Exchange 2013 Cumulative Update 9

Ex2013 LogoThe Exchange Team released Cumulative Update 9 for Exchange Server 2013 (KB3049849). This update raises Exchange 2013 version number to 15.0.1104.5.

Cumulative Update reintroduces configuration of sent items for shared mailboxes, as was possible in Exchange 2010 but wasn’t available in Exchange 2013 yet. More information here.

Next to a security fix for MS15-064, this Cumulative Update contains the following fixes:

  • KB2983216 Category setting on an item in Outlook jumps the selection to the top of the list in an Exchange Server 2013 environment
  • KB2988660 Role assignment with custom write scope fails in an Exchange Server 2013 environment
  • KB3003978 Email messages are displayed with incorrect format in Outlook in an Exchange Server 2013 environment
  • KB3006849 GSSAPI-based Kerberos authentication protocol is not offered to IMAP clients in Exchange Server 2013
  • KB3009631 Advanced Find against the Sent Items folder in Outlook returns no result in Exchange Server 2013
  • KB3032153 Recurring events in Calendar over DST are not adjusted on all ActiveSync devices in all Exchange Server environments
  • KB3040681 MapiExceptionTimeout error during a hierarchy synchronization process of multiple public folders in Exchange Server 2013
  • KB3040683 System WLM overrides do not work when you do on-premises installations in Exchange Server 2013
  • KB3049081 OwaDeepTestProbe probe fails intermittently on a server that installs the Mailbox server role in Exchange Server 2013
  • KB3049771 Outlook Web App logon page takes longer time than expected to time out in an Exchange Server 2013 environment
  • KB3050825 EdgeTransport.exe starts to crash when PriorityQueuingEnabled is set to “True” in Exchange Server 2013
  • KB3050877 Emails that are sent as a secondary mailbox are not saved in the delegate’s Sent Items folder in Exchange Server 2013
  • KB3055940 “Object reference not set to an instance” error when you install cumulative update in Exchange Server 2013
  • KB3056045 “Cannot find Template User object” error when you find contacts that use a consumer domain in Exchange Server 2013
  • KB3056133 Exchange Server 2013 Activation time of transport rule is not displayed in UTC time
  • KB3056413 SMTP connection fails when you log on with a child domain account and use NTLM authentication in Exchange Server 2013
  • KB3056817 Update adds the Let me select the message option in Outlook Web App in an Exchange Server 2013 environment
  • KB3056822 Dynamics CRM 2013 stops synchronizing items from mailbox in an Exchange Server 2013 environment
  • KB3060825 The MSExchangeDelivery service crashes when you receive an email message from a specific sender in Exchange Server 2013
  • KB3064393 “Bad Command. 12” error and IMAP CAPABILITY commands are not offered in an Exchange Server 2013 co-existence environment
  • KB3068681 RPC encryption requirement is re-enabled for RPC Client Access Service after you upgrade server in Exchange Server 2013
  • KB3069060 Recurring meetings are accepted when their time conflicts on the same room mailbox in Exchange Server 2013
  • KB3069501 Duplicate folders are created after a mailbox move in Exchange Server 2013 Enterprise
  • KB3071427 Outlook Web App still downloads web beacon contents when you forward email messages in Exchange Server 2013


  • If the new Set-Mailbox parameters for Sent Items configuration, i.e. MessageCopyForSentAsEnabled and MessageCopyForSendOnBehalfEnabled, are not available after installing this CU, run Setup /PrepareAD /IAcceptExchangeServerLicenseTerms explicitly.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
  • Previously released CU7 introduced changes to prevent restoration of pre-CU7 databases. Pre-CU7 users are advised to perform a full backup post-upgrade to CU7 or later.
  • Previously released CU7 added support for hierarchies containing 250,000 modern public folders. Consult this article for co-existence scenarios.

This Cumulative Update does not include schema or Active Directory changes when compared to Cumulative Update 7. If you have deployed a version earlier than CU7, make sure you run PrepareSchema /PrepareAD.  If you want to speed up the Cumulative Update installation process, you can temporarily disable certificate revocation checking as described here.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading servers is irrelevant, unlike with previous generations of Exchange.

Finally, and I can’t emphasize this enough: For any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a week or two and monitor the comments on the release article or TechNet forum for any issues.

You can download Exchange 2013 Cumulative Update 8 here; UM Language Packs can be found here.

(Re)configuring IM Integration

powershellNote: If you are looking to integrate Exchange 2016 with Lync/SfB, there is a new cmdlet for configuring this setting as persistent. Consult this article.

Anyone who has configured Exchange 2013 IM integration with Lync Server at some point has to modify the web.config file on the Mailbox servers to configure OWA with the proper certificate for enabling IM. Another thing (read: nuisance) is that when you have configured IM integration and you apply a Cumulative Update to Exchange 2013, the web.config will be overwritten, in which case you need to reapply those changes to the web.config file.

This is where the script Configure-IMIntegration.ps1 might come in handy.

Using the script requires Exchange 2013 and Lync Server. You need to provide the Lync pool and the Mailbox server you want to configure needs to have a valid certificate assigned to UM services. The script will modify the web.config remotely using the system share (e.g. C$), using the location of the Exchange installation, and uses WMI to recycle the OWA Application Pool in IIS. It will create a backup of the web.config before modifying it.

Note that the script does not perform the following steps:

  • It does not perform the Lync Server parts to configure IM integration, e.g. configure Exchange as a trusted application.
  • It does not configure Lync Server as an partner application for Exchange (Configure-EnterprisePartnerApplication.ps1).

The script Configure-IMIntegration.ps1 uses the following syntax:

.\Configure-IMIntegration.ps1 [-Server <String>] -PoolFQDN <String> [-AllCAS] [-AllMailbox]

A quick walk-through on the parameters and switches:

  • Server specifies the server to configure. When omitted, it will configure the local server. This parameter is mutually exclusive with AllMailbox.
  • AllMailbox switch specifies to configure all Mailbox servers. This switch is mutually exclusive with Server.
  • AllCAS switch specifies to enable IM integration on all Client Access servers.
  • PoolFQDN specifies the FQDN of the Lync Pool to use. This parameter is required.

So, suppose you want to quickly reconfigure IM integration on a Mailbox server after applying a Cumulative Update, you can use:

.\Configure-IMIntegration.ps1 -PoolFQDN –Server


Or, you can quickly configure Mailbox servers and CAS servers for IM integration after performing the required steps to configure the trusted application settings and installing and assigning the certificate for UM:

.\ Configure-IMIntegration.ps1 -PoolFQDN -AllMailbox –AllCAS


Note that the script will skip Mailbox servers for which it cannot find a valid UM certificate assignment. Also, in the example above, the CAS servers had already been enabled for IM.

You can download the script from the TechNet Gallery here.

Feedback is welcomed through the comments. If you got scripting suggestions or questions, do not hesitate using the contact form.

Revision History
See TechNet Gallery page.

Exchange 2013 Service Pack 1

Ex2013 LogoThe long awaited Service Pack 1 for Exchange Server 2013 was released today by the Exchange Team (KB2926248). This update raises Exchange 2013 version number to 15.0.847.32.

Service Pack 1 introduces the following changes or enhancements:

  • Support for running Exchange Server 2013 SP1 on Windows Server 2012 R2.
  • Support for Windows Server 2012 R2 Domain Controllers and Windows Server 2012 R2 Forest and Domain Functional Level.
  • MAPI over HTTP.  More information on MAPI over HTTP here. Note that MAPI over HTTP requires Outlook 2013 SP1; you can download Office 2013 SP1 32-bit version here and the 64-bit version here.
  • DLP policy tips for OWA.
  • Add custom document types to DLP using fingerprinting technologies.
  • Cmdlet logging in Exchange Administrative Console.
  • Support for IP-less DAGs (on Windows Server 2012 R2).
  • S/MIME support.
  • Rich-Text editor for OWA.
  • Edge Transport server role.
  • Support for SSL Offloading.

Service Pack 1 includes the following fixes:

  • 2860242 HTML format is lost after saving as an MSG file in Exchange 2013
  • 2900076 Mailbox quota warning message uses an incorrect language in Exchange Server 2013
  • 2910199 “Reply all by IM” chat window displays seven recipients in Outlook Web App
  • 2913999 Meeting request body and instructions are lost in delegate’s auto-forwarded meeting request
  • 2918655 Microsoft.Exchange.Servicehost.exe crashes after you enable FIPS
  • 2918951 Users cannot access public folders after you upgrade to Exchange Server 2013 Cumulative Update 3
  • 2925281 Outlook connectivity issue if SSLOffloading is “True” in Exchange 2013
  • 2925544 Empty ExternalURL value for ActiveSync virtual directory after build-to-build upgrade of Exchange Server 2013
  • 2927708 Resource mailboxes that are created by EAC will not be updated by policies in Exchange Server 2013
  • 2928748 Default from delegate’s address in shared mailboxes in Exchange Server 2013
  • 2928803 Long server connection for Outlook after a database failover in Exchange Server 2013
  • 2930346 POP3 access does not work if the name of the resource mailbox differs from the user’s name
  • 2930348 Manual redirection occurs in Outlook Web App if External URLs in each site are the same
  • 2930352 Outlook Web App cross-site silent redirection does not work in Exchange Server 2013

Cumulative Updates and Service Packs includes schema and AD changes, so make sure you run PrepareSchema /PrepareAD. After updating, the schema version will be 15292.

Note that Service Packs and Cumulative Updates can be installed directly, i.e. no need to install RTM prior to Cumulative Updates or Service Packs. Note that once applied, you can’t uninstall a Cumulative Update or Service Pack nor any of the installed Exchange server roles. The order of upgrading servers is irrelevant, unlike with previous Exchange generations.

Finally, and I can’t emphasize this enough: For any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a week or two and monitor the comments on the release article or TechNet forum for any issues.

Also check with any 3rd party products you may use – there are reports of compatibility issues with 3rd party transport agents by Exclaimer, Trendmicro (other AV solutions possibly as well) and CodeTwo. The cause of the Transport service failing to start or problems with installing 3rd party transport agents has been identified. A workaround can be found here.

You can download Exchange 2013 Service Pack 1 here. The Exchange 2013 SP1 UM Language Packs can be found here. More details about these changes, preparing Active Directory or installing this Cumulative Update can be found in the original announcement here.

Exchange 2013 CU2 Announcements from TechEd

Ex2013 LogoAs most of you probably know, last week was TechEd North America. The sessions on Exchange 2013 did disclose some changes for Cumulative Update 2 (CU2), which – according to the announced CU cadence – should arrive somewhere in the summer, most likely July. For those who didn’t follow my Live Tweeting from the event, here’s a quick summary of the announced or probable changes for CU2.

The return of 100 DB Limit
Exchange 2013 CU2 Enterprise Edition will bump the limit for the number of database per server from 50 to 100. The initial limit to 50 for Exchange 2013 RTM (and CU1) is said to be chosen due to performance reasons, but many customers complained they want to host more databases per server. For CU2, Microsoft made changes which enable increasing this limit to 100 again. Perhaps the customers complaining transitioned from or are currently running Exchange 2010, and are facing having to introduce additional servers to host an equal number of databases. In such cases, be advised that regardless of this increased limit, Exchange 2010 and 2013 are not directly comparable and you should utilize the Exchange 2013 Server Role Requirements Calculator to size your Exchange 2013 environment (an update will follow as soon as CU2 becomes available). An important side note to keep in mind with all this is that adding (or removing) databases in Exchange 2013 requires a restart of the Information Store service, so you might prefer maximizing the number of databases from the start, not when required to, so you’ll avoid having to shut down services or having to move mailboxes around to comply with your SLAs.

Single Sign-On Redirects
Exchange 2013 CU2 will introduce Single Sign-On (SSO) by enabling silent redirects for Outlook Web App (OWA) to downlevel CAS servers when the mailbox is hosted on a downlevel mailbox server when they’re configured with a different ExternalURL (e.g. in a different internet-facing site).

DAG Management Service
The to be introduced MSExchangeDAGMgmt service will offload the Replication service by hosting the Replication Service MonitoringComponent, providing information on health status, logging events in the same location MSExchangeRepl used to, i.e. Application Eventlog using the same Crimson channel, but still using MSExchangeRepl as source.

DAG Witness Server in Azure (possibly!)
When you’re an Azure subscriber, a feature possibly included in CU2 will allow your DAG Witness Server to be located in Azure. This allows for example customers with 2 physical datacenters to utilize automatic site fail-over, as automatic site fail-over normally requires a 3rd well connected datacenter for hosting the Witness Server. From an Azure perspective, the Witness Server will be single File Server on Azure IaaS VM or two File Servers using persistent VMs with XStore shared storage. Note that extending Active Directory permissions to the Public Cloud is required for this option.

Responder Throttling per Group
Responders are part of Exchange 2013’s Managed Availability, and define if and how to act on generated alerts, e.g. restart a service or take a Mailbox server out of service. In CU2, several responders will be throttled per group, e.g. DAG, instead of per server.

ARR Support
Not CU2 related, but it was announced that support for ARR, which stands for IIS Application Request Routing, is coming for Exchange 2013. With the discontinuation of TMG, customers are looking for alternatives to publish their Exchange 2013 (or Lync web services) and ARR is one of them, often used because it utilizes IIS and is free despite it lacking some of TMG’s features. A clue for this could lie in one of the features announced for Windows Server 2012 R2, which will contain a Web Application Proxy, which basically will be an HTTP reverse proxy aimed at publishing corporate resources for access from the public network.

Exchange 2013 Cumulative Update 1 (Updated)

Ex2013 LogoToday the long-awaited Cumulative Update 1 for Exchange Server 2013 was released by the Exchange Team (KB2816900). This update raises Exchange 2013 version number to 15.0.620.29.

As mentioned in an earlier post, this is the Exchange 2013 product level required for co-existence with previous versions of Exchange, being Exchange Server 2010 SP3 or Exchange Server 2007 SP3 Rollup 10.

The Exchange Team provided a description of the major changes in CU1 in the CU1 announcement here; Here are some of the major changes in CU1:

  • Includes Address Book Policy Routing Agent (info);
  • Allows group memberships to be managed by groups (again, as it was possible in Exchange 2007 but not in Exchange 2010);
  • Access to Public Folders you have added as favorites via your favorites menu either in Outlook or Outlook Web App (still no regular Public Folder tree access though);
  • EAC has been enhanced and now includes Unified Messaging management and migration options;
  • Many probes, monitors, and responders have been updated and improved over the RTM release;
  • Get-HealthReport cmdlet has been streamlined and its performance has been optimized;
  • Supports the Exchange Server 2013 Management Pack for SCOM 2007 R2 and SCOM 2012 (due at a later date);
  • High Availability changes (reported on by Scott Schnoll here).

Note that CU1 includes schema changes. Like Service Packs for earlier versions of Exchange, the Cumulative Update is indeed cumulative (hence the size of 1.3 GB) and you can install it directly, i.e. no need to install RTM first. Also, once installed you can’t uninstall CU1 or any of the installed roles. The order of upgrading servers doesn’t matter, unlike with earlier Exchange versions.

You can download Exchange 2013 Cumulative Update 1 here.

Update 3rd April, 2013: Meanwhile, the TechNet documentation has been updated; relevant sections for upgrading are:

Exchange 2013 Cumulative Updates and You

Ex2013 LogoFew days ago, the Exchange Team published their intentions for Exchange 2013 regarding update schemes (or as Microsoft calls it, servicing). While the article describes the policy with a Q&A section at the bottom, there are still some grey areas. In this blog, I’d like emphasize on some elements and point out those grey areas.

As you probably read before, with Exchange 2013 the Rollup packages will be replaced by Cumulative Updates (CU), a name change probably inspired by Lync’s Cumulative Update packages. But it’s more than just a name change and admins or people involved managing releases should become familiar with the new policy as it will have some features that you don’t want to get surprised by.

One of the major changes in my opinion is that there will be one team working on the product; code bases for on-premises Exchange and Exchange Online (Office 365) will brought up to par. A small change is that Microsoft will first implement – or dogfood – the Cumulative Update in their Office 365 environment after while it will be made available for on-premises or hybrid deployments. While this may improve the quality of the Cumulative Update, not all kinds of deployments will be tested so it’s no warranty. However, looking at the current situation with Office 365, it may put stress on Microsoft procedures as there are already big variations between the various regions regarding Exchange Online implementations as well as Exchange Online and the on-premises version.

Ex2013CULifeCycleIt’s the intention Cumulative Updates will be released on a quarterly basis. Each Cumulative Update will consist of a full installation set, so for example you can install Exchange 2013 Cumulative Update 2 straightaway whereas with Rollups you had to implement the Service Pack level prior to applying the related Rollup. So, this is a big convenience when for example installing greenfield scenarios or adding systems.

However,  unlike Rollups you can’t uninstall a Cumulative Update once it has been installed. This could worry people, looking back at the qualify of some past Rollups which were pulled, rereleased and in some rare cases pulled and rereleased again. But since Microsoft will now implement Cumulative Updates first, bad Cumulative Updates will become Microsoft’s problem first, not yours as it seemed to few people with some of those Rollups.

Security updates will become Cumulative Update bound, meaning they are to be installed on a specific Cumulative Update. However, there can be two supported Cumulative Update “active” at a time, so I assume security updates can be installed on both (unless Microsoft will be making two versions of each security update). The next Cumulative Update will include security updates released since the previous Cumulative Update was released. However, it might be that security updates won’t make it in the a cumulative update because of the freeze period, the period before releasing the Cumulative Update when no more updates will be added, and one needs to wait for the Cumulative Update to be released or install the security update, wait for the Cumulative Update, install the Cumulative update and reinstall the security update, in which case you might prefer waiting for the Cumulative Update. Some might rushing (security) updates won’t harm you, but remember KB2624899 fixing the IE9/MMC issue, the initial EX2010SP2RU5 which caused DAG issues or KB2750149 which broke the WS2012 Fail-over Cluster snap-in and required KB2803748 to fix the issue. Yes, Microsoft will implement Cumulative Updates first but this will also raise the expectations set on Microsoft’s internal Quality Control enormously. They don’t want to end up in a situation releasing a faulty Cumulative Update to public, since it will be impossible to uninstall. Then again, nobody said Cumulative Updates would make the best practice of testing and accepting updates before implementing them in production environments obsolete.

A major change is that Cumulative Updates will be supported for 3 months after the next Cumulative Update is released. Because Cumulative Updates are to be released quarterly, this sets the support-window of a Cumulative Update (or plain, non-Cumulative Update) to 6 months. This may seem long, but I know a lot of companies will have an issue with this window because their test and acceptance periods easily transcends half a year, especially if schema updates are involved (yes, Cumulative Updates can require schema updates). And don’t forget about cases where customers adopted  a building block model where they will need to test that Cumulative Update against their Operating System building block with all the additional components, like Anti-Virus, Backup agents or Management software involved.

Finally, an odd element in this scheme are the Service Packs of which Microsoft said they will be getting released. But where in the past only Service Packs could embed Active Directory schema updates, that’s also something a Cumulative Update might require, making Service Packs effectively an Über Cumulative Update.

Feel free to share your thoughts in the comments below.