Outlook 2013/2016: How Microsoft Outlook (MAPI over HTTP) works with network delays

A long time ago I read an article of Neil Johnson on TechNet about research on the effects of network latency and different Outlook operating modes (Online, RPC/HTTP, Cached).
Since then, it took 8 years, changed several generations of server client applications and most important is that Exchange now use newest "MAPI over HTTP" protocol. I propose to do several tests to check what has changed during this time.

As a generator of interference on the network, I used a simple, but very functional tool - http://jagt.github.io/clumsy/.

Test your connection to BlackBerry NOC/Cloud Servers

The BlackBerry UEM system administrator (BlackBerry Proxy & Control) periodically faced with situations when part or all of the BlackBerry Work clients cannot connect to their mailboxes / calendars. The reason may be on BlackBerry servers, an ISP or in home WiFi router.
To identify issues on the client side, I decided to write a PowerShell script that checks the availability of the main components that necessary for BlackBerry Work.

The script has several settings that determine which types of servers need to be checked. You can also change the server list.

The list of settings:
$country = "us"                                                            # <<<<<< 'ca' = Canada | 'ru' = Russia | 'us' = United States only (US)
$ShowBlocking = "no"                                                       # <<<<<< Set 'yes' if you want to check blocking IP and domain in Russia.
$ShowPush = "no"                                                           # <<<<<< Set 'yes' if you want to see Push Notification servers (a lot).
$ShowCloud = "yes"                                                         # <<<<<< Set 'yes' if you want to see BlackBerry UEM Cloud servers.
$ShowDirectConnect = "no"                                                  # <<<<<< Set 'yes' if you want to set dedicated BlackBerry Direct Connect servers.
$ShowBlackberryConnectivityNode = "yes"                                    # <<<<<< Set 'yes' if you want to see BlackBerry Connectivity Nodes.
$ShowBlackberrySite = "yes"                                                # <<<<<< Set 'yes' if you want to see BlackBerry site.
$ShowBEMS = "yes"                                                          # <<<<<< Set 'yes' if you want to see which serevers needed for BlackBerry Enterprise Mobility Server (BEMS).

Functions

• Checks DNS records.
• Checks delays to NOC servers.
• Checks for opening ports on NOC servers.
• “Alive” URLs of NOC servers are checked.
• Especially for Russia, the check of blocking of IP addresses and domains by Roskomnadzor is thought out (can be turned on and off).
• For companies that use Direct Connect servers, the ability to check them (you need to fill 2 variables inside the script).
• Added a block of information on connecting the computer to the Internet.
• Added check of BlackBerry Connectivity Node, BlackBerry Cloud and Push Notification servers.
• The report is presented in the HTML format.

Exchange 2016 - Brief of vulnerabilities CVE-2018-8581, CVE-2019-0724 and CVE-2019-0686

January 21, 2019 was published an exploit that exploited 3 vulnerabilities to Exchange. Perhaps this is what accelerated their solving.

History

2017 - Researchers Andy Robbins and Will Schroeder highlighted issues with Exchange permissions in a document "Designing Active Directory DACL Backdoors".
2018.04.26 - Rindert Kramer and Dirk-jan Mollema at published an article "Escalating privileges with ACLs in Active Directory".

2018.11.13 - Microsoft published "CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability".
2018.12.19.12 - The ZDI published article "AN INSINCERE FORM OF FLATTERY: IMPERSONATING USERS ON MICROSOFT EXCHANGE" with exploit for CVE-2018-8581.
2019.01.21 - Hacker Dirk-jan Mollema published the PoC "Abusing Exchange: One API call away from Domain Admin".
2019.01.28 - CERT Coordination Center published vulnerability note VU#465632 "Microsoft Exchange server 2013 and newer are vulnerable to NTLM relay attacks".
2019.02.05 - Microsoft published "ADV190007 | Guidance for "PrivExchange" Elevation of Privilege Vulnerability"
2019.02.12 - Microsoft published articles "CVE-2019-0686 | Microsoft Exchange Server Elevation of Privilege Vulnerability" and "CVE-2019-0724 | Microsoft Exchange Server Elevation of Privilege Vulnerability"
2019.02.12 - Microsoft published "February 2019 Quarterly Exchange Updates" with patches for all related vulnerabilities.

Android 9 does not show notifications from WhatsApp and Viber

After updating my Nokia 5.1 Plus from Android 8.1 to Android 9, I noticed that after a while I am not receiving notifications from any messengers like WhatsApp or Viber. This should not happen!

Method №1 (Official)

To fix this you need to perform 4 steps:

1) Turn "Adaptive Battery" on.
Settings → Battery → Adaptive Battery → On

2) Specify applications that do not need to be optimized.
Open "Settings → App & notifications → Advanced → Special app access → Battery optimization → All apps" and then open needed apps (e.g. WhatsApp or Viber) and choose "Don't optimize".

3) Check app's notifictions settings.
Open "Settings → App & notifications → <Needed application> → Notifications" and make sure that all necessary options are turned on.

4) Reboot the phone.

Windows 10 please STOP reboot my PC/Laptop

Most of all in Windows 10 I hate preinstalled games and that it rebooting my laptop as he wants (most often at night and mostly without any notification).
To prevent it I have found a simple solution - disable "Reboot" task. But everything turned out to be more difficult. Windows still reboot my laptop (the screenshot below shows that task started even it disabled ("Отключено" in Russian)).

Therefore I decide to write a powershell script to prevent it once and for all.

Exchange 2016 - Limits and impact of Transport Rules (Mailflow Rules)

Sometimes, to solve complex problems, you have to use transport rules. But what are the limitations of this functionality?
I decided to cover 2 questions:

Part 1. How big may the transport rule be?

All transport rules are stored in the "CN=TransportVersioned,CN=Rules,CN=Transport Settings,CN=<Organization>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<domain>,DC=<domain>" container. The rule itself is a XML that is stored in the "msExchTransportRuleXml" attribute.

Exchange: How to reliably determine that a user is logged into mailbox?

Sometimes (for example while migration users are from another email system) there is a need for reliable determination that a user is logged into the mailbox (using Outlook or OWA).

The simplest answer is mailbox's lastlogontime (Get-MailboxStatistics). But it turnes out to be not quite true.
Attention! The attribute "LastLogonTime" of user's mailbox filled and updated when another user opens user's calendar.

Finally, I found 4 criterias which help to reliably determine that a user is logged into the mailbox.

1. "lastlogontime" (Get-MailboxStatistics) - necessary but not sufficient attribute.
2. "Languages" (Get-Mailbox) - this attribute filled when user entered into OWA and sometimes filled when entered into Outlook.
3. "WorkingHoursTimeZone" (Get-MailboxCalendarConfiguration) - this attribute filled when user entered into OWA and sometimes filled when entered into Outlook. Deffault value - "Pacific Standard Time", so you can use it only if users are in a different time zone.
4. "Quick Step Settings" (Get-MailboxFolderStatistics) - this is not an attribute, it is a checking for the presence of a folder "Quick Step Settings" in the mailbox, because it appears only when you open/configure Outlook.

Exchange 2016: Issue of breaking email address in angle brackets

Recently noticed the unusual behavior (an issue) of Microsoft Exchange 2016 when displaying email addresses.
If in the body of an email (Content/Header section) specify an email address (From, To or Cc headers) twice, where the second time is in angle brackets, the address will be broken. The part of the address after the first character @ moves to the address in brackets, thereby preventing the possibility of an answer to this email.

I assume that the function that should extract the correct email addresses from the headers does not work correctly.

Several tests

Original email address (that used while sending)	The final email address (OWA, Outlook)
administrator@test.local <administrator@test.local>	"administrator@" <test.local administrator@test.local>
administrator@_ <administrator@test.local>	administrator@ <_ administrator@test.local>
administrator@domain<administrator@test.local>	administrator@ <domainadministrator@test.local>
administrator@><administrator@test.local>	<administrator@>
<administrator@><administrator@test.local>	<administrator@>
<@administrator@><administrator@test.local>	<@administrator@><administrator@test.local>
administrator@<administrator@test.local>	<administrator@>
<script>@><administrator@test.local>	<script>
administrator@test.local@ <administrator@test.local>	"administrator@" <test.local@administrator@test.local>

Windows 10: DNS Client load CPU in case of big hosts file

After installing Fall Creators Update (KB4058043, KB4057247, KB4055237, KB4055994) on Windows 10 Pro 1709 (16299.125) I noticed a long delay in the opening of websites.

Symptoms

• The DNS Client service load is about 25% CPU.
• You can't open any website and get access to the internet at all for several minutes.

Microsoft Office: How to fix double slash autocorrection in links

Some applications (web servers, etc.) support hyperlinks with double-slash (//) after specifying the protocol (http://, ftp://, etc.).
IBM Lotus Domino is such an application. A link "notes://server/1111111111//2222222222/" is correct.

During the migration from the IBM Lotus Domino mail system to Microsoft Exchange, it turned out that all Microsoft Office applications (Outlook in particular) correct links (even in incoming emails) with two empty slashes "//" for a single slash "/" automatically. We failed to find a solution in the Internet to change this behavior.