www.butsch.ch

CRUNCH Exchange 2013 Exchange 2016 Exchange 2019 M365 - Exchange Online M365,AZURE,INTUNE Microsoft Exchange

M365/Exchange Hybrid OAuth Testing command, OAuth-Cert out-of-sync 4001, IIS VDIR OAuth wrong

21.06.2023 admin

www.butsch.ch Resolve and find OAuth problem in Exchange Hybrid Setup Environment Short Understanding OAuth: OAuth (Open Authorization) is an industry-standard protocol that enables secure authorization for third-party applications without the need to disclose user credentials. It allows users to grant limited access to their resources on one site to another site, without sharing their credentials. […]

Exchange 2019 M365 - Exchange Online M365,AZURE,INTUNE

Exchange Tenant, EXO, EWS Security change (Fehlervermeidung Security), 02-2025

20.02.2025 admin

Exchange Tenant, EXO, EWS Security change (Fehlervermeidung Security) Microsoft verbessert die Sicherheit von EWS und löst das Problem bei der Kombination von “per Tenant” und “per User” Rechten. Dies erleichtert es insbesondere grossen Unternehmen, Compliance-Vorgaben konsequent durchzusetzen. Ein wesentlicher Grund für diese Änderung ist, dass viele Personen im M365-Portal oder über Graph API Änderungen vornehmen, […]

Server 2016 VMWare WSUS

Packet loss older NIC VMWARE 1.9.11.0 on ESXi 8.0.2

20.02.2025 admin

Packet loss with VMXNET3, NIC VMWARE, 14.09.2022, 1.9.11.0, Server 2016 ON ESXi 8.0.2, 238255 Did you update the NIC driver when migrating to ESX V8? We recently encountered issues on a server running WSUS and Trellix ePO, which normally generate a lot of traffic in all directions. For several days, I observed sporadic packet loss […]

M365,AZURE,INTUNE Microsoft Server OS Server 2025 WSUS

Inplace Upgrade of WSUS Server 2016 to 2025 in one step

17.02.2025 admin

English: In-Place Upgrade: WSUS Server from Server 2016 to Server 2025 Good news for IT admins and engineers: An in-place upgrade from Windows Server 2016 to Server 2025 for WSUS is now fully feasible. During our tests, we successfully migrated the entire WSUS server role, including all prerequisites, WSUS content, console views, and approval settings, […]

Hotfixes, Updates Intunes WSUS

Block 24H2 W11 Update which comes with februar Patchday 02-2025

12.02.2025 admin

The Microsoft 02-2025 Patchday brings a hidden surprise for all valid systems. It pre-downloads and offersthe 24H2 W11 Feature Update. Most of the existing problems target home/gamer users, but still,some people would like to block the update on single systems. Pre-download folder for W11 > W11 Release Migration, around 450 MB you see if too […]

DLP | Data Loss Prevention ENS | Endpoint Security EPO | ePolicy Orchestrator Mcafee/Trellix

Trellix ePolicy Orchestrator 5.10.0 Service Pack 1 Update 4

05.02.2025 admin

Trellix ePolicy Orchestrator 5.10.0 Service Pack 1 Update 4 We have installed the latest Update 4 on several customer on-premises EPO installation and the update works fine and without any problems. Key Considerations for Updating Trellix ePO 5.10 SP1 to the Latest Rollup 4 Check your ePO database size. Some Trellix SP or Rollup […]

Deployment GPO | Gruppenrichtlinien Hotfixes, Updates Scripting

Microsoft EDGE fails to Update from WSUS, from MSI-file or repair APPS because of GPO, 0x80070643, 1722

16.01.2025 admin

Microsoft EDGE fails to Update from WSUS, from MSI-file or repair APPS because of GPO, 0x80070643, 1722 Cause: GPO / EdgeUpdate Policies In this case, we have a GPO (Group Policy) created by or for a customer who uses Firefox as the default browser because a Citrix engineer advised them that this was the best […]

Scripting

Auto resize pictures in Winword for a blog Post automatic with VBA macro

02.01.2025 admin

WHO: You Blog with Winword to WordPress or Blogengine.net and want to auto resize the pictures direct in Winword (Not in the blog with some risky plugin) I do not like macros in any form due to security reasons (we block them wherever we can), but there might be a reason to use one locally […]

Deployment Microsoft SCCM,MEM,MDT

MDT/SCCM, bluescreen intcpmt.sys, 3.1.2.2 A0 on W10 1909, Intel Platform Technology on Dell 5690

28.11.2024 admin

MDT/SCCM, bluescreen intcpmt.sys, 3.1.2.2 A0 on W10 1909, Intel Platform Technology driver on DELL 5690 We have a customer where, besides other OS releases, we still run Windows 10 1909 because they have so many different DELL laptop models. We roll out 1909 and then silently update it to Windows 10 21XX afterward. This […]

Exchange 2016 Exchange 2019 M365 - Exchange Online Outlook

Outlook.exe, delay in receive and sending E-Mail in cached mode how to solve with GPO

11.11.2024 admin

In the OLD KB-Nummer: 982697 MS explains……. (Now MS Learn…) The default Behavior for downloading shared folders can be modified using Group Policy and registry settings. Some of these policies and registry values may have improved the performance of shared folders in earlier versions of Outlook or when the shared folders were located […]

M365,AZURE,INTUNE Microsoft SCCM,MEM,MDT

M365, Intunes Company Portal 0x87D1041C when UWP assigned to user AND device

11.11.2024 admin

If you see Error 0x87D1041C in the Company Portal (Unternehmensportal), it may be related to the assignment types. In Intunes you should avoid mixing “USER” and “SYSTEM/DEVICE” assignments for UWP apps. In this case, Error 0x87D1041C will appear in the M365 Portal, but the app will still function. If the UWP app is already […]

Microsoft Server OS Server 2019

Server 2019 bug c:\windows\system32\control.exe error

17.09.2024 admin

Windows Server 2019 Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item Reason is this local GPO on the Server: User Account Control: Admin Approval Mode for the Built-in Administrator account If you follow the process below with gpedit.msc you WILL FIND OUT That […]

Exchange 2016 Exchange 2019 M365 - Exchange Online Microsoft Exchange Microsoft Server OS Server 2019 Server 2022 [21H2/22H2/32H2] Server 2025 Tools we made Uncategorized

MS SRV Disable IPv6 the correct way CVE-2024-38063

16.08.2024 admin

Recommendation 16.08.2024 for CVE-2024-38063 and IPV6 There is a patch from 2008-2022+ Servers so use it See following LINK on how to import the older OS patches into WSUS CVE-2024-38063, CVSS 9.8, import free 2008/R2 + 2012R2 into WSUS – www.butsch.ch https://www.butsch.ch/post/cve-2024-38063-cvss-9-8-how-to-import-the-free-2008-2008r2-patch-into-wsus/ If you can’t patch then as least options CAREFULLY consider disabling IPV6 the […]

WSUS

CVE-2024-38063, CVSS 9.8, import free 2008/R2 + 2012R2 into WSUS

15.08.2024 admin

CVE-2024-38063, CVSS 9.8 Using the network properties GUI to disable IPv6 is not supported This registry value doesn’t affect the state of the following check box. Even if the registry key is set to disable IPv6, the check box in the Networking tab for each interface can be selected. This is an expected behavior. […]

M365,AZURE,INTUNE SECURITY Server 2022 [21H2/22H2/32H2]

SMB over QUIC a OneDrive, Sharepoint replacement, SRV 2025?

24.07.2024 admin

SMB over QUIC UDP is coming to on-premises Server 2025 for all OS editions. This feature will be included in every edition of Microsoft Server 2025. It uses The Microsoft Windows Admin Center Server (WAC) which was built to manage you inhouse server structure remote (no Azure or cloud dependency). The Microsoft Server and Storage […]

DLP | Data Loss Prevention ENS | Endpoint Security EPO | ePolicy Orchestrator Mcafee/Trellix MSME | Security for Exchange SECURITY Server 2012 R2 Server 2016 Server 2022 [21H2/22H2/32H2]

Crowdstrike Falcon Sensor, Azure VM Repair paths

19.07.2024 admin

The procedures in this article describe methods you can use to attach an encrypted OS disk to a repair VM and then unlock that disk. After the disk is unlocked, you can repair it. As a final step, you can replae the OS disk on the original VM with this newly repaired version. Microsoft has […]


Try our new Certificate Revocation List Check Tool CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files.

Highroller