KB3161608 & KB3161606 replaced by KB3172605 & KB3172614

KB3172605 (Windows 7 and Windows Server 2008 R2 Sp1) and KB3172614 (Windows 8.1 and Windows Server 2012 R2) are July 2016 update rollups, and are replacing the update rollups from June 2016 (KB3161608 and KB3161606). July 2016 update rollups are fixing the issues that were caused by the June 2016 update rollups (for example: Hyper V and Integration Services issues).
All other updates introduced in June 2016 update rollups are present also into July 2016 update rollups.
So, introduction of new cipher suites to Internet Explorer and Microsoft Egde in Windows introduced in June 2016 update rollups, might break access to some old https enable sites.
This issue can be resolved by uninstalling these update rollups, or in my case adding the following registry key on affected machines (lowering the DHE key length on clients to 512bits, instead using the default 1024bits):

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
"ClientMinKeyBitLength"=dword:00000200

After adding the registry key (restart is not necessary), https "oldies" started to open with Internet Explorer.

Happy Patching :)

Microsoft Exchange ECP in English

This is quick one, just in case you're administering Microsoft Exchange 2013 without mailbox in that organization, and you want to open the ECP interface in English (default language is something else than English), at the end of the url add "?mkt=EN-us".

For example: if the URL of the ECP is https://exchange.server.local/ecp, URL for opening ECP on English will look like this: https://exchange.server.local/ecp?mkt=EN-us .
 

Microsoft Exchange excessive log growth on database

In this case, in Microsoft Exchange 2010 organization, there was excessive log files generation for one database. Number of logs generated for the database was 10 times higher than usual daily rate for that database. Besides monitor tools that were monitoring the parameters of the Exchange server and reported this excessive log growth for the database, backup administrators has also noticed that time needed for the backup of this database has also grown.
So, question was why there is excessive log growth for this database ?
For answering this question I've installed ExMon (Exchange Server User Monitor) on server that was having this database mounted.
For downloading Microsoft Exchange Server User Monitor for Microsoft Exchange Server 2000,2003,2007 and 2010 use this link
For downloading Microsoft Exchange Server User Monitor for Microsoft Exchange Server 2013 and 2016 use this link

Running Exchange Server User Monitor has reported a user that has "monopolized" store.exe process cpu usage to 50% and generated huge amount of log data. Disabling this user has normalized logs generated files for the affected database. And the reason for this huge amount of logs generated files for the database was a faulty activesync device registered by this user. Enabling this AD user and disabling activesync access for this user, has also stabilized affected database logs generation.

For more info about ExMon follow this link.

Refreshing ExMon might crash the console and prevent ExMon from running again with following error "Unknown StartTrace error (183)", because the previously started trace is still running. In order to resolve the issue, check the status of running traces and search for "Exchange Event Trace" with "logman query -ets" :


Stop the trace with "logman stop "Exchange Event Trace" -ets ", and ExMon should start successfully.

For more about debugging Microsoft Exchange excessive database logging please check https://blogs.technet.microsoft.com/exchange/2013/04/18/troubleshooting-rapid-growth-in-databases-and-transaction-log-files-in-exchange-server-2007-and-2010/ .
 

Network shares might become inaccessible after installation of KB3161949

In this case, access to internal network shares for external users was granted over Cisco ASA as a published solution. After installation of KB3161949 on Window Server 2012 R2, that was hosting those network shares, the network shares become inaccessible to these external users. The error message that external users were experiencing by the Cisco ASA portal was "Error contacting host":


Even though the description of this KB is "MS16-077 Description of the security update for WPAD: June 14, 2016", there is a change by this KB affecting the network shares access.
The first change listed in the KB article is hardening the NETBIOS communication outside of the local subnet, affecting the SMB over NETBIOS to stop working outside of the local subnet (in my case Cisco ASA for publishing network share access was relying on).
Resolving the issue for these external users, and enabling access to internal shares same way as before installation of this KB, was either by uninstalling the KB or enabling the following key in registry:

SUBKEY: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Value Name: AllowNBToInternet
Type: Dword
Value: 1

After creation of AllowNBToInternet and setting the value to 1, and rebooting the server, external users were able to connect to network shares again, hosted on Windows Server 2012 R2 and published by Cisco ASA.
 

How to check EMBG (Unique Master Citizen Number) using regex

In this post, I will share my implementation of how to check if some number looks like EMBG or Unique Master Citizen Number. For those of yo...