Exchange Server Role Requirements Calculator 7.8

Exchange 2010 Mailbox Role Sizing Calculator 16.4The Exchange team today published an update for the Exchange 2013 Server Role Requirements Calculator as well. The new version number is 7.8. This version incorporates sizing for Exchange 2016 as well and includes support for ReFS (default for Exchange 2016). The version number is also dropped from the calculator.

More or less complementary to the calculator is the updated sizing guidance for Exchange 2016, which was also published today here. No big changes here, apart from multi-role only option and a slight increase in CPU requirements to cover for unforeseen circumstances as the team is still learning from real-world behavior. This makes sense, looking at the speed in which the calculator was released compared to the one for Exchange 2013. Kudos to the Exchange team!

New and enhanced functionality since version 7.6:

  • Added support for Exchange 2016
  • Included CPU utilization guidance changes for Exchange 2016
  • Diskpart.ps1 and CreateDAG.ps1 now support ReFS
  • Moved DataMoveReplicationConstraint setting from CreateMBDatabases.ps1 to CreateMBDatabaseCopies.ps1
  • Revised all of the Distribution dialog controls to load their defaults from variables rather than use hard-coded values
  • The DAG name from the Input tab now flows through as the default on the Export DAG dialog
  • Updated Distribution tab dialog controls to persist the global catalog value during a session
  • Added conditional formatting for ReplayLagTime and SafetyNetThreshold
  • Removed 2013 from the name of the calculator

Fixes since version 7.6:

  • Fixed inaccuracies with “Number of Exchange Data Volumes per Server” input
  • Fixed calcActDBPDCWorst formula to take into account non-HA deployments
  • Fixed multiple dbs / volume calculation to take into account ReplayLagManager
  • Fixed calcNumDBCopyInSDC formula to take into account proper number of lagged copies
  • Fixed MaxPreferredActive not being displayed for A/A (Single DAG) site resilient solutions
  • Fixed an issue with Fail* buttons on Distribution tab when using some regional settings
  • Fixed an issue with volume path persistence on the Distribution tab Mount Points dialog

You can download the calculator here. For more information, please consult the list of changes here or Read Me here.

Blocking Mixed Exchange 2013/2016 DAG

Ex2013 LogoIn the RTM version of Exchange 2016, there’s an issue in that it is allows you to add Exchange 2016 Mailbox servers to Exchange 2013 Database Availability Groups, and vice-versa. As stated in the Release Notes (you do read those?), creating such a mixed version DAG is not supported. In theory, you could even jeopardize your Exchange data, as database structures from both versions are different. This action is also not prevented from the Exchange Admin Center, requiring organizations to have very strict procedures and knowledgeable Exchange administrators.

If you are worried about this situation and you want to prevent accidently adding Mailbox servers to an existing DAG consisting of members of a different Exchange version, there is a way (until this is blocked by the product itself, of course). Cmdlet Extension Agents to the rescue!

The Scripting Agent not only allows you to add additional instructions to existing Exchange cmdlets, but also to provide additional validation before cmdlets are executed. I did two short articles on Cmdlet Extension Agents’ Scripting Agent here and here, so I will skip introductions.

First you need to download a file named ScriptingAgentConfig.xml from the location below. If you already have Scripting Agents, you need to integrate the code in your existing ScriptingAgentConfig.xml files. The code checks if the server you want to add using the Add-DatabaseAvailabilityGroup cmdlet is of a different major version than one of the current DAG members.

Next, you need to copy this ScriptingAgentConfig.xml file to $ENV:ExInstallPath on every Exchange 2013 and Exchange 2016 server in your organization, e.g. C:\Program Files\Microsoft\Exchange Server\V15\Bin\CmdletExtensionAgents\ScriptingAgentConfig.xml.  To help your with this process, Exchange fellow Paul Cunningham made a small script to push this XML from the current folder to every Exchange server in your organization, PushScriptingAgentConfig.ps1.

Last step is to enable the Scripting Agent using:

Enable-CmdletExtensionAgent ‘Scripting Agent’

After distributing the scripting agent file and enabling the scripting agent, when you try to add an Exchange 2016 (version 15.1) server to an Database Availability Group consisting of Exchange 2013 Mailbox servers, using Add-DatabaseAvailabilityGroupServer, you will receive an error message:


This also works vice-versa, thus when you inadvertently try to add Exchange 2013 servers to an Exchange 2016 Database Availability Group, provided you distributed the XML on the Exchange 2013 servers as well. The error is also thrown when you try to perform this action using the Exchange Admin Console.

You can download the ScriptingAgentConfig.XML for blocking Mixed Exchange 2013/2016 DAGs from the TechNet here.

Exchange 2010-2013 Migration and OAB

Ex2013 LogoLast year, Exchange fellows Andrew Higginbotham, Paul Cunningham as well as the Exchange Team reported on checking, and when necessary configuring, your Offline Address Book (OAB) in your current Exchange Server 2010 environment, prior to installing Exchange Server 2013. Not doing so could result in a complete download of the Offline Address Book created by Exchange Server 2013, titled ‘Default Offline Address List (Ex2013)’.

Today I received a report that there is a different symptom of configuration absence. In this case, the customer reported on the inability to download the offline address book, and upon further inspection the Autodiscover server did not report back on the offline address book URL to use. In other words, OAB information was absent from the Autodiscover response, and Outlook gets confused. Note that this issue was reported in Outlook 2010 after installing Exchange Server 2013 Cumulative Update 10. I’m not sure if this change in behavior was introduced in these later builds of Exchange 2013 or Outlook, but it’s still a good thing to know.

The remedy here of course is to configure any (Exchange 2010) mailbox database with unconfigured Offline Address Book setting, and point them to the default offline address book using:

Get-MailboxDatabase | Where-Object {$_.OfflineAddressBook -eq $Null} | Set-MailboxDatabase -OfflineAddressBook (Get-OfflineAddressBook | Where-Object {$_.IsDefault -eq $True})

Exchange 2013 and .NET Framework 4.6

Ex2013 LogoA quick heads-up that when you are running Exchange Server 2013, you should not install or update to .NET Framework 4.6. This version of the .NET framework is not only not supported, it may also cause your Exchange 2013 server to stop functioning correctly.

When you have updated from a previous version, a suggested workaround is to uninstall .NET Framework 4.6. However, with all the dependencies on the .NET Framework by Exchange Server, it maybe preferred, when you did install version .NET Framework 4.6, to migrate contents, i.e. mailboxes etc., to a new Exchange 2013 server, and decommission the one you installed .NET 4.6.

More information can be found in KB3095369.

Exchange 2013 CU10 & Exchange 2010 SP3 RU11

Ex2013 LogoThe Exchange Team released Cumulative Update 10 for Exchange Server 2013 (KB3078678) as well as Rollup 11 for Exchange Server 2010 Service Pack 3 (KB3078674). These version levels will be required for co-existence with Exchange Server 2016, which is to be released at a later date. The updates raise the version numbers to 15.0.1130.7 and, respectively.

Cumulative Update 10 contains the following fixes for Exchange Server 2013:

  • KB 3087126 MS15-103: Description of the security update for Exchange Server: September 8, 2015
  • KB 3094068 Permissions for a linked mailbox are added to an account in the wrong forest in an Exchange Server 2013 environment
  • KB 3093884 The link in a quarantined email shows an empty list for ActiveSync-enabled devices in Exchange Server 2013
  • KB 3093866 The number of search results can’t be more than 250 when you search email messages in Exchange Server 2013
  • KB 3088911 Inline attachments are sent as traditional when you smart forward an HTML email in an iOS device in Exchange Server 2013
  • KB 3087571 Can’t edit or resend a delayed delivery message when you open the message from the Outbox folder in Exchange Server 2013
  • KB 3087293 “550 5.6.0” NDR and duplicated attachments when an encrypted email is sent in Outlook in Exchange Server 2013
  • KB 3080511 HTML forms aren’t available when the DisableFilter parameter is enabled in Outlook Web App in Exchange Server 2013
  • KB 3080221 LegacyExchangeDN attribute is displayed when you use Outlook Web App to view an appointment in Exchange Server 2013
  • KB 3079217 Outlook Web App replies to the wrong email address when an email has more than 12 recipients in Exchange Server 2013
  • KB 3078966 Outlook 2011 for Mac client displays emails as they come from the same senders in Exchange Server 2013
  • KB 3078443 Incorrect results are displayed when you search for an email that has a certain attachment name in Exchange Server 2013
  • KB 3078438 Performance issues occur in an Exchange Server 2013 environment that’s running BlackBerry Enterprise Server 5
  • KB 3078404 Can’t access a shared mailbox after you migrate from Exchange Server 2010 to Exchange Server 2013
  • KB 3076257 EWS returns a Success response code even if a batch deletion request isn’t completed in Exchange Server 2013
  • KB 3074823 No Send As audit events are logged when you use Send As permission in Exchange Server 2013
  • KB 3071776 “A problem occurred” error when you access shared folders in Exchang Server 2013 mailbox by using Outlook Web App
  • KB 3069516 Mailbox size and quota information are reported incorrectly in Outlook and Outlook Web App in Exchange Server 2013
  • KB 3061487 “FailedToGetRootFolders” error when you run an eDiscovery estimate search for archive mailboxes in Exchange Server 2013
  • KB 3058609 Wrong recipient is specified in an inbox rule that has the ForwardTo or RedirectTo option in Exchange Server 2013
  • KB 3009631 Advanced Find against the Sent Items folder in Outlook returns no result in Exchange Server 2013
  • KB 2999011 Documents are partially indexed by Exchange search when they embed other documents in Exchange Server 2013
  • KB 2983161 Organization unite picker is missing when you create a Remote Mailbox in Exchange Admin Console in Exchange Server 2013
  • KB 3091308 Can’t install cumulative updates or service packs when MachinePolicy or UserPolicy is defined in Exchange Server 2013

For Exchange Server 2010 SP3, Rollup 11 contains the following fix:

  • KB 3092576 Exchange 2010 Information Store crashes randomly


    • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
    • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
    • This Cumulative Update does include Active Directory changes when compared to the previous Cumulative Update. If you have deployed a version earlier than CU10, make sure you run setup /PrepareAD.
    • If you got an Exchange 2010 DAG, and want to properly update the DAG members, check the instructions here.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading Exchange 2013 servers is irrelevant, unlike with previous generations of Exchange. Exchange 2010 Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier updates.

You can download Exchange 2013 Cumulative Update 10 here and Exchange 2010 SP3 Rollup 11 here. The Exchange 2013 CU10 Language Packs are available here.

Connecting to Office 365/Exchange

powershellAlmost 3 years ago, I wrote an article on how to enhance the PowerShell Integrated Scripting Environment, or ISE. That seemed adequate for the Exchange admin back then, who mostly connected their PowerShell session to their his on-premises environment, and perhaps occasionally a bit of Exchange Online.

Fast forward to 2015, most modern Exchange administrators not only require a connection – if any – to their Exchange on-premises environment, but likely to one or more of the Office 365 services as well. This includes Exchange On-Premises, Azure Active Directory, Exchange Online Protection and perhaps even Skype for Business Online, SharePoint Online, Azure Rights Management Services or Compliance Center.

All these service use a different PowerShell session, use a different endpoint FQDN, and sometimes even require a locally installed PowerShell module. Likely common denominator is the credential used to access each of these services. So, tired of re-entering my credentials every time when switching from Exchange Online to Exchange Online Protection, I created a script with a set of functions to allow me connect to each individual Office 365 service or Exchange Online:

  • Connect-AzureAD: Connects to Azure Active Directory
  • Connect-AzureRMS: Connects to Azure Rights Management
  • Connect-ExchangeOnline: Connects to Exchange Online
  • Connect-SkypeOnline: Connects to Skype for Business Online
  • Connect-EOP: Connects to Exchange Online Protection
  • Connect-ComplianceCenter: Connects to Compliance Center
  • Connect-SharePointOnline: Connects to SharePoint Online
  • Get-Office365Credentials: Gets Office 365 credentials
  • Connect-ExchangeOnPremises: Connects to Exchange On-Premises
  • Get-OnPremisesCredentials: Gets On-Premises credentials
  • Get-ExchangeOnPremisesFQDN: Gets FQDN for Exchange On-Premises
  • Get-Office365Tenant: Gets Office 365 tenant name (SharePoint)

Note that functions and credentials used in the script are global, and in principle only need to be entered once per shell or ISE session. If you need different credentials, call Get-Office365Credentials again. User interaction is a very basic Read-Host, but it does the job.

During initialization, the script will detect the modules which are required for certain Office 365 services. When not installed, it will notify you, and provide a link where to obtain the PowerShell module. The related Connect function will not be made available. The Azure Active Directory module also requires the Microsoft Online Sign-In Assistant to be installed. Needless to say, PowerShell is required to run this script, which is tested against version 4 (but should work with 3)

The functions are contained in a script called Connect-Office365Services.ps1. You can call this script manually from your PowerShell session to make the functions available. However, more convenient may be to have them always available in every PowerShell or ISE session. To achieve this, you need to edit your $profile, which is a script which always starts when you start a PowerShell or ISE session. By default this file does not exist and you need to create it, including the path. Also note that the files for PowerShell and ISE are different, Microsoft.PowerShell_profile.ps1
and Microsoft.PowerShellISE_profile.ps1 respectively.

Now, of course you can copy and paste the functions from the script file to your own $profile. Better is to call the script from your $profile, as this allows you to overwrite the Connect-Office365Services.ps1 with updates. To achieve this, assume you copied the Connect-Office365Services.ps1 in the same location as your $profile, for example C:\Users\Michel\Documents\WindowsPowerShell. You can then make PowerShell and ISE call this script by adding the following line to the $profile scripts:

& “$PSScriptRoot\Connect-Office365Services.ps1”

Now when you start a PowerShell session, you might see the following:


This shows the Microsoft Online Sign-In Assistant and Azure Active Directory PowerShell module is available, and related connect functions should be available.

When you load the script from ISE, it will show something similar. However, it will also show ISE is detected and make all functions available through the Add-On menu:


Customize this script to your liking. For example, if you always want to connect to Azure Active Directory when connecting to Exchange Online, add Connect-AzureAD in the Connect-ExchangeOnline function, or when you always want to connect to a fixed FQDN for Exchange On-Premises, insert it in the script or – better – configure your $profile to predefine the FQDN, e.g. $global:ExchangeOnPremisesFQDN=’’.

Also, you may with to leverage prefixing the imported cmdlets so you can easily switch between Exchange On-Premises and Exchange Online. For example, you can then having something like Get-EXOMailbox and Get-EOPMailbox corresponding to Get-Mailbox in your Exchange Online or Exchange On-Premises within the same shell session. However, as with aliases, think of the ‘the next guy’ who may not have these prefixed cmdlets, and instructions or scripts may require adoption to work, etc. But if you insist, for more information on prefixing cmdlets when importing a PowerShell session, see here.

Windows 10
Be advised that when used with Windows 10 build 10525 or 10532, your PowerShell session might crash when connecting to certain services, e.g. Exchange Online Protection. Fellow Exchange MVP Tony Redmond wrote about this here, including a possible workaround. Windows 10 RTM does not have this issue.

Download / Revisions
You can download the script from the TechNet Gallery here. The TechNet Gallery page as well as the script contains revision information.

Feedback is welcomed through the comments. If you got scripting suggestions or questions, do not hesitate using the contact form.

Client Message Size Limits

powershellLast Update: Version 1.11, November 4th, 2015

Exchange 2013 enforces certain message size limits when it comes to client messages. These limits are in-place so clients can’t generate excessive load on your Exchange environment. These limits are determined for various access methods in multiple web.config files on Exchange Client Access Servers as well as Mailbox Servers.

Sometimes you may have good reasons to increase those limits. For example, when migrating to Office 365 using a product like MigrationWiz, you may want to increase the limit for Exchange Web Service (EWS) requests to allow for migration of larger items. Another example is when you want to allow for bigger attachments in Outlook WebApp (OWA). On TechNet, there’s an article on how to reconfigure these limits. However, the process consists of editing multiple web.config files, replacing multiple values in the same file, and following this process on each Exchange 2013 server in your environment. This is not only labor intensive and prone to error, but becomes tedious when you consider that each Cumulative Update will overwrite your web.config files.

But do not despair. To execute these changes for OWA and EWS, I have created a PowerShell script which will perform these tasks for you.

Using the script requires Exchange 2013. You need to provide the server name (default is local server) or AllServers to apply to all Exchange 2013 servers in your environment. The script will modify the web.config remotely using the system share (e.g. C$), using the location of the Exchange installation, and uses IISRESET tool to restart IIS. It will create a backup of the web.config before modifying it.


  1. The script checks for running in elevated mode when running against the local machine.
  2. Current version of the script requires Exchange Management Shell, to run Exchange cmdlets for checking installed roles a.o., as the web.config files which require editing depend on the installed roles.
  3. For OWA, add ~33% to the value you want to specify to compensate for encoding overhead.
  4. When connected to an Exchange server, the script processes the server hosting the EMS session last to prevent abortion caused by IIS reset.
  5. Script currently runs against Exchange 2013.

The script Configure-ClientSizeLimits.ps1 uses the following syntax:

.\Configure-ClientSizeLimits.ps1 [-Server |-AllServers] [-OWA ] [-EWS ] [-Reset] 

A quick walk-through on the parameters and switches:

  • Server specifies the server to configure. When omitted, it will configure the local server. This parameter is mutually exclusive with AllServers.
  • AllServers switch specifies to configure all Exchange 2013 servers. This switch is mutually exclusive with Server.
  • OWA configures the message size limit for OWA. Value is in 1KB units.
  • EWS configures the message size limit for EWS. Value is in 1KB units.
  • Reset switch specifies to perform an IISRESET against servers after reconfiguration of client-specific message size limits.

So, suppose you want to configure an OWA message size limit for you can use:

.\Configure-ClientSizeLimits.ps1 -Server EX01 -OWA 100 -EWS 10240 -Reset

Configure Client Size Limits If you want to configure EWS limits for all servers without resetting IIS, you could use:

.\Configure-ClientSizeLimits.ps1 -AllServers -EWS 10240

You can download the script from the TechNet Gallery here.

Feedback is welcomed through the comments. If you got scripting suggestions or questions, do not hesitate using the contact form.

See TechNet Gallery page.

To Do
Compatibility with Exchange 2010 and removal of dependency on Exchange Management Shell.

Exchange 2013 Server Role Requirements Calculator 7.6

Exchange 2010 Mailbox Role Sizing Calculator 16.4The Exchange team published an update for the Exchange 2013 Server Role Requirements Calculator as well. The new version number is 7.6.

Changes since version 6.6:

  • Added support for ReplayLagManager
  • Added support for PreferredMaximumActiveDatabases
  • Added new table that exposes theoretical CPU utilization for each mode (normal runtime, first server failure, second server failure, site failure, site failure + 1 failure)
  • Added Restore-DatabaseAvailabilityGroup scenario support in Distribution algorithm
  • Added warning about designs that include more than24 processor cores / server and 96GB of memory
  • Added support for DAGs without Administrative Access Point (default behavior is no administrative access point) in the CreateDAG script
  • Changed default for Deleted Item Retention in export file to be the highest profile value for Deleted Item Retention
  • Changed default for Circular Logging in export file to be true when using Exchange Native Protection
  • Added ability to save scripts and CSV files to OneDrive for Business
  • Fixed CreateDAG.ps1 script error for DAG creation without administrative IP address
  • Modified CreateMBDatabases.ps1 to ignore CircularLogging choice and modified CreateMBDatabaseCopies.ps1 to enforce CircularLogging choice
  • Fixed Export DAG list function to use the correct value for MaximumActiveDatabases
  • Added support for MaximumPreferredActiveDatabases and AutoDatabaseMountDial in Export DAG List function and createdag.ps1
  • Modified CreateMBDatabaseCopies.ps1 to remove sleep timer, improving copy creation significantly
  • Fixed createdag.ps1 to not generate an error when there is no alternate witness server provided

Fixes since version 6.6:

  • Fixed an issue that prevented the calculator from displaying results when site resilience was disabled while Active/Active (Single DAG) was selected
  • Changed Processor Cores/Server to not use a list drop down, thereby enabling customers to enter in configurations they are deploying.
  • Fixed bugs in Diskpart script with PrepareAutoReseedVolume switch and WhatIf processing
  • Fixed bug in Diskpart with escaping quotes in some languages
    Fixed bug with display of lag copies in single site design
  • Fixed multiple databases / volume calculation to take into account symmetric designs that utilize an odd number of servers in a single site
  • Fixed scenario to count number of servers in A/P scenario where the only copy deployed in DR is a lagged copy
  • Fixed #NAME error in Database Copy Configuration table for standalone configurations
  • Updated DC1 memory sizing to take into account site failure mode for A/A (Single DAG) designs involving a 2 copy architectures
  • Updated Distribution Tab error reporting and Lastrow calculation
  • Fixed copy count validation formula for site resilient scenarios to not allow more copies in the primary datacenter than the number of servers
  • Added support for 10TB and 12TB capacity disks
  • Fixed run-time error on distribution tab when disabling site resilience
  • Fixed distribution error when disabling cross-site failover
  • Fixed bug in Distribution tab ActiveServer formula when modeling Cross Site Failover behavior
  • Fixed an issue with the distribution tab throwing an error when two files were opened at the same time
  • Fixed distribution algorithm where lagged copies were not always represented correctly
  • Blocked unsupported A/A (Single DAG) scenario where copy count is not the same in both datacenters

You can download the calculator here. For more information, please consult the list of changes here or Read Me here.

Exchange 2013 Cumulative Update 9

Ex2013 LogoThe Exchange Team released Cumulative Update 9 for Exchange Server 2013 (KB3049849). This update raises Exchange 2013 version number to 15.0.1104.5.

Cumulative Update reintroduces configuration of sent items for shared mailboxes, as was possible in Exchange 2010 but wasn’t available in Exchange 2013 yet. More information here.

Next to a security fix for MS15-064, this Cumulative Update contains the following fixes:

  • KB2983216 Category setting on an item in Outlook jumps the selection to the top of the list in an Exchange Server 2013 environment
  • KB2988660 Role assignment with custom write scope fails in an Exchange Server 2013 environment
  • KB3003978 Email messages are displayed with incorrect format in Outlook in an Exchange Server 2013 environment
  • KB3006849 GSSAPI-based Kerberos authentication protocol is not offered to IMAP clients in Exchange Server 2013
  • KB3009631 Advanced Find against the Sent Items folder in Outlook returns no result in Exchange Server 2013
  • KB3032153 Recurring events in Calendar over DST are not adjusted on all ActiveSync devices in all Exchange Server environments
  • KB3040681 MapiExceptionTimeout error during a hierarchy synchronization process of multiple public folders in Exchange Server 2013
  • KB3040683 System WLM overrides do not work when you do on-premises installations in Exchange Server 2013
  • KB3049081 OwaDeepTestProbe probe fails intermittently on a server that installs the Mailbox server role in Exchange Server 2013
  • KB3049771 Outlook Web App logon page takes longer time than expected to time out in an Exchange Server 2013 environment
  • KB3050825 EdgeTransport.exe starts to crash when PriorityQueuingEnabled is set to “True” in Exchange Server 2013
  • KB3050877 Emails that are sent as a secondary mailbox are not saved in the delegate’s Sent Items folder in Exchange Server 2013
  • KB3055940 “Object reference not set to an instance” error when you install cumulative update in Exchange Server 2013
  • KB3056045 “Cannot find Template User object” error when you find contacts that use a consumer domain in Exchange Server 2013
  • KB3056133 Exchange Server 2013 Activation time of transport rule is not displayed in UTC time
  • KB3056413 SMTP connection fails when you log on with a child domain account and use NTLM authentication in Exchange Server 2013
  • KB3056817 Update adds the Let me select the message option in Outlook Web App in an Exchange Server 2013 environment
  • KB3056822 Dynamics CRM 2013 stops synchronizing items from mailbox in an Exchange Server 2013 environment
  • KB3060825 The MSExchangeDelivery service crashes when you receive an email message from a specific sender in Exchange Server 2013
  • KB3064393 “Bad Command. 12” error and IMAP CAPABILITY commands are not offered in an Exchange Server 2013 co-existence environment
  • KB3068681 RPC encryption requirement is re-enabled for RPC Client Access Service after you upgrade server in Exchange Server 2013
  • KB3069060 Recurring meetings are accepted when their time conflicts on the same room mailbox in Exchange Server 2013
  • KB3069501 Duplicate folders are created after a mailbox move in Exchange Server 2013 Enterprise
  • KB3071427 Outlook Web App still downloads web beacon contents when you forward email messages in Exchange Server 2013


  • If the new Set-Mailbox parameters for Sent Items configuration, i.e. MessageCopyForSentAsEnabled and MessageCopyForSendOnBehalfEnabled, are not available after installing this CU, run Setup /PrepareAD /IAcceptExchangeServerLicenseTerms explicitly.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
  • Previously released CU7 introduced changes to prevent restoration of pre-CU7 databases. Pre-CU7 users are advised to perform a full backup post-upgrade to CU7 or later.
  • Previously released CU7 added support for hierarchies containing 250,000 modern public folders. Consult this article for co-existence scenarios.

This Cumulative Update does not include schema or Active Directory changes when compared to Cumulative Update 7. If you have deployed a version earlier than CU7, make sure you run PrepareSchema /PrepareAD.  If you want to speed up the Cumulative Update installation process, you can temporarily disable certificate revocation checking as described here.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading servers is irrelevant, unlike with previous generations of Exchange.

Finally, and I can’t emphasize this enough: For any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a week or two and monitor the comments on the release article or TechNet forum for any issues.

You can download Exchange 2013 Cumulative Update 8 here; UM Language Packs can be found here.

Exchange data: NTFS vs. ReFS

chartFor Exchange, NTFS has been the file system of choice since time immemorial. In 2012, Windows Server 2012 introduced a new file system: Resilient File System or just ReFS. ReFS was designed to overcome some of the limitations of NTFS, in particular in the area of maintaining data integrity. More information on ReFS in comparison to NTFS can be found here.

At that time Windows Server 2012 went RTM, the latest version of Exchange, Exchange 2010, was not supported to run on ReFS. Present day, Exchange 2010 still doesn’t support ReFS. However, when Exchange 2013 entered the arena shortly after Windows Server 2012, it came with support for both NTFS and ReFS file systems. NTFS was still considered best practice, with ReFS being a supported option with the added recommendation to turn off ReFS’ integrity checking feature, and disabling it for Content Index-exclusive volume is optional. It may therefor come as no surprise that nearly all customers are deploying Exchange 2013 on NTFS volumes only.

That may change with Exchange 2016. As announced at Ignite 2015, for Exchange 2016 more emphasis will be put on following the Preferred Architecture design when deploying Exchange on-premises. The Exchange 2016 Preferred Architecture contains guidance to use ReFS formatted, BitLocker encrypted data volumes with Exchange 2016. The latter option is of course to protect organizations against theft of physical storage devices.

With some time to spare, I was interested to see what the impact would be on the storage performance when using NTFS or ReFS, and especially the performance penalty when enabling BitLocker on a volume. Similar to a comparison I did between Exchange 2010 and Exchange 2013 on different operating systems, I ran a JetStress 2013 test utilizing these 3 file systems to get a sense of what to expect.

The ESE engine files from Exchange 2013 CU8 were used for testing, along with the following parameters:

Mode Test Disk Subsystem Throughput
Thread Count 12 (fixed)
Min/Max DB Cache 32 MB / 256 MB
Ins / Del / Repl / Read % 40/20/5/35
Lazy Commits 70%
Run Background DB Maintenance True
Databases 1 x DB (186GB), 3 Copies
Running Time 2 Hours

Databases and logs were stored on a DAS SSD drive, and the volume was GPT partitioned with 64K allocation units. ReFS Integrity checking was disabled for the volume using:

Format-Volume –DriveLetter X -FileSystem ReFS -AllocationUnitSize 65536 -SetIntegrityStreams $false

The drive supported hardware encryption for BitLocker, which offloads encryption to the drive. You can verify that hardware encryption is used after enabling BitLocker on the volume by inspecting the BitLocker status using the manage-bde utility or Get-BitLockerVolume cmdlet:


As you can see from the EncryptionMethod property, this volume is protected using hardware-based BitLocker encryption. Perhaps needless to say, but the CPU performance penalty is substantial when using BitLocker with software encryption, and this mode is not to be used with I/O intensive applications like Exchange.

Note that if you deploy a Database Availability Group on ReFS formatted storage, and you want to use AutoReseed, you need to create or configure your DAG using the FileSystem parameter specifying ReFS, e.g.

New-DatabaseAvailabilityGroup -Name DAG1 -FileSystem ReFS

This makes sure that AutoReseed prepares volumes using the proper file system.

The results from the JetStress tests are show in the following table:





JetStress Version




Operating System


Overall Test Result





Achieved Transactional IOPS






Database Reads Average Latency (msec)






Database Writes Average Latency (msec)






Database Reads/sec






Database Writes/sec






Database Reads Average Bytes






Database Writes Average Bytes






Log Reads Average Latency (msec)






Log Writes Average Latency (msec)






Log Reads/sec






Log Writes/sec






Log Reads Average Bytes






Log Writes Average Bytes






Avg. % Processor Time






Some observations and notes:

  • ReFS caused a ~13-14% IOPS drop when compared to NTFS.
  • Using ReFS resulted in increased I/O latencies, especially write operations.
  • ReFS had a positive impact on the processor utilization, lowering average utilization by around 15%.
  • For some reason, average write latencies were lower using ReFS with BitLocker rather than without it (~10%).

Given the impact of file system choice on I/O performance and CPU utilization, I hope next versions of Exchange Server Role Calculator will feature an option to select which file system will be used to store Exchange data, as the difference in I/O performance and CPU utilization between NTFS and ReFS seems significant. Though this small test was performed with Exchange 2013 running on Windows Server 2012 R2, It could be that Exchange 2016 or the next version of Windows Server 2016 contain changes that will diminish the differences or perhaps even grant ReFS an advantage over NTFS. This is something we will only know after these products have shipped, something worth investigating later this year.

The JetStress reports can be found here.

I will finish with a short disclaimer: This test was only performed to get an indication of performance impact of using different file systems with Exchange 2013 utilizing identical hardware. The results are purely indicative, and not necessarily representative for other configurations nor meant to provide guidance or proof. Always test and validate your configuration using tools like JetStress before putting Exchange in production.