Office 365 - TLS 1.0 and 1.1 no longer supported from 2021, 11Th January #Windows 7 #Outlook 2010 #Windows 2008 R2 server

Microsoft announced (MC229914) that TLS 1.0 and 1.1 will no longer be supported, from Exchange Online beginning January 11th 2021. 

This change will impact endpoints too.


Final Notice for disabling of TLS1.0 and TLS 1.1 Support for Exchange Online Mail Flow

We will no longer support TLS 1.0 and TLS 1.1 from Exchange Online mail flow endpoints beginning January 11th 2021. As those versions of TLS are already retired (most recently communicated in MC218794, July '20), Exchange Online customers and their partners should already be using TLS1.2 to protect SMTP connections between their email servers or devices and Exchange Online.

https://admin.microsoft.com/AdminPortal/Home?ref=MessageCenter&id=MC229914

Client side you should verify that devices are connecting to Exchange Online using TLS 1.2

About Outlook 2010/Windows 7/Windows 2008 R2 be aware that TLS 1.2 is not enabled by default, these are register modifies that you should apply ( to override problem)

Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi

More details can be found at below blog article:

Security - TLS 1.0 & 1.1 End of Life/support for several products

https://www.alessandromazzanti.com/2020/03/security-tls-10-11-end-of-lifesupport.html


BTW be aware about this other deadline (2021, 1th November):

Effective November 1, 2021, the following versions of Outlook for Windows, as part of Office and Microsoft 365 Apps, will not be able to connect with Office 365 and Microsoft 365 services.


https://community.spiceworks.com/topic/2299344-update-to-microsoft-365-and-outlook-for-windows-connectivity-mc229143


[Other related articles]

https://jaapwesselius.com/2018/09/23/outlook-2010-disconnected-with-tls-1-2/

https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#security-updates



Server - DHCP Relay #Network #Windows Server side

During these months we worked on Network redisign project and ESX server substitution.

We had two projects convergence due to entirely infrastructure renewal (making zero point for our company).

About DHCP relay, that is the ability to lease IP to different VLANs here it the theoretically and operative part:

  1. On your L3 router o switch you must create VLAN interface with this row
    ip address helper Server_IP

    In this case you are pointing all DHCP requesta to Server_IP

    https://blog.udemy.com/ip-helper-address/

    https://www.ciscopress.com/articles/article.asp?p=330807&seqNum=9

  2. Configure DHCP Server (that usually is on another Server VLAN) to accept DHCP IP requests.

    The Key point is to indicate, in below window, VLAN gateway IP.
    This information is important to understand, dhcp server side, from which VLAN DHCP request is arriving from

    http://gborgese.wikidot.com/dhcp-relay

    https://www.itechguides.com/dhcp-relay-agent-configuration-in-windows-server-2016/

    https://thesolving.com/server-room/how-to-configure-a-multiscope-dhcp-server-to-work-with-vlans-on-windows-server-2012/




Antivirus - Endpoint Console with error code a049001e - 'Deadlock detected while asynchronously scanning....

During these weeks, on Sophos Enterprise Console, we faced below error on several computers and servers:

Error code a049001e saying 'Deadlock detected while asynchronously scanning....

This issue was affecting clients and servers with Citrix installed (clients or server components):

Symptoms or Error

While login or launching a ICA session , UPM profile takes long time to login due Sophos Anti Virus 

Solution

Created registry change to disable asynchronous Scanning for Sophos Anti Virus: 

Instructions: 

Under: 

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SavService\Application 

Create a new REG_DWORD called: DisableAsyncScans with a value of: 1 

DisableAsyncScans registry fix (https://support.citrix.com/article/CTX241246)


[original article]

https://community.sophos.com/on-premise-endpoint/f/sophos-enterprise-console/122257/deadlock-detected-scanning#pi2151=2


Office 2010 - Support Ended (like Office 2016 for Mac)

Be aware about end of support for Office 2010 and Office 2016 for Mac. Microsoft will no longer provide technical support, bug fixes, or security updates for these products, at the same time organizations, that continue to use them, may face increased security risks (and compliance issues over time)

Here it is a Microsoft article with more details:

https://www.microsoft.com/en-us/microsoft-365/blog/2020/10/13/support-for-office-2010-and-office-2016-for-mac-has-ended-heres-what-you-need-to-know/

Tips - Event Viewer Error on Server Windows 2008 R2 #hotfix KB4503277

During these time period we faced below errors when we was trying to browse eventviewer

MMC has detected an error in a snap-in and will unload it

This problem occurred on Windows 2008 R2 server

MS Article https://support.microsoft.com/en-us/help/4508640/event-viewer-may-close-or-you-may-receive-an-error-when-using-custom-v suggest hotfix KB4503277 (Preview of Monthly Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) 

Futhermore was released newer hotfix versions:

2019-07 Preview of Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4507437)

2019-07 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4507449)








Microsoft - Microsoft Edge Browser: Security, Compatibility, and Update Management

Here it is an interesting video that give you an idea about Edge advantages, features and update management.