Microsoft has released an important security update for Exchange Server 2013. The bulletin MS15-064 states:
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow elevation of privilege if an authenticated user clicks a link to a specially crafted webpage. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.
The update is available for Exchange Server 2013 SP1 (CU4) and CU8. The update will also be included in CU9 and all future cumulative updates.
- Security update for Exchange Server 2013 CU8 (KB3062157)
- Security update for Exchange Server 2013 SP1 (KB3062157)
Note: There are reports such as those in the comments below that this update causes problems in some CU8 environments. If your testing reveals the same issue in your own environment I recommend uninstalling the update, and then evaluating and deploying CU9 instead.
I had 2 issues when installing in my test environment. 4 multi role servers in a DAG running CU8.
1) After rebooting the “Microsoft Exchange Search Host Controller” service was changed to ‘disabled’ and this caused issues with indexing on the databases. Changing it to Auto and starting the service resolved the problem.
2) On 2 of the 4 systems experienced the same ECP/OWA errors listed above when attempting to access OWA or ECP.
Could not load file or assembly ‘Microsoft.Exchange.Common, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35′ or one of its dependencies. The system cannot find the file specified.
I resolved this issue by hardcoding the BinSeaarchFolders path in IIS as documented in the following technet forum:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/5259018c-aec7-4490-a500-e1af54798f14/exchange-2013-ecp-error-line-43?forum=exchangesvrgeneral
What is the recommendation for those running CU7 Paul?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
The release of CU9 this week means CU7 is now out of support. You should plan to upgrade to one of the supported CUs.
Now I even got the same error after installing this update at another customer, this one running a two-node DAG with multirole (CAS and MBX) CU8 servers.
Server Error in ‘/ecp’ Application.
——————————————————————————–
Could not load file or assembly ‘Microsoft.Exchange.Common, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. The system cannot find the file specified.
And then the same errors in the applog…
I’ll uninstall this. I’m curious if I’ll get the same error when installing CU9 as this update is included in CU9.
I really can’t believe I’m the only one experiencing this. 🙂
I too had the exact same error, only i forgot to copy it.
I’m in the middle of a migration from 2010 to 2013, and still testing so i just uninstalled it, but the error was the same.
Installed CU9 after uninstalling the update, no errors. 🙂
Any known problems with this update?
I just installed it on our 2013 cu4 POC and after logging in to the ecp i got an error.
Trouble is i forgot to write down what the error exactly said, i just uninstalled it.
Some yellow letters about somtehing that couldnt be found…
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
I have heard no other reports of yellow letters about something that couldn’t be found after installing this update.
I experienced errors on ECP and OWA on two dedicated MBX-server installed directly using CU8 after installing this update.
Uninstalling the update fixed the issue, so I’m bound to stay clear of this update for a while, leaving the customers Exchange-servers vulnerable…
Event code: 3008
Event message: A configuration error has occurred.
Event time: 11.06.2015 13:44:00
Event time (UTC): 11.06.2015 11:44:00
Event ID: 9e2c3121221e4063b7b8758500d7bb07
Event sequence: 5
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/2/ROOT/ecp-1-130784966371187422
Trust level: Full
Application Virtual Path: /ecp
Application Path: C:Program FilesMicrosoftExchange ServerV15ClientAccessecp
Machine name: E15MBX01
Process information:
Process ID: 5200
Process name: w3wp.exe
Account name: NT AUTHORITYSYSTEM
Exception information:
Exception type: ConfigurationErrorsException
Exception message: Could not load file or assembly ‘Microsoft.Exchange.Common, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. The system cannot find the file specified.
at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
at System.Web.Configuration.Common.ModulesEntry.SecureGetType(String typeName, String propertyName, ConfigurationElement configElement)
at System.Web.Configuration.Common.ModulesEntry..ctor(String name, String typeName, String propertyName, ConfigurationElement configElement)
at System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList)
at System.Web.HttpApplication.GetModuleCollection(IntPtr appContext)
at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
Could not load file or assembly ‘Microsoft.Exchange.Common, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. The system cannot find the file specified.
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMarkHandle stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName, ObjectHandleOnStack type)
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName)
at System.Type.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase)
at System.Web.Compilation.BuildManager.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase)
at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
Request information:
Request URL: https://localhost:444/ecp/exhealth.check
Request path: /ecp/exhealth.check
User host address: 127.0.0.1
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITYSYSTEM
Thread information:
Thread ID: 11
Thread account name: NT AUTHORITYSYSTEM
Is impersonating: False
Stack trace: at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
at System.Web.Configuration.Common.ModulesEntry.SecureGetType(String typeName, String propertyName, ConfigurationElement configElement)
at System.Web.Configuration.Common.ModulesEntry..ctor(String name, String typeName, String propertyName, ConfigurationElement configElement)
at System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList)
at System.Web.HttpApplication.GetModuleCollection(IntPtr appContext)
at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Are these servers DAG members?
Nope, two standalone MBX-servers.
I saw that error installing my first Exchange 2013 box into my Org. according to a couple blog posts I finally found it is because a second copy of the sharedwebconfig.config file doesn’t get generated by the installer in the correct location. This solved my problem, hope it helps you.
Copy the sharedwebconfig.config file from:
E:Program FilesMicrosoftExchange ServerV15FrontEndHttpProxy
To:
E:Program FilesMicrosoftExchange ServerV15ClientAccess
Fix for me was in IIS, Application Settings, BinSearchFolders. It had: %ExchangeInstallDir%bin;%ExchangeInstallDir%binCmdletExtensionAgents;%ExchangeInstallDir%ClientAccessOwabin
So I changed it to our install directory, yours is probably different: D:ExchangeServerV15bin;D:ExchangeServerV15binCmdletExtensionAgents;D:ExchangeServerV15ClientAccessOwabin
Found the fix here:
https://social.technet.microsoft.com/Forums/office/en-US/7c36836c-0223-4bfe-8a36-24db8a021507/error-in-ecp-and-owa-after-update?forum=exchangesvrdeploy