So today I am taking a chance writing about something I do on a daily basis which is actually my job and my passion. I specialise in many fields in Information Technology and I am hoping that I can reach out to more people like myself on Steemit and maybe help each other in this ever-growing sector.
I have only now decided to write about what I do because I faced some issues on Saturday during an upgrade and although it took me some time to find the fix, I realised that if I share this then it will help the next person a hell off a lot of time!
My scenario is that I was running Microsoft Exchange 2016 with cumulative update 2 which was way out of Microsoft’s support window, so I finally decided to update on Saturday.
- I ran .Net 4.7.1 which is a pre-requisite for Cumulative update 8 (Referred to as CU8 hereafter)
- Mount the Cu8 ISO file and Open command prompt as an administrator and navigate to ISO directory.
- Before starting the upgrade please unload/disable your antivirus – I had Trend and it threw out errors so had to be disabled just for the upgrade.
- Run setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
- Run setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
- Run setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms
- Run G:\setup.exe /m:upgrade /IAcceptExchangeServerLicenseTerms
The upgrade went well however I started testing and the only issue I found was that I could not log into OWA. It seems that CU8 strips out the Microsoft Exchange Server Certificate which is used for OWA authentication. After some time troubleshooting and researching I found a fix however the mistake I made was applying the fix and retesting immediately which proved unsuccessful so finally I decided to apply the fix and allow some propagation time. Posting the fix and link below:
- New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn= Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName server.domain.com -Services smtp
Do not accept to replace the SMTP certificate when prompted
- Note the thumbprint of the new certificate. Let us assume it is 7A39541F8DF58D4821967DD8F899B27410F7C081
- $a=get-date
- Set-AuthConfig -NewCertificateThumbprint 7A39541F8DF58D4821967DD8F899B27410F7C081 –NewCertificateEffectiveDate $a
Accept to continue despite the fact that the certificate effective date is not 48 hours into the future - Set-AuthConfig –PublishCertificate
- Make sure to remove any potential reference to the previous certificate (which might not exist anymore) by doing Set-AuthConfig -ClearPreviousCertificate.
I am hoping that this helps someone a load of time and if you are a tech guy like me , please shout out as I would like to find more like minded people on the Steemit community.