How to fix Event ID 455 ESENT error on Windows 10

ESENT is a built-in database search engine on your PC which helps File Explorer, Windows Search to search for parameters throughout your Windows 10 computer. If you’re encountering the Event ID 455 ESENT error on your Windows 10 device, then this post is intended to help you. In this post, we will provide the potential solutions you can try to mitigate this issue.

When this error occurs, you’ll see in the event log the following error description;

svchost (15692,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile

C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Fix Event ID 455 ESENT error

If you’re faced with this Event ID 455 ESENT error on your Windows 10 PC, you can try either of our two recommended solutions presented below to resolve the issue.

  1. Create Database folder in TileDataLayer folder via File Explorer
  2. Create Database folder in TileDataLayer folder via Command Prompt

Let’s take a look at the description of the process involved concerning either of the listed solutions.

1] Create a Database folder in TileDataLayer folder via File Explorer

To create a Database folder in TileDataLayer folder via File Explorer, do the following:

  • Press Windows key + R to invoke the Run dialog.
  • In the Run dialog, copy and paste the directory path (assuming the C drive is housing your Windows 10 installation) below and hit Enter.
C:Windowssystem32configsystemprofileAppDataLocal
  • Now, right-click on the open space and then click New >Folder to create a folder in that location.
  • Next, rename the new folder as TileDataLayer.
  • Now, double-click the newly created TileDataLayer folder on it to explore it.
  • Again right-click on the space within the open folder and then click New >Folder to create a new folder.
  • Rename the new folder as Database.
  • Exit File Explorer
  • Reboot your computer.

After rebooting the Event ID 455 ESENT error should be fixed.

Alternatively, to achieve the same result using File Explorer, you can use the CMD Prompt. Continue below to see how.

2] Create a Database folder in TileDataLayer folder via Command Prompt

To create a Database folder in TileDataLayer folder via Command Prompt, do the following:

  • Press Windows key + R to invoke the Run dialog.
  • In the Run dialog box, type cmd and then press CTRL + SHIFT + ENTER to open Command Prompt in admin/elevated mode.
  • In the command prompt window, copy and paste the syntax below one by one and hit Enter after each line to execute them sequentially on your computer.
cd configsystemprofileAppDataLocalmkdir TileDataLayercd TileDataLayermkdir Database
  • Once the task completes, exit the CMD prompt.
  • Reboot your computer.

After rebooting the Event ID 455 ESENT error should be fixed.

ESENT

ESENT is an embeddable, transactional database engine. It first shipped with Microsoft Windows 2000 and has been available for developers to use since then. You can use ESENT for applications that need reliable, high-performance, low-overhead storage of structured or semi-structured data. The ESENT engine can help with data needs ranging from something as simple as a hash table that is too large to store in memory to something more complex such as an application with tables, columns, and indexes.

Active Directory, Windows Desktop Search, Windows Mail, Live Mesh, and Windows Update, currently rely on ESENT for data storage. And Microsoft Exchange stores all of its mailbox data (a large server typically has dozens of terabytes of data) using a slightly modified version of the ESENT code.

Features

Significant technical features of ESENT include:

  • ACID transactions with savepoints, lazy commits, and robust crash recovery.
  • Snapshot isolation.
  • Record-level locking (multi-versioning provides non-blocking reads).
  • Highly concurrent database access.
  • Flexible meta-data (tens of thousands of columns, tables, and indexes are possible).
  • Indexing support for integer, floating-point, ASCII, Unicode, and binary columns.
  • Sophisticated index types, including conditional, tuple, and multi-valued.
  • Columns that can be up to 2GB with a maximum database size of 16TB.

Benefits

  • No additional download needed. ManagedEsent uses the native esent.dll that already comes as part of every version of Microsoft Windows.
  • No administration required. ESENT automatically manages log files, database recovery, and even the database cache size.

Note: The ESENT database file cannot be shared between multiple processes simultaneously. ESENT works best for applications with simple, predefined queries; if you have an application with complex, ad-hoc queries, a storage solution that provides a query layer will work better for you.

Related:

How to recall a message sent in Microsoft Outlook

Shocked stressed woman looking at laptop reading negative surprise online

Image: fizkes, Getty Images/iStockphoto

It’s inevitable. You send someone an email in Microsoft Outlook. And then you realize for one reason or another that the message has a mistake or that it shouldn’t have been sent at all. You can fix your error after the fact by recalling a message. Using the recall feature under the right conditions, your previous email is deleted without the recipient ever seeing it. You can also send a replacement message with the correct information.

SEE: How to add a drop-down list to an Excel cell (TechRepublic)

There are some requirements if the recall feature is to work properly. For your recalled message to be deleted, both you and the recipient must have a Microsoft 365 Business account or Microsoft Exchange email account in the same organization, meaning the same Exchange system on the backend. The email must have been delivered to the recipient’s mail server but it must not have been read yet.

However, even if you and the recipient use different email clients or backend systems, or you fail to recall the message before it’s been read, the recall feature can still serve a purpose. Though the initial email won’t be deleted, the recipient receives a follow-up message indicating that you want to recall the previous email. That tells them that your initial email is incorrect or invalid for some reason. You should then follow up your initial email and recall message with another email that contains the right information or corrects the initial one.

SEE: 50 time-saving tips to speed your work in Microsoft Office (free PDF) (TechRepublic)

How to recall a message in Microsoft Outlook

To try this, open Outlook. Start a new email and address it to the recipient. Send the email (Figure A).

Figure A

figure-a.jpgfigure-a.jpg

Now, let’s say you notice an error in your email and want to recall it. Open the email from your Sent Items folder. Select the Actions icon and click the option to Recall This Message (Figure B).

Figure B

figure-b.jpgfigure-b.jpg

The Recall This Message window offers two options. Choosing to “Delete unread copies of this message” tries to remove the message with no follow up. Choosing to “Delete unread copies and replace with a new message” gives you an opportunity to immediately send a follow-up message with the correct information. To learn if the recall succeeds, keep the box checked for “Tell me if recall succeeds or fails for each recipient.” Click OK (Figure C).

Figure C

figure-c.jpgfigure-c.jpg

If you chose the option to replace with a new message, a new email appears with the text from the original message so you can fix the problem and send the corrected version (Figure D).

Figure D

figure-d.jpgfigure-d.jpg

If you and the recipient use the same Microsoft 365 Business or Exchange backend environment, then the email should be deleted from the recipient’s inbox automatically. If so, you’ll receive an email indicating that the recall was successful for that particular user.

If you and the recipient use different email clients or backend mail services, the initial email remains in that person’s inbox. A follow-up email then arrives that tells the recipient that you would like to recall the message. You then have to rely on your recipient to ignore or delete the original message in favor of the corrected one (Figure E).

Figure E

figure-e.jpgfigure-e.jpg

For more information on the different recall scenarios, check out Microsoft’s support page on “Recall or replace an email message that you sent.”

Microsoft Weekly Newsletter

Be your company’s Microsoft insider by reading these Windows and Office tips, tricks, and cheat sheets. Delivered Mondays and Wednesdays

Sign up today

Also see

Related:

  • No Related Posts

Microsoft releases Windows 10 builds 18363.815, 18362.815 with a ton of fixes

Patch Tuesday was only a week ago, but it’s now time for this month’s round of optional updates. Typically, Microsoft does this in several installments, offering updates to different versions at different times. But today, Windows 10 version 1909, 1903, 1809, 1803, and 1607 are all getting updates.

The reason that they’re all getting patched today is likely because this is going to be one of the last times to do it. Starting in May, Microsoft won’t be releasing optional cumulative updates anymore, only Patch Tuesday updates. This is to focus on stability for those working from home during the COVID-19 pandemic.

For those on Windows 10 versions 1909 and 1903, you’ll get KB4550945, bringing the build number to 18363.815 and 18362.815, respectively. You can manually download it here, and these are the highlights:

  • Updates an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image error message appears.
  • Updates in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network.
  • Updates an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows.
  • Updates an issue that causes a text box that contains multiple lines of text to stop responding in certain scenarios.
  • Updates an issue that generates unexpected notifications when you change the default application settings.
  • Updates an issue that causes Windows Update to stop responding when you check for updates.
  • Updates an issue that fails to print content that is outside of the margins of a document.

Here’s the full list of fixes:

  • Addresses an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image exception dialog box appears.
  • Addresses in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network.
  • Addresses an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows.
  • Addresses an issue that causes a box that contains multiple lines of text to stop responding in certain scenarios.
  • Addresses an issue that prevents the touch keyboard from appearing during sign in when the user is prompted for the password.
  • Addresses an issue that prevents the touch keyboard from opening in Universal Windows Platform (UWP) apps when USB devices are connected.
  • Addresses an issue that displays incorrect folder properties in File Explorer when the path is longer than MAX_PATH.
  • Addresses an issue that prevents the correct lock screen from appearing when all of the following are true:
    • The Group Policy Object (GPO) policy “Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsInteractive Logon: Do not require Ctrl+Alt+Del Computer” is disabled.
    • The GPO policy “Computer ConfigurationAdministrative TemplatesSystemLogonTurn off app notifications on the lock screen” is enabled.
    • The registry key HKLMSOFTWAREPoliciesMicrosoftWindowsSystemDisableLogonBackgroundImage is set to 1.
  • Addresses an issue that generates unexpected notifications related to changing the default application settings.
  • Addresses an issue that causes the sign in screen to be blurry.
  • Addresses an issue that causes Windows Update to stop responding when you check for updates.
  • Addresses an issue that prevents the Sign in options page from opening using the ms-settings:signinoptions-launchfingerprintenrollment Uniform Resource Identifier (URI).
  • Addresses an issue with Bluetooth group policy settings on Microsoft Surface Pro X devices.
  • Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
  • Addresses a reliability issue in WDF01000.sys.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that causes the Trusted Platform Module (TPM) initialization to fail with system event error 14 and prevents Windows from accessing the TPM.
  • Addresses an issue that causes communication with the TPM to time out and fail.
  • Addresses an issue that prevents hash signing using the Microsoft Platform Crypto Provider for TPMs from working correctly. This issue might also affect networking software, such as VPN applications.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses an issue that causes systems to stop working with a 0x3B stop code when running a binary that is signed by a revoked certificate.
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents a user’s PIN from being changed after connecting the device to Microsoft Workplace Join.
  • Addresses an issue that fails to print content that is outside of the margins of a document.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes Microsoft Edge to stop working if you attempt to use paste functionality on webpages when cut-and-paste functionality has been disabled using a policy and Windows Defender Application Guard is active.
  • Addresses an issue that causes the Clipboard service to unexpectedly stop working.

Windows 10 version 1809 just had its support extended, and those users will get KB4550969, bringing the build number to 17763.1192. You can manually download it here, and these are the highlights:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Updates an issue that causes a text box that contains multiple lines of text to stop responding in certain scenarios.
  • Updates an issue that fails to print content that is outside of the margins of a document.

Here’s the full list of fixes:

  • Addresses an issue that occurs when a third-party application loads hidden tabs into Internet Options.
  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue that causes a box that contains multiple lines of text to stop responding in certain scenarios.
  • Addresses an issue that prevents the first key stroke from being recognized correctly in the DataGridView cell.
  • Addresses an issue that causes an application that uses msctf.dll to stop working, and the 0xc0000005 (Access violation) exception appears.
  • Addresses an issue that prevents the correct lock screen from appearing when all of the following are true:
    • The Group Policy Object (GPO) policy “Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsInteractive Logon: Do not require Ctrl+Alt+Del Computer” is disabled.
    • The GPO policy “Computer ConfigurationAdministrative TemplatesSystemLogonTurn off app notifications on the lock screen” is enabled.
    • The registry key HKLMSOFTWAREPoliciesMicrosoftWindowsSystemDisableLogonBackgroundImage is set to 1.
  • Addresses a reliability issue in WDF01000.sys.
  • Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
  • Addresses an issue that causes the Event Viewer Microsoft Management Console (MMC) to stop working when the secondary monitor is above the primary monitor. An out of bounds exception appears.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that prevents hash signing using the Microsoft Platform Crypto Provider for TPMs from working correctly. This issue might also affect networking software, such as VPN applications.
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents a user’s PIN from being changed after connecting the device to Microsoft Workplace Join.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses an issue that fails to print content that is outside of the margins of a document.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes high CPU usage on Active Directory (AD) domain controllers when migrating to Windows Server 2019. This increases latency in Microsoft Exchange operations, causes Managed Store contention, and severely impacts index creation in Active Directory and the Global Catalog’s performance.
  • Addresses an issue that logs incorrect Internet Protocol (IP) addresses in the audit logs because of missing or old data for active requests coming from “windowstransport/usernamemixed/certificatemixed” endpoints.
  • Addresses an issue that causes devices that are provisioned for Windows Hello for Business (WHfB) to fail. Registration occasionally fails, which leads to a delay in WHfB enrollment and, in some instances, creates Conflicting Objects (CNF) in the Active Directory “Registered Device” container.
  • Addresses an issue that might cause a deadlock in the Remote Desktop Gateway service.
  • Addresses an issue that might cause the Remote Desktop Gateway service to stop working.
  • Addresses an issue that causes systems to stop working with a 0x3B stop code when running a binary that is signed by a revoked certificate.
  • Addresses an issue that prevents the Notification State registries from being deleted for certain apps even after the user profile is deleted.
  • Addresses an issue that causes stop error 0x18 (REFERENCE_BY_POINTER) when Remote Desktop sessions redirect devices that are not input devices.

This one does have one known issue to be aware of:

Symptom Workaround
After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_ COMPONENT_NOT_FOUND.”
  1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.
  2. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

  1. Go to the Settings app > Recovery.
  2. Select Get Started under the Reset this PC recovery option.
  3. Select Keep my Files.

Microsoft is working on a resolution and will provide an update in an upcoming release.


For those running Windows 10 version 1803, which is only supported for Enterprise and Education SKUs, you’ll get KB4550944, bringing the build number to 17134.1456. You can manually download it here, and there’s one highlight:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.

Here’s the full list of fixes:

  • Addresses an issue that occurs when a third-party application loads hidden tabs into Internet Options.
  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue that prevents the first key stroke from being recognized correctly in the DataGridView cell.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue with running klist.exe that causes lsass.exe to stop working and generates an access violation error (0xC0000005).
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses a Task Manager CPU frequency display issue that locks to the base frequency on devices equipped with certain CPUs.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that occurs when you try to sign in to Windows during recovery mode. The error, “No administrator accounts are available on this machine”, appears.
  • Addresses an issue that prevents you from removing some local users from local built-in groups. For example, you cannot remove “Guest” from the “Guests” local group.
  • Addresses an issue that prevents certain apps from installing if they are published using a Group Policy Object.
  • Addresses an issue that causes Microsoft Edge to stop working if you attempt to use paste functionality on webpages when cut-and-paste functionality has been disabled using a policy and Windows Defender Application Guard is active.

Finally, Windows 10 version 1607 is still supported for LTSB and Windows Server 2016 customers, and they’ll get KB4550947, bringing the build number to 14393.3659. You can manually download it here, and it has the same one highlight:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.

Here’s the full list of fixes:

  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue with Dynamic Data Exchange (DDE) that causes a memory leak when multiple clients connect to the same server.
  • Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that might cause a delay of up to two minutes when signing in or unlocking a session on Hybrid Azure Active Directory-joined machines.
  • Addresses an issue with running klist.exe that causes lsass.exe to stop working and generates an access violation error (0xC0000005).
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that might prevent Dynamic Host Configuration Protocol (DHCP) servers from providing the right options to clients when a reservation exists.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes devices that are provisioned for Windows Hello for Business (WHfB) to fail. Registration occasionally fails, which leads to a delay in WHfB enrollment and, in some instances, creates Conflicting Objects (CNF) in the Active Directory “Registered Device” container.
  • Addresses an issue that occurs when you try to sign in to Windows during recovery mode. The error, “No administrator accounts are available on this machine”, appears.
  • Addresses an issue that prevents you from removing some local users from local built-in groups. For example, you cannot remove “Guest” from the “Guests” local group.
  • Addresses an issue that logs incorrect Internet Protocol (IP) addresses in the audit logs because of missing or old data for active requests coming from “windowstransport/usernamemixed/certificatemixed” endpoints.
  • Addresses an issue that might cause a deadlock in the Remote Desktop Gateway service.
  • Addresses an issue in Srv2.sys that might cause 0x18, 0xC2, and 0x19 errors.
  • Addresses an issue that prevents the Notification State registries from being deleted for certain apps even after the user profile is deleted.

This one also has one known issue:

Symptom Workaround
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.


As mentioned earlier, these updates are optional. That means that you can get it through Windows Update if you opt into it, or you can install it manually. If you choose to not take the update, these fixes will be bundled into next month’s Patch Tuesday updates.

Related:

Microsoft Exchange: 355000 Servers Lack Critical Patch

Governance & Risk Management , IT Risk Management , Patch Management

Fix Released in February Only Installed on 18 Percent of Servers, Rapid7 WarnsMathew J. Schwartz (euroinfosec) • April 8, 2020

Microsoft Exchange: 355,000 Servers Lack Critical Patch
Rapid7: Any attempts to exploit CVE-2020-0688 will leave artifacts in the Windows and IIS logs, including the name of the legitimate user account that was used.

Patch or perish alert: Less than than 20 percent of all Microsoft Exchange servers have received a fix for a serious flaw Microsoft first disclosed nearly two months ago, security firm Rapid7 warns.

See Also:Live Webinar | Can Medium-Sized Companies Automate Access to Critical Multi-Cloud IT Environments?

“As of March 24, there were over 350,000 Exchange servers exposing a version of the software that has this vulnerability,” writes Tom Sellers, a senior manager at Boston-based Rapid7 Labs, in a blog post.

The vulnerability could allow a remote attacker “to turn any stolen Exchange user account into a complete system compromise,” he says. “In many implementations, this could be used to completely compromise the entire Exchange environment – including all email – and potentially all of Active Directory” (see: Why Hackers Abuse Active Directory).

Microsoft addressed the remote-code-execution vulnerability – designated CVE-2020-0688 – via security updates it released on Feb. 11 for all supported versions of Microsoft Exchange. At least at that point, the flaw didn’t appear to have been targeted in the wild, the company said. The flaw was reported to Microsoft by an anonymous researcher via Trend Micro’s Zero Day Initiative.

“A remote-code-execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time,” Microsoft said in its security alert. “Knowledge of the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM. The security update addresses the vulnerability by correcting how Microsoft Exchange creates the keys during install.”

Security Updates Include Patch

To fix the flaw, Microsoft pushed security updates for four base versions of Exchange:

  • Exchange Server 2010 service pack 3 update rollup 30;
  • Exchange Server 2013 cumulative update 23;
  • Exchange Server 2016 cumulative update 14;
  • Exchange Server 2016 cumulative update 15;
  • Exchange Server 2019 cumulative update 3;
  • Exchange Server 2019 cumulative update 4.

But the vast majority of these servers remain unpatched, according to a survey conducted by Project Sonar, Rapid7’s in-house internet scanning project (see: Is COVID-19 Driving a Surge in Unsafe Remote Connectivity?).

“On March 24, we used Project Sonar to survey the internet for publicly facing Exchange Outlook Web App – OWA – services,” Sellers says. “What we found was that at least 357,629 (82.5 percent) of the 433,464 Exchange servers we observed were known to be vulnerable.”

Subsequently, Sellers added a caveat that 35,000 fewer servers might be vulnerable, owing to Microsoft’s fix for Exchange 2010 not updating the visible build information, meaning that scans alone could not tell if an Exchange 2010 system had been updated. Instead, organizations will need to manually verify that every such system has the update. Sellers says they should do the same for all Exchange 2013 and newer systems, noting that the build number alone should indicate if the relevant update is in place.

Check for Compromise

Rapid7 also recommends all organizations that use Exchange search for any signs that they have been compromised via this flaw.

“The exploit code that we tested with left log artifacts in the Windows Event Log and the IIS [Internet Information Services] logs on both patched and unpatched servers,” Sellers says, noting that the log error message will also name the compromised user account.

“You will see the username of the compromised account name at the end of the log entry,” according to Rapid7’s Tom Sellers

Because the attack requires a valid Exchange user account to succeed, “any user accounts seen in these exploitation attempts should be considered compromised,” Sellers says.

But Wait, There’s More

Unfortunately, the Project Sonar scans revealed more widespread problems than a lack of CVE-2020-0688 patching. Notably, Rapid7 researchers found 31,000 Exchange 2010 servers online that had received no updates since 2012, as well as 800 Exchange 2010 servers that have never been updated. It also saw 10,371 Exchange 2007 servers.

“In addition to the high numbers of servers that are missing multiple updates, there is a concerning number of Exchange 2007 and 2010 servers,” Sellers says, although he notes that Exchange 2007 is not vulnerable to CVE-2020-0688. Even so, the unsupported operating system long ago stopped receiving security updates, and now has a raft of critical flaws that attackers could exploit. “Exchange 2007 transitioned to ‘end of support’ status nearly three years ago, on April 11, 2017,” he says. “No security updates, bug fixes, time zone updates, etc., are provided after that date.”

Exchange 2010 was scheduled to reach end of support on Jan. 14, although that’s now been postponed until Oct. 13, 2020. “There are over 166,000 of these servers connected to the internet,” Sellers says. “That’s a staggering number of enterprise-class mail systems that will be unsupported in a few months.”

Related:

Several groups of nation states hack Microsoft Exchange servers

Several groups of nation states hack Microsoft Exchange servers

A number of government-supported hacking groups exploit a recent patch vulnerability in Microsoft Exchange email servers.

The exploits were first detected by British cybersecurity company Volexity on Friday and confirmed to ZDNet today by a DOD source.

Volexity did not share the names of the hacking groups that exploit this Exchange vulnerability. Volexity did not return a comment request for additional details.

The DOD source described the hacking groups as “all great players”, who also denied naming groups or countries.

Microsoft Exchange vulnerability

These state-sponsored hacking groups exploit a vulnerability in the Microsoft Exchange email servers that Microsoft hacked last month, on the Patch Tuesday in February 2020.

The vulnerability is traced under the ID of CVE-2020-0688. The following is a summary of the technical details of the vulnerability:

  • During installation, Microsoft Exchange servers do not create a unique cryptographic key for the Exchange Control Panel.
  • This means that all Microsoft Exchange email servers launched over the past ten years use the same cryptographic keys (validationKey and decryptionKey) for control panel support.
  • Attackers can submit malicious requests to the Exchange Control Panel that contain malicious serialized data.
  • Since hackers know the encryption keys in the control panel, they can make sure that serialized data is not serialized, which generates malicious code that runs on the backend of the Exchange server.
  • The malicious code is executed with system privileges, giving the attackers full control of the server.

Microsoft released patches for this error on February 11, when it also warned sysadmins to install solutions as soon as possible, foreseeing future attacks.

Nothing happened for almost two weeks. However, things got even closer to the end of the month when the Zero-Day Initiative, which reported the bug to Microsoft, released a technical report detailing the error and how it worked.

The report served as a roadmap for security researchers, who used the information contained in the design concept holdings to test their own servers and create detection rules and mitigation.

At least three of these proof-of-concept concepts found their way to GitHub (1, 2, 3). A Metasploit module was soon followed.

As in many other cases before, when the technical details and proof-of-concept code were made public, hackers also began to pay attention.

On February 26, a day after the Zero-Day Initiative was broadcast live, hackers began scanning the Internet for Exchange servers, collecting lists of vulnerable servers that they could target at a later date. The first such scans were detected by the intelligence company Bad Packets.

CVE-2020-0688 started mass scanning activity. Please refer to our API for “tags = CVE-2020-0688” to locate hosts performing scans. #threatintel

– Wrong Package Report (@bad_packets) February 25, 2020

Now, according to Volexity, Exchange server scans have become real attacks.

The first to address this error were APTs – “advanced persistent threats”, a term often used to describe state-sponsored pirate groups.

However, other groups are also expected to follow suit. Security researchers whom ZDNet spoke with earlier said they anticipate the bug to become very popular with ransomware bands that regularly run enterprise networks.

Harmonize older and useless phishing credentials

This Exchange vulnerability, however, is not easy to exploit. Security experts do not see this bug being abused by kiddies (a term used to describe low-level hackers).

To exploit CVE-2020-0688 Exchange Error, hackers need the credentials for an email account on the Exchange server, which script scripts usually do not have.

CVE-2020-0688 Security Default is an error called post-authentication. The hackers must first log in and then execute the malicious payload hijacked by the victim’s email server.

But while that limitation will keep the script kiddies out, APTs and ransomware bands do not apply, experts said.

APTs and ransomware bands often spend most of their time launching phishing campaigns, after they get email credentials for their employees.

If an organization applies 2-Factor Authentication (2FA) for email accounts, then those credentials are essentially useless, as 2FA can not be hacked by hackers.

Error CVE-2020-0688 allows APTs to finally find a purpose for those older 2FA-protected accounts that had spit months or years earlier.

They can use any of these older credentials as part of the CVE-2020-0688 operation without the need to bypass 2FA, but still take over the victim’s Exchange server.

Good point about this: Sometimes an APT will get some valid passwords for user accounts in a target organism, but will not be able to use them immediately because of 2FA. However, you can add the credits and patiently wait for new opportunities to emerge. https://t.co/HzY8CmSepM

– Brian at Pittsburgh (@arekfurt) March 7, 2020

Organizations with “APT” or “ransomware” in their threat array are encouraged to upgrade their Exchange email servers with the February 2020 security updates as soon as possible.

All Microsoft Exchange servers are considered vulnerable, even life-threatening (EoL) versions. For EoL versions, organizations should look for the upgrade to a newer Exchange version. If updating the Exchange server is not an option, companies are encouraged to reset a password for all Exchange accounts.

Grabbing email servers is the Holy Grail of APT attacks, as this allows nation-state groups to intercept and read a company’s email communications.

Historically, APTs have previously served with Exchange servers. Previous APTs that have hacked Exchange include Turla (a Russia-linked group) and APT33 (an Iranian group).

This post on the TrustedSec blog contains instructions on how to detect if an Exchange server has already been hacked by this error.

Related:

  • No Related Posts

Top 6 Ways to Fix Cannot Expand Folder Error in Outlook

5. Create a New Outlook Profile

It is recommended that you follow point 4 above before moving on to create a new profile. Rename the folder that you can’t expand in Outlook. Right-click on the folder and select the Rename option to do so. Take a backup, if you must. If you have taken a backup on the server or in the cloud, delete the profile the below mentioned:

C:UsersUSERNAMEAppDataLocalMicrosoftOutloook

Of course, the Username above and the drive letter should be your corresponding user name and Windows installation drive. Reboot your computer.

Open Outlook and under the Files menu, click on Account Settings > Manage Profiles.

Click on Show Profiles.

Click on Add to begin creating a new profile.

You can now add email accounts to this newly created profile and check if you still get the Cannot expand folder error.

6. Repair PST and OST File

The Outlook email account data is stored in a .PST file if you are using IMAP or POP account. The same is stored in a .OST file if you are using Office 365 or Exchange account. Depending on the email account throwing the Cannot expand folder error in Outlook app, choose one method.

Repair OST File

Open Control Panel and go to User Account > Mail > Show Profiles. Select the profile you are having trouble with and click on Properties below. Now select Data Files in the pop-up that follows.

Select the email account data file and click on Open File Location.

A new window will open with a file name with .OST extension. Delete the file and reboot your computer. Launch Outlook and it will recreate the file automatically.

Repair PST File

The same steps won’t work for .PST file. Press Windows key+R to open the Run prompt. Enter the below file path in case of Office 2016, Office 2019, and Office 365.

C:Program Files (x86)Microsoft OfficerootOffice16

For Outlook 2013:

C:Program Files (x86)Microsoft OfficeOffice15

Double-click the SCANPST.EXE file, which will launch the Microsoft Outlook Inbox Repair experience. I wish there was a direct way of launching it.

Click on Browse on the pop-up that follows.

A new File Explorer window will open. You need to locate the .PST file here and when you find it, click on the Start button.

Select ‘Make a backup of scanned file before repairing’ option to create a backup in case something goes wrong.

Now click on Repair to begin the process.

Look Out

There are way too many versions of Outlook that Microsoft has released over the years. That makes troubleshooting a bit more difficult. However, we try our best to offer the best workable solutions. If you have found another way to solve the Cannot open folder error in the Outlook app, let us know in the comments below.

Next up:Using Microsoft Outlook on your smartphone? Here are 9 cool Outlook tips and tricks for Android and iOS.

Last updated on 29 Feb, 2020
Read NextTop 9 Outlook Email Tips and Tricks for iOS and AndroidAlso See#email #Microsoft

Did You Know

The term spam pre-dates e-mail.

More in Windows

How to Get Apple Reminders on Windows

Top 9 Google Sheets Budget Templates for Finance Tracking

Join the newsletter

Get Guiding Tech articles delivered to your inbox.
Subscribe

Share on

FacebookTwitterLinkedInRedditWhatsAppEmail

Join the newsletter

SubscribeView Comments

Written By

Gaurav Bidasaria

Gaurav is a tech enthusiast who loves talking about new gadgets and innovations. He dropped out of CA because he found the work life boring and monotonous! He recently started working out but mostly, you will find him on the couch either Netflix-ing or gaming.

  • #Android
  • #Windows#Internet#iOS#Gadgets#Mac#Buying Guides

  • #How-tos
  • #Comparisons#Tips & Tricks

  • Facebook
  • Facebook (Hindi)InstagramInstagram (Hindi)YouTubeYouTube (Hindi)TwitterTwitter (Hindi)

  • Guiding Tech

    AboutContactTerms of UsePrivacy Policy

    Advertise

    © 2020 Guiding Media Pvt Ltd. All Rights Reserved.

  • Related:

    • No Related Posts

    Save Outlook: Five Ways to Recover Email from Error 0x8004010F

    Email services with a bright design and many new features appear almost every day. However, none of them could replace Outlook or at least compete with it. You can only come to terms with this. The secret to the popularity of the service is that it is part of the Microsoft Office suite, intuitive and straightforward. Besides, only Outlook allows you to take full advantage of the many features of Microsoft Exchange Server.

    Of course, Outlook is not only mail but also a diary, calendar, notes, and messages. Almost all human life is stored in one encrypted file. Therefore, it’s not very good if, when you try to enter the mail client, such a message pops up: 0x8004010F: Outlook data file cannot be accessed.

    No panic! We will try to find out what happened to the mail. Most likely, it’s not too late to save it.

    Save Outlook: Five Ways to Recover Email from Error 0x8004010F 09 | TweakTown.com

    Spoiler: I’m not particularly eager to look in the answers, but if someone is in a hurry, the Recovery Toolbox for Outlook which is very useful in such situations, saved me.

    Returning the Outlook File

    The appearance of the 0x8004010F error means that the Outlook file that stores all the mail is damaged or lost. Gone with the spring wind? It doesn’t matter what happened. You can quickly recover lost mailings if you use a server with IMAP protocol support (Exchange Server, Office365, Gmail, Mail.ru, and the like).

    How does it work? The server automatically saves a copy of the file stored on the hard disk; therefore, at any time, we can access the lost data. To do this, you need to abandon the local file that has stopped responding and create a new one using the unique Outlook tool.

    Very similar to syncing local data with the cloud, right? Specialized knowledge for recovery is not needed, and the process itself consists of six easy steps-further details.

    Recovering an Outlook Account from a Remote Server

    • Start Outlook.
    • Go to Account settings.
    • Select the account you want to recover.
    • Select the Change folder.
    • Click the New Outlook Data File.
    • Confirm the changes with OK.

    If everything went well, you would get access to the lost mail. Exhale and go to check the mailing list. If not, then with a nasty sound this window will pop up:

    Save Outlook: Five Ways to Recover Email from Error 0x8004010F 08 | TweakTown.com

    This popup often happens. Try disabling any programs that could affect the recovery process and carry out the procedure from the very beginning. However, the chances of success tend to zero. Mail is not available on the remote server, which is possible, for example, if Outlook uses the POP3 protocol, and all mailings are stored in one local file.

    No need to worry. Even after recovery using the server failed, options remain. First, check the Windows settings; there is a chance that they cause the failure. You may not have permission to access the local Outlook file, and this will lead to an error. To configure access rights, do the following:

    1. Launch Windows Explorer.

    2. Select the desired PST file. If its location is unknown, you can find the file using the same explorer, for this, enter in the window: “*.pst” (without quotes).

    Save Outlook: Five Ways to Recover Email from Error 0x8004010F 01 | TweakTown.com

    3. Right-click on the file.

    4. Go to Properties.

    5. Uncheck the box next to Read Only.

    6. Click on the Security tab.

    Save Outlook: Five Ways to Recover Email from Error 0x8004010F 02 | TweakTown.com

    7. In the “Groups and Users” menu, you need to select the account under which you are logged in.

    8. Make sure that all permissions (except for Special Permissions) are checked.

    9. Confirm changes by clicking OK.

    Permissions configured, but file still unavailable? So, let’s move on. Unfortunately, there are not many options left. The only thing that remains after you tried to restore mail from the server and set the correct system settings is to restore from a backup or other backup mail, PC. Or you can try to repair the damaged file using special programs and services.

    Mail Recovery Using Microsoft Office Tools

    Please take care of backup in advance-restore mail and forget about the error with the code 0x8004010F: Outlook data file cannot be accessed for a long time. If there is no backup, then you need to look for a unique tool. The good news: one of the most popular PST file recovery software is already on your computer.

    We are talking about the Inbox Repair Tool, which comes with the office suite. The tool is easy to use and, importantly, completely free, you need to look for it here:

    • Outlook 2019/2016: C:Program Files (x86)Microsoft OfficerootOffice16
    • Outlook 2013: C:Program Files (x86)Microsoft OfficeOffice15
    • Outlook 2010: C:Program Files (x86)Microsoft OfficeOffice14

    Unfortunately, the free tool does not always work, but the Inbox Repair Tool does not take much time either. It makes sense first to try to solve the problem with its help. If it did not work out, we would look for other options, in any case, you need to return the email.

    Online Services

    The online recovery and conversion services for Outlook databases give good chances, but you have to pay for the pleasure. There are a large number of such sites, ones of the most popular: https://outlook.recoverytoolbox.com/online/

    The whole process takes five minutes to lose:

    • Select a file on your hard drive
    • Enter your email
    • Enter the verification code correctly
    • Pay for the service in one of the ways offered by the site

    If everything is done correctly, and it could not be otherwise, you will receive a link to the corrected file. The cost of the service usually does not exceed ten dollars for one file up to 1 GB in size. The only question is security.

    If you are not satisfied that someone unknown will get access to your personal data-bank card numbers, passwords from social networks, family photos-it is better to choose a method that is not related to sending mail to a remote server. For example, install a particular program.

    Recovery Toolbox for Outlook

    A convenient and inexpensive tool, you can download it from the link: https://outlook.recoverytoolbox.com/outlook-data-file-cannot-be-accessed.html The program does not require connection with third-party sites. Therefore there are no privacy problems when using Recovery Toolbox for Outlook. It’s easy with which to work. The developers made sure that you can proceed immediately after installation. Before you begin, it is recommended that you backup an important file.

    In such a simple way, you not only protect yourself from surprises, but you can also check the system. If a Windows error pops up during the copy process, you must format or change the hard drive, and then reinstall the system. To not have a disaster again, in the future, do not forget to backup the operating system. The backup will save you nerves and improve digestion.

    Bug the error 0x8004010F: Outlook data file cannot be accessed

    Recovery Toolbox for Outlook performs well in recovering Outlook accounts after error 8004010F. What do we have to do:

    1. Download and install the tool from the official website: https://outlook.recoverytoolbox.com/outlook-data-file-cannot-be-accessed.html

    2. Run the installed program.

    3. Find the file we need on disk.

    Save Outlook: Five Ways to Recover Email from Error 0x8004010F 03 | TweakTown.com

    4. Left-click on Recovery Mode.

    5. Select the folder with the Outlook files.

    6. Replace the damaged file with the corrected.

    Note! In the latest versions of Outlook, you can replace the file either by manually moving it to the Outlook folder or by using the program method, which needs to be done like this:

    1) Select the item File/Details

    2) Click Account Settings

    Save Outlook: Five Ways to Recover Email from Error 0x8004010F 05 | TweakTown.com

    3) Select Data Files

    4) Select a damaged file from the list

    5) Click Open file location…

    Save Outlook: Five Ways to Recover Email from Error 0x8004010F 06 | TweakTown.com

    That’s all. Next, we need to delete the old file, otherwise sooner or later, errors will pop up.

    Conclusion

    Now it remains only to test the work of Outlook. If everything is done according to the instructions, error 0x8004010F: Outlook data file cannot be accessed will not bother you for a long time. Otherwise, reread the article and try to figure out what exactly was done wrong. I hope this little setback did not stop you halfway.

    Remember that you can always contact Recovery Toolbox for Outlook support. Experienced specialists will help you. Of course, only if you use the licensed version of the program or pay for the work of the online service.

    On this, I say goodbye to you and wish you good luck.

    Related: