[German]As of October 10, 2023, Microsoft has released security updates for Exchange Server 2016 and Exchange Server 2019. On a number of Exchange Server systems, the installation of the October 2023 updates ends with error 0x80070534. The cause seems to be the lack of cleanup of the August 2023 update mess. Furthermore, some administrators want to re-enable the IIS token cache module. Here is some information about these issues.
Advertising
The August and October 2023 updates
Microsoft Microsoft released security updates for Exchange Server 2016 and Exchange Server 2019 on October 10. I had reported on these updates in the post Exchange Server Security Updates (October 10, 2023).
Furthermore, I would like to point out the August 2023 updates that led to an installation disaster and withdrawn patches (see article links at the end of the post and the post Exchange Server August 2023 update: all patches pulled; workaround changed).
Updates fail with error 0x80070534
However, during the update installation of the October 2023 updates, some Exchange Server installations fail. Blog reader gmu describes it in this German comment for Exchange Server 2019 CU13: The attempt to automatically install update KB5030877 failed with error 0x80070643. After that, all Microsoft Exchange services were disabled. Attempting a manual installation with download of the KB (German) aborted with the error "ERROR: While installing the Exchange Server Update, error 1603 occurred." in the console.
The error code 0x80070534
The error code 0x80070534 stands for "no mapping between account names and security IDs was done. (see also), i.e. it fails because of missing accounts or security IDs. So there is something on the respective systems that does not fit (because the error occurs only on single systems).
Consequences of the August 2023 disaster
The above explanation of the error message already points to an "account problem". In August 2023, there was a problem with non-English Exchange Server systems that the update failed because of a missing Active Directory account (see EExchange Server August 2023 update: all patches pulled; workaround changed). Microsoft had withdrawn the August 2023 update because of the problems and then offered a workaround.
Uninstall August 2023 Update V1
In the comments of my German blog readers there was then a hint that the installed August 2023 v1 SU as well as the workaround to be done there was the cause. To clean up the Exchange Server system is:
Advertising
- uninstall the installed August 2023 v1 SU and then reboot the system, this requires the AD user to be created manually,
- then the workaround has to be undone, i.e. the manually created AD account has to be removed again,
- then the August 2023 v2 SU can be installed.
The last step is not strictly necessary since the SUs are cumulative and the October 2023 SU could be installed directly on step 2. The steps to undo the August 2023 SU v1 issues are outlined in this Techcommunity article. After cleaning up the system, it should be possible to install the October 2023 SU – which has been confirmed by affected parties on the blog. Microsoft has since added the following entries to its Techcommunity article.
- 10/12/23: Added a note that additional steps might be necessary to address password prompts in multi-forest deployments (issues resolved section)
- 10/11/23: Added a FAQ for setup error that can be encountered if August 2023 SUv1 was installed on Exchange running on non-English OS
- 10/11/23: Added a FAQ clarifying that re-enabling IIS Token Cache is not required but is optional
There are references to known issues in the Techcommunity article, and also reader comments about issues.
Enable IIS Token Cache
With the August 2023 SU, the IIS token cache was disabled for security reasons. In the meantime, Microsoft has closed the vulnerability in question. Those who need the IIS Token Cache can enable it again. Microsoft addressed something about this in the FAQ in this Techcommunity article. This reader comment here on the blog also addresses the issue.
Similar articles:
Exchange Server Security Updates (October 10, 2023)
Microsoft Security Update Summary (August 8, 2023)
Exchange Server Security Updates (August 8, 2023)
Workaround for Exchange August 2023 security update install issue
Exchange Server August 2023 update: all patches pulled; workaround changed
Advertising