Josh Bryant – Page 2 – Fix The Exchange!

Changing my focus in 2016.

January 5, 2016 | Uncategorized | No Comments

I’ve always had two passions throughout my IT career, Messaging, and Security. I tend to change my focus from one to the other every few years. For the past couple years as a Premier Field Engineer, I was fortunate enough to be able to leverage both of my passions, however Messaging was my primary focus. Yesterday was my first day back to work in 2016. It was also the start of a new role for me at Microsoft. I am now a Cybersecurity Architect, and with that my primary focus changes to Security once again. This means you’ll probably see a little more Security focused content on my blog from now on. Even though Security is now my main focus, my Messaging skills are in demand with my new role, so I’ll still get to leverage both my passions. I’m looking forward to helping customers be more secure in 2016!

By Josh Bryant

Exchange 2016 is here!

October 1, 2015 | Uncategorized | No Comments

Exchange 2016 has been officially released! Read the official announcement here: http://aka.ms/msexchange2016 More to come soon.

By Josh Bryant

Autodiscover error 0x80090014 during Outlook’s Test E-mail AutoConfiguration

September 18, 2015 | Uncategorized | No Comments

This week I was helping a customer figure out why their Windows 8.1 with Outlook 2013 clients couldn’t connect to Exchange 2010 over Outlook Anywhere with Smartcard Authentication, but their Windows 7 with Outlook 2010 clients could. After a couple days of looking at network traces on firewalls, Process Explorer, and Process Monitor on several clients, we finally figured it out. Keep reading for more details on symptoms, cause, and resolution.

Symptoms
Outlook Profile creation either fails after a single PIN prompt with a message stating that encrypted communication with the Exchange Server could not be established, or profile creation never progresses past the first stage with repeated PIN prompts.

Additionally, using the “Test E-mail AutoConfiguration” feature in Outlook (CTRL + Right Click on the Outlook icon in the system tray) returns error 0x80090014 on the log tab for Autodiscover. (Note: If no profiles exist on the problem computer, you can open Outlook without creating a profile to access this functionality).

Cause
0x80090014 = NTE_BAD_PROV_TYPE, “Invalid provider type specified”. This occurs when an application tries to use a Cryptographic Service Provider (CSP) that Windows isn’t aware of. This may be the result of the version of Windows not supporting a CSP, or Smartcard Middleware not properly installing a 3^rd Party CSP required by the certificate on the Smartcard.

Resolution
Verify that the version of Windows you are running supports the CSP used by the certificate on your Smartcard, and that any 3^rd Party CSPs/Middleware required by your certificate are installed and properly functioning.

You can see the available CSPs by viewing the following Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Providers

In this case, the customer had 3^rd Party (ActivIdentity’s ActivClient) Middleware installed. We found that version 7.x was installed on the Windows 8.1/Outlook 2013 clients that couldn’t connect, and version 6.2.9200 on the Windows 7/Outlook 2010 clients that were able to connect.

We found that the non-functioning clients were missing the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider\ActivClient Cryptographic Service Provider

They were also missing a DLL identified by one of the values under that key:
C:\Program Files\ActiveIdentity\ActivClient\accsp.dll

Without that registry key and DLL, Windows couldn’t find the CSP from the certificate we selected on our Smartcard when prompted, which is why we saw the 0x80090014 error.

Updating to the latest 7.x version we could find did not resolve this issue. We had to uninstall 7.x and install 6.2.9200 (WARNING! This requires an account with local administrative privileges that is allowed to logon with username and password! After the required reboot to uninstall the 7.x version, you will not be able to logon with a Smartcard. You must install the working 6.2.9200 version in order to use Smartcard logon again.)

After downgrading the Middleware to a version that included the necessary registry entries and DLL file, the Windows 8.1 w/ Outlook 2013 clients were able to successfully connect to Exchange over Outlook Anywhere with Smartcard Authentication.

By Josh Bryant

Where to find me during the Microsoft Ignite Conference

April 30, 2015 | Conference Talks | No Comments

Here are some times/places you can find me during the Microsoft Ignite conference next week.

Sunday May 3rd

3-4 PM – #BeerIT – I’m hoping to make this pre-conference party, but the time conflicts with a meeting I have. Hopefully I’ll be able to make it for at least part of it.

6-9 PM – Exchange and Sharepoint Pre-Release Program Pre-Event – This one is invite only, if you have an invite, I’ll see you there!

Monday May 4th

6-8 PM Welcome Reception/Ask the Experts in the Expo Hall – I’ll be hanging out in the Office 365/Exchange area wearing one of the “EXPERT” Orange shirts.

After Hours – TBD

Tuesday May 5th

Attending as many sessions as I can get into. Taking it easy after hours to make sure I’m ready to deliver my session on Wednesday.

Wednesday May 6th

10:45 AM – 12 PM – Delivering “Shut the Front Door! Securing your Messaging Environment.” in room N426 (Subject to change, the room has a capacity of 548, and over 800 have enrolled!)

Attending any sessions I can for the rest of the afternoon.

After Hours TBD, but now that my session is out of the way, it’ll be time to let loose!

Thursday May 7th

1:15PM – 4 PM – Manning the Exchange booth in the Expo Hall.

6:30PM – 10:30PM I- Ignite Celebration!

Friday May 8th

Squeezing into a few last sessions, then heading home!

By Josh Bryant

EXCLUSIVE: Exchange 2016 to run on Minecraft!

April 1, 2015 | Uncategorized | No Comments

A month in advance of the Ignite Conference, an anonymous source within the Exchange Product Group tells us Exchange 2016 is being built on, and will run entirely inside of, Minecraft. Check out my exlusive interview below!

FixTheExchange: Why Minecraft?!

Anonymous Exchange Product Group Person: We were really excited when Microsoft bought Minecraft. We'd seen how a few players had built working Word Processors and even Hard Drives inside of Minecraft, and thought it would be fun to build the next version of Exchange entirely inside of Minecraft. With the improvments to Managed Availability we've made since introducing it in Exchange 2013, Exchange practically runs itself. Systems Administrators are getting bored, we wanted to make Exchange fun and challenging again. We also thought that by building it entirely within Minecraft, we might attract a younger generation of coders to join our team, keeping Exchange fresh and exciting for years to come.

FixTheExchange: What challenges did you face building such a complex product within Minecraft?

Anonymous Exchange Product Group Person: It was slow going at first. We weren't quite sure how to go about things. We tried to build the first version on "Survival Mode", which is the default mode. It took a really long time to gather the materials needed, and our hard work kept getting blown up by "Creepers". One of our developers almost quit when a Creeper blew him up along with a section of the new Transport Pipeline that he'd been working on for days. We ended up starting over on "Creative Mode" after that, and things went a lot smoother from then on.

FixTheExchange: What about Office 365, doesn't everything start there before going On-Premises now?

Anonymous Exchange Product Group Person: Yes! We haven't changed that. In fact Office 365 is literally built in the clouds! We built it near the block limit. When you enter the Exchange 2016 Minecraft world, Office 365 can be seen looming everywhere above you at all times. Hybrid is even easier than ever, you just build a ramp from your on-premises deployment on the ground up to Office 365 in the clouds. The ramp contains 2 minecart tracks, 1 for inbound traffic and 1 for outbound.

FixTheExchange: How will you administer it?

Anonymouse Exchange Product Group Person: That's the fun part! For example, if you want to provision a mailbox for a person, you have to actually build them a mailbox, the same way you'd build a house if you were playing Minecraft.

FixTheExchange: What's your favorite new feature?

Anonymous Exchange Product Group Person: Hololens integration! It's an incredibly immersive experience. Imagine sitting in your datacenter, you put on your Hololens, and your instantly transported into your Exchange 2016 environment.

FixTheExchange: Sounds awesome! When will it be released?

Anonymous Exchange Product Group Person: When it's ready.

There you have it, you heard it here first!

By Josh Bryant

Join me for “Shut the Front Door! Securing your Messaging Environment” at the Microsoft Ignite Conference on May 6th!

April 1, 2015 | Conference Talks | No Comments

If you haven't already heard, I'll be delivering a session at the Microsoft Ignite conference at the McCormick Place in Chicago Illinois May 4-8. My session is called "Shut the Front Door! Securing your Messaging Environment". (Session code BRK3109)

UPDATED! TIME CHANGE! (Updated again, for some reason the strikethrough text isn't working, removed some text to avoid confusion)

The date and time of my session have been officially announced, it will be Wednesday May 6th from 10:45AM to 12:00 PM. You can find more details here. Also be sure to check out my promo video on YouTube.

As of today (Updated 4/9) there are already over 400 enrolled to attend my session, space is limited, so if you haven't already enrolled in my session, be sure to do so soon! The conference itself is sold out!

Stay tuned for a behind the scenes look at what goes into creating a session for this conference! I hope to see you there!

By Josh Bryant

Exchange 2013 CU8, Exchange 2010 SP3 RU9, and Exchange 2007 SP3 RU16 have been released!

March 17, 2015 | Uncategorized | No Comments

Exchange 2013 CU8, Exchange 2010 SP3 RU9, and Exchange 2007 SP3 RU16 have all been released!

By Josh Bryant

Exchange 2013 CU7, Exchange 2010 SP3 RU8, and Exchange 2007 SP3 RU15 have been released!

December 10, 2014 | Uncategorized | No Comments

Exchange 2013 CU7, Exchange 2010 SP3 RU8, Exchange 2007 SP3 RU15, and UM Language Packs for CU7, were all released yesterday. These include important security fixes for vulnerabilities outlined in MS14-075.

There have been reports of RU8 breaking Outlook connectivity. Because of this, RU8 is being recalled, so expect an RU8v2. For more information, see the Exchange Team blog post that was updated today.

By Josh Bryant

2014 Black Friday/Cyber Monday Deals

November 24, 2014 | Uncategorized | No Comments

The Holiday shopping season is upon us, and retailers are posting their Black Friday and Cyber Monday deals already. I refuse to go participate in the madness that is Black Friday, and prefer ordering things online anyway, so I usually participate in Cyber Monday, if I even participate at all. In recent years, many retailers have made a lot of deals available online for not only Cyber Monday, but for Black Friday as well. Several even have deals available the entire week of Thanksgiving. I'll add to this list as they come to me.

Microsoft Store

The Microsoft Store has a phone, a tablet, a laptop, and headphones, all available right now. They also have a list that includes everything from Surface tablets and Xbox Ones to 3D Printers that will go on sale starting Thangsgiving.

Shop 2014 Black Friday Deals

Their Cyber Monday deals page is up, but currently doesn't list what deals we can expect, it just says "coming soon".

Shop 2014 Cyber Monday Deals

VMware
Save 30% on VMware Fusion 7 or VMware Fusion 7 Professional

By Josh Bryant

Exchange 2010 SP3 RU7 and Exchange 2013 CU6 – Catching up…

September 2, 2014 | Uncategorized | No Comments

Due to traveling and the holidays, I'm a little late on getting this out there… Exchange 2010 SP3 RU7 and Exchange 2013 CU6 were both released last week (August 26th 2014).

Exchange 2010 SP3 RU7 has a handful of bug fixes, and so far is rather unintersting and uneventful.

Exchange 2013 CU6 on the other hand, has had a couple major issues. The first issue only happens if you're in Co-Existence with Exchange 2007 and have a Database Availabilty Group (DAG). After installing CU6, Databases in your DAG may failover unexpectedly. An interim update is available to fix this issue. You'll have to contact Microsoft Support to obtain it if you need it.

The second issue only happens if you're in a Hybrid deployment with Office 365. CU6 includes the fix for KB2988229 where running/rerunning the Hybrid Configuration Wizard would fail in CU5 or earlier due to a change made on the Office 365 side. Great news! Except that it breaks some basic functionality for your Hybrid deployment, like creating a mailbox. There's a script to fix this, but the script will fail if you've installed Exchange anywhere BUT the default install path. You can fix it by changing the baseDirectory in the script (found in 3 spots) to this: $baseDirectory = "$Env:ExchangeInstallPath" + "ClientAccess\ecp\DDI"

By Josh Bryant

You had me at EHLO…

More about AMSI integration with Exchange Server July 22, 2021
The Windows Antimalware Scan Interface (AMSI) is a versatile standard that allows applications and services to integrate with any antimalware product present on a machine. AMSI is vendor agnostic and designed to allow for the most common malware scanning and protection techniques provided by today's products to be integrated into applications. Seeing that Exchange administrators might not […]
The_Exchange_Team
Demystifying Moderation July 20, 2021
Sometimes you may need to restrict email delivery to specific recipients. The most common scenario is the need to control messages sent to large distribution groups. Depending on your organization's requirements, you may also need to control the messages sent to executive mailboxes or partner contacts. You can use moderation to accomplish these tasks. When […]
The_Exchange_Team
Released: July 2021 Exchange Server Security Updates July 13, 2021
Microsoft has released security updates for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 All versions (Cumulative Update levels) are impacted. Updates are available for the following specific builds of Exchange Server: IMPORTANT: If manually installing security updates, you must install .msp from elevated command prompt (see Known Issues in update […]
The_Exchange_Team
Google Workspace to Exchange Online migrations now support Gmail Filter to Outlook rule migration July 6, 2021
Previously, when you migrated content from Google Workspace (formerly G Suite) to Microsoft 365, a user could bring over their Mail, Calendar, and Contact information. While this did help reduce friction for users getting used to the new platform, it did not avoid the burden of re-creating all their email organization rules in Outlook. To […]
The_Exchange_Team
Released: June 2021 Quarterly Exchange Updates June 29, 2021
Today we are announcing the availability of quarterly Cumulative Updates (CUs) for Exchange Server 2016 and Exchange Server 2019. These CUs include fixes for customer reported issues, all previously released security updates, and a new security feature. A full list of fixes is contained in the KB article for each CU, but we wanted to […]
The_Exchange_Team
Basic Authentication and Exchange Online – June 2021 Update June 16, 2021
It’s been a few months since our last update on Basic Authentication in Exchange Online, but we’ve been busy getting ready for the next phase of the process: turning off Basic Authentication for tenants that don’t use it, and therefore, don’t need it enabled. We have millions of customers who have Basic Auth enabled in […]
The_Exchange_Team

Recent News

Author: Josh Bryant