Exchange Updates – February 2019

Today, the Exchange Team released the overdue quarterly Cumulative Updates for Exchange Server 2013, Exchange 2016 and Exchange 2019, as well as a Rollup for Exchange Server 2010.

The KB articles that describe the fixes in each release and product downloads are available as follows:

Version Build KB Download UMLP Schema
Exchange 2019 CU1 15.2.330.5 KB4471391 VLSC N
Exchange 2016 CU12 15.1.1713.5 KB4471392 Download UMLP N
Exchange 2013 CU22 15.0.1473.3 KB4345836 Download UMLP N
Exchange 2010 SP3 RU26 14.3.442.0 KB4487052 Download N

This update contain the following important changes and notes:

  • Due to issue CVE-2018-8581, the EWS architecture was changed, in particular push notifications. Details on the change are described in KB4490060; while the change has been tested against EWS clients such as Outlook for Mac and Skype for Business, organizations may need to test any applications leveraging EWS to estimate potential impact of installing these Cumulative Updates or Rollup. In addition, organizations are advised to password reset Exchange computer accounts.
  • These Exchange builds introduces a change in the shared permissions model (this does not apply to Split Permissions Model). Result is that Exchange no longer requires fargoing permissions in Active Directory (e.g. WriteDACL on root of domain). To makes these changes become effective:
    • For Exchange 2013-2019 Cumulative Updates, run setup using /PrepareAD. In multi-forest environments, this needs to be done in every domain of the forest.
    • For Exchange 2010, go through the instructions mentioned in KB4490059.
  • Organizations considering moving to the Split Permissions because of CVE-2018-8581 should know Microsoft fully supports both models. Switching can have serious consequences and therefor should be fully evaluated.
  • This build of Exchange 2019 introduces cmdlets to block usage of legacy authentication protocols for users through policies, e.g. Basic Authentication.
  • Prior to deploying Exchange 2016 CU12 or Exchange 2013 CU22 on Edge Transport servers, install Visual C++ 2012 Runtime.
  • These Cumulative Updates will remove the DisableLoopbackCheck key when present; removing this key was a mitigation for CVE-2018-8581.

Exchange 2019 CU1 fixes:

  • 4487596 Emails are blocked in moderator mailbox Outbox folder when you send large volumes of emails in Exchange Server 2019
  • 4487591 The recipient scope setting doesn’t work for sibling domains when including OUs in the scope in Exchange Server 2019
  • 4487602 Outlook for Mac users can still expand a distribution group when hideDLMembership is set to true in Exchange Server 2019
  • 4488076 Outlook on the Web can’t be loaded when users use an invalid Windows language in operating system in Exchange Server 2019
  • 4488079 Exchange Server 2016 allows adding Exchange Server 2019 mailbox server into a same DAG and vice versa
  • 4488263 X-MS-Exchange-Organization-BCC header isn’t encoded correctly in Exchange Server 2019
  • 4488080 New-MigrationBatch doesn’t honor RBAC management scope in Exchange Server 2019
  • 4488262 Delivery Reports exception when tracking a meeting request that’s sent with a room resource in Exchange Server 2019
  • 4488268 Disable the irrelevant Query logs that’re created in Exchange Server 2019
  • 4488267 Test-OAuthConnectivity always fails when Exchange Server uses proxy to connect to Internet in Exchange Server 2019
  • 4488266 Client application doesn’t honor EwsAllowList in Exchange Server 2019
  • 4488265 “There are problems with the signature” error occurs for digital signature message if attachment filtering is enabled in Exchange Server 2019
  • 4488398 “The Microsoft Exchange Replication service may not be running on server” error when you add a mailbox database copy in Exchange Server 2019
  • 4488264 Mailbox that has a bad move request can’t be cleaned up from destination mailbox database in Exchange Server 2019
  • 4488261 Event ID 1002 when the store worker process crashes in Exchange Server 2019
  • 4488260 New-MailboxExportRequest and New-MailboxImportRequest don’t honor RBAC management scope in Exchange Server 2019
  • 4488259 MailTip shows wrong number of users for a distribution group if the users are in different domains in Exchange Server 2019
  • 4488258 OAuth authentication is removed when saving MAPI virtual directory settings in EAC in Exchange Server 2019
  • 4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access
  • 4490059 Reducing permissions required to run Exchange Server using Shared Permissions Model

Exchange 2016 CU12 fixes:

  • 4487596 Emails are blocked in moderator mailbox Outbox folder when you send large volumes of emails in Exchange Server 2016
  • 4456241 You receive a meeting request that has a “not supported calendar message.ics” attachment in Exchange Server 2016
  • 4456239 New-MailboxRepairRequest doesn’t honor RBAC RecipientWriteScope restrictions in Exchange Server 2016
  • 4487591 The recipient scope setting doesn’t work for sibling domains when including OUs in the scope in Exchange Server 2016
  • 4468363 MRM does not work for mailboxes that have an online archive mailbox in Exchange Server
  • 4487603 “The action cannot be completed” error when you select many recipients in the Address Book of Outlook in Exchange Server 2016
  • 4487602 Outlook for Mac users can still expand a distribution group when hideDLMembership is set to true in Exchange Server 2016
  • 4488076 Outlook on the Web can’t be loaded when users use an invalid Windows language in operating system in Exchange Server 2016
  • 4488079 Exchange Server 2016 allows adding Exchange Server 2019 mailbox server into a same DAG and vice versa
  • 4488077 Can’t configure voice mail options when user is in different domain in Exchange Server 2016
  • 4488263 X-MS-Exchange-Organization-BCC header isn’t encoded correctly in Exchange Server 2016
  • 4488080 New-MigrationBatch doesn’t honor RBAC management scope in Exchange Server 2016
  • 4488262 Delivery Reports exception when tracking a meeting request that’s sent with a room resource in Exchange Server 2016
  • 4488268 Disable the irrelevant Query logs that’re created in Exchange Server 2016
  • 4488267 Test-OAuthConnectivity always fails when Exchange Server uses proxy to connect to Internet in Exchange Server 2016
  • 4488266 Client application doesn’t honor EwsAllowList in Exchange Server 2016
  • 4488265 “There are problems with the signature” error occurs for digital signature message if attachment filtering is enabled in Exchange Server 2016
  • 4488264 Mailbox that has a bad move request can’t be cleaned up from destination mailbox database in Exchange Server 2016
  • 4488261 Event ID 1002 when the store worker process crashes in Exchange Server 2016
  • 4488260 New-MailboxExportRequest and New-MailboxImportRequest don’t honor RBAC management scope in Exchange Server 2016
  • 4488259 MailTip shows wrong number of users for a distribution group if the users are in different domains in Exchange Server 2016
  • 4488258 OAuth authentication is removed when saving MAPI virtual directory settings in EAC in Exchange Server 2016
  • 4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access
  • 4490059 Reducing permissions required to run Exchange Server using Shared Permissions Model

Exchange 2013 CU22 fixes:

  • 4487603 “The action cannot be completed” error when you select many recipients in the Address Book of Outlook in Exchange Server 2013
  • 4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access
  • 4490059 Reducing permissions required to run Exchange Server using Shared Permissions Model

Exchange 2010 SP3 RU26 fixes:

  • 4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access

Notes:

  • These Cumulative Updates do not contain schema changes compared to their previous Cumulative Update. However, due to changes in the permissions architecture, you need to run setup /PrepareAD to implement these changes as well as apply any RBAC changes, before deploying or updating Exchange servers.
  • When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
  • Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to delay installing at most one version (n-1).
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order of installation shouldn’t matter with the “every server is an island” concept, yet recommended is to upgrade internet-facing, non-internet-facing servers first, followed by Edge Transports.

Caution:

As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

CVE-2018-8581: Exchange Vulnerability

Ex2013 LogoUpdate Feb6: Added MSRC security advisory ADV190007 .
Update Feb13: February updates comment.

A short notice on the zero-day vulnerability in the Exchange ecosystem as reported by researcher Mollema last week. Through a man-in-the-middle setup, one can exploit the permissions Exchange has with regards to Active Directory in conjunction with NTLM as well as Exchange Web Services (EWS). This 3-stage missile allows one to elevate their privileges in Active Directory, and thus to grant themselves administrative access.

The issue was already logged at 13 november in the Microsoft Security Response Center (MSRC) as CVE-2018-8581, Microsoft Exchange Server Elevation of Privilege Vulnerability. An uptake on the public attention for the issue was generated after the Mollema article, and media like The Register started publishing about it. Meanwhile Exchange fellow Tony Redmond also wrote a short note on the issue as well.

At this moment, Microsoft is fully aware of the issue, and is actively working on resolving the issue as soon as possible. Meanwhile, the mitigation mentioned in CVE-2018-8581 can be considered, which is to remove the  DisableLoopbackCheck key from HKLM:\SYSTEM\CurrentControlSet\Control\Lsa. The effect of removing this key is that it’s no longer possible to make NTLM connections on the loopback adapter (localhost), which should be OK for Kerberos authenticated sessions as they are name-based. Again, test this as for example platforms like SharePoint will break when setting this key, but nobody runs SharePoint on the same box, so for Exchange this is a valid mitigation.

Organizations are advised not to blindly implement mitigations mentioned in Mollema’s article or elsewhere in the field, as they might not be applicable to every deployment out there, or have unforseen side-effects. Then again, organizations might already have things deployed SMB signing, in which case the exploit does not apply.

Update (Feb6): Meanwhile, Microsoft Security Response Center published an advisory (ADV190007) containing guidance on how to deal with the issue at this moment. MSRC takes the EWS Throttling Policy route to block EWS Subscriptions at the original level, which of course breaks Outlook for Mac functionality (e.g. new mail notifications as the client can no longer subscribe to receive updates), or other applications which rely on this mechanism (e.g. meeting room systems). This can be mitigated by explicitly allowing EWS subscriptions for trusted users and applications.

Update (Feb13): Today the quarterly cumulative updates for Exchange 2019/2016/2013 were released, which will remove the DisableLoopbackCheck key (when present).

Security Updates Exchange 2013, 2016 & 2019

Ex2013 LogoUpdate 14jan: Added Exchange 2010 SP3 RU25

A quick heads-up as during my vacation Microsoft released security updates for supported releases of Exchange Server 2013, 2016 as well as Exchange Server 2019. In addition, a new Rollup was released for Exchange 2010 as well, containing one of the security updates.

The security updates patch issues as reported in the following Microsoft Common Vulnerabilities and Exposures:

  • CVE-2019-0586: Microsoft Exchange Memory Corruption Vulnerability
  • CVE-2019-0588: Microsoft Exchange Information Disclosure Vulnerability

You can download the security updates here:

Notes:

  • Exchange 2010 SP3 RU25 addresses CVE-2019-0588 only.
  • KB4471389 supersedes KB4468741 and KB4459266; KB4468742 supersedes KB4458321.

Be advised that the Security Updates for Exchange 2013 and 2016 are Cumulative Update level specific. Unfortunately, the security update carries the same name for different CU’s, and you cannot apply the update for Exchange 2016 CU10 to Exchange 2016 CU11. I would suggest tagging the Cumulative Update in the file name when you archive it, e.g. Exchange2016-KB4471389-x64-en-CU10.msp.

As with any patch or update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production.

Exchange 2019 Preferred Architecture

Ex2013 LogoMicrosoft has been promoting Docs as the new home of product documentation for a while now. And now a long awaited piece of Exchange 2019 documentation has been published, the Exchange 2019 Preferred Architecture.

The Preferred Architecture – or PA – contains information on how to plan and deploy Exchange 2019 using commodity hardware. It also contains more guidelines on deploying Exchange 2019 using its new Metacache database (MCDB) feature; SSDs to store meta data to speed up storage access, improving overall performance and user experience.

Still missing in the planning instruments is an updated Exchange role requirements calculator for Exchange 2019, incorporating things like the metacache database etc. I’m pretty sure that is being worked on to be released at a future date.

Also quiet convenient is that GitHub being the platform allows the team to provide a feed on Exchange content updates. Really nice to quickly see latest additions and changes in documentation.

Exchange 2019 released

Ex2013 LogoToday will be a day long remembered, as it has seen the release of Exchange Server 2019. After the Ignite event in September, release of Exchange 2019 was more or less imminent. Well now it’s out there – on Volume License Center to be exact – and while most details were announced at Ignite as well, there have been some features which didn’t make it in part or entirely to RTM.

To start with formalities: The version number of Exchange 2019 RTM is 15.2.221.12. After preparing your Active Directory forest, the schema version is 17000, while the forest and domain versions will become 16751 and 13236 respectively.

Looking at the VL requirement as well as the dimensioning, it’s clear Exchange server 2019 is positioned as a product for enterprises; small to medium-sized business should aim for Office 365.

Highlights
A detailed summary of Ignite announcements on Exchange 2019 was published earlier here. To recap, some major highlights:

  • Volume Licensing only, and no “Hybrid Server key”.
  • FFL 2012R2 and later.
  • Exchange Server 2019 on-premises is permanently branched from Exchange Online.
  • MetaCache Database (MCDB) storage tiering with SSD’s for improved UX and mailbox density (+20%). Recommended ratio SSD:HDD is 1:3.
  • Dynamic Database Cache to dynamically balance memory over active and passive copies cache.
  • Big Funnel search technology leveraging mailbox database for availability.
  • Supports up to 48 cores, recommended memory 128GB Mailbox/64GB Edge server roles to benefit scaling improvements. Maximum supported memory is 256GB.
  • Requires Windows Server 2019, desktop or core.
  • Requires .NET Framework 4.7.2, VC++ redistributable and UCMA (Mailbox only).
  • Co-existence support with Exchange 2013 and 2016.
  • UM role is gone.

Documentation
The official documentation can be found online on Docs here. For an overview of the sessions presented at Ignite on Exchange and related topics like calendaring, see here.

Notes
If you get a message when trying to install saying (desktop and core):

Setup can’t continue with the upgrade because the taskhostw (<PID>) has open files. Close the process, and then restart Setup. For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ProcessNeedsToBeClosedOnUpgrade.aspx

You can close the process with taskkill /f /pid <PID>.

Other articles
Other articles on the release of Exchange Server 2019:

Do make sure you read the release notes, which contains important information on potential issues.

In other news
The following products were also released today:

Exchange Announcements @ Ignite

Ex2013 LogoUpdate Sep27th: Added Outlook 2013 to list of supported clients.

During Ignite 2018, details are announced to the public on Exchange Server 2019, Exchange Online, as well as Office 365 and related technologies. In this article I’ll try to summarize all the details in a readable format for your reference. The list is probably inconclusive; if you think anything is missing, let me know to I can update the article.

Exchange Server 2019

  • Distributed through Volume licensing only
    • Implication is that there will be no “Hybrid Server Key”
  • Release planned for later this year
  • Windows Server 2019 required
    • Windows Server Core recommended (security, smaller attack surface and disk footprint)
    • Exchange supports in-place upgrading of underlying operating system per Windows Server 2019.
  • Support for co-existence with n-2
    • Exchange Server 2016 and Exchange Server 2013.
    • Outlook 2013-Outlook 2019, Outlook 2016/Max and Outlook for Mac for Office 365.
  • Forest Functionality Level 2012R2 or later
  • Support for up to 48 CPU cores (Exchange 2016: 24)
  • Recommended minimum memory for Mailbox server 128GB, and 64GB for Edge Transport. Maximum memory is 256GB (Exchange 2016: 192GB). The reason for 128GB recommendation is that the .NET scaling benefits (see below) only work from around 100GB and up.
  • Page file 25% of installed memory (Exchange 2016: Maximized at 32GB).
  • .NET Framework 4.7.2, Visual C++ Redistributable and UCMA (Mailbox only)
  • Uses Server GC instead of Workstation GC for some IIS application pools. Better .NET memory management and improves CPU/memory scaling.
  • Will only use TLS 1.2 (there’s a transition mode supporting lower TLS versions, but for that all existing Exchange versions need to support 1.2 as well)
  • No more UM, options:
    • Move all users and mailboxes to Office 365
    • Migrate to Skype for Business Server 2019
    • Remain on Exchange 2016 (EOL 2026)
    • 3rd party VoiceMail solution
  • MetaCache Database uses storage tiering
    • Leverages SSD’s
    • Use SSD to spinning disk ratio 1:3
    • Caches indexes, mailbox folder structures and small items
    • Improves UX: faster logons, searches and small items retrieval
    • Allows for higher mailbox density per server (+20%
    • Utilize larger disks
  • Client Access Rules
    • Restrict external access to EAC and PowerShell
    • Evaluated at server level, so external connections need to hit Exchange 2019.
  • Additional perks for administration and end users
    • Remove-CalendarEvents to remove meetings from a person (e.g. leaver)
    • Recurring meetings will receive a default end date
    • Meetings can be restricted to prevent forwarding
    • Setting Out of Office in OWA allows for blocking calendar for that period, as well as decline current meetings and future meeting invites during that period.
  • Calculator and additional guidance on its way
  • On the Roadmap
    • On-premises Modern Authentication
    • Extending Client Access Rules to other protocols
    • Mailbox Encryption using Customer Keys
    • Monitoring and Analytics tools
    • Blocking legacy authentication methods
    • Removal of RPC/HTTP support (Outlook Anywhere)
    • Simplified Calendar Sharing

The Exchange Server 2019 documentation went live here. Some additional details were included in this list.

On another note: Greg Taylor gave an interview to Phoummala Schmitt (aka @ExchangeGodess) for Channel 9 on Exchange 2019. That replay can be watched here. Also, Scott Schnoll and JeffMealiffe as well as Greg Taylor and Ross Smith were interviewed by TheCube; those recordings can be watched here and here respectively.

Exchange Hybrid

  • Organization Configuration Transfer (OCT) version 2
    • Planned for October 2018
    • Adds the following to OCT v1 (current)
      • ActiveSync Device Access Rules
      • ActiveSync Organization Settings
      • Address Lists
      • DLP Policies
      • Malware Filter Policies
      • Policy Tips
      • Organization Config
    • Introduces conflict handling with review mode
    • Generates a script to undo changes
  • Exchange Hybrid deployment
    • Microsoft Hybrid Agent
    • Installed using HCW (‘Modern Hybrid’); ‘Classic Hybrid’ still an option
    • Hybrid Agent leverages Azure Application Proxy technology
      • Hybrid Proxy Service in the service will proxy requests between Exchange Online and Exchange on-premises.
      • No changes required to URLs or certificates
      • Hybrid Agent uses outbound connection only (port 80/443) to obfuscated unique URL (https://{GUID}.resource.{flow}.his.msappproxy.net. This URL is configured as TargetSharingEpr on the OrganizationalRelationship in Office 365
      • Running multiple agents is supported for availability and scaling
      • Outbound connections means less arrangements to make on (inbound) firewall rules (but another agent, like PTA, ADConnect Health Agent, regular Azure Application Proxy, to bypass security blockades may introduce other concerns)
    • Version 1 will support Free/Busy and MRSProxy and is in Private Preview now

The Exchange team published a quick blog on OCT and Hybrid Agent here.

Exchange Sessions @ Ignite 2018

ignite2018Among all the announcements of upcoming products and changes in the service, more details will also be revealed of Exchange Server 2019 and related products at Ignite next week. To those who are not able to attend, like yours truly: do not despair as Microsoft will be live streaming all keynote, breakout and community theater sessions.

The place to view those streams is through the Tech Community portal, and likely the session info pages will be used to embed the streams or provide links as they become available.

For this purpose, I made a short list of Exchange Server related sessions scheduled at Ignite 2018 for reference and easy access next week:

Session When Title Speakers
THR3024 9/24 3:00PM How to add MFA to your Exchange Online/on-premises mailboxes in 20 minutes or less Jeff Guillet
BRK2176 9/24 16:00 PM Welcome to Exchange Server 2019! Greg Taylor, Brent Alinger
BRK3148 9/25 10:45 AM Securing Exchange Online from modern threats Brandon Koeller
BRK3375 9/25 2:15 PM Notes from the field: How a large global bank moved to Office 365 Erik Knoppert, Michael Van Horenbeeck
BRK2165 9/25 3:15 PM What’s new in Groups in Outlook Ravin Sachdeva, Sri Ramya Mallipudi
THR3123 9/25 4:00 PM Getting stuff done: Solving Office 365 problems with PowerShell Tony Redmond
BRK3128 9/25 4:00 PM Outlook on the web: What’s new and why you should care Joey Masterson, Charlie Chung, Gabriel Valdez Malpartida, Cindy Kwan
THR3076 9/25 11:05 PM Azure Information Protection and Exchange Online – better together Michael Van Horenbeeck
BRK3129 9/26 9:00 AM Turbo charge your Exchange on-premises and hybrid environment: Notes from the field Steve Goodman
BRK3143 9/26 10:00 AM Hybrid Exchange: Making it easier and faster to move to the cloud Jeff Kizner
THR2129 9/26 11:20 AM Office 365: Five important lessons learned during a one million mailbox migration J. Peter Bruzzese
BRK2177 9/26 12:00 PM Outlook mobile for the enterprise Tali Roth, Michael Palermiti, David Pearson
THR3025 9/26 15:00 PM Preparing to move (or remove) those public folders to the cloud Michael Van Horenbeeck
BRK3130 9/26 16:00 PM Email search in a flash! Accelerating Exchange 2019 with SSDs Tobias Klima, Damon Gilkerson
BRK3146 9/27 9:00 AM What’s amazing and new in calendaring in Outlook! Julia Foran, Jennifer Lu, Will Holmes
BRK3145 9/27 10:00 AM Deploying Outlook mobile securely in the enterprise Ross Smith IV
THR2044 9/27 10:45 AM The top six PowerShell commands you need to know to manage Office 365 Steve Goodman
THR2392 9/27 11:00 AM Executive impersonators & fraudsters be gone! Using active defense & predictive artificial intelligence to secure your Office 365 email environment Vidur Apparao
BRK3131 9/27 12:45 PM Office 365: Marriages, divorces, and adoptions Steve Goodman
BRK3258 9/27 2:00 PM Panel discussion: Microsoft Exchange/Calendar/OWA Damon Gilkerson, Brent Alinger, Julia Foran, Jeff Kizner, Brandon Koeller, Joey Masterson, Brian Day, Robin Thomas
THR3024R 9/27 15:00 PM How to add MFA to your Exchange on-premises or Exchange Online mailboxes in 20 minutes or less (REPEAT) Jeff Guillet
THR2145 9/27 16:00 PM Why do we need to keep an Exchange Server on-premises when we move to the cloud? Brian Reid
BRK3279 9/28 9:00AM So long and thanks for all the (email) phish Brian Reid
BRK3147 9/28 12:00 PM Scott Schnoll’s Exchange and Office 365 tips and tricks Scott Schnoll

Note that the table above was constructed using the Get-EventSession script. That script has been updated recently so it can also download on-demand sessions when downloadable video contents aren’t available (e.g. Inspire). I’ll be closely monitoring next week to check if the script can cope with the way Ignite contents will be published.

Exchange Server 2019 Preview is here!

Ex2013 LogoToday, long after its announcement at Ignite 2017, finally Exchange Server 2019 Public Preview was released. The Product Groups’ post contains information on the changes and features introduced with this Exchange 2019 Public Preview version, some of which were already teased at at Ignite 2017, e.g. session BRK3222 (announcement) and BRK3249 (Modern Authentication on-premises).

The most noticeable changes included in this Public Preview are summarized below. But before continuing, you can start downloading the Exchange 2019 Public Preview bits here.

Deployment
No official statement on required Forest and Domain Functional Levels, so it’s the same for Exchange 2019 Preview as for Exchange 2016, which is Windows Server 2008 R2 minimum. That might change at release time though, as Windows Server 2008 R2 is already in extended support. With WS2012 going out of mainstream support in October, WS2012 R2 is the most likely FFL/DFL requirement.

The build number of the preview is 15.2.191.1; the schema version for Exchange 2019 Public Preview is the same as Exchange 2016 CU7 and later, 15332.

Operating Systems
Exchange 2019 Public Preview can be installed on Windows Server 2016 as well as Windows Server 2019 Preview, both Desktop Experience and Core editions. Yes, Exchange 2019 runs on Server Core! In fact, the Exchange team really want you to try running it on Server Core. Also, by running on Server Core, you are reducing the potential attack surface, which makes it more secure system.

Scaling
Exchange 2019 can take advantage of hardware developments, and will support a larger number of cores as well as memory. Where Exchange 2016 scaling support was limited to 24 cores and 192GB of memory, Exchange 2019 will happily support up to 48 CPU cores and 256GB of memory.

Search and Indexing
Search will leverage yet another a new engine, Big Funnel, which is already being used for Exchange Online. Result of this change is that indexes will no longer be a separate ecosystem of files per database copy, but will be stored within the mailbox database. The advantages of this are that indexes will leverage the existing replication mechanism and protection offered by the Database Availability Group, and as indexes replicate with the data, this also means no more rebuilding of unhealthy indexes or trailing content indexes. This is also beneficial for fail-over times.

Storage
Exchange 2019 will support tiering of storage using SSD’s at release time, but that is currently not enabled for the Public Preview release. SSD’s are going to be used to store (read/write) hot data in a sort of intelligent cache, lowering overall latency and in the end benefitting user experience.

Calendaring
imageThe new Calendar Sharing model from Office 365 will be ported to Exchange on-premises. More information on this feature in Exchange Online here.

Also in the ported functionality department, it will be possible for meeting organizers to set Do not Forward for meeting requests, preventing attendees from forwarding those meeting requests to others.

And last but not least, administrators will receive some convenient PowerShell cmdlets to manage Calendars, such as Remove-CalendarEvents for cancelling future meetings on attendee and resource calendars, and Add-MailboxFolderPermission gets the SharingPermissionFlags parameter to assign delegate permissions.

Unified Messaging
Exchange 2019 will no longer support Unified Messaging. If you’re using a 3rd party PBX or Skype for Business Server, that will no longer work with Exchange 2019. In those circumstances, apart from staying on or migrating to Exchange 2016 for the time being depending on your scenario, steps to take when you want to migrate to Exchange 2019 in those circumstances will be:

  • Migrate to Skype for Business Server 2019 using Cloud Voice-Mail.
  • Migrate to Office 365 with Cloud Voice-Mail.

Co-existence
No official statement yet, but if the policy set by Exchange 2016 and Exchange 2013 continues, only Exchange major version n-2 will be supported for co-existence, meaning Exchange 2013 and later for co-existence, and the need to leverage Exchange 2016 when migrating from Exchange 2010 (EOL April 2020).

.NET Framework
No word yet on supportability, so assume the same policy as for the latest Exchange 2013 and Exchange 2016 CU’s, which require .NET Framework 4.7.1. No information yet if .NET Framework 4.7.2 is or will be supported.

UCMA
The required UCMA for Server Core is provided with the ISO, and is located in the UCMAredist subfolder.

Concluding
Of course, with Ignite coming up end of September, it is expected a lot more will be disclosed on the new Exchange release, such as guidance on the deprecation of UM, deploying Modern Authentication, storage tiering and Core support.

Needless to say, this is a preview. It’s great to play with in a lab, but don’t install it in your production environment unless you are part of the TAP program. I repeat, this is not intended for your production deployment.

Apart from Exchange 2019 Preview, other previews of wave 2019 products were also released today (or earlier):

Finally, the update of the Hybrid Configuration Wizard app with integrated Licensing feature was released today as well. You can access it at http://aka.ms/HybridWizard.