Released: March 2022 Exchange Server Security Updates

Published Mar 08 2022 10:06 AM 82.2K Views

Microsoft has released security updates (SUs) that resolve vulnerabilities found in:

  • Exchange Server 2013
  • Exchange Server 2016
  • Exchange Server 2019

IMPORTANT: When manually installing SUs, you must install the .msp file from an elevated command prompt (see the Known Issues area in the KB).

These SUs are available for the following specific builds of Exchange Server:

The March 2022 SUs for Exchange Server address vulnerabilities responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately.

These vulnerabilities affect on-premises Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange Online customers are protected from the vulnerabilities addressed in these SUs and do not need to take any action other than updating any on-premises Exchange servers.

More details about specific CVEs can be found in Security Update Guide (filter on Exchange Server under Product Family).

Update installation

Two update paths are available:

March2022SUpath.png

Inventory your Exchange Servers / determine which updates are needed

Use the latest version of the Exchange Server Health Checker script to inventory your servers. Running this script will tell you if any of your Exchange Servers need CUs or SUs.

Update to the latest Cumulative Update

Go to https://aka.ms/ExchangeUpdateWizard and choose your currently running CU and your target CU to get update instructions.

If you encounter errors during or after installation of Exchange Server updates

If you encounter errors during installation, use the SetupAssist script. If something does not work properly after updating, see Repair failed installations of Exchange Cumulative and Security updates.

Known issues with this release

  • Modifying DAG network settings failing with error 0xe0434352 after January SUs are installed - fixed in the March SU but Set-DatabaseAvailabilityGroupNetwork continues failing
  • Customizing voicemail greetings might fail with error 0xe0434352 after January SUs are installed - not fixed in the March SU
  • MSExchangeServiceHost service may crash repeatedly with Event ID 4999 logged in Windows Application event log. Please see Exchange Service Host service fails after installing March 2022 security update (KB5013118).
  • Get-MailboxDatabaseCopyStatus command from Exchange 2013 server fails for databases hosted on Exchange 2016/2019 servers with following error:
    A server-side administrative operation has failed. Operation failed with message: Error 0xe0434352 (Unknown error (0xe0434352)) from RpccGetCopyStatusEx4
    Workaround: For Get-MailboxDatabaseCopyStatus error, run the Get-MailboxDatabaseCopyStatus command from Exchange 2016/2019 servers
  • Checking Exchange 2016/2019 database status from Exchange Admin Center may fail with HTTP 500 error or with "Your request couldn't be completed. Please try again in a few minutes."
    Workaround: Ensure the mailbox of admin is on Exchange 2016/2019 servers. If admin account has no mailbox, ensure all arbitration mailboxes, specially the “SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}”, are on Exchange 2016/2019 servers.

FAQs

My organization is in Hybrid mode with Exchange Online. Do I need to do anything?
While Exchange Online customers are already protected, the March 2022 SUs do need to be applied to your on-premises Exchange Servers. You do not need to re-run the Hybrid Configuration Wizard (HCW) after applying updates.

Do I need to install the updates on ‘Exchange Management Tools only’ workstations?
Servers or workstations running only the Management Tools role (no Exchange services) do not need these updates.

NOTE: This post might receive future updates; they will be listed here (if available).

Updates to this blog post:

  • 3/9: Added details about which previous issues are fixed. 
  • 3/10: Added details about the MSExchangeServiceHost service crash with this SU and the workarounds.
  • 3/16: Added a reference to KB5013118

 

The Exchange Team

135 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-3247586%22%20slang%3D%22en-US%22%3EReleased%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3247586%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20has%20released%20security%20updates%20(SUs)%20that%20resolve%20vulnerabilities%20found%20in%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EExchange%20Server%202013%3C%2FLI%3E%0A%3CLI%3EExchange%20Server%202016%3C%2FLI%3E%0A%3CLI%3EExchange%20Server%202019%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20style%3D%22background%3A%20%23F0F0F0%3B%20padding%3A%20.5em%3B%20margin%3A%201em%200%201em%200%3B%22%3E%3CSTRONG%3EIMPORTANT%3A%3C%2FSTRONG%3E%26nbsp%3BWhen%20manually%20installing%20SUs%2C%20you%20%3CFONT%20color%3D%22%23DF0000%22%3E%3CEM%3Emust%3C%2FEM%3E%3C%2FFONT%3E%20install%20the%20.msp%20file%20from%20an%20elevated%20command%20prompt%20(see%20the%20Known%20Issues%20area%20in%20the%20KB).%3C%2FP%3E%0A%3CP%3EThese%20SUs%20are%20available%20for%20the%20following%20specific%20builds%20of%20Exchange%20Server%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EExchange%20Server%202013%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3FfamilyID%3Dad904d7c-3c77-4585-a534-9f1505ad1ec4%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ECU23%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EExchange%20Server%202016%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3FfamilyID%3D33f4b4dd-47a3-45f0-ae7e-367d3a17c5e0%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ECU21%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3FfamilyID%3D6c9f45ac-54ca-4342-bd27-e284412bf518%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ECU22%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EExchange%20Server%202019%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3FfamilyID%3Da29a33c1-e1b3-4abc-88e6-fc707a0f80f1%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ECU10%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3FfamilyID%3D819d3453-4d0e-442e-976b-711ad8f50c97%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ECU11%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EThe%20March%202022%20SUs%20for%20Exchange%20Server%20address%20vulnerabilities%20responsibly%20reported%20by%20security%20partners%20and%20found%20through%20Microsoft%E2%80%99s%20internal%20processes.%20Although%20we%20are%20not%20aware%20of%20any%20active%20exploits%20in%20the%20wild%2C%20our%20recommendation%20is%20to%20install%20these%20updates%20%3CEM%3Eimmediately%3C%2FEM%3E.%3C%2FP%3E%0A%3CP%3EThese%20vulnerabilities%20affect%20on-premises%20Exchange%20Server%2C%20including%20servers%20used%20by%20customers%20in%20Exchange%20Hybrid%20mode.%20Exchange%20Online%20customers%20are%20protected%20from%20the%20vulnerabilities%20addressed%20in%20these%20SUs%20and%20do%20not%20need%20to%20take%20any%20action%20other%20than%20updating%20any%20on-premises%20Exchange%20servers.%3C%2FP%3E%0A%3CP%3EMore%20details%20about%20specific%20CVEs%20can%20be%20found%20in%20%3CA%20href%3D%22https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESecurity%20Update%20Guide%3C%2FA%3E%20(filter%20on%20Exchange%20Server%20under%20Product%20Family).%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId--2106938128%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%20id%3D%22toc-hId--2081945492%22%3EUpdate%20installation%3C%2FH1%3E%0A%3CP%3ETwo%20update%20paths%20are%20available%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22March2022SUpath.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F353080iC6B3A0E666C69111%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22March2022SUpath.png%22%20alt%3D%22March2022SUpath.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1416376654%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%20id%3D%22toc-hId--1391384018%22%3EInventory%20your%20Exchange%20Servers%20%2F%20determine%20which%20updates%20are%20needed%3C%2FH2%3E%0A%3CP%3EUse%20the%20latest%20version%20of%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeHealthChecker%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EExchange%20Server%20Health%20Checker%20script%3C%2FA%3E%26nbsp%3Bto%20inventory%20your%20servers.%20Running%20this%20script%20will%20tell%20you%20if%20any%20of%20your%20Exchange%20Servers%20need%20CUs%20or%20SUs.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1071136179%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%20id%3D%22toc-hId-1096128815%22%3EUpdate%20to%20the%20latest%20Cumulative%20Update%3C%2FH2%3E%0A%3CP%3EGo%20to%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeUpdateWizard%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FExchangeUpdateWizard%3C%2FA%3E%20and%20choose%20your%20currently%20running%20CU%20and%20your%20target%20CU%20to%20get%20update%20instructions.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--736318284%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%20id%3D%22toc-hId--711325648%22%3EIf%20you%20encounter%20errors%20during%20or%20after%20installation%20of%20Exchange%20Server%20updates%3C%2FH2%3E%0A%3CP%3EIf%20you%20encounter%20errors%20during%20installation%2C%20use%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExSetupAssist%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESetupAssist%20script%3C%2FA%3E.%20If%20something%20does%20not%20work%20properly%20after%20updating%2C%20see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fexchange%2Ftroubleshoot%2Fclient-connectivity%2Fexchange-security-update-issues%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERepair%20failed%20installations%20of%20Exchange%20Cumulative%20and%20Security%20updates%3C%2FA%3E.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1751194549%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%20id%3D%22toc-hId-1776187185%22%3EKnown%20issues%20with%20this%20release%3C%2FH2%3E%0A%3CUL%3E%0A%3CLI%3EModifying%20DAG%20network%20settings%20failing%20with%20error%200xe0434352%20after%20January%20SUs%20are%20installed%20-%20fixed%20in%20the%20March%20SU%20but%26nbsp%3BSet-DatabaseAvailabilityGroupNetwork%20continues%20failing%3C%2FLI%3E%0A%3CLI%3ECustomizing%20voicemail%20greetings%20might%20fail%20with%20error%200xe0434352%20after%20January%20SUs%20are%20installed%20-%20not%20fixed%20in%20the%20March%20SU%3C%2FLI%3E%0A%3CLI%3EMSExchangeServiceHost%20service%20may%20crash%20repeatedly%20with%20Event%20ID%204999%20logged%20in%20Windows%20Application%20event%20log.%20Please%20see%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-gb%2Ftopic%2Fexchange-service-host-service-fails-after-installing-march-2022-security-update-kb5013118-1cf2ecaf-2e87-4c42-b541-6adc47e01a5d%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EExchange%20Service%20Host%20service%20fails%20after%20installing%20March%202022%20security%20update%20(KB5013118)%3C%2FA%3E.%3C%2FLI%3E%0A%3CLI%3EGet-MailboxDatabaseCopyStatus%20command%20from%20Exchange%202013%20server%20fails%20for%20databases%20hosted%20on%20Exchange%202016%2F2019%20servers%20with%20following%20error%3A%3CBR%20%2F%3EA%20server-side%20administrative%20operation%20has%20failed.%20Operation%20failed%20with%20message%3A%20Error%200xe0434352%20(Unknown%20error%20(0xe0434352))%20from%20RpccGetCopyStatusEx4%3CBR%20%2F%3EWorkaround%3A%20For%20Get-MailboxDatabaseCopyStatus%20error%2C%20run%20the%20Get-MailboxDatabaseCopyStatus%20command%20from%20Exchange%202016%2F2019%20servers%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CUL%3E%0A%3CLI%3EChecking%20Exchange%202016%2F2019%20database%20status%20from%20Exchange%20Admin%20Center%20may%20fail%20with%20HTTP%20500%20error%20or%20with%20%22Your%20request%20couldn't%20be%20completed.%20Please%20try%20again%20in%20a%20few%20minutes.%22%3CBR%20%2F%3EWorkaround%3A%20Ensure%20the%20mailbox%20of%20admin%20is%20on%20Exchange%202016%2F2019%20servers.%20If%20admin%20account%20has%20no%20mailbox%2C%20ensure%20all%20arbitration%20mailboxes%2C%20specially%20the%20%E2%80%9CSystemMailbox%7Bbb558c35-97f1-4cb9-8ff7-d53741dc928c%7D%E2%80%9D%2C%20are%20on%20Exchange%202016%2F2019%20servers.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH1%20id%3D%22toc-hId-1740691445%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%20id%3D%22toc-hId-1765684081%22%3EFAQs%3C%2FH1%3E%0A%3CP%3E%3CSTRONG%3E%3CEM%3EMy%20organization%20is%20in%20Hybrid%20mode%20with%20Exchange%20Online.%20Do%20I%20need%20to%20do%20anything%3F%3C%2FEM%3E%3C%2FSTRONG%3E%3CBR%20%2F%3EWhile%20Exchange%20Online%20customers%20are%20already%20protected%2C%20the%20March%202022%20SUs%20do%20need%20to%20be%20applied%20to%20your%20on-premises%20Exchange%20Servers.%20You%20do%20%3CEM%3Enot%3C%2FEM%3E%20need%20to%20re-run%20the%20Hybrid%20Configuration%20Wizard%20(HCW)%20after%20applying%20updates.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CEM%3EDo%20I%20need%20to%20install%20the%20updates%20on%20%E2%80%98Exchange%20Management%20Tools%20only%E2%80%99%20workstations%3F%3CBR%20%2F%3E%3C%2FEM%3E%3C%2FSTRONG%3EServers%20or%20workstations%20running%20only%20the%20Management%20Tools%20role%20(no%20Exchange%20services)%20do%20not%20need%20these%20updates.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ENOTE%3A%3C%2FSTRONG%3E%20This%20post%20might%20receive%20future%20updates%3B%20they%20will%20be%20listed%20here%20(if%20available).%3C%2FP%3E%0A%3CP%3EUpdates%20to%20this%20blog%20post%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E3%2F9%3A%20Added%20details%20about%20which%20previous%20issues%20are%20fixed.%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3E3%2F10%3A%20Added%20details%20about%20the%20MSExchangeServiceHost%20service%20crash%20with%20this%20SU%20and%20the%20workarounds.%3C%2FLI%3E%0A%3CLI%3E3%2F16%3A%20Added%20a%20reference%20to%26nbsp%3BKB5013118%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22author%22%3EThe%20Exchange%20Team%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-3247586%22%20slang%3D%22en-US%22%3E%3CP%3EMarch%202022%20Security%20Updates%20for%20Exchange%20Server%202013%2C%20Exchange%20Server%202016%20and%20Exchange%20Server%202019%20available%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3247586%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnnouncements%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOn%20premises%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3259327%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3259327%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20the%20same%20problem%20in%20our%20environment%2C%20like%20Gabriel_93%20related%20in%20this%20blog..%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20Exchange%202016%20and%20the%20old%20expired%20federation%20certificate%20it's%20still%20active%20in%20our%20Exchange%20servers%2C%20without%20any%20possibility%20to%20delete%20for%20the%20moment..%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20you%20please%20let%20me%20know%20what's%20your%20suggestions%20in%20this%20case%2C%20should%20we%20proceed%20with%20this%20installation%2C%20or%20we%20should%20retry%20to%20delete%20the%20expired%20certificate%20and%20then%20start%20the%20installation%20of%20this%20March%20SU%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKindly%20waiting%20for%20your%20reply%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAll%20the%20best%2C%26nbsp%3B%3C%2FP%3E%3CP%3EDann%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3259346%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3259346%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1335223%22%20target%3D%22_blank%22%3E%40Dann_90%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20an%20expired%20certificate%20on%20our%20Exchange%202019%20server%20as%20well.%20I%20will%20delete%20it%20prior%20to%20installing%20the%20SU%3B%20however%2C%20If%20I%20cannot%20delete%20it%20I%20will%20probably%26nbsp%3B%3CU%3Enot%3C%2FU%3E%20install%20the%20SU.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHopefully%20MS%20will%20fix%20this%20issue%20on%20the%20next%20SU%20release.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3259604%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3259604%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWould%20doing%20%22Step%201%22%20i%20this%20workaround%20(%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fexchange-service-host-service-fails-after-installing-march-2022-security-update-kb5013118-1cf2ecaf-2e87-4c42-b541-6adc47e01a5d%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fexchange-service-host-service-fails-after-installing-march-2022-security-update-kb5013118-1cf2ecaf-2e87-4c42-b541-6adc47e01a5d)%26nbsp%3B%3C%2FA%3Ebefore%20installing%20the%20SU%20stop%20the%20issue%20ever%20happening.%3C%2FP%3E%3CP%3EDoing%20that%20before%20installing%20would%20that%20leave%20%22Step%202%22%20unnecessary.%3C%2FP%3E%3CP%3EOr%20would%20you%20not%20recommend%20this%20approach%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3259924%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3259924%22%20slang%3D%22en-US%22%3E%3CP%3EI%20removed%20the%20expired%20certificate%3B%20however%2C%20I%20have%204%20'Microsoft%20Exchange'%20pending%20requests%20which%20expire%20in%20August%202022.%20Will%20this%20pending%20requests%20also%20create%20a%20problem%20with%20the%20host%20service%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3260650%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3260650%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20release%20notes%20for%20the%20Exchange%202013%20fix%20indicates%20that%20it%20includes%20another%20fix%20for%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3E%22RFC%20certificate%20timestamp%20validation%20in%20Exchange%20Server%202013%22%3C%2FEM%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Frfc-certificate-timestamp-validation-in-exchange-server-2013-92462ab8-0308-48c9-be4b-3740c97b6276%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERFC%20certificate%20timestamp%20validation%20in%20Exchange%20Server%202013%20(microsoft.com)%3C%2FA%3E%26nbsp%3B%20.%20A%20couple%20of%20questions%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20exactly%20is%20this%3F%3C%2FP%3E%3CP%3EShould%20we%20expect%20that%20Outlook%20add-ins%20that%20use%20SHA1%20timestamping%20will%20no%20longer%20work%3F%26nbsp%3B%20%26nbsp%3B%20re%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3E%22This%20will%20deprecate%20the%20use%20of%20SHA1-based%20timestamping%22%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3ELooking%20forward%20to%20your%20always%20prompt%2C%20considerate%26nbsp%3Band%20helpful%20response.%26nbsp%3B%20%3A)%3C%2Fimg%3E%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3261591%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3261591%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1147676%22%20target%3D%22_blank%22%3E%40notrace%3C%2FA%3E%26nbsp%3B%3CSUP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1270011%22%20target%3D%22_blank%22%3E%40no1welshboyo%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1330276%22%20target%3D%22_blank%22%3E%40Terak1111%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1106110%22%20target%3D%22_blank%22%3E%40Duncan1528%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1329666%22%20target%3D%22_blank%22%3E%40MauriceLui%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1335223%22%20target%3D%22_blank%22%3E%40Dann_90%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1334451%22%20target%3D%22_blank%22%3E%40Gabriel_93%3C%2FA%3E%26nbsp%3B%3C%2FSUP%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSUP%3EWe%E2%80%99ve%20updated%20the%20KB.%20Please%20have%20a%20look%3A%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-gb%2Ftopic%2Fexchange-service-host-service-fails-after-installing-march-2022-security-update-kb5013118-1cf2ecaf-2e87-4c42-b541-6adc47e01a5d%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-gb%2Ftopic%2Fexchange-service-host-service-fails-after-installing-march-2022-security-update-kb5013118-1cf2ecaf-2e87-4c42-b541-6adc47e01a5d%3C%2FA%3E%20%3C%2FSUP%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3262287%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3262287%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20trying%20to%20follow%20those%20instructions%20on%20running%20the%20remove-certexpirynotifications.ps1%20and%20keep%20getting%20%22Invoke-RestMethod%20%3A%20The%20remote%20server%20returned%20an%20error%3A%20(404)%20Not%20Found.%22%20error%2C%20so%20am%20wondering%20if%20there%20is%20something%20on%20the%20Windows%20server%202019%20Core%20running%20Exchange%20server%202019%20that%20is%20missing%20that%20this%20script%20requires%20or%20if%20this%20means%20that%20the%20script%20just%20does%20not%20need%20to%20remove%20anything%20and%20the%20update%20should%20not%20break%20my%20server%3F%20Also%20the%20server%20is%20running%20on%20LetsEncypt%20cert%2C%20so%20is%20every%20few%20months%20at%20a%20state%20where%20the%20cert%20is%20about%20to%20expire%20in%20under%2030%20days.%20So%20I%20hope%20this%20update%20will%20not%20break%20my%20exchange%20every%20few%20months.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3262326%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3262326%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI'm%20getting%20this%3A%3C%2FP%3E%3CP%3EInvoke-RestMethod%20%3A%20The%20underlying%20connection%20was%20closed%3A%20Could%20not%20establish%20trust%20relationship%20for%20the%20SSL%2FTLS%20secure%3CBR%20%2F%3Echannel.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3262330%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3262330%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1147676%22%20target%3D%22_blank%22%3E%40notrace%3C%2FA%3E%26nbsp%3Bplease%20have%20a%20look%20at%20the%20common%20errors%20section%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmicrosoft.github.io%2FCSS-Exchange%2FAdmin%2FRemove-CertExpiryNotifications%2F%23common-errors%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fmicrosoft.github.io%2FCSS-Exchange%2FAdmin%2FRemove-CertExpiryNotifications%2F%23common-errors%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EEspecially%20the%20first%20one%20is%20interesting.%20Please%20check%20that%20you%20don%E2%80%99t%20get%20a%20name%20mismatch%20certificate%20error.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3262515%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3262515%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1147676%22%20target%3D%22_blank%22%3E%40notrace%3C%2FA%3E%26nbsp%3BI%20found%20that%20I%20got%20that%20error%20when%20I%20wasn't%20using%20the%20server%20name%20that%20the%20main%20Exchange%20certificate%20is%20issued%20to.%20For%20us%20this%20is%20also%20the%20name%20we'd%20use%20to%20get%20to%20EAC%20internally.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3263240%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3263240%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOkey%2C%20what%20do%20we%20do%20if%20we%20get%20the%26nbsp%3B%3CSPAN%3Ename%20mismatch%20certificate%20error%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThere%20is%20not%20given%20any%20solution%20to%20that%20problem..%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3263251%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3263251%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387929%22%20target%3D%22_blank%22%3E%40elindem%3C%2FA%3E%26nbsp%3Bthe%20solution%20is%20to%20use%20the%20name%20which%20is%20present%20in%20your%20certificate.%20Just%20open%20OWA%2C%20click%20on%20the%20padlock%20icon%20in%20the%20address%20bar%20and%20check%20the%20names%20which%20are%20present%20in%20the%20certificate%20that%20you%20use.%20Pass%20this%20name%20with%20the%20-server%20parameter.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3263358%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3263358%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOkey%2C%20Thank%20you.%3C%2FP%3E%3CP%3EWhen%20doing%20that%20I%20get%20this%20error%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3E%22Invoke-RestMethod%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22%22%3E%3A%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22%22%3EThe%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22%22%3Eremote%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22%22%3Eserver%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22%22%3Ereturned%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22%22%3Ean%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22%22%3Eerror%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3E%3A%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22%22%3E(%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3E403%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3E)%3C%2FSPAN%3E%26nbsp%3BForbidden%3CSPAN%20class%3D%22%22%3E.%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EAny%20ideas%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3263409%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3263409%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387929%22%20target%3D%22_blank%22%3E%40elindem%3C%2FA%3E%26nbsp%3Bdoes%20the%20user%20who%20runs%20the%20script%20have%20Full%20Access%20permission%20to%20the%20system%20mailbox%26nbsp%3B%3CSPAN%3ESystemMailbox%7Be0dc1c29-89c3-4034-b678-e6c29d823ed9%7D%20as%20described%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmicrosoft.github.io%2FCSS-Exchange%2FAdmin%2FRemove-CertExpiryNotifications%2F%23usage%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ERemove-CertExpiryNotifications%20-%20Microsoft%20-%20CSS-Exchange%3C%2FA%3E%26nbsp%3B%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3263415%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3263415%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3BYes%2C%20I%20have%20run%20the%20command%20on%20my%20admin%20account%20successfully.%20The%20one%20I%20run%20the%20script%20with.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3263417%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3263417%22%20slang%3D%22en-US%22%3E%3CP%3E%22%3CSPAN%20class%3D%22%22%3EInvoke-RestMethod%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3E%3A%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3EThe%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3Eremote%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3Eserver%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3Ereturned%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3Ean%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3Eerror%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3E%3A%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3E(%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3E403%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3E)%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3BForbidden%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3E.%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387929%22%20target%3D%22_blank%22%3E%40elindem%3C%2FA%3E%26nbsp%3BI%20believe%20got%20that%20message%20when%20I%20ran%20the%20script%20from%20my%20Exchange%20Server%2C%20due%20to%20the%20loopback%20check.%20In%20order%20to%20successfully%20run%20it%20I%20needed%20to%20install%20the%20Exchange%20management%20tools%20on%20a%20Windows%2010%20machine%20instead%2C%20and%20run%20the%20script%20from%20there.%20You%20should%20also%20check%20the%20permissions%20of%20that%20system%20mailbox%20to%20confirm%20that%20the%20permission%20change%20was%20applied%20correctly.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3263443%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3263443%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1107644%22%20target%3D%22_blank%22%3E%40pc-88%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20tried%20running%20the%20script%20from%20another%20computer%20and%20yes%20the%20permission%20was%20set%20correctly.%3C%2FP%3E%3CP%3ENot%20suppose%20to%20be%20easy%20this%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3EWait%20until%20next%20SU%20seems%20like%20the%20best%20scenario%20right%20now.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3263453%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3263453%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387929%22%20target%3D%22_blank%22%3E%40elindem%3C%2FA%3E%26nbsp%3Byou%20can%20also%20use%20the%20Outlook%20client%20(see%20Exchange%202013%20section%20in%20KB5013118)%20to%20do%20the%20clean-up%20job%20(you%20must%20use%20the%20Outlook%20client%20if%20your%20servers%20are%20not%20running%20Exchange%202016%20or%202019).%20The%20script%20automates%20the%20clean-up%20and%20works%20only%20with%202016%2F2019.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3263537%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3263537%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20release%20notes%20for%20the%20Exchange%202013%20fix%20indicates%20that%20it%20includes%20another%20fix%20for%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3E%22RFC%20certificate%20timestamp%20validation%20in%20Exchange%20Server%202013%22%3C%2FEM%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Frfc-certificate-timestamp-validation-in-exchange-server-2013-92462ab8-0308-48c9-be4b-3740c97b6276%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERFC%20certificate%20timestamp%20validation%20in%20Exchange%20Server%202013%20(microsoft.com)%3C%2FA%3E%26nbsp%3B%20.%20A%20couple%20of%20questions%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20exactly%20is%20this%3F%3C%2FP%3E%3CP%3EShould%20we%20expect%20that%20Outlook%20add-ins%20that%20use%20SHA1%20timestamping%20will%20no%20longer%20work%3F%26nbsp%3B%20%26nbsp%3B%20re%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3E%22This%20will%20deprecate%20the%20use%20of%20SHA1-based%20timestamping%22%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3ELooking%20forward%20to%20your%20always%20prompt%2C%20considerate%26nbsp%3Band%20helpful%20response.%26nbsp%3B%20%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2F%40C7BE33135EA1742D4E0CF1FF00DD009F%2Fimages%2Femoticons%2Fcryingwhilelaughing_anim.gif%22%20alt%3D%22%3Acryingwithlaughter%3A%22%20title%3D%22%3Acryingwithlaughter%3A%22%20%2F%3E%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3263632%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3263632%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F286871%22%20target%3D%22_blank%22%3E%40Sam_T%3C%2FA%3E%26nbsp%3Bas%20stated%20in%20the%20KB%2C%20this%20brings%20support%20for%26nbsp%3BRFC3161-based%20timestamp%20validation%20to%20Exchange%202013.%26nbsp%3BAll%20new%20add-in%20manifest%20files%20will%20be%20signed%20by%20using%20RFC3161-based%20(SHA256)%20timestamping.%20You%20won't%20be%20able%20to%20install%20any%20add-in%20that%20was%20signed%20using%20RFC3161%20because%20Exchange%20requires%20to%20validate%20the%20add-in%20XML%20manifest%20signature%20which%20isn't%20possible%20without%20the%20update.%20I%20would%20expect%20that%20any%20existing%20(already%20installed)%20add-in%20continues%20to%20work%20until%20the%20XML%20manifest%20gets%20updated%20and%20is%20then%20signed%20by%20using%26nbsp%3BRFC3161-based%20timestamping.%20So%2C%20it's%20critical%20to%20upgrade%20for%20continued%20support%20add-in%20support.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3Bcorrect%20me%20if%20I'm%20wrong.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3264648%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3264648%22%20slang%3D%22en-US%22%3E%3CP%3EComplete%20fresh%20Exchange%20Server%202016%20CU22%20on%20a%20fresh%20Windows%20Server%202016%2C%20installing%20the%20Security%20Update%20KB5012698%20breaks%20EAC%20completely.%20This%20is%20what%20we%20see%20after%20opening%20EAC%20and%20logging%20in%20with%20username%2Fpassword.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22David_Trevor_0-1648042505888.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F357909i8607BA12D7459FCD%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22David_Trevor_0-1648042505888.png%22%20alt%3D%22David_Trevor_0-1648042505888.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EEvent%20log%20shows%3A%3C%2FP%3E%3CP%3E%3CEM%3EOutlook%20Web%20App%20failed%20to%20load%20the%20following%20theme%20folder%3A%20C%3A%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5CV15%5CClientAccess%5Cowa%5C15.1.2375.24%5Cthemes%5Cbase%3CBR%20%2F%3EThe%20following%20files%20are%20missing%3A%20premium.css%2C%20gradienth.png%2C%20gradientv.png%2C%20csssprites.css%2C%20csssprites.png%2C%20csssprites2.css%2C%20csssprites2.png%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3264665%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3264665%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1341225%22%20target%3D%22_blank%22%3E%40David_Trevor%3C%2FA%3E%26nbsp%3Bcheck%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FRSA-ECP-MissingImages%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FRSA-ECP-MissingImages%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3265565%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3265565%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20uninstalled%20the%20Security%20Update%20in%20the%20Control%20Panel%20and%20have%20installed%20it%20again%20in%20the%20same%20way%2C%20this%20time%20the%20EAC%20is%20working%20correctly.%20However%2C%20one%20step%20I%20also%20did%2C%20which%20maybe%20had%20an%20effect%3A%3C%2FP%3E%3CP%3EI%20opened%20the%20File%20Explorer%20and%20navigated%20to%20the%20folder%26nbsp%3BC%3A%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5CV15%5CClientAccess%3C%2FP%3E%3CP%3EI%20had%20to%20confirm%20an%20admin%20prompt%20to%20gain%20access%20to%20that%20folder.%20Could%20that%20have%20had%20an%20effect%20during%20the%20first%20time%20of%20the%20installation%2C%20where%20it%20could%20not%20copy%20the%20files%20over%20to%20that%20subdirectory%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3269111%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3269111%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20believe%20that%20a%20previous%20revision%20of%20the%20%22Exchange%20Service%20Host%20service%20fails%22%20article%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-gb%2Ftopic%2Fexchange-service-host-service-fails-after-installing-march-2022-security-update-kb5013118-1cf2ecaf-2e87-4c42-b541-6adc47e01a5d%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EExchange%20Service%20Host%20service%20fails%20after%20installing%20March%202022%20security%20update%20(KB5013118)%20(microsoft.com)%3C%2FA%3E%26nbsp%3Bmentioned%20that%20there%20was%20a%20fix%20forthcoming%20from%20Microsoft.%20Now%20it%20appears%20there%20is%20no%20mention%20of%20a%20fix%20but%20only%20a%20workaround.%26nbsp%3B%20Two%20questions%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EShould%20we%20expect%20a%20fix%20for%20this%20issue%20or%20should%20we%20just%20assume%20that%20this%20service%20may%20fail%20after%20the%20application%20of%20every%20future%20hotfix%20issued%20by%20Microsoft%3F%3C%2FP%3E%3CP%3EThese%20kb%20articles%20used%20to%20have%20a%20date%20%26amp%3B%20time%20of%20last%20revision.%20Why%20aren't%20these%20time%20stamped%20any%20longer%3F%26nbsp%3B%20Do%20you%20know%20how%20much%20time%20it%20takes%20to%20read%20one%20of%20these%20articles%20and%20try%20and%20guess%20if%20there%20are%20any%20changes%20since%20the%20last%20time%20you%20read%20it%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3269204%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3269204%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3ESorry%2C%20but%20how%20can%20anybody%20proceed%20with%20applying%20the%20March%20security%20update%20in%20a%20production%20environment%2C%20it%20sounds%20like%20a%20complete%20mess!%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20workaround%20is%20not%20clear%20either%2C%20here%20are%20my%20questions....%3CBR%20%2F%3E%3CBR%20%2F%3EAre%20Microsoft%20looking%20at%20issuing%20a%20revised%20update%20or%20fix%2C%20I%20am%20not%20keen%20on%20the%20workaround%20mentioned%20in%26nbsp%3BKB5013118%3F%3CBR%20%2F%3E%3CBR%20%2F%3EA%20couple%20of%20clients%20we%20support%20use%20a%20'MS-Organization-P2P-Access'%20certificate%20which%20is%20installed%20on%20their%20Exchange%202016%20server.%26nbsp%3B%20This%20certificate%20is%20valid%20for%2024%20hours%20before%20renewing%20and%20is%20required%26nbsp%3Bfor%26nbsp%3B%3CSPAN%3EADConnect%2C%20to%20sync%20computer%20accounts%20to%20Azure%20AD%20for%20hybrid%20join.%26nbsp%3B%20If%20I%20apply%20the%20March's%20update%20does%20this%20mean%20that%20the%20'MSExchangeServiceHost'%20is%20at%20risk%20of%20crashing%3F%3CBR%20%2F%3E%3CBR%20%2F%3EDoes%20this%20only%20apply%20to%20certificates%20that%20have%20Exchange%20services%20tied%20to%20them%2C%20or%20is%20it%20any%20certificate%20in%20the%20personal%20store%3F%3CBR%20%2F%3E%3C%2FSPAN%3E%3CBR%20%2F%3EIn%20the%20workaround%20KB5013118%2C%20Step%205%20is%20listed%20as%20optional%20(Remove%20or%20renew%20any%20certificates%20that%20have%20expired%20or%20will%20expire%20within%20the%20next%2030%20days.)%20if%20the%26nbsp%3B'DisableAsyncNotification'%20reg%20key%20is%20enabled.%26nbsp%3B%20Obviously%20I%20won't%20be%20removing%20the%20'MS-Organization-P2P-Access'%20certificate%20as%20it's%20required.%26nbsp%3B%20If%20I%20then%20run%20the%20'Remove%20Expiry%20Notification%20script'%20it%20will%20then%20clean%20out%20any%20messages%20in%26nbsp%3B%26nbsp%3B%20AsyncOperationNotification%20folder%20in%20the%20arbitration%20mailbox%2C%20I%20then%20need%20to%20disable%20'DisableAsyncNotification'.%26nbsp%3B%20%26nbsp%3B%3CSTRONG%3EShould%20this%20workaround%20be%20applied%20before%20or%20after%20the%20installation%20of%20March's%20update%3C%2FSTRONG%3E%3F%3CBR%20%2F%3E%3CBR%20%2F%3EI%20don't%20understand%20how%20it's%20a%20valid%20workaround%2C%20as%20I%20still%20have%20the%20expiring%20certificate%20installed%20on%20the%20system.%26nbsp%3B%20Surely%20new%20messages%20will%20be%20subsequently%20sent%20to%20the%20'AsyncOperationNotification%20folder'%20as%20soon%20as%26nbsp%3BDisableAsyncNotification%20is%20disabled%20(step2).%26nbsp%3B%20%26nbsp%3BIs%20this%20workaround%20just%20to%20get%20the%20service%20running%20again%2C%20will%20the%20crashing%20symptoms%20continue%20following%20a%20reboot%20if%20expiring%20certs%20are%20still%20installed%3F%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EA%20thorough%20explanation%20is%20required!%3CBR%20%2F%3E%3CBR%20%2F%3EVery%20poor%20Microsoft.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3270124%22%20slang%3D%22de-DE%22%3ESubject%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3270124%22%20slang%3D%22de-DE%22%3E%3CP%3EPlease%20don't%20update!!%3C%2FP%3E%3CP%3ELast%20Weekend%20this%20update%20broke%20my%20Exchange!%20My%20problem%20was%20none%20of%20those%20described%20here%2C%20many%20services%20where%20not%20starting%2C%20exchange%20PowerShell%2FECP%2FOWA%20etc.%20where%20not%20avilable.%20I%20was%20not%20able%20to%20uninstall%20that%20update%2C%20it%20stop%20with%20an%20error.%3CBR%20%2F%3EReinstalling%20also%20was%20not%20possible.%20So%20I%20ended%20reinstalling%20Exchage%20in%20recovery%20mode!%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F774706%22%20target%3D%22_blank%22%3E%40ms%3C%2FA%3E%20do%20your%20f-job%20and%20dont%20release%20souch%20a%20junk%20as%20an%20update%2C%20where%20everything%20gets%20broken.%20I%20would%20appreciate%20if%20you%20just%20inform%20us%20und%20tell%20us%20to%20cut%20the%20servers%20temporarly%20from%20internet%20until%20its%20safe%20to%20update!%20Do%20you%20test%20anything%20at%20all%20before%20your%20release%20souch%20an%20update%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3270187%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3270187%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1346697%22%20target%3D%22_blank%22%3E%40Barth1983%3C%2FA%3E%26nbsp%3BThe%20problems%20you%20are%20describing%20typically%20happen%20if%20the%20update%20installation%20is%20not%20started%20in%20elevated%20mode.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3270204%22%20slang%3D%22de-DE%22%3ESubject%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3270204%22%20slang%3D%22de-DE%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F357345%22%20target%3D%22_blank%22%3E%40Bhalchandra_Atre-MSFTthe%3C%2FA%3E%20update%20was%20installed%20via%20windows%20update%20(SYSTEM)%20so%20I%20don't%20think%20that%20that%20was%20the%20case!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3270244%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3270244%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1346697%22%20target%3D%22_blank%22%3E%40Barth1983%3C%2FA%3E%26nbsp%3Bthanks%20for%20sharing%20the%20details%2C%20what%20is%20your%20OS%20version%2C%20Exchange%20version%3F%20Also%2C%20if%20possible%2C%20I%20suggest%20you%20open%20support%20case%20for%20debugging%20of%20why%20the%20issue%20may%20have%20occurred.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3270260%22%20slang%3D%22de-DE%22%3ESubject%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3270260%22%20slang%3D%22de-DE%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F357345%22%20target%3D%22_blank%22%3E%40Bhalchandra_Atre%20MSFT%3C%2FA%3E%20Windows%20Server%202016%20with%20all%20Security%20Updates%20incl.%20March%202022%20installed%2C%20Exchange%20Server%202016%20Cu22%20with%20January%202022%20Exchange%20Security%20Update%20installed.%20Sophos%20Antivirus%20as%20AV%20Software.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3270387%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3270387%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1346697%22%20target%3D%22_blank%22%3E%40Barth1983%3C%2FA%3E%26nbsp%3Bhave%20you%20temporarily%20disabled%20the%20anti-virus%20software%20(see%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fplan-and-deploy%2Finstall-cumulative-updates%3Fview%3Dexchserver-2019%23best-practices%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fplan-and-deploy%2Finstall-cumulative-updates%3Fview%3Dexchserver-2019%23best-practices%3C%2FA%3E)%20during%20the%20update%20process%3F%20They%20sometimes%20prevent%20the%20installer%20from%20properly%20replacing%20files%20or%20stopping%20services.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F286871%22%20target%3D%22_blank%22%3E%40Sam_T%3C%2FA%3E%26nbsp%3Bthere%20was%20content%20added%20to%20the%20KB%20(latest%20insights%20due%20to%20ongoing%20investigations).%20The%20KB%20says%3A%20%22%3CEM%3Ewe%20recommend%20that%20you%20leave%20the%20registry%20value%20as%20is%20%3CU%3E%3CSTRONG%3Euntil%20the%20issue%20is%20resolved%20by%20Microsoft%3C%2FSTRONG%3E%3C%2FU%3E.%3C%2FEM%3E%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1345796%22%20target%3D%22_blank%22%3E%40neilhoward84%3C%2FA%3E%26nbsp%3BDo%20you%20run%20a%20single%20version%20(only%20Exchange%202013%2F2016%2F2019)%20or%20a%20mixed%20version%20environment%20(e.g.%20Exchange%202016%20%26amp%3B%20Exchange%202019%20in%20co-existence)%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3270502%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3270502%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20clients%20we%20support%20only%20run%20a%20single%20version%2C%20Exchange%20sever%202016.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAll%20the%20Exchange%20servers%20have%20a%20%E2%80%98%3CSPAN%3EMS-Organization-P2P-Access'%20certificates%20with%20a%2024%20hour%20validity%20on.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%E2%80%99ve%20had%20to%20push%20back%20the%20deployment%20of%20this%20update%20until%20I%20get%20the%20answers%20to%20the%20questions%20I%20asked%20earlier%20in%20this%20thread!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3270589%22%20slang%3D%22de-DE%22%3ESubject%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3270589%22%20slang%3D%22de-DE%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3E%3CSPAN%20class%3D%22%22%3EI%20didn't%20disabled%20it%2C%20my%20first%20thought%20was%20AV%20but%20according%20to%20AV%20Logs%20that%20was%20not%20the%20case.%20Until%20now%20there%20was%20no%20difficulties%20regarding%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3EAV%2C%20wenn%20installing%20exchange%20security%20updates%2C%20with%20CUs%20yes.%20I%20also%20installed%20the%20march%202022%20in%204%20other%20similar%20environments%20without%20problems%2C%20same%20os%2C%20exchange%20version%20and%20same%20AV.%20Since%20last%20weekend%20I%20stopped%20deploying%20it%20to%20other%20costumer's%2C%20I%20have%20wasted%20enough%20one%20weekend.%20%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3271034%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3271034%22%20slang%3D%22en-US%22%3E%3CP%3EI%20didn't%20have%20any%20problems%20re-assigning%20certificates%20on%20Exchange%20e2016%20or%20e2019%20this%20year.%26nbsp%3B%20Run%20the%20healthcheker.ps1%2C%20I%20find%20it%20shows%20pending%20issues%20very%20well.%26nbsp%3B%20As%20long%20as%20the%20new%20certificate%20is%20assigned%20to%20services%2C%20the%20old%20certificate%20and%20be%20simply%20deleted%20and%20they%20should%20not%20be%20left%20there%20to%20begin%20with%2C%20that%20is%20a%20recipe%20for%20disaster.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3271095%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3271095%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1345796%22%20target%3D%22_blank%22%3E%40neilhoward84%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3EQ%3A%20Does%20this%20only%20apply%20to%20certificates%20that%20have%20Exchange%20services%20tied%20to%20them%2C%20or%20is%20it%20any%20certificate%20in%20the%20personal%20store%3F%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EA%3A%20If%20the%20certificate%20is%20returned%20via%20'Get-ExchangeCertificate'%2C%20it%20might%20cause%20the%20service%20to%20crash%20because%20we%20then%20generate%20the%20async%20notifications%20as%20described%20in%20the%26nbsp%3BKB5013118.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3EQ%3A%20Should%20this%20workaround%20be%20applied%20before%20or%20after%20the%20installation%20of%20March's%20update%3F%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EA%3A%20Please%20check%20the%20'Cause'%20section.%20It%20shows%20a%20clear%20order%20of%20the%20steps%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20type%3D%221%22%3E%0A%3CLI%3E%3CP%3E%3CEM%3EOn%20the%20servers%20that%20are%20running%20Exchange%20Servers%2C%20set%20the%20registry%20value%20that's%20described%20in%20the%20%22Workaround%22%20section%2C%20Step%201.%3C%2FEM%3E%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CEM%3EDo%20the%20%22Workaround%22%20Step%202.%3C%2FEM%3E%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%20class%3D%22%22%3E%3CEM%3EInstall%20the%20March%202022%20Exchange%20Server%20security%20update.%3C%2FEM%3E%3C%2FP%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%3CEM%3EQ%3A%20%3CSPAN%3EIs%20this%20workaround%20just%20to%20get%20the%20service%20running%20again%2C%20will%20the%20crashing%20symptoms%20continue%20following%20a%20reboot%20if%20expiring%20certs%20are%20still%20installed%3F%26nbsp%3B%3C%2FSPAN%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EA%3A%20The%20workaround%20disables%20the%20functionality%20which%20generates%20async%20notifications%20to%20avoid%20these%20notifications%20are%20generated%20on%20different%20Exchange%20server%20builds%20(servers%20that%20have%20installed%20the%20SU%20and%20servers%20that%20have%20not).%26nbsp%3BIf%20you%20run%20a%20single%20Exchange%20Server%20version%20(for%20example%2C%20only%20Exchange%202019)%20within%20your%20environment%20without%20co-existence%2C%20%3CSTRONG%3Eyou%20can%20safely%20remove%20the%20registry%20value%20after%20all%20servers%20are%20updated%3C%2FSTRONG%3E.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3271106%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3271106%22%20slang%3D%22en-US%22%3E%3CP%3ERun%20the%20HealthChecker.ps1%2C%20it%20will%20tell%20you%20if%20there%20are%20issues.%26nbsp%3B%20Expired%20certificates%20need%20to%20be%20deleted%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3271187%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3271187%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20required%20workaround%20to%20get%20this%20patch%20installed%20is%20quite%20frankly%20a%20ridiculous%20requirement!%26nbsp%3B%20This%20should%20not%20be%20needed%20on%20production%20systems%20to%20remediate%20critical%20CVE's.%26nbsp%3B%20Microsoft%20should%20have%20not%20released%20the%20update%20in%20this%20state%2C%20it's%20clearly%20not%20been%20adequately%20tested.%26nbsp%3B%20What%20is%20the%20ETA%20on%20a%20working%20fix%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EQ%3A%20Does%20this%20only%20apply%20to%20certificates%20that%20have%20Exchange%20services%20tied%20to%20them%2C%20or%20is%20it%20any%20certificate%20in%20the%20personal%20store%3F%3C%2FEM%3E%3C%2FP%3E%3CP%3EA%3A%20If%20the%20certificate%20is%20returned%20via%20'Get-ExchangeCertificate'%2C%20it%20might%20cause%20the%20service%20to%20crash%20because%20we%20then%20generate%20the%20async%20notifications%20as%20described%20in%20the%26nbsp%3BKB5013118.%3CBR%20%2F%3E%3CSTRONG%3E%3CBR%20%2F%3EGet-ExchangeCertifcate%2C%20returns%20any%20certificate%20in%20the%20personal%20store%20of%20a%20server%20where%20Exchange%20Server%20is%20installed.%26nbsp%3B%20This%20means%20our%20'MS-Organization-P2P-Access'%20is%20listed%20when%20I%20run%20that%20command!%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CEM%3EQ%3A%20Should%20this%20workaround%20be%20applied%20before%20or%20after%20the%20installation%20of%20March's%20update%3F%3C%2FEM%3E%3C%2FP%3E%3CP%3EA%3A%20Please%20check%20the%20'Cause'%20section.%20It%20shows%20a%20clear%20order%20of%20the%20steps%3A%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EQ%3A%20I've%20read%20the%20Cause%20sections%2C%20so%20if%20I'm%20not%20running%20different%20Exchange%20versions%20or%20co-existence%20mode%2C%20will%20I%20be%20unaffected%20by%20this%20issue%3F%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3EQ%3A%20Is%20it%20possible%20to%20check%20for%20these%20async%26nbsp%3Bnotification%2C%20prior%20to%20updating%3F%26nbsp%3B%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EQ%3A%26nbsp%3BIs%20this%20workaround%20just%20to%20get%20the%20service%20running%20again%2C%20will%20the%20crashing%20symptoms%20continue%20following%20a%20reboot%20if%20expiring%20certs%20are%20still%20installed%3F%26nbsp%3B%3C%2FP%3E%3CP%3EA%3A%20The%20workaround%20disables%20the%20functionality%20which%20generates%20async%20notifications%20to%20avoid%20these%20notifications%20are%20generated%20on%20different%20Exchange%20server%20builds%20(servers%20that%20have%20installed%20the%20SU%20and%20servers%20that%20have%20not).%26nbsp%3BIf%20you%20run%20a%20single%20Exchange%20Server%20version%20(for%20example%2C%20only%20Exchange%202019)%20within%20your%20environment%20without%20co-existence%2C%26nbsp%3Byou%20can%20safely%20remove%20the%20registry%20value%20after%20all%20servers%20are%20updated.%26nbsp%3B%3CBR%20%2F%3E%3CSTRONG%3E%3CBR%20%2F%3EQ%3A%20I%20don't%20follow%2C%20how%20can%20you%20safely%20remove%20the%20registry%20value%20again%20if%20the%20expiring%20certificate%20is%20still%20present%20on%20the%20server%2C%20the%20remove%20expiry%26nbsp%3Bnotification%26nbsp%3Bscript%20is%20just%20clearing%20out%20the%20notification.%26nbsp%3B%20Has%20the%20underlying%20issue%20causing%20the%20crash%20in%20relation%20to%20async%20notifications%20been%20fixed%2C%20or%20will%20this%20occur%20again%3F%20I%20ask%20this%20as%20I%20won't%20be%20performing%20the%20optional%20step%205%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3271197%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3271197%22%20slang%3D%22en-US%22%3E%3CP%3EHave%20you%20ran%20the%20Healthcheker.ps1%20script%3F%26nbsp%3B%20Your%20Exchange%20server%20is%20clearly%20not%20healthy%20and%20people%20need%20to%20see%20the%20results%2C%20it's%20a%20basic%20step%20for%20any%20Exchange%20server%20implementation%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3271211%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3271211%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1091455%22%20target%3D%22_blank%22%3E%40GettnBetter%3C%2FA%3E%26nbsp%3B%20Of%20course%20I've%20run%20the%20healthchecker.ps1%20script%2C%20I%20run%20it%20before%20and%20after%20any%20CU%2FSU%2C%20our%20servers%20are%20healthy.%26nbsp%3B%20It%20has%20flagged%20a%20certificate%20with%200%20lifetime%20in%20days%2C%20which%20is%20expected.%26nbsp%3B%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EYou%20do%20realise%20an%20Exchange%20server%20merely%20pulls%20certificates%20from%20the%20computers%20personal%20certificate%20store%3F%26nbsp%3B%20This%20store%20may%20contain%20certificates%20that%20are%20not%20specific%20to%20Exchange%2C%20in%20our%20instance%20an%20'MS-Organization-P2P-Access'%20certificate%20with%20a%2024hour%20validity%20which%20is%20a%20requirement%20for%20Azure%20AAD%20hybrid%20joined%20clients.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20is%20why%20this%20issue%20is%20so%20annoying%2C%20as%20I%20expect%20lots%20of%20people%20have%20this%20type%20of%20certificate%20on%20their%20servers.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3272184%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3272184%22%20slang%3D%22en-US%22%3E%3CP%3ELike%20many%20of%20you%2C%20I%20had%20a%20client%20install%20this%20update%20and%20it%20went%20belly%20up.%26nbsp%3B%20%26nbsp%3B%205%20Microsoft%20technicians%20and%2036%20hours%20later%2C%20we%20finally%20got%20the%20server%20back%20online%20and%20operational.%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20symptoms%3A%26nbsp%3B%20%26nbsp%3BThe%20ECP%20redirecting%20to%20OWA%20in%20a%20endless%20loop%20causing%20a%20404%20error%20and%20mail%20flow%20problems.%20The%20published%20workaround%20for%20the%20OWA%20issue%20to%20run%20the%20UpdateCas.ps1%20and%20UpdateConfigFiles.ps1%20Powershell%20Scripts%20did%20not%20fix%20the%20issue.%26nbsp%3B%20It%20persisted%20afterwards.%26nbsp%3B%20Tried%20uninstalling%20the%20Security%20Update%20and%20it%20made%20no%20difference.%26nbsp%3B%20ECP%20and%20OWA%20didn't%20work%20regardless%20what%20was%20tried.%26nbsp%3B%20Microsoft%20re-installed%20Exchange%202016%20CU22%2C%20searched%20for%20missing%20DLL's%2C%20and%20fixed%20some%20file%20system%20permission%20issues%2C%20but%20that%20didn't%20even%20make%20a%20difference.%26nbsp%3B%20After%20countless%20hours%20of%20searching%20and%20trial%20and%20error%2C%20I%20noticed%20that%20the%20OWA%20showed%20that%20the%20FrontEnd%2FHttp%2Fowa%2FAuth%2FLogin.aspx%20file%20was%20missing.%26nbsp%3B%20%26nbsp%3BI%20checked%20the%20physical%20directory%20and%20sure%20enough%2C%20the%20files%20in%20that%20folder%20were%20missing.%26nbsp%3B%20%26nbsp%3BI%20restored%20from%20a%20Previous%20Version%20backup%20prior%20to%20the%20Security%20Update%20installation%20and%20voila!%26nbsp%3B%20%26nbsp%3BECP%20and%20OWA%20was%20working%20again.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20for%20mail%20flow%2C%20that%20issue%20had%20to%20do%20with%20the%20Microsoft%20Exchange%20Transport%20Submission%20service%20being%20missing%20from%20Services.%26nbsp%3B%20%26nbsp%3BI'm%20not%20sure%20how%20that%20happened%20either.%26nbsp%3B%20%26nbsp%3BUsing%20some%20Powershell%20commands%20to%20attach%20a%20SSL%20certificate%20to%20a%20Receive%20Connector%20seemed%20to%20have%20restored%20it.%26nbsp%3B%20%26nbsp%3B%20Once%20all%20the%20relating%20transport%20services%20were%20running%2C%20mail%20started%20to%20flow%20again.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnce%20these%20issues%20were%20corrected%2C%20we%20re-downloaded%20the%20Security%20Update%20and%20re-applied%20it.%26nbsp%3B%20%26nbsp%3BThe%20second%20installation%20installed%20without%20issue.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20that%20this%20information%20helps%20others%20out%20there%20and%20save%20you%20some%20time%20in%20troubleshooting.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3274933%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3274933%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EYou%20mentioned%20that%20the%20article%20states%26nbsp%3B%3CEM%3E%22we%20recommend%20that%20you%20leave%20the%20registry%20value%20as%20is%20until%20the%20issue%20is%20resolved%20by%20Microsoft.%22%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%3CP%3EThat's%20not%20quite%20what%20it%20says.%20It%20says%20%3CEM%3E%22I%3CSTRONG%3Ef%20you%20run%20a%20mixed%20environment%20(co-existence%20of%20multiple%20Exchange%20Server%20versions%2C%20such%20as%20Exchange%20Server%202019%20and%202016%2C%20or%20Exchange%20Server%202016%20and%202013)%2C%3C%2FSTRONG%3E%20we%20recommend%20that%20you%20leave%20the%20registry%20value%20as%20is%20until%20the%20issue%20is%20resolved%20by%20Microsoft.%22%26nbsp%3B%26nbsp%3B%3C%2FEM%3EThere's%20a%20significant%20difference%20between%20the%20two%20statements.%26nbsp%3B%20So%20if%20you%20are%20not%20running%20a%20mixed%20environment%2C%20what%20is%20Microsofts%20recommendation%20%3F%26nbsp%3B%20Do%20something%3F%20Do%20nothing%20%3F%20Just%20be%20confused%20by%20the%20wording%20of%20the%20article%20%3F%3C%2FP%3E%3CP%3EI%20don't%20understand%20why%20after%20all%20of%20these%20years%2C%20almost%20every%20announcement%20of%20a%20CU%2FSU%2Fbug%20has%20to%20be%20followed%20up%20by%20seemingly%20endless%20requests%20for%20Microsoft%20to%20clarify%20their%20articles%20and%20statements.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooking%20forward%20to%20your%20always%20timely%20and%20thoughtful%20response.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3274936%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3274936%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20you%20may%20have%20missed%20the%20question%20in%20my%20earlier%20post.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20article%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-gb%2Ftopic%2Fexchange-service-host-service-fails-after-installing-march-2022-security-update-kb5013118-1cf2ecaf-2e87-4c42-b541-6adc47e01a5d%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EExchange%20Service%20Host%20service%20fails%20after%20installing%20March%202022%20security%20update%20(KB5013118)%20(microso...%3C%2FA%3E%26nbsp%3BI%20don't%20see%20a%20date%2Ftime%20of%20last%20revision%20in%20the%20article.%20Did%20I%20miss%20it%20%3F%26nbsp%3B%20%26nbsp%3B%20These%20kb%20articles%20used%20clearly%20note%20the%20date%20%26amp%3B%20time%20of%20last%20revision.%20Why%20aren't%20these%20date%2Ftime%20stamped%20any%20longer%3F%26nbsp%3B%20Do%20you%20know%20how%20much%20time%20it%20takes%20to%20read%20one%20of%20these%20articles%20and%20try%20and%20guess%20if%20there%20are%20any%20changes%20since%20the%20last%20time%20you%20read%20it%20%3F%3C%2FP%3E%3CP%3EI%20do%20have%20dozens%20of%20other%20tasks%20I%20need%20to%20perform%20on%20a%20weekly%20basis%20so%20I'm%20not%20dedicated%20to%20only%20periodically%20reviewing%20articles%20on%20failed%20CUs%20and%20SUs%20just%20to%20see%20if%20any%20of%20the%20guidance%20that%20might%20affect%20my%20Exchange%20environment%20may%20have%20changed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ELooking%20forward%20to%20your%20always%20timely%20and%20thoughtful%20response.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3274937%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3274937%22%20slang%3D%22en-US%22%3E%3CP%3ERather%20confused%20that%20the%20security%20updates%20this%20year%20have%20been%20really%20de-stabilizing%20for%20the%20Exchange%20server%20environments.%20MS%20has%20been%20releasing%20articles%20about%20workarounds%20and%20steps%20to%20get%20system%20up%20and%20running%20again.%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20happened%20to%20quarterly%20CU-s%20that%20were%20promised%3F%20Last%202%20quarterlies%20have%20not%20been%20released%20yet%20and%20the%20security%20updates%20appear%20to%20break%20things%20and%20then%20shortly%20after%20we%20get%20articles%20how%20to%20work%20around%20that.%20With%20email%20systems%20being%20used%20as%20one%20of%20the%20primary%20communications%20channels%20between%20majority%20of%20the%20companies%2C%20I%20would%20expect%20MS%20to%20put%20a%20little%20more%20effort%20into%20the%20updates%20and%20testing%20before%20releasing%20and%20pushing%20them%20out.%3C%2FP%3E%3CP%3EHas%20there%20been%20a%20change%20in%20the%20cumulative%20updates%20release%20process%20and%20frequency%20that%20MS%20has%20forgotten%20to%20communicate%20out%20or%20has%20it%20been%20communicates%20somewhere%20without%20reaching%20the%20target%20audience%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3278377%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20March%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3278377%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164282%22%20target%3D%22_blank%22%3E%40Lukas%20Sassl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20mentioned%20that%20the%20article%20states%26nbsp%3B%3CEM%3E%22we%20recommend%20that%20you%20leave%20the%20registry%20value%20as%20is%20until%20the%20issue%20is%20resolved%20by%20Microsoft.%22%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%3CP%3EThat's%20not%20quite%20what%20it%20says.%20It%20says%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3E%22I%3CSTRONG%3Ef%20you%20run%20a%20mixed%20environment%20(co-existence%20of%20multiple%20Exchange%20Server%20versions%2C%20such%20as%20Exchange%20Server%202019%20and%202016%2C%20or%20Exchange%20Server%202016%20and%202013)%2C%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ewe%20recommend%20that%20you%20leave%20the%20registry%20value%20as%20is%20until%20the%20issue%20is%20resolved%20by%20Microsoft.%22%26nbsp%3B%26nbsp%3B%3C%2FEM%3EThere's%20a%20significant%20difference%20between%20the%20two%20statements.%26nbsp%3B%20So%20if%20you%20are%20not%20running%20a%20mixed%20environment%2C%20what%20is%20Microsofts%20recommendation%20%3F%26nbsp%3B%20Do%20something%3F%20Do%20nothing%20%3F%20Just%20be%20confused%20by%20the%20wording%20of%20the%20article%20%3F%3C%2FP%3E%3CP%3EI%20don't%20understand%20why%20after%20all%20of%20these%20years%2C%20almost%20every%20announcement%20of%20a%20CU%2FSU%2Fbug%20has%20to%20be%20followed%20up%20by%20seemingly%20endless%20requests%20for%20Microsoft%20to%20clarify%20their%20articles%20and%20statements.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooking%20forward%20to%20your%20always%20timely%20and%20thoughtful%20response%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Mar 16 2022 08:54 AM
Updated by: