About Michel de Rooij

Michel is a Microsoft MVP for Office Server and Services, specializing on Exchange Server, Office 365 and with a PowerShell affection. He is the publisher of EighTwOne, and works as a consultant. Find Michel on Twitter, LinkedIn, Facebook or Google+.

Ignite 2016 Sessions

imageNote: The sessions are not available (yet) on Channel 9, so the download script will not pick up sessions for Ignite 2016. For some reason, most likely to push the new tech community site, the Ignite videos are put on YouTube (portal) for on-demand viewing, and decks can be viewed (and downloaded through) here.

Today, the Ignite 2016 event will kick off in Atlanta, US. The agenda contains the whopping number of 1412 sessions, of which 395 touch Office 365 and 133 Exchange in some way or another.

With those numbers it is impossible to attend every session for folks interested in these topics, but luckily Microsoft will also publish Ignite 2016 sessions on Channel 9 this year.

Some of the interesting sessions to watch out for are (links should resolve to on-demand sessions, as they become available):

Session Description Speaker(s)
BRK1021 Unplug with the Microsoft Outlook experts Julia Foran, Gabe Bratton, Allen Filush, JJ Cadiz, Eduardo Melo, Amanda Alvarado, Victor Wang, James Colgan
BRK1044 Dive deeper into what’s new and what’s coming in Outlook on the web Dave Meyers, Eduardo Melo
BRK2033 Discover Office 365 Groups – overview, what’s new and roadmap Amit Gupta, Christophe Fiessinger
BRK2035 Learn about advancements in Office 365 Advanced Threat Protection Jason Rogers, Phil Newman
BRK2053 Connect your business critical applications to Outlook and Groups David Claux
BRK2044 Discover what’s new and what’s coming for Office Delve Cem Aykan, Mark Kashman
BRK2093 Design your Exchange infrastructure right (or consider moving to Office 365) Boris Lokhvitsky, Robert Gillies, Adrian Moore
BRK2139 Protect your business and empower your users with cloud Identity and Access Management Nasos Kladakis
BRK2170 Discover what’s new with Microsoft Exchange Public Folders Sampath Kumar
BRK2215 Debate the top 10 reasons not to move your Exchange on-premises mailboxes to Exchange Online Tony Redmond, Greg Taylor, Steve Conn
BRK2216 Unplug with the experts on Exchange Server and Exchange Online Greg Taylor, Timothy Heeney, Jeff Mealiffe, Ross Smith IV, Wendy Wilkes
BRK2217 Discover modern support in Outlook for Exchange Online Julia Foran, Amir Haque, Gabe Bratton
BRK2218 Move from Exchange 2007 to Modern Exchange Greg Taylor, Steve Conn
BRK2219 Meet twin sons of different mothers – Exchange Engineers and Exchange MVPs Tony Redmond, Jeff Mealiffe, Andrew Higginbotham, Jeff Guillet, Karim Batthish
BRK2220 Peer behind the curtain – how Microsoft runs Exchange Online Paavany Jayanty, Eddie Fong, Karim Batthish, Mike Swafford
BRK3000 Unplug with the experts on Microsoft Exchange Top Issues Nino Bilic, Nasir Ali, Amir Haque, Shawn McGrath, Timothy Heeney, Gabe Bratton, Angela Taylor
BRK3001 Explore the ultimate field guide to Microsoft Office 365 Groups Tony Redmond, Amit Gupta, Benjamin Niaulin
BRK3007 Investigate tools and techniques for Exchange Performance Troubleshooting Nasir Ali, Jeff Mealiffe
BRK3019 Manage Microsoft Office 365 Groups Eric Zenz, Vince Smith
BRK3023 Understand how Microsoft protects you against Spoof, Phish, Malware, and Spam emails Jason Rogers
BRK3045 Use Microsoft Graph to reach users on hybrid Exchange 2016 Venkat Ayyadevara
BRK3046 Build intelligent line-of-business applications leveraging the Outlook REST APIs Venkat Ayyadevara
BRK3074 Discover what’s new in Active Directory Federation and domain services in Windows Server 2016 TBA
BRK3109 Deliver management and security at scale to Office 365 with Azure Active Directory Brjann Brekkan
BRK3139 Throw away your DMZ – Azure Active Directory Application Proxy deep-diveThrow away your DMZ – Azure Active Directory Application Proxy deep-dive John Craddock
BRK3216 Plan performance and bandwidth for Microsoft Office 365 William Looney, Ed Fisher
BRK3217 Run Microsoft Exchange Hybrid for the long haul Timothy Heeney, Nicolas Blank
BRK3219 Migrate to Exchange Online via Exchange Hybrid Michael van Horenbeeck, Timothy Heeney
BRK3220 Deploy Microsoft Exchange Server 2016 Jeff Guillet
BRK3221 Understand the Microsoft Exchange Server 2016 Architecture Ross Smith IV, Mike Cooper
BRK3222 Implement Microsoft Exchange Online Protection Jennifer Gagnon, Wendy Wilkes
BRK3227 Ask us anything about Microsoft Office 365 Groups Eric Zenz, Darrell Webster, Christophe Fiessinger, Martina Grom
BRK3253 Experience Scott Schnoll’s Exchange tips and tricks Scott Schnoll
BRK3254 Cert Exam Prep: Exam 70-345: Designing and Deploying Microsoft Exchange Server 2016 Vladimir Meloski
BRK4031 Overcome network performance blockers for Office 365 Deployments Paul Collinge
BRK4032 Dive deep into Microsoft Exchange Server High Availability Andrew Higginbotham
PRE18 The previous decade called…they want their Exchange Server back Michael van Horenbeeck, Greg Taylor, Sampath Kumar, Andrew Higginbotham, Timothy Heeney, David Espinoza, Nicolas Blank
THR1005R Dive deeper into what’s new and what’s coming in Microsoft Outlook 2016 for Windows Misbah Uraizee
THR1011R Dive deeper into what’s new and what’s coming in Outlook mobile Allen Filush, Victor Wang, James Colgan
THR2007R Fight back with advancements in Office 365 Advanced Threat Protection Phil Newman, Atanu Banerjee
THR2054 Understand the risk and value of your public folder data BEFORE you migrate Dan Langille
THR2190R Secure your sensitive email with Office 365 message encryption Gagan Gulati, Ian Hameroff
THR3001R Migrate DL to Microsoft Office 365 Groups Siva Shanmugam, Loveleen Kolvekar
THR3015 Use RMS in Microsoft Office 365 Nathan O’Bryan
THR3040 Automate Exchange deployment with Powershell Desired State Configuration Ingo Gegenwarth
THR3082 Secure Office 365 in a hybrid directory environment Alvaro Vitta

For those that wish to view sessions offline, I have adjusted the Ignite 2015 download script so it will also allow you to pick the Ignite 2016 sessions to download videos and slide decks from, as they become available. You can select sessions based on category or speaker, which helps narrowing down the contents offered at Ignite to sessions you are interested in. The script also allows you to download contents from previous events.

You can download the script from the TechNet Gallery here.

 

Exchange Server Role Requirements Calculator 8.3

Exchange 2010 Mailbox Role Sizing Calculator 16.4The Exchange team published an update for the Exchange Server Role Requirements Calculator, the tool to aid you in properly sizing your Exchange Server 2013 or Exchange Server 2016 deployment.

The new version number is 8.3, and it contains two major enhancements compared to version 7.9:

  • Added ability for the calculator to automatically determine the number of Mailbox servers and DAGs that need to be deployed to meet the chosen input requirements
  • Added Read from Passive support for Exchange 2016 deployments which results in decreased bandwidth utilization for HA copies

You can download the calculator here. For more information, please consult the list of changes here or Read Me here.

Exchange Updates – September 2016

Ex2013 LogoToday, the Exchange Team released the september updates for Exchange Server 2013 and Exchange Server 2016.

The biggest changes are for Exchange Server 2016:

  • Exchange Server 2016 CU3 or later support on Windows Server 2016, which is expected to be released at Ignite next week. Windows Server 2016 Domain Controllers are supported; requirement is just Forest Functional Level at Windows Server 2008 R2 or later. Note that it is also announced Exchange Server 2013 will not be supported (as in: now, and in the future). Performance-wise, it is recommended to exclude Exchange setup and log folders, as well as the noderunner processes in Windows Defender.
  • Finally, Exchange Server 2016 CU3 introduces the long-awaited Read from Passive feature. This means, indexes will be generated using (local) passive databases copies, and no longer require coordination with the server holding the active database copy. The result is lower bandwidth requirements, and – compared to Exchange Server 2013 – faster fail-overs. Be advised this feature does not apply to lagged copies.
  • An update for the Mailbox Server Role Calculator(s) for Exchange 2016 is available now (v8.3), incorporating Read from Passive changes. This allows organizations to not only size their deployment, but also predict the positive effect on bandwidth usage for current environments as well by using numbers. You can download the calculator here.

For a list of fixes in these updates, see below.

Exchange 2016 Cumulative Update 3 15.1.544.27 KB315258 Download UMLP
Exchange 2013 Cumulative Update 14 15.0.1236.3 KB3177670 Download UMLP

  • KB 3154387 The DFS health set is listed as “Unhealthy” in an Exchange Server 2016 environment
  • KB 3175080 Cannot log on to OWA when FIPS is enabled in an Exchange Server 2016 environment
  • KB 3176377 Links to access Exchange items in SharePoint eDiscovery search result fail with an HTTP error 500 in Exchange Server
  • KB 3161916 Data loss may occur during public folder migration to Exchange 2013, Exchange 2016, or Exchange Online
  • KB 3176540 OWA error reporting responds with a HTTP error 500 in OwaSerializationException
  • KB 3190887 Upgrading Exchange Server causes the server to go offline unexpectedly
  • KB 3191075 You can’t install Cumulative Update 2 for Exchange Server 2016 on a Russian version operating system

  • KB 3132513 “The Delegates settings were not saved correctly” when you try to add a user to Exchange Server 2013 from Microsoft Outlook
  • KB 3172017 “NotFound Export failed with error type: ‘NotFound'” error occurs when you perform an eDiscovery search in Exchange Server 2013
  • KB 3176377 Links to access Exchange items in SharePoint eDiscovery search result fail with an HTTP error 500 in Exchange Server
  • KB 3176540 OWA error reporting responds with a HTTP error 500 in OwaSerializationException
  • KB 3176873 Can’t create a new profile or connect to Exchange Server 2013 when an organization contains many address lists
  • KB 3061079 RPC Client Access service crashes and Event 4999 is logged in Exchange Server 2013
  • KB 3134918 An IRM-protected message sent to an external contact isn’t returned in a search or discovery results when journaling is implemented in an Exchange Server 2013 environment
  • KB 3190887 Upgrading Exchange Server causes the server to go offline unexpectedly

These Cumulative Updates for Exchange Server 2016 and 2013 include the security update released last week, MS16-108. The Cumulative Updates for Exchange Server 2016 and 2013 also include DST changes.

Notes:

  • Exchange 2016 CU3 includes schema changes (version 15326, reference), and Exchange 2016 CU3 as well as Exchange 2013 CU14 may introduce RBAC changes in your environment. Where applicable, make sure you run /PrepareSchema to update the schema or /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers. To verify this step has been performed, consult the Exchange schema overview.
  • When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Do note that upgrading, before installing the Exchange binaries, setup will put the server in server-wide offline-mode.
  • Using Windows Management Framework (WMF)/PowerShell version 5 on anything earlier than Windows Server 2016 is not supported. Don’t install WMF5 on your Exchange servers running on Windows Server 2012 R2 or earlier.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order of upgrading servers with Cumulative Updates is irrelevant.

Caution: As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or TechNet forum for any issues.

MS16-108: Security Fixes and Rollups for Exchange 2007-2016

Ex2013 LogoNote (18sep2016): Be advised that there are reports on the security fix for Exchange 2016 CU2 leaving the system in a suboptimal state, like not re-enabling services. For now, the reports contain possible workarounds for those situations

It seems every once in a while, vulnerabilities are discovered in the Oracle libraries, licensed by Microsoft for Microsoft Exchange. For september, it is that time again, with a potential issue which allows remote code execution by means of a attachment which is to be handled by the library.

The related security bulletin is MS16-108 (KB3185883), which corrects Exchange behavior for :

  • parsing certain unstructured file formats.
  • handling open redirect requests.
  • handling Microsoft Outlook meeting invitation requests.

Depending on the lifecycle status of the product, fixes are made available either through a Rollup or as a security update for the following product levels:

Note that Rollups only address the vulnerabilities mentioned in security bulletin, and this bulletin replaces updates the rollups and security updates of MS16-079.

The issue is deemed critical, which means organizations are advised the implement the security fix at their earliest convenience. However, as with any update, it is recommended to thoroughly test updates and fixes prior to deploying them in a production environment.

The Exchange Versions, Builds and Dates page has been updated with the above information as well.

 

 

The UC Architects Podcast Ep60

iTunes-Podcast-logo[1]Episode 60 of The UC Architects podcast is now available. This episode is hosted by Pat Richard, who is joined by John Cook, Tom Arbuthnot, and special guest, Ken Lasko. Editing was done by Andrew Price.

Topics discussed in this episode are:

Exchange Topics

Office 365

Lync/Skype for Business Topics

Events

You can download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Skype for Business or related subjects.

The UC Architects Podcast Ep59

iTunes-Podcast-logo[1]Episode 59 of The UC Architects podcast is now available. This episode is hosted by Steve Goodman, who is joined by Dave Stork and special guest, Gareth Gudger AKA Supertekboy. Editing was done by Andrew Price.

Topics discussed in this episode are:

  • Gareth Introduction
  • Help us test Exchange 2013/2016 to Exchange Online public folder migration
  • Focused Inbox
  • Announcing .NET Framework 4.6.2
  • Outlook for Mac Public Folders
  • Office 365
  • Microsoft Bookings
  • Introducing Skype Bots
  • Launching #Skype4B Survival Guide as Technet Wiki. Downloads, resources and community tools
  • Q&A Topic
  • Microsoft Ignite
  • UC Day (Oct24)
  • Unity Connect (Nov16-18)
  • VMworld, MVP Adam Ball speaking (Aug28-Sep1)

You can download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Skype for Business or related subjects.

Public Folder Hierarchy and Client Access

Ex2013 LogoWhen investigating performance issues of a multi-node, multi-role Exchange 2013 server deployment, I found the CPU utilization of a single Exchange 2013 server constantly above the load of the rest.

When checking the Processor Utilization % for all Exchange servers using Performance Monitor, the daily trend image looked like this:

clip_image002

As you can clearly see, one single server is constantly experiencing more load than the other servers. It is also above the 80% mark, causing all sorts of potential side-effects if Managed Availability would kick in.

When checking the processes on that server, the major CPU load was generated by the Microsoft.Exchange.RPCClientAccess.service as well as the related w3svc# process. The load balancer performed a near even distribution of client connections over these servers. You can use the Exchange Performance Health Checker script with the LoadBalancingReport switch to verify this.

Next, we checked if there was an overactive mailbox on that particular server. For that purpose, we ran the following cmdlet in the Exchange Management Shell, which showed us the Public Folder mailbox was very active:

Get-StoreUsageStatistics –Server <ExchangeServer> | ? {$_.DigestCategory –eq ‘timeInServer’} | Sort TimeOnServer –Descending

image

Note: More on tracking overactive mailboxes using Get-StoreUsageStatistics in this excellent write-up by Andrew HigginBotham.

Another clue was provided through the PublicFolders Healthset, which was picked up by System Center Operations Manager as well:

The PublicFolders Health Set has detected a problem with PublicFolderMailbox.ConnectionCount at 10-7-2016 06:12:22. 0 failures were found. The Health Manager is reporting that The total number of hierarchy connections for public folder mailbox PFMailbox1 has reached 2001. Consider creating a new public folder mailbox for load balancing hierarchy accesses.

Apparently, there were more than 2,000 connections being made to the PFMailbox1 Public Folder mailbox. This was odd, as there were multiple Public Folder mailboxes created with hierarchy. Users are expected to be automatically distributed over these mailboxes, falling within the 2,000 concurrent logons limit as mentioned here. Note that this limit applies to public folder mailboxes serving hierarchy as well; even if clients don’t access Public Folders, they still will connect to these Public Folder mailboxes in order to obtain hierarchy information.

Next thing we checked was to which default Public Folder mailbox mailboxes were configured to connect. To accomplish this we can inspect the mailbox property DefaultPublicFolderMailbox:

Get-Mailbox –ResultSize Unlimited | Group-Object DefaultPublicFolderMailbox –NoElement

Count Name
----- ----
10139 contoso.com/Accounts/Users/PFMailbox1

Apparently all mailboxes were automatically set to connect to a single Public Folder mailbox. Then maybe something was preventing the other Public Folders from serving hierarchy:

Get-Mailbox –PublicFolder | Select Name,*Hierarchy*

Name       IsExcludedFromServingHierarchy IsHierarchyReady
----       ------------------------------ ----------------
PFMailbox1 False                          True
PFMailbox2 False                          False
PFMailbox3 False                          False
PFMailbox4 False                          False

IsExcludedFromServingHierarchy was False for all 4 servers, which indicates they are not blocked from serving hierarchy. However, the hierarchy was not ‘ready’ for 3 of them. This could be due to the hierarchy being out of date or not being created at all.

The output of (Get-PublicFolderMailboxDiagnostics PFMailbox2 -IncludeHierarchyInfo).SyncInfo indeed indicated there were problems synchronizing contents from the PFMailbox1 mailbox. We then ran the following cmdlet to trigger updating synchronizing the hierarchy again:

Update-PublicFolderMailbox –InvokeSynchronizer –Identity PFMailbox2

image

The Get-Mailbox –Identity PFMailbox2 –PublicFolder | Select Name,*Hierarchy* now showed IsHierarchyReady was True. We ran the same cmdlet for the other two Public Folder mailboxes as well.

After a while, we verified the effect on the assignment of DefaultPublicFolderMailbox on the mailboxes:

Get-Mailbox –ResultSize Unlimited | Group DefaultPublicFolderMailbox –NoElement

Count Name
----- ----
2601  contoso.com/Accounts/Users/PFMBPFMailbox2
2309  contoso.com/Accounts/Users/PFMBPFMailbox4
2632  contoso.com/Accounts/Users/PFMBPFMailbox1
2597  contoso.com/Accounts/Users/PFMBPFMailbox3

Public folder assignments were now (more or less) equally distributed over the 4 Public Folder mailboxes, and life was good.

We also verified Public Folder access distribution by querying the Exchange RpcClientAccess log files. An excellent tool to aid in this task is LogParser with LogParser Studio. We configured LogParser Studio to query log files at ‘<Installation folder>\Logging\RPC Client Access’ on the Exchange servers. The query used, grouped all entries per date, operation (in this case we are only interested in PublicLogon), and part of the field ‘operation-specific’; more exactly, the legacyDN part which tells which (Public Folder) mailbox was accessed:

SELECT EXTRACT_PREFIX([#Fields: date-time], 0, ‘T’) As Date, Count (*) as Total, [Operation],
EXTRACT_PREFIX(EXTRACT_SUFFIX([operation-specific], 0, ‘cn=’), 0, ‘ in database ‘) as PFMailbox
FROM ‘[LOGFILEPATH]’
WHERE [operation]=’PublicLogon’
AND [failures] IS NULL
GROUP BY Date, [Operation], PFMailbox
ORDER BY Date ASC

The output showed all Public Folder mailboxes were now accessed by clients, and logons to the Public Folder mailboxes were now (more or less) equally distributed:

image

The UC Architects Podcast Ep58

iTunes-Podcast-logo[1]Episode 58 of The UC Architects podcast is now available. This episode is hosted by Pat Richard, who is joined by Steve Goodman, John Cook and Tom Arbuthnot. Editing was done by Andrew Price.

Topics discussed in this episode are:

  • Microsoft Press Lets Editorial Staff Go
  • Microsoft acquires LinkedIn
  • Using the Office 365 Hybrid Configuration Wizard (Six part series)
  • HCW Improvement: The Minimal Hybrid Configuration option
  • Preview of Certificate-Based Authentication (CBA) for Exchange Online
  • FindTime for Outlook – Doodle for Business
  • Virtual academies, odd questions, and MCSE recertification
  • Microsoft Launches New Office 365 Network Online Community; 88,000-User Yammer Network to Close
  • Centralised Skype for Business Event Log Viewer
  • Lync, OCS, Skype for Business Persistent Chat requires port 8011. Missing from Documentation
  • Call Flow Manager 1.3
  • Best Practice Upgrade to Skype for Business 2015 SBA
  • Configure Toll-free Numbers for Dial-In Conferencing in Office365 (NextHop!)
  • Device Updates with Skype for Business Online
  • Skype for Business Mac Preview adds contacts, presence and IM
  • Microsoft announces Skype Meetings, a new free group collaboration tool
  • Offline IM is now in Skype4B CU3
  • Skype for Business June 2016 CU (3) gives video based Screensharing
  • New “Busy Options” Be sure to run Update-CsAdminRole after installing
  • June 7, 2016, update for Skype for Business 2016 (KB3115087)
  • Skype for Business EdgeInternal Certificate Automatic Renewal sample
  • Skype for Business 2015 Resource Kit tools released
  • bounSky 2015
  • Office Online Server now available
  • Skype for Business App SDK preview is now available for download
  • Skype for Business Hybrid Handbook, Version 2.0 (Josh Blalock)
  • Polycom VVX Alternate Ringtone Bundle (Unofficial)
  • Microsoft Ignite
  • UC Day UK (Oct24)
  • UC Birmingham User Group (Aug 9-10)
  • Unity Connect (Nov16-18)

You can download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Skype for Business or related subjects.

Exchange Server Role Requirements Calculator 7.9

Exchange 2010 Mailbox Role Sizing Calculator 16.4The Exchange team published an update for the Exchange Server Role Requirements Calculator, the tool to aid you in properly sizing your Exchange Server 2013 or Exchange Server 2016 deployment. The new version number is 7.9, and it contains mainly bug fixes.

Functionality changes and bug fixes since version 7.8:

  • Added support for 1.8TB disk capacity
  • Added color formatting for when memory exceeds the maximum recommended value
  • Fixed calcNumDBCopyInSDC formula to take into account proper number of lagged copies
  • Fixed calcActDBPDCWorst formula to take into account non-HA deployments
  • Fixed an issue where ReplayLagManager calculated field did not take into account the user disabling JBOD
  • Fixed version mismatch and added Add-PartitionAccessPath in Diskpart.ps1 script
  • Fixed issue with export CreateDAG.ps1 script where it defined Alternate Witness in single datacenter deployments
  • Fixed diskpart.ps1 script to sleep 10s after creating partition but prior to formatting to minimize error condition
  • Fixed RetainDeletedItemsUntilBackup to be set to $false for NDP deployments

You can download the calculator here. For more information, please consult the list of changes here or Read Me here.

Exchange Updates – June 2016

Ex2013 LogoThe Exchange Team released the wave of Exchange updates for Exchange 2016 down to Exchange 2007.

Major changes in contained in these updates:

  • .NET 4.6.1 support for Exchange Server 2013 and 2016.
    • When upgrading Exchange, install the CU before upgrading to .NET Framework 4.6.1. For greenfield deployments, you should be able to install the .NET Framework 4.6.1 straightaway, prior to installing Exchange; however, no official statement on that yet.
    • When deploying .NET Framework 4.6.1, the following OS dependent fixes are required as well: KB3146716 for WS2008/WS2008R2, KB3146714 for WS2012, and KB3146715 for WS2012R2
  • BitLocker support for AutoReseed. More information here.
  • By default, SHA-2 certificates are generated. This includes the self-signed certificates as well.
  • Like Exchange 2016 CU1, Exchange 2016 CU2 is an uncompressed ISO file. If bandwidth is scarce where you will be deploying, be sure to download this 6GB file upfront.
  • Not mentioned in the KB’s list of fixes for Exchange 2016 CU2 and Exchange 2013 CU13 is the inclusion of KB3161916, Data loss may occur during public folder migration to Exchange 2013, Exchange 2016, or Exchange Online.

For a list of fixes in these updates, see below.

Exchange 2016 Cumulative Update 2 15.1.466.34 KB3135742 Download UML
Exchange 2013 Cumulative Update 13 15.0.1210.3 KB3135743 Download UML
Exchange 2010 Service Pack 3 Rollup 14 14.3.301.0 KB3151097 Download
Exchange 2007 Service Pack 3 Rollup 20 8.3.468.0 KB3151086 Download

Exchange 2016 CU2 fixes:

  • KB3171162 You cannot search emails in Outlook or Outlook Web App in an Exchange Server 2016 Cumulative Update 1 environment
  • KB3164346 Cannot connect to a mailbox when MAPI over HTTP protocol is used in an on-premises Exchange Server 2016 installation
  • KB3163039 Email message body is garbled when Simplified Chinese characters are included on BCC line in an Exchange Server environment
  • KB3162968 “Failed to load script” error when you log on to OWA and select a language
  • KB3126723 Retention policy doesn’t work on the In-Place Archive mailbox in Exchange Server

Exchange 2013 CU13 fixes:

  • KB3164701 Can’t create a new send connector in Exchange Control Panel in Exchange Server 2013
  • KB3164700 Write scope in EAC on a role group reverts to default scope in Exchange Server 2013
  • KB3164359 Stop error and restart triggered by ServerOneCopyInternalMonitorForceReboot responder in Exchange Server 2013
  • KB3163186 “Repair update” message after you send a meeting invitation to a distribution list in Exchange Server 2013
  • KB3163173 NDR after you accept or decline a meeting request in Exchange 2013
  • KB3163039 Email message body is garbled when Simplified Chinese characters are included on BCC line in an Exchange Server environment
  • KB3162964 Items are held unnecessarily in the DiscoveryHold folder in Exchange Server 2013
  • KB3162957 “Invalid search filter” error when you use the “UM Mailbox Policy” filter in Exchange Server 2013
  • KB3162934 Test-ExchangeSearch cmdlet fails without parameters or with the -MailboxDatabase parameter in Exchange Server 2013
  • KB3162933 Outlook client remains disconnected after the mailbox is migrated to Exchange Server 2013
  • KB3162772 Accepted or declined messages for a forwarded meeting are sent to the forwarder in Exchange Server 2013
  • KB3160935 Public folder forwarding rule doesn’t work after migration to Exchange Server 2013
  • KB3150799 IMAP with NTLM fails if a user’s UPN and primary SMTP address don’t match in Exchange Server 2013
  • KB3150036 The EdgeTransport process crashes on an Exchange Server 2013 server that has the Edge Server role installed
  • KB3149767 “System.FormatException” error is logged in Event Viewer when Exchange Server 2013 runs on a French operating system
  • KB3142157 Exchange Server Health Management Worker process restarts frequently in Exchange Server 2013
  • KB3140102 OWA application pool crashes with KeyNotFound exception in Exchange Server 2013
  • KB3129946 Update to support the AutoReseed feature in a DAG environment that’s BitLocker-enabled in Exchange Server 2013
  • KB3126723 Retention policy doesn’t work on the In-Place Archive mailbox in Exchange Server
  • KB2661294 Email address policy doesn’t generate addresses of recipients in Exchange Server 2010 or Exchange Server 2013

These Cumulative Updates for Exchange Server 2016 and 2013 as well as the Rollups for Exchange Server 2010 and 2007, fix the security issue described in Security Bulletin MS16-079. The Cumulative Updates for Exchange Server 2016 and 2013 also include DST changes.

Notes:

  • Exchange 2016 CU2 includes schema changes (version 15325), and Exchange 2013 CU12 may introduce RBAC changes in your environment. When applicable, make sure you run PrepareSchema /PrepareAD before deploying. To verify this step has been performed, consult the Exchange schema overview.
  • Exchange 2016 CU2 introduces activation preference changes for Database Availability Groups. You might want to consider reading the article upfront describing these changes here.
  • When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode.
  • The Windows Management Framework (WMF)/ PowerShell version 5 is not supported. Don’t install this on your Exchange servers.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order of upgrading servers with Cumulative Updates is irrelevant.
  • Rollups are cumulative per service pack level, meaning you can apply the latest Rollup for Service Pack X to a Service Pack X installation.

Finally, as always for any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or TechNet forum for any issues.