Exchange 2007 and MS08-067 Breaks HTTPS
We installed the MS08-067 security patch on our Exchange 2007 server. We are unable to get connected to the directory from the Outlook clients. Our Exchange box is located in the DMZ. We have tried it with the firewall up and down. No difference. We unistalled the patch and the same happens. Any ideas?
October 27th, 2008 4:25pm
This patch has also broken several client exchange 2k3 servers running active sync components for mobile phones. On the Local LAN it also fails OMA access - This all seems related. The servers in question cannot browse via http but can using https. We are in hot pursuit of a fix, and stopping other servers from applying this fix. Seems MS hasn't full regression tested this fix as the first servers to apply have failed and now burning time.
Free Windows Admin Tool Kit Click here and download it now
October 27th, 2008 4:38pm
Only Edge Role is supported in DMZ. Any other Exchange Role is not supported in DMZ.
For the error, are you getting "503 service unavailable" error? If so, you can follow instructions in the kb article 823159(http://support.microsoft.com/kb/823159) to fix the issue.
October 27th, 2008 9:59pm
Hi,
I agree with Bhargav. Please note that Exchange 2007 server role should be installed in the AD environment, except the Edge Role.
What is your scenario is?
Whether any error event generates on CAS role?
Whether you can access OWA? What is the URL for OWA? Https or Http?
This hotfix updates netapi32.dll. Please try to figure out whether network connection is in order now.
Please try to rename davex.dll and then restart Microsoft Exchange System Attendant services.
Note:
1. It should be located at C:\Program Files\Microsoft\Exchange Server\Bin\davex.dll
2. You can restart Microsoft Exchange System Attendant services from Services Manager. You may run Services.msc to start services manager.
Hope it helps.
Xiu
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2008 10:05am
Another point,I think we may need to update NIC driver after you applying this update.
November 3rd, 2008 9:16am
We alsoinstalled the MS08-067 security patch on our Exchange 2003 servers. We were suddenly unable the next dayto getOutlook clients to connect via OWA, using https, who would receive a Certificate "revoked" error. After removing and installing new 3rd party SSL certificate, access wassuccessful but only for aday or two, even after uninstalling the patch. This behavior continues. Each day after midnight, the https: url gives the certificate revoked error for our OWA even though we can still access OWA within our network, so all services and stores are mounted and running. Both our Front End Exchange and BackEnd Exchange have had the patch uninstalled. ideas?
Free Windows Admin Tool Kit Click here and download it now
November 4th, 2008 8:18pm