www.butsch.ch

Azure ENS | Endpoint Security EPO | ePolicy Orchestrator Exchange 2013 Exchange 2016 Exchange 2019 M365 - Exchange Online M365,AZURE,INTUNE Mcafee/Trellix Microsoft Exchange SECURITY

M365, Exchange Online Remote Powershell blocked by T1056 Mitre Trellix

04.04.2023 admin

Trellix ENS 10.X, T1056 – Key capture using PowerShell detected, Host intrusion buffer overflow ExP:Illegal API Use Blocked an attempt to exploit C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE, which targeted the GetAsyncKeyState API. For efficient M365 and Exchange Online management, there are various methods available. While utilizing the PowerShell button within the Admin Portal is one option, it requires an Azure […]

Exchange 2010 Exchange 2013 Exchange 2016 Exchange 2019 Hotfixes, Updates M365,AZURE,INTUNE SECURITY SPAM Fortimail

CVE-2023-23397, Outlook.exe Exploit, PidLIDReminder custom Sound ab SMB für Termin Reminder

15.03.2023 admin

CVE-2023-23397 Was ausgenutz wird: Anstatt Standard Microsoft Outlook Sound kann man für ein meeting reminder einen Custom Sound angeben. Dieser kann auf einem Share liegen. Da liegt der Hund begraben. https://learn.microsoft.com/de-de/office/client-developer/outlook/mapi/pidlidreminderoverride-canonical-property https://www.forbes.com/sites/daveywinder/2023/03/15/microsoft-outlook-warning-critical-new-email-exploit-triggers-automatically-update-now/?sh=47f058ce6e5e CVE-2023-23397 ist ein Outlook-Bug. Wenn Sie eine eingehende E-Mail für einen Termin mit einer benutzerdefinierten Erinnerung (Ton, Attribut PidLIDReminder) senden, wird Outlook.exe (2012/2016) versuchen, […]

Deployment Hotfixes, Updates M365,AZURE,INTUNE W10 WSUS

Starting march 2023, Microsoft EDGE will be the new Adobe Reader and Acrobat if you Opt IN

14.02.2023 admin

Starting march 2023, Microsoft EDGE will be the new Adobe Reader and Acrobat if you Opt IN I just found some Information while searching for more Infos about the 02/2023 Windows Updates/Patches. This is interesting because we mostly do AutoUpdates for Defender and EDGE Updates while we analyse and test all other monthly CUMU updates […]

M365,AZURE,INTUNE Scripting

M365/Power Automate/Flow: PA is in wrong language as example German/Deutsch Syntax GO TO missing, change language

04.02.2023 admin

Some braindumps from trying to learn new M365 things. Automation of Blender with Power Automate Desktop. I have long experience in AUTOIT but wanted to try the MS solution for once. If you Install Power Automate desktop the Menu, content and also the Commands are in the primary APP language you have under […]

Azure CRUNCH Exchange 2013 Exchange 2016 Exchange 2019 M365 - Exchange Online M365,AZURE,INTUNE Microsoft Exchange

M365/Hybrid Exchange Setup: Steps to verify on-premise, Prepare for Directory Synchronization (IDFIX, UPN, Proxyaddress)

03.02.2023 admin

TIP: Cleanup everything LOCAL before you even think of moving anything to M365 or Azure or even starting the Connector PRO TIP: Full manual list of Objects/attribute to check on your local ADS in this blog. This blog entry is mainly about those two steps of the MS Technet: https://learn.microsoft.com/en-us/microsoft-365/enterprise/prepare-for-directory-synchronization?view=o365-worldwide Directory Clean-up Tasks Directory object […]

Exchange 2016 Microsoft Exchange Microsoft Server OS SECURITY

KEMP Load Balancer, Microsoft IIS, How to see Source IP address in Logfiles on Webserver

02.02.2023 admin

“We once had a case where we needed to install a URL-Rewrite Module in IIS CAS 2010 to submit more information to the Rapid7 Solution. (This was during a time before all the monthly leaks for 2013/2016/2019 came up, pushing all customers towards M365, and it was unclear what the module would do inside Exchange, […]

M365,AZURE,INTUNE Uncategorized

ChatGPT/Azure answers risk question about M365 and generates C# code

02.02.2023 admin

AI esp. ChatGPT catches a lot of media coverage these days. The buzzwords range from Syknet (Terminator), Wargames (Tic, Tac, Toe), Jobkiller. There was a report on Swiss TV showing that children use GPT to do their homework from the city Aesch/Switzerland. Because GPT changes the order and re-arranges text the teachers are […]

Exchange 2013 Exchange 2016 Exchange 2019 M365,AZURE,INTUNE Microsoft Exchange

Exchange: Error when you want to change a Receive Connector TLS with a Cert with no Common Name

01.02.2023 admin

On an Exchange 2016/2019/M365/Azure you want to change the TLS Certificate of your Receive Connector. Your SAN (Subject Alternate Name) or Wildcard Certificate has no Common Name [CN] (Empty). When you try to assign the cert the regular way you get an error. Nothing wrong with the Cert company just the other side (Requester/Converter) as […]

VMWare

VMWARE, ESX, Netapp Storage AFF-C190, NFS 3, Server OS freeze/stall during Veeam Backup or high load

19.01.2023 admin

SOLUTION: performance: NFS3 > NFS4 change of share > performance problem and freeze gone OR change optimize the settings for existing NFS3 (Fine tune) SOLUTION: NFS 4.1 NETAPP Ontapp Failover fails with NFS 4.1 > This is solved with ESX 7.0 GA and 6.7P04 (Says a Netapp Partner) SOLUTION: If you have sensitive high […]

Exchange 2016 Exchange 2019 Microsoft Exchange

Exchange 2016 CU20 Schema Update setup.exe /preparead fail because of case sensitivity of OWA APP Policy

19.10.2022 admin

ISO/PATCH: ExchangeServer2016-x64-cu20 Cumulative Update 20 for Exchange Server 2016 (microsoft.com) Problem: Exchange 2016 CU20 Setup.exe /preparead (Version 15.1.2242.4 Fails) on Server 2016 (1607) Step Configuring Microsoft Exchange Server Organization Preparation results FAILED Exchange 2016 CU 20 need and fails to update Active Directory Schema to newer Version (setup.exe /prepareschema works setup.exe /Preparead fails) if you […]

FW Sophos

Sophos-UTM-9314-13-Data-Disk-is-filling-up

15.10.2022 admin

Sophos-UTM-9314-13-Data-Disk-is-filling-up Alert E-Mail you get Data Disk is filling up – please check. Current usage: 98% System Uptime : 11 days 20 hours 21 minutes System Load : 0.06 System Version : Sophos UTM 9.314-13 Please refer to the manual for detailed instructions. First to do that you have to enable SSH and you have […]

Exchange 2010 Exchange 2013 Exchange 2016 Microsoft Exchange

Exchange 2013/2016 EAS Activeync (MDM, mobile) stops syncing. Event 2002, limit max, Targetbackend, will be rejected

31.08.2022 admin

Problem: Exchange 2013/2016 Activeync MDM Handy stops syncing, Event 2002, limit max, Targetbackend, will be rejected In generall this could be a EAS Activesync device running mad or a user using functions like Time to leave on iPhone (See link at end of document here) It’s rather important we find what causes the effect inseatd […]

Deployment Ivanti Frontrange Enteo Microsoft SCCM,MEM,MDT Scripting W10 WSUS

inprogressinstallinfo.ipi. Cannot open database file. System error -2147287037.

18.08.2022 admin

W10/W11, 21, Disk D: and e: ripped out and moved to new PC, Error on old PC with just the c: and 21H2 Problem: Error 2203.Database: C:\WINDOWS\Installer\inprogressinstallinfo.ipi. Cannot open database file. System error -2147287037. The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code […]

Deployment Hotfixes, Updates Microsoft SCCM,MEM,MDT WSUS

August 08/2022 Patch KB5012170 Update for Secure Boot DBX problem 0x800f0922

15.08.2022 admin

August 08/2022 Patch KB5012170 Update for Secure Boot DBX problem 0x800f0922 Problem: You can’t install August 2022 Update KB5012170 on some systems under certain condition where Secure Boot is enbled and not latest BIOS/UEFI Firmware . You will receive an Error 0x800f0922 Error: Package KB5015730 failed to be changed to the Installed state. Status: 0x800f0922. […]

WSUS

WSUS Server crash Event ID 7053,12072,12052,12042,12012,13042 (Related to memory short)

28.07.2022 admin

Event ID 7053,12072,12052,12042,12012,13042 on WSUS Server ERROR: Unable to open WSUS MMC or connect with Script/PS/Tools to the WSUS database. On Clients or Server your see an error when this happens because, the WSUS APP Pool on IIS is down. What is the problem? If this happens you will after a reboot of the […]


Try our new Certificate Revocation List Check Tool CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files.

Highroller