So today I am taking a chance writing about something I do on a daily basis which is actually my job and my passion. I specialise in many fields in Information Technology and I am hoping that I can reach out to more people like myself on Steemit and maybe help each other in this ever-growing sector.
I have only now decided to write about what I do because I faced some issues on Saturday during an upgrade and although it took me some time to find the fix, I realised that if I share this then it will help the next person a hell off a lot of time!
My scenario is that I was running Microsoft Exchange 2016 with cumulative update 2 which was way out of Microsoft’s support window, so I finally decided to update on Saturday.
- I ran .Net 4.7.1 which is a pre-requisite for Cumulative update 8 (Referred to as CU8 hereafter)
- Mount the Cu8 ISO file and Open command prompt as an administrator and navigate to ISO directory.
- Before starting the upgrade please unload/disable your antivirus – I had Trend and it threw out errors so had to be disabled just for the upgrade.
- Run setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
- Run setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
- Run setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms
- Run G:\setup.exe /m:upgrade /IAcceptExchangeServerLicenseTerms
The upgrade went well however I started testing and the only issue I found was that I could not log into OWA. It seems that CU8 strips out the Microsoft Exchange Server Certificate which is used for OWA authentication. After some time troubleshooting and researching I found a fix however the mistake I made was applying the fix and retesting immediately which proved unsuccessful so finally I decided to apply the fix and allow some propagation time. Posting the fix and link below:
- New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn= Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName server.domain.com -Services smtp
Do not accept to replace the SMTP certificate when prompted
- Note the thumbprint of the new certificate. Let us assume it is 7A39541F8DF58D4821967DD8F899B27410F7C081
- $a=get-date
- Set-AuthConfig -NewCertificateThumbprint 7A39541F8DF58D4821967DD8F899B27410F7C081 –NewCertificateEffectiveDate $a
Accept to continue despite the fact that the certificate effective date is not 48 hours into the future - Set-AuthConfig –PublishCertificate
- Make sure to remove any potential reference to the previous certificate (which might not exist anymore) by doing Set-AuthConfig -ClearPreviousCertificate.
I am hoping that this helps someone a load of time and if you are a tech guy like me , please shout out as I would like to find more like minded people on the Steemit community.
Sneaky Ninja Attack! You have been defended with a 5.94% vote... I was summoned by @trev03! I have done their bidding and now I will vanish...Whoosh
The tool to Convert EDB to PST EdbMails uses its deep scanning techniques to recover every bit of information from inaccessible exchange databases and also doesn’t alter the contents of original database under recovery. With the use of EdbMails’s granular or selective exchange recovery users can extract exactly what they want from the mailboxes easily and export them to PST files at a desired location.