The Exchange Team released the wave of Exchange updates for Exchange 2016 down to Exchange 2007.

Major changes in contained in these updates:

• .NET 4.6.1 support for Exchange Server 2013 and 2016.
  • When upgrading Exchange, install the CU before upgrading to .NET Framework 4.6.1. For greenfield deployments, you should be able to install the .NET Framework 4.6.1 straightaway, prior to installing Exchange; however, no official statement on that yet.
  • When deploying .NET Framework 4.6.1, the following OS dependent fixes are required as well: KB3146716 for WS2008/WS2008R2, KB3146714 for WS2012, and KB3146715 for WS2012R2
• BitLocker support for AutoReseed. More information here.
• By default, SHA-2 certificates are generated. This includes the self-signed certificates as well.
• Like Exchange 2016 CU1, Exchange 2016 CU2 is an uncompressed ISO file. If bandwidth is scarce where you will be deploying, be sure to download this 6GB file upfront.
• Not mentioned in the KB’s list of fixes for Exchange 2016 CU2 and Exchange 2013 CU13 is the inclusion of KB3161916, Data loss may occur during public folder migration to Exchange 2013, Exchange 2016, or Exchange Online.

For a list of fixes in these updates, see below.

Exchange 2016 CU2 fixes:

• KB3171162 You cannot search emails in Outlook or Outlook Web App in an Exchange Server 2016 Cumulative Update 1 environment
• KB3164346 Cannot connect to a mailbox when MAPI over HTTP protocol is used in an on-premises Exchange Server 2016 installation
• KB3163039 Email message body is garbled when Simplified Chinese characters are included on BCC line in an Exchange Server environment
• KB3162968 “Failed to load script” error when you log on to OWA and select a language
• KB3126723 Retention policy doesn’t work on the In-Place Archive mailbox in Exchange Server

Exchange 2013 CU13 fixes:

• KB3164701 Can’t create a new send connector in Exchange Control Panel in Exchange Server 2013
• KB3164700 Write scope in EAC on a role group reverts to default scope in Exchange Server 2013
• KB3164359 Stop error and restart triggered by ServerOneCopyInternalMonitorForceReboot responder in Exchange Server 2013
• KB3163186 “Repair update” message after you send a meeting invitation to a distribution list in Exchange Server 2013
• KB3163173 NDR after you accept or decline a meeting request in Exchange 2013
• KB3163039 Email message body is garbled when Simplified Chinese characters are included on BCC line in an Exchange Server environment
• KB3162964 Items are held unnecessarily in the DiscoveryHold folder in Exchange Server 2013
• KB3162957 “Invalid search filter” error when you use the “UM Mailbox Policy” filter in Exchange Server 2013
• KB3162934 Test-ExchangeSearch cmdlet fails without parameters or with the -MailboxDatabase parameter in Exchange Server 2013
• KB3162933 Outlook client remains disconnected after the mailbox is migrated to Exchange Server 2013
• KB3162772 Accepted or declined messages for a forwarded meeting are sent to the forwarder in Exchange Server 2013
• KB3160935 Public folder forwarding rule doesn’t work after migration to Exchange Server 2013
• KB3150799 IMAP with NTLM fails if a user’s UPN and primary SMTP address don’t match in Exchange Server 2013
• KB3150036 The EdgeTransport process crashes on an Exchange Server 2013 server that has the Edge Server role installed
• KB3149767 “System.FormatException” error is logged in Event Viewer when Exchange Server 2013 runs on a French operating system
• KB3142157 Exchange Server Health Management Worker process restarts frequently in Exchange Server 2013
• KB3140102 OWA application pool crashes with KeyNotFound exception in Exchange Server 2013
• KB3129946 Update to support the AutoReseed feature in a DAG environment that’s BitLocker-enabled in Exchange Server 2013
• KB3126723 Retention policy doesn’t work on the In-Place Archive mailbox in Exchange Server
• KB2661294 Email address policy doesn’t generate addresses of recipients in Exchange Server 2010 or Exchange Server 2013

These Cumulative Updates for Exchange Server 2016 and 2013 as well as the Rollups for Exchange Server 2010 and 2007, fix the security issue described in Security Bulletin MS16-079. The Cumulative Updates for Exchange Server 2016 and 2013 also include DST changes.

Notes:

• Exchange 2016 CU2 includes schema changes (version 15325), and Exchange 2013 CU12 may introduce RBAC changes in your environment. When applicable, make sure you run PrepareSchema /PrepareAD before deploying. To verify this step has been performed, consult the Exchange schema overview.
• Exchange 2016 CU2 introduces activation preference changes for Database Availability Groups. You might want to consider reading the article upfront describing these changes here.
• When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode.
• The Windows Management Framework (WMF)/ PowerShell version 5 is not supported. Don’t install this on your Exchange servers.
• When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
• If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
• Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
• Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
• The order of upgrading servers with Cumulative Updates is irrelevant.
• Rollups are cumulative per service pack level, meaning you can apply the latest Rollup for Service Pack X to a Service Pack X installation.

Finally, as always for any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or TechNet forum for any issues.