Cisco Add FirePOWER Module to FirePOWER Management Center

KB ID 0001178 

Problem

If you only have one FirePOWER service module you can now manage it from the ASDM;

ASA 5505-X / 5508-X Setup FirePOWER Services (for ASDM)

But if you have got more than one, and you can manage them centrally with the FirePOWER Management Center, (formally SourceFIRE Defence Center). 

WARNING:  If you are going to use FMC DON’T register your licences in the ASDM, they all need to be registered in the FMC.

 

Solution

Before you can register the SFR module in the FMC, you need to have set it up, and have ran though the initial setup. The process is the same if you intend to use the ASDM or the FMC. You can then choose whether to register from command line in the SFR, or via the ASDM.

Register SFR with FMC via Command Line

Connect to the parent firewall and open a session with the sfr module;

[box]

PETES-ASA# session sfr
Opening console session with module sfr.
Connected to module sfr. Escape character sequence is 'CTRL-^X'.

PETES-SFR login: admin
Password:{pasword}
Last login: Fri Apr  8 05:04:49 UTC 2016 on ttyS1

Copyright 2004-2015, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.

Cisco Fire Linux OS v6.0.0 (build 258)
Cisco ASA5506 v6.0.0 (build 1005)

> 

[/box]

You can then add the FMC as a manager, you will need to supply a registration key.

[box]

> configure manager add 10.9.20.25 password123
Manager successfully configured.
Please make note of reg_key as this will be required while adding Device in FMC.

[/box]

Register SFR with FMC via ASDM

Connect to the ASDM > Configuration > ASA FirePOWER Configuration > Integration  >Remote Management > Add Manager.

Specify the IP of the FMC Appliance, and registration key > Save.

It should then say ‘pending registration’.

Configure the FirePOWER Management Appliance to Accept the SFR Registration 

Log into FMC > Devices > Device Management > Add Device.

Provide the IP of the SFR module, a display name, the registration key you used above. If you have setup a group you can use it and select your Access Control Policy (dont panic if you have not configured one yet) > Register.

It can take a while, but eventually it should register like so;

Problems

Could not establish a connection with sensor. Make sure the registration keys match, that the software versions are compatible,and that the network is not blocking the connection.

Had this problem for a while, (Credit to Craig Paolozzi for finding the fix.) Both the SFR, and the FMC console needed static routes adding to them (even though they could ping each other!) Pointing to each other.

Related Articles, References, Credits, or External Links

NA

Cisco – Testing AAA Authentication (Cisco ASA and IOS)

KB ID 0001175 

Problem

I always forget the syntax for this, and I’ve been meaning to publish this for a while so here you go. If you have AAA setup and people can’t log in, then the ability to test authentication against a user’s username and password is a good troubleshooting step!

Usually I’m on a Cisco ASA but I’ll tag on the syntax for IOS as well.

 

Solution

Cisco ASA Test AAA Authentication From Command Line

You will need to know the server group and the server you are going to query, below the ASA is using LDAP, but the process is the same for RADIUS, Kerberos, TACACS+, etc.

[box]

Petes-ASA# show run | begin aaa
aaa-server TEST-LDAP-SERVER protocol ldap
aaa-server TEST-LDAP-SERVER (inside) host 192.168.110.10
 ldap-base-dn dc=TEST,dc=net
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn cn=asa,OU=Users,OU=Test-Corp,dc=TEST,dc=net
 server-type auto-detect

[/box]

To test your user, (username: ttester password: Password123);

[box]

Petes-ASA# test aaa-server authentication TEST-LDAP-SERVER host 192.168.110.10 username ttester password Password123
INFO: Attempting Authentication test to IP address  (timeout: 12 seconds)
INFO: Authentication Successful

[/box]

Cisco ASA Test AAA Authentication From ASDM

Log into the ADSM  > Configuration > Device Management > Users/AAA  > Select the Server Group > Select the Server > Test.

Select ‘Authentication’ > Enter Username/Password > OK.

Cisco IOS Test AAA Authentication From Command Line

As above, you need to know which server group, and server, you are going to test authentication against;

[box]

Petes-Router#show run aaa
!
aaa authentication login default local
aaa authorization exec default local
!
aaa group server radius RADIUS-GROUP
 server-private 192.168.110.10 key 666999
!
aaa new-model
aaa session-id common
!

[/box]

Text

[box]

Petes-Router#test aaa group RADIUS-GROUP tester Password123 legacy
Attempting authentication test to server-group RADIUS-GROUP using radius
User was successfully authenticated.

OR

Petes-Router#test aaa group RADIUS-GROUP tester Password123 new-code
User successfully authenticated

USER ATTRIBUTES

Framed-Protocol 0 1 [PPP]
service-type 0 2 [Framed]
noescape 0 True
autocmd 0 " ppp negotiate"
Petes-Router#

[/box]

Related Articles, References, Credits, or External Links

Cisco ASA – AnyConnect Authentication via LDAP and Domain User Groups

Windows Server 2012 – Configure RADIUS for Cisco ASA 5500 Authentication

Windows Server 2008 R2 – Configure RADIUS for Cisco ASA 5500 Authentication

Cisco ASA 5500 Client VPN Access Via Kerberos (From CLI)

Set Cisco ASA for Kerberos Authentication

Windows Server – Change a DHCP Scopes Subnet Mask

KB ID 0001177 

Problem

You have probably tried to do this and found he option ‘greyed out’ because in the DHCP management console you can’t change the subnet mask of a scope. 

I needed to change a clients DHCP scope because I was changing their subnet from /24 to /16. I could have simply deleted and recreated the scope, but they has a lot of custom settings for their phone system, and hundreds of reservations (which I know is unusual).

Solution

I wrote an article a long time ago about migrating DHCP scopes, this process uses the same method to take a backup of the scope, then you can edit the subnet mask, and ‘re-import’ the scope again.

First take a backup of the scope, open an administrative command window, and run the following command;

[box]

netsh dhcp server \\”Server name” scope “scope subnet” dump>c\:dhcp.txt
i.e.
netsh dhcp server \\Server-DC01 scope 10.0.0.0 dump >c:\temp\dhcp.txt

[/box]

 

Then open the C:\dhcp.txt file, and locate the subnet mask;

Edit it accordingly, and save the changes.

 

You can now DELETE the live scope, then reimport the one you just edited with the following command;

[box]

netsh exec c:\temp\dhcp.txt 

[/box]

Note: As you can see even when is has successfully import dyou will still see a “The following command was not found d error

On older, (pre Windows Server 2012 machines) use the following syntax instead;

[box]

netsh dhcp server import c:\temp\dhcp.txt all

[/box]

Related Articles, References, Credits, or External Links

NA

HP – Switches The IP (or subnet) Already Exists

KB ID 0001176 

Problem

I was changing a clients LAN subnet this week, (dropping the mask from /24 to /16). When I attempted to change the management IP on the clients HP switches this happened;

[box]

HP2510-24G(config)# vlan 1
HP2510-24G(vlan-1)# ip address 10.0.0.250 255.255.0.0
The IP address (or subnet) 10.0.0.250/16 already exists.
HP2510-24G(vlan-1)#

[/box]

At first I though the switch was complaining because the IP was remaining the same, I was just changing the mask, (which is a bit bobbins, but there you go).  Turns out this is normal behaviour? Yes I could have got my console cable out, and walked to the comms room and done this;

[box]

HP2510-24G(config)# vlan 1
HP2510-24G(config)#no ip address 10.0.0.250 255.255.255.0
HP2510-24G(vlan-1)# ip address 10.0.0.250 255.255.0.0 
HP2510-24G(vlan-1)#

[/box]

But that would mean getting off my lazy backside, and what if I was hundred of miles from the switch?

 

Solution

To solve the problem you need to enter the HP switch menu system, this will let you change the IP on the fly. Obviously if you change the IP, make sure you can connect to it’s old, (and new), IPs or you will lose remote management.

From CLI type ‘menu’ {Enter}, you may be asked if you want to save the config. Choose ‘Switch Configuration’.

IP Configuration.

Edit.

Use the cursor keys and navigate to the IP/Subnet mask, and change accordingly > {Enter}

Select Save > Reconnect to the new IP address.

Related Articles, References, Credits, or External Links

HP Networking – Tracing Networks and Locating IP addresses

Cisco FirePOWER SFR Module Cannot Ping

KB ID 0001174 

Problem

On a newly deployed FirePOWER service module I wanted to test connectivity and attempted to ping a public IP address. This is what happened;

> expert
admin@Petes-SFR:~$ ping 8.8.8.8
ping: icmp open socket: Operation not permitted

My first though was, “Well you have to set a default gateway on the SFR when you set it up, so the firewall is probably blocking ICMP”. So I checked the default policy and indeed there was no ICMP inspection turned on.

UPDATE: The correct way to do this, (as pointed out below) is the use;

[box]system support ping {IP or Hostname}[/box]

-=-=-=- Back to the original post -=-=-=-

On checking the Firewall, (Note: The decrement-ttl-tcl isn’t really needed, I do that to make tracerts work).

[box]

Petes-FW(config)# policy-map global_policy
Petes-FW(config-pmap)# class inspection_default
Petes-FW(config-pmap-c)# inspect icmp
Petes-FW(config-pmap-c)# class class-default
Petes-FW(config-pmap-c)# set connection decrement-ttl
Petes-FW(config-pmap-c)# exit
Petes-FW(config-pmap)# exit
Petes-FW(config)# write mem
Building configuration...
Cryptochecksum: ae83c992 52a79538 b8370d6f 36125070

3120 bytes copied in 0.290 secs
[OK]
Petes-FW(config)#

[/box]

Unfortunately it still didn’t work!

 

Solution

Some forum searching yielded the same error on other flavours of Linux, the fix there was to change some permissions, so I gave that a try, and it worked.

[box]

admin@Petes-SFR:~$ sudo chmod u+s /bin/ping

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:{Your-SFR-Admin-Password}
admin@Petes-SFR:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=1 ttl=52 time=12.8 ms
64 bytes from 8.8.8.8: icmp_req=2 ttl=52 time=13.7 ms
64 bytes from 8.8.8.8: icmp_req=3 ttl=52 time=12.6 ms
64 bytes from 8.8.8.8: icmp_req=4 ttl=52 time=13.2 ms

[/box]

 

Related Articles, References, Credits, or External Links

NA

Cisco Firepower Services – Change IP and DNS Addresses

KB ID 0001173 

Problem

If you change your internal LAN addresses its easy to re-ip the firewall but what about the FirePOWER module? If you manage your SFR from the ASDM it will tell you what the IP is, but it won’t let you change it?

 

Solution

Change the FirePOWER Module IP Address

Log into the firewall, then open a session with the SFR module. find the physical address of the module (usually eth0, but check).

[box]

Petes-ASA# session sfr
Opening command session with module sfr.
Connected to module sfr. Escape character sequence is 'CTRL-^X'.


GRAINGER-SFR login: admin
Password:{your password}
Last login: Thu Apr  7 08:11:00 UTC 2016 on pts/0

Copyright 2004-2015, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.

Cisco Linux OS v5.4.1 (build 12)
Cisco ASA5506 v5.4.1 (build 211)

> show interfaces
--------------------[ outside ]---------------------
Physical Interface        : GigabitEthernet1/1
Type                      : ASA
Security Zone             : None
Status                    : Enabled
Load Balancing Mode       : N/A
---------------------[ inside ]---------------------
Physical Interface        : GigabitEthernet1/2
Type                      : ASA
Security Zone             : None
Status                    : Enabled
Load Balancing Mode       : N/A
---------------------[ cplane ]---------------------
IPv4 Address              : 127.0.2.1
----------------------[ eth0 ]----------------------
Physical Interface        : eth0
Type                      : Management
Status                    : Enabled
MDI/MDIX                  : Auto
MTU                       : 1500
MAC Address               : 00:C8:8B:C1:0E:0C
IPv4 Address              : 192.168.1.100
---------------------[ tunl0 ]----------------------
----------------------------------------------------
>

[/box]

To change the IP you need to supply the IP address, subnet mask, default gateway, and physical interface like so;

[box]

> configure network ipv4 manual 192.168.1.99 255.255.255.0 192.168.1.1 eth0
Setting IPv4 network configuration.
Network settings changed.

[/box]

You can check its worked with a ‘show interfaces command’.

[box]

> show interfaces
--------------------[ outside ]---------------------
Physical Interface        : GigabitEthernet1/1
Type                      : ASA
Security Zone             : None
Status                    : Enabled
Load Balancing Mode       : N/A
---------------------[ inside ]---------------------
Physical Interface        : GigabitEthernet1/2
Type                      : ASA
Security Zone             : None
Status                    : Enabled
Load Balancing Mode       : N/A
---------------------[ cplane ]---------------------
IPv4 Address              : 127.0.2.1
----------------------[ eth0 ]----------------------
Physical Interface        : eth0
Type                      : Management
Status                    : Enabled
MDI/MDIX                  : Auto
MTU                       : 1500
MAC Address               : 00:C8:8B:C1:0E:0C
IPv4 Address              : 192.168.1.99
---------------------[ tunl0 ]----------------------
----------------------------------------------------

>

[/box]

Or you can use the ‘show interfaces {interface-name}‘ command.

[box]

> show interfaces eth0
----------------------[ eth0 ]----------------------
Physical Interface        : eth0
Type                      : Management
Status                    : Enabled
MDI/MDIX                  : Auto
MTU                       : 1500
MAC Address               : 00:C8:8B:C1:0E:0C
IPv4 Address              : 192.168.1.99
IPv4 Broadcast            : 192.168.1.255
RX Packets                : 261
RX Errors                 : 0
RX Drops                  : 0
RX Overruns               : 0
RX Frame                  : 0
TX Packets                : 214
TX Errors                 : 0
TX Drops                  : 0
TX Overruns               : 0
TX Carrier                : 0
Collisions                : 0
----------------------------------------------------


[/box]

Change the FirePOWER Module IP Address

This is a little more convoluted, there is a command to do this, Note: You can enter multiple servers separated by commas.

[box]

> configure network dns servers 8.8.8.8,8.8.4.4

[/box]

But you also need to restart the nscd daemon in the underlying linux, to do that you need to get into ‘expert mode’.

[box]

> expert

admin@PETES-SFR:~$ sudo /etc/rc.d/init.d/nscd restart

Password:{Enter Your Password}

Stopping nscd…                                                     [  OK  ]

Starting nscd…                                                       [  OK  ]

admin@PETES-SFR:~$

[/box]

Related Articles, References, Credits, or External Links

Cisco FirePOWER – Adding a Static Route

Cisco FirePOWER – Adding a Static Route

KB ID 0001172

Problem

Routing traffic back from the ASA , in most cases you will have a static route (or routes) tied to the inside interface of the firewall. Or you may have dynamic routing if your network is a little more complex. But your FirePOWER module is essentially a small Linux box sat inside the firewall, it has its own network connection and maintains its own routing table.

You may have already noticed if your FirePOWER module is down or unreachable you will see an error like this;

Cannot connect to the ASA ForePOWER module

This means you can talk to the insider interface but not the FirePOWER module. If it’s misconfigured see the following article;

ASA 5505-X / 5508-X Setup FirePOWER Services (for ASDM)

But what if you’re on a different network segment, and the ASA can talk to you but the SFR module can’t?

Solution

Adding a Static Route to the SFR Module

To put a static route on the SFR module you have to connect to it directly. Connect the firewall and then open a session with the module.

[box]

Petes-ASA(config)# session sfr
Opening command session with module sfr.
Connected to module sfr. Escape character sequence is 'CTRL-^X'.
Cisco ASA5506 v5.4.1 (build 211)

Sourcefire3D login: admin

Password: {your-password}

Copyright 2004-2015, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.

>

[/box]

You need to find what the SFR has called its management interface, usually it’s eth0 but let’s check;

[box]

>Show interfaces
--------------------[ outside ]---------------------
Physical Interface        : GigabitEthernet1/1
Type                      : ASA
Security Zone             : None
Status                    : Enabled
Load Balancing Mode       : N/A
---------------------[ inside ]---------------------
Physical Interface        : GigabitEthernet1/2
Type                      : ASA
Security Zone             : None
Status                    : Enabled
Load Balancing Mode       : N/A
----------------------[ DMZ ]-----------------------
Physical Interface        : GigabitEthernet1/3
Type                      : ASA
Security Zone             : None
Status                    : Enabled
Load Balancing Mode       : N/A
---------------------[ cplane ]---------------------
IPv4 Address              : 127.0.2.1
----------------------[ eth0 ]----------------------
Physical Interface        : eth0
Type                      : Management
Status                    : Enabled
MDI/MDIX                  : Auto
MTU                       : 1500
MAC Address               : 00:F2:AA:66:94:3F
IPv4 Address              : 10.0.0.253
----------------------[ tun1 ]----------------------
IPv6 Address              : fdcc::bd:0:ffff:a9fe:1/64
---------------------[ tunl0 ]----------------------
----------------------------------------------------

[/box]

Now you can ad in your static route(s).

[box]

> configure network static-routes ipv4 add eth0 192.168.100.0 255.255.255.0 10.0.0.1
Configuration updated successfully

[/box]

To delete a static route;

configure network static-routes ipv4 delete interface destination netmask gateway 

Add a Static Route to the FirePOWER Management Console

To do the same on an FMC appliance, System > Configuration > Management Interface > IPv4 Routes > Add.

To do the same from command line on the appliance, use the following commands;

[box]

sudo su
cd /etc/sysconfig/network-devices
touch ifcfg-static-routes
echo 'eth0 ipv4 192.168.10.0 255.255.255.0 192.168.1.1’ >> /etc/sysconfig/network-devices/ifcfg-static-routes
/etc/rc.d/init.d/routes restart

[/box]

Related Articles, References, Credits, or External Links

NA

Migrate Exchange 2010 to Exchange 2016 or 2013

Part 2

Migrate Public Folders Exchange 2010 to Exchange 2013 / 2016

KB ID 0000789

Problem

Continued from Migration From Exchange 2010 to Exchange 2016 / 2013 Part 1

Solution

Exchange 2016 / 2013 Migration Step 7 “Migrate Public Folders”

Note: This article uses the newer ‘Batch Migration’ method. Make sure your exchange server is patched and up to date or the process will not work.

Minimum Patch Levels

  • Source: Exchange 2010 SP3 RU8 (At Least).
  • Source: Exchange 2007 SP3 RU15 (At Least).
  • Destination: Exchange 2013 CU7 (Or Later).
  • Destination: Exchange 2016 RTM.

The new migration scripts are here PF-Migration-Scripts-v2

1. Make sure the user you will be performing the migration as, is in the right security groups, (Organizational Management and Recipient Management).

2. On the Legacy Exchange server download the  PF-Migration-Scripts-v2 Then extract them to the servers C: drive.

3. Launch the Exchange Management Shell > Change to the script directory > Then create a folder name to folder size mapping file by running the Export-PublicFolderStatistics.ps1 script, supply the name of the file you want to create. (Here I use PublicFoldersStats.csv). Then supply the name of the server, (the legacy one, with the source public folders on it).

[box]

cd c:\Scripts
./Export-PublicFolderStatistics.ps1 PublicFoldersStats.csv Mail-Server 

[/box]

4. Create a Public Folder to Mailbox mapping file, by running the PublicFolderToMailboxMapGenerator.ps1 script, supply it with the maximum mailbox size (in bytes) Note: The Maximum size is 25GB. You will also need to supply the import file you created in step 3 (PublicFoldersStats.csv). Finally supply the name of the output file you wish to generate i.e. Folder2Mailbox.csv.

[box]

./PublicFolderToMailboxMapGenerator.ps1

[/box]

5. Open the last CSV file you created (Folder2Mailbox.csv) and take note of the TargetMailbox name. By default the first one is called Mailbox1, I’m changing it to Public-Folder-Mailbox and saving the change. Note: You may get more than one! If so take note of them all, or rename them accordingly.

6. Now copy the ‘Scripts’ Directory from your legacy 2010 Exchange server, to the new 2013 / 2016 Server.

7. Whilst still on the new Exchange 2013 / 2016 Server, you need to open a command shell, navigate to the scripts directory and then run the Create-PublicFolderMailboxesForMigration.ps1 script. Reply ‘A’ to run all the scripts, then supply the name of the mapping csv you created above, (Folder2Mailbox.csv). Supply the estimated concurrent users to this mailbox, and enter ‘Y’ to proceed. Now the public folder mailbox will be created.

(Note: Public folders are now in a Mailbox, NOT their own Mailbox database, as in older versions of Exchange).

[box]

cd c:\Scripts
./Create-PublicFolderMailboxesForMigration.ps1

[/box]

8. Next we need to create a ‘batch task’ much the same as when we migrate multiple mailboxes. This first command creates the task, and the second one sets it running. (Change the values in red to match your own). 

Update: 05/08/16: Make sure you have a ‘mailbox database’ mounted on the source Exchange server before proceeding, or you may see the following problem.

Public Folder Migration Error hr=0x80040111

[box]

New-MigrationBatch -Name PF-Migration -SourcePublicFolderDatabase (Get-PublicFolderDatabase -Server EX2010) -CSVData (Get-Content C:\Scripts\Folder2Mailbox.csv -Encoding Byte) -NotificationEmails info@petenetlive.com
Start-MigrationBatch PF-Migration

[/box]

9. There are two ways to check its progress, 

Check Public Folder Migration Progress Option 1 From Command Shell

[box]

Get-MigrationUser -Batch PF-Migration | Get-MigrationUserStatistics -IncludeReport | fl

[/box]

It might say Queued for quite a while, don’t worry!

Check Public Folder Migration Progress Option 2 From EAC

Open the Exchange Admin Center website and logon. Navigate to recipients > Migration > View Details

10. If you were looking at the progress you will see its stops just before 100%, this is because you need to “Lock” the source public folder and let the migration complete. WARNING this will involve downtime, so warn your users, or do this next step out of hours.

To MAKE SURE you are ready, check either the progress report like so;

Or, re-run the progress command above and look for 95% completion and ‘Automatically suspending job’

DOWNTIME FROM THIS POINT ONWARDS

11. Go to the legacy Exchange 2010 server and ‘lock’ the source public folders for migration, and restart the service.

[box]

Set-OrganizationConfig –PublicFoldersLockedForMigration:$true
Restart-Service MSExchangeIS

[/box]

12. Now access to the legacy Public Folder Database is shut down, but before replication to the new Public Folder Mailbox can be completed you need to return to the new Exchange 2013 / 2016 server and run the following commands;

[box]

Set-OrganizationConfig -PublicFoldersEnabled Remote
Complete-MigrationBatch PF-Migration

[/box]

13. Wait until it completes;

or in the shell

This can take a little time, I would wait least a couple of hours before proceeding (depending on your network topology, if you have a slow network or the Exchange 2010 server is on another network segment it may take longer).

Now to check the migration worked with a test user, and (provide everything is OK, unlock the Public Folders.

[box]Set-Mailbox -Identity {Test-Username} -DefaultPublicFolderMailbox {PF-Mailbox Name}[/box]

Log on as that user, (Outlook 2010 SP3 or Later.) Make sure the public folders are correct, you can expand them, the permissions are correct and you can create and delete entries. 

It’s All Gone Wrong!

Don’t panic! You can remove the migration request with the following command;

[box]

Get-PublicFolderMigrationRequest | Remove-PublicFolderMigrationRequest 

[/box]

Then complete the migration, with the following two commands;

[box]

Set-PublicFolderMigrationRequest –Identity PublicFolderMigration -PreventCompletion:$false
Resume-PublicFolderMigrationRequest –Identity PublicFolderMigration 

[/box]

13. Once you are ready to proceed, issue the following command, and onfirm that, the public folders are now correct and available.

[box]

Get-Mailbox -PublicFolder | Set-Mailbox -PublicFolder -IsExcludedFromServingHierarchy $false

[/box]

Note: As per feedback (from Tobias Gebler) Test mail flow to your public folders, you may need to manually “Mail Enable” them before they function properly, In some cases you need to disable then re-enable them before they work properly.

14. Remember in Outlook Web App 2013 / 2016, public folders are not visible until you add them!

Note: If, (post Migration to Exchange 2016). Your users cannot access the public folders, see the following article.

Users Cannot Access Public Folders Post Migration (Exchange 2016)

Related Articles, References, Credits, or External Links

Thanks to Brian L. Jensen, for the feedback about the new public folder migration procedure.

Thanks to Eske (Boxx Jakobsen), for the Public Folder Migration feedback and assistance.

Thanks to Tobias Gebler for the Public Folder mail flow feedback.

Migration From Exchange 2010 to Exchange 2016 Part 3

Covering transferring certificates from Exchange 2010, and decommissioning your old Exchange servers.

Original Article Written: 19/04/13

Microsoft Exchange Server Build Numbers

KB ID 0000344

Problem

To find out what service pack and rollups have been applied to Microsoft Exchange you need to locate its “Build Number”.

2000/2003

2007

2010

Warning: After SP3 the build number does not update.

To find your build number in Exchange 2010 (after SP3,) use the following command;

exsetup | %{$_Fileversioninfo}

2019, 2016, and 2013

Find Exchange 2019 / 2016 and 2013 Build numbers from EMC (PowerShell)

Run the following PowerShell command;

[box]

Get-ExchangeServer | select Name,AdminDisplayVersion

[/box]

Exchange 2019 Build Numbers

Produce Name Build number Date KB
Exchange Server 2019 CU5 15.02.0595.003 17/03/2020  
Exchange Server 2019 CU4 15.02.0529.005 17/12/2019  
Exchange Server 2019 CU3 15.02.0464.005 17/09/2019  
Exchange Server 2019 CU2 15.02.0397.003 18/06/2019  
Exchange Server 2019 CU1 15.02.0330.005 12/02/2019  
Exchange Server 2019 RTM 15.02.0221.012 22/10/2018  
Exchange Server 2019 Preview 15.02.0196.000 24/07/2018  

Exchange 2016 Build Numbers

Produce Name Build number Date KB
Exchange Server 2016 Preview 15.1.225.16 22/06/2015  
Exchange Server 2016 RTM 15.1.225.42 28/09/2015  
Exchange Server 2016 Cumulative Update 1 15.1.396.30 14/03/2016 KB3134844
Exchange Server 2016 Cumulative Update 2 15.01.0466.034 21/06/16 KB3135742
Exchange Server 2016 Cumulative Update 3 15.01.0544.027 20/09/2016 KB3152589
Exchange Server 2016 Cumulative Update 4 15.01.0669.032 13/12/2016  
Exchange Server 2016 Cumulative Update 5 15.01.0845.034 13/12/2017  
Exchange Server 2016 Cumulative Update 6 15.01.1034.026 27/06/2017  
Exchange Server 2016 Cumulative Update 7 15.01.1261.035 19/09/2017 KB4018115
Exchange Server 2016 Cumulative Update 8 15.01.1415.002 19/12/2017 KB4035145
Exchange Server 2016 Cumulative Update 9 15.01.1466.003 20/05/2018 KB4055222
Exchange Server 2016 Cumulative Update 10 15.01.1531.003 19/06/2019 KB4471392
Exchange Server 2016 Cumulative Update 11 15.01.1591.010 16/10/2018

KB4134118

Exchange Server 2016 Cumulative Update 12 15.01.1713.005 12/02/2019  
Exchange Server 2016 Cumulative Update 13 15.01.1779.003 18/06/2019  
Exchange Server 2016 Cumulative Update 14 15.01.1847.003 17/09/2019  
Exchange Server 2016 Cumulative Update 15 15.01.1913.005 17/12/2019  
Exchange Server 2016 Cumulative Update 16 15.01.1979.003 17/03/2020  

Exchange 2013 Build Numbers

Product name Build number Date KB
Microsoft Exchange Server 2013 Preview 15.0.466.13 7/16/2012  
Microsoft Exchange Server 2013 RTM 15.0.516.32 10/11/2012  
Exchange Server 2013 Cumulative Update 1 (CU1) 15.0.620.29 04/27/2013 KB2816900
Exchange Server 2013 Cumulative Update 2 (CU2) 15.0.712.24 07/09/2013 KB2859928
Exchange Server 2013 Cumulative Update 3 (CU3) 15.0.775.38 11/25/2013 KB2892464
Exchange Server 2013 Service Pack 1 (SP1 aka CU4) 15.0.847.32 02/25/2014 KB2926248
Exchange Server 2013 Cumulative Update 5 (CU5) 15.0.913.22 05/27/2014 KB2936880
Exchange Server 2013 Cumulative Update 6 (CU6) 15.0.995.29 08/26/2014 KB2961810
Exchange Server 2013 Cumulative Update 7 (CU7) 15.0.1044.25 12/09/2014 KB2986485
Exchange Server 2013 Cumulative Update 8 (CU8) 15.0.1076.9 03/17/2015 KB3030080
Exchange Server 2013 Cumulative Update 9 (CU9) 15.0.1104.5 06/16/2015 KB3049849
Exchange Server 2013 Cumulative Update 10 (CU10) 15.0.1130.7 09/14/2015 KB3078678
Exchange Server 2013 Cumulative Update 11 (CU11) 15.0.1156.6 12/10/2015 KB3099522
Exchange Server 2013 Cumulative Update 12 (CU12) 15.0.1178.4 3/14/2016 KB3108023
Exchange Server 2013 Cumulative Update 13 (CU13) 15.00.1210.003 21/06/2-16 KB3135743
Exchange Server 2013 Cumulative Update 14 (CU14) 15.00.1236.003 20/09/2016 KB3177670
Exchange Server 2013 Cumulative Update 15 (CU15) 15.00.1263.005 13/12/2017  
Exchange Server 2013 Cumulative Update 16 (CU16) 15.00.1293.002 21/03/2017  
Exchange Server 2013 Cumulative Update 17 (CU17) 15.00.1320.004 27/06/2017  
Exchange Server 2013 Cumulative Update 18 (CU18) 15.00.1347.002 19/09/2017 KB4022631
Exchange Server 2013 Cumulative Update 19 (CU19) 15.00.1365.001 19/12/2017 KB4037224
Exchange Server 2013 Cumulative Update 20 (CU20) 15.00.1367.003 20/05/2018 KB4055221
Exchange Server 2013 Cumulative Update 21 (CU21) 15.00.1395.004 19/06/2019  
Exchange Server 2013 Cumulative Update 22 (CU22) 15.00.1473.003 12/02/2019 KB4345836
Exchange Server 2013 Cumulative Update 23 (CU23) 15.00.1497.002 18/06/2019 KB4489622

Exchange 2010 (SP3) Build Numbers

Product name Build number Date KB
Update Rollup 1 for Exchange Server 2010 SP3 14.3.146.0 5/29/2013 KB2803727
Update Rollup 2 for Exchange Server 2010 SP3 14.3.158.1 8/13/2013 KB2866475
Update Rollup 3 for Exchange Server 2010 SP3 14.3.169.1 11/25/2013 KB2891587
Update Rollup 4 for Exchange Server 2010 SP3 14.3.174.1 12/10/2013 KB2905616
Update Rollup 5 for Exchange Server 2010 SP3 14.3.181.6 2/25/2014 KB2917508
Update Rollup 6 for Exchange Server 2010 SP3 14.3.195.1 5/23/2014 KB2936871
Update Rollup 7 for Exchange Server 2010 SP3 14.3.210.2 8/26/2014 KB2961522
Update Rollup 8-v2 for Exchange Server 2010 SP3 14.3.224.2 12/12/2014 KB2986475
Update Rollup 9 for Exchange Server 2010 SP3 14.3.235.1 3/17/2015 KB3030085
Update Rollup 10 for Exchange Server 2010 SP3 14.3.248.2 6/16/2015 KB3049853
Update Rollup 11 for Exchange Server 2010 SP3 14.3.266.1 9/11/2015 KB3078674
Update Rollup 12 for Exchange Server 2010 SP3 14.3.279.2 12/10/2015 KB3096066
Update Rollup 13 for Exchange Server 2010 SP3 14.3.294.0 3/14/2016 KB3141339
Update Rollup 14 for Exchange Server 2010 SP3 14.3.0301.000 14/06/2016 KB3151097
Update Rollup 15 for Exchange Server 2010 SP3 14.03.0319.002 20/09/2016 KB3184728
Update Rollup 16 for Exchange Server 2010 SP3 14.03.0336.000 13/12/2017  
Update Rollup 17 for Exchange Server 2010 SP3 14.03.0352.000 21/03/2017  
Update Rollup 18 for Exchange Server 2010 SP3 14.03.0361.001 11/07/2017  
Update Rollup 19 for Exchange Server 2010 SP3 14.03.0382.00 19/12/2017 KB4035162
Update Rollup 20 for Exchange Server 2010 SP3 14.03.0389.001 05/05/2018 KB4073537
Update Rollup 21 for Exchange Server 2010 SP3 14.03.0399.002 07/05/2018  
Update Rollup 22 for Exchange Server 2010 SP3 14.03.0411.000 19/06/2018 KB4295699
Update Rollup 23 for Exchange Server 2010 SP3 14.03.0417.001 13/08/2018 KB4340733
Update Rollup 24 for Exchange Server 2010 SP3 14.03.0419.000 05/09/2019 KB4458321
Update Rollup 25 for Exchange Server 2010 SP3 14.03.0435.000 08/01/2019 KB4468742
Update Rollup 26 for Exchange Server 2010 SP3 14.03.0442.000 12/02/2019 KB4487052
Update Rollup 27 for Exchange Server 2010 SP3 14.03.0452.000 09/04/2019 KB4491413
Update Rollup 28 for Exchange Server 2010 SP3 14.03.0461.001 07/06/2019 KB4503028
Update Rollup 29 for Exchange Server 2010 SP3 14.03.0468.000 09/07/2019 KB4509410
Update Rollup 29 for Exchange Server 2010 SP3 14.03.0496.000 11/02/2020 KB4536989

Exchange 2010 (SP2) Build Numbers

Product name Build number Date KB
Microsoft Exchange Server 2010 SP2 14.2.247.5 12/4/2011  
Update Rollup 1 for Exchange Server 2010 SP2 14.2.283.3 2/13/2012 KB2645995
Update Rollup 2 for Exchange Server 2010 SP2 14.2.298.4 4/16/2012 KB2661854
Update Rollup 3 for Exchange Server 2010 SP2 14.2.309.2 5/29/2012 KB2685289
Update Rollup 4 for Exchange Server 2010 SP2 14.2.318.2 8/13/2012 KB2706690
Update Rollup 4-v2 for Exchange Server 2010 SP2 14.2.318.4 10/9/2012 KB2756485
Update Rollup 5 for Exchange Server 2010 SP2 14.2.328.5 11/13/2012 KB2719800
Update Rollup 5-2 for Exchange Server 2010 SP2 14.2.328.10 12/10/2012 KB2785908
Update Rollup 6 for Exchange Server 2010 SP2 14.2.342.3 2/11/2013 KB2746164
Update Rollup 7 for Exchange Server 2010 SP2 14.2.375.0 8/13/2013 KB2874216
Update Rollup 8 for Exchange Server 2010 SP2 14.2.390.3 12/10/2013 KB2903903

Exchange 2010 (SP1) Build Numbers

Product name Build number Date KB
Microsoft Exchange Server 2010 SP1 14.1.218.15 8/24/2010  
Update Rollup 1 for Exchange Server 2010 SP1 14.1.255.2 10/4/2010 KB2407028
Update Rollup 2 for Exchange Server 2010 SP1 14.1.270.1 12/9/2010 KB2425179
Update Rollup 3 for Exchange Server 2010 SP1 14.1.289.3 3/7/2011 KB2529939
Update Rollup 4 for Exchange Server 2010 SP1 14.1.323.1 6/22/2011 KB2509910
Update Rollup 4-v2 for Exchange Server 2010 SP1 14.1.323.6 7/27/2011 KB2579150
Update Rollup 5 for Exchange Server 2010 SP1 14.1.339.1 8/23/2011 KB2582113
Update Rollup 6 for Exchange Server 2010 SP1 14.1.355.2 10/27/2011 KB2608646
Update Rollup 7 for Exchange Server 2010 SP1 14.1.421.0 8/13/2012 KB2743248
Update Rollup 7-v2 for Exchange Server 2010 SP1 14.1.421.2 10/9/2012 KB2756496
Update Rollup 7-v3 for Exchange Server 2010 SP1 14.1.421.3 11/12/2012 KB2778158
Update Rollup 8 for Exchange Server 2010 SP1 14.1.438.0 12/10/2012 KB2787763

Exchange 2010 Build Numbers

Product name Build number Date KB
Microsoft Exchange Server 2010 RTM 14.0.639.21 11/9/2009  
Update Rollup 1 for Exchange Server 2010 14.0.682.1 12/9/2009 KB976573
Update Rollup 2 for Exchange Server 2010 14.0.689.0 3/4/2010 KB979611
Update Rollup 3 for Exchange Server 2010 14.0.694.0 4/9/2010 KB981401
Update Rollup 4 for Exchange Server 2010 14.0.702.1 6/17/2010 KB982639
Update Rollup 5 for Exchange Server 2010 14.0.726.0 12/13/2010 KB982639

Exchange 2007 (SP3) Build Numbers

Product name Build number Date KB
Microsoft Exchange Server 2007 SP3 8.3.083.6 6/20/2010  
Update Rollup 1 for Exchange Server 2007 Service Pack 3 8.3.106.2 9/9/2010 KB2279665
Update Rollup 2 for Exchange Server 2007 Service Pack 3 8.3.137.3
12/10/2010
KB2407025
Update Rollup 3 for Exchange Server 2007 Service Pack 3 8.3.159.0
3/2/2011
KB2530488
Update Rollup 3-v2 for Exchange Server 2007 Service Pack 3 8.3.159.2
3/30/2011
KB2530488
Update Rollup 4 for Exchange Server 2007 Service Pack 3 8.3.192.1
7/7/2011
Update Rollup 5 for Exchange Server 2007 Service Pack 3 8.3.213.1
9/21/2011
KB2602324
Update Rollup 6 for Exchange Server 2007 Service Pack 3 8.3.245.2
1/25/2012
KB2608656
Update Rollup 8 for Exchange Server 2007 SP3 08.03.0279.003
13/08/2012
 
Update Rollup 8-v2 for Exchange Server 2007 SP3 08.03.0279.005 09/10/2012  
Update Rollup 8-v3 for Exchange Server 2007 SP3 08.03.0279.006 13/11/2012  
Update Rollup 9 for Exchange Server 2007 SP3 08.03.0297.002 10/12/2012  
Update Rollup 10 for Exchange Server 2007 SP3 08.03.0298.003 11/02/2013  
Update Rollup 11 for Exchange Server 2007 SP3 08.03.0327.001 13/08/2013  
Update Rollup 12 for Exchange Server 2007 SP3 08.03.0342.004 09/12/2013  
Update Rollup 13 for Exchange Server 2007 SP3 08.03.0348.002 24/02/2014  
Update Rollup 14 for Exchange Server 2007 SP3 08.03.0379.002 26/08/2014  
Update Rollup 15 for Exchange Server 2007 SP3 08.03.0389.002 09/12/2014  
Update Rollup 16 for Exchange Server 2007 SP3 08.03.0406.000 17/03/2015  
Update Rollup 17 for Exchange Server 2007 SP3 08.03.0417.001 17/06/2015  
Update Rollup 18 for Exchange Server 2007 SP3 08.03.0445.000 01/12/2015  
Update Rollup 19 for Exchange Server 2007 SP3 08.03.0459.000 15/03/2016  
Update Rollup 20 for Exchange Server 2007 SP3 08.03.0468.000 21/06/2016 KB3151086
Update Rollup 21 for Exchange Server 2007 SP3 08.03.0485.001 20/09/2016 KB3184711
Update Rollup 22 for Exchange Server 2007 SP3 08.03.0502.000 13/12/2016  
Update Rollup 23 for Exchange Server 2007 SP3 08.03.0517.000 21/03/2017  

Exchange 2007 (SP2) Build Numbers

Product name Build number Date KB
Microsoft Exchange Server 2007 SP2 8.2.176.2 8/24/2009  
Update Rollup 1 for Exchange Server 2007 Service Pack 2 8.2.217.3 11/19/2009 KB971534
Update Rollup 2 for Exchange Server 2007 Service Pack 2 8.2.234.1 1/22/2010 KB972076
Update Rollup 3 for Exchange Server 2007 Service Pack 2 8.2.247.2 3/17/2010 KB979784
Update Rollup 4 for Exchange Server 2007 Service Pack 2 8.2.254.0 4/9/2010 KB981383

Exchange 2007 (SP1) Build Numbers

Product name Build number Date KB
Microsoft Exchange Server Exchange 2007 SP1 8.1.240.6 11/29/2007  
Update Rollup 1 for Exchange Server 2007 Service Pack 1 8.1.263.1 2/28/2008  
Update Rollup 2 for Exchange Server 2007 Service Pack 1 8.1.278.2 5/8/2008  
Update Rollup 3 for Exchange Server 2007 Service Pack 1 8.1.291.2 7/8/2008 KB949870
Update Rollup 4 for Exchange Server 2007 Service Pack 1 8.1.311.3 10/7/2008 KB952580
Update Rollup 5 for Exchange Server 2007 Service Pack 1 8.1.336.1 11/20/2008 KB953467
Update Rollup 6 for Exchange Server 2007 Service Pack 1 8.1.340.1 2/10/2009 KB959241
Update Rollup 7 for Exchange Server 2007 Service Pack 1 8.1.359.2 3/18/2009 KB960384
Update Rollup 8 for Exchange Server 2007 Service Pack 1 8.1.375.2 5/19/2009 KB968012
Update Rollup 9 for Exchange Server 2007 Service Pack 1 8.1.393.1 7/17/2009 KB970162
Update Rollup 10 for Exchange Server 2007 Service Pack 1 8.1.436.0 4/9/2010 KB981407

Exchange 2007  Build Numbers

Microsoft Exchange Server 2007 8.0.685.24 12/9/2006  
Microsoft Exchange Server 2007 8.0.685.25 12/9/2006  
Microsoft Exchange Server 2007 SP1 8.1.240.6 11/29/2007  
Microsoft Exchange Server 2007 SP2 8.2.176.2 8/24/2009  
Microsoft Exchange Server 2007 SP3 8.3.083.6 6/20/2010  

Exchange 2003 Build Numbers

Exchange Server 2003
Product name Build number Date  
Microsoft Exchange Server 2003 6.5.6944 6/30/2003  
Microsoft Exchange Server 2003 SP1 6.5.7226 5/25/2004  
Microsoft Exchange Server 2003 SP2 6.5.7638 10/19/2005  

 

Related Articles, References, Credits, or External Links

NA