Clock Ticking for Some Hybrid Exchange 2013 Deployments
- By Kurt Mackie
- February 22, 2016
Organizations with "hybrid" Exchange 2013 deployments risk service interruptions if their servers are not updated in time for the April release of a security certificate renewal.
To improve Office 365 e-mail security, Microsoft said last week that it is planning to issue a renewal of the Transport Layer Security (TLS) certificate for Office 365 on April 15, 2016.
However, organizations running Exchange Server 2013 with Office 365 in so-called "hybrid" setups could find their mail operations coming to a halt if they haven't kept Exchange Server 2013 up to date with the latest cumulate updates (CUs).
Microsoft's announcement clarified that only hybrid messaging environments with the following Exchange Server 2013 setups will be adversely affected by the April 15 certificate renewal:
- Your on-premises Exchange servers are running Exchange 2013 Cumulative Update 8 (CU8) or lower.
- You've upgraded the Exchange 2013 servers that handle hybrid mailflow to Exchange 2013 CU9 or higher. However, since upgrading to CU9, you HAVE NOT re-run the Hybrid Configuration wizard (either from the Exchange Admin Center or via the direct download link).
Microsoft has been issuing its Exchange Server CUs on a quarterly basis for some time now. For Exchange Sever 2013, the last release was CU11 in December (versioning shown here). In recent years, Microsoft's Exchange team has insisted that organizations running hybrid setups have to keep pace with the CUs issued for the server product, even though those CUs haven't always been bug-free.
Microsoft's past explanations for having to keep pace on the CU front were kind of general. It was needed to stay in tune with the faster Office 365 releases, the Exchange team had indicated. This April 15 certificate renewal, though, seems to be a more concrete example of that necessity.
In addition to keeping pace with the CUs, rerunning the Exchange Hybrid Configuration wizard seems to be required for hybrid Exchange environments. The wizard creates a Hybrid Configuration Object in an organization's on-premises Active Directory, which is used to configure both the on-premises Exchange Server environment and Exchange Online, according to Microsoft's TechNet description.
Microsoft's announcement doesn't say that running the Exchange Hybrid Configuration wizard is a requirement. However, it does say that if CU9 was applied and the wizard hasn't been rerun, then organizations with hybrid Exchange will face a partial mail stoppage after April 15.
Organizations downloading Microsoft's Exchange Hybrid Configuration wizard now get the latest version of it as a standalone tool. Microsoft used to issue it with each CU release, but that left IT pros with older versions of the tool, Microsoft explained back in September.
Microsoft's announcement did offer a couple of Exchange scripts for organizations to run if they can't update Exchange Server 2013 before the April 15 deadline. Those scripts possibly are a temporary fix. If so, the point wasn't explained.
Other Exchange News
Microsoft also indicated this month that it has updated its Office 365 Hybrid Configuration wizard for Exchange Server 2010. It features more simplified error reporting.
The new Hybrid Configuration wizard for Exchange Server 2010 requires the use of Service Pack 3 to run. It will run even if the older version of the wizard was installed. IT pros should stop using the older versions of the tool and use this one, Microsoft's announcement explained.
Also this month Microsoft announced the release of its Exchange Server User Monitor for Exchange Server 2013 and Exchange Server 2016. This so-called "Exmon" tool collects user data so that IT pros can see use patterns in near real time. It's an unsupported "as-is" tool from Microsoft, although the download page includes PDF documentation.
Lastly, Microsoft issued a new Exchange Server Deployment Assistant tool for Exchange Server 2016 this month. It also warned that the arrival of .NET Framework 4.6.1 should be blocked for Exchange environments right now.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.