-run the Hybrid Configuration Wizard (HCW) after applying updates.

Do I need to install the updates on ‘Exchange Management Tools only’ workstations?
Servers or workstations running only Microsoft Exchange Management Tools (no Exchange services) do not need to apply these updates.

Instructions seem to indicate that for Exchange 2013, we should extend the schema after July 2021 SU is installed; is that correct?
Yes. Because we did not release an Exchange 2013 Cumulative Update (CU) that contains the new schema updates, the July 2021 SU package updates the schema files in Exchange server folders when July 2021 SU is installed. That is why once those files are updated (SU is installed) – we ask you to go and explicitly update the schema using setup from \v15\Bin folder.

We have Exchange 2016 CU20 and 2019 CU9 servers and have installed July 2021 security updates but did not run /PrepareSchema using June 2021 CUs first. Is this a problem?
No. Extension of AD schema using June 2021 CU is really a separate step that should be taken to address a specific CVE. There is no dependency in July 2021 SUs on this schema change, or vice versa. Just make sure that both of those actions are taken; order is not important.

Updates to this post:

  • 8/5: Added a link to How to update AD schema to address CVE-2021-34470 if Exchange is very old or no longer installed
  • 7/20: Merged "Installation tips" section into "Known issues" section and provided additional detail and links
  • 7/19: Added a note about updating servers in a Load Balancing (LB) pool
  • 7/15: Added a clarification that all CU levels of Exchange are impacted; we only release security updates for latest CUs only. Please see this for more information on update cadence.
  • 7/15: Added a note about how to extend schema in a root domain with no Exchange servers.
  • 7/15: Added a note that schema version does not change after schema extension if Exchange 2013 Server is the latest version in the org.
  • 7/15: Added the installation tips section and moved the info about OWA/ECP errors there.
  • 7/14: Added a note about what to do if OWA/ECP with HTTP 500 error is seen after application of SUs.
  • 7/13: Clarified the graphics to illustrate that Exchange Server 2016 CU20 and Exchange Server 2019 CU9 with July SUs are not 'fully' updated (because we released June CUs for both versions).

The Exchange Team

197 Comments
Regular Visitor

We have Exchange 2016 CU20 servers and have installed July 2021 security updates but did not yet run /PrepareSchema using June 2021 CUs first.

 

Question1: can we update the schema only but otherwise not install CU21? Is this supported?

 

Question2: I’ve seen some different paths referenced to setup.exe - if we do only apply the CU21 schema update, am I correct the setup.exe to be used is the one in the CU’s mounted ISO?

Regular Visitor

Just to add some variety to the comments. 

 

I just successfully upgraded (1) of our (6) Exchange 2019 Server Core DAG members to CU10 (previously CU8) along with KB5004780.

 

(2) of the (6) servers host passive copies of the databases and sit in a separate datacenter. (1) of these servers were used to test these updates.

 

All Exchange services sit behind a NLB (Network Load-Balancer).

 

My process went as follows:

 

  1. Ran HealthChecker.ps1 on server, prior to ugprade, and confirmed OAuth cetificate existed and was not expired
  2. Attached CU10 .iso to Domain Controller in Primary AD site. (Site with Domain Controller holding FSMO roles)
  3. Assigned AD account to the "EnterpriseAdmin" and "SchemaAdmin" groups. 
  4. Ran the following command from an elevated command prompt using and AD account with the above group memberships:
    1. D:\Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
  5. Allowed replication to replicate changes over night.
  6. Disabled server being updated in NLB.
  7. Placed server into maintenance mode.
  8. Rebooted server
  9. Ran the following command from an elevated command prompt using the same AD account as above:
    1. D:\Setup.exe /IAcceptExchangeServerLicenseTerms /Mode:Upgrade /DomainController:<FQDN of DC in site where server being upgraded sits>
  10. Rebooted server after CU installed.
  11. Installed July Windows Updates
  12. Rebooted server
  13. Installed KB5004780 by issuing the following command from an elevated command prompt under the same AD account as above:
    1. C:\msiexec.exe /p Exchange2019-KB5004780-x64-en.msp /qb
  14. Rebooted server
  15. Took server out of maintenance mode
  16. Enabled server in NLB.
  17. Disabled secondary Exchange server in NLB and tested access to updated Exchange server through the VIP on NLB.
    1. Ex: 192.168.1.1/owa
  18. Confirmed OWA loaded and verified connection to patched server was shown in statistics on NLB.
  19. Complete.
Occasional Visitor

 

@The_Exchange_Team @Nino Bilic @Yeroen1966 

 

I am seeing the same thing Yeroen1966 is with the schema update. The .msp patch file pulled down through Windows Update contains the newer LDF files but it only extracted the files named:

 

PostExchange2000_schema99.ldf

PostExchange2003_schema99.ldf

PostWindows2003_schema99.ldf

schema99.ldf

 

These ldf files did not get extracted and loaded:

schemaadam.ldf

SchemaVersion.ldf

So it appears only part of the schema got updated. The HealthChecker.ps1 script also doesn't seem to check all parts of the schema so it gives a false positive of it being patched? Schema version stays at 15312 because of the two missed files.

 

So do we manually load the two missing files??

 

Edit:  Just saw the note added about the schema version not updating if you were already on CU23 and applied the July patch. 

Regular Visitor

Re-Post with updates:

We have Exchange 2016 CU20 servers and have installed July 2021 security updates but did not yet run /PrepareSchema using June 2021 CU21 yet.

Question1: Can we update the schema only but otherwise not install CU21? Is this supported?

Question2: I’ve seen some different paths referenced to setup.exe for the schema update - if we do only apply the CU21 schema update, am I correct the setup.exe to be used is the one in CU21's mounted ISO?

Question3: Assuming it is supported to only update the schema for a 2016CU20 server with the July 2021 SU's installed - is it only /PrepareSchema that is required? (ie we don't have to run /PrepareAD or /PrepareDomain until we are ready to actually install CU21)

Microsoft

@wazcal Yes (it is supported), Yes (run it from CU21) and Yes (only /prepareschema)

Occasional Visitor

I have noticed the link to the July Patch Article in the Security Update Guide goes to the April 2021 patch (5001779) and not the July 2021 (5004779) patch for all versions except Exchange 2016 CU21 and Exchange 2019 CU10. I had downloaded the .msp file for the April patch and was ready to install tonight but just happened to notice that it was the April patch and not the July patch. 

 

@Nino Bilic Can you please get the right links on the Security Update Guide? Unless I'm missing something?

 

Thanks!

 

SSemanco_1-1626381600051.png

 

 

 

 

Microsoft

@SSemanco the links are correct... but I understand why this is a bit confusing (it is basically a documentation issue). I addressed this question on Page 1 in comments, this should take you straight there:

Released: July 2021 Exchange Server Security Updates - Microsoft Tech Community

Senior Member

I am running Server 2019 Core and Exchange 2019 CU8.  I installed CU10 and all seemed to go well.  I tried to install the SU and see no indication it actually installed.  I am running powershell as administrator.  I tried running just the name of the file and it went through the GUI and said it finished.  I rebooted but running wmic qfe list does not show it listed as installed.  So I ran the file with /qn switch and after a long time the server rebooted itself.  wnic qfe still does not show it installed.  Any clues to how to get it installed and how to verify it is installed?  I did try the healthchecker script links in the previous posts but running it on my other box in the cluster it reports all up to date even though I have not even run CU10 in it yet, so I don't trust that script.

Thanks

Microsoft

@david812 just use the Health Checker script with the -server parameter and pass the server name. Make sure to use the latest release (aka.ms/ExchangeHealthChecker)

You can also run Get-Command Exsetup.exe | ForEach {$_.FileVersionInfo} locally. Build should be 15.2.922.13 for E19 CU10 + July 2021 SU.

Senior Member

Ok.  the " Get-Command Exsetup.exe | ForEach {$_.FileVersionInfo} " showed the correct version.

Thank you very much for your accurate and very quick reply!!!

Senior Member

What is the current version of the healthchecker script?

Thank you

Regular Visitor

@Nino Bilic  unfortuntately its 10 hours now and even though the new auth cert seems to be found when i run 

 

Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint 

 

The error still is present on all servers after doing iis reset etc and steps in article 

 

I applied update through normal windows update thus not needing the elevated prompt which is how i have run all security updates

 

There seems to more to this issue than doing just the fix above so think it really needs some extra investigation due to the volume of people still reporting it - ill have to raise a support case to hopefully help with the issue as i have only found uninstalling the update fixes the issue

Senior Member

For multiple Exchange servers, should I install the July SU on ALL Exchange 2013 servers first, then update schema at last? 

And both expired and valid Microsoft Exchange Server Auth Certificate on some of CAS servers, can I just remove expired one ? 

Thanks. 

Microsoft

 

@david812 The latest version is: 21.07.13.1221. You will get the latest version using this link: https://aka.ms/ExchangeHealthChecker . The script has an auto-update function. If you run it on a computer with internet access and the version to be used is not current, the script performs an update.

 

@AADSI the Health Checker does not check the schema version. We perform testings if the changes that have come with the schema update have been applied.

 

@fw888888 Make sure to update the Auth certificate (as outlined here: https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oa...). Wait some time until the deployment of the new Auth certificate is completed. Run the Health Checker (https://aka.ms/ExchangeHealthChecker) against every server and check the Auth certificate (see: Installation Tips section of the blog post). Deploy / install the July 2021 Security Update (SU) and then run the PrepareSchema.

 

Senior Member

@Lukas Sassl and @Joshua Davis 

 

It looks like after patching the second node and extending AD Schema, login to ECP and OWA works as before.

Thank you.

Frequent Visitor

@Lukas Sassl 

 

Can I extend the AD schema if my domain controllers are Windows Server 2008R2?

MI Exchange 2013 CU23 on windows server 2012r2

Microsoft
Occasional Visitor

@sasger thank you so much, it worked for me

Occasional Contributor

@Nino BilicGreat Success ;)
it worked great, thanks for your hint.
One more thing we stumbled upon was that with a fresh set up Server 2012R2 you have to install .net 4.8 and also  C++ Redist 2012 Update 4 https://www.microsoft.com/en-US/download/details.aspx?id=30679 else i would get errors like "Could not load file or assembly 'Microsoft.Exchange.CabUtility.dll' or one of its dependencies. The specified module could not be found."

Senior Member

Hello everybody.

Does anyone have an idea, what should be the path for Schema Update in our configuration?

 

Exchange 2013 CU23 - June2021 SU

We are running Hybrid scenario with EXO/O365

Because there is a plan to upgrade and migrate to Exchange 2019, schema was already updated by Exchange 2019 CU9 binaries - rangeUpper 17002 (yea, I know latest is CU10).

But only schema was updated, there is none Exchange 2019 server yet.

 

So that we will go with installing July 2021 SU for exchange 2013 CU23. but then what? I guess we should not run schema update from current Exch2013, or am I wrong? I'm really confused here. Does it mean that we need to install the first Exchange 2019 in order to be fully safe?

 

Thank you

urbandan

Occasional Visitor

Good afternoon,

 

We're running Exchange Server 2016 CU 20 on -prem and I've just run the setup command from the CU21 .iso to extend the Active Directory schema.  Installation reported that the extension had completed successfully but when I check the object versions referred to in Prepare Active Directory and domains for Exchange Server, Active Directory Exchange Server, Exchange... only the value for the rangeUpper column has changed (to 15334) .  The values for objectVersion (default) and objectVersion (Configuration) remain at their CU20 values (13240 and 16220 respectively).

 

Is this expected behavior ?

 

Regards,

 

Scott

Frequent Visitor

I am running CU20 with July2021 SecurityUpdates. As I have read, I now have to update the Schema with CU21.

Is it sufficient to only run this command: Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

 

or do I have to run all of the 3 commands?

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
Setup.exe /PrepareAD /OrganizationName:"ExchangeOrganisationName" /IAcceptExchangeServerLicenseTerms
Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms
 
Sorry for asking, but I have never installed CUs using the command line...
After schema update (to schema of CU21) is it safe to stay on CU20 for a while? We don't have the time at the moment to test CU21 in detail.
Regular Visitor

Hi,


Question:

If i directly install Exchange 2016 CU21 doing prepare Schema as part of an exchange 2010 to 2016 upgrade, i this enough ?

Thanks.

Microsoft

@gjrodrigo Yes!

Microsoft

@Duncan1528 Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms is what you need and yes, it is safe to run like this until you update to next CU.

@sbeane66 Yes, this is expected because you just ran /prepareschema and schema update, therefore, got increased

@urbandan If you already extended the schema using Exchange 2019 binaries, then all that you should do is extend the schema using the latest Exchange 2019 CU (CU10)

Senior Member

@Nino Bilic: thx a lot. Actually when I think about it, it makes sense. Let's do that

  1. install the July 2021 SU to Exchange 2013 servers and then
  2. execute "Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms" from Exchange 2019 CU10 binaries
Senior Member

Thanks for the great blog and comments.

 

I am planning to install this update this week, I have found that we have an expired OAuth certificate. Not sure what it is used for, but as it has been expired for 2 years already I assume that it was not really necessary. I do not want to end up in the OWA/ECP error 500, so I was wondering if it would be a good idea to Publish a new certificate first and then start the update. Or will it conflict / stop publishing when I start the update directly after the publish commands?

 

My plan for a standalone Exchange 2013:

1. Publish new certificate and restart AppPools & IIS.

2. Wait about 15 minutes.

3. Run Windows Update to install KB5004778

4. Run the Schema Update

 

Does this make any sense?

Microsoft

@Kokkie deployment of a new Auth certificate takes a couple of hours. So, you should give the deployment process some time. 

I'd recommend replacing the certificate as outlined here: https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oa... After that, wait a couple of hours (if you have the time, just kick of the process to replace the certificate a day before installing the update). Then install the Security Update and run the PrepareSchema command.

Occasional Visitor

I have followed all the steps in the various MS discussions on this to no avail - OWA/ECP remains broken on my 2013 Server. I extended the schema, I deleted and re-issued the auth cert (which was still valid) and even cleared out the Canary Data. I waited for 24 Hours. Rebooted etc etc. The big question is: after extending the schema as required can I still safely uninstall KB5004778?

Microsoft

@DesertSweeper what issue do you see? The HMACProvider.GetCertificates:protectionCertificates.Length<1 or Session expired?

Occasional Visitor

@Lukas SasslI get The HMACProvider.GetCertificates:protectionCertificates.Length<1 in Event Viewer

Visitor

We have three environments, where Exchange Server 2016 CU19 is running with installed security updates from March, April and May. To install the July security updates, we need to go to a more current CU. CU21 is currently not an option, since we faced performance degradation issues with AMSI in our test environment. So we plan to install CU20 on top of CU19 for now.

 

Could someone clarify the following: When we install CU20, do we need to install Apr21SU and May21SU prior to Jul21SU? Or does the Jul21SU already contain the other two?

 

Thanks for your advice!

Microsoft

@mfacen You don't need to install the other Security Updates for CU20. Just install the July 2021 SU. You should also run /PrepareSchema from CU21.

 

@DesertSweeper I've dropped you a PM.

Occasional Visitor

@Lukas SasslI see in the log file of the health checker:

 

MAPI Front End App Pool GC Mode: Workstation --- Error
To Fix this issue go into the file MSExchangeMapiFrontEndAppPool_CLRConfig.config in the Exchange Bin directory and change the GCServer to true and recycle the MAPI Front End App Pool

 

Is the resolution?

Occasional Visitor

I changed the MSExchangeMapiFrontEndAppPool_CLRConfig.config config (bin directory) from false to true and recycled the mapi-front-end-pool and it works. Thank you so much for your patience

Senior Member

@Lukas Sassl 

Thanks!

 

Last question. If OWA/ECP breaks, will Outlook / iPhone mail / SMTP transport still work? I have no users using OWA and I can do without ECP while fixing any issue.

 

Occasional Visitor

@Kokkieit only affects the web-services. Everything else continues to run fine

Senior Member

@DesertSweeper 

Thanks, that makes it a low risk for me if it breaks.

New Contributor
@david812 Running wmic qfe, or running get-hotfix or looking for updates in WAC when looking for installed Exchange hotfixes on a Windows 2019 Core server does not work and will logically lead people to think that the hotfix is not installed. This is not a problem with other Windows Server security hotfixes - only with Exchange hotfixes.
This is an issue for administrators, installers, auditors etc.  Its been reported many times without any response other than "run Healthchecker" which is a waste of time  when you or someone auditing the system who knows nothing about Exchange and its idiosyncrasies just needs a simple answer as to whether a particular hotfix has been installed or not.    

 

Occasional Visitor

On Exchange 2013

installed CU23,

OWA became inaccessible, replaced the certificate, OWA becomes accessible... but...

noticed that exchange will not send out email

discovered this article that mentions the schema update.  did that.

exchange will not send e-mail outbound. Any new email composed in OWA gets moved to draft and not sent.

Multiple reboots, iisrestarts, service restarts.... nothing 

So right now, the main issue is that we can't send email. We think we are seeing 401 errors in the logs (for example):
POST /ews/exchange.asmx - 444 - 192.168.1.88 ExchangeInternalEwsClient-EwsStoreDataProvider+(ExchangeServicesClient/15.00.1497.000) - 401
Any suggestions?

Senior Member

As others have stated the login loop issue with servers behind a load balancer appears to be corrected once you apply the July 2021 Security Patch to all servers in the load balancer.  This morning I have tested this again and now I have both of our servers running Exchange 2016 CU21 with the July Security Patch.  So far I have not noticed any issues logging into ECP or OWA like I was seeing last week with only having one of my servers patched. 

Senior Member

I updated to Exchange 2019 CU10 and the Security update and now users are complain of OWA timing out quickly.  I checked the "ActivityBasedAuthenticationTimeoutInterval" and it is set for 6 hours.  Any ideas where else I can look for this issue?

Thanks

Occasional Visitor

Tagging to follow

New Contributor

Hello,

We are using Exchange2013 CU23 on premise and have an hybrid environment.

We updated our ExchangeServers successfully and now we are trying to update our Schema. And there we encountered a problem.

During the prerequisite it failed at 96%. 

 

CMD/Setup:

Microsoft Exchange Server 2013 Cumulative Update 23 Unattended Setup

Performing Microsoft Exchange Server Prerequisite Check

Prerequisite Analysis FAILED
The On-Premises test failed with the message: Object reference not set to an instance of an object..
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DidOnPremisesSettingCreatedAn...


The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the
<SystemDrive>:\ExchangeSetupLogs folder.

 

error(s) in Exchangesetuplog:

 

[07-22-2021 07:55:28.0679] [1] Failed [Rule:DidOnPremisesSettingCreatedAnException] [Message:The On-Premises test failed with the message: Object reference not set to an instance of an object..]
[07-22-2021 07:55:28.0679] [1] [REQUIRED] The On-Premises test failed with the message: Object reference not set to an instance of an object..
[07-22-2021 07:55:28.0679] [1] Help URL: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DidOnPremisesSettingCreatedAn...

 

Unfortunally there is no information on the Microsoft site provided in error message.

 

In the Exchangesetuplog we see also this message:

[07-22-2021 07:55:28.0679] [1] Evaluated [Setting:MicrosoftExchangeSystemObjectsCN] [HasException:True] [Value:
System.DirectoryServices.DirectoryServicesCOMException (0x8007202B): A referral was returned from the server.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at Microsoft.Exchange.Management.Deployment.ADProvider.Run(Boolean useGC, String directoryEntry, String[] listOfPropertiesToCollect, String filter, SearchScope searchScope)
at Microsoft.Exchange.Management.Analysis.PrereqAnalysis.<CreateActiveDirectoryPrereqProperties>b__120(Result`1 x)
at Microsoft.Exchange.Management.Analysis.Builders.SettingBuilder`2.<>c__DisplayClass1.<SetValue>b__0(Result x)
] [ParentValue:"<NULL>"] [Thread:41] [Duration:00:00:46.3759730]
[07-22-2021 07:55:28.0679] [1] Finished [Setting:MicrosoftExchangeSystemObjectsCN] [Duration:00:00:46.3759730]

 

and this one:

 

[07-22-2021 07:54:43.0115] [1] Evaluated [Setting:IsHybridObjectFoundOnPremises] [HasException:True] [Value:
Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetectionException: The On-Premises test failed with the message: Object reference not set to an instance of an object.. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.TestOnPremisesOrgRelationshipDomainsCrossWithAcceptedDomain(IOnPremisesHybridDetectionCmdlets onPremCmdlets)
at Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()
--- End of inner exception stack trace ---
at Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()
at Microsoft.Exchange.Management.Analysis.PrereqAnalysis.<.ctor>b__27(Result`1 x)
at Microsoft.Exchange.Management.Analysis.Builders.SettingBuilder`2.<>c__DisplayClass1.<SetValue>b__0(Result x)
System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.TestOnPremisesOrgRelationshipDomainsCrossWithAcceptedDomain(IOnPremisesHybridDetectionCmdlets onPremCmdlets)
at Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()
] [ParentValue:"<NULL>"] [Thread:44] [Duration:00:00:00.8437672]
[07-22-2021 07:54:43.0115] [1] Finished [Setting:IsHybridObjectFoundOnPremises] [Duration:00:00:00.8437672]

 

We need help or information to upgrade our AD schema so we are not vulnerable anymore!

New Contributor

additional information added at our post of problems with Schema-update:

 

In the Exchangesetuplog we see also this message:

[07-22-2021 07:55:28.0679] [1] Evaluated [Setting:MicrosoftExchangeSystemObjectsCN] [HasException:True] [Value:
System.DirectoryServices.DirectoryServicesCOMException (0x8007202B): A referral was returned from the server.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at Microsoft.Exchange.Management.Deployment.ADProvider.Run(Boolean useGC, String directoryEntry, String[] listOfPropertiesToCollect, String filter, SearchScope searchScope)
at Microsoft.Exchange.Management.Analysis.PrereqAnalysis.<CreateActiveDirectoryPrereqProperties>b__120(Result`1 x)
at Microsoft.Exchange.Management.Analysis.Builders.SettingBuilder`2.<>c__DisplayClass1.<SetValue>b__0(Result x)
] [ParentValue:"<NULL>"] [Thread:41] [Duration:00:00:46.3759730]
[07-22-2021 07:55:28.0679] [1] Finished [Setting:MicrosoftExchangeSystemObjectsCN] [Duration:00:00:46.3759730]

 

and this one:

 

[07-22-2021 07:54:43.0115] [1] Evaluated [Setting:IsHybridObjectFoundOnPremises] [HasException:True] [Value:
Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetectionException: The On-Premises test failed with the message: Object reference not set to an instance of an object.. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.TestOnPremisesOrgRelationshipDomainsCrossWithAcceptedDomain(IOnPremisesHybridDetectionCmdlets onPremCmdlets)
at Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()
--- End of inner exception stack trace ---
at Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()
at Microsoft.Exchange.Management.Analysis.PrereqAnalysis.<.ctor>b__27(Result`1 x)
at Microsoft.Exchange.Management.Analysis.Builders.SettingBuilder`2.<>c__DisplayClass1.<SetValue>b__0(Result x)
System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.TestOnPremisesOrgRelationshipDomainsCrossWithAcceptedDomain(IOnPremisesHybridDetectionCmdlets onPremCmdlets)
at Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()
] [ParentValue:"<NULL>"] [Thread:44] [Duration:00:00:00.8437672]
[07-22-2021 07:54:43.0115] [1] Finished [Setting:IsHybridObjectFoundOnPremises] [Duration:00:00:00.8437672]

Occasional Visitor

Hi, i have Exchange Server 2013 CU23 on Windows Server 2012 R2  and AD on Windows Server 2012 R2. 

I installed SU KB5004778 using Microsoft Update. After the update, ECP \ OWA - httpCode = 500 does not work. First of all, I checked the certificate with the command:

Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint

The certificate was not found. I updated it, installed it according to the article: https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oa... .
When the command: 

Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep1> -NewCertificateEffectiveDate (Get-Date)

was executed, I received a notification:
"The validity date of the new certificate does not come at least after "48" hours and may not be available for deployment on all required servers. Proceed?" - I confirmed. 

After 4 hours ECP \ OWA does not work.

In the event log, every time you try to log in to ECP \ OWA, the following events appear:

 Source: ASP.NET 4.0.30319.0  EventID: 1309

 

Spoiler

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 22.07.2021 18:32:24
Event time (UTC): 22.07.2021 11:32:24
Event ID: 723762ba2fd0427fa4d182db21bad221
Event sequence: 56
Event occurrence: 17
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/1/ROOT/owa-2-132714267063136299
Trust level: Full
Application Virtual Path: /owa
Application Path: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\
Machine name: EXCHANGE

Process information:
Process ID: 12140
Process name: w3wp.exe
Account name: NT AUTHORITY\СИСТЕМА

Exception information:
Exception type: ExAssertException
Exception message: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
в Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters)
в Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()
в Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()
в Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays)
в Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication)
в Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer)
в Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()
в Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()
в Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon)
в Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c__DisplayClass3f.<OnCalculateTargetBackEndCompleted>b__3e()
в Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)
в Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate methodDelegate, LastChanceExceptionHandler exceptionHandler)
в Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(MethodDelegate method)



Request information:
Request URL: https://localhost:443/OWA/auth.owa
Request path: /OWA/auth.owa
User host address: ::1
User: MYDOMAIN\HealthMailboxc8d513b
Is authenticated: True
Authentication Type: Basic
Thread account name: NT AUTHORITY\СИСТЕМА

Thread information:
Thread ID: 50
Thread account name: NT AUTHORITY\СИСТЕМА
Is impersonating: False
Stack trace: в Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters)
в Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()
в Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()
в Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays)
в Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication)
в Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer)
в Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()
в Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()
в Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon)
в Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c__DisplayClass3f.<OnCalculateTargetBackEndCompleted>b__3e()
в Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)
в Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate methodDelegate, LastChanceExceptionHandler exceptionHandler)
в Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(MethodDelegate method)


Custom event details:

Source: MSExchange Front End HTTP Proxy, EventID: 1003

 

Spoiler
[Owa] An internal server error occurred. The unhandled exception was: Microsoft.Exchange.Diagnostics.ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
в Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String formatString, Object[] parameters)
в Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()
в Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()
в Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte[][] messageArrays)
в Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication httpApplication)
в Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer backEndServer)
в Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()
в Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()
в Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon)
в Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c__DisplayClass3f.<OnCalculateTargetBackEndCompleted>b__3e()
в Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)

 

 

I tried the recommendations of the article: https://docs.microsoft.com/ru-ru/exchange/troubleshoot/client-connectivity/event-1309-code-3005-cann... 

I did  

Setup.exe / PrepareSchema / IAcceptExchangeServerLicenseTerms

 

Сheck HealthChecker.ps1 returned 

 

Spoiler
Valid Auth Certificate Found On Server: True
SMB1 Installed: True
SMB1 Blocked: False
SMB1 should be uninstalled SMB1 should be blocked
More Information: https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-and-smbv1/ba-p/1165615
Security Vulnerability: CVE-2021-34470
See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-34470 for more information.

Full report i can send to message. What can I do?

 

 

 

 

 

Occasional Visitor

@ExpertNSK 
After you set (and confirmed the prompt) of the new certificate thumbprint, you also need to publish the AuthConfig certificate to all of the Exchange servers, as well as clear out the previous certificate. First run an FL in powershell so you have a snapshot of the current settings:

Get-AuthConfig | FL

Make sure the current thumbprint field shows the new certificate then run:
Set-AuthConfig -PublishCertificate

After that, you should run:
Set-AuthConfig -ClearPreviousCertificate

Then run another snapshot to confirm that the previous certificate field is gone:
Get-AuthConfig | FL

Occasional Visitor

@JoshGardner 

Yes. after command: 

Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep1> -NewCertificateEffectiveDate (Get-Date)

i did commands: 

Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate

and IISReset. 

Now command Get-AuthConfig | FL  - return:

Spoiler
RunspaceId : 569af6a9-5855-4a5c-a08a-1db541958cbb
CurrentCertificateThumbprint : 76CECC370D75297*****
PreviousCertificateThumbprint :
NextCertificateThumbprint :
NextCertificateEffectiveDate :
ServiceName : 00000002-0000-0ff1-ce00-000000000000
Realm :
Name : Auth Configuration
AdminDisplayName :
ExchangeVersion : 0.20 (15.0.0.0)
DistinguishedName : CN=Auth Configuration,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=local
Identity : Auth Configuration
Guid : f5994286-9035-4233-a1dd-b00bee367c31
ObjectCategory : nsksan.local/Configuration/Schema/ms-Exch-Auth-Auth-Config
ObjectClass : {top, container, msExchContainer, msExchAuthAuthConfig}
WhenChanged : 22.07.2021 18:24:26
WhenCreated : 11.09.2014 19:47:03
WhenChangedUTC : 22.07.2021 11:24:26
WhenCreatedUTC : 11.09.2014 12:47:03
OrganizationId :
Id : Auth Configuration
OriginatingServer : dc1.mydomain.local
IsValid : True
ObjectState : Unchanged
Occasional Visitor

@Yeroen1966 
This article mentions that error you received, granted its for Exchange 2016 and 2019, but hey may be worth taking a look at.


https://support.microsoft.com/en-us/topic/-object-reference-not-set-to-an-instance-of-an-object-erro...

You may need to run the AD Preps (like /PrepareSchema and /PrepareAD)

New Contributor

 @JoshGardner 

we have the Computers container. So that's not the problem...but thanks for sharing.

%3CLINGO-SUB%20id%3D%22lingo-sub-2544268%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2544268%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20this%20update%20address%20the%20AMSI%20issue%20that%20affects%20Outlook%20client%20connectivity%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2544377%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2544377%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3Bwhat%20NormC20%20is%20referring%20to%2C%20is%20the%20issue%20with%20AMSI%20not%20compatible%20with%20several%20Antivirus%20solutions%20implemented.%20I%20gave%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F575%22%20target%3D%22_blank%22%3E%40Scott%20Schnoll%3C%2FA%3E%26nbsp%3Balready%20a%20heads%20up%20that%20there%20is%20more%20collaboration%20with%20antivirus%20solutions%20needed.%20Clients%20getting%20massive%20Outlook%20client%20performance%20decrease%20when%20this%20is%20not%20mitigated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2544378%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2544378%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Nino%2C%3C%2FP%3E%3CP%3EI%20have%20a%20case%20open%20with%20support%2C%20I%20can%20email%20you%20the%20case%20number%20privately%20if%20you'd%20like.%26nbsp%3B%20We've%20experienced%20extreme%20Outlook%20slowness%2Fpoor%20connectivity%20since%20installing%20Exchange%202016%20CU21.%26nbsp%3B%20Disabling%20AMSI%20has%20resolved%20the%20symptoms%2C%20but%20I'd%20love%20to%20see%20the%20problem%20resolved%20rather%20than%20disable%20an%20important%20feature.%3C%2FP%3E%3CP%3EI%20use%20Sophos%2C%20but%20I've%20seen%20mentions%20on%20forums%20of%20users%20with%20other%20AV%20products%20having%20the%20same%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFirst%20mention%20I%20found%2C%20sorry%20it's%20in%20German%20but%20easy%20to%20translate%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.frankysweb.de%2Fexchange-2016-2019-amsi-integration-sorgt-fuer-probleme-mit-outlook%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EExchange%202016%2F2019%3A%20AMSI%20integration%20causes%20problems%20with%20Outlook%20-%20Frankys%20Web%3C%2FA%3E%3C%2FP%3E%3CP%3ENote%20that%20remarking%20out%20the%20AMSI%20lines%20in%20the%20web.config%20did%20not%20solve%20the%20problem%20for%20me%2C%20only%20disabling%20AMSI%20in%20the%20Sophos%20product.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20are%20a%20couple%20of%20mentions%20in%20this%20reddit%20thread%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.reddit.com%2Fr%2Fexchangeserver%2Fcomments%2Foaf63p%2Fjune_updates_for_exchange_2016_and_2019_released%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EJune%20Updates%20for%20Exchange%202016%20and%202019%20Released%20%3A%20exchangeserver%20(reddit.com)%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2544401%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2544401%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1102558%22%20target%3D%22_blank%22%3E%40NormC20%3C%2FA%3E%26nbsp%3BGot%20it%2C%20thanks%3B%20I'll%20check%20with%20Scott%20on%20this.%3C%2FP%3E%0A%3CP%3EPlease%20don't%20cross%20the%20streams...%20%3A)%3C%2Fimg%3E%20Issues%20related%20to%20a%20previous%20CU%20and%203rd%20party%20interop%20are%20not%20related%20to%20July%20SU%20releases.%20I%20fear%20people%20seeing%20mention%20of%20issues%20and%20assuming%20%22issues%20with%20July%20SUs%22.%20It%20has%20happened%20before.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2544296%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2544296%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1102558%22%20target%3D%22_blank%22%3E%40NormC20%3C%2FA%3E%26nbsp%3BUmmm...%20something%20that%20you%20can%20link%20to%20on%20this%3F%20I%20am%20not%20aware%20of%20this%20issue.%20That%20being%20said%20-%20this%20is%20a%20security%20update%2C%20not%20a%20cumulative%20update...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2544688%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2544688%22%20slang%3D%22en-US%22%3E%3CP%3ESeeing%20an%20issue%20with%20Exchange%202013%20-%20installation%20went%20fine%20-%20accessing%20owa%20%2F%20ecp%20is%20logging%20the%20following%20in%20event%20viewer%20on%20two%20different%20servers.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELog%20Name%3A%20Application%3CBR%20%2F%3ESource%3A%20MSExchange%20Front%20End%20HTTP%20Proxy%3CBR%20%2F%3EEvent%20ID%3A%201003%3CBR%20%2F%3EDescription%3A%3CBR%20%2F%3E%5BOwa%5D%20An%20internal%20server%20error%20occurred.%20The%20unhandled%20exception%20was%3A%20Microsoft.Exchange.Diagnostics.ExAssertException%3A%20ASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20suggestions%20much%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2544736%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2544736%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2021-34473%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2021-34473%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22%3C%2FP%3E%3CDIV%20class%3D%22ms-DetailsRow-cell%20cell-262%20cellPadded-261%22%3EJul%2013%2C%202021%3C%2FDIV%3E%3CDIV%20class%3D%22ms-DetailsRow-cell%20isMultiline-264%20ms-DetailsRow-cell%20cell-262%20cellPadded-261%22%3E%3CDIV%20class%3D%22css-254%22%3E%3CP%3EInformation%20published.%20This%20CVE%20was%20addressed%20by%20updates%20that%20were%20released%20in%20April%202021%2C%20but%20the%20CVE%20was%20inadvertently%20omitted%20from%20the%20April%202021%20Security%20Updates.%20This%20is%20an%20informational%20change%20only.%20Customers%20who%20have%20already%20installed%20the%20April%202021%20update%20do%20not%20need%20to%20take%20any%20further%20action.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20you%20any%20further%20explanation%20on%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3CP%3EJ%C3%B6rg%20Maletzky%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2544797%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2544797%22%20slang%3D%22en-US%22%3E%3CP%3EA%20summary%20of%20the%20German%20blog%20post%20from%20Frank%20%3CSPAN%3EZ%C3%B6chling%20linked%20above%26nbsp%3B%3C%2FSPAN%3Emay%20be%20found%20in%20in%20English%20at%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fborncity.com%2Fwin%2F2021%2F07%2F13%2Fexchange-2016-2019-outlook-probleme-durch-amsi-integration%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fborncity.com%2Fwin%2F2021%2F07%2F13%2Fexchange-2016-2019-outlook-probleme-durch-amsi-integration%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2544420%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2544420%22%20slang%3D%22en-US%22%3E%3CP%3EUnderstood...%20Apologies%20for%20posting%20on%20the%20wrong%20thread.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20the%20record%20I%20appreciate%20these%20security%20updates%20and%20intend%20on%20installing%20this%20evening.%26nbsp%3B%20Too%20many%20threats%20out%20there%20these%20days%20to%20go%20without.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2545671%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2545671%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1102839%22%20target%3D%22_blank%22%3E%40Sreejith%3C%2FA%3E%26nbsp%3Bjust%20install%20Exchange%202019%20CU10%20%2B%20the%20July%202021%20Security%20Update%20(SU)%20and%20you're%20done.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20also%20use%20Exchange%202019%20CU9%20%2B%20July%202021%20Security%20Update%20(SU)%20%2B%20%2FPrepareSchema.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThen%20run%20the%20latest%20version%20of%20the%20Exchange%20Health%20Checker%20script%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeHealthChecker%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FExchangeHealthChecker%3C%2FA%3E)%20after%20the%20installation%20process%20for%20validation.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2545743%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2545743%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3BCan%20you%20please%20confirm%20what%20is%20July%202021%20SU...%3F%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fen-US%2Fvulnerability%2FCVE-2021-34470%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fen-US%2Fvulnerability%2FCVE-2021-34470%3C%2FA%3E%26nbsp%3BIf%20this%20is%20what%20you%20are%20referring%20to%20then%20it%20is%20directing%20to%20install%20Exchange%202019%20CU10%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fcumulative-update-10-for-exchange-server-2019-kb5003612-b1434cad-3fbc-4dc3-844d-82568e8d4344%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fcumulative-update-10-for-exchange-server-2019-kb5003612-b1434cad-3fbc-4dc3-844d-82568e8d4344%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20correct%20me%20if%20am%20wrong.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20the%20help.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2545747%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2545747%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1102839%22%20target%3D%22_blank%22%3E%40Sreejith%3C%2FA%3E%26nbsp%3Bhere%20are%20the%20information%20about%20the%20Exchange%202019%20July%202021%20SU%3A%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fdescription-of-the-security-update-for-microsoft-exchange-server-2019-july-13-2021-kb5004780-fc5b3fa1-1f7a-47b0-8014-699257256bb5%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EDescription%20of%20the%20security%20update%20for%20Microsoft%20Exchange%20Server%202019%3A%20July%2013%2C%202021%20(KB5004780)%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20also%20use%20the%20table%20on%20the%26nbsp%3B%3CEM%3EExchange%20Server%20build%20number%20and%20release%20dates%3C%2FEM%3E.%20We%20document%20the%20Security%20Updates%20there%20as%20well%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fnew-features%2Fbuild-numbers-and-release-dates%3Fview%3Dexchserver-2019%23%3A~%3Atext%3DExchange%2520Server%25202019%2520%2520%2520%2520Product%2520name%2C%2520%252015.02.0792.015%2520%252020%2520more%2520rows%2520%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EExchange%20Server%20build%20numbers%20and%20release%20dates%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2545748%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2545748%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20installing%20the%20security%20patch%20on%20Exchange2016%20cu20%20on%20a%20Edge%20server%20it%20gives%20me%20a%20long%20list%20of%20applications%20that%20are%20having%20files%20in%20use.%20(I%20started%20the%20installation%20running%20cmd%20as%20admin.)%3C%2FP%3E%3CP%3EThe%20patch%20installed%20correctly%20on%20our%20mailbox%20server.%3CBR%20%2F%3EDoes%20anyone%20else%20having%20issues%20installing%20the%20patch%20on%20a%20edge%20server%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2545792%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2545792%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F233448%22%20target%3D%22_blank%22%3E%40niels%20haaijer%3C%2FA%3E%26nbsp%3BIt's%20always%20a%20good%20idea%20to%20reboot%20the%20server%20prior%20installing%20CU%2FSU.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2545871%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2545871%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%20It%20is%20a%20bit%20unclear%20to%20me%20what%20is%20the%20path%20to%20be%20taken%20in%20a%20mixed%202013%20CU23%20%2F%202016%20CU2X%20environment%20concerning%20the%20AD%20schema%20update.%20My%20understanding%20is%20that%20we%20should%20patch%202013%20and%20the%20top%202%20options%20of%20the%20image%20above.%20Is%20this%20correct%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2545981%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2545981%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F233448%22%20target%3D%22_blank%22%3E%40niels%20haaijer%3C%2FA%3E%20%3A%20I%20have%20had%20this%20(about%2015%20Processes%20in%20use)%20on%20all%20of%20our%20Mailboxservers%20(we%20dont%20have%20an%20Edge%20server)%20on%20every%20Exchange%202016%20Security%20Update%20in%20the%20last%20years%20(Despite%20booting%20the%20server%20before%20updating).%20I%20usually%20look%20for%20the%20processids%2C%20kill%20the%20processes%20and%20click%20%22ignore%22.Thats%20very%20annoying.%20This%20Problem%20is%20only%20with%20the%20security%20updates%20the%20CUs%20dont%20have%20this%20problem.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546165%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546165%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20you%20clarify%20if%20the%20patches%20for%202016%20CU20%20and%20CU21%20are%20identical%20or%20not%3F%20They%20have%20the%20exact%20same%20KB%20number%20but%20the%20files%20seem%20to%20be%20different.%3CBR%20%2F%3E%3CBR%20%2F%3ECan%20you%20also%20clarify%20if%20we%20have%20exchange%202016%20CU20%2C%20then%20install%20this%20security%20patch%20(CU20%20version).%26nbsp%3B%3CBR%20%2F%3EThen%20after%20a%20while%20we%20update%20to%20CU21.%20Will%20we%20then%20have%20to%20install%20this%20security%20patch%20again%20(CU21%20version)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546174%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546174%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103123%22%20target%3D%22_blank%22%3E%4087612378162351623765%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3ECan%20you%20clarify%20if%20the%20patches%20for%202016%20CU20%20and%20CU21%20are%20identical%20or%20not%3F%20They%20have%20the%20exact%20same%20KB%20number%20but%20the%20files%20seem%20to%20be%20different.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENo%2C%20there%20are%20different%20update%20packages%20for%20CU20%20and%20CU21.%20You%20can%20check%20the%20file%20hash%20information%20section%20at%20the%20bottom%20of%20the%20KB%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fdescription-of-the-security-update-for-microsoft-exchange-server-2016-july-13-2021-kb5004779-81e40da3-60db-4c09-bf11-b8c1e0c1b77d%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EDescription%20of%20the%20security%20update%20for%20Microsoft%20Exchange%20Server%202016%3A%20July%2013%2C%202021%20(KB5004779)%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EExchange%202016%20%2B%20CU20%20%2B%20July%202021%20SU%20%2B%20%2FPrepareSchema%26nbsp%3B%20(using%26nbsp%3BJune%202021%20CU)%26nbsp%3B%20--%26gt%3B%20Vulnerabilities%20addressed%3C%2FP%3E%0A%3CP%3EExchange%202016%20%2B%20CU21%20%2B%20July%202021%20SU%20--%26gt%3B%20Vulnerabilities%20addressed%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3ECan%20you%20also%20clarify%20if%20we%20have%20exchange%202016%20CU20%2C%20then%20install%20this%20security%20patch%20(CU20%20version).%26nbsp%3B%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EThen%20after%20a%20while%20we%20update%20to%20CU21.%20Will%20we%20then%20have%20to%20install%20this%20security%20patch%20again%20(CU21%20version)%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYes%2C%20you%20must%20install%20the%20latest%20July%202021%20SU%20on%20top%20of%20CU21%20(even%20if%20you've%20installed%20it%20for%20CU20)%20to%20address%20all%20vulnerabilities.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546321%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546321%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20installing%20the%20update%20on%20several%20Exchange%202016%20CU%2021%20we%20see%20a%20problem%20with%20OWA%2FECP.%3C%2FP%3E%3CP%3EImmediately%20after%20login%20it%20says%3A%20Session%20expired.%20please%20log%20in.%3C%2FP%3E%3CP%3ESo%20no%20access%20is%20possible.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%26nbsp%3B%20deactivate%20the%20patched%20servers%20in%20our%20load%20balancer%20(just%20for%20owa%2Fecp%20is%20enough)%20everythink%20works%20fine.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20can%20I%20do%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546322%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546322%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20morning%20I%20patched%20one%20of%20our%20two%20Exchange%20Servers%20and%20ran%20into%20some%20issues%20that%20appear%20to%20have%20occurred%20after%20installing%20the%20Exchange%202016%20CU21%20July%20Security%20Patches%20KB5004779.%26nbsp%3B%20Both%20of%20my%20Exchange%20servers%20was%20running%20Exchange%202016%20CU%2019%20with%20All%20Security%20patches.%26nbsp%3B%20I%20installed%20Exchange%202016%20CU21%20and%20this%20appears%20to%20have%20installed%20without%20any%20problems.%26nbsp%3B%20I%20rebooted%20the%20server%20and%20let%20Exchange%20Start.%26nbsp%3B%20I%20waited%20for%20services%20to%20start%2C%20verify%20Windows%20Event%20Logs%20to%20see%20that%20nothing%20appeared%20out%20of%20the%20ordinary.%26nbsp%3B%20I%20then%20logged%20into%20ECP%20and%20verified%20that%20the%20server%20was%20online%20and%20it%20was%20at%20version%2015.1%20build%202308.8%20and%20my%20other%20server%20is%2015.1%20build%202176.2.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20didn't%20notice%20any%20issues%20so%20I%20wanted%20to%20apply%20the%20security%20update%20for%20Exchange%202016%20along%20with%20the%20other%20patches%20that%20was%20released%20yesterday%20for%20July%202021%20patch%20Tuesday%20(Windows%202016%20OS%20patch%2C%20.Net%20Patch%2C%20Etc).%26nbsp%3B%20We%20have%20WSUS%20running%20in%20our%20setup%20so%20I%20have%20always%20let%20these%20updates%20pull%20from%20WSUS%20and%20install%20and%20have%20never%20ran%20into%20any%20issues%20described%20in%20previous%20posts%20with%20services%20not%20starting%20or%20failed%20installation.%26nbsp%3B%20The%20installation%20of%20the%20updates%20completed%20and%20I%20rebooted%20the%20server.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnce%20the%20server%20rebooted%20I%20logged%20into%20it%20and%20verified%20that%20services%20started%20correctly%20and%20looked%20at%20the%20Windows%20system%20logs%20to%20verify%20that%20Exchange%20started%20as%20normal%20and%20no%20unusual%20errors.%26nbsp%3B%20Again%20I%20didn't%20see%20anything%20and%20then%20tried%20to%20login%20to%20ECP.%26nbsp%3B%20I%20put%20in%20my%20username%20and%20password%20and%20it%20just%20went%20back%20to%20a%20login%20screen.%26nbsp%3B%20This%20happened%20several%20times%20and%20I%20decided%20to%20clear%20the%20browser%20(using%20Chrome%20version%2091.0.4472.124%20which%20is%20current).%26nbsp%3B%20I%20was%20able%20to%20get%20into%20ECP%20and%20then%20looked%20at%20the%20server.%26nbsp%3B%20The%20databases%20was%20mounted%20and%20everything%20looked%20correct.%26nbsp%3B%20I%20then%20tried%20to%20login%20to%20Webmail%20(OWA%2C%20Outlook%20on%20the%20web)%20and%20ran%20into%20the%20same%20problem%20I%20had%20with%20logging%20into%20ECP.%26nbsp%3B%20I%20would%20type%20in%20my%20username%20and%20password%20and%20it%20would%20just%20go%20back%20to%20a%20login%20screen%20or%20appeared%20to%20do%20nothing.%26nbsp%3B%20I%20tested%20this%20from%20multiple%20devices%20that%20was%20on%20my%20network%20and%20from%20a%20device%20that%20was%20remote%20and%20had%20the%20same%20issue.%26nbsp%3B%20My%20Outlook%20client%20appears%20to%20work%20both%20Internal%20and%20External.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20Exchange%20Servers%20are%20configured%20behind%20a%20BigIP%20Load%20Balancer%20and%20Exchange%20was%20setup%20F5s%20iApps%20for%20Exchange%202016.%26nbsp%3B%20This%20has%20been%20in%20place%20since%20we%20migrated%20to%20Exchange%202016%20and%20the%20only%20thing%20I%20have%20ever%20had%20to%20add%20was%20an%20iRule%20for%20SameSiteCookies%20to%20get%20Chrome%20to%20work%20after%20one%20of%20the%20CU%202016%20for%20Exchange.%26nbsp%3B%20Other%20browsers%20didn't%20have%20this%20issue.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20verified%20all%20of%20the%20Virtual%20Directory%20permissions%20and%20configuration%20between%20the%20two%20Exchange%20Servers%20and%20they%20are%20the%20same.%26nbsp%3B%20My%20next%20thought%20was%20to%20remove%20the%20Exchange%202016%20CU21%20Security%20Update%20and%20see%20if%20the%20problem%20still%20exists%20because%20I%20didn't%20notice%20this%20issue%20after%20I%20had%20just%20applied%20Exchange%202016%20CU21.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20removed%20the%20July%202021%20Security%20update%20for%20Exchange%202016%20and%20rebooted%20the%20server.%26nbsp%3B%20I%20verified%20that%20the%20Exchange%20Services%20started%20and%20there%20was%20nothing%20unusual%20in%20the%20event%20logs.%26nbsp%3B%20I%20then%20tested%20logging%20into%20ECP%20and%20didn't%20have%20any%20problems.%26nbsp%3B%20I%20then%20tested%20logging%20into%20OWA%20with%20multiple%20accounts%2C%20multiple%20browsers%2C%20and%20multiple%20devices.%26nbsp%3B%20I%20didn't%20have%20any%20issues%20with%20this%20either.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20currently%20went%20into%20our%20WSUS%20server%20that%20supplies%20the%20updates%20to%20our%20services%20and%20declined%20KB5004779%20for%20Exchange%202016%20CU21%20and%20CU20%20until%20I%20can%20find%20out%20what%20the%20issue%20is%20and%20we%20do%20more%20testing%20with%20just%20going%20from%20Exchange%202016%20CU19%20to%20Exchange%202016%20CU21.%26nbsp%3B%20I%20would%20like%20to%20see%20if%20anyone%20else%20has%20seen%20issues%20like%20this%20after%20applying%20the%20July%202021%20Security%20Patch%20for%20Exchange%202016%20CU21.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546348%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546348%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20Exchange%202013%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20we%20want%20to%20do%20the%20schema%20update%20from%20a%20different%20server%2C%20an%20AD%20controller%2C%20how%20can%20we%20do%20this%3F%20(Schema%20master%20in%20another%20site)%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EThe%20instructions%3A%3C%2FP%3E%3CP%3E-%20Extend%20the%20Active%20Directory%20schema%20using%20the%20elevated%20Command%20prompt.%20Command%20will%20be%20similar%20to%20the%20following%3A%3C%2FP%3E%3CP%3E%E2%80%9CSetup.exe%20%2FPrepareSchema%20%2FIAcceptExchangeServerLicenseTerms%E2%80%9D%20using%20the%20setup.exe%20from%20location%20%E2%80%9Cc%3A%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5CV15%5CBin%5Csetup.exe%E2%80%9D%20(use%20the%20folder%20for%20the%20installation%20location%20of%20your%20Exchange%20server)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546381%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546381%22%20slang%3D%22en-US%22%3E%3CP%3EI%20can%20confirm%20OWA%2FECP%20Login%20Issues%3C%2FP%3E%3CP%3EPatched%201%20Server%202019%20CU10%20with%20Update%20and%20immediately%20started%20having%20login%20issues.%203%20Node%20Cluster%20behind%20kemp%20loadbalancers.%3C%2FP%3E%3CP%3EDisabled%20the%20server%20from%20loadbalancer%20service%20for%20now.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnother%20cluster%20(same%203node%20setup%20behind%20kemps)%20does%20not%20have%20any%20issues.%3C%2FP%3E%3CP%3ENot%20sure%20why%20so%20far%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546469%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546469%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F288327%22%20target%3D%22_blank%22%3E%40BitwinTheSheets%3C%2FA%3E%20-%20my%20understanding%20is%20the%20same%20-%20if%202016%20is%20on%20CU21%20you%20have%20to%20just%20patch%202013%20%26amp%3B%202016.%20If%202016%20is%20on%20CU20%20then%20patch%202013%20servers%20-%26gt%3B%20update%20schema%20with%20CU21%20binaries%20-%26gt%3B%20patch%202016%20servers.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546697%22%20slang%3D%22de-DE%22%3ESubject%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546697%22%20slang%3D%22de-DE%22%3E%3CP%3EHello%2C%20%3CBR%20%2F%3E%20I%20can%20confirm%20the%20login%20issues.%20After%20installing%20the%20Security%20Update%20For%20Exchange%20Server%202016%20CU21%20(KB5004779)%20on%20an%20Exchange%20Server%20in%20the%20DAG%2C%20I%20get%20the%20following%20error%3A%20%3CBR%20%2F%3E%20After%20successful%20login%2C%20I%20am%20immediately%20thrown%20back%20to%20the%20OWA%20login%20page.%3CBR%20%2F%3EIf%20I%20deactivate%20the%20server%20on%20the%20loadmaster%2C%20OWA%20works%20as%20usual!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGreetings%20%3CBR%20%2F%3E%20Marcel%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546935%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546935%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F667996%22%20target%3D%22_blank%22%3E%40culmor%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103123%22%20target%3D%22_blank%22%3E%4087612378162351623765%3C%2FA%3E%26nbsp%3BI%20assume%20this%20is%20the%20scenario%20where%20Exchange%202013%20is%20the%20highest%20version%20of%20Exchange%20server%20and%20schema%20master%20is%20in%20a%20different%20site%3F%20A%20preferred%20way%20forward%20is%20to%20move%20the%20schema%20master%20to%20the%20same%20site%2C%20run%20the%20schema%20update%20and%20then%20move%20it%20back%3B%20it%20just%20just%20a%20bit%20of%20AD%20replication%3B%20the%20impact%20should%20be%20minimal.%20There%20is%20a%20different%20way%20to%20handle%20this%20also%20and%20I%20almost%20hesitate%20to%20suggest%20it%20but%20will%20mention%20it%3A%20you%20could%20use%20the%20June%20CU%20for%20Exchange%202016%20%2F%202019%20installation%20media%20to%20do%20the%20schema%20extension.%20Note%20that%20this%20will%20do%20two%20things%3A%20you%20will%20have%20to%20pass%20all%20E2016%2F2019%20setup%20prerequisites%20(so%20let's%20say%20if%20there%20is%20an%20Exchange%202007%20server%20in%20the%20org%2C%20this%20will%20not%20work)%20-%20and%2C%20more%20importantly%20-%20from%20that%20point%20on%2C%20you%20will%20always%20have%20to%20extend%20the%20schema%20using%20the%20version%20that%20you%20use%20for%20this.%20This%20might%20be%20an%20option%20if%20you%20are%20looking%20to%20move%20to%20the%20later%20version%20of%20Exchange%20anyway.%20Seeing%20that%20we%20are%20talking%20Exchange%202013%20here%2C%20this%20might%20be%20OK.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546961%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546961%22%20slang%3D%22en-US%22%3E%3CP%3EExchange%202013%20Schema%20Version%3C%2FP%3E%3CP%3EMy%20understanding%20is%20that%20the%20rangeUpper%20value%20for%20the%20ms-Exch-Schema-Version-Pt%20attribute%20should%20increment%20from%2015312%20to%2015313.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Feightwone.com%2Freferences%2Fschema-versions%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Feightwone.com%2Freferences%2Fschema-versions%2F%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20installed%20the%20security%20update%20in%20my%20lab%20and%20run%20the%20schema%20update%20but%20the%20rangeUpper%20value%20is%20staying%20at%2015312.%3C%2FP%3E%3CP%3EThe%20release%20notes%20file%20versions%20entries%20say%20that%20the%20Schemaversion.ldf%20file%20should%20be%20dated%207%2F7%2F21%20with%20a%20size%20of%201%2C905%20bytes.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fdescription-of-the-security-update-for-microsoft-exchange-server-2013-july-13-2021-kb5004778-f532100d-a9c1-4f2c-bc36-baec95881011%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fdescription-of-the-security-update-for-microsoft-exchange-server-2013-july-13-2021-kb5004778-f532100d-a9c1-4f2c-bc36-baec95881011%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20both%20servers%20I%20have%20run%20the%20update%20on%20the%20Schemaversion.ldf%20file%20is%20staying%20at%2005%2F29%2F19%20with%20a%20size%20of%201%2C905%20bytes.%3C%2FP%3E%3CP%3ESimilarly%20Schemaadam.ldf%20is%20not%20getting%20updated.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20following%20LDF's%20ARE%20getting%20updated%20although%20they%20are%20dated%2007%2F08%2F21%20rather%20than%20the%2007%2F07%2F21%20listed%20in%20the%20notes%2C%20that%20might%20just%20be%20a%20time%20zone%20thing%20though.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPostExchange2003_schema99.ldf%3CBR%20%2F%3EPostWindows2003_schema99.ldf%3C%2FP%3E%3CP%3EPostExchange2000_schema99.ldf%3C%2FP%3E%3CP%3Eschema99.ldf%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20else%20seeing%20this%3F%3C%2FP%3E%3CP%3EObviously%20it%20makes%20it%20awkward%20for%20auditing%20and%20change%20control%20purposes%20if%20the%20schema%20version%20is%20not%20being%20updated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3ENeill%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546968%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546968%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F288327%22%20target%3D%22_blank%22%3E%40BitwinTheSheets%3C%2FA%3E%26nbsp%3BIn%20the%26nbsp%3Bmixed%202013%20CU23%20%2F%202016%20CU2X%20environment%20and%20schema%20updates%3A%20all%20that%20you%20have%20to%20do%20is%20update%20the%20schema%20using%202016%20CU21.%20You%20do%20not%20need%20to%20worry%20about%20Exchange%202013%20schema%20scenario%20in%20that%20case%3B%20June%20CUs%20already%20have%20the%20schema%20change.%20Then%2C%20also%20-%20of%20course%20-%20install%20July%20SUs%20and%20that's%20that.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546993%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546993%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1093017%22%20target%3D%22_blank%22%3E%40justsomeadmin%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F543036%22%20target%3D%22_blank%22%3E%40mstoffa%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103159%22%20target%3D%22_blank%22%3E%40sasger%3C%2FA%3E%26nbsp%3BPlease%20check%20the%20workaround%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fyou-can-t-access-owa-or-ecp-after-you-install-exchange-server-2016-cu6-88b3fe67-5f97-a8a2-8ed8-70034ff15761%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EYou%20can't%20access%20OWA%20or%20ECP%20after%20you%20install%20Exchange%20Server%202016%20CU6%20(microsoft.com)%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546996%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546996%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F181666%22%20target%3D%22_blank%22%3E%40Neill%20Tinlin%3C%2FA%3E%26nbsp%3BPlease%20run%26nbsp%3B%3CSPAN%3EExchange%20Health%20Checker%20(%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeHealthChecker%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FExchangeHealthChecker%3C%2FA%3E%3CSPAN%3E)%20-%20it%20will%20check%20for%20the%20schema%20change.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2547122%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2547122%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3BI%20don't%20see%20the%20point%20in%20that.%20I%20can%20see%20that%20the%20schema%20version%20has%20not%20updated%20within%20AD%20via%20adsiedit%20or%20script%20and%20that%20the%20SchemaVersion.ldf%20file%20that%20would%20actually%20update%20the%20rangeUpper%20value%20has%20not%20been%20updated%20by%20the%20SU.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20see%20from%20the%20Exchange%20setup%20log%20that%20the%20changes%20have%20been%20applied%2C%20or%20at%20least%20that%20the%20LDF's%20have%20been%20run%20against%20AD%20and%20closed%20cleanly%20but%20if%20I'm%20handing%20this%20to%20AD%20guys%20to%20run%20for%20me%20then%20a%20normal%20part%20of%20the%20change%20is%20to%20validate%20the%20rangeUpper%20version%20after%20running%20in%20the%20schema%20update.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20not%20saying%20this%20is%20a%20general%20problem%2C%20just%20that%20it%20is%20what%20I%20am%20seeing.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2547294%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2547294%22%20slang%3D%22en-US%22%3E%3CP%3Eauth%20cert%20is%20fine%20for%20my%20environment.%3C%2FP%3E%3CP%3Eno%20errors%20in%20event%20log.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDirect%20login%20through%20the%20server%20itself%20works%2C%20but%20not%20anymore%20when%20its%20accessed%20through%20loadmaster.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2547571%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2547571%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20observed%20the%20issue%20with%20users%20getting%20kicked%20out%20of%20OWA%20after%20installing%20this%20update.%26nbsp%3B%20The%20fix%20was%20to%20change%20the%20persistence%20profile%20to%20source-ip%20on%20our%20load-balancer%20(we%20were%20previously%20using%20least-connected).%26nbsp%3B%20It%20would%20be%20good%20to%20understand%20the%20change%20in%20behaviour%20introduced%20in%20this%20update%20which%20has%20broken%20session%20persistence.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2547655%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2547655%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103409%22%20target%3D%22_blank%22%3E%40georgedaly%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBravo%20sir%2C%20looks%20like%20thats%20it.%20Thank%20you%20very%20much!%3C%2FP%3E%3CP%3EChanged%20persistence%20for%20owa%20subdir%20to%20source-ip%20and%20problem%20is%20gone.%20Id%20like%20to%20avoid%20source%20ip%20persistence%20though.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eobviously%20there%20was%20some%20change%20with%20session%20persistence%20in%20this%20update.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20second%20environment%20without%20this%20issue%20uses%20simple%20l4%20loadbalancers.%20The%20environment%20with%20the%20issue%20uses%20l7%20profile.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2547711%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2547711%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F181666%22%20target%3D%22_blank%22%3E%40Neill%20Tinlin%3C%2FA%3E%26nbsp%3BExact%20same%20scenario%20as%20you.%20We're%20also%20not%20seeing%20the%20value%20get%20updated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2547938%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2547938%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F543036%22%20target%3D%22_blank%22%3E%40mstoffa%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103159%22%20target%3D%22_blank%22%3E%40sasger%3C%2FA%3E%26nbsp%3Bin%20case%20you%20missed%20it%2C%20try%20switching%20persistence%20profile%20to%20source-ip%20on%20the%20load-balancer%20to%20work%20around%20session%20persistence%20issues%20introduced%20in%20this%20update.%26nbsp%3B%20Root%20cause%20as%20yet%20unclear.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2548019%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2548019%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103364%22%20target%3D%22_blank%22%3E%40GeraldSchwab%3C%2FA%3E%26nbsp%3BWe%20have%20an%20automated%20approval%20queue%20(spam%20filter)%20that%20your%20first%20message%20was%20filtered%20into%20-%20you%20would%20have%20received%20a%20notification%20when%20you%20tried%20to%20post%20the%20first%20time%2C%20but%20sorry%20if%20that%20was%20unclear.%20We%20review%20this%20queue%20manually%20daily%20and%20as%20your%20message%20was%20not%20spam%2C%20your%20message%20was%20moved%20back%20into%20publication.%20Sorry%20for%20any%20hassle.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2548268%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2548268%22%20slang%3D%22en-US%22%3E%3CP%3EExchange%202013%20CU23.%20We%20are%20experiencing%20the%20OWA%2FECP%20login%20issue%20as%20well%20post%26nbsp%3BKB5004778%20install.%20Our%20F5%20LB%20persistence%20profile%20is%20not%20configured.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2548556%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2548556%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226813%22%20target%3D%22_blank%22%3E%40Joshua%20Davis%3C%2FA%3E%26nbsp%3BWe%20didn't%20have%20a%20persistence%20profile%20configured%20either%2C%20as%20previously%20session%20persistence%20was%20taken%20care%20of%20by%20Exchange%20without%20the%20need%20for%20enabling%20sticky%20sessions%20on%20the%20LB.%26nbsp%3B%20We%20applied%20the%20source-ip%20persistence%20profile%20on%20our%20F5%20LB%20as%20a%20workaround%20once%20we%20suspected%20the%20problem%20related%20to%20session%20persistence.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2548878%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2548878%22%20slang%3D%22en-US%22%3E%3CP%3EExchange%202016%20CU21%20same%20error%2C%20no%20load%20balancer%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CPRE%3EHMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%20%3C%2FPRE%3E%3C%2FBLOCKQUOTE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2548895%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2548895%22%20slang%3D%22en-US%22%3E%3CP%3E%3CEM%3EExchange%202019%20CU9%3C%2FEM%3E%20also%20same%20error%3A%3C%2FP%3E%3CP%3EException%20type%3A%20ExAssertException%3CBR%20%2F%3EException%20message%3A%20ASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENot%20possible%20to%20login%20OWA%20and%20ECP.%20After%20filling%20in%20username%2C%20password%20and%20push%20submit%20they%20run%20in%20the%20error%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETried%20different%20things%20as%20suggested%20above%26nbsp%3B(%3CSPAN%3EOAuth%20%22fix%22%20as%20example%3C%2FSPAN%3E)%20and%20from%20other%20websites.%3C%2FP%3E%3CP%3ECurrently%20trying%20to%20uninstall%20the%20update.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EUpdate%3A%26nbsp%3B%20uninstalling%20the%20patch%20solves%20the%20problem.%20OWA%20and%20ECP%20works%20again.%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2549055%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2549055%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103646%22%20target%3D%22_blank%22%3E%40Mildur%3C%2FA%3E%26nbsp%3Bplease%20follow%20the%20steps%20described%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%3Fpreserve-view%3Dtrue%23resolution%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%3Fpreserve-view%3Dtrue%23resolution%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20run%20the%20Health%20Checker%20script%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeHealthChecker%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FExchangeHealthChecker%3C%2FA%3E)%20after%20doing%20these%20steps%20and%20check%20if%20there%20are%20any%20errors%20reported%20regarding%20the%20Auth%20certificate.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2549057%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2549057%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103649%22%20target%3D%22_blank%22%3E%40PerplexMM%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103646%22%20target%3D%22_blank%22%3E%40Mildur%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103575%22%20target%3D%22_blank%22%3E%40a7n8x%3C%2FA%3E%26nbsp%3B-%20do%20we%20know%20that%20OAuth%20cert%20is%20not%20expired%3F%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECan't%20access%20OWA%2FEAC%20with%20expired%20OAuth%20certificate%20-%20Exchange%20%7C%20Microsoft%20Docs%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2549098%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2549098%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20guys.%3C%2FP%3E%3CP%3EMy%20Oauth%20Cert%20was%20invalid.%20I%20have%20many%20entries%20in%20the%20event%20logs%20about%20that.%20I%20have%20already%20created%20a%20new%20Oauth%20Cert%20and%20now%20I%20am%20waiting%20until%20it%E2%80%98s%20active.%3C%2FP%3E%3CP%3EI%20will%20give%20use%20health%20check%20soon%20and%20give%20a%20feedback%20here%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2549159%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2549159%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3BYes%20I%20know%20it%20wasn't%26nbsp%3B%3CSPAN%3Eexpired.%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3EI%20also%26nbsp%3Bdeployed%20a%20new%20OAuth%20certificate.%20As%20mentioned%20above.%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20if%20it%20was%20expired%20the%20problem%20should%20exist%20before%20the%20update%20and%20wouldn't%20be%20fixed%20by%20uninstalling%20the%20update%3B%20the%20update%20does%20not%20change%20the%20certificates.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20one%20strange%20thing%20I%20had%20after%20installing%20the%20update%20that%20the%20script%26nbsp%3B%3CEM%3EGet-ExchangeCertificate%20(Get-AuthConfig).CurrentCertificateThumbprint%3C%2FEM%3E%20gives%20an%20error%20result%20with%20a%20thumbprint%20of%20a%20certificate%20which%20did%20not%20exist%20(and%20never%20has)%20on%20the%20server.%26nbsp%3B%26nbsp%3BThis%20thumbprint%20problem%20was%20solved%20after%26nbsp%3Bdeploying%20a%20new%20OAuth%20certificate.%20But%20the%26nbsp%3B%3CEM%3EASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%3C%2FEM%3E%20was%20still%20there.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2549374%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2549374%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EHealth%20Check%20is%20green%2C%20but%20the%20issue%20remains.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2549379%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2549379%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103646%22%20target%3D%22_blank%22%3E%40Mildur%3C%2FA%3E%26nbsp%3Bhave%20you%20restarted%20the%20Apppools%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERestart-WebAppPool%20MSExchangeOWAAppPool%3CBR%20%2F%3ERestart-WebAppPool%20MSExchangeECPAppPool%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2549419%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2549419%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%2C%20we%20have.%3C%2FP%3E%3CP%3EWe%20have%20also%20done%20two%20reboots%2C%20iisreset%20and%20restarted%20the%20app%20Pools.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20will%20check%20the%20server%20tomorrow%20again.%20Only%20Outlook%20and%20Activesync%20is%20needed%20at%20the%20moment.%20My%20customer%20has%20confirmed%20that%20this%20clients%20are%20working.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20we%20uninstall%20the%20update%20if%20the%20issue%20persist%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2549466%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2549466%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20our%20Beta%20environment%2C%20which%20is%20Exchange%202013%20CU23%2C%20behind%20F5%20LB%2C%20we%20also%20had%20the%20OWA%2FECP%20issue.%20We%20found%20that%20re-assigning%20the%20iis%20cert%20followed%20by%20an%20iisreset%20relieved%20the%20issue.%20Haven't%20confirmed%20in%20additional%20environments.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2549484%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2549484%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103646%22%20target%3D%22_blank%22%3E%40Mildur%3C%2FA%3E%26nbsp%3BI%E2%80%99ve%20dropped%20you%20a%20PM.%20Would%20be%20great%20if%20you%20can%20share%20some%20more%20information%20with%20me.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2550119%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2550119%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20experiencing%20the%20same%20issue%20applying%20the%20July%20security%20update%20to%20our%20Exchange%202019%20CU9%20environment.%20After%20the%20upgrade%20our%20OWA%2FECP%20just%20keeps%20looping%20back%20to%20the%20login%20screen.%20Our%20servers%20are%20load%20balanced.%20I've%20checked%20the%20auth%20cert%20as%20some%20have%20mentioned%20and%20no%20issues%20there.%3C%2FP%3E%3CP%3EAt%20this%20point%20I'm%20contemplating%20leaving%20the%20server%20in%20maintenance%20mode%20or%20looking%20into%20uninstalling%20the%20security%20update.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2550401%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2550401%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20per%20the%20blog%20%2C%20the%20update%20can%20be%20installed%20first%20and%20then%20we%20can%20proceed%20with%20Schema%20update.%3C%2FP%3E%3CP%3ECould%20you%20please%20advise%20the%20timeframe%20to%20update%20schema%20post%20installation%20of%20the%20security%20update%20on%20the%20exchange%202013%20servers%3C%2FP%3E%3CP%3EFor%20example%20%2C%20can%20we%20wait%20for%201-2%20weeks%20before%20extending%20the%20schema%20after%20the%20update%20is%20installed%20on%20exchange%20servers%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2550971%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2550971%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F219434%22%20target%3D%22_blank%22%3E%40Ajit%20Terdalkar%3C%2FA%3E%26nbsp%3BSchema%20update%20is%20required%20to%20become%20fully%20protected%20against%20all%20addressed%20vulnerabilities.%20You%20can%20operate%20your%20Exchange%202013%20without%20the%20schema%20update%20(not%20recommended)%20but%20then%20you're%20not%20fully%20protected.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2550973%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2550973%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20Lukas.%20Renewing%20the%20oAuth%20Cert%20has%20worked.%26nbsp%3B%3C%2FP%3E%3CP%3EI%20had%20to%20wait%203%20hours%20until%20the%20new%20oAuth%20Cert%20was%20working.%20After%20that%2C%20OWA%20and%20ECP%20were%20working%20again.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ERenewing%20oAuth%20Cert%20as%20descriped%20in%20this%20link%20and%20wait%20for%201-4%20hours%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2547168%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2547168%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20running%20Exchange%20Server%202013%20CU23%20and%20whatever%20update%20went%20out%20last%20night%20is%20causing%20my%20OWA%20and%20ECP%20to%20500%20error%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eexception%3A%26nbsp%3B%3C!--%20%20%20%0A%5BExAssertException%5D%3A%20ASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26amp%3Bamp%3Blt%3B1%0A%20%20%20at%20Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String%20formatString%2C%20Object%5B%5D%20parameters)%0A%20%20%20at%20Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()%0A%20%20%20at%20Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()%0A%20%20%20at%20Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte%5B%5D%5B%5D%20messageArrays)%0A%20%20%20at%20Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication%20httpApplication)%0A%20%20%20at%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer%20backEndServer)%0A%20%20%20at%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()%0A%20%20%20at%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()%0A%20%20%20at%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon%20beacon)%0A%20%20%20at%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.%26amp%3Blt%3B%26amp%3Bgt%3Bc__DisplayClass3f.%26amp%3Blt%3BOnCalculateTargetBackEndCompleted%26amp%3Bgt%3Bb__3e()%0A%20%20%20at%20Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate%20tryDelegate%2C%20FilterDelegate%20filterDelegate%2C%20CatchDelegate%20catchDelegate)%0A%20%20%20at%20Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate%20methodDelegate%2C%20LastChanceExceptionHandler%20exceptionHandler)%0A%20%20%20at%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(MethodDelegate%20method)%0A%5BAggregateException%5D%3A%20One%20or%20more%20errors%20occurred.%0A%20%20%20at%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult%20result)%0A%20%20%20at%20System.Web.HttpApplication.CallHandlerExecutionStep.InvokeEndHandler(IAsyncResult%20ar)%0A%20%20%20at%20System.Web.HttpApplication.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult%20ar)%0A%20%20--%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3EASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%20%0ADescription%3A%20An%20unhandled%20exception%20occurred%20during%20the%20execution%20of%20the%20current%20web%20request.%20Please%20review%20the%20stack%20trace%20for%20more%20information%20about%20the%20error%20and%20where%20it%20originated%20in%20the%20code.%20%0A%0AException%20Details%3A%20Microsoft.Exchange.Diagnostics.ExAssertException%3A%20ASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%0A%0ASource%20Error%3A%20%0A%0AAn%20unhandled%20exception%20was%20generated%20during%20the%20execution%20of%20the%20current%20web%20request.%20Information%20regarding%20the%20origin%20and%20location%20of%20the%20exception%20can%20be%20identified%20using%20the%20exception%20stack%20trace%20below.%20%20%0A%0AStack%20Trace%3A%20%0A%0A%0A%5BExAssertException%3A%20ASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%5D%0A%20%20%20Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String%20formatString%2C%20Object%5B%5D%20parameters)%20%2B241%0A%20%20%20Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()%20%2B478%0A%20%20%20Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()%20%2B143%0A%20%20%20Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte%5B%5D%5B%5D%20messageArrays)%20%2B16%0A%20%20%20Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication%20httpApplication)%20%2B826%0A%20%20%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer%20backEndServer)%20%2B2778%0A%20%20%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()%20%2B20%0A%20%20%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()%20%2B229%0A%20%20%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon%20beacon)%20%2B1379%0A%20%20%20Microsoft.Exchange.HttpProxy.%26lt%3B%26gt%3Bc__DisplayClass3f.%26lt%3BOnCalculateTargetBackEndCompleted%26gt%3Bb__3e()%20%2B311%0A%20%20%20Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate%20tryDelegate%2C%20FilterDelegate%20filterDelegate%2C%20CatchDelegate%20catchDelegate)%20%2B35%0A%20%20%20Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate%20methodDelegate%2C%20LastChanceExceptionHandler%20exceptionHandler)%20%2B121%0A%20%20%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(MethodDelegate%20method)%20%2B69%0A%0A%5BAggregateException%3A%20One%20or%20more%20errors%20occurred.%5D%0A%20%20%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult%20result)%20%2B416%0A%20%20%20System.Web.CallHandlerExecutionStep.InvokeEndHandler(IAsyncResult%20ar)%20%2B231%0A%20%20%20System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult%20ar)%20%2B172%0A%20%0A%0A%0A--------------------------------------------------------------------------------%0AVersion%20Information%3A%20Microsoft%20.NET%20Framework%20Version%3A4.0.30319%3B%20ASP.NET%20Version%3A4.8.4330.0%20%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2551324%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2551324%22%20slang%3D%22en-US%22%3E%3CP%3Eload%20balancing%20depending%20on%20source%20ip%20did%20not%20work%20for%20us%20(maybe%20I%20did%20something%20wrong)%20but%20limiting%20owa%2Fecp%20to%20only%20one%20target%20server%20worked%20(it%20is%20more%20or%20less%20ok%2C%20as%20we%20do%20not%20have%20too%20much%20load%20on%20owa.%20Missing%20HA%20is%20OK%20for%20a%20short%20while)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThen%20we%20patched%20the%20remaining%20servers.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESince%20all%20servers%20are%20now%20completely%20patched%20everything%20works%20as%20expected.%20Even%20with%20load%20balancing%20configured%20as%20before.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20for%20us%20the%20problem%20is%20solved.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2551449%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2551449%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20usually%20run%20Schemaupdates%20only%20on%20the%20DCs%2C%20only%20there%20Domainadmins%20and%20Schemaadmins%20are%20allowed%20to%20logon.%3C%2FP%3E%3CP%3ETherefore%20we%20usually%20unzip%20the%20CU%20and%20run%20the%20%E2%80%9CSetup.exe%20%2FPrepareSchema%20%2FIAcceptExchangeServerLicenseTerms%22%3CBR%20%2F%3E*%20We%20now%20tried%20extracting%20the%20*.msp%20which%20won%C2%B4t%20work%20like%20the%20CU%3C%2FP%3E%3CP%3E*%20We%20tried%20copying%20the%20%22Bin%22%20folder%20-%26gt%3BThrows%20instantly%20an%20error%20that%20%22Exchange%20Server%202013%20requires%20.NET%20Framework%204.5%20or%20later.%20Download%20it%20from%20htt.%2F....%26nbsp%3B%26nbsp%3B%20But%204.8%20is%20already%20installed.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3Eany%20ideas%3F%20runing%20it%20on%20the%20exchangeserver%20is%20no%20solution.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2547215%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2547215%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EI%20posted%20this%20before%20and%20it%20was%20deleted%20%3F!!%3F%3F!%3F!%20%3CFONT%20color%3D%22%23FF0000%22%3EWHY%3F%3C%2FFONT%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%26nbsp%3B%20am%20running%20Exchange%20Server%202013%20CU23%20and%20I%20am%20getting%20the%20following%20exception%20after%20last%20nights%20updates%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3EASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%20%0ADescription%3A%20An%20unhandled%20exception%20occurred%20during%20the%20execution%20of%20the%20current%20web%20request.%20Please%20review%20the%20stack%20trace%20for%20more%20information%20about%20the%20error%20and%20where%20it%20originated%20in%20the%20code.%20%0A%0AException%20Details%3A%20Microsoft.Exchange.Diagnostics.ExAssertException%3A%20ASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%0A%0ASource%20Error%3A%20%0A%0AAn%20unhandled%20exception%20was%20generated%20during%20the%20execution%20of%20the%20current%20web%20request.%20Information%20regarding%20the%20origin%20and%20location%20of%20the%20exception%20can%20be%20identified%20using%20the%20exception%20stack%20trace%20below.%20%20%0A%0AStack%20Trace%3A%20%0A%0A%0A%5BExAssertException%3A%20ASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%5D%0A%20%20%20Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String%20formatString%2C%20Object%5B%5D%20parameters)%20%2B241%0A%20%20%20Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()%20%2B478%0A%20%20%20Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()%20%2B143%0A%20%20%20Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte%5B%5D%5B%5D%20messageArrays)%20%2B16%0A%20%20%20Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication%20httpApplication)%20%2B826%0A%20%20%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer%20backEndServer)%20%2B2778%0A%20%20%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()%20%2B20%0A%20%20%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()%20%2B229%0A%20%20%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon%20beacon)%20%2B1379%0A%20%20%20Microsoft.Exchange.HttpProxy.%26lt%3B%26gt%3Bc__DisplayClass3f.%26lt%3BOnCalculateTargetBackEndCompleted%26gt%3Bb__3e()%20%2B311%0A%20%20%20Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate%20tryDelegate%2C%20FilterDelegate%20filterDelegate%2C%20CatchDelegate%20catchDelegate)%20%2B35%0A%20%20%20Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate%20methodDelegate%2C%20LastChanceExceptionHandler%20exceptionHandler)%20%2B121%0A%20%20%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(MethodDelegate%20method)%20%2B69%0A%0A%5BAggregateException%3A%20One%20or%20more%20errors%20occurred.%5D%0A%20%20%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.EndProcessRequest(IAsyncResult%20result)%20%2B416%0A%20%20%20System.Web.CallHandlerExecutionStep.InvokeEndHandler(IAsyncResult%20ar)%20%2B231%0A%20%20%20System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult%20ar)%20%2B172%0A%20%0A%0A%0A--------------------------------------------------------------------------------%0AVersion%20Information%3A%20Microsoft%20.NET%20Framework%20Version%3A4.0.30319%3B%20ASP.NET%20Version%3A4.8.4330.0%20%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2551725%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2551725%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20upgraded%202%20Exchange%202016%20CU20%20servers%20to%20CU21%20and%20then%20installed%20July%202021%20security%20update.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdminDisplayVersion%20after%20reboot%3A%20Version%2015.1%20(Build%202308.8)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20expect%26nbsp%3B%3CSPAN%3E15.1.2308.14%20according%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fnew-features%2Fbuild-numbers-and-release-dates%3Fview%3Dexchserver-2016%23exchange-server-2016%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EExchange%20Server%20build%20numbers%20and%20release%20dates%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2551766%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2551766%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1002635%22%20target%3D%22_blank%22%3E%40Martijn_Westera%3C%2FA%3E%26nbsp%3BAdminDisplayVersion%20shows%20the%20build%20number%20of%20the%20current%20CU%20(2308.8%20--%26gt%3B%20CU21%20in%20your%20case).%26nbsp%3BGet-Command%20Exsetup.exe%20%7C%20ForEach%20%7B%24_.FileVersionInfo%7D%20should%20return%20the%20build%20number%20of%20the%20SU%20for%20the%20CU21%3A%202308.14.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2551801%22%20slang%3D%22de-DE%22%3ESubject%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2551801%22%20slang%3D%22de-DE%22%3E%3CP%3EAfter%20deploying%20KB5004778%20we%20have%20OWA%20%2F%20ECP%20issue%20as%20well%20(Exchange%202012%20CU23)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20Exchange%20Server%20Auth%20Certificate%3CSTRONG%3E%20is%20valid%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EAccessRules%20%3A%20%3CBR%20%2F%3E%20CertificateDomains%20%3A%20%7B%7D%20%3CBR%20%2F%3E%20HasPrivateKey%20%3A%20True%20%3CBR%20%2F%3E%20IsSelfSigned%20%3A%20True%20%3CBR%20%2F%3E%20Issuer%20%3A%20CN%3DMicrosoft%20Exchange%20Server%20Auth%20Certificate%20%3CBR%20%2F%3E%20NotAfter%20%3A%2025.08.2025%2015%3A34%3A30%20%3CBR%20%2F%3E%20NotBefore%20%3A%2025.08.2020%2015%3A34%3A30%20%3CBR%20%2F%3E%20PublicKeySize%20%3A%202048%20%3CBR%20%2F%3E%20RootCAType%20%3A%20None%20%3CBR%20%2F%3E%20Services%20%3A%20SMTP%3CBR%20%2F%3E%3CSTRONG%3EStatus%20%3A%20Valid%3C%2FSTRONG%3E%3CBR%20%2F%3ESubject%20%3A%20CN%3DMicrosoft%20Exchange%20Server%20Auth%20Certificate%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECan't%20access%20OWA%2FEAC%20with%20expired%20OAuth%20certificate%20-%20Exchange%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20Domain%20needs%20to%20be%20entered%20here%3F-DomainName%20%22contoso.com%22%20internal%20Domain%20Name%20sample.local%20%3CSTRONG%3Eor%3C%2FSTRONG%3E%20external%20sample.com%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENew-ExchangeCertificate%20-KeySize%202048%20-PrivateKeyExportable%20%24true%20-SubjectName%20%22cn%3DMicrosoft%20Exchange%20Server%20Auth%20Certificate%22%20-FriendlyName%20%22Microsoft%20Exchange%20Server%20Auth%20Certificate%22%20-DomainName%20%22contoso.com%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%20for%20help%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2551818%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2551818%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22VIiyi%22%3E%3CSPAN%20class%3D%22JLqJ4b%20ChMk0b%22%3E%3CSPAN%3EHello%20everyone%2C%20I%20think%20do%20not%20install%20on%20Exchange%202013%2C%20the%20security%20package%20is%20causing%20problems.%3C%2FSPAN%3E%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22JLqJ4b%20ChMk0b%22%3E%3CSPAN%3EThere%20is%20no%20problem%20in%20Exchange%202016.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2551853%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2551853%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1104331%22%20target%3D%22_blank%22%3E%40Holger_N%3C%2FA%3E%26nbsp%3Bjust%20use%20the%20primary%20SMTP%20domain%20used%20in%20your%20organization.%20It%20doesn't%20matter%20for%20the%20Auth%20Certificate.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2551874%22%20slang%3D%22de-DE%22%3ESubject%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2551874%22%20slang%3D%22de-DE%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%20so%20i%20can%20use%20the%20external%20SMTP%20Domain%20name%20%22.company.com%22%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2551940%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2551940%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1104331%22%20target%3D%22_blank%22%3E%40Holger_N%3C%2FA%3E%26nbsp%3Bif%20company.com%20is%20configured%20as%20accepted%20domain%20it%20should%20be%20good%20to%20use.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2551941%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2551941%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20installed%20Exchange%202013%20CU23%20on%20our%20standalone%20server%20and%20got%20the%20same%20issue%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3EException%20type%3A%20ExAssertException%0AException%20message%3A%20ASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%3C%2FPRE%3E%3CP%3EThe%20Exchange%20Auth%20certificate%20wasn't%20expired%20though.%20Anyway%20I%20tried%20generating%20a%20new%20certificate%20and%20publish%20it.%20It%20didn't%20resolve%20the%20issues.%20Even%20after%202%20hours%20of%20waiting.%3C%2FP%3E%3CP%3EAfter%20all%20(before%20trying%20the%20last%20resort%20option%20to%20uninstall%20CU23)%20I%20tried%20using%20the%20old%20valid%20certificate%20and%20published%20it%20using%20the%20same%20procedure%20as%20described%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%3CP%3EOWA%20and%20ECP%20returned%20back%20to%20life.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20the%20best%20regards%2C%3C%2FP%3E%3CP%3EMarat%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2551987%22%20slang%3D%22de-DE%22%3ESubject%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2551987%22%20slang%3D%22de-DE%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3ESassl%20%40Lukas%3C%2FA%3E%26nbsp%3BJust%20to%20dobble%20check%2C%20we%20can%20use%20this%20(external%20domain)%20in%20the%20middle%20marked%20as%20default%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Holger_N_0-1626352015930.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296106i461CEA5A68E0BFFE%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Holger_N_0-1626352015930.png%22%20alt%3D%22Holger_N_0-1626352015930.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%3C%2FP%3E%3CP%3EAnonymous%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552010%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552010%22%20slang%3D%22en-US%22%3E%3CP%3EProblems%20with%20Schema%20update%20VERSION%20rangeUpper%3B%20Exchange%202013%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20understanding%20is%20that%20the%20rangeUpper%20value%20for%20the%20ms-Exch-Schema-Version-Pt%20attribute%20should%20increment%20from%2015312%20to%2015313.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Feightwone.com%2Freferences%2Fschema-versions%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Feightwone.com%2Freferences%2Fschema-versions%2F%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20installed%20the%20security%20update%20on%20my%20Exchange-server%20and%20run%20the%20schema%20update%20but%20the%20rangeUpper%20value%20is%20staying%20at%2015312.%3C%2FP%3E%3CP%3EThe%20release%20notes%20file%20versions%20entries%20say%20that%20the%20Schemaversion.ldf%20file%20should%20be%20dated%207%2F7%2F21%2C%20size%201%2C905%20bytes.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fdescription-of-the-security-update-for-microsoft-exchange-server-2013-july-13-2021-kb5004778-f532100d-a9c1-4f2c-bc36-baec95881011%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fdescription-of-the-security-update-for-microsoft-exchange-...%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20all%20servers%20I%20have%20run%20the%20security%20update%20but%20the%20Schemaversion.ldf%20file%20is%20staying%20at%2005%2F29%2F19.%3C%2FP%3E%3CP%3EThe%20following%20LDF's%20ARE%20getting%20updated%20although%20they%20are%20dated%2007%2F08%2F21%20rather%20than%20the%2007%2F07%2F21%20listed%20in%20the%20notes%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20else%20have%20the%20same%20problem%3F%3C%2FP%3E%3CP%3EI%20think%20that%20when%20the%20rangeUpper%20is%20still%20the%20old%20version%20Exchange%20is%20still%20vulnerable.......or%20am%20i%20wrong%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552018%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552018%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1104331%22%20target%3D%22_blank%22%3E%40Holger_N%3C%2FA%3E%26nbsp%3Byes%2C%20that%20should%20work.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552019%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552019%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103159%22%20target%3D%22_blank%22%3E%40sasger%3C%2FA%3E....%20We%20experienced%20the%20same%20with%20Exchange%202013.%2020%20nodes.%20We%20recently%20migrated%20to%20O365%20so%20luckily%20no%20mailboxes%20on%20prem%2C%20but%20ECP%20is%20used%20for%20distributed%20IT%20to%20manage%20resources.%20Once%20we%20got%20about%20halfway%20we%20noticed%20the%20OWA%2FECP%20issue.%26nbsp%3B%20We%20halted%20patching%20to%20troubleshoot.%20Tried%20all%20of%20the%20things%20to%20no%20avail.%20Decided%20to%20finish%20patching%20at%20the%20direction%20of%20MS.%20Once%20we%20removed%20the%20servers%20that%20didn't%20have%20the%20patch%20from%20the%20LB%2C%20poof%2C%20the%20issue%20was%20resolved.%26nbsp%3B%20Long%20story%20short%2C%20in%20our%20case%2C%20the%20answer%20was%20to%20finish%20patching.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552278%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552278%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F121508%22%20target%3D%22_blank%22%3E%40PeDe%3C%2FA%3E%26nbsp%3BIn%20case%20where%20you%20are%20unable%20to%20run%20schema%20update%20from%20the%20Exchange%20server%2C%20you%20could%20install%20Exchange%202013%20management%20tools%20using%20CU23%20installation%20media%20on%20a%20workstation%20in%20the%20same%20site%20as%20schema%20master%3B%20then%20install%20July%20SU%20to%20that%20machine%20(this%20will%20lay%20down%20the%20updated%20schema%20files)%20and%20then%20run%20%2Fprepareschema%20on%20that%20workstation.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552284%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552284%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%20ok%20we%20have%20done%20this%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECan't%20access%20OWA%2FEAC%20with%20expired%20OAuth%20certificate%20-%20Exchange%20%7C%20Microsoft%20Docs%3C%2FA%3E%26nbsp%3Bbut%20still%20ran%20into%20OWA%2FECP%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20will%20wait%20some%20hours%20for%20now%2C%20are%20there%20any%20recommendations%20how%20to%20procced%3F%3C%2FP%3E%3CP%3EShall%20we%20wait%20with%20%22%3CSPAN%3EExtend%20the%20Active%20Directory%20schema%22%20as%20well%3F%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Ethanks%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EHolger%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552289%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552289%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1104366%22%20target%3D%22_blank%22%3E%40Yeroen1966%3C%2FA%3E%26nbsp%3BAfter%20installation%20of%20July%20SU%20and%20extension%20of%20schema%2C%20probably%20the%20easiest%20way%20to%20check%20that%20all%20things%20are%20updated%20is%20to%20run%20the%20Exchange%20Health%20Checker%20script%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeHealthChecker%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FExchangeHealthChecker%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552302%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552302%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1104331%22%20target%3D%22_blank%22%3E%40Holger_N%3C%2FA%3E%26nbsp%3BIt%20can%20take%20an%20hour%20or%20so%20for%20the%20Auth%20cert%20to%20be%20published.%20Make%20also%20sure%20to%20restart%20the%20following%20App%20Pools%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERestart-WebAppPool%20MSExchangeOWAAppPool%3CBR%20%2F%3ERestart-WebAppPool%20MSExchangeECPAppPool%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552303%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552303%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3Ewill%20this%20also%20work%20in%20a%20situation%20with%20a%20treedomain%3CBR%20%2F%3Edomain-A.local%20beeing%20forest%20root%20and%20domain-B.local%20beeing%20the%20domain%20in%20which%20the%20Exchange%20resides%3F%3C%2FP%3E%3CP%3ESo%20in%20your%20Tip%20I%20would%20have%20to%20install%20a%20Server%2FWorkstation%20in%20the%20Domain-A.local%20where%20the%20Schemamaster%20resides%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552305%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552305%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F121508%22%20target%3D%22_blank%22%3E%40PeDe%3C%2FA%3E%26nbsp%3BYup!%20That'll%20work!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552307%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552307%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3BThat%20is%20not%20the%20solution.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552343%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552343%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1104366%22%20target%3D%22_blank%22%3E%40Yeroen1966%3C%2FA%3E%26nbsp%3Bthis%20is%20the%20change%20which%20we%20perform%20in%20the%20schema%20with%20the%20latest%20update%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fplan-and-deploy%2Factive-directory%2Fad-schema-changes%3Fview%3Dexchserver-2019%23classes-modified-by-exchange-2019-cu10%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fplan-and-deploy%2Factive-directory%2Fad-schema-changes%3Fview%3Dexchserver-2019%23classes-modified-by-exchange-2019-cu10%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20use%20the%20Health%20Checker%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeHealthChecker%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FExchangeHealthChecker%3C%2FA%3E)%20to%20check%20if%20the%20change%20was%20performed%20properly%20(no%20longer%20vulnerable%20to%20this)%20or%20not%20(vulnerable).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552359%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552359%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3Byes%20we%20ran%20those%20two%20commands%20(they%20are%20part%20of%20this%20as%20well%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECan't%20access%20OWA%2FEAC%20with%20expired%20OAuth%20certificate%20-%20Exchange%20%7C%20Microsoft%20Docs%3C%2FA%3E)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ERestart-WebAppPool%20MSExchangeOWAAppPool%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3ERestart-WebAppPool%20MSExchangeECPAppPool%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWill%20report%20later%20after%20waiting...%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Ethanks%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EHolger%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552400%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552400%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20running%20Exchange%20Server%202013.%20Ran%20the%20updates%20last%20night.%20All%20seemed%20to%20go%20well%20until%20some%20users%20reported%20the%20OWA%20issue%20but%20renewing%20the%20certificate%20resolved%20that.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20I%20run%20the%20HealthChecker%20it%20tells%20me%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3ESecurity%20Vulnerabilities%20CVE-2021-34470%20See%3A%20https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2FCVE-2021-34470%20for%20more%20information.%3C%2FPRE%3E%3CP%3E%26nbsp%3BSo%20did%20some%20digging%20and%20found%20the%20bit%20about%20have%20to%20also%20to%20the%20PrepareSchema.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20I%20try%20to%20run%20Setup.exe%20%2FPrepareSchema%20%2FIAcceptExchangeServerLicenseTerms%26nbsp%3B%20(per%20the%20instructions%20in%20the%20article)%20I%20get%20the%20following%20error%20messages%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3EMicrosoft%20Exchange%20Server%202013%20Cumulative%20Update%2023%20Unattended%20Setup%0A%0APerforming%20Microsoft%20Exchange%20Server%20Prerequisite%20Check%0A%0APrerequisite%20Analysis%20FAILED%0AThe%20Active%20Directory%20schema%20isn't%20up-to-date%2C%20and%20this%20user%20account%20isn't%20a%20member%20of%20the%20'Schema%20Admins'%20and%2For%20'Enterprise%20Admins'%20groups.%0AFor%20more%20information%2C%20visit%3A%20http%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.SchemaUpdateRequired.aspx%3C%2FPRE%3E%3CP%3EI%20have%20tried%20doing%20it%20as%20the%20domain%20admin%20at%20an%20elevated%20command%20prompt.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3ESetup%20encountered%20a%20problem%20while%20validating%20the%20state%20of%20Active%20Directory%3A%0AThe%20Active%20Directory%20schema%20version%20(15317)%20is%20higher%20than%20Setup's%20version%20(15312).%20Therefore%2C%20PrepareSchema%20can't%20be%20executed.%20See%20the%20Exchange%20setup%20log%20for%20more%20information%20on%20this%20error.%0AFor%20more%20information%2C%20visit%3A%20http%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.AdInitErrorRule.aspx%3C%2FPRE%3E%3CP%3EDoes%20that%20mean%20I'm%20patched%20because%20the%20schema%20version%20is%20higher%20than%20necessary%3F%20We%20have%20two%20Server%202016%20domain%20controllers%20and%20two%20Server%202012%20R2%20domain%20controllers%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3EThe%20forest%20functional%20level%20of%20the%20current%20Active%20Directory%20forest%20is%20not%20Windows%20Server%202003%20native%20or%20later.%20To%20install%20Exchange%20Server%202013%2C%20the%20forest%20functional%20level%20must%20be%20at%20least%20Windows%20Server%202003%20native.%0AFor%20more%20information%2C%20visit%3A%20http%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx%3C%2FPRE%3E%3CP%3ETriple%20checked%20this.%20Domain%20functional%20level%20is%20at%3A%20Windows%20Server%202012%20R2%20and%20Forest%20functional%20level%20is%20at%20Windows%20Server%202008%20R2%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3EEither%20Active%20Directory%20doesn't%20exist%2C%20or%20it%20can't%20be%20contacted.%0AFor%20more%20information%2C%20visit%3A%20http%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.CannotAccessAD.aspx%3C%2FPRE%3E%3CP%3EIt%20exists%2C%20and%20I%20would%20guess%20it%20can%20be%20contact%20otherwise%20why%20would%20I%20be%20getting%20the%20error%20message%20about%20the%20schema%20being%20to%20high%20already%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552421%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552421%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20guys%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20also%20like%20to%20report%20issues%20with%20OWA%2FECP%20on%20one%20of%20our%20Exchange%202013%20CU23%20nodes%20after%20installing%26nbsp%3B%3CSPAN%3EKB5004778.%20All%20mentioned%20steps%20(OAuth%20certificate%20replacement%2C%20IIS%20reset%2C%20re-assign%20IIS%20certificate%2C%20Health%20check%20report%20is%20good)%20to%20remedy%20this%20issue%20were%20already%20tried%20without%20success.%20Also%20sharedwebconfigs%20as%20suggested%20on%20one%20of%20the%20forums%20are%20in%20place.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThis%20server%20is%20part%20of%20DAG%20and%20other%20Exchange%20node%20without%26nbsp%3BKB5004778%20is%20working%20just%20fine.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAny%20suggestion%20is%20appreciated.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThank%20you.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552424%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552424%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F560378%22%20target%3D%22_blank%22%3E%40KarolGubani%3C%2FA%3E%26nbsp%3Bwhich%20error%20do%20you%20see%3F%26nbsp%3B%3CEM%3ESession%20expired%3C%2FEM%3E%20or%20the%20http%20500%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552442%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552442%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F61282%22%20target%3D%22_blank%22%3E%40JG%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20Active%20Directory%20schema%20isn't%20up-to-date%2C%20and%20this%20user%20account%20isn't%20a%20member%20of%20the%20%3CSTRONG%3E'Schema%20Admins'%20and%2For%20'Enterprise%20Admins'%3C%2FSTRONG%3E%20groups.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIs%20your%20account%20member%20of%20these%20groups%3F%20You%20need%20to%20be%20a%20member%20to%20update%20the%20schema%20via%20%2FPrepareSchema.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552448%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552448%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAccount%20is%20in%20both%26nbsp%3B%3CSTRONG%3E'Schema%20Admins'%20and%2For%20'Enterprise%20Admins'%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552449%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552449%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F560378%22%20target%3D%22_blank%22%3E%40KarolGubani%3C%2FA%3E%26nbsp%3B%20If%20you%20have%20a%20LB%20in%20front%20of%20your%20DAG%2C%20and%20are%20getting%20redirected%20back%20to%20the%20logon%20screen...%20finish%20applying%20the%20SU%20to%20the%20rest%20of%20the%20Exchange%20servers.%20(I%20am%20assuming%20that%20you%20have%20some%20with%20and%20some%20without%20the%20SU%20at%20the%20moment.)%20That%20solved%20it%20for%20me.%20I%20don't%20think%20that%20helps%20the%20500%20errors%20some%20are%20seeing.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552475%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552475%22%20slang%3D%22en-US%22%3E%3CP%3EOWA%20%2F%20ECP%20does%20not%20work%20(when%20putting%20username%20and%20password%2C%20I%20go%20back%20to%20credentials%20screen%20without%20any%20error%20message)%20in%20my%20Exchange%202013%20CU23%20after%20installing%20KB5004778.%3C%2FP%3E%3CP%3EI%20have%20seen%20that%20I%20have%20to%20Extend%20the%20Active%20Directory%20schema%2C%20but%20I%20have%20a%20question.%20If%20my%20domain%20controllers%20are%20Windows%20Server%202008R2%2C%20can%20I%20do%20the%20schema%20update%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThank%20you.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552495%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552495%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EActually%20it%20doesn't%20give%20any%20errors.%20After%20you%20logged%20in%20vial%20localhost%20ECP%2C%20it%20just%20takes%20you%20back%20to%20login%20screen.%20Yesterday%2C%20when%20we%20applied%20this%20KB%2C%20I%20saw%20couple%20of%20errors%20in%20the%20Application%20event%20log.%20First%20one%20was%20EventID%201309%20and%20Source%26nbsp%3BASP.NET%204.0.30319.0.%20Second%20one%20was%20EventID%26nbsp%3B1003%20and%20source%26nbsp%3BMSExchange%20Front%20End%20HTTP%20Proxy%20(OWA%20and%20ECP).%20But%20they%20seemed%20to%20get%20resolved%20after%20I%20renewed%20OAuth%20certificate.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552512%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552512%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226813%22%20target%3D%22_blank%22%3E%40Joshua%20Davis%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%20Will%20give%20it%20a%20go%20but%20I%20have%20to%20plan%20it%20for%20tomorrow%20cause%20now%20it's%20a%20bit%20late%20to%20do%20that.%20I%20will%20let%20you%20know%20how%20it%20went.%20Thanks%20again.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552533%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552533%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20running%20exchange%20server%202016%20CU%2019%20in%20our%20infra.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDose%20this%20vulnerability%20impact%20all%20versions%20of%20Exchange%202016%20%3F%20Microsoft%20has%20released%20fix%20for%20CU%2020%20%26amp%3B%20CU%2021%20only%20%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20we%20expect%20the%20patch%20to%20be%20released%20for%20CU%2019%20as%20well%26nbsp%3B%20%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552602%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552602%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1104452%22%20target%3D%22_blank%22%3E%40Sharathap%3C%2FA%3E%26nbsp%3BYes%2C%20all%20versions%20are%20impacted%20and%20-%20we%20release%20security%20updates%20only%20for%20supported%20CU%20versions%20and%20that%20is%20why%20you%20see%20only%20CU20%20and%20CU21%20updates.%20We%20will%20not%20be%20releasing%20SUs%20for%20earlier%20CUs.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552607%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552607%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F560378%22%20target%3D%22_blank%22%3E%40KarolGubani%3C%2FA%3E%26nbsp%3Bjust%20finish%20patching%20for%20the%20other%20machines%20in%20the%20LB%20pool%20should%20fix%20the%20behavior%20you%20described.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552624%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552624%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1104364%22%20target%3D%22_blank%22%3E%40jsanz_bs%3C%2FA%3E%26nbsp%3Bare%20the%20machines%20member%20of%20a%20LB%20pool%20with%20a%20mixed%20set%20of%20machines%20(patched%20with%20July%202021%20SU%20%26amp%3B%20not%20patched%20with%20the%20SU)%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552664%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552664%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EExchange%20server%202013%20servers%20(both%20internal%20and%20external)%20are%20on%20Windows%20server%202012R2.%3CBR%20%2F%3EIt%20is%20the%20domain%20controllers%20that%20I%20have%20in%20Windows%20server%202008R2%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552792%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552792%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3Band%20everyone%2C%20now%20ECP%20and%20OWA%20are%20working%20fine%20just%20waited%20and%20after%20around%202%20hours%20OWA%20and%20ECP%20are%20working%20again.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20just%20recommend%20if%20you%20ran%20into%20OWA%2FECP%20issue%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%3C%2FA%3E%3C%2FP%3E%3CP%3E2%3A%20%3CSTRONG%3Ewait%3C%2FSTRONG%3E%20several%20hours%20and%20try%20again%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eshould%20be%20added%20to%20notes%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%3C%2FP%3E%3CP%3EHolger%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2552877%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2552877%22%20slang%3D%22en-US%22%3E%3CP%3EHave%20run%20into%20exact%20same%20issue%20with%20ECP%5COWA%20broken%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20Auth%20Certificate%20was%20missing%20so%20i%20generated%20a%20new%20one%20according%20to%20articles%20mentioned%20and%203%20hours%20later%20i%20am%20yet%20to%20see%20any%20results%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20tested%20with%20one%20server%20uninstalling%20update%20and%20it%20fixes%20issue%20instantly%2C%20i%20did%20try%20also%20another%20server%20the%20uninstall%20but%20unfortunately%20the%20uninstall%20msi%20box%20crashed%20and%20server%20is%20now%20non%20functional%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20has%20a%20test%20environment%20also%20with%20this%20issue%20and%20with%20a%20valid%20Auth%20Certificate%20and%20it%20still%20caused%20this%20error%20and%20restoring%20the%20Auth%20Cert%20with%20same%20thumbprint%20seemed%20to%20fix%20issue%2C%20so%20there%20seems%20to%20be%20many%20use%20cases%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20needs%20to%20be%20raised%20as%20a%20priority%20as%20a%20issue%20as%20it%20seems%20to%20be%20popping%20up%20all%20over%20Reddit%5C%20Twitter%20just%20to%20name%20few%20sources%20and%20we%20need%20some%20sort%20of%20definite%20and%20tested%20fix%20from%20MS%20just%20so%20we%20have%20a%20certain%20path%20-%20or%20pulling%20the%20update%20might%20also%20be%20advised%20until%20it%20can%20be%20investigated%20more%20thoroughly%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20abandoned%20my%20usual%20cautious%20approach%20to%20updates%20with%20all%20the%20bad%20press%20about%20vulnerabilities%20and%20installed%20this%20update%20onto%20a%20few%20servers%20which%20seems%20to%20have%20backfired%20big%20time%20so%20would%20love%20some%20guidance%20from%20the%20Product%20team%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2553093%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2553093%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F210050%22%20target%3D%22_blank%22%3E%40Anthony%20Mazzeo%3C%2FA%3E%26nbsp%3B-%20As%20of%20right%20now%2C%20I%20am%20not%20aware%20of%20the%20need%20to%20pull%20the%20updates%20or%20anything%20like%20that.%20There%20are%20several%20things%20that%20are%20going%20on%20here%2C%20and%20it%20is%20very%20important%20to%20be%20super%20precise%20with%20actual%20errors%20that%20are%20seen.%20I%20have%20been%20replying%20to%20various%20Reddit%20threads%20and%20both%20Lukas%20and%20I%20have%20been%20all%20over%20comments%20here%20on%20the%20blog%20but%20-%20in%20short%20there%20are%203%20major%20buckets%20of%20issues%20related%20to%20OWA%20and%2For%20ECP%20after%20installation%20of%20SUs.%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3ENot%20installing%20manually%20downloaded%20updates%20from%20elevated%20CMD%20prompt.%20All%20discussed%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fclient-connectivity%2Fexchange-security-update-issues%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FLI%3E%0A%3CLI%3EIssues%20with%20OAuth%20certificates.%20This%20is%20actually%20not%20a%20new%20problem%20(it%20has%20been%20discussed%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fyou-can-t-access-owa-or-ecp-after-you-install-exchange-server-2016-cu6-88b3fe67-5f97-a8a2-8ed8-70034ff15761%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ea%20while%20ago%3C%2FA%3E).%20We%20have%20changed%20the%20blog%20post%20to%20include%20all%20the%20steps%20needed%20to%20check%20that%20the%20certificate%20is%20in%20good%20shape%20before%20installing%20SUs%2C%20and%20if%20not%2C%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20is%20the%20article%20to%20follow%3C%2FA%3E.%20But%20yes%20-%20certificate%20propagation%20to%20all%20servers%20can%20take%20some%20time.%3C%2FLI%3E%0A%3CLI%3EIssues%20with%20servers%20that%20are%20a%20part%20of%20some%20sort%20of%20Load%20Balanced%20setup.%20The%20way%20to%20handle%20this%20is%20to%20take%20servers%20out%20of%20the%20LB%20pool%20for%20patching%20and%2For%20apply%20updates%20to%20all%20servers%20in%20the%20LB%20pool%20at%20the%20same%20time%3B%20once%20they%20are%20all%20updated%2C%20issues%20will%20go%20away%20(based%20on%20what%20we%20have%20heard%20from%20customers).%20There%20can%20be%20variability%20here%20because%20variety%20of%203rd%20party%20solutions%20can%20be%20in%20use.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EI%20am%20not%20aware%20of%20other%20scenarios%20that%20cause%20issues%3B%20there%20could%20be%20some%2C%20but%20not%20aware%20of%20anything%20else%20that%20has%20been%20confirmed%20that%20is%20not%20caused%20by%20one%20of%20the%203%20things%20above.%20Errors%20and%20experience%20will%20differ%20slightly%20based%20on%20what%20is%20going%20on.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2553514%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2553514%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EWe%20have%20Exchange%202016%20CU20%20servers%20and%20have%20installed%20July%202021%20security%20updates%20but%20did%20not%20yet%20run%20%2FPrepareSchema%20using%20June%202021%20CUs%20first.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EQuestion1%3A%20can%20we%20update%20the%20schema%20only%20but%20otherwise%20not%20install%20CU21%3F%20Is%20this%20supported%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EQuestion2%3A%20I%E2%80%99ve%20seen%20some%20different%20paths%20referenced%20to%20setup.exe%20-%20if%20we%20do%20only%20apply%20the%20CU21%20schema%20update%2C%20am%20I%20correct%20the%20setup.exe%20to%20be%20used%20is%20the%20one%20in%20the%20CU%E2%80%99s%20mounted%20ISO%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2553619%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2553619%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20to%20add%20some%20variety%20to%20the%20comments.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20just%20successfully%20upgraded%20(1)%20of%20our%20(6)%20Exchange%202019%20Server%20Core%20DAG%20members%20to%20CU10%20(previously%20CU8)%20along%20with%20KB5004780.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E(2)%20of%20the%20(6)%20servers%20host%20passive%20copies%20of%20the%20databases%20and%20sit%20in%20a%20separate%20datacenter.%20(1)%20of%20these%20servers%20were%20used%20to%20test%20these%20updates.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAll%20Exchange%20services%20sit%20behind%20a%20NLB%20(Network%20Load-Balancer).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20process%20went%20as%20follows%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3ERan%20HealthChecker.ps1%20on%20server%2C%20prior%20to%20ugprade%2C%20and%20confirmed%20OAuth%20cetificate%20existed%20and%20was%20not%20expired%3C%2FLI%3E%3CLI%3EAttached%20CU10%20.iso%20to%20Domain%20Controller%20in%20Primary%20AD%20site.%20(Site%20with%20Domain%20Controller%20holding%20FSMO%20roles)%3C%2FLI%3E%3CLI%3EAssigned%20AD%20account%20to%20the%20%22EnterpriseAdmin%22%20and%20%22SchemaAdmin%22%20groups.%26nbsp%3B%3C%2FLI%3E%3CLI%3ERan%20the%20following%20command%20from%20an%20elevated%20command%20prompt%20using%20and%20AD%20account%20with%20the%20above%20group%20memberships%3A%3COL%3E%3CLI%3ED%3A%5CSetup.exe%20%2FPrepareAD%20%2FIAcceptExchangeServerLicenseTerms%3C%2FLI%3E%3C%2FOL%3E%3C%2FLI%3E%3CLI%3EAllowed%20replication%20to%20replicate%20changes%20over%20night.%3C%2FLI%3E%3CLI%3EDisabled%20server%20being%20updated%20in%20NLB.%3C%2FLI%3E%3CLI%3EPlaced%20server%20into%20maintenance%20mode.%3C%2FLI%3E%3CLI%3ERebooted%20server%3C%2FLI%3E%3CLI%3ERan%20the%20following%20command%20from%20an%20elevated%20command%20prompt%20using%20the%20same%20AD%20account%20as%20above%3A%3COL%3E%3CLI%3ED%3A%5CSetup.exe%20%2FIAcceptExchangeServerLicenseTerms%20%2FMode%3AUpgrade%20%2FDomainController%3A%3CFQDN%20of%3D%22%22%20dc%3D%22%22%20in%3D%22%22%20site%3D%22%22%20where%3D%22%22%20server%3D%22%22%20being%3D%22%22%20upgraded%3D%22%22%20sits%3D%22%22%3E%3C%2FFQDN%3E%3C%2FLI%3E%3C%2FOL%3E%3C%2FLI%3E%3CLI%3ERebooted%20server%20after%20CU%20installed.%3C%2FLI%3E%3CLI%3EInstalled%20July%20Windows%20Updates%3C%2FLI%3E%3CLI%3ERebooted%20server%3C%2FLI%3E%3CLI%3EInstalled%20KB5004780%20by%20issuing%20the%20following%20command%20from%20an%20elevated%20command%20prompt%20under%20the%20same%20AD%20account%20as%20above%3A%3COL%3E%3CLI%3EC%3A%5Cmsiexec.exe%20%2Fp%20Exchange2019-KB5004780-x64-en.msp%20%2Fqb%3C%2FLI%3E%3C%2FOL%3E%3C%2FLI%3E%3CLI%3ERebooted%20server%3C%2FLI%3E%3CLI%3ETook%20server%20out%20of%20maintenance%20mode%3C%2FLI%3E%3CLI%3EEnabled%20server%20in%20NLB.%3C%2FLI%3E%3CLI%3EDisabled%20secondary%20Exchange%20server%20in%20NLB%20and%20tested%20access%20to%20updated%20Exchange%20server%20through%20the%20VIP%20on%20NLB.%3CBR%20%2F%3E%3COL%3E%3CLI%3EEx%3A%20192.168.1.1%2Fowa%3C%2FLI%3E%3C%2FOL%3E%3C%2FLI%3E%3CLI%3EConfirmed%20OWA%20loaded%20and%20verified%20connection%20to%20patched%20server%20was%20shown%20in%20statistics%20on%20NLB.%3C%2FLI%3E%3CLI%3EComplete.%3C%2FLI%3E%3C%2FOL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2553751%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2553751%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1104366%22%20target%3D%22_blank%22%3E%40Yeroen1966%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20seeing%20the%20same%20thing%20Yeroen1966%20is%20with%20the%20schema%20update.%20The%20.msp%20patch%20file%20pulled%20down%20through%20Windows%20Update%20contains%20the%20newer%20LDF%20files%20but%20it%20%3CU%3Eonly%20extracted%3C%2FU%3E%20the%20files%20named%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3EPostExchange2000_schema99.ldf%3C%2FP%3E%3CP%3EPostExchange2003_schema99.ldf%3C%2FP%3E%3CP%3EPostWindows2003_schema99.ldf%3C%2FP%3E%3CP%3Eschema99.ldf%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThese%20ldf%20files%20%3CSTRONG%3Edid%20not%20get%20extracted%3C%2FSTRONG%3E%20and%20loaded%3A%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3Eschemaadam.ldf%3C%2FP%3E%3CP%3ESchemaVersion.ldf%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3ESo%20it%20appears%20only%20part%20of%20the%20schema%20got%20updated.%20The%26nbsp%3B%3CA%20title%3D%22Diagnostics%2FHealthChecker%2FHealthChecker.ps1%22%20href%3D%22https%3A%2F%2Fgithub.com%2Fmicrosoft%2FCSS-Exchange%2Fcommit%2Ff6805d578c67bf82f4fda979dd871fa2ea30bf40%23diff-b069450bcfea6a984861d9882318306d28b1012ee10fb0a8c36c37e99d48e496%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EHealthChecker.ps1%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bscript%20also%20doesn't%20seem%20to%20check%20all%20parts%20of%20the%20schema%20so%20it%20gives%20a%20false%20positive%20of%20it%20being%20patched%3F%20Schema%20version%20stays%20at%2015312%20because%20of%20the%20two%20missed%20files.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESo%20do%20we%20manually%20load%20the%20two%20missing%20files%3F%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EEdit%3A%26nbsp%3B%3C%2FSTRONG%3E%20Just%20saw%20the%20note%20added%20about%20the%20schema%20version%20not%20updating%20if%20you%20were%20already%20on%20CU23%20and%20applied%20the%20July%20patch.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2554021%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2554021%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3ERe-Post%20with%20updates%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EWe%20have%20Exchange%202016%20CU20%20servers%20and%20have%20installed%20July%202021%20security%20updates%20but%20did%20not%20yet%20run%20%2FPrepareSchema%20using%20June%202021%20CU21%20yet.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%3EQuestion1%3A%20Can%20we%20update%20the%20schema%20only%20but%20otherwise%20not%20install%20CU21%3F%20Is%20this%20supported%3F%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%3EQuestion2%3A%20I%E2%80%99ve%20seen%20some%20different%20paths%20referenced%20to%20setup.exe%20for%20the%20schema%20update%20-%20if%20we%20do%20only%20apply%20the%20CU21%20schema%20update%2C%20am%20I%20correct%20the%20setup.exe%20to%20be%20used%20is%20the%20one%20in%20CU21's%20mounted%20ISO%3F%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%3EQuestion3%3A%20Assuming%20it%20is%20supported%20to%20only%20update%20the%20schema%20for%20a%202016CU20%20server%20with%20the%20July%202021%20SU's%20installed%20-%20is%20it%20only%20%2FPrepareSchema%20that%20is%20required%3F%20(ie%20we%20don't%20have%20to%20run%20%2FPrepareAD%20or%20%2FPrepareDomain%20until%20we%20are%20ready%20to%20actually%20install%20CU21)%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2554074%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2554074%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1007517%22%20target%3D%22_blank%22%3E%40wazcal%3C%2FA%3E%26nbsp%3BYes%20(it%20is%20supported)%2C%20Yes%20(run%20it%20from%20CU21)%20and%20Yes%20(only%20%2Fprepareschema)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2554112%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2554112%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20noticed%20the%20link%20to%20the%20July%20Patch%20Article%20in%20the%20Security%20Update%20Guide%20goes%20to%20the%20April%202021%20patch%20(5001779)%20and%20not%20the%20July%202021%20(5004779)%20patch%20for%20all%20versions%20except%20Exchange%202016%20CU21%20and%20Exchange%202019%20CU10.%20I%20had%20downloaded%20the%20.msp%20file%20for%20the%20April%20patch%20and%20was%20ready%20to%20install%20tonight%20but%20just%20happened%20to%20notice%20that%20it%20was%20the%20April%20patch%20and%20not%20the%20July%20patch.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3BCan%20you%20please%20get%20the%20right%20links%20on%20the%20Security%20Update%20Guide%3F%20Unless%20I'm%20missing%20something%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22SSemanco_1-1626381600051.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296235i13A9CE37BF7CCFE3%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22SSemanco_1-1626381600051.png%22%20alt%3D%22SSemanco_1-1626381600051.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2554190%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2554190%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1026345%22%20target%3D%22_blank%22%3E%40SSemanco%3C%2FA%3E%26nbsp%3Bthe%20links%20are%20correct...%20but%20I%20understand%20why%20this%20is%20a%20bit%20confusing%20(it%20is%20basically%20a%20documentation%20issue).%20I%20addressed%20this%20question%20on%20Page%201%20in%20comments%2C%20this%20should%20take%20you%20straight%20there%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Freleased-july-2021-exchange-server-security-updates%2Fbc-p%2F2546942%2Fhighlight%2Ftrue%23M30813%22%20target%3D%22_blank%22%3EReleased%3A%20July%202021%20Exchange%20Server%20Security%20Updates%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2554192%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2554192%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20running%20Server%202019%20Core%20and%20Exchange%202019%20CU8.%26nbsp%3B%20I%20installed%20CU10%20and%20all%20seemed%20to%20go%20well.%26nbsp%3B%20I%20tried%20to%20install%20the%20SU%20and%20see%20no%20indication%20it%20actually%20installed.%26nbsp%3B%20I%20am%20running%20powershell%20as%20administrator.%26nbsp%3B%20I%20tried%20running%20just%20the%20name%20of%20the%20file%20and%20it%20went%20through%20the%20GUI%20and%20said%20it%20finished.%26nbsp%3B%20I%20rebooted%20but%20running%20wmic%20qfe%20list%20does%20not%20show%20it%20listed%20as%20installed.%26nbsp%3B%20So%20I%20ran%20the%20file%20with%20%2Fqn%20switch%20and%20after%20a%20long%20time%20the%20server%20rebooted%20itself.%26nbsp%3B%20wnic%20qfe%20still%20does%20not%20show%20it%20installed.%26nbsp%3B%20Any%20clues%20to%20how%20to%20get%20it%20installed%20and%20how%20to%20verify%20it%20is%20installed%3F%26nbsp%3B%20I%20did%20try%20the%20healthchecker%20script%20links%20in%20the%20previous%20posts%20but%20running%20it%20on%20my%20other%20box%20in%20the%20cluster%20it%20reports%20all%20up%20to%20date%20even%20though%20I%20have%20not%20even%20run%20CU10%20in%20it%20yet%2C%20so%20I%20don't%20trust%20that%20script.%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2554193%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2554193%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F584334%22%20target%3D%22_blank%22%3E%40david812%3C%2FA%3E%26nbsp%3Bjust%20use%20the%20Health%20Checker%20script%20with%20the%20-server%20parameter%20and%20pass%20the%20server%20name.%20Make%20sure%20to%20use%20the%20latest%20release%20(aka.ms%2FExchangeHealthChecker)%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3EYou%20can%20also%20run%26nbsp%3BGet-Command%20Exsetup.exe%20%7C%20ForEach%20%7B%24_.FileVersionInfo%7D%20locally.%20Build%20should%20be%26nbsp%3B%3CSPAN%3E15.2.922.13%20for%20E19%20CU10%20%2B%20July%202021%20SU.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2554228%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2554228%22%20slang%3D%22en-US%22%3E%3CP%3EOk.%26nbsp%3B%20the%20%22%3CSPAN%3E%26nbsp%3BGet-Command%20Exsetup.exe%20%7C%20ForEach%20%7B%24_.FileVersionInfo%7D%26nbsp%3B%22%20showed%20the%20correct%20version.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThank%20you%20very%20much%20for%20your%20accurate%26nbsp%3Band%20very%20quick%20reply!!!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2554308%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2554308%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20is%20the%20current%20version%20of%20the%20healthchecker%20script%3F%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2554360%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2554360%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B%20unfortuntately%20its%2010%20hours%20now%20and%20even%20though%20the%20new%20auth%20cert%20seems%20to%20be%20found%20when%20i%20run%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Flibrary%2Fbb124950(v%3Dexchg.160).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EGet-ExchangeCertificate%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E(Get-AuthConfig).CurrentCertificateThumbprint%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20error%20still%20is%20present%20on%20all%20servers%20after%20doing%20iis%20reset%20etc%20and%20steps%20in%20article%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20applied%20update%20through%20normal%20windows%20update%20thus%20not%20needing%20the%20elevated%20prompt%20which%20is%20how%20i%20have%20run%20all%20security%20updates%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20seems%20to%20more%20to%20this%20issue%20than%20doing%20just%20the%20fix%20above%20so%20think%20it%20really%20needs%20some%20extra%20investigation%20due%20to%20the%20volume%20of%20people%20still%20reporting%20it%20-%20ill%20have%20to%20raise%20a%20support%20case%20to%20hopefully%20help%20with%20the%20issue%20as%20i%20have%20only%20found%20uninstalling%20the%20update%20fixes%20the%20issue%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2554652%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2554652%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20multiple%20Exchange%20servers%2C%20should%20I%20install%20the%20July%20SU%20on%3CSTRONG%3E%20ALL%3C%2FSTRONG%3E%20Exchange%202013%20servers%20first%2C%20then%20update%20schema%20at%20last%3F%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20both%20expired%20and%20valid%20Microsoft%20Exchange%20Server%20Auth%20Certificate%20on%20some%20of%20CAS%20servers%2C%20can%20I%20just%20remove%26nbsp%3Bexpired%20one%20%3F%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2555065%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2555065%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F584334%22%20target%3D%22_blank%22%3E%40david812%3C%2FA%3E%26nbsp%3BThe%20latest%20version%20is%3A%26nbsp%3B21.07.13.1221.%20You%20will%20get%20the%20latest%20version%20using%20this%20link%3A%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeHealthChecker%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FExchangeHealthChecker%3C%2FA%3E%26nbsp%3B.%20The%20script%20has%20an%20auto-update%20function.%20If%20you%20run%20it%20on%20a%20computer%20with%20internet%20access%20and%20the%20version%20to%20be%20used%20is%20not%20current%2C%20the%20script%20performs%20an%20update.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F210608%22%20target%3D%22_blank%22%3E%40AADSI%3C%2FA%3E%26nbsp%3Bthe%20Health%20Checker%20does%20not%20check%20the%20schema%20version.%20We%20perform%20testings%20if%20the%20changes%20that%20have%20come%20with%20the%20schema%20update%20have%20been%20applied.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1028131%22%20target%3D%22_blank%22%3E%40fw888888%3C%2FA%3E%26nbsp%3BMake%20sure%20to%20update%20the%20Auth%20certificate%20(as%20outlined%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%3C%2FA%3E).%20Wait%20some%20time%20until%20the%20deployment%20of%20the%20new%20Auth%20certificate%20is%20completed.%20Run%20the%20Health%20Checker%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeHealthChecker%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FExchangeHealthChecker%3C%2FA%3E)%20against%20every%20server%20and%20check%20the%20Auth%20certificate%20(see%3A%20%3CEM%3EInstallation%20Tips%3C%2FEM%3E%20section%20of%20the%20blog%20post).%26nbsp%3BDeploy%20%2F%20install%20the%20July%202021%20Security%20Update%20(SU)%20and%20then%20run%20the%20PrepareSchema.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2555533%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2555533%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226813%22%20target%3D%22_blank%22%3E%40Joshua%20Davis%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20looks%20like%20after%20patching%20the%20second%20node%20and%20extending%20AD%20Schema%2C%20login%20to%20ECP%20and%20OWA%20works%20as%20before.%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2555557%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2555557%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20I%20extend%20the%20AD%20schema%20if%20my%20domain%20controllers%20are%20Windows%20Server%202008R2%3F%3C%2FP%3E%3CP%3EMI%20Exchange%202013%20CU23%20on%20windows%20server%202012r2%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2555613%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2555613%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1104364%22%20target%3D%22_blank%22%3E%40jsanz_bs%3C%2FA%3E%26nbsp%3Byes%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fexchange-2013-system-requirements-exchange-2013-help%23network-and-directory-servers%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fexchange-2013-system-requirements-exchange-2013-help%23network-and-directory-servers%3C%2FA%3E)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2555932%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2555932%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103159%22%20target%3D%22_blank%22%3E%40sasger%3C%2FA%3E%26nbsp%3Bthank%20you%20so%20much%2C%20it%20worked%20for%20me%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2556188%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2556188%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3EGreat%20Success%20%3B)%3C%2Fimg%3E%3CBR%20%2F%3Eit%20worked%20great%2C%20thanks%20for%20your%20hint.%3CBR%20%2F%3EOne%20more%20thing%20we%20stumbled%20upon%20was%20that%20with%20a%20%3CSTRONG%3Efresh%20set%20up%20Server%202012R2%3C%2FSTRONG%3E%20you%20have%20to%20install%20%3CSTRONG%3E.net%204.8%3C%2FSTRONG%3E%20and%20also%26nbsp%3B%20%3CSTRONG%3EC%2B%2B%20Redist%202012%20Update%204%3C%2FSTRONG%3E%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-US%2Fdownload%2Fdetails.aspx%3Fid%3D30679%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fen-US%2Fdownload%2Fdetails.aspx%3Fid%3D30679%3C%2FA%3E%20else%20i%20would%20get%20errors%20like%20%22%3CSTRONG%3ECould%20not%20load%20file%20or%20assembly%20'Microsoft.Exchange.CabUtility.dll'%20or%20one%20of%20its%20dependencies.%20The%20specified%20module%20could%20not%20be%20found.%3C%2FSTRONG%3E%22%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2553247%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2553247%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F181666%22%20target%3D%22_blank%22%3E%40Neill%20Tinlin%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F671989%22%20target%3D%22_blank%22%3E%40pputros%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1104366%22%20target%3D%22_blank%22%3E%40Yeroen1966%3C%2FA%3E%3A%20Same%20problem%20here.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20installed%20the%20security%20update%20for%20exchange%202013%20CU23%20via%20windows%20update.%20There%20seem%20to%20be%20no%20problem%20with%20ECP%2FOWA%20as%20our%20Exchange%20Server%20Auth%20Certificate%20is%20valid.%3C%2FP%3E%3CP%3EAfter%20rebooting%20the%20first%20exchange%20server%20I%20updated%20the%20schema%20with%20an%20account%20that%20is%20schema%20and%20organizational%20admin.%3C%2FP%3E%3CP%3EBefore%20and%20after%20the%20installation%20of%20the%20security%20update%20the%20rangeUpper%20value%20is%2015312.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EIn%20the%20folder%20%22C%3A%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5CV15%5CSetup%5CData%22%20the%20following%20files%20have%20changed%20on%2007%2F08%2F2021%3A%3CBR%20%2F%3EPostExchange2000_schema99.ldf%3CBR%20%2F%3EPostExchange2003_schema99.ldf%3CBR%20%2F%3EPostWindows2003_schema99.ldf%3CBR%20%2F%3Eschema99.ldf%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EIt%20seems%20that%20not%20all%20required%20.ldf-files%20are%20updated%20by%20the%20security%20update.%20I%20downloaded%20and%20unpacked%20the%20.msp-file%20and%20there%20I%20can%20see%20additional%20files%3A%3CBR%20%2F%3Eschemaadam.ldf%3CBR%20%2F%3ESchemaVersion.ldf%20(with%20rangerUpper%20value%20of%2015313)%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EAt%20least%20for%20the%20file%20%22SchemaVersion.ldf%22%20the%20setup%20tries%20to%20execute%20the%20schema%20update%2C%20which%20has%20no%20effect%20as%20the%20files%20never%20gets%20updated%20in%20the%20exchange%20installation%20path.%3CBR%20%2F%3EInstall-ExchangeSchema%20-LdapFileName%20(%24roleInstallPath%20%2B%20%22Setup%5CData%5C%22%20%2B%20%22SchemaVersion.ldf%22)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20you%20confirm%20that%3F%20I%20do%20not%20want%20to%20copy%20the%20missing%20.ldf-files%20manually.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546942%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546942%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F67131%22%20target%3D%22_blank%22%3E%40J%C3%B6rg%20Maletzky%3C%2FA%3E%26nbsp%3B%20-%20the%20tangled%20web%20of%20CVEs%20for%20this%20release%20is%20unfortunate%3B%20here%20is%20the%20bottom%20line%3A%3C%2FP%3E%0A%3CP%3EThere%20are%207%20Exchange%20CVEs%20in%20the%20July%20Release.%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EThree%20of%20the%20CVEs%20were%20fixed%20with%20the%20July%20updates%20(CVE-2021-31196%2C%20CVE-2021-31206%2C%20CVE-2021-33768).%20These%20CVEs%20have%20July%20Packages.%3C%2FLI%3E%0A%3CLI%3EThree%20of%20the%20CVEs%20(CVE-2021-34523%2C%20CVE-2021-34473%2C%20CVE-2021-33766)%20were%20fixed%20in%20April%20but%20CVEs%20were%20not%20released%20until%20July.%20These%20CVEs%20have%20April%20packages%20(fixes%20were%20released%20then%20and%20people%20who%20installed%20them%20were%20protected).%20The%201.0%20revision%20note%20on%20each%20of%20the%20CVEs%20explains%20this.%3C%2FLI%3E%0A%3CLI%3ECVE-2021-34470%20was%20fixed%20in%20the%20June%2029%20Cumulative%20Update%20release%20for%20Exchange%20Server%202019%20and%202016.%20Exchange%20Server%202013%20was%20fixed%20in%20the%20July%20Update%20and%20has%20the%20July%20Package.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3ENow%2C%20while%20CVEs%20are%20a%20bit%20tangled%20up%20because%20of%20April%20omission%20-%20the%20update%20path%20is%20simple%3A%20July%20updates%20%2B%20schema%20update%20(as%20appropriate%20for%20the%20version)%20%3D%20done.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2557854%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2557854%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20afternoon%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe're%20running%20Exchange%20Server%202016%20CU%2020%20on%20-prem%20and%20I've%20just%20run%20the%20setup%20command%20from%20the%20CU21%20.iso%20to%20extend%20the%20Active%20Directory%20schema.%26nbsp%3B%20Installation%20reported%20that%20the%20extension%20had%20completed%20successfully%20but%20when%20I%20check%20the%20object%20versions%20referred%20to%20in%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fplan-and-deploy%2Fprepare-ad-and-domains%3Fview%3Dexchserver-2016%23how-do-you-know-this-worked%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPrepare%20Active%20Directory%20and%20domains%20for%20Exchange%20Server%2C%20Active%20Directory%20Exchange%20Server%2C%20Exchange%20Server%20Active%20Directory%2C%20Exchange%202019%20Active%20Directory%20%7C%20Microsoft%20Docs%3C%2FA%3E%26nbsp%3Bonly%20the%20value%20for%20the%20rangeUpper%20column%20has%20changed%20(to%2015334)%20.%26nbsp%3B%20The%20values%20for%20objectVersion%20(default)%20and%20objectVersion%20(Configuration)%20remain%20at%20their%20CU20%20values%20(13240%20and%2016220%20respectively).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20this%20expected%20behavior%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EScott%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2559063%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2559063%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20running%20CU20%20with%20July2021%20SecurityUpdates.%20As%20I%20have%20read%2C%20I%20now%20have%20to%20update%20the%20Schema%20with%20CU21.%3C%2FP%3E%3CP%3EIs%20it%20sufficient%20to%20only%20run%20this%20command%3A%26nbsp%3BSetup.exe%20%2FPrepareSchema%20%2FIAcceptExchangeServerLicenseTerms%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eor%20do%20I%20have%20to%20run%20all%20of%20the%203%20commands%3F%3C%2FP%3E%3CDIV%20class%3D%22line%20number1%20index0%20alt2%22%3ESetup.exe%20%2FPrepareSchema%20%2FIAcceptExchangeServerLicenseTerms%3C%2FDIV%3E%3CDIV%20class%3D%22line%20number2%20index1%20alt1%22%3ESetup.exe%20%2FPrepareAD%20%2FOrganizationName%3A%22ExchangeOrganisationName%22%20%2FIAcceptExchangeServerLicenseTerms%3C%2FDIV%3E%3CDIV%20class%3D%22line%20number3%20index2%20alt2%22%3ESetup.exe%20%2FPrepareAllDomains%20%2FIAcceptExchangeServerLicenseTerms%3C%2FDIV%3E%3CDIV%20class%3D%22line%20number3%20index2%20alt2%22%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%20class%3D%22line%20number3%20index2%20alt2%22%3ESorry%20for%20asking%2C%20but%20I%20have%20never%20installed%20CUs%20using%20the%20command%20line...%3C%2FDIV%3E%3CDIV%20class%3D%22line%20number3%20index2%20alt2%22%3EAfter%20schema%20update%20(to%20schema%20of%20CU21)%20is%20it%20safe%20to%20stay%20on%20CU20%20for%20a%20while%3F%20We%20don't%20have%20the%20time%20at%20the%20moment%20to%20test%20CU21%20in%20detail.%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2559185%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2559185%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EHi%2C%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EQuestion%3A%3C%2FP%3E%3CP%3EIf%20i%20directly%20install%20Exchange%202016%20CU21%20doing%20prepare%20Schema%20as%20part%20of%20an%20exchange%202010%20to%202016%20upgrade%2C%20i%20this%20enough%20%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSTRONG%3EThanks.%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2557819%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2557819%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20everybody.%3C%2FP%3E%3CP%3EDoes%20anyone%20have%20an%20idea%2C%20what%20should%20be%20the%20path%20for%20Schema%20Update%20in%20our%20configuration%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EExchange%202013%20CU23%20-%20June2021%20SU%3C%2FP%3E%3CP%3EWe%20are%20running%20Hybrid%20scenario%20with%20EXO%2FO365%3C%2FP%3E%3CP%3EBecause%20there%20is%20a%20plan%20to%20upgrade%20and%20migrate%20to%20Exchange%202019%2C%20schema%20was%20already%20updated%20by%20Exchange%202019%20CU9%20binaries%20-%20rangeUpper%2017002%20(yea%2C%20I%20know%20latest%20is%20CU10).%3C%2FP%3E%3CP%3EBut%20only%20schema%20was%20updated%2C%20there%20is%20none%20Exchange%202019%20server%20yet.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20that%20we%20will%20go%20with%20installing%20July%202021%20SU%20for%20exchange%202013%20CU23.%20but%20then%20what%3F%20I%20guess%20we%20should%20not%20run%20schema%20update%20from%20current%20Exch2013%2C%20or%20am%20I%20wrong%3F%20I'm%20really%20confused%20here.%20Does%20it%20mean%20that%20we%20need%20to%20install%20the%20first%20Exchange%202019%20in%20order%20to%20be%20fully%20safe%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3CP%3Eurbandan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546990%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546990%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103240%22%20target%3D%22_blank%22%3E%40Marcel111%3C%2FA%3E%26nbsp%3Bcan%20you%20please%20run%20the%20Exchange%20Health%20Checker%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeHealthChecker%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FExchangeHealthChecker%3C%2FA%3E)%20against%20the%20server%20where%20you%20see%20the%20login%20issue%3F%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhat's%20the%20output%20regarding%20the%20Auth%20Certificate%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2562325%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2562325%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F546578%22%20target%3D%22_blank%22%3E%40gjrodrigo%3C%2FA%3E%26nbsp%3BYes!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2562340%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2562340%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1106110%22%20target%3D%22_blank%22%3E%40Duncan1528%3C%2FA%3E%26nbsp%3BSetup.exe%20%2FPrepareSchema%20%2FIAcceptExchangeServerLicenseTerms%20is%20what%20you%20need%20and%20yes%2C%20it%20is%20safe%20to%20run%20like%20this%20until%20you%20update%20to%20next%20CU.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1105666%22%20target%3D%22_blank%22%3E%40sbeane66%3C%2FA%3E%26nbsp%3BYes%2C%20this%20is%20expected%20because%20you%20just%20ran%20%2Fprepareschema%20and%20schema%20update%2C%20therefore%2C%20got%20increased%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1050442%22%20target%3D%22_blank%22%3E%40urbandan%3C%2FA%3E%26nbsp%3BIf%20you%20already%20extended%20the%20schema%20using%20Exchange%202019%20binaries%2C%20then%20all%20that%20you%20should%20do%20is%20extend%20the%20schema%20using%20the%20latest%20Exchange%202019%20CU%20(CU10)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2562401%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2562401%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%3A%20thx%20a%20lot.%20Actually%20when%20I%20think%20about%20it%2C%20it%20makes%20sense.%20Let's%20do%20that%3C%2FP%3E%3COL%3E%3CLI%3Einstall%20the%20July%202021%20SU%20to%20Exchange%202013%20servers%20and%20then%3C%2FLI%3E%3CLI%3Eexecute%20%22Setup.exe%20%2FPrepareSchema%20%2FIAcceptExchangeServerLicenseTerms%22%20from%20Exchange%202019%20CU10%20binaries%3C%2FLI%3E%3C%2FOL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2562574%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2562574%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20the%20great%20blog%20and%20comments.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20planning%20to%20install%20this%20update%20this%20week%2C%20I%20have%20found%20that%20we%20have%20an%20expired%20OAuth%20certificate.%20Not%20sure%20what%20it%20is%20used%20for%2C%20but%20as%20it%20has%20been%20expired%20for%202%20years%20already%20I%20assume%20that%20it%20was%20not%20really%20necessary.%20I%20do%20not%20want%20to%20end%20up%20in%20the%20OWA%2FECP%20error%20500%2C%20so%20I%20was%20wondering%20if%20it%20would%20be%20a%20good%20idea%20to%20Publish%20a%20new%20certificate%20first%20and%20then%20start%20the%20update.%20Or%20will%20it%20conflict%20%2F%20stop%20publishing%20when%20I%20start%20the%20update%20directly%20after%20the%20publish%20commands%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20plan%20for%20a%20standalone%20Exchange%202013%3A%3C%2FP%3E%3CP%3E1.%20Publish%20new%20certificate%20and%20restart%20AppPools%20%26amp%3B%20IIS.%3C%2FP%3E%3CP%3E2.%20Wait%20about%2015%20minutes.%3C%2FP%3E%3CP%3E3.%20Run%20Windows%20Update%20to%20install%20KB5004778%3C%2FP%3E%3CP%3E4.%20Run%20the%20Schema%20Update%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20this%20make%20any%20sense%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2562614%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2562614%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1107218%22%20target%3D%22_blank%22%3E%40Kokkie%3C%2FA%3E%26nbsp%3Bdeployment%20of%20a%20new%20Auth%20certificate%20takes%20a%20couple%20of%20hours.%20So%2C%20you%20should%20give%20the%20deployment%20process%20some%20time.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI'd%20recommend%20replacing%20the%20certificate%20as%20outlined%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired.%3C%2FA%3E%20After%20that%2C%20wait%20a%20couple%20of%20hours%20(if%20you%20have%20the%20time%2C%20just%20kick%20of%20the%20process%20to%20replace%20the%20certificate%20a%20day%20before%20installing%20the%20update).%20Then%20install%20the%20Security%20Update%20and%20run%20the%20PrepareSchema%20command.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2562791%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2562791%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20followed%20all%20the%20steps%20in%20the%20various%20MS%20discussions%20on%20this%20to%20no%20avail%20-%20OWA%2FECP%20remains%20broken%20on%20my%202013%20Server.%20I%20extended%20the%20schema%2C%20I%20deleted%20and%20re-issued%20the%20auth%20cert%20(which%20was%20still%20valid)%20and%20even%20cleared%20out%20the%20Canary%20Data.%20I%20waited%20for%2024%20Hours.%20Rebooted%20etc%20etc.%20The%20big%20question%20is%3A%20after%20extending%20the%20schema%20as%20required%20can%20I%20still%20safely%20uninstall%20KB5004778%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2562875%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2562875%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3EI%20get%20The%20%3CEM%3EHMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%3C%2FEM%3E%20in%20Event%20Viewer%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2562919%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2562919%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20three%20environments%2C%20where%20Exchange%20Server%202016%20CU19%20is%20running%20with%20installed%20security%20updates%20from%20March%2C%20April%20and%20May.%20To%20install%20the%20July%20security%20updates%2C%20we%20need%20to%20go%20to%20a%20more%20current%20CU.%20CU21%20is%20currently%20not%20an%20option%2C%20since%20we%20faced%20performance%20degradation%20issues%20with%20AMSI%20in%20our%20test%20environment.%20So%20we%20plan%20to%20install%20CU20%20on%20top%20of%20CU19%20for%20now.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ECould%20someone%20clarify%20the%20following%3A%20When%20we%20install%20CU20%2C%20do%20we%20need%20to%20install%20Apr21SU%20and%20May21SU%20prior%20to%20Jul21SU%3F%20Or%20does%20the%20Jul21SU%20already%20contain%20the%20other%20two%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%20for%20your%20advice!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2562927%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2562927%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1107284%22%20target%3D%22_blank%22%3E%40mfacen%3C%2FA%3E%26nbsp%3BYou%20don't%20need%20to%20install%20the%20other%20Security%20Updates%20for%20CU20.%20Just%20install%20the%20July%202021%20SU.%20You%20should%20also%20run%20%2FPrepareSchema%20from%20CU21.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1107264%22%20target%3D%22_blank%22%3E%40DesertSweeper%3C%2FA%3E%26nbsp%3BI've%20dropped%20you%20a%20PM.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2563029%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2563029%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3EI%20see%20in%20the%20log%20file%20of%20the%20health%20checker%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMAPI%20Front%20End%20App%20Pool%20GC%20Mode%3A%20Workstation%20---%20Error%3CBR%20%2F%3ETo%20Fix%20this%20issue%20go%20into%20the%20file%20MSExchangeMapiFrontEndAppPool_CLRConfig.config%20in%20the%20Exchange%20Bin%20directory%20and%20change%20the%20GCServer%20to%20true%20and%20recycle%20the%20MAPI%20Front%20End%20App%20Pool%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20the%20resolution%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2563081%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2563081%22%20slang%3D%22en-US%22%3E%3CP%3EI%20changed%20the%20MSExchangeMapiFrontEndAppPool_CLRConfig.config%20config%20(bin%20directory)%20from%20false%20to%20true%20and%20recycled%20the%20mapi-front-end-pool%20and%20it%20works.%20Thank%20you%20so%20much%20for%20your%20patience%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2563141%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2563141%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELast%20question.%20If%20OWA%2FECP%20breaks%2C%20will%20Outlook%20%2F%20iPhone%20mail%20%2F%20SMTP%20transport%20still%20work%3F%20I%20have%20no%20users%20using%20OWA%20and%20I%20can%20do%20without%20ECP%20while%20fixing%20any%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2563184%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2563184%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1107218%22%20target%3D%22_blank%22%3E%40Kokkie%3C%2FA%3Eit%20only%20affects%20the%20web-services.%20Everything%20else%20continues%20to%20run%20fine%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2563207%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2563207%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1107264%22%20target%3D%22_blank%22%3E%40DesertSweeper%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%20that%20makes%20it%20a%20low%20risk%20for%20me%20if%20it%20breaks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2564431%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2564431%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22lia-message-author-with-avatar%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F584334%22%20target%3D%22_blank%22%3E%40david812%3C%2FA%3E%26nbsp%3BRunning%26nbsp%3B%3CSPAN%3Ewmic%20qfe%2C%20or%26nbsp%3B%3C%2FSPAN%3Erunning%20get-hotfix%20or%20looking%20for%20updates%20in%20WAC%20when%20looking%20for%20installed%20Exchange%20hotfixes%20on%20a%20Windows%202019%20Core%20server%20does%20not%20work%20and%20will%20logically%20lead%20people%20to%20think%20that%20the%20hotfix%20is%20not%20installed.%20This%20is%20not%20a%20problem%20with%20other%20Windows%20Server%20security%20hotfixes%20-%20only%20with%20Exchange%20hotfixes.%3C%2FDIV%3E%3CDIV%20class%3D%22lia-message-author-with-avatar%22%3EThis%20is%20an%20issue%20for%20administrators%2C%20installers%2C%20auditors%20etc.%26nbsp%3B%20Its%20been%20reported%20many%20times%20without%20any%20response%20other%20than%20%22run%20Healthchecker%22%20which%20is%20a%20waste%20of%20time%26nbsp%3B%20when%20you%20or%20someone%20auditing%20the%20system%20who%20knows%20nothing%20about%20Exchange%20and%20its%20idiosyncrasies%20just%20needs%20a%20simple%20answer%20as%20to%20whether%20a%20particular%20hotfix%20has%20been%20installed%20or%20not.%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%3C%2FDIV%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2565252%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2565252%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20others%20have%20stated%20the%20login%20loop%20issue%20with%20servers%20behind%20a%20load%20balancer%20appears%20to%20be%20corrected%20once%20you%20apply%20the%20July%202021%20Security%20Patch%20to%20all%20servers%20in%20the%20load%20balancer.%26nbsp%3B%20This%20morning%20I%20have%20tested%20this%20again%20and%20now%20I%20have%20both%20of%20our%20servers%20running%20Exchange%202016%20CU21%20with%20the%20July%20Security%20Patch.%26nbsp%3B%20So%20far%20I%20have%20not%20noticed%20any%20issues%20logging%20into%20ECP%20or%20OWA%20like%20I%20was%20seeing%20last%20week%20with%20only%20having%20one%20of%20my%20servers%20patched.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2566171%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2566171%22%20slang%3D%22en-US%22%3E%3CP%3EI%20updated%20to%20Exchange%202019%20CU10%20and%20the%20Security%20update%20and%20now%20users%20are%20complain%20of%20OWA%20timing%20out%20quickly.%26nbsp%3B%20I%20checked%20the%20%22ActivityBasedAuthenticationTimeoutInterval%22%20and%20it%20is%20set%20for%206%20hours.%26nbsp%3B%20Any%20ideas%20where%20else%20I%20can%20look%20for%20this%20issue%3F%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2523421%22%20slang%3D%22en-US%22%3EReleased%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2523421%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20has%20released%20security%20updates%20for%20vulnerabilities%20found%20in%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EExchange%20Server%202013%3C%2FLI%3E%0A%3CLI%3EExchange%20Server%202016%3C%2FLI%3E%0A%3CLI%3EExchange%20Server%202019%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EAll%20versions%20(Cumulative%20Update%20levels)%20are%20impacted.%20Updates%20are%20available%20for%20the%20following%20specific%20builds%20of%20Exchange%20Server%3A%3C%2FP%3E%0A%3CP%20style%3D%22background%3A%20%23F0F0F0%3B%20padding%3A%20.5em%3B%20margin%3A%201em%200%201em%200%3B%22%3E%3CFONT%20color%3D%22%23FF0000%22%3E%3CSTRONG%3EIMPORTANT%3A%3C%2FSTRONG%3E%3C%2FFONT%3E%20If%20manually%20installing%20security%20updates%2C%20you%20%3CEM%3Emust%3C%2FEM%3E%20install%20.msp%20from%20elevated%20command%20prompt%20(see%20Known%20Issues%20in%20update%20KB%20article).%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EExchange%20Server%202013%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D103312%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ECU23%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EExchange%20Server%202016%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D103310%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ECU20%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D103311%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ECU21%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EExchange%20Server%202019%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D103308%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ECU9%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D103309%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ECU10%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EThe%20July%202021%20security%20updates%20for%20Exchange%20Server%20address%20vulnerabilities%20responsibly%20reported%20by%20security%20partners%20and%20found%20through%20Microsoft%E2%80%99s%20internal%20processes.%20Although%20we%20are%20not%20aware%20of%20any%20active%20exploits%20in%20the%20wild%2C%20our%20recommendation%20is%20to%20install%20these%20updates%20%3CEM%3Eimmediately%3C%2FEM%3E%20to%20protect%20your%20environment.%3C%2FP%3E%0A%3CP%3EThese%20vulnerabilities%20affect%20on-premises%20Microsoft%20Exchange%20Server%2C%20including%20servers%20used%20by%20customers%20in%20Exchange%20Hybrid%20mode.%20Exchange%20Online%20customers%20are%20already%20protected%20and%20do%20not%20need%20to%20take%20any%20action.%3C%2FP%3E%0A%3CP%3EMore%20details%20about%20specific%20CVEs%20can%20be%20found%20in%20%3CA%20href%3D%22https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESecurity%20Update%20Guide%3C%2FA%3E%20(filter%20on%20Exchange%20Server%20under%20Product%20Family).%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--410653741%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%20id%3D%22toc-hId--410653768%22%3ELatest%20%2FPrepareSchema%20needed%20for%20full%20effect%3C%2FH2%3E%0A%3CP%3EBecause%20of%20additional%20security%20hardening%20work%20for%20CVE-2021-34470%2C%20the%20following%20actions%20should%20be%20taken%20in%20addition%20to%20application%20of%20July%202021%20security%20updates%3A%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22258%22%3E%3CP%3E%3CSTRONG%3EThe%20latest%20version%20of%20Exchange%20installed%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22450%22%3E%3CP%3E%3CSTRONG%3EAdditional%20steps%20needed%20to%20extend%20AD%20schema%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22258%22%3E%3CP%3EExchange%202016%20CU21%20or%20%3CBR%20%2F%3EExchange%202019%20CU10%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22450%22%3E%3CP%3ENothing%3B%20schema%20was%20extended%20during%20installation%20of%20June%202021%20CUs.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22258%22%3E%3CP%3EExchange%202016%20CU20%20or%20%3CBR%20%2F%3EExchange%202019%20CU9%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22450%22%3E%3CP%3EExtend%20the%20schema%20using%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Freleased-june-2021-quarterly-exchange-updates%2Fba-p%2F2459826%22%20target%3D%22_blank%22%3EJune%202021%20CUs%3C%2FA%3E.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22258%22%3E%3CP%3EExchange%202013%20CU23%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22450%22%3E%3CP%3E-%20Install%20July%202021%20Security%20Update%20for%20Exchange%202013%3C%2FP%3E%0A%3CP%3E-%20Extend%20the%20Active%20Directory%20schema%20using%20the%20elevated%20Command%20prompt.%20Command%20will%20be%20similar%20to%20the%20following%3A%3C%2FP%3E%0A%3CP%3E%E2%80%9CSetup.exe%20%2FPrepareSchema%20%2FIAcceptExchangeServerLicenseTerms%E2%80%9D%20using%20the%20setup.exe%20from%20location%20%E2%80%9Cc%3A%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5CV15%5CBin%5Csetup.exe%E2%80%9D%20(use%20the%20folder%20for%20the%20installation%20location%20of%20your%20Exchange%20server)%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ENOTES%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E-%20For%20Exchange%202013%20only%2C%20schema%20version%20will%20%3CEM%3Enot%3C%2FEM%3E%20change%20after%20this.%3C%2FP%3E%0A%3CP%3E-%20In%20case%20of%20Schema%20Master%20existing%20in%20an%20empty%20root%20domain%2C%20consider%20installing%20Exchange%20CU23%20Management%20Tools%20on%20Windows%202012%20R2%20in%20the%20same%20domain%2C%20installing%20July%20SU%20and%20then%20running%20%5Cprepareschema%20from%20that%20workstation.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CH2%20id%3D%22toc-hId-2076859092%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%20id%3D%22toc-hId-2076859065%22%3EKnown%20issues%20in%20July%202021%20security%20updates%3C%2FH2%3E%0A%3CP%3EDuring%20the%20release%20of%20April%202021%20SUs%2C%20we%20received%20some%20reports%20of%20issues%20after%20installation.%20The%20following%20issues%20reported%20for%20April%202021%20SUs%20also%20apply%20to%20July%20SUs%20and%20have%20the%20following%20workarounds%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAdministrator%2FService%20accounts%20ending%20in%20%E2%80%98%24%E2%80%99%20cannot%20use%20the%20Exchange%20Management%20Shell%20or%20access%20ECP.%20The%20only%20workaround%20at%20this%20time%20is%20to%20rename%20Admin%20accounts%20or%20use%20accounts%20with%20no%20%E2%80%98%24%E2%80%99%20at%20the%20end%20of%20the%20name.%3C%2FLI%3E%0A%3CLI%3ESome%20cross-forest%20Free%2FBusy%20relationships%20based%20on%20Availability%20address%20space%20can%20stop%20working%20(depending%20on%20how%20authentication%20was%20configured)%20with%20the%20error%3A%20%3CEM%3E%E2%80%9CThe%20remote%20server%20returned%20an%20error%3A%20(400)%20Bad%20Request.%E2%80%9D%20%3C%2FEM%3EPlease%20see%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2F-400-bad-request-error-during-autodiscover-for-per-user-free-busy-in-a-trusted-cross-forest-topology-a1d6296b-1b2b-4ecd-9ab6-d8637fe20a21%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20KB%20article%3C%2FA%3E%20for%20how%20to%20solve%20this%20problem.%3C%2FLI%3E%0A%3CLI%3ECmdlets%20executed%20against%20the%20Exchange%20Management%20Console%20using%20an%20invoked%20runspace%20might%20fail%20with%20the%20following%20error%20message%3A%26nbsp%3B%3CEM%3EThe%20syntax%20is%20not%20supported%20by%20this%20runspace.%20This%20can%20occur%20if%20the%20runspace%20is%20in%20no-language%20mode.%26nbsp%3B%3C%2FEM%3EPlease%20see%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2F-the-syntax-is-not-supported-by-this-runspace-error-after-installing-april-2021-exchange-security-update-ac2d4e97-62f6-4ad4-9dbb-0ade9b79f599%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20KB%20article%3C%2FA%3E%20for%20more%20information.%3C%2FLI%3E%0A%3CLI%3EInstalling%20June%202021%20Cumulative%20Updates%20for%20Exchange%202016%20or%202019%20might%20fail%20with%20the%20error%3A%26nbsp%3B%3CP%3ESystem.NullReferenceException%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object.%20Please%20see%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fhelp%2F5005319%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20KB%20article%3C%2FA%3E%20for%20resolution.%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3EStarting%20with%20July%202021%20updates%2C%20users%20might%20be%20redirected%20back%20to%20the%20login%20page%20when%20using%20OWA%2FECP%20if%20organization%20uses%20Load%20Balancing.%26nbsp%3BYou%20should%20avoid%20running%20mixed%20pools%20(servers%20with%20the%20latest%20SU%20applied%20together%20with%20servers%20which%20have%20not%20yet%20received%20the%20update).%20Please%20see%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F5005341%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20KB%20article%3C%2FA%3E%20for%20more%20information.%3C%2FLI%3E%0A%3CLI%3EPrior%20to%20installing%20the%20Security%20Update%20(SU)%2C%20we%20recommend%20you%20check%20if%20a%20valid%20Microsoft%20Exchange%20Server%20Auth%20Certificate%20is%20present%20on%20every%20Exchange%20server%20(except%20Edge%20Transport%20servers).%20The%20easiest%20way%20to%20do%20this%20is%20to%20run%20the%20%3CA%20style%3D%22font-family%3A%20inherit%3B%20background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeHealthChecker%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EExchange%20Health%20Checker%3C%2FA%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3E%20and%20check%20for%20the%20Auth%20Certificate%20output%3A%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22July2021SUs03.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296112i971190968320CA45%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22July2021SUs03.jpg%22%20alt%3D%22July2021SUs03.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EYou%20can%20also%20run%20the%20following%20PowerShell%20command%20to%20check%20if%20the%20Auth%20Certificate%20is%20available%20on%20your%20system%3A%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EGet-ExchangeCertificate%20(Get-AuthConfig).CurrentCertificateThumbprint%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EIf%20there%20is%20no%20Auth%20Certificate%20or%20it%20has%20expired%2C%20then%20follow%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Esteps%20outlined%20here%3C%2FA%3E%20to%20configure%20it%20correctly.%3C%2FP%3E%0A%3CP%3EPlease%20note%3A%20In%20some%20environments%2C%20it%20may%20take%20an%20hour%20for%20the%20OAuth%20certificate%20to%20be%20published.%20If%20you%20have%20a%20hybrid%20setup%2C%20you%20have%20to%20run%20the%20Hybrid%20Configuration%20Wizard%20again%20to%20update%20the%20changes%20to%20Azure%20Active%20Directory%20(Azure%20AD).%20If%20this%20certificate%20is%20missing%20or%20is%20expired%2C%20users%20may%20face%20issues%20logging%20in%20to%20OWA%2FECP%20with%20HTTP%20500%20error%20after%20application%20of%20July%20updates.%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F5005341%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EKB%20article%20is%20here%3C%2FA%3E.%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId-2066355988%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%20id%3D%22toc-hId-2066355961%22%3EUpdate%20installation%3C%2FH1%3E%0A%3CP%3EBecause%20of%20the%20recommended%20schema%20update%20requiring%20the%20latest%20set%20of%20June%202021%20CUs%2C%20there%20are%20several%20scenarios%20that%20you%20might%20need%20to%20follow%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22July2021SUs02.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F295605iB0715BE56C4CB1F1%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22July2021SUs02.jpg%22%20alt%3D%22July2021SUs02.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1538049834%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%20id%3D%22toc-hId--1538049861%22%3EInventory%20your%20Exchange%20Servers%20%2F%20determine%20which%20updates%20are%20needed%3C%2FH2%3E%0A%3CP%3EUse%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeHealthChecker%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EExchange%20Server%20Health%20Checker%20script%3C%2FA%3E%20(use%20the%20latest%20release)%20to%20inventory%20your%20servers.%20Running%20this%20script%20will%20tell%20you%20if%20any%20of%20your%20Exchange%20Servers%20are%20behind%20on%20updates%20(CUs%20and%20SUs).%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-949462999%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%20id%3D%22toc-hId-949462972%22%3EUpdate%20to%20the%20latest%20Cumulative%20Update%3C%2FH2%3E%0A%3CP%3EGo%20to%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeUpdateWizard%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FExchangeUpdateWizard%3C%2FA%3E%20and%20choose%20your%20currently%20running%20CU%20and%20your%20target%20CU.%20Then%20click%20the%20%E2%80%9CTell%20me%20the%20steps%E2%80%9D%20button%2C%20to%20get%20directions%20for%20your%20environment.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--857991464%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%20id%3D%22toc-hId--857991491%22%3EIf%20you%20encounter%20errors%20during%20or%20after%20installation%20of%20Exchange%20Server%20updates%3C%2FH2%3E%0A%3CP%3EIf%20you%20encounter%20errors%20during%20installation%2C%20see%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExSetupAssist%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESetupAssist%20script%3C%2FA%3E.%20If%20something%20does%20not%20work%20properly%20after%20updates%2C%20see%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeFAQ%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERepair%20failed%20installations%20of%20Exchange%20Cumulative%20and%20Security%20updates%3C%2FA%3E.%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId--868494568%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%20id%3D%22toc-hId--868494595%22%3EFAQs%3C%2FH1%3E%0A%3CP%3E%3CSTRONG%3E%3CEM%3EMy%20organization%20is%20in%20Hybrid%20mode%20with%20Exchange%20Online.%20Do%20I%20need%20to%20do%20anything%3F%3C%2FEM%3E%3C%2FSTRONG%3E%3CBR%20%2F%3EWhile%20Exchange%20Online%20customers%20are%20already%20protected%2C%20the%20July%202021%20security%20updates%20do%20need%20to%20be%20applied%20to%20your%20on-premises%20Exchange%20Servers%2C%20even%20if%20they%20are%20used%20only%20for%20management%20purposes.%20You%20do%20%3CEM%3Enot%3C%2FEM%3E%20need%20to%20re-run%20the%20Hybrid%20Configuration%20Wizard%20(HCW)%20after%20applying%20updates.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CEM%3EDo%20I%20need%20to%20install%20the%20updates%20on%20%E2%80%98Exchange%20Management%20Tools%20only%E2%80%99%20workstations%3F%3CBR%20%2F%3E%3C%2FEM%3E%3C%2FSTRONG%3EServers%20or%20workstations%20running%20only%20Microsoft%20Exchange%20Management%20Tools%20(no%20Exchange%20services)%20do%20not%20need%20to%20apply%20these%20updates.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CEM%3EInstructions%20seem%20to%20indicate%20that%20for%20Exchange%202013%2C%20we%20should%20extend%20the%20schema%20%3CU%3Eafter%3C%2FU%3E%20July%202021%20SU%20is%20installed%3B%20is%20that%20correct%3F%3C%2FEM%3E%3C%2FSTRONG%3E%3CBR%20%2F%3EYes.%20Because%20we%20did%20not%20release%20an%20Exchange%202013%20Cumulative%20Update%20(CU)%20that%20contains%20the%20new%20schema%20updates%2C%20the%20July%202021%20SU%20package%20updates%20the%20schema%20files%20in%20Exchange%20server%20folders%20when%20July%202021%20SU%20is%20installed.%20That%20is%20why%20once%20those%20files%20are%20updated%20(SU%20is%20installed)%20%E2%80%93%20we%20ask%20you%20to%20go%20and%20explicitly%20update%20the%20schema%20using%20setup%20from%20%5Cv15%5CBin%20folder.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CEM%3EWe%20have%20Exchange%202016%20CU20%20and%202019%20CU9%20servers%20and%20have%20installed%20July%202021%20security%20updates%20but%20did%20not%20run%20%2FPrepareSchema%20using%20June%202021%20CUs%20first.%20Is%20this%20a%20problem%3F%3C%2FEM%3E%3C%2FSTRONG%3E%3CBR%20%2F%3ENo.%20Extension%20of%20AD%20schema%20using%20June%202021%20CU%20is%20really%20a%20separate%20step%20that%20should%20be%20taken%20to%20address%20a%20specific%20CVE.%20There%20is%20no%20dependency%20in%20July%202021%20SUs%20on%20this%20schema%20change%2C%20or%20vice%20versa.%20Just%20make%20sure%20that%20both%20of%20those%20actions%20are%20taken%3B%20order%20is%20not%20important.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EUpdates%20to%20this%20post%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E7%2F20%3A%20Merged%20%22Installation%20tips%22%20section%20into%20%22Known%20issues%22%20section%20and%20provided%20additional%20detail%20and%20links%3C%2FLI%3E%0A%3CLI%3E7%2F19%3A%20Added%20a%20note%20about%20updating%20servers%20in%20a%20Load%20Balancing%20(LB)%20pool%3C%2FLI%3E%0A%3CLI%3E7%2F15%3A%20Added%20a%20clarification%20that%20all%20CU%20levels%20of%20Exchange%20are%20impacted%3B%20we%20only%20release%20security%20updates%20for%20%3CEM%3Elatest%20CUs%20only%3C%2FEM%3E.%20Please%20see%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fwhy-exchange-server-updates-matter%2Fba-p%2F2280770%22%20target%3D%22_self%22%3Ethis%3C%2FA%3E%20for%20more%20information%20on%20update%20cadence.%3C%2FLI%3E%0A%3CLI%3E7%2F15%3A%20Added%20a%20note%20about%20how%20to%20extend%20schema%20in%20a%20root%20domain%20with%20no%20Exchange%20servers.%3C%2FLI%3E%0A%3CLI%3E7%2F15%3A%20Added%20a%20note%20that%20schema%20version%20does%20%3CEM%3Enot%3C%2FEM%3E%20change%20after%20schema%20extension%20if%20Exchange%202013%20Server%20is%20the%20latest%20version%20in%20the%20org.%3C%2FLI%3E%0A%3CLI%3E7%2F15%3A%20Added%20the%20installation%20tips%20section%20and%20moved%20the%20info%20about%20OWA%2FECP%20errors%20there.%3C%2FLI%3E%0A%3CLI%3E7%2F14%3A%20Added%20a%20note%20about%20what%20to%20do%20if%26nbsp%3BOWA%2FECP%20with%20HTTP%20500%20error%20is%20seen%20after%20application%20of%20SUs.%3C%2FLI%3E%0A%3CLI%3E7%2F13%3A%20Clarified%20the%20graphics%20to%20illustrate%20that%20Exchange%20Server%202016%20CU20%20and%20Exchange%20Server%202019%20CU9%20with%20July%20SUs%20are%20not%20'fully'%20updated%20(because%20we%20released%20June%20CUs%20for%20both%20versions).%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22author%22%3EThe%20Exchange%20Team%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2523421%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20releasing%20a%20set%20of%20security%20updates%20for%20Exchange%20Server%202013%2C%202016%20and%202019.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2523421%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnnouncements%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%202013%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%202016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%202019%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESetup%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2562828%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2562828%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1107264%22%20target%3D%22_blank%22%3E%40DesertSweeper%3C%2FA%3E%26nbsp%3Bwhat%20issue%20do%20you%20see%3F%20The%20%3CEM%3EHMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%26nbsp%3B%3C%2FEM%3Eor%20S%3CEM%3Eession%20expired%3C%2FEM%3E%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2564496%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2564496%22%20slang%3D%22en-US%22%3E%3CP%3EOn%20Exchange%202013%3C%2FP%3E%3CP%3Einstalled%20CU23%2C%3C%2FP%3E%3CP%3EOWA%20became%20inaccessible%2C%20replaced%20the%20certificate%2C%20OWA%20becomes%20accessible...%20but...%3C%2FP%3E%3CP%3E%3CSTRONG%3Enoticed%20that%20exchange%20will%20not%20send%20out%20email%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3Ediscovered%20this%20article%20that%20mentions%20the%20schema%20update.%26nbsp%3B%20did%20that.%3C%2FP%3E%3CP%3Eexchange%20will%20not%20send%20e-mail%20outbound.%20%3CSTRONG%3EAny%20new%20email%20composed%20in%20OWA%20gets%20moved%20to%20draft%20and%20not%20sent.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EMultiple%20reboots%2C%20iisrestarts%2C%20service%20restarts....%20nothing%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20right%20now%2C%20the%20main%20issue%20is%20that%20we%20can't%20send%20email.%20We%20think%20we%20are%20seeing%20401%20errors%20in%20the%20logs%20(for%20example)%3A%3CBR%20%2F%3EPOST%20%2Fews%2Fexchange.asmx%20-%20444%20-%20192.168.1.88%20ExchangeInternalEwsClient-EwsStoreDataProvider%2B(ExchangeServicesClient%2F15.00.1497.000)%20-%20401%3CBR%20%2F%3EAny%20suggestions%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2571069%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2571069%22%20slang%3D%22en-US%22%3E%3CP%3ETagging%20to%20follow%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2574214%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2574214%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EWe%20are%20using%20Exchange2013%20CU23%20on%20premise%20and%20have%20an%20hybrid%20environment.%3C%2FP%3E%3CP%3EWe%20updated%20our%20ExchangeServers%20successfully%20and%20now%20we%20are%20trying%20to%20update%20our%20Schema.%20And%20there%20we%20encountered%20a%20problem.%3C%2FP%3E%3CP%3EDuring%20the%20prerequisite%20it%20failed%20at%2096%25.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ECMD%2FSetup%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CEM%3EMicrosoft%20Exchange%20Server%202013%20Cumulative%20Update%2023%20Unattended%20Setup%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EPerforming%20Microsoft%20Exchange%20Server%20Prerequisite%20Check%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EPrerequisite%20Analysis%20FAILED%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EThe%20On-Premises%20test%20failed%20with%20the%20message%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object..%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EFor%20more%20information%2C%20visit%3A%20%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.DidOnPremisesSettingCreatedAnException.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttp%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.DidOnPremisesSettingCreatedAnException.aspx%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CEM%3EThe%20Exchange%20Server%20setup%20operation%20didn't%20complete.%20More%20details%20can%20be%20found%20in%20ExchangeSetup.log%20located%20in%20the%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%3CSYSTEMDRIVE%3E%3A%5CExchangeSetupLogs%20folder.%3C%2FSYSTEMDRIVE%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3Eerror(s)%20in%20Exchangesetuplog%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20Failed%20%5BRule%3ADidOnPremisesSettingCreatedAnException%5D%20%5BMessage%3AThe%20On-Premises%20test%20failed%20with%20the%20message%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object..%5D%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20%5BREQUIRED%5D%20The%20On-Premises%20test%20failed%20with%20the%20message%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object..%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20Help%20URL%3A%20%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.DidOnPremisesSettingCreatedAnException.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttp%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.DidOnPremisesSettingCreatedAnException.aspx%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnfortunally%20there%20is%20no%20information%20on%20the%20Microsoft%20site%20provided%20in%20error%20message.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EIn%20the%20Exchangesetuplog%20we%20see%20also%20this%20message%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20Evaluated%20%5BSetting%3AMicrosoftExchangeSystemObjectsCN%5D%20%5BHasException%3ATrue%5D%20%5BValue%3A%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3ESystem.DirectoryServices.DirectoryServicesCOMException%20(0x8007202B)%3A%20A%20referral%20was%20returned%20from%20the%20server.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3Eat%20System.DirectoryServices.DirectoryEntry.Bind(Boolean%20throwIfFail)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20System.DirectoryServices.DirectoryEntry.Bind()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20System.DirectoryServices.DirectoryEntry.get_AdsObject()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20System.DirectoryServices.DirectorySearcher.FindAll(Boolean%20findMoreThanOne)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.ADProvider.Run(Boolean%20useGC%2C%20String%20directoryEntry%2C%20String%5B%5D%20listOfPropertiesToCollect%2C%20String%20filter%2C%20SearchScope%20searchScope)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Analysis.PrereqAnalysis.%3CCREATEACTIVEDIRECTORYPREREQPROPERTIES%3Eb__120(Result%601%20x)%3C%2FCREATEACTIVEDIRECTORYPREREQPROPERTIES%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Analysis.Builders.SettingBuilder%602.%26lt%3B%26gt%3Bc__DisplayClass1.%3CSETVALUE%3Eb__0(Result%20x)%3C%2FSETVALUE%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5D%20%5BParentValue%3A%22%3CNULL%3E%22%5D%20%5BThread%3A41%5D%20%5BDuration%3A00%3A00%3A46.3759730%5D%3C%2FNULL%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20Finished%20%5BSetting%3AMicrosoftExchangeSystemObjectsCN%5D%20%5BDuration%3A00%3A00%3A46.3759730%5D%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3Eand%20this%20one%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%5B07-22-2021%2007%3A54%3A43.0115%5D%20%5B1%5D%20Evaluated%20%5BSetting%3AIsHybridObjectFoundOnPremises%5D%20%5BHasException%3ATrue%5D%20%5BValue%3A%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EMicrosoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetectionException%3A%20The%20On-Premises%20test%20failed%20with%20the%20message%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object..%20---%26gt%3B%20System.NullReferenceException%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object.%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.TestOnPremisesOrgRelationshipDomainsCrossWithAcceptedDomain(IOnPremisesHybridDetectionCmdlets%20onPremCmdlets)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E---%20End%20of%20inner%20exception%20stack%20trace%20---%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Analysis.PrereqAnalysis.%26lt%3B.ctor%26gt%3Bb__27(Result%601%20x)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Analysis.Builders.SettingBuilder%602.%26lt%3B%26gt%3Bc__DisplayClass1.%3CSETVALUE%3Eb__0(Result%20x)%3C%2FSETVALUE%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3ESystem.NullReferenceException%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object.%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.TestOnPremisesOrgRelationshipDomainsCrossWithAcceptedDomain(IOnPremisesHybridDetectionCmdlets%20onPremCmdlets)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5D%20%5BParentValue%3A%22%3CNULL%3E%22%5D%20%5BThread%3A44%5D%20%5BDuration%3A00%3A00%3A00.8437672%5D%3C%2FNULL%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5B07-22-2021%2007%3A54%3A43.0115%5D%20%5B1%5D%20Finished%20%5BSetting%3AIsHybridObjectFoundOnPremises%5D%20%5BDuration%3A00%3A00%3A00.8437672%5D%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20need%20help%20or%20information%20to%20upgrade%20our%20AD%20schema%20so%20we%20are%20not%20vulnerable%20anymore!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2574347%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2574347%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EWe%20are%20using%20Exchange2013%20CU23%20on%20premise%20and%20have%20an%20hybrid%20environment.%3C%2FP%3E%3CP%3EWe%20updated%20our%20ExchangeServers%20successfully%20and%20now%20we%20are%20trying%20to%20update%20our%20Schema.%20And%20there%20we%20encountered%20a%20problem.%3C%2FP%3E%3CP%3EDuring%20the%20prerequisite%20it%20failed%20at%2096%25.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ECMD%2FSetup%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CEM%3EMicrosoft%20Exchange%20Server%202013%20Cumulative%20Update%2023%20Unattended%20Setup%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EPerforming%20Microsoft%20Exchange%20Server%20Prerequisite%20Check%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EPrerequisite%20Analysis%20FAILED%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EThe%20On-Premises%20test%20failed%20with%20the%20message%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object..%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EFor%20more%20information%2C%20visit%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.DidOnPremisesSettingCreatedAnException.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttp%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.DidOnPremisesSettingCreatedAn...%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CEM%3EThe%20Exchange%20Server%20setup%20operation%20didn't%20complete.%20More%20details%20can%20be%20found%20in%20ExchangeSetup.log%20located%20in%20the%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%3CSYSTEMDRIVE%3E%3A%5CExchangeSetupLogs%20folder.%3C%2FSYSTEMDRIVE%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3Eerror(s)%20in%20Exchangesetuplog%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20Failed%20%5BRule%3ADidOnPremisesSettingCreatedAnException%5D%20%5BMessage%3AThe%20On-Premises%20test%20failed%20with%20the%20message%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object..%5D%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20%5BREQUIRED%5D%20The%20On-Premises%20test%20failed%20with%20the%20message%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object..%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20Help%20URL%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.DidOnPremisesSettingCreatedAnException.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttp%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.DidOnPremisesSettingCreatedAn...%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnfortunally%20there%20is%20no%20information%20on%20the%20Microsoft%20site%20provided%20in%20error%20message.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EIn%20the%20Exchangesetuplog%20we%20see%20also%20this%20message%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20Evaluated%20%5BSetting%3AMicrosoftExchangeSystemObjectsCN%5D%20%5BHasException%3ATrue%5D%20%5BValue%3A%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3ESystem.DirectoryServices.DirectoryServicesCOMException%20(0x8007202B)%3A%20A%20referral%20was%20returned%20from%20the%20server.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3Eat%20System.DirectoryServices.DirectoryEntry.Bind(Boolean%20throwIfFail)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20System.DirectoryServices.DirectoryEntry.Bind()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20System.DirectoryServices.DirectoryEntry.get_AdsObject()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20System.DirectoryServices.DirectorySearcher.FindAll(Boolean%20findMoreThanOne)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.ADProvider.Run(Boolean%20useGC%2C%20String%20directoryEntry%2C%20String%5B%5D%20listOfPropertiesToCollect%2C%20String%20filter%2C%20SearchScope%20searchScope)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Analysis.PrereqAnalysis.%3CCREATEACTIVEDIRECTORYPREREQPROPERTIES%3Eb__120(Result%601%20x)%3C%2FCREATEACTIVEDIRECTORYPREREQPROPERTIES%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Analysis.Builders.SettingBuilder%602.%26lt%3B%26gt%3Bc__DisplayClass1.%3CSETVALUE%3Eb__0(Result%20x)%3C%2FSETVALUE%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5D%20%5BParentValue%3A%22%3CNULL%3E%22%5D%20%5BThread%3A41%5D%20%5BDuration%3A00%3A00%3A46.3759730%5D%3C%2FNULL%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20Finished%20%5BSetting%3AMicrosoftExchangeSystemObjectsCN%5D%20%5BDuration%3A00%3A00%3A46.3759730%5D%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3Eand%20this%20one%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%5B07-22-2021%2007%3A54%3A43.0115%5D%20%5B1%5D%20Evaluated%20%5BSetting%3AIsHybridObjectFoundOnPremises%5D%20%5BHasException%3ATrue%5D%20%5BValue%3A%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EMicrosoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetectionException%3A%20The%20On-Premises%20test%20failed%20with%20the%20message%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object..%20---%26gt%3B%20System.NullReferenceException%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object.%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.TestOnPremisesOrgRelationshipDomainsCrossWithAcceptedDomain(IOnPremisesHybridDetectionCmdlets%20onPremCmdlets)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E---%20End%20of%20inner%20exception%20stack%20trace%20---%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Analysis.PrereqAnalysis.%26lt%3B.ctor%26gt%3Bb__27(Result%601%20x)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Analysis.Builders.SettingBuilder%602.%26lt%3B%26gt%3Bc__DisplayClass1.%3CSETVALUE%3Eb__0(Result%20x)%3C%2FSETVALUE%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3ESystem.NullReferenceException%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object.%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.TestOnPremisesOrgRelationshipDomainsCrossWithAcceptedDomain(IOnPremisesHybridDetectionCmdlets%20onPremCmdlets)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5D%20%5BParentValue%3A%22%3CNULL%3E%22%5D%20%5BThread%3A44%5D%20%5BDuration%3A00%3A00%3A00.8437672%5D%3C%2FNULL%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5B07-22-2021%2007%3A54%3A43.0115%5D%20%5B1%5D%20Finished%20%5BSetting%3AIsHybridObjectFoundOnPremises%5D%20%5BDuration%3A00%3A00%3A00.8437672%5D%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20need%20help%20or%20information%20to%20upgrade%20our%20AD%20schema%20so%20we%20are%20not%20vulnerable%20anymore!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2574368%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2574368%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EWe%20are%20using%20Exchange2013%20CU23%20on%20premise%20and%20have%20an%20hybrid%20environment.%3C%2FP%3E%3CP%3EWe%20updated%20our%20ExchangeServers%20successfully%20and%20now%20we%20are%20trying%20to%20update%20our%20Schema.%20And%20there%20we%20encountered%20a%20problem.%3C%2FP%3E%3CP%3EDuring%20the%20prerequisite%20it%20failed%20at%2096%25.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ECMD%2FSetup%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CEM%3EMicrosoft%20Exchange%20Server%202013%20Cumulative%20Update%2023%20Unattended%20Setup%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EPerforming%20Microsoft%20Exchange%20Server%20Prerequisite%20Check%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EPrerequisite%20Analysis%20FAILED%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EThe%20On-Premises%20test%20failed%20with%20the%20message%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object..%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EFor%20more%20information%2C%20visit%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.DidOnPremisesSettingCreatedAnException.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttp%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.DidOnPremisesSettingCreatedAn...%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CEM%3EThe%20Exchange%20Server%20setup%20operation%20didn't%20complete.%20More%20details%20can%20be%20found%20in%20ExchangeSetup.log%20located%20in%20the%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%3CSYSTEMDRIVE%3E%3A%5CExchangeSetupLogs%20folder.%3C%2FSYSTEMDRIVE%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3Eerror(s)%20in%20Exchangesetuplog%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20Failed%20%5BRule%3ADidOnPremisesSettingCreatedAnException%5D%20%5BMessage%3AThe%20On-Premises%20test%20failed%20with%20the%20message%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object..%5D%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20%5BREQUIRED%5D%20The%20On-Premises%20test%20failed%20with%20the%20message%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object..%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20Help%20URL%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.DidOnPremisesSettingCreatedAnException.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttp%3A%2F%2Ftechnet.microsoft.com%2Flibrary(EXCHG.150)%2Fms.exch.setupreadiness.DidOnPremisesSettingCreatedAn...%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnfortunally%20there%20is%20no%20information%20on%20the%20Microsoft%20site%20provided%20in%20error%20message.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20need%20help%20or%20information%20to%20upgrade%20our%20AD%20schema%20so%20we%20are%20not%20vulnerable%20anymore!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2575004%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2575004%22%20slang%3D%22en-US%22%3E%3CP%20data-unlink%3D%22true%22%3EHi%2C%20i%20have%20Exchange%20Server%202013%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3ECU23%26nbsp%3Bon%20Windows%20Server%202012%20R2%26nbsp%3B%20and%20AD%20on%20Windows%20Server%202012%20R2.%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EI%20installed%20SU%20KB5004778%20using%20Microsoft%20Update.%20After%20the%20update%2C%20ECP%20%5C%20OWA%20-%20httpCode%20%3D%20500%20does%20not%20work.%20First%20of%20all%2C%20I%20checked%20the%20certificate%20with%20the%20command%3A%3C%2FP%3E%3CPRE%3EGet-ExchangeCertificate%20(Get-AuthConfig).CurrentCertificateThumbprint%3C%2FPRE%3E%3CP%3EThe%20certificate%20was%20not%20found.%20I%20updated%20it%2C%20installed%20it%20according%20to%20the%20article%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%3C%2FA%3E%20.%3CBR%20%2F%3EWhen%20the%20command%3A%26nbsp%3B%3C%2FP%3E%3CPRE%3ESet-AuthConfig%20-NewCertificateThumbprint%20%26lt%3BThumbprintFromStep1%26gt%3B%20-NewCertificateEffectiveDate%20(Get-Date)%3C%2FPRE%3E%3CP%3Ewas%20executed%2C%20I%20received%20a%20notification%3A%3CBR%20%2F%3E%22The%20validity%20date%20of%20the%20new%20certificate%20does%20not%20come%20at%20least%20after%20%2248%22%20hours%20and%20may%20not%20be%20available%20for%20deployment%20on%20all%20required%20servers.%20Proceed%3F%22%20-%20I%20confirmed.%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%204%20hours%20ECP%20%5C%20OWA%20does%20not%20work.%3C%2FP%3E%3CP%3E%3CSPAN%3EIn%20the%20event%20log%2C%20every%20time%20you%20try%20to%20log%20in%20to%20ECP%20%5C%20OWA%2C%20the%20following%20events%20appear%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%26nbsp%3BSource%3A%26nbsp%3BASP.NET%204.0.30319.0%26nbsp%3B%20EventID%3A%201309%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22lia-spoiler-container%22%3E%3CA%20class%3D%22lia-spoiler-link%22%20href%3D%22%23%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ESpoiler%3C%2FA%3E%3CNOSCRIPT%3E(Highlight%20to%20read)%3C%2FNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-border%22%3E%3CDIV%20class%3D%22lia-spoiler-content%22%3E%3CP%3EEvent%20code%3A%203005%3CBR%20%2F%3EEvent%20message%3A%20An%20unhandled%20exception%20has%20occurred.%3CBR%20%2F%3EEvent%20time%3A%2022.07.2021%2018%3A32%3A24%3CBR%20%2F%3EEvent%20time%20(UTC)%3A%2022.07.2021%2011%3A32%3A24%3CBR%20%2F%3EEvent%20ID%3A%20723762ba2fd0427fa4d182db21bad221%3CBR%20%2F%3EEvent%20sequence%3A%2056%3CBR%20%2F%3EEvent%20occurrence%3A%2017%3CBR%20%2F%3EEvent%20detail%20code%3A%200%3CBR%20%2F%3E%3CBR%20%2F%3EApplication%20information%3A%3CBR%20%2F%3EApplication%20domain%3A%20%2FLM%2FW3SVC%2F1%2FROOT%2Fowa-2-132714267063136299%3CBR%20%2F%3ETrust%20level%3A%20Full%3CBR%20%2F%3EApplication%20Virtual%20Path%3A%20%2Fowa%3CBR%20%2F%3EApplication%20Path%3A%20C%3A%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5CV15%5CFrontEnd%5CHttpProxy%5Cowa%5C%3CBR%20%2F%3EMachine%20name%3A%20EXCHANGE%3CBR%20%2F%3E%3CBR%20%2F%3EProcess%20information%3A%3CBR%20%2F%3EProcess%20ID%3A%2012140%3CBR%20%2F%3EProcess%20name%3A%20w3wp.exe%3CBR%20%2F%3EAccount%20name%3A%20NT%20AUTHORITY%5C%D0%A1%D0%98%D0%A1%D0%A2%D0%95%D0%9C%D0%90%3CBR%20%2F%3E%3CBR%20%2F%3EException%20information%3A%3CBR%20%2F%3EException%20type%3A%20ExAssertException%3CBR%20%2F%3EException%20message%3A%20ASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String%20formatString%2C%20Object%5B%5D%20parameters)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte%5B%5D%5B%5D%20messageArrays)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication%20httpApplication)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer%20backEndServer)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon%20beacon)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.%26lt%3B%26gt%3Bc__DisplayClass3f.%3CONCALCULATETARGETBACKENDCOMPLETED%3Eb__3e()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate%20tryDelegate%2C%20FilterDelegate%20filterDelegate%2C%20CatchDelegate%20catchDelegate)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate%20methodDelegate%2C%20LastChanceExceptionHandler%20exceptionHandler)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(MethodDelegate%20method)%3C%2FONCALCULATETARGETBACKENDCOMPLETED%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3ERequest%20information%3A%3CBR%20%2F%3ERequest%20URL%3A%20%3CA%20href%3D%22https%3A%2F%2Flocalhost%3A443%2FOWA%2Fauth.owa%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Flocalhost%3A443%2FOWA%2Fauth.owa%3C%2FA%3E%3CBR%20%2F%3ERequest%20path%3A%20%2FOWA%2Fauth.owa%3CBR%20%2F%3EUser%20host%20address%3A%20%3A%3A1%3CBR%20%2F%3EUser%3A%20MYDOMAIN%5CHealthMailboxc8d513b%3CBR%20%2F%3EIs%20authenticated%3A%20True%3CBR%20%2F%3EAuthentication%20Type%3A%20Basic%3CBR%20%2F%3EThread%20account%20name%3A%20NT%20AUTHORITY%5C%D0%A1%D0%98%D0%A1%D0%A2%D0%95%D0%9C%D0%90%3CBR%20%2F%3E%3CBR%20%2F%3EThread%20information%3A%3CBR%20%2F%3EThread%20ID%3A%2050%3CBR%20%2F%3EThread%20account%20name%3A%20NT%20AUTHORITY%5C%D0%A1%D0%98%D0%A1%D0%A2%D0%95%D0%9C%D0%90%3CBR%20%2F%3EIs%20impersonating%3A%20False%3CBR%20%2F%3EStack%20trace%3A%20%D0%B2%20Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String%20formatString%2C%20Object%5B%5D%20parameters)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte%5B%5D%5B%5D%20messageArrays)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication%20httpApplication)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer%20backEndServer)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon%20beacon)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.%26lt%3B%26gt%3Bc__DisplayClass3f.%3CONCALCULATETARGETBACKENDCOMPLETED%3Eb__3e()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate%20tryDelegate%2C%20FilterDelegate%20filterDelegate%2C%20CatchDelegate%20catchDelegate)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate%20methodDelegate%2C%20LastChanceExceptionHandler%20exceptionHandler)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(MethodDelegate%20method)%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3ECustom%20event%20details%3A%3C%2FONCALCULATETARGETBACKENDCOMPLETED%3E%3C%2FP%3E%3C%2FDIV%3E%3CNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-noscript-container%22%3E%3CDIV%20class%3D%22lia-spoiler-noscript-content%22%3EEvent%20code%3A%203005Event%20message%3A%20An%20unhandled%20exception%20has%20occurred.Event%20time%3A%2022.07.2021%2018%3A32%3A24Event%20time%20(UTC)%3A%2022.07.2021%2011%3A32%3A24Event%20ID%3A%20723762ba2fd0427fa4d182db21bad221Event%20sequence%3A%2056Event%20occurrence%3A%2017Event%20detail%20code%3A%200Application%20information%3AApplication%20domain%3A%20%2FLM%2FW3SVC%2F1%2FROOT%2Fowa-2-132714267063136299Trust%20level%3A%20FullApplication%20Virtual%20Path%3A%20%2FowaApplication%20Path%3A%20C%3A%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5CV15%5CFrontEnd%5CHttpProxy%5Cowa%5CMachine%20name%3A%20EXCHANGEProcess%20information%3AProcess%20ID%3A%2012140Process%20name%3A%20w3wp.exeAccount%20name%3A%20NT%20AUTHORITY%5C%D0%A1%D0%98%D0%A1%D0%A2%D0%95%D0%9C%D0%90Exception%20information%3AException%20type%3A%20ExAssertExceptionException%20message%3A%20ASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%D0%B2%20Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String%20formatString%2C%20Object%5B%5D%20parameters)%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte%5B%5D%5B%5D%20messageArrays)%D0%B2%20Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication%20httpApplication)%D0%B2%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer%20backEndServer)%D0%B2%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon%20beacon)%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.%26lt%3B%26gt%3Bc__DisplayClass3f.%3CONCALCULATETARGETBACKENDCOMPLETED%3Eb__3e()%D0%B2%20Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate%20tryDelegate%2C%20FilterDelegate%20filterDelegate%2C%20CatchDelegate%20catchDelegate)%D0%B2%20Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate%20methodDelegate%2C%20LastChanceExceptionHandler%20exceptionHandler)%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(MethodDelegate%20method)Request%20information%3ARequest%20URL%3A%20%3CA%20href%3D%22https%3A%2F%2Flocalhost%3A443%2FOWA%2Fauth.owaRequest%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Flocalhost%3A443%2FOWA%2Fauth.owaRequest%3C%2FA%3E%20path%3A%20%2FOWA%2Fauth.owaUser%20host%20address%3A%20%3A%3A1User%3A%20MYDOMAIN%5CHealthMailboxc8d513bIs%20authenticated%3A%20TrueAuthentication%20Type%3A%20BasicThread%20account%20name%3A%20NT%20AUTHORITY%5C%D0%A1%D0%98%D0%A1%D0%A2%D0%95%D0%9C%D0%90Thread%20information%3AThread%20ID%3A%2050Thread%20account%20name%3A%20NT%20AUTHORITY%5C%D0%A1%D0%98%D0%A1%D0%A2%D0%95%D0%9C%D0%90Is%20impersonating%3A%20FalseStack%20trace%3A%20%D0%B2%20Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String%20formatString%2C%20Object%5B%5D%20parameters)%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte%5B%5D%5B%5D%20messageArrays)%D0%B2%20Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication%20httpApplication)%D0%B2%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer%20backEndServer)%D0%B2%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon%20beacon)%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.%26lt%3B%26gt%3Bc__DisplayClass3f.%3CONCALCULATETARGETBACKENDCOMPLETED%3Eb__3e()%D0%B2%20Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate%20tryDelegate%2C%20FilterDelegate%20filterDelegate%2C%20CatchDelegate%20catchDelegate)%D0%B2%20Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate%20methodDelegate%2C%20LastChanceExceptionHandler%20exceptionHandler)%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.CallThreadEntranceMethod(MethodDelegate%20method)Custom%20event%20details%3A%3C%2FONCALCULATETARGETBACKENDCOMPLETED%3E%3C%2FONCALCULATETARGETBACKENDCOMPLETED%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FNOSCRIPT%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3ESource%3A%26nbsp%3BMSExchange%20Front%20End%20HTTP%20Proxy%2C%26nbsp%3BEventID%3A%201003%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22lia-spoiler-container%22%3E%3CA%20class%3D%22lia-spoiler-link%22%20href%3D%22%23%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ESpoiler%3C%2FA%3E%3CNOSCRIPT%3E(Highlight%20to%20read)%3C%2FNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-border%22%3E%3CDIV%20class%3D%22lia-spoiler-content%22%3E%5BOwa%5D%20An%20internal%20server%20error%20occurred.%20The%20unhandled%20exception%20was%3A%20Microsoft.Exchange.Diagnostics.ExAssertException%3A%20ASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String%20formatString%2C%20Object%5B%5D%20parameters)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte%5B%5D%5B%5D%20messageArrays)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication%20httpApplication)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer%20backEndServer)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon%20beacon)%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.%26lt%3B%26gt%3Bc__DisplayClass3f.%3CONCALCULATETARGETBACKENDCOMPLETED%3Eb__3e()%3CBR%20%2F%3E%D0%B2%20Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate%20tryDelegate%2C%20FilterDelegate%20filterDelegate%2C%20CatchDelegate%20catchDelegate)%3C%2FONCALCULATETARGETBACKENDCOMPLETED%3E%3C%2FDIV%3E%3CNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-noscript-container%22%3E%3CDIV%20class%3D%22lia-spoiler-noscript-content%22%3E%5BOwa%5D%20An%20internal%20server%20error%20occurred.%20The%20unhandled%20exception%20was%3A%20Microsoft.Exchange.Diagnostics.ExAssertException%3A%20ASSERT%3A%20HMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%D0%B2%20Microsoft.Exchange.Diagnostics.ExAssert.AssertInternal(String%20formatString%2C%20Object%5B%5D%20parameters)%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.GetCertificates()%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.GetHmacProvider()%D0%B2%20Microsoft.Exchange.Clients.Common.HmacProvider.ComputeHmac(Byte%5B%5D%5B%5D%20messageArrays)%D0%B2%20Microsoft.Exchange.HttpProxy.FbaModule.SetCadataCookies(HttpApplication%20httpApplication)%D0%B2%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.HandleFbaFormPost(BackEndServer%20backEndServer)%D0%B2%20Microsoft.Exchange.HttpProxy.FbaFormPostProxyRequestHandler.ShouldContinueProxy()%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.BeginProxyRequestOrRecalculate()%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon%20beacon)%D0%B2%20Microsoft.Exchange.HttpProxy.ProxyRequestHandler.%26lt%3B%26gt%3Bc__DisplayClass3f.%3CONCALCULATETARGETBACKENDCOMPLETED%3Eb__3e()%D0%B2%20Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate%20tryDelegate%2C%20FilterDelegate%20filterDelegate%2C%20CatchDelegate%20catchDelegate)%3C%2FONCALCULATETARGETBACKENDCOMPLETED%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FNOSCRIPT%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20tried%20the%20recommendations%20of%20the%20article%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fru-ru%2Fexchange%2Ftroubleshoot%2Fclient-connectivity%2Fevent-1309-code-3005-cannot-access-owa-ecp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fru-ru%2Fexchange%2Ftroubleshoot%2Fclient-connectivity%2Fevent-1309-code-3005-cannot-access-owa-ecp%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20did%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CPRE%3ESetup.exe%20%2F%20PrepareSchema%20%2F%20IAcceptExchangeServerLicenseTerms%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%D0%A1heck%20HealthChecker.ps1%20returned%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22lia-spoiler-container%22%3E%3CA%20class%3D%22lia-spoiler-link%22%20href%3D%22%23%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ESpoiler%3C%2FA%3E%3CNOSCRIPT%3E(Highlight%20to%20read)%3C%2FNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-border%22%3E%3CDIV%20class%3D%22lia-spoiler-content%22%3EValid%20Auth%20Certificate%20Found%20On%20Server%3A%20True%3CBR%20%2F%3ESMB1%20Installed%3A%20True%3CBR%20%2F%3ESMB1%20Blocked%3A%20False%3CBR%20%2F%3ESMB1%20should%20be%20uninstalled%20SMB1%20should%20be%20blocked%3CBR%20%2F%3EMore%20Information%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-and-smbv1%2Fba-p%2F1165615%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-and-smbv1%2Fba-p%2F1165615%3C%2FA%3E%3CBR%20%2F%3ESecurity%20Vulnerability%3A%20CVE-2021-34470%3CBR%20%2F%3ESee%3A%20%3CA%20href%3D%22https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2FCVE-2021-34470%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2FCVE-2021-34470%3C%2FA%3E%20for%20more%20information.%3C%2FDIV%3E%3CNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-noscript-container%22%3E%3CDIV%20class%3D%22lia-spoiler-noscript-content%22%3EValid%20Auth%20Certificate%20Found%20On%20Server%3A%20TrueSMB1%20Installed%3A%20TrueSMB1%20Blocked%3A%20FalseSMB1%20should%20be%20uninstalled%20SMB1%20should%20be%20blockedMore%20Information%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-and-smbv1%2Fba-p%2F1165615Security%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-and-smbv1%2Fba-p%2F1165615Security%3C%2FA%3E%20Vulnerability%3A%20CVE-2021-34470See%3A%20%3CA%20href%3D%22https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2FCVE-2021-34470%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2FCVE-2021-34470%3C%2FA%3E%20for%20more%20information.%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FNOSCRIPT%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3EFull%20report%20i%20can%20send%20to%20message.%26nbsp%3BWhat%20can%20I%20do%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2575204%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2575204%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1110001%22%20target%3D%22_blank%22%3E%40ExpertNSK%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EAfter%20you%20set%20(and%20confirmed%20the%20prompt)%20of%20the%20new%20certificate%20thumbprint%2C%20you%20also%20need%20to%20publish%20the%20AuthConfig%20certificate%20to%20all%20of%20the%20Exchange%20servers%2C%20as%20well%20as%20clear%20out%20the%20previous%20certificate.%20First%20run%20an%20FL%20in%20powershell%20so%20you%20have%20a%20snapshot%20of%20the%20current%20settings%3A%3CBR%20%2F%3E%3CBR%20%2F%3EGet-AuthConfig%20%7C%20FL%3CBR%20%2F%3E%3CBR%20%2F%3EMake%20sure%20the%20current%20thumbprint%20field%20shows%20the%20new%20certificate%20then%20run%3A%3CBR%20%2F%3ESet-AuthConfig%20-PublishCertificate%3CBR%20%2F%3E%3CBR%20%2F%3EAfter%20that%2C%20you%20should%20run%3A%3CBR%20%2F%3ESet-AuthConfig%20-ClearPreviousCertificate%3CBR%20%2F%3E%3CBR%20%2F%3EThen%20run%20another%20snapshot%20to%20confirm%20that%20the%20previous%20certificate%20field%20is%20gone%3A%3CBR%20%2F%3EGet-AuthConfig%20%7C%20FL%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2575237%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2575237%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1085386%22%20target%3D%22_blank%22%3E%40JoshGardner%3C%2FA%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EYes.%20after%20command%3A%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CPRE%3ESet-AuthConfig%20-NewCertificateThumbprint%20%26lt%3BThumbprintFromStep1%26gt%3B%20-NewCertificateEffectiveDate%20(Get-Date)%3C%2FPRE%3E%3CP%3Ei%20did%20commands%3A%26nbsp%3B%3C%2FP%3E%3CPRE%3ESet-AuthConfig%20-PublishCertificate%0ASet-AuthConfig%20-ClearPreviousCertificate%3C%2FPRE%3E%3CP%3E%3CSPAN%3Eand%26nbsp%3BIISReset.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%3ENow%20command%26nbsp%3BGet-AuthConfig%20%7C%20FL%26nbsp%3B%20-%20return%3A%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%20class%3D%22lia-spoiler-container%22%3E%3CA%20class%3D%22lia-spoiler-link%22%20href%3D%22%23%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ESpoiler%3C%2FA%3E%3CNOSCRIPT%3E(Highlight%20to%20read)%3C%2FNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-border%22%3E%3CDIV%20class%3D%22lia-spoiler-content%22%3ERunspaceId%20%3A%20569af6a9-5855-4a5c-a08a-1db541958cbb%3CBR%20%2F%3ECurrentCertificateThumbprint%20%3A%2076CECC370D75297*****%3CBR%20%2F%3EPreviousCertificateThumbprint%20%3A%3CBR%20%2F%3ENextCertificateThumbprint%20%3A%3CBR%20%2F%3ENextCertificateEffectiveDate%20%3A%3CBR%20%2F%3EServiceName%20%3A%2000000002-0000-0ff1-ce00-000000000000%3CBR%20%2F%3ERealm%20%3A%3CBR%20%2F%3EName%20%3A%20Auth%20Configuration%3CBR%20%2F%3EAdminDisplayName%20%3A%3CBR%20%2F%3EExchangeVersion%20%3A%200.20%20(15.0.0.0)%3CBR%20%2F%3EDistinguishedName%20%3A%20CN%3DAuth%20Configuration%2CCN%3DFirst%20Organization%2CCN%3DMicrosoft%20Exchange%2CCN%3DServices%2CCN%3DConfiguration%2CDC%3Dmydomain%2CDC%3Dlocal%3CBR%20%2F%3EIdentity%20%3A%20Auth%20Configuration%3CBR%20%2F%3EGuid%20%3A%20f5994286-9035-4233-a1dd-b00bee367c31%3CBR%20%2F%3EObjectCategory%20%3A%20nsksan.local%2FConfiguration%2FSchema%2Fms-Exch-Auth-Auth-Config%3CBR%20%2F%3EObjectClass%20%3A%20%7Btop%2C%20container%2C%20msExchContainer%2C%20msExchAuthAuthConfig%7D%3CBR%20%2F%3EWhenChanged%20%3A%2022.07.2021%2018%3A24%3A26%3CBR%20%2F%3EWhenCreated%20%3A%2011.09.2014%2019%3A47%3A03%3CBR%20%2F%3EWhenChangedUTC%20%3A%2022.07.2021%2011%3A24%3A26%3CBR%20%2F%3EWhenCreatedUTC%20%3A%2011.09.2014%2012%3A47%3A03%3CBR%20%2F%3EOrganizationId%20%3A%3CBR%20%2F%3EId%20%3A%20Auth%20Configuration%3CBR%20%2F%3EOriginatingServer%20%3A%20dc1.mydomain.local%3CBR%20%2F%3EIsValid%20%3A%20True%3CBR%20%2F%3EObjectState%20%3A%20Unchanged%3C%2FDIV%3E%3CNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-noscript-container%22%3E%3CDIV%20class%3D%22lia-spoiler-noscript-content%22%3ERunspaceId%20%3A%20569af6a9-5855-4a5c-a08a-1db541958cbbCurrentCertificateThumbprint%20%3A%2076CECC370D75297*****PreviousCertificateThumbprint%20%3ANextCertificateThumbprint%20%3ANextCertificateEffectiveDate%20%3AServiceName%20%3A%2000000002-0000-0ff1-ce00-000000000000Realm%20%3AName%20%3A%20Auth%20ConfigurationAdminDisplayName%20%3AExchangeVersion%20%3A%200.20%20(15.0.0.0)DistinguishedName%20%3A%20CN%3DAuth%20Configuration%2CCN%3DFirst%20Organization%2CCN%3DMicrosoft%20Exchange%2CCN%3DServices%2CCN%3DConfiguration%2CDC%3Dmydomain%2CDC%3DlocalIdentity%20%3A%20Auth%20ConfigurationGuid%20%3A%20f5994286-9035-4233-a1dd-b00bee367c31ObjectCategory%20%3A%20nsksan.local%2FConfiguration%2FSchema%2Fms-Exch-Auth-Auth-ConfigObjectClass%20%3A%20%7Btop%2C%20container%2C%20msExchContainer%2C%20msExchAuthAuthConfig%7DWhenChanged%20%3A%2022.07.2021%2018%3A24%3A26WhenCreated%20%3A%2011.09.2014%2019%3A47%3A03WhenChangedUTC%20%3A%2022.07.2021%2011%3A24%3A26WhenCreatedUTC%20%3A%2011.09.2014%2012%3A47%3A03OrganizationId%20%3AId%20%3A%20Auth%20ConfigurationOriginatingServer%20%3A%20dc1.mydomain.localIsValid%20%3A%20TrueObjectState%20%3A%20Unchanged%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FNOSCRIPT%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2575238%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2575238%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1104366%22%20target%3D%22_blank%22%3E%40Yeroen1966%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EThis%20article%20mentions%20that%20error%20you%20received%2C%20granted%20its%20for%20Exchange%202016%20and%202019%2C%20but%20hey%20may%20be%20worth%20taking%20a%20look%20at.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2F-object-reference-not-set-to-an-instance-of-an-object-error-and-setup-fails-in-exchange-2019-cu10-and-2016-cu21-12b84c6c-5177-4ba4-a946-cd4f77e96cc7%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2F-object-reference-not-set-to-an-instance-of-an-object-error-and-setup-fails-in-exchange-2019-cu10-and-2016-cu21-12b84c6c-5177-4ba4-a946-cd4f77e96cc7%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20may%20need%20to%20run%20the%20AD%20Preps%20(like%20%2FPrepareSchema%20and%20%2FPrepareAD)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2575254%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2575254%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1085386%22%20target%3D%22_blank%22%3E%40JoshGardner%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20have%20the%20Computers%20container.%20So%20that's%20not%20the%20problem...but%20thanks%20for%20sharing.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2576291%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2576291%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1104366%22%20target%3D%22_blank%22%3E%40Yeroen1966%3C%2FA%3E%26nbsp%3BHello!%20Just%20a%20quick%20note%20to%20let%20you%20know%20that%20you%20posted%20this%20four%20times.%20You%20should%20have%20received%20a%20notice%20each%20time%20that%20your%20post%20was%20in%20the%20approval%20queue%2C%20meaning%20it%20needed%20one%20of%20our%20team%20to%20manually%20approve%20it%20(which%20we%20do%20on%20a%20daily%20basis).%20Please%20don't%20continue%20to%20repost%20when%20that%20happens%20as%20our%20system%20will%20deny%20you%20every%20time%20until%20it%20is%20manually%20approved%2C%20and%20our%20team%20had%20to%20remove%20your%20duplicate%20posts%20after%20approving.%20Thank%20you.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2576976%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2576976%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20the%20KB%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-access-owa-or-ecp-if-oauth-expired%3C%2FA%3E%20it%20states%20%3A%3CBR%20%2F%3E%22If%20you%20have%20a%20hybrid%20setup%2C%20you%20have%20to%20run%20the%20Hybrid%20Configuration%20Wizard%20again%20to%20update%20the%20changes%20to%20Azure%20Active%20Directory%20(Azure%20AD)%22%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20have%20a%20hybrid%20environment%20with%20Exchange%202016%20CU20%20with%20the%20July%20SU.%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EIs%20that%20step%20actually%20needed%20for%20the%20ECP%20and%20OWA%20to%20start%20to%20work%20in%202016%3F%20What%20would%20be%20the%20consequences%20for%20not%20running%20the%20Hybrid%20configuration%20wizard%20after%20I%20add%20the%20Oauth%20certificate%3F%20Anyone%20knows%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2578076%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2578076%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EAfter%20updating%2C%20re-issuing%20the%20certificate%20and%20extending%20the%20schema%20after%208%20hours%20-%20ECP%20%5C%20OWA%20didn't%20work.%20I%20rebooted%20the%20server%20and%20after%202%20hours%20everything%20worked.%20Thanks%20to%20all!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2574407%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2574407%22%20slang%3D%22en-US%22%3E%3CP%3Eadditional%20information%20added%20at%20our%20post%20of%20problems%20with%20Schema-update%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EIn%20the%20Exchangesetuplog%20we%20see%20also%20this%20message%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20Evaluated%20%5BSetting%3AMicrosoftExchangeSystemObjectsCN%5D%20%5BHasException%3ATrue%5D%20%5BValue%3A%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3ESystem.DirectoryServices.DirectoryServicesCOMException%20(0x8007202B)%3A%20A%20referral%20was%20returned%20from%20the%20server.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3Eat%20System.DirectoryServices.DirectoryEntry.Bind(Boolean%20throwIfFail)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20System.DirectoryServices.DirectoryEntry.Bind()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20System.DirectoryServices.DirectoryEntry.get_AdsObject()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20System.DirectoryServices.DirectorySearcher.FindAll(Boolean%20findMoreThanOne)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.ADProvider.Run(Boolean%20useGC%2C%20String%20directoryEntry%2C%20String%5B%5D%20listOfPropertiesToCollect%2C%20String%20filter%2C%20SearchScope%20searchScope)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Analysis.PrereqAnalysis.%3CCREATEACTIVEDIRECTORYPREREQPROPERTIES%3Eb__120(Result%601%20x)%3C%2FCREATEACTIVEDIRECTORYPREREQPROPERTIES%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Analysis.Builders.SettingBuilder%602.%26lt%3B%26gt%3Bc__DisplayClass1.%3CSETVALUE%3Eb__0(Result%20x)%3C%2FSETVALUE%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5D%20%5BParentValue%3A%22%3CNULL%3E%22%5D%20%5BThread%3A41%5D%20%5BDuration%3A00%3A00%3A46.3759730%5D%3C%2FNULL%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5B07-22-2021%2007%3A55%3A28.0679%5D%20%5B1%5D%20Finished%20%5BSetting%3AMicrosoftExchangeSystemObjectsCN%5D%20%5BDuration%3A00%3A00%3A46.3759730%5D%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3Eand%20this%20one%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%5B07-22-2021%2007%3A54%3A43.0115%5D%20%5B1%5D%20Evaluated%20%5BSetting%3AIsHybridObjectFoundOnPremises%5D%20%5BHasException%3ATrue%5D%20%5BValue%3A%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EMicrosoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetectionException%3A%20The%20On-Premises%20test%20failed%20with%20the%20message%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object..%20---%26gt%3B%20System.NullReferenceException%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object.%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.TestOnPremisesOrgRelationshipDomainsCrossWithAcceptedDomain(IOnPremisesHybridDetectionCmdlets%20onPremCmdlets)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E---%20End%20of%20inner%20exception%20stack%20trace%20---%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Analysis.PrereqAnalysis.%26lt%3B.ctor%26gt%3Bb__27(Result%601%20x)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Analysis.Builders.SettingBuilder%602.%26lt%3B%26gt%3Bc__DisplayClass1.%3CSETVALUE%3Eb__0(Result%20x)%3C%2FSETVALUE%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3ESystem.NullReferenceException%3A%20Object%20reference%20not%20set%20to%20an%20instance%20of%20an%20object.%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.TestOnPremisesOrgRelationshipDomainsCrossWithAcceptedDomain(IOnPremisesHybridDetectionCmdlets%20onPremCmdlets)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Eat%20Microsoft.Exchange.Management.Deployment.HybridConfigurationDetection.HybridConfigurationDetection.RunOnPremisesHybridTest()%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5D%20%5BParentValue%3A%22%3CNULL%3E%22%5D%20%5BThread%3A44%5D%20%5BDuration%3A00%3A00%3A00.8437672%5D%3C%2FNULL%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%5B07-22-2021%2007%3A54%3A43.0115%5D%20%5B1%5D%20Finished%20%5BSetting%3AIsHybridObjectFoundOnPremises%5D%20%5BDuration%3A00%3A00%3A00.8437672%5D%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2548559%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2548559%22%20slang%3D%22en-US%22%3E%3CP%3EHelo%2C%20We%20have%20problem%20with%20standalone%20Exchange%202013%20on%202012R2%20-%20geetting%20error%3A%3C%2FP%3E%3CPRE%3EHMACProvider.GetCertificates%3AprotectionCertificates.Length%26lt%3B1%20%3C%2FPRE%3E%3CP%3EEven%20after%20applying%26nbsp%3BOAuth%20%22fix%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20some%20way%20to%20get%20more%20information%20for%20troubleshooting%3F%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2590345%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2590345%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20need%20to%20understand%20prior%20we%20take%20our%20decision%20for%20CU%20update.%20We%20are%20at%20CU%2019%20and%20looking%20to%20apply%20July%20SU's%20which%20we%20know%20are%20only%20applicable%20to%20CU20%20and%20CU%2021.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EWe%20currently%20do%20have%20third%20party%20applications%20which%20have%20not%20yet%20announced%20support%20for%20CU%2021%20and%20we%20have%20registered%20support%20cases%20with%20them%20for%20a%20time%20line.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EMy%20point%20is%20if%20we%20go%20for%20CU%2020%20and%20apply%20July%20SU's%20then%20according%20t%20this%20article%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-2016-and-the-end-of-mainstream-support%2Fbc-p%2F2590306%23M31012%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-2016-and-the-end-of-mainstream-support%2Fbc-p%2F2590306%23M31012%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Eonly%20CU%2021%20will%20get%20any%20future%20security%20updates%2C%20so%20should%20we%20target%2021%20or%20go%20with%20CU%2020%2C%20because%20not%20looking%20to%20perform%20another%20CU%20update%20in%20few%20days%20time%20and%20again%2C%20hence%20looking%20for%20advise.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ECan%20we%20have%20at%20least%20support%20end%20date%20for%20CU20%20clearly%3F%20As%20per%20documentation%20(n-1)%20rule%2C%20CU20%20was%20released%20on%20March%2016th%20and%20CU%2021%20released%20on%20June%2029th%20%2C%20so%20CU%2020%20will%20be%20supported%20till%2029th%20September%202021%2C%20please%20assist%20if%20this%20is%20correct%20to%20help%20take%20a%20decision%2C%20it%20will%20be%20much%20helpful%20to%20go%20ahead%20for%20CU%2020%20as%20for%2021%20we%20need%20to%20wait%20for%20third%20party%20support%20announcements%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2591080%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2591080%22%20slang%3D%22en-US%22%3E%3CP%3ELatest%20HealthChecker%20script%20recommends%20to%20enable%20Download%20Domains%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2021-1730%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECVE-2021-1730%20-%20Security%20Update%20Guide%20-%20Microsoft%20-%20Microsoft%20Exchange%20Server%20Spoofing%20Vulnerability%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20link%20refers%20to%20Exchange%202016%20CU18.%20Is%20enable%20Download%20Domains%20still%20recommended%20after%20applying%20Exchange%202016%20CU21%20with%20July%20security%20update%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2591133%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2591133%22%20slang%3D%22en-US%22%3E%3CP%3EI%20updated%20to%20Exchange%202019%20CU10%20and%20the%20Security%20update%20and%20now%20users%20are%20complain%20of%20OWA%20timing%20out%20quickly.%26nbsp%3B%20I%20checked%20the%20%22ActivityBasedAuthenticationTimeoutInterval%22%20and%20it%20is%20set%20for%206%20hours.%26nbsp%3B%20Any%20ideas%20where%20else%20I%20can%20look%20for%20this%20issue%3F%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2591134%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2591134%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1002635%22%20target%3D%22_blank%22%3E%40Martijn_Westera%3C%2FA%3E%26nbsp%3BDownload%20Domains%20is%20a%20feature%20introduced%20with%20Exchange%202016%20CU18%20%2F%20Exchange%202019%20CU7.%20You%20must%20configure%20it%20to%20prevent%20the%20type%20of%20attacks%20described%20in%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2021-1730%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECVE-2021-1730%20-%20Security%20Update%20Guide%20-%20Microsoft%20-%20Microsoft%20Exchange%20Server%20Spoofing%20Vulnerability%3C%2FA%3E%26nbsp%3B(see%20FAQ%20section).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2591438%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2591438%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20had%20issues%20with%20the%20EAC%20working%20after%20the%20July%20Security%20Updates%20on%20Exchange%202016%20CU21%20because%20of%20the%20UAC%20issue.%20We%20tried%20several%20times%20to%20follow%20the%20guidance%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fclient-connectivity%2Fowa-stops-working-after-update%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOWA%20or%20ECP%20stops%20working%20after%20you%20install%20a%20security%20update%20-%20Exchange%20%7C%20Microsoft%20Docs%3C%2FA%3E%26nbsp%3Bto%20reinstall%20the%20update%20an%20run%20the%20powershell%20scripts%20without%20luck.%20What%20ultimately%20solved%20our%20issue%20was%20running%20a%20command%20prompt%20as%20admin%2C%20%3CSTRONG%3Ethen%20running%20powershell%20inside%20that%20window%2C%3C%2FSTRONG%3E%20and%20then%20reinstalling%20the%20Security%20Update%20in%20that%20window%20while%20still%20in%20powershell.%20After%20the%20reboot%20both%20of%20our%20Exchange%20servers%20EAC%20was%20working%20with%20no%20additional%20powershell%20scripts%20or%20configuration%20necessary.%20We%20had%20only%20started%20the%20powershell%20inside%20the%20administrator%20command%20window%20to%20run%20get-filehash%20on%20the%20update%20before%20running%20it.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2591868%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2591868%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%2C%20the%20problem%20with%20OWA%2FECP%20just%20happened%20today%20to%20me%20on%20a%20freshly-built%20Exchange%202016%20CU21%20server%3B%20as%20described%2C%20the%20problem%20was%20fixed%20(after%20several%20hours)%20by%20regenerating%20the%26nbsp%3B%3CSPAN%3EMicrosoft%20Exchange%20Server%20Auth%20Certificate.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CU%3E%3CSTRONG%3EHowever%2C%20the%20existing%20certificate%20was%20definitely%20not%20missing%20or%20expired%3C%2FSTRONG%3E%3C%2FU%3E%2C%20having%20been%20created%20by%20the%20Exchange%20installer%20a%20couple%20hours%20before%20applying%20the%20July%20security%20update.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20only%20possible%20reason%20I%20could%20find%20for%20this%20is%2C%20the%20Exchange%20installer%20created%20the%20Auth%20Certificate%20using%20SHA1%3B%20when%20I%20regenerated%20it%2C%20SHA256%20was%20used%3B%20this%20is%20the%20only%20difference%20I%20could%20find%20between%20the%20two%20certificates.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESo%2C%20it%20looks%20like%20the%20problem%20can%20happen%20even%20if%20the%20Auth%20Certificate%20is%20present%20and%20very%20much%20not%20expired%3B%20the%20Exchange%20installer%20should%20definitely%20be%20fixed%20to%20generate%20a%20certificate%20that%20will%20remain%20usable%20after%20applying%20the%20July%20security%20update.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2591922%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2591922%22%20slang%3D%22en-US%22%3E%3CP%3EI%20hadn't%20seen%20this%20here%20already%20in%20the%20thread%20so%20I%20thought%20I'd%20toss%20this%20info%20out%20there%20if%20it%20saves%20someone%20else%20some%20time%20-%20we've%20applied%20the%20schema%20update%20(CU21)%20but%20are%20still%20CU20%20and%20applying%20kb5004779.%26nbsp%3B%20The%20third%20server%20I%20went%20to%20install%20it%20on%20sat%20at%20'publishing%20product%20information'%20for%20a%20very%20long%20time.%26nbsp%3B%20After%20an%20hour%20I%20started%20looking%20and%20noticed%20that%20one%20of%20the%20services%20%22Microsoft%20Exchange%20Search%20Host%20Controller%22%20was%20stopped.%26nbsp%3B%20I%20stopped%20the%20rest%20of%20the%20Exchange%20services%2C%20and%20then%20the%20update%20continued.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThought%20I'd%20include%20so%20no%20one%20else%20waited%2Fpanicked%20and%20did%20something%20like%20reboot%20and%20possibly%20cause%20more%20issues.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594719%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594719%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1113815%22%20target%3D%22_blank%22%3E%40MassimoPascucci%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20we%20have%20another%20exchange%20server%20which%20is%20not%20in%20maintenance%20mode%2C%20can%20we%20export%20auth%20certificate%20from%20it%20to%20the%20one%20where%20security%20update%20caused%20the%20issue%20with%20auth%20certificate%3F%20any%20ideas%3C%2FP%3E%3CP%3Eas%20in%20DAG%20setup%2C%20at%20a%20time%20we%20will%20be%20doing%20one%20server%20update%20so%20auth%20certificate%20is%20valid%20on%20the%20node%20not%20being%20serviced.%20your%20opinion%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594723%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594723%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eplease%20advise%20if%20export%20from%20working%20node%20and%20import%20to%20node%20where%20update%20creates%20problem%20with%20auth%20certificate%2C%20will%20help%20to%20resolve%20issue%20people%20are%20reporting%20after%20july%20update%3F%20when%20working%20in%20DAG%20setup%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594741%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594741%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1113561%22%20target%3D%22_blank%22%3E%40wrahman%3C%2FA%3E%26nbsp%3BI%20don't%20really%20think%20it%20work%3B%20if%20the%20update%20causes%20the%20issue%2C%20it%20is%20because%20it%20thinks%20the%20certificate%20is%20somewhat%20broken%3B%20moving%20it%20around%20without%20actually%20generating%20a%20new%20one%20would%20be%20useless.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20good%20news%20is%2C%20this%20certificate%20is%20global%3B%20you%20regenerate%20it%20for%20the%20whole%20organization.%20You%20only%20need%20to%20do%20that%20once%20on%20a%20single%20server%2C%20and%20it%20will%20distributed%20to%20all%20your%20Exchange%20servers.%20After%20this%2C%20you%20should%20be%20able%20to%20apply%20the%20update%20on%20all%20servers%20without%20errors.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594746%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594746%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1113815%22%20target%3D%22_blank%22%3E%40MassimoPascucci%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%20for%20update%2C%20as%20you%20mentioned%20it%20is%20global%2C%20it%20means%20the%20if%20there%20are%20two%20nodes%20in%20DAG%20and%20when%20performing%20july%20update%20creates%20issue%20with%20auth%20certificate%20on%20a%20node%20being%20serviced%2C%20my%20service%20of%20(ecp%2Fowa)%20will%20still%20be%20disturbed%20even%20the%20second%20node%20is%20available%20for%20users%20to%20use%20because%20certificate%20is%20global%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594813%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594813%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1113561%22%20target%3D%22_blank%22%3E%40wrahman%3C%2FA%3E%26nbsp%3Bno%2C%20the%20bug%20only%20affects%20the%20node%20on%20which%20you%20install%20the%20update%3B%20it%20crashes%20OWA%2FECP%20if%20the%20Auth%20certificate%20is%20not%20valid.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20regenerate%20the%20certificate%20(globally)%20before%20applying%20the%20update%20on%26nbsp%3B%3CEM%3Eany%3C%2FEM%3E%20server%2C%20you%20should%20experience%20no%20issues%20when%20you%20apply%20the%20update.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594874%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594874%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHello%2C%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EI%20can%20confirm%20the%20login%20issues.%20After%20installing%20the%20Security%20Update%20For%20Exchange%20Server%202016%20CU21%20(KB5004779)%20on%20an%20Exchange%20Server%20in%20the%20DAG%2C%20I%20get%20the%20following%20error%3A%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EAfter%20successful%20login%2C%20I%20am%20immediately%20thrown%20back%20to%20the%20OWA%20login%20page.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EIf%20I%20deactivate%20the%20server%20on%20the%20loadmaster%2C%20OWA%20works%20as%20usual!.%20Please%20advice%20how%20do%20I%20fix%20the%20issue.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594876%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594876%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1007004%22%20target%3D%22_blank%22%3E%40vigna840%3C%2FA%3E%26nbsp%3Bupdate%20the%20remaining%20servers%20as%20well.%3C%2FP%3E%0A%3CP%3E%3CEM%3EStarting%20with%20July%202021%20updates%2C%20users%20might%20be%20redirected%20back%20to%20the%20login%20page%20when%20using%20OWA%2FECP%20if%20organization%20uses%20Load%20Balancing.%20You%20should%20avoid%20running%20mixed%20pools%20(servers%20with%20the%20latest%20SU%20applied%20together%20with%20servers%20which%20have%20not%20yet%20received%20the%20update).%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594883%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594883%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1007004%22%20target%3D%22_blank%22%3E%40vigna840%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20exact%20same%20issue%20with%20kemp%20loadmaster%20of%20my%20pool%20of%202%20servers%20both%20servers%20have%20security%20update%20and%20exhibit%20owa%20login%20loop%20only%20enabling%201%20only%20kemp%3C%2FP%3E%3CP%3Estops%20the%20loop%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethis%20has%20been%20a%20nightmare%20update%20with%20so%20many%20issues%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594899%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594899%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1113815%22%20target%3D%22_blank%22%3E%40MassimoPascucci%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eour%20auth%20cert.%20is%20valid.%20verified.%20but%20like%20you%20faced%20immediately%20after%20installing%20SU%20it%20got%20expired.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20require%20to%20regenerate%20when%20they%20are%20already%20valid%2C%20even%20if%20I%20regenerate%20them%20before%20applying%20SU%20as%20you%20suggested%2C%20and%20apply%20SU%2C%20they%20will%20again%20expire%2C%20as%20it%20is%20from%20bug%20in%20SU%20causing%20auth%20certificate%20to%20expire.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594902%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594902%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F210050%22%20target%3D%22_blank%22%3E%40Anthony%20Mazzeo%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eso%20you%20are%20saying%20you%20have%20applied%20SU%20to%20both%20servers%2C%20both%20are%20at%20same%20update%20level%20and%20working%20behind%20LB%20and%20still%20facing%20loop%3F%20because%20as%20per%20discussions%20here%2C%20it%20seems%20loop%20occurs%20if%20servers%20are%20behind%20LB%20and%20one%20have%20SU%20applied%20and%20other%20is%20not%20updated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594916%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594916%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1113561%22%20target%3D%22_blank%22%3E%40wrahman%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%20they%20are%20both%20patched%2C%20i%20use%20my%20kemp%20as%20more%20of%20web%20facing%20entry%20point%20that%20i%20have%20only%202%20servers%20enabled%20on%20kemp%3C%2FP%3E%3CP%3Eout%20or%20a%20total%20of%206%20internally%20we%20use%3C%2FP%3E%3CP%3Edns%20load%20balancing%20for%20internal%3C%2FP%3E%3CP%3Econnectivity%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei%20have%20had%20so%20many%20issues%20initially%20with%20expried%20auth%20cert%20mine%20took%20over%2020%20hours%20to%20replicate%20once%20regenerated%20that%20my%20backend%20exchange%20servers%20are%20not%20all%20patched%20as%20these%20thankfully%20is%20what%20kept%20my%20environment%20up%20when%20the%20owa%2Fecp%20issues%20raised%20there%20head%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20dont%20have%20much%20confidence%20applying%20these%20updates%20to%20all%20remaining%20servers%20and%20not%20being%20able%20to%20recover%20%26nbsp%3Bif%20owa%2Fecp%20issues%20happen%20again%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594938%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594938%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1113561%22%20target%3D%22_blank%22%3E%40wrahman%3C%2FA%3E%26nbsp%3Bthe%20bug%20doesn't%20cause%20the%20certificate%20to%20expire%2C%20it%20just%20seems%20to%20enforce%20stronger%20checks%20on%20its%20validity%2C%20which%20some%20certificates%20will%20not%20pass%20regardless%20of%20their%20expiration%20date%3B%20possibly%20the%20signature%20algorithm%20is%20the%20culprit%2C%20is%20your%20certificate%20SHA1%20or%20SHA256%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyway%2C%20%3CU%3E%3CSTRONG%3Eyou%20only%20need%20to%20regenerate%20the%20certificate%20one%20time%3C%2FSTRONG%3E%3C%2FU%3E%3B%20it%20will%20be%20valid%20and%20it%20will%20remain%20valid%20when%20you%20patch%20the%20other%20servers%2C%20you%20won't%20need%20to%20regenerate%20it%20each%20time%20you%20apply%20the%20same%20patch%20to%20another%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2595745%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2595745%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20installing%20CU21%20on%202016%20Exchange%20we%20have%20found%20that%20outlook%20clients%20cannot%20connect%20at%20all.%20The%20server%20is%20inundated%20with%20a%20IIS%20Worker%20Processor%20hammering%20memory%20and%20decent%20amount%20of%20processor%20as%20well.%20This%20update%20has%20completely%20broken%20outlook%20connectivity.%20Back%20on%20page%20one%20there%20is%20mention%20of%20something%20related%20to%20Sophos%2C%20which%20we%20also%20have%2C%20which%20seems%20the%20closest%20story%20to%20mine.%20Is%20there%20any%20official%20fix%20for%20this%20yet%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2599788%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2599788%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20installing%20Exchange%202019%20CU%2010%20SU%2C%20my%20lab%20PCs%20can't%20connect%20to%20through%20outlook%2C%20and%20OWA%20and%20ECP%20goes%20back%20to%20login%20screen%20immediately.%3C%2FP%3E%3CP%3EMy%20lab%20environment%20has%20a%20F5%20Big-IP%20(ver%2015.x.x.x)%20and%202x%20Exchange%202019%20DAG%20servers%2C%20and%20using%20Exchange%202016%20iAPP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20fix%20the%20problem%2C%20just%20like%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1103409%22%20target%3D%22_blank%22%3E%40georgedaly%3C%2FA%3E%26nbsp%3B%20explained%2C%3C%2FP%3E%3CP%3ELogin%20to%20F5%20BIgIP%2C%20Local%20Traffics-%26gt%3B%20Virtual%20servers%20-%26gt%3B%20find%20VS%20that%20was%20created%20by%20the%20exchange%20iAPP%2C%20there%20should%20be%20one%20for%20http%20and%20one%20for%20https%2C%20for%20example%20xxxxx_combined_http%20and%20xxxxx_combined_https.%20Goto%20each%20VS's%20properties%20-%26gt%3B%20resources%20-%26gt%3B%20set%20%22default%20persistence%20profile%22%20to%20%22source_addr%22%2C%20yes%20do%20it%20for%20both%20VSes.%3C%2FP%3E%3CP%3ENote%20that%20if%20you%20re-configure%20the%20iAPP%20the%20change%20will%20get%20lost%2C%20so%20be%20sure%20to%20add%20it%20back.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHopefully%20M%24%20fix%20this%20on%20the%20next%20CU.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2605636%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2605636%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Exchange%20team%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20checked%20a%20few%20servers%20across%20different%20domains%20that%20no%20longer%20run%20Exchange%20locally%20(all%20migrated%20to%20M365%20in%20the%20past).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThese%20domains%20would%20all%20have%20had%20Exchange%202003%2C%202007%2C%202010%20etc%20gracefully%20uninstalled%20several%20years%20ago%20after%20the%20last%20exchange%20server%20was%20shutdown.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20seems%20ALL%20of%20these%20domains%20are%20still%20vulnerable%20to%20the%20schema%20exploit%20even%20though%20Exchange%20was%20removed%20as%20the%20published%20exploit%20script%20creates%20the%20user.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20are%20these%20companies%20supposed%20to%20do%20in%20order%20to%20patch%20their%20domain%20as%20there%20is%20no%20Exchange%20installed%20to%20patch%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20also%20suggest%20this%20is%20a%20major%20issue%20to%20be%20communicated%20publicly%20as%20many%20companies%20will%20be%20in%20this%20position%20and%20do%20not%20realize%20they%20have%20a%20vulnerable%20schema%20in%20their%20AD%20due%20to%20having%20Exchange%20installed%20in%20the%20past.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2605673%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2605673%22%20slang%3D%22en-US%22%3E%3CP%3EAuth%20Certificate%20Replication%20between%20AD%20sites.%3C%2FP%3E%3CP%3ENote%20that%20there%20is%20an%20edge%20case%20where%20a%20new%20Auth%20certificate%20will%20NOT%20successfully%20replicate%20to%20Exchange%20servers%20in%20another%20site%20and%20that%20is%20if%20there%20is%20no%20direct%20AD%20site%20link%20between%20Exchange%20sites.%20e.g.%20ExchangeSite1-%26gt%3B%20non-Exchange%20AD%20Site%20-%26gt%3B%20ExchangeSite2%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20would%20see%20an%20Event%202005%20-%20MSExchange%20Certificate%20Deployment%3CBR%20%2F%3E%3CSPAN%3EFederation%20or%20Auth%20certificate%20not%20found%3A%20%3CTHUMBPRINT%3E.%20Unable%20to%20find%20the%20certificate%20in%20the%20local%20or%20neighboring%20sites.%20Confirm%20that%20the%20certificate%20is%20available%20in%20your%20topology%20and%20if%20necessary%20reset%20the%20certificate%20on%20the%20Federation%20Trust%20to%20a%20valid%20certificate%20using%20Set-FederationTrust%20or%20Set-AuthConfig.%26nbsp%3B%26nbsp%3BThe%20certificate%20may%20take%20time%20to%20propagate%20to%20the%20local%20or%20neighboring%20sites.%3C%2FTHUMBPRINT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EYou%20can%20export%20the%20cert%20(with%20private%20key)%20and%20import%20onto%20a%20single%20Exchange%20server%20on%20the%20other%20site%20and%20Exchange%20will%20take%20it%20from%20there.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2606654%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2606654%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F748858%22%20target%3D%22_blank%22%3E%40JoseDelCarmen%3C%2FA%3E%26nbsp%3BWe%20are%20working%20on%20this%20scenario%3B%20in%20the%20mean%20time%2C%20you%20can%20use%20a%20machine%20in%20the%20same%20site%20as%20the%20Schema%20Master%20to%20run%20%2Fpepareschema%20to%20address%20this%20even%20if%20there%20are%20not%20Exchange%20servers%20in%20the%20organization.%20We%20will%20publish%20more%20information%20on%20this.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2607838%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2607838%22%20slang%3D%22en-US%22%3E%3CP%3EWith%20all%20the%20people%20having%20issues%20with%20CU21%20and%20the%20security%20update%2C%20we%20have%20been%20holding%20off%20on%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eis%20Microsoft%20releasing%20a%20new%20version%20of%20the%20CU%20and%20Security%20update%20to%20correct%20the%20issues%20happening%3F%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3Banyone%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eor%20are%20we%20just%20supposed%20to%20deal%20with%20it%20and%20remediate%20the%20issues%20if%20we%20come%20across%20them%2C%20which%20seems%20far%20higher%20than%20the%20normal%20amount%20of%20issues.%20and%20all%20these%20people%20seem%20to%20be%20seasoned%20folks%20who%20know%20how%20to%20install%20it%20properly%2C%20ie%20elevated%20prompt%2C%20etc.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2608531%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2608531%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F739649%22%20target%3D%22_blank%22%3E%40Googol%3C%2FA%3E%26nbsp%3B-%20No%2C%20there%20is%20no%20work%20going%20on%20to%20re-release%20the%20latest%20set%20of%20CUs%20or%20SUs.%3C%2FP%3E%0A%3CP%3ENote%20that%20several%20things%20that%20have%20changed%20(and%20are%20listed%20under%20known%20issues)%20are%20essentially%20changes%20in%20design%20and%20are%20permanent%20changes%2C%20taken%20to%20address%20security%20issues.%20To%20be%20sure%2C%20there%20are%20things%20that%20we%20are%20looking%20to%20address%20in%20future%20updates%2C%20but%20-%20without%20knowing%20which%20issues%20specifically%20you%20speak%20of%20-%20the%20only%20way%20might%20be%20to%20go%20forward.%20It%20is%20far%20from%20ideal%20that%20a%20particular%20update%20might%20modify%20existing%20functionality%20or%20require%20unique%20steps%20to%20be%20addressed%2C%20but%20such%20things%20are%20sometimes%20unavoidable.%20I%20personally%20believe%20that%20what%20is%20obviously%20a%20bit%20painful%20process%20to%20navigate%20some%20of%20new%20requirements%20and%20steps%20to%20take%20to%20apply%20updates%20(all%20of%20which%20we%20tried%20to%20document)%20-%20is%20still%20better%20than%20possibly%20dealing%20with%20compromised%20environment%20at%20the%20later%20date.%20Our%20advice%20is%20to%20not%20delay%20application%20of%20security%20updates.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2609729%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2609729%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F119325%22%20target%3D%22_blank%22%3E%40alex%20kim%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20know%20from%20you%2C%20please%20assist%3A%3C%2FP%3E%3CP%3E-%20since%20you%20changed%20configuration%20in%20F5%2C%20you%20did%20not%20regenerate%20the%20auth%20cert.%20correct%3F%20and%20problem%20fixed%20after%20changing%20config.%20in%20F5%3C%2FP%3E%3CP%3E-%20you%20applied%20SU%20one%20by%20one%20on%20each%20server%20by%20moving%20them%20to%20maintenance%20mode%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eyour%20opinion%2C%20If%20we%20perform%20the%20F5%20change%20prior%20to%20applying%20this%20SU%20in%20setup%20of%202x%20servers%2C%20will%20this%20work%20without%20breaking%20anything%3F%20as%20we%20are%20doing%20F5%20change%20which%20you%20performed%20later%20after%20you%20encountered%20break.%3C%2FP%3E%3CP%3EAt%20a%20time%20we%20will%20be%20doing%20one%20server....%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2609905%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2609905%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3EThanks%20Nino.%20For%20the%20%2Fpepareschema%20step%2C%20I%20think%20I%20figured%20this%20out.%20Here%20is%20what%20I%20did%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20download%20the%20ISO%20file%20for%20Exchange%202016%20CU21%20(6.6GB)%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fconfirmation.aspx%3Fid%3D103242%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fconfirmation.aspx%3Fid%3D103242%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20Mount%20this%20ISO%20file%20on%20a%20server%20logged%20in%20as%20a%20domain%20admin%2Fschema%20admin%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E3.%20Open%20an%20elevated%20command%20prompt%2C%20cd%20to%20the%20mounted%20ISO%20directory%20and%20run%20the%20command%3A%20%3CEM%3Esetup.exe%20%2FPrepareSchema%20%2FIAcceptExchangeServerLicenseTerms%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20doing%20this%2C%20the%20domain%20schema%20is%20no%20longer%20exploitable.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20really%20think%20there%20are%20a%20huge%20amount%20of%20companies%20out%20that%20that%20have%20no%20clue%20they%20are%20vulnerable%20to%20this%20exploit%20and%20they%20need%20to%20go%20through%20this%20process%20manually.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2610882%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2610882%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Exchange%20Team%3A%3C%2FP%3E%3CP%3EWe%20have%20Cu23%20installed%20on%20Exchange%202013.%26nbsp%3B%20July%20su's%20have%20no%20information%20regarding%20what%20schema%20changes%20happened%2C%20what%20is%20included%20and%20should%20we%20see%20any%20schema%20version%20update%20of%20running%20prepareschema%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20write%20some%20details%20on%20this.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EManju%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2610952%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2610952%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F955591%22%20target%3D%22_blank%22%3E%40ManjunBN%3C%2FA%3E%26nbsp%3BSchema%20version%20(rangeUpper)%20remains%20on%20the%20same%20with%20Exchange%202013%20CU23%20%2B%26nbsp%3B%3CSPAN%3EKB5004778.%20See%3A%3C%2FSPAN%3E%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fprepare-active-directory-and-domains-exchange-2013-help%23exchange-2013-active-directory-versions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fprepare-active-directory-and-domains-exchange-2013-help%23exchange-2013-active-directory-versions%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20is%20the%20schema%20change%20which%20comes%20with%20KB5004778%20%2B%20PrepareSchema%20for%20Exchange%202013%20CU23%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fplan-and-deploy%2Factive-directory%2Fad-schema-changes%3Fview%3Dexchserver-2019%23classes-modified-by-exchange-2019-cu10%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fplan-and-deploy%2Factive-directory%2Fad-schema-changes%3Fview%3Dexchserver-2019%23classes-modified-by-exchange-2019-cu10%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2611095%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2611095%22%20slang%3D%22en-US%22%3E%3CP%3ELukas%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethis%20article%20talks%20about%20Exchange%202019%2C%20looking%20at%20Cu9%20and%20Cu10%20.%20There%20is%20no%20mention%20of%20schema%20changes%20in%20Exchange%202013.%20Is%20it%20applicable%20to%20Exchange%202013%20aswell%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewhat%20is%20confusing%20the%20statement%20in%20the%20article%20%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20Active%20Directory%20schema%20changes%20that%20are%20described%20in%20this%20topic%20might%20not%20apply%20to%20all%20editions%20of%20an%20Exchange%202019%20version.%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%3CP%3EClasses%20modified%20by%20Exchange%202019%20CU10%3C%2FP%3E%3CP%3EThis%20section%20contains%20the%20classes%20modified%20in%20Exchange%202019%20CU10.%3C%2FP%3E%3CP%3Eclass%20Change%20Attribute%2FClass%3CBR%20%2F%3Ems-Exch-Storage-Group%20delete%3A%20possSuperiors%20computer%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22table-scroll-wrapper%22%3ECLASSES%20MODIFIED%20BY%20EXCHANGE%202019%20CU10Class%20Change%20Attribute%2FClass%3C%2FDIV%3E%3CP%3EExchange%202019%20CU9%20Active%20Directory%20schema%20changes%3C%2FP%3E%3CP%3ENo%20changes%20are%20made%20to%20the%20Active%20Directory%20schema%20in%20Exchange%202019%20CU9.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2611338%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2611338%22%20slang%3D%22en-US%22%3E%3CP%3EIt's%20the%20same%20schema%20change%20as%20for%20Exchange%202019%20CU10%20and%20Exchange%202016%20CU21.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Ems-Exch-Storage-Group%20%7C%20delete%3A%20possSuperiors%20%7C%20computer%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2611382%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2611382%22%20slang%3D%22en-US%22%3E%3CP%3ELukas%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EQuestion%20is%20more%20specific%20to%20July%20Security%20update%20for%20exchange%202013%20CU23.%20Are%20there%20any%20schema%20changes%20included%20in%20July%20Security%20updates%20.%26nbsp%3B%3C%2FP%3E%3CP%3EWhy%20there%20is%20a%20need%20to%20run%20%2Fprepareschema%20after%20deploying%20Security%20update%20for%20exchange%202013%20CU23.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2611384%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2611384%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F955591%22%20target%3D%22_blank%22%3E%40ManjunBN%3C%2FA%3E%26nbsp%3BYes%2C%20we%20ship%20a%20schema%20change%20with%20the%20July%20security%20update.%20You%20must%20run%20%2Fprepareschema%20to%20apply%20the%20schema%20update.%20The%20SU%20ships%20only%20the%20files%20containing%20the%20change%20to%20the%20schema.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2613433%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2613433%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20mentions%20that%20there%20is%20also%20the%20%22Session%20expired%22%20issue.%3C%2FP%3E%3CP%3EHow%20do%20we%20resolve%20the%26nbsp%3BSession%20expired%20issue%3F%3C%2FP%3E%3CP%3ECurrently%20one%20server%20is%20patched%2C%20and%20the%20clients%20connecting%20to%20that%20server%20have%20the%20sessions%20expired.%3C%2FP%3E%3CP%3EExchange%202013%20CU23.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EZarko%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2613560%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2613560%22%20slang%3D%22en-US%22%3E%3CP%3ELukas%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20the%20inputs%2C%20I%20was%20able%20to%20derive%20list%20of%20schema%20changes%20from%20LDF%20files%20included%20in%20security%20update%20for%20exchange%202013%20CU%2023.%20The%20list%20is%20huge.%20I%20think%20the%20list%20of%20changes%20should%20have%20been%20published%2C%26nbsp%3B%3C%2FP%3E%3CP%3Eunless%20Exchange%20Team%20says%20document%20will%20be%20updated%20when%20next%20CU%20is%20released.%3C%2FP%3E%3CP%3Ethis%20is%20the%20link%20for%20Exchange%202013%20schema%20changes%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fexchange-2013-active-directory-schema-changes-exchange-2013-help%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fexchange-2013-active-directory-schema-changes-exchange-2013-help%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20Again%3C%2FP%3E%3CP%3EManju%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2613702%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2613702%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F653551%22%20target%3D%22_blank%22%3E%40zarkoc%3C%2FA%3E%26nbsp%3B%40the%20session%20expired%20should%20only%20happen%20if%20you%20run%20a%20mixed%20set%20of%20servers%20(with%20SU%20installed%20and%20some%20without).%26nbsp%3B%3CBR%20%2F%3Emit%20should%20go%20away%20as%20soon%20as%20all%20servers%20are%20patched%20with%20the%20July%20security%20update.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CEM%3EStarting%20with%20July%202021%20updates%2C%20users%20might%20be%20redirected%20back%20to%20the%20login%20page%20when%20using%20OWA%2FECP%20if%20organization%20uses%20Load%20Balancing.%26nbsp%3BYou%20should%20avoid%20running%20mixed%20pools%20(servers%20with%20the%20latest%20SU%20applied%20together%20with%20servers%20which%20have%20not%20yet%20received%20the%20update).%3C%2FEM%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2623202%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2623202%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20it%20helps%20anyone%2C%20I%20recently%20installed%20these%20updates%20for%20Exchange%202013%20CU23%20and%20we%20DID%20NOT%20have%20an%20expired%20OAuth%20certificate.%20The%20update%20still%20broke%20OWA%20and%20ECP%20and%20I%20had%20to%20complete%20the%20steps%20in%20the%20article%20to%20renew%20the%20OAuth%20cert%20and%20reset%20associated%20AppPools.%20After%20renewing%20the%20cert%2C%20and%20running%20Get-AuthConfig%20on%20each%20Exchange%20server%20I%20could%20see%20the%20certificate%20thumbnail%20attribute%20returned%20was%20that%20of%20the%20new%20certificate%20so%20the%20new%20certificate%20had%20propagated%20to%20all%20Exchange%20servers%20within%20a%20couple%20of%20minutes.%20Checking%20OWA%20and%20ECP%20again%20they%20still%20weren't%20working%20however.%20Left%20it%20for%2060mins%20and%20tried%20again%20and%20they%20were%20both%20now%20working.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%2C%20even%20when%20you%20DON'T%20have%20an%20expired%20OAuth%20certificate%2C%20installing%20the%20patches%20breaks%20something%20to%20do%20with%20this%20and%20you%20will%20need%20to%20renew%20them%20anyway%20as%20part%20of%20the%20install.%20And%20even%20when%20you%20renew%20and%20check%20the%20certificate%20is%20present%20on%20all%20servers%2C%20something%20still%20takes%2060mins%20or%20so%20in%20the%20background%20before%20the%20problem%20is%20fixed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGo%20figure.%20I%20tweeted%20MSExchange%20Team%20and%20there%20are%20lots%20and%20lots%20of%20others%20reporting%20the%20same%20but%20MS%20have%20not%20officially%20acknowledged%20this%20issue%20yet.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2626557%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2626557%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1122778%22%20target%3D%22_blank%22%3E%40AshK861225%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20had%20similar%20issue%20even%20with%20the%20-PublishCertificate%20switch.%3C%2FP%3E%3CP%3EI%20did%20an%20IISReset%20since%20it%20was%20just%20in%20my%20test%20lab%20but%20I%20presume%20since%20yours%20fixed%20itself%20after%20an%20hour%20that%20maybe%20an%20app%20pool%20recycled%20and%20that%20is%20what%20got%20it%20working.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2640939%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2640939%22%20slang%3D%22en-US%22%3E%3CP%3EHas%20anyone%20had%20any%20further%20issues%20with%20this%20Security%20update%20and%2For%20CU21%20for%20Exchange%202016%20since%20mid%20July%3F%26nbsp%3B%20Thanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2654186%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2654186%22%20slang%3D%22en-US%22%3E%3CP%3ETwo%20node%20DAG%20Exchange%202013%20CU23.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20an%20expired%20%3CSPAN%3EOAuth%26nbsp%3B%3C%2FSPAN%3Ecertificate%26nbsp%3B%3CSPAN%3Eon%20both%20nodes%20when%20I%20run%20Get-AuthConfig%20%7C%20FL.%26nbsp%3B%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EHowever%2C%20I%20also%20show%20in%20ECP%20an%26nbsp%3BOAuth%20that%20doesn't%20expire%20until%202026.%26nbsp%3B%20(Ran%20into%20the%20the%20OWA%20issue%20back%20in%20April.%26nbsp%3B%20Got%20things%20working%20by%20getting%20the%20old%20cert%20configured%20on%20both%20servers%20again.)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EQuestions.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ECan%20I%20just%20run%26nbsp%3B%3CSPAN%20class%3D%22hljs-pscommand%22%3ESet-AuthConfig%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-parameter%22%3E%20-PublishCertificate%3C%2FSPAN%3E%26nbsp%3Bto%20get%20the%20NOT%20EXPIRED%20cert%20in%20ECP%20to%20be%20the%26nbsp%3BOAuth%26nbsp%3Bcertificate%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Eand%20then%20run%26nbsp%3B%3CSPAN%20class%3D%22hljs-pscommand%22%3ESet-AuthConfig%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-parameter%22%3E%20-ClearPreviousCertificate%20to%20delete%20the%20expired%20cert%3F%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22hljs-parameter%22%3Ethen%20run%20IISreset%20or%20reset%20application%20pools%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22hljs-parameter%22%3EQuestion%202.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22hljs-parameter%22%3EI%20assume%20I%20need%20to%20do%20all%20these%20commands%20on%20both%20nodes%3F%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22hljs-parameter%22%3EReason.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22hljs-parameter%22%3ETrying%20to%20bypass%20the%20replication%20delay%20before%20patching.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2545365%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2545365%22%20slang%3D%22en-US%22%3E%3CP%3ENeeded%20some%20clarification%20here%20is%20it%20mandatory%20to%20install%20the%20Exchange%202019%20CU10%20to%20address%20July%20Security%20Update%20and%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fdescription-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-april-13-2021-kb5001779-8e08f3b3-fc7b-466c-bbb7-5d5aa16ef064%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fdescription-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-april-13-2021-kb5001779-8e08f3b3-fc7b-466c-bbb7-5d5aa16ef064%3C%2FA%3E%26nbsp%3Bin%20this%20article%20it%20says%26nbsp%3B%22%3CSTRONG%3EImportant%3A%26nbsp%3B%3C%2FSTRONG%3EPlease%20install%20the%20May%202021%20security%20update.%20That%20update%20supersedes%20this%20security%20fix.%20For%20more%20information%2C%20see%20the%20following%20Exchange%20Team%20Blog%20article%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Freleased-may-2021-exchange-server-security-updates%2Fba-p%2F2335209%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Freleased-may-2021-exchange-server-security-updates%2Fba-p%2F2335209%3C%2FA%3E%26nbsp%3B.%20In%20this%20case%20do%20we%20still%20need%20to%20install%26nbsp%3B(KB5001779)....%3F%20Even%20if%20we%20have%20installed%26nbsp%3B(KB5003435)%20which%20was%20released%20in%20May%202021...%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2691425%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2691425%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3Bthe%20Load%20Balancing%20issue%20is%20not%20listed%20as%20known%20issue%20in%20KB5004779.%20I%20only%20became%20aware%20of%20it%20through%20this%20article.%20Other%20people%20may%20not%20be%20aware%20of%20this%20issue%20if%20they%20are%20only%20referencing%20the%20information%20in%20KB5004779%20article.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2713039%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2713039%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1113561%22%20target%3D%22_blank%22%3E%40wrahman%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENo%20I%20did%20not%20had%20fix%20oAUTH%20cert.%3C%2FP%3E%3CP%3EYes%20I%20took%20out%20one%20server%20at%20a%20time%20and%20applied%20patch.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2742224%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20July%202021%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2742224%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22user-mention-tag%22%3E%3CP%20class%3D%22user-mention-tag-label%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F543036%22%20target%3D%22_blank%22%3E%40mstoffa%3C%2FA%3E%3C%2FP%3E%3CP%20class%3D%22user-mention-tag-label%22%3EFinally%20we%20found%20the%20workaround%20about%20this%20issue.%20It%20seems%20that%20Microsoft%26nbsp%3B%3CSPAN%3Eintroduced%20backend%20affinity%20to%20OWA%2FECP%20in%20latest%20SU%20update%20announced%20in%20July.%20As%20server%20is%20working%20properly%20without%20using%20Load%20Balancer%2C%20you%20should%20consider%20session%20persistency%20with%20a%20specific%20time-out%20in%20you%20LB%20configuration(Cookie%20or%20SourceIP).%20it%20will%20solve%20this%20issue.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Aug 05 2021 01:07 PM
Updated by: