Hybrid Configuration Wizard & F12

Posted on by
Reply

A small tip for those running the Exchange Hybrid Configuration Wizard. As announced at Ignite yesterday, a convenient feature was added to the HCW and is available now. Pressing F12 in the HCW will now open up a panel with shortcuts to the following tools and locations:

  • Exchange Management Shell
  • Exchange Online PowerShell
  • (current) Hybrid Configuration Wizard Log File
  • Create Support Package (to zip HCW logs for support)
  • Open Logging folder (of HCW)
  • Open Process Folder (of the HCW app)

Here is how it looks:

image

This might save you an occasional click or two.

Exchange Announcements @ Ignite

Posted on by
11

Ex2013 LogoUpdate Sep27th: Added Outlook 2013 to list of supported clients.

During Ignite 2018, details are announced to the public on Exchange Server 2019, Exchange Online, as well as Office 365 and related technologies. In this article I’ll try to summarize all the details in a readable format for your reference. The list is probably inconclusive; if you think anything is missing, let me know to I can update the article.

Exchange Server 2019

  • Distributed through Volume licensing only
    • Implication is that there will be no “Hybrid Server Key”
  • Release planned for later this year
  • Windows Server 2019 required
    • Windows Server Core recommended (security, smaller attack surface and disk footprint)
    • Exchange supports in-place upgrading of underlying operating system per Windows Server 2019.
  • Support for co-existence with n-2
    • Exchange Server 2016 and Exchange Server 2013.
    • Outlook 2013-Outlook 2019, Outlook 2016/Max and Outlook for Mac for Office 365.
  • Forest Functionality Level 2012R2 or later
  • Support for up to 48 CPU cores (Exchange 2016: 24)
  • Recommended minimum memory for Mailbox server 128GB, and 64GB for Edge Transport. Maximum memory is 256GB (Exchange 2016: 192GB). The reason for 128GB recommendation is that the .NET scaling benefits (see below) only work from around 100GB and up.
  • Page file 25% of installed memory (Exchange 2016: Maximized at 32GB).
  • .NET Framework 4.7.2, Visual C++ Redistributable and UCMA (Mailbox only)
  • Uses Server GC instead of Workstation GC for some IIS application pools. Better .NET memory management and improves CPU/memory scaling.
  • Will only use TLS 1.2 (there’s a transition mode supporting lower TLS versions, but for that all existing Exchange versions need to support 1.2 as well)
  • No more UM, options:
    • Move all users and mailboxes to Office 365
    • Migrate to Skype for Business Server 2019
    • Remain on Exchange 2016 (EOL 2026)
    • 3rd party VoiceMail solution
  • MetaCache Database uses storage tiering
    • Leverages SSD’s
    • Use SSD to spinning disk ratio 1:3
    • Caches indexes, mailbox folder structures and small items
    • Improves UX: faster logons, searches and small items retrieval
    • Allows for higher mailbox density per server (+20%
    • Utilize larger disks
  • Client Access Rules
    • Restrict external access to EAC and PowerShell
    • Evaluated at server level, so external connections need to hit Exchange 2019.
  • Additional perks for administration and end users
    • Remove-CalendarEvents to remove meetings from a person (e.g. leaver)
    • Recurring meetings will receive a default end date
    • Meetings can be restricted to prevent forwarding
    • Setting Out of Office in OWA allows for blocking calendar for that period, as well as decline current meetings and future meeting invites during that period.
  • Calculator and additional guidance on its way
  • On the Roadmap
    • On-premises Modern Authentication
    • Extending Client Access Rules to other protocols
    • Mailbox Encryption using Customer Keys
    • Monitoring and Analytics tools
    • Blocking legacy authentication methods
    • Removal of RPC/HTTP support (Outlook Anywhere)
    • Simplified Calendar Sharing

The Exchange Server 2019 documentation went live here. Some additional details were included in this list.

On another note: Greg Taylor gave an interview to Phoummala Schmitt (aka @ExchangeGodess) for Channel 9 on Exchange 2019. That replay can be watched here. Also, Scott Schnoll and JeffMealiffe as well as Greg Taylor and Ross Smith were interviewed by TheCube; those recordings can be watched here and here respectively.

Exchange Hybrid

  • Organization Configuration Transfer (OCT) version 2
    • Planned for October 2018
    • Adds the following to OCT v1 (current)
      • ActiveSync Device Access Rules
      • ActiveSync Organization Settings
      • Address Lists
      • DLP Policies
      • Malware Filter Policies
      • Policy Tips
      • Organization Config
    • Introduces conflict handling with review mode
    • Generates a script to undo changes
  • Exchange Hybrid deployment
    • Microsoft Hybrid Agent
    • Installed using HCW (‘Modern Hybrid’); ‘Classic Hybrid’ still an option
    • Hybrid Agent leverages Azure Application Proxy technology
      • Hybrid Proxy Service in the service will proxy requests between Exchange Online and Exchange on-premises.
      • No changes required to URLs or certificates
      • Hybrid Agent uses outbound connection only (port 80/443) to obfuscated unique URL (https://{GUID}.resource.{flow}.his.msappproxy.net. This URL is configured as TargetSharingEpr on the OrganizationalRelationship in Office 365
      • Running multiple agents is supported for availability and scaling
      • Outbound connections means less arrangements to make on (inbound) firewall rules (but another agent, like PTA, ADConnect Health Agent, regular Azure Application Proxy, to bypass security blockades may introduce other concerns)
    • Version 1 will support Free/Busy and MRSProxy and is in Private Preview now

The Exchange team published a quick blog on OCT and Hybrid Agent here.

Exchange Sessions @ Ignite 2018

Posted on by
3

ignite2018Among all the announcements of upcoming products and changes in the service, more details will also be revealed of Exchange Server 2019 and related products at Ignite next week. To those who are not able to attend, like yours truly: do not despair as Microsoft will be live streaming all keynote, breakout and community theater sessions.

The place to view those streams is through the Tech Community portal, and likely the session info pages will be used to embed the streams or provide links as they become available.

For this purpose, I made a short list of Exchange Server related sessions scheduled at Ignite 2018 for reference and easy access next week:

Session When Title Speakers
THR3024 9/24 3:00PM How to add MFA to your Exchange Online/on-premises mailboxes in 20 minutes or less Jeff Guillet
BRK2176 9/24 16:00 PM Welcome to Exchange Server 2019! Greg Taylor, Brent Alinger
BRK3148 9/25 10:45 AM Securing Exchange Online from modern threats Brandon Koeller
BRK3375 9/25 2:15 PM Notes from the field: How a large global bank moved to Office 365 Erik Knoppert, Michael Van Horenbeeck
BRK2165 9/25 3:15 PM What’s new in Groups in Outlook Ravin Sachdeva, Sri Ramya Mallipudi
THR3123 9/25 4:00 PM Getting stuff done: Solving Office 365 problems with PowerShell Tony Redmond
BRK3128 9/25 4:00 PM Outlook on the web: What’s new and why you should care Joey Masterson, Charlie Chung, Gabriel Valdez Malpartida, Cindy Kwan
THR3076 9/25 11:05 PM Azure Information Protection and Exchange Online – better together Michael Van Horenbeeck
BRK3129 9/26 9:00 AM Turbo charge your Exchange on-premises and hybrid environment: Notes from the field Steve Goodman
BRK3143 9/26 10:00 AM Hybrid Exchange: Making it easier and faster to move to the cloud Jeff Kizner
THR2129 9/26 11:20 AM Office 365: Five important lessons learned during a one million mailbox migration J. Peter Bruzzese
BRK2177 9/26 12:00 PM Outlook mobile for the enterprise Tali Roth, Michael Palermiti, David Pearson
THR3025 9/26 15:00 PM Preparing to move (or remove) those public folders to the cloud Michael Van Horenbeeck
BRK3130 9/26 16:00 PM Email search in a flash! Accelerating Exchange 2019 with SSDs Tobias Klima, Damon Gilkerson
BRK3146 9/27 9:00 AM What’s amazing and new in calendaring in Outlook! Julia Foran, Jennifer Lu, Will Holmes
BRK3145 9/27 10:00 AM Deploying Outlook mobile securely in the enterprise Ross Smith IV
THR2044 9/27 10:45 AM The top six PowerShell commands you need to know to manage Office 365 Steve Goodman
THR2392 9/27 11:00 AM Executive impersonators & fraudsters be gone! Using active defense & predictive artificial intelligence to secure your Office 365 email environment Vidur Apparao
BRK3131 9/27 12:45 PM Office 365: Marriages, divorces, and adoptions Steve Goodman
BRK3258 9/27 2:00 PM Panel discussion: Microsoft Exchange/Calendar/OWA Damon Gilkerson, Brent Alinger, Julia Foran, Jeff Kizner, Brandon Koeller, Joey Masterson, Brian Day, Robin Thomas
THR3024R 9/27 15:00 PM How to add MFA to your Exchange on-premises or Exchange Online mailboxes in 20 minutes or less (REPEAT) Jeff Guillet
THR2145 9/27 16:00 PM Why do we need to keep an Exchange Server on-premises when we move to the cloud? Brian Reid
BRK3279 9/28 9:00AM So long and thanks for all the (email) phish Brian Reid
BRK3147 9/28 12:00 PM Scott Schnoll’s Exchange and Office 365 tips and tricks Scott Schnoll

Note that the table above was constructed using the Get-EventSession script. That script has been updated recently so it can also download on-demand sessions when downloadable video contents aren’t available (e.g. Inspire). I’ll be closely monitoring next week to check if the script can cope with the way Ignite contents will be published.

Support Lifecycle changes for Office ProPlus & 2016 (a.o.)

Posted on by
Reply

Outlook 2013 IconIn a surprise – but welcomed – move, Microsoft announced yesterday that the office support lifecycle for Office 365 ProPlus on Windows 8.1 and Windows Server 2016 are extended to January 2023 (EOL of Windows 8.1) and October 2025 respectively. In addition, Office 2016 connectivity support for Office 365 services will be extended to October 2023 (was 2020).

Other announced changes in product support lifecycles were extending Windows 10 Enterprise & Education support from 18 to 30 months. Also, for Windows 7 Professional & Enterprise, paid security updates (Extended Security Updates) will be offered, and those Windows 7 ESU devices will be supported through January 2023 – parallel to Windows 8.1 – with Office 365 ProPlus.

The intention of these changes is to provide customers more flexibility in adopting modern desktops on the client end (i.e. Windows 10) and upgrade their Office suite, preferably to the susbscription-based ProPlus. The release cadence of the cloud has significant impact on organizations, which were told in February to keep in line with product releases as a lot of product support lifecycles were going to end in 2020.

Extending those dates not only gives them more flexibility to plan and upgrade, but also might prevent organizations to do only to the minimum, which is likely the reason many organizations are still on Windows 7 and why it took many organizations a long time to get rid of Windows XP.

 

Security Updates for Exchange 2016, 2013 and 2010

Posted on by
1

Ex2013 LogoA quick heads-up as during my vacation Microsoft released security updates for supported releases of Exchange Server 2016 and 2013 as well as Exchange Server 2010.

The security updates patch issues as reported in the following Microsoft Common Vulnerabilities and Exposures:

  • CVE-2018-8302 Microsoft Exchange Memory Corruption Vulnerability
  • CVE-2018-8374 Microsoft Exchange Server Tampering Vulnerability (Exchange 2016 only)

You can download the security updates here:

Notes:

  • Be advised that Exchange 2010 SP3 Rollup 23, like recent Cumulative Updates of Exchange 2016 and 2013, requires Visual C++ Redistributable Packages for Visual Studio 2013 (download).
  • KB4340731 supersedes the previous security update KB4092041 for Exchange 2016 and Exchange 2013.

Be advised that for Exchange 2013 and 2016, Security Updates are Cumulative Update level specific. While the downloaded security updates may carry the same name, the files are different and you cannot apply the downloaded security update file for Exchange 2016 CU8 to Exchange 2016 CU9. I suggest adding some form of identification of the Cumulative Update to the file name when you archive it, e.g. Exchange2016-KB4340731-x64-en-CU10.msp.

As with any patch or update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production.

Exchange Server 2019 Preview is here!

Posted on by
Reply

Ex2013 LogoToday, long after its announcement at Ignite 2017, finally Exchange Server 2019 Public Preview was released. The Product Groups’ post contains information on the changes and features introduced with this Exchange 2019 Public Preview version, some of which were already teased at at Ignite 2017, e.g. session BRK3222 (announcement) and BRK3249 (Modern Authentication on-premises).

The most noticeable changes included in this Public Preview are summarized below. But before continuing, you can start downloading the Exchange 2019 Public Preview bits here.

Deployment
No official statement on required Forest and Domain Functional Levels, so it’s the same for Exchange 2019 Preview as for Exchange 2016, which is Windows Server 2008 R2 minimum. That might change at release time though, as Windows Server 2008 R2 is already in extended support. With WS2012 going out of mainstream support in October, WS2012 R2 is the most likely FFL/DFL requirement.

The build number of the preview is 15.2.191.1; the schema version for Exchange 2019 Public Preview is the same as Exchange 2016 CU7 and later, 15332.

Operating Systems
Exchange 2019 Public Preview can be installed on Windows Server 2016 as well as Windows Server 2019 Preview, both Desktop Experience and Core editions. Yes, Exchange 2019 runs on Server Core! In fact, the Exchange team really want you to try running it on Server Core. Also, by running on Server Core, you are reducing the potential attack surface, which makes it more secure system.

Scaling
Exchange 2019 can take advantage of hardware developments, and will support a larger number of cores as well as memory. Where Exchange 2016 scaling support was limited to 24 cores and 192GB of memory, Exchange 2019 will happily support up to 48 CPU cores and 256GB of memory.

Search and Indexing
Search will leverage yet another a new engine, Big Funnel, which is already being used for Exchange Online. Result of this change is that indexes will no longer be a separate ecosystem of files per database copy, but will be stored within the mailbox database. The advantages of this are that indexes will leverage the existing replication mechanism and protection offered by the Database Availability Group, and as indexes replicate with the data, this also means no more rebuilding of unhealthy indexes or trailing content indexes. This is also beneficial for fail-over times.

Storage
Exchange 2019 will support tiering of storage using SSD’s at release time, but that is currently not enabled for the Public Preview release. SSD’s are going to be used to store (read/write) hot data in a sort of intelligent cache, lowering overall latency and in the end benefitting user experience.

Calendaring
imageThe new Calendar Sharing model from Office 365 will be ported to Exchange on-premises. More information on this feature in Exchange Online here.

Also in the ported functionality department, it will be possible for meeting organizers to set Do not Forward for meeting requests, preventing attendees from forwarding those meeting requests to others.

And last but not least, administrators will receive some convenient PowerShell cmdlets to manage Calendars, such as Remove-CalendarEvents for cancelling future meetings on attendee and resource calendars, and Add-MailboxFolderPermission gets the SharingPermissionFlags parameter to assign delegate permissions.

Unified Messaging
Exchange 2019 will no longer support Unified Messaging. If you’re using a 3rd party PBX or Skype for Business Server, that will no longer work with Exchange 2019. In those circumstances, apart from staying on or migrating to Exchange 2016 for the time being depending on your scenario, steps to take when you want to migrate to Exchange 2019 in those circumstances will be:

  • Migrate to Skype for Business Server 2019 using Cloud Voice-Mail.
  • Migrate to Office 365 with Cloud Voice-Mail.

Co-existence
No official statement yet, but if the policy set by Exchange 2016 and Exchange 2013 continues, only Exchange major version n-2 will be supported for co-existence, meaning Exchange 2013 and later for co-existence, and the need to leverage Exchange 2016 when migrating from Exchange 2010 (EOL April 2020).

.NET Framework
No word yet on supportability, so assume the same policy as for the latest Exchange 2013 and Exchange 2016 CU’s, which require .NET Framework 4.7.1. No information yet if .NET Framework 4.7.2 is or will be supported.

UCMA
The required UCMA for Server Core is provided with the ISO, and is located in the UCMAredist subfolder.

Concluding
Of course, with Ignite coming up end of September, it is expected a lot more will be disclosed on the new Exchange release, such as guidance on the deprecation of UM, deploying Modern Authentication, storage tiering and Core support.

Needless to say, this is a preview. It’s great to play with in a lab, but don’t install it in your production environment unless you are part of the TAP program. I repeat, this is not intended for your production deployment.

Apart from Exchange 2019 Preview, other previews of wave 2019 products were also released today (or earlier):

Finally, the update of the Hybrid Configuration Wizard app with integrated Licensing feature was released today as well. You can access it at http://aka.ms/HybridWizard.

Issues with July Updates of Windows

Posted on by
5

bandaidLast Update July 19th: Corrected Update information.

About a week ago, Microsoft released the July Updates for Windows systems. Unfortunately, something must have gone wrong in quality control, because people were reporting all sorts of issues, mostly related to IIS and Exchange servers.

The issue is created at the operating system level, probably due to changes in networking as mentioned in the July update notes. Therefor, symptoms can be experienced on systems running Exchange Server 2016 or even back to Exchange Server 2007.

Some of the symptoms are:

  • The World Wide Web Publishing Service – W3SVC – won’t come up, remains in a “stopping” state, but cannot fully stop or it cannot be restarted.
  • Exchange Transport and SMTP services becomes unresponsive or stops, causing mail flow issues (Source).

The issues were serious enough to have the Exchange PG publish a notice.

Meanwhile, Microsoft has released a superseding update for Windows Server 2016, and updates for older operating systems. However, looking at the information provided with updates for older operating systems, there are fixes for the original security updates, and (previews of) Monthly Rollups for the July updates. Replacements and updates may manifest themselves in Windows Update only after installing the original – faulty – update, meaning you might have to go through more than one Windows Update cycle (and possibly reboot) for the updates to become visible and installable. This applies to the Monthly Rollups as well.

The table below contains information on the original rollups and updates, the update you need to apply, and the type of update.

Operating System Original Update Update Type Comments
Windows Server 2016 KB4338814 KB4345418 Monthly Rollup Replacement
Windows Server 2012 R2 KB4338815 KB4338831 Monthly Rollup Replacement
KB4338824 KB4345424 Security Update Update for v1
Windows Server 2012 KB4338830 KB4338816 Monthly Rollup Replacement
KB4338820 KB4345425 Security Update Update for v1
Windows Server 2008 R2 KB4338823 KB4345459 Security Update Update for v1
KB4338818 KB4338821 Monthly Rollup Replacement
Windows Server 2008 KB4295656 KB4345397 Security Update Update for v1

Finally, apart from adopting a less aggressive updating strategy, this again shows unfortunately that having a separate production environment next to your test environment is no frivolous luxury.

MVP’s around the World

Posted on by
25

mvpUpdated July 3rd:  Includes newly registered awardees and awardees who changed category. Added overview of Office Servers and Services numbers over last couple of years.

With the latest annual award cycle, one might be curious which impact it had on the MVP population. I performed a similar exercise last year to compare the impact of the start of the new award cycle. This year, all the MVP’s previously on the January and October cycles were also included in the reviews, making this year the first one where MVP leads and others had to perform the dauntless task of reviewing community contributions of over 3,500 people.

For comparison, I had a look at the public MVP statistics of July 1st against those of June 26th, to exclude significant noise from the monthly awardees. To start, let us first have a look at the total population of MVP’s. From the numbers, it is clear some type of correction took place, as the total number of MVP’s went down from 3,815 last month to 3,025 now (-21%).

As big changes might be a result of change of focus, the following table contains the changes per award category from June 2018 to July 2018. Note that the total number of MVP’s doesn’t equal the total number of awardees, as people can be awarded in more than one category; there are 50 MVP’s with multiple award categories.

Competence Jun2018 July2018 Change
Access 39 29 -26%
AI 28 58 107%
Business Solutions 221 184 -17%
Cloud and Datacenter Management 410 302 -26%
Data Platform 442 366 -17%
Enterprise Mobility 159 122 -23%
Excel 103 84 -18%
Microsoft Azure 370 368 -1%
Office Development 44 33 -25%
Office Servers and Services 490 383 -22%
OneNote 15 12 -20%
Outlook 14 11 -21%
PowerPoint 40 34 -15%
Visio 15 10 -33%
Visual Studio and Development
Technologies		 1043 780 -25%
Windows and Devices for IT 136 87 -36%
Windows Development 273 186 -32%
Word 23 19 -17%
Total 3865 3066 -21%

Except for the AI MVP’s, all the numbers are down. Way down. Word is quite a number of long-standing MVP’s have not been re-awarded this cycle. One could only guess for the motivation (only Microsoft knows), but it could be due to the ongoing shift from on-premises technology to cloud-based technology.

When zooming in on the Office Servers and Services MVP’s category, the awards per country is shown in the following heath map and table. Be advised that MVP’s that are anonymous or have profiles without location (~23 for Office Servers and Services), are not taken into account since their location is unknown.

image

Country Number Country Number Country Number
Argentina 0 (-100%) Ireland 1 (0%) Saudi Arabia 1 (0%)
Australia 17 (-40%) Israel 0 (-100%) Serbia 1 (0%)
Austria 2 (0%) Italy 8 (-20%) Singapore 3 (-25%)
Belgium 8 (0%) Japan 11 (-45%) Slovakia 1 (0%)
Bosnia-Herzegovina 2 (0%) Jordan 1 (0%) Slovenia 1 (-50%)
Brazil 2 (-34%) Korea 6 (-15%) South Africa 4 (-20%)
Bulgaria 1 (0%) Latvia 1 (0%) Spain 5 (-17%)
Canada 29 (-24%) Macedonia F.Y.R.O 2 (0%) Sri Lanka 4 (-43%)
Chile 1 (0%) Malaysia 1 (-50%) Sweden 6 (-25%)
China 14 (-13%) Mexico 2 (-50%) Switzerland 5 (0%)
Colombia 2 (0%) Nepal 1 (0%) Thailand 1 (0%)
Croatia 5 (-17%) New Zealand 4 (-20%) The Netherlands 13 (-8%)
Czech Republic 3 (-25%) Norway 5 (-17%) Turkey 4 (-20%)
Denmark 2 (-50%) Pakistan 2 (0%) Ukraine 1 (-50%)
Egypt 1 (-50%) Peru 1 (-50%) United Arab Emirates 1 (-50%)
Finland 2 (0%) Poland 2 (0%) United Kingdom 23 (-15%)
France 15 (-12%) Portugal 3 (-25%) United States 90 (-19%)
Germany 16 (-20%) Romania 1 (-50%) Uruguay 1 (0%)
Greece 1 (0%) Russia 5 (-50%) Vietnam 0 (-100%)
Hungary 2 (-50%) TOTAL 383 (-22%)
India 12 (-8%)

As shown, some countries have lost their Office Servers and Service MVP’s completely. Looking at the total number of Office Servers and Services MVP’s over the year, the number went a little up again due to monthly awardees, but with the July cycle, the number of Office Servers and Services MVP’s went from 490 to 383 (-22%).

The number of Office Servers and Services and total number of MVP’s over the last years (since award restructuring).

Month oct2016 jan2017 jun2017 jul2017 jan2018 jun2018 jul2018
OSS 538 505 (-7%) 532 (+5%) 449 (-16%) 480 (+6%) 490 (+2%) 383 (-21%)
Total N/A N/A 4134 3490 (-16%) 3747 (+7%) 3815 (+2%) 3030  (-21%)

Unfortunately, I have no data on the other categories from before june 2017.

If you have questions or comments, please discuss in the comments.

2018-2019 Microsoft MVP Award

Posted on by
Reply

With great joy and honor I can announce that I have been awarded the Microsoft Most Valuable Professional Award in the category Office Servers and Services (localized e-mail):

image

MVP awards are given to individuals by Microsoft in recognition of their contributions to the community, such as:

  • Writing blogs, articles, books.
  • Speaking engagements or podcasts.
  • Supporting others, e.g. forum or TechCommunity contributions.
  • Code contributions.
  • Product feedback.

This is my 5th consecutive year as an MVP. I used to be an “October MVP”, which meant my award was up in October every year. After the award cycle changed to a yearly one for everyone, this year was the first time all MVP’s who fell under the old quarterly cycles, were being up for renewal. It also meant, contributions of a longer period of time were being evaluated. So lots of kudos to the MVP leads and other folks that had to go through the monstrous task of reviewing thousands of contributions for this cycle.

Many thanks to the community, readers, followers, fellow MVP’s and friends, peers, product groups and other Microsoft employees for their encouragement, inspiration and support over all those years.

My MVP profile can be found here.

Exchange Updates – June 2018

Posted on by
3

Ex2013 LogoThe Exchange Team released the June updates for Exchange Server 2013 and 2016, and an additional Rollup 22 for Exchange Server 2010 Service Pack 3.

Apart from fixes and time zone changes, these updates contain the following important changes and notes:

  • As announced earlier, Exchange 2013 CU21 and Exchange 2016 CU10 require .NET Framework 4.7.1.
  • All three updates require the VC++ 2013 runtime library, because it is needed by a 3rd component in WebReady Document Viewing in Exchange 2010/2013 and Data Loss Prevention in Exchange 2013/2016. Exchange 2010 SP3 RU22 will force installation of this VC++ runtime.
  • Updates include a critical security patch for Oracle Outside In libraries. More about the issue in MSRC advisory ADV180010.
  • Exchange 2013 CU21 and Exchange 2016 CU10 introduce support for directly creating and enabling remote shared mailboxes, e.g. 
    New-RemoteMailbox [-Shared] [-Name remoteMailboxName]
Enable-RemoteMailbox [-Identity user] [-Shared] [-RemoteRoutingAddress user@domain]
Set-RemoteMailbox [-Name user] [-Type Shared]

    You need to run setup /PrepareAD to see these changes. More information in KB4133605.

  • This is the last planned Cumulative Update for Exchange 2013 as it enters Extended Support.
  • Exchange 2010 SP3 RU22 adds support for Windows Server 2016 Domain Controllers.

 

Version Build KB Article Download UMLP Schema Changes
Exchange 2016 CU10 15.1.1531.3 KB4099852 Download UMLP No
Exchange 2013 CU21 15.0.1395.4 KB4099855 Download UMLP No
Exchange 2010 SP3 RU22 14.3.411.0 KB4295699 Download

Exchange 2016 CU10 fixes:

  • 4056609 Event ID 4999 and mailbox transport delivery service won’t start with Exchange Server 2016 CU7 installed
  • 4133605 Cmdlets to create or modify a remote shared mailbox in an on-premises Exchange environment
  • 4133620 “HTTP 500 due to ADReferralException” error when a user tries to view detail properties of mailboxes in a child domain in Exchange Server
  • 4095974 “System.InvalidOperationException” occurs when the “Enable-MailPublicFolder” cmdlet is run against a public folder in Exchange Server
  • 4095973 Set-ServerComponentState cmdlet does not honor the write scope defined in the RBAC management scope in Exchange Server
  • 4095993 HTTP 500 error when an administrator tries to manage regional settings in ECP on Windows Server 2016
  • 4294209 Cannot clear the “Maximum message size” check box for Send messages or Receive messages in EAC in Exchange Server 2016
  • 4294208 “TooManyObjectsOpenedException” error when you run the “Get-PublicFolderMailboxDiagnostics” cmdlet in Exchange Server
  • 4294212 Cannot send VBScript-created messages in the Outlook 2016 client
  • 4294211 Cannot run “Set-CalendarProcessing” cmdlets after you apply CU8 or CU9 for Exchange Server 2016
  • 4294210 Cannot edit an email attachment in OWA in an Exchange Server 2016 environment
  • 4294204 Changing “IsOutOfService” to “False” in an earlier Exchange Server version does not immediately update in a later Exchange Server environment
  • 4092041 Description of the security update for Microsoft Exchange Server 2013 and 2016: May 8, 2018

Exchange 2013 CU20 fixes:

  • 4133605 Cmdlets to create or modify a remote shared mailbox in an on-premises Exchange environment
  • 4133604 User can’t log on to a POP/IMAP account by using NTLM authentication in Exchange Server 2013
  • 4133618 Unexpected error occurs when running the Get-DatabaseAvailabilityGroupNetwork cmdlet in Exchange Server 2013
  • 4133620 “HTTP 500 due to ADReferralException” when a user tries to view detail properties of mailboxes in a child domain in Exchange Server
  • 4058473 An Office 365 primary mailbox user cannot be assigned full access permissions for an on-premises mailbox in Exchange Server
  • 4094167 The MSExchangeRPC service crashes with a System.NullReferenceException exception in Exchange Server 2013
  • 4095974 “System.InvalidOperationException” occurs when the “Enable-MailPublicFolder” cmdlet is run against a public folder in Exchange Server
  • 4092041 Description of the security update for Microsoft Exchange Server 2013 and 2016: May 8, 2018
  • 4294205 POP3 services intermittently stop in an Exchange Server 2013 environment
  • 4294204 Changing “IsOutOfService” to “False” in an earlier Exchange Server version does not immediately update in a later Exchange Server environment

Exchange 2010 Rollup 22 fixes:

  • 4295751 EWS impersonation not working when accessing resource mailboxes in a different site in Exchange Server 2010 SP3

Notes:

  • Exchange 2016 CU8 and Exchange 2013 CU18 do not contain schema changes compared to their previous Cumulative Update. However, they introduce RBAC changes in your environment. Use setup /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers.
  • When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
  • When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay at most one version behind (n-1).
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order in which you upgrade servers with Cumulative Updates is irrelevant.

Caution:

As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.