Tag Archives: CU

Exchange 2019 CU14 (2024 H1)

Posted on by
Reply

The Exchange Team released Exchange Server 2019 Cumulative Update H1 2024, or CU14. Apart from the fixes, this Cumulative Update for Exchange 2019 contains the following changes:

  • .NET Framework 4.8.1 support on Windows Server 2022
  • Extended Protection will be enabled by default on the server where you installed CU14 (and later). You can override this behavior during setup or by specifying the DoNotEnableEP or DoNotEnableEPFEEWS when running setup unattended. More info on these switches, as well as the Extended Protection requirements and how to configure it, can be found here.

Unfortunately, TLS 1.3 support has been moved to CU15.

CVE-2024-21410
Enabling Extended Protection also addresses the just released CVE-2024-21410. This also applies to Exchange 2016 and even Exchange 2013 when you deployed the August 2022 Security Update on those servers and enabled Extended Protection on them.

VulnerabilityCategorySeverityRating
CVE-2024-21410Elevation of PrivilegeCriticalCVSS:3.1 9.8 / 9.1

Download
Link to the update as well as a description of changes and fixes are below. The columns Schema and AD indicate if the CU contains Schema (/PrepareSchema) and Active Directory (PrepareAD) changes compared to the previous CU. Refer to the Exchange Schema page for schema and related versioning information. Also, to be able to manage Modern Authentication, administrators need to explicitly run /PrepareAD.

VersionBuildKBDownloadUMLPSchemaAD
Exchange 2019 CU1415.2.1544.4KB5035606Download NY

Exchange 2019 CU14 fixes:

  • 5035442 Exchange Mitigation Service does not log incremental updates
  • 5035443 Read receipts are returned if ActiveSyncSuppressReadReceipt is “True” in Exchange Server 2019
  • 5035444 System.argumentnullexception when you try to run an eDiscovery search
  • 5035446 OAB shadow distribution fails if legacy authorization is blocked
  • 5035448 MCDB fails and leads to lagged copy activation
  • 5035450 Exchange 2019 setup installs an outdated JQuery library
  • 5035452 Usernames are not displayed in Event ID 23 and 258 
  • 5035453 Issues in Exchange or Teams when you try to delegate information
  • 5035455 MSExchangeIS stops responding and returns “System.NullReferenceExceptions” multiple times per day
  • 5035456 “Deserialization blocked at location HaRpcError” error and Exchange replication stops responding
  • 5035493 FIP-FS Proxy Customizations are disabled after a CU or an SU update
  • 5035494 Modern attachment doesn’t work when web proxy is used in Exchange Server 2019
  • 5035495 OWA displays junk operations even if junk mail reporting is disabled
  • 5035497 Edit permissions option in the ECP can’t be edited
  • 5035542 Remote equipment and room mailboxes can now be managed through EAC 
  • 5035616 Logon events failure after updating Windows Server
  • 5035617 Transport rules aren’t applied to multipart or alternative messages
  • 5035689 “High %Time in GC” and EWS doesn’t respond

Notes

  • If Cumulative Updates contain schema changes compared to the Cumulative Update you currently have deployed, you need to run Setup with /PrepareSchema. If they contain Active Directory changes, you need to run /PrepareAD. Alternatively, permissions permitting, you can let Setup perform this step. Consult the Exchange schema versions page for schema and related versioning information.
  • When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
  • Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), support requires you to trail at most one version (n-1).
  • Ensure the Windows PowerShell Script Execution Policy is set to Unrestricted during deployment. This to prevent installation failures due to the inability to validate script signatures.
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable the publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
  • Once upgraded, you can’t uninstall a Cumulative Update or any of the installed Exchange server roles.
  • The recommended upgrade order is internet-facing, non-internet-facing servers first, followed by Edge Transports.

Caution
As for any updates, I recommend thoroughly testing updates in a test environment before implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

Exchange Updates (and more) – H1 2023

Posted on by
Reply

The Exchange Team released Exchange Server 2019 Cumulative Update H1 2023, or CU13. This is Exchange 2019 only; no Exchange 2016 CU.

Apart from the fixes, this Cumulative Update for Exchange 2019 contains the following functionality enhancements:

Modern Authentication On-Premises Support
After dropping support for Basic Authentication in Exchange Online, organizations that remained on-premises for various reasons, and could not deploy Exchange Hybrid, were left out in doubt how to proceed. Last year, Microsoft gave them some perspective, following a roadmap announcement.

This CU is a first step, allowing organizations running AD FS 2019 to deploy Exchange 2019 CU13, and configure AD FS as their authentication provider. Be advised that this also requires clients to support this change in authentication logic. First, Outlook for Windows will contain support for this in build 16327.20200 and later. Support for other Outlook clients has an ETA of end of year. Outlook on the Web already supports claims-based authentication using AD FS, which is a form of Modern Authentication.

Finally, organization running Exchange 2016 can deploy Exchange 2019 CU13 in front of those Exchange 2016 servers, allowing then to handle clients request, and thus authenticate them using AD FS. After deployment, organizations can enable Modern Authentication on the organization or at the mailbox level, using Exchange’s Authentication Policies.

For more information about deploying Modern Authentication with Exchange on-premises, see Enabling Modern Auth in Exchange On-Premises. The page also includes an insightful diagram on the authentication flow.

Configuration Backup/Restore
Administrators might tweak configuration files belonging to their Exchange deployment, e.g. web.config. Deploying CUs meant that those files were overwritten, and administrators had to re-apply changes. With CU13, setup will now preserve a fixed set of elements in those configuration files. For more information, see Exchange Server custom configuration preservation.

TLS 1.3
Unfortunately, nothing yet about TLS 1.3 support.

Earlier Exchange Versions
Exchange 2013 reached end of life early April. No Cumulative Update for Exchange 2016 CU23, which is in extended support, and will only receive security updates until October, 2025. Exchange 2016 is supported when you run CU23 with the March 2023 Security Update applied.

Download
Link to the update as well as a description of changes and fixes are below. The column Schema and AD indicate if the CU contains Schema (/PrepareSchema) and Active Directory (PrepareAD) changes compared to the previous CU. Refer to the Exchange Schema page for schema and related versioning information. Also, in order to be able to manage Modern Authentication, administrators need to explicitly run /PrepareAD.

VersionBuildKBDownloadUMLPSchemaAD
Exchange 2019 CU1315.2.1258.12KB5020999Download NY

Exchange 2019 CU13 fixes:

  • 5027150 Enable Modern Auth for pure On-Premises Exchange users
  • 5026134 â€śInvalidRecipientsException” when you try to run MRM
  • 5026135 CertificateDeploymentServicelet failure in multiple domain forest Exchange deployments
  • 5026136 Microsoft Exchange Transport doesn’t re-encrypt IRM messages
  • 5026138 Users receive reminders although the meeting reminder is set to None
  • 5026139 You can’t move the public folder mailbox
  • 5026142 Journal message returns “ConversionFailedException”
  • 5026143 OAB shadow distribution threshold must be reduced or made configurable
  • 5026146 Expiry notification is sent to moderator and sender for approved and delivered messages
  • 5026147 BlockLegacyAuthentication fail Organization Policy because of BackendRehydrationModule implementation
  • 5026149 Group metrics generation doesn’t finish in multidomain environment
  • 5026150 Edge server Filtering Agent removes journal attachments
  • 5026151 Oab-Processing-Threshold is set to 0 for On-Premises
  • 5026152 Microsoft Exchange ActiveSync or Current Requests counter inaccurately counts requests
  • 5026153 Delivery Flow Control setting override is now available
  • 5026154 On-premises Exchange has 35MB file size limit for online archiving
  • 5026155 “No support for this operation” error on an Exchange 2019 DAG member server
  • 5026156 Outlook search fails in a shared On-Premises mailbox if the primary user mailbox is migrated to Exchange Online
  • 5026158 The body of recurring meeting is not clear if it has Chinese characters
  • 5026159 IconIndex returns Default value when Server Assisted Search is used in Outlook
  • 5026266 “Could not start MS Exchange Service Host service” error and Exchange stops responding
  • 5026267 OWA stops responding in an Exchange 2019 and 2016 coexistence topology
  • 5026268 Store Worker process crashes and returns “System.NullReferenceExceptions” multiple times per day
  • 5026269 Block deserialization error when using eDiscovery
  • 5026271 IIS URL Rewrite Module link is incorrect
  • 5026273 Outlook configuration fails in Android or iOS
  • 5026274 Hybrid Agent Validation fails after Extended Protection is enabled
  • 5026277 Mail configuration fails on iOS device after Extended Protection is enabled
  • 5026278 Mailbox migration fails after Extended Protection is enabled

Notes

  • If Cumulative Updates contain schema changes compared to the Cumulative Update you currently have deployed, you need to run Setup with /PrepareSchema. If they contain Active Directory changes, you need to run /PrepareAD. Alternatively, permissions permitting, you can let Setup perform this step. Consult the Exchange schema versions page for schema and related versioning information.
  • When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
  • Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), support requires you to trail at most one version (n-1).
  • Ensure the Windows PowerShell Script Execution Policy is set to Unrestricted during deployment. This to prevent installation failures due to inability to validate script signatures.
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
  • Once upgraded, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The recommended upgrade order is internet-facing, non-internet-facing servers first, followed by Edge Transports.

Caution

As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

Exchange Updates – June 2020

Posted on by
Reply

The Exchange Team released the quarterly Cumulative Updates for Exchange Server 2019 as well as Exchange 2016. Like the previous two Cumulative Updates, these require .NET Framework 4.8.

Apart from fixes as well as security updates included from the previous CU, these update contain the following changes for both builds:

  • Added additional file types to default OWA Mailbox Policy for Blocked File Extensions. More information in KB4559446.
  • Added support to Restore-RecoverableItems for easier usage. More details in KB4547707.

Links to the updates as well as a description of changes and fixes are described below.

VersionBuildKBDownloadUMLPSchema
Exchange 2019 CU615.2.659.4KB4556415VLSC N
Exchange 2016 CU1715.1.2044.4KB4556414DownloadUMLPN

Exchange 2019 CU6 fixes:

  • 4559441 Foreign language characters set in RejectMessageReasonText of a transport rule aren’t shown correctly in Exchange Server 2019
  • 4547707 Enable piping for Restore-RecoverableItems in Exchange Server 2019
  • 4549689 HMA EvoSTS certificate rollover causes authentication prompts due to stalled key on worker process spawn (warmup phase) in Exchange Server 2019
  • 4559446 Changes to Outlook on the web blocked file extensions and MIME types in Exchange Server 2019
  • 4559440 Export to a PST for an eDiscovery search fails Exchange Server 2019
  • 4559439 EAS creates failure report if a message with unknown recipients is in Drafts in Exchange Server 2019
  • 4559442 2080 Events caused by empty values in HKLM\SYSTEM\CurrentControlSet\Services\MSExchange ADAccess\Instance0 in Exchange Server 2019
  • 4559438 Edge Transport server hangs in Exchange Server 2019
  • 4559443 Managed Folder Assistant fails with Event ID 9004 NotInBagPropertyErrorException in Exchange Server 2019
  • 4559437 PR_RECIPIENT_ENTRYID is computed if no email address or type in Exchange Server 2019
  • 4559444 Conversion from HTML to RTF removes non-breaking space in Exchange Server 2019
  • 4559436 Attachments with properties (like Azure Information Protection labels) not always matching in Exchange Server 2019
  • 4559435 Introduce an OrganizationConfig flag to enable or disable recipient read session in Exchange Server 2019

Exchange 2016 CU17 fixes:

  • 4559444 Conversion from HTML to RTF removes non-breaking space in Exchange Server 2016
  • 4559435 Introduce an OrganizationConfig flag to enable or disable recipient read session in Exchange Server 2016
  • 4547707 Enable piping for Restore-RecoverableItems in Exchange Server 2019 and 2016
  • 4559436 Attachments with properties (like Azure Information Protection labels) don’t always match in Exchange Server 2016
  • 4559437 PR_RECIPIENT_ENTRYID is computed if no email address or type in Exchange Server 2016
  • 4559438 Edge Transport server hangs in Exchange Server 2016
  • 4559439 EAS creates failure report if a message with unknown recipients is in Drafts in Exchange Server 2016
  • 4559440 Export to a PST for an eDiscovery search fails in Exchange Server 2016
  • 4559441 Foreign language characters set in RejectMessageReasonText of a transport rule aren’t shown correctly in Exchange Server 2016
  • 4559442 2080 Events caused by empty values in HKLM\SYSTEM\CurrentControlSet\Services\MSExchange ADAccess\Instance0 in Exchange Server 2016
  • 4549689 HMA EvoSTS certificate rollover causes authentication prompts due to stalled key on worker process spawn (warmup phase) in Exchange Server 2016
  • 4559443 Managed Folder Assistant fails with Event ID 9004 NotInBagPropertyErrorException in Exchange Server 2016
  • 4559446 Changes to Outlook on the web blocked file extensions and MIME types in Exchange Server 2016

Notes:

  • These Cumulative Updates do not contain schema changes compared to their previous Cumulative Update.
  • When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
  • Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to delay installing at most one version (n-1).
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order of installation shouldn’t matter with the “every server is an island” concept, yet recommended is to upgrade internet-facing, non-internet-facing servers first, followed by Edge Transports.

Caution:

As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

Exchange Updates – Sep. 2019

Posted on by
Reply

Exchange2019LogoToday, the Exchange Team released the quarterly Cumulative Updates for Exchange Server 2019 as well as Exchange 2016. The fixes in each release, product downloads are described below:

VersionBuildKBDownloadUMLPSchema
Exchange 2019 CU315.2.464.5KB4514141VLSC N
Exchange 2016 CU1415.1.1847.3KB4514140DownloadUMLPN

Exchange 2019 CU3 fixes:

  • 4515257 Hash mismatch is reported for Exchange DLLs in the bin directory of Exchange Server 2019
  • 4502159 Adding or removing mailbox permission in EAC doesn’t address the msExchDelegateListLink attribute in Exchange Server 2019 and 2016
  • 4515276 Room mailbox accepts a meeting as “Free” if a booking delegate is set in Exchange Server 2019 and 2016
  • 4515275 Enable Get/Restore-RecoverableItems to work with Purges folder in Exchange Server 2019 and 2016
  • 4515274 AutodiscoverV2 request returns REST API endpoint not AutoDiscoverV1 endpoint in Exchange Server 2019 and 2016
  • 4515269 SentToMemberOf shows every recipient type not distribution groups when you create transport rule in Exchange Server 2019 and 2016
  • 4515272 Message is blocked in “SMTP Delivery to Mailbox” queue if exchange server is added in groups of a child domain in Exchange Server 2019 and 2016
  • 4515271 Can’t convert a migrated remote user mailbox to shared in Exchange Server 2019 and 2016
  • 4515270 SubmissionQueueLengthMonitor shows “System.ArgumentException: Transition timeout…” in Exchange Server 2019 and 2016
  • 4515267 NDR occurs when you resend message from alternate journaling mailbox to journaling mailbox in Exchange Server 2019 and 2016
  • 4515265 Removing In-Place Hold doesn’t work for mailboxes in different domains in Exchange Server 2019 and 2016
  • 4515264 FindPeople request from Skype for Business on Mac fails with “Invalid Shape Specification” in Exchange Server 2019 and 2016
  • 4515263 Hide the “Validate-MailFlowThroughFrontDoor” command for Exchange Server 2019 and 2016
  • 4515262 Enable Remove-MobileDevice to delete mobile devices after migrating to Office 365 from Exchange Server 2019 and 2016
  • 4515261 Can’t copy eDiscovery search results for mailboxes with Exchange online archives in Office 365 in Exchange Server 2019 and 2016
  • 4515273 Mailbox auditing fails when using SHA1Managed in Exchange Server 2019 and 2016
  • 4515266 Infinite loop in Recurrence.GetNumberOfYearsBetween() with the Japanese calendar in Exchange Server 2019 and 2016
  • 4520319 S/MIME signed reply draft behaves like the first message in conversation in Exchange Server 2019 and 2016
  • 4515832 Description of the security update for Microsoft Exchange Server 2019 and 2016: September 10, 2019

Exchange 2016 CU14 fixes:

  • 4515255 â€śX-InnerException: Microsoft.Mapi.MapiExceptionRpcServerTooBusy” error when you try to use a mailbox in Exchange Server 2016
  • 4515254 Event 1009 frequently occurs in application logs for lagged database copies in Exchange Server 2016
  • 4502159 Adding or removing mailbox permission in EAC doesn’t address the msExchDelegateListLink attribute in Exchange Server 2016
  • 4515276 Room mailbox accepts a meeting as “Free” if a booking delegate is set in Exchange Server 2016
  • 4515275 Enable Get/Restore-RecoverableItems to work with Purges folder in Exchange Server 2016
  • 4515274 AutodiscoverV2 request returns REST API endpoint not AutoDiscoverV1 endpoint in Exchange Server 2016
  • 4515269 SentToMemberOf shows every recipient type not distribution groups when creating transport rule in Exchange Server 2016
  • 4515272 Message is blocked in “SMTP Delivery to Mailbox” queue if exchange server is added in groups of a child domain in Exchange Server 2016
  • 4515271 Can’t convert a migrated remote user mailbox to shared in Exchange Server 2016
  • 4515270 SubmissionQueueLengthMonitor shows “System.ArgumentException: Transition timeout…” in Exchange Server 2016
  • 4515267 NDR occurs when you resend message from alternate journaling mailbox to journaling mailbox in Exchange Server 2016
  • 4515265 Removing In-Place Hold doesn’t work for mailboxes in different domains in Exchange Server 2016
  • 4515264 FindPeople request from Skype for Business on Mac fails with “Invalid Shape Specification” in Exchange Server 2016
  • 4515263 Hide the “Validate-MailFlowThroughFrontDoor” command for Exchange Server 2016
  • 4515262 Enable Remove-MobileDevice to delete mobile devices after migrating to Office 365 from Exchange Server 2016
  • 4515261 Can’t copy eDiscovery search results for mailboxes with Exchange online archives in Office 365 in Exchange Server 2016
  • 4515273 Mailbox auditing fails when you use SHA1Managed in Exchange Server 2016
  • 4515266 Infinite loop in Recurrence.GetNumberOfYearsBetween() with the Japanese calendar in Exchange Server 2016
  • 4520319 S/MIME signed reply draft behaves like the first message in conversation in Exchange Server 2016
  • 4515832 Description of the security update for Microsoft Exchange Server 2019 and 2016: September 10, 2019

Notes:

  • These Cumulative Updates do not contain schema changes compared to their previous Cumulative Update.
  • When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
  • Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to delay installing at most one version (n-1).
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order of installation shouldn’t matter with the “every server is an island” concept, yet recommended is to upgrade internet-facing, non-internet-facing servers first, followed by Edge Transports.

Caution:

As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

Exchange Updates – October 2018

Posted on by
2

Ex2013 LogoThe Exchange Team released the October update for Exchange Server 2016. You may notice the absence of Exchange 2013, which is now in extended support phase and thus won’t receive regular updates. This heads-up was also given together with the updates of June.

Version Build KB Download UMLP Schema?
Exchange 2016 CU11 15.1.1591.10 KB4134118 Download UMLP No

This update contain the following important changes and notes:

  • Exchange 2016 CU11 – as well as Exchange 2013 CU21 – are supported with .NET Framework 4.7.2; at least .NET Framework 4.7.1 is required for both.
  • Exchange 2016 CU13 (the June 2019 release, December will be skipped) will start requiring .NET Framework 4.7.2, similar to the release of Exchange 2019; Windows Server 2019 will contain .NET Framework 4.7.2.
  • Exchange 2016 requires installation of VC++ 2012 runtime prior to installation. Additionally, when installing the Mailbox role, VC++ 2013 runtime needs to be installed as well.

Exchange 2016 CU11 fixes:

  • 4076516 Email message body is garbled when the Russian version of Outlook is used in Exchange Server 2016
  • 4095967 CultureNotFoundException when you select an LCID 4096 language in Exchange Server 2016
  • 4456225 The image in a signature that’s created in Outlook on the web isn’t visible to external users in Exchange Server 2016
  • 4456226 Require SSL setting of MAPI virtual directory is reset after you install a cumulative update of Exchange Server 2016
  • 4456227 ActiveSync clients cannot connect or synchronizing is delayed in an Exchange Server environment
  • 4456228 Add an option to control UseAscReqNoToken through app configuration for Exchange Server 2016
  • 4456229 Irrelevant management role entries without parameters are displayed in Exchange Server 2016
  • 4456230 Component/protocol level bypass option for InternetWebProxy to avoid unnecessary proxy traffic within internal networks
  • 4456231 AdvancedDataGovernanceLogs is created on the D drive after deploying Exchange Server 2016
  • 4456232 Outlook on the web enters an authentication loop when you use device registration in Exchange Server 2016
  • 4456234 Email can’t be delivered when the subject has an unknown character set in Exchange Server 2016
  • 4456240 “CrimsonProbe has been poisoned repeatedly” error when migrating mailboxes to Exchange Server 2016
  • 4456243 Hashed lines shown in scheduling assistant when Exchange Server 2016 tries to retrieve free/busy information across untrusted forests
  • 4456244 Public folder forwards the new item that you create in Exchange Server 2016
  • 4456245 Event ID 4999 and NullReferenceException when the New-MailboxRestoreRequest and New-MailboxExportRequest cmdlets fail in Exchange Server 2016
  • 4456247 StoreDriver.config validation fails then meeting reminder can’t be set to “None” in Exchange Server 2016
  • 4456249 Message tracking logs can’t be fully indexed in Exchange Server 2016
  • 4456250 Users can download and view attachments that exceed the maximum attachment size setting in mobile device mailbox policy in Exchange Server 2016
  • 4456259 Exchange Server 2016 user can’t access a shared calendar from Exchange Server 2013
  • 4456233 UAPStatisticsLog and RecordReview are created on the D drive after you deploy Exchange Server 2016
  • 4459847 Can’t send S/MIME encrypted mail or update the S/MIME control from Outlook on the web in Exchange Server 2016

Notes:

  • Exchange 2016 CU11 does not contain schema changes compared to their previous Cumulative Update. However, they may introduce RBAC changes in your environment. Use setup /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers.
  • When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
  • Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay at most one version behind (n-1).
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order in which you upgrade servers with Cumulative Updates is irrelevant.

Caution:

As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

Exchange Updates – June 2018

Posted on by
3

Ex2013 LogoThe Exchange Team released the June updates for Exchange Server 2013 and 2016, and an additional Rollup 22 for Exchange Server 2010 Service Pack 3.

Apart from fixes and time zone changes, these updates contain the following important changes and notes:

  • As announced earlier, Exchange 2013 CU21 and Exchange 2016 CU10 require .NET Framework 4.7.1.
  • All three updates require the VC++ 2013 runtime library, because it is needed by a 3rd component in WebReady Document Viewing in Exchange 2010/2013 and Data Loss Prevention in Exchange 2013/2016. Exchange 2010 SP3 RU22 will force installation of this VC++ runtime.
  • Updates include a critical security patch for Oracle Outside In libraries. More about the issue in MSRC advisory ADV180010.
  • Exchange 2013 CU21 and Exchange 2016 CU10 introduce support for directly creating and enabling remote shared mailboxes, e.g. 
    New-RemoteMailbox [-Shared] [-Name remoteMailboxName]
Enable-RemoteMailbox [-Identity user] [-Shared] [-RemoteRoutingAddress user@domain]
Set-RemoteMailbox [-Name user] [-Type Shared]

    You need to run setup /PrepareAD to see these changes. More information in KB4133605.

  • This is the last planned Cumulative Update for Exchange 2013 as it enters Extended Support.
  • Exchange 2010 SP3 RU22 adds support for Windows Server 2016 Domain Controllers.

 

Version Build KB Article Download UMLP Schema Changes
Exchange 2016 CU10 15.1.1531.3 KB4099852 Download UMLP No
Exchange 2013 CU21 15.0.1395.4 KB4099855 Download UMLP No
Exchange 2010 SP3 RU22 14.3.411.0 KB4295699 Download

Exchange 2016 CU10 fixes:

  • 4056609 Event ID 4999 and mailbox transport delivery service won’t start with Exchange Server 2016 CU7 installed
  • 4133605 Cmdlets to create or modify a remote shared mailbox in an on-premises Exchange environment
  • 4133620 “HTTP 500 due to ADReferralException” error when a user tries to view detail properties of mailboxes in a child domain in Exchange Server
  • 4095974 “System.InvalidOperationException” occurs when the “Enable-MailPublicFolder” cmdlet is run against a public folder in Exchange Server
  • 4095973 Set-ServerComponentState cmdlet does not honor the write scope defined in the RBAC management scope in Exchange Server
  • 4095993 HTTP 500 error when an administrator tries to manage regional settings in ECP on Windows Server 2016
  • 4294209 Cannot clear the “Maximum message size” check box for Send messages or Receive messages in EAC in Exchange Server 2016
  • 4294208 “TooManyObjectsOpenedException” error when you run the “Get-PublicFolderMailboxDiagnostics” cmdlet in Exchange Server
  • 4294212 Cannot send VBScript-created messages in the Outlook 2016 client
  • 4294211 Cannot run “Set-CalendarProcessing” cmdlets after you apply CU8 or CU9 for Exchange Server 2016
  • 4294210 Cannot edit an email attachment in OWA in an Exchange Server 2016 environment
  • 4294204 Changing “IsOutOfService” to “False” in an earlier Exchange Server version does not immediately update in a later Exchange Server environment
  • 4092041 Description of the security update for Microsoft Exchange Server 2013 and 2016: May 8, 2018

Exchange 2013 CU20 fixes:

  • 4133605 Cmdlets to create or modify a remote shared mailbox in an on-premises Exchange environment
  • 4133604 User can’t log on to a POP/IMAP account by using NTLM authentication in Exchange Server 2013
  • 4133618 Unexpected error occurs when running the Get-DatabaseAvailabilityGroupNetwork cmdlet in Exchange Server 2013
  • 4133620 “HTTP 500 due to ADReferralException” when a user tries to view detail properties of mailboxes in a child domain in Exchange Server
  • 4058473 An Office 365 primary mailbox user cannot be assigned full access permissions for an on-premises mailbox in Exchange Server
  • 4094167 The MSExchangeRPC service crashes with a System.NullReferenceException exception in Exchange Server 2013
  • 4095974 “System.InvalidOperationException” occurs when the “Enable-MailPublicFolder” cmdlet is run against a public folder in Exchange Server
  • 4092041 Description of the security update for Microsoft Exchange Server 2013 and 2016: May 8, 2018
  • 4294205 POP3 services intermittently stop in an Exchange Server 2013 environment
  • 4294204 Changing “IsOutOfService” to “False” in an earlier Exchange Server version does not immediately update in a later Exchange Server environment

Exchange 2010 Rollup 22 fixes:

  • 4295751 EWS impersonation not working when accessing resource mailboxes in a different site in Exchange Server 2010 SP3

Notes:

  • Exchange 2016 CU8 and Exchange 2013 CU18 do not contain schema changes compared to their previous Cumulative Update. However, they introduce RBAC changes in your environment. Use setup /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers.
  • When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
  • When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay at most one version behind (n-1).
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order in which you upgrade servers with Cumulative Updates is irrelevant.

Caution:

As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

Upgrade Paths for CU’s & .NET

Posted on by
103

2/14/2024: Updated for current builds.

Microsoft keeps track of the currently supported combinations of .NET Framework and Exchange Cumulative Updates at the Exchange Server Supportability Matrix. However, as time progresses, support information on older Cumulative Updates might be removed from the information presented, and you may need to resort to cached versions of this page or other sources to find this information.

This might be problematic for organizations that are not current and need to find out which upgrade path they are required to follow to stay within the boundaries of supported Exchange deployment configurations. For example, you may need to upgrade to a specific Cumulative Update first, that is supported with a newer release of the .NET Framework, to be able to upgrade to a later Cumulative Update.

For these situations, the following tables contain the supportability matrix, enhanced with information regarding earlier Cumulative Updates and .NET Framework versions. These will provide you the supported upgrade paths for older versions of Exchange.

Exchange 2019

.NETRTM-CU1CU2-CU3CU4-CU13CU14
4.7.2XX
4.8XX
4.8.1XX

Exchange 2016

.NETRTM-
CU1		CU2CU3-
CU4		CU5-
CU7		CU8-
CU9		CU10CU11-
CU12		CU13-
CU14		CU15-
CU23
4.5
4.5.1
4.5.2XXX
4.6.11XX
4.6.2XXX
4.72
4.7.1XXX
4.7.2XX
4.8XX

Exchange 2013

.NETRTM-
CU3		CU4(SP1)-
CU12		CU13-
CU14		CU15CU16-
CU18		CU19-
CU20		CU21-
CU22		CU23
4.5XXX
4.5.1XXX
4.5.2XXX
4.6.11XX
4.6.2XXX
4.72
4.7.1XX
4.7.2XX
4.8X

Notes

  1. When possible, bypass .NET Framework 4.6.1, as it not only requires updating the CU level before updating the .NET Framework, but also requires an additional hotfix: kb3146715 (ws2012r2), kb3146714 (ws2012) or kb3146716 (ws2008r2).
  2. .NET Framework 4.7 is not supported for any product level.

Usage
Suppose your organization loves procrastinating, and you are running Exchange 2013 CU6. Luckily, you run it on .NET Framework 4.5.1, which was already a supported configuration back in 2014 – yes, it’s been that long. Looking at the table, to get current with a minimal number of updates in mind, you can derive the following path:

The upgrade path to CU19 would therefor be:

  1. Upgrade to Exchange 2013 Cumulative Update 15
  2. Upgrade .NET Framework to 4.6.2
  3. Upgrade to Exchange 2013 Cumulative Update 19
  4. Upgrade .NET Framework to 4.7.1 (Optional)

Note that in addition to information being refreshed on Microsoft pages, the availability of older Cumulative Updates or .NET Framework updates might also change, so archive those files accordingly, if not for recovery of existing Exchange servers, then for this exact purpose.

Of course, you should stay as current as possible from a support and security perspective, making the above a non-issue. The reality is, some customers have reasons, legitimate or not, to be trailing with updates in their environment, and at some point may need guidance on how to proceed to get current. I hope this information helps in those situations.

Thoughts and feedback are welcomed in the comments.

Update: Per February 13th, Microsoft updated upgrade guidance on the Exchange Supportability Matrix page, stating:

“When upgrading Exchange from an unsupported CU to the current CU and no intermediate CUs are available, you should upgrade to the latest version of .NET that’s supported by Exchange first and then immediately upgrade to the current CU. This method doesn’t replace the need to keep your Exchange servers up to date and on the latest, supported, CU. Microsoft makes no claim that an upgrade failure will not occur using this method, which may result in the need to contact Microsoft Support Services”.

This means you will be supported when upgrading in the revised upgrade path, but the risk is still there. In the example above, when going from Exchange 2013 CU6 with .NET 4.5.1 to CU19, the support statement indicates you can upgrade to .NET Framework 4.7.1, when installing CU19. However, things might break and you may need to contact support to get back into a supported, working situation. Therefore, I repeat my recommendation to download and archive CU’s and .NET Framework files, even when you are not planning on installing them (yet).

Exchange Updates – September 2017

Posted on by
1

Ex2013 LogoHoneymoon caused some backlog, and one of the things to post was that the Exchange Team released the September updates for Exchange Server 2013 and 2016. Like the previous Cumulative Updates for these Exchange versions, Exchange 2013 CU18 and Exchange 2016 CU7 require .NET Framework 4.6.2; NET Framework 4.7.1 is currently being tested (4.7 will be skipped), and support for 4.7.1 is expected for the December updates.

Version Build KB Article Download UMLP Schema Changes
Exchange 2016 CU7 15.1.1261.35 KB4018115 Download UMLP Yes
Exchange 2013 CU18 15.0.1347.2 KB4022631 Download UMLP No
  • KB 4040754 “Update UseDatabaseQuotaDefaults to false” error occurs when you change settings of user mailbox in Exchange Server 2016
  • KB 4040121 You receive a corrupted attachment if email is sent from Outlook that connects to Exchange Server in cache mode

  • KB4036108 Security update for Microsoft Exchange: September 12, 2017

Exchange 2013 CU18 fixes:

  • KB4040755 New health monitoring mailbox for databases is created when Health Manager Service is restarted in Exchange Server 2013
  • KB4040121 You receive a corrupted attachment if email is sent from Outlook that connects to Exchange Server in cache mode
  • KB4040120 Synchronization may fail when you use the OAuth protocol for authorization through EAS in Exchange Server 2013
  • KB4036108 Security update for Microsoft Exchange: September 12, 2017

Notes:

  • Exchange 2016 CU7 requires Forest Functionality Level 2008R2 or later.
  • Exchange 2016 CU7 includes schema changes, but Exchange 2013 CU18 does not. However, Exchange 2013 CU17 may introduce RBAC changes in your environment. Where applicable, use setup /PrepareSchema to update the schema or /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers. To verify this step has been performed, consult the Exchange schema overview.
  • When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
  • Using Windows Management Framework (WMF)/PowerShell version 5 or later on anything earlier than Windows Server 2016 is not supported. Don’t install WMF5 on your Exchange servers running on Windows Server 2012 R2 or earlier.
  • NET Framework 4.7.1 is being tested by the Exchange Team, but .NET Framework 4.7.1 nor .NET Framework 4.7 are supported.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay at most one version behind (n-1).
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order in which you upgrade servers with Cumulative Updates is irrelevant.

Caution: As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

Exchange Updates – September 2016

Posted on by
1

Ex2013 LogoNote: There are issues with Exchange 2013 CU14 and Exchange 2016 CU3 with regards to failing Content Indexing. Fellow MVP Jaap Wesselius blogged about this here. For now, recommendation is to not upgrade to CU14, until further notice. Also, there are acknowledged issues when running Exchange 2016 CU3 on Windows Server 2016. Don’t deploy Exchange 2016 CU3 on that OS until further notice.

Today, the Exchange Team released the september updates for Exchange Server 2013 and Exchange Server 2016.

The biggest changes are for Exchange Server 2016:

  • Exchange Server 2016 CU3 or later support on Windows Server 2016, which is expected to be released at Ignite next week. Windows Server 2016 Domain Controllers are supported; requirement is just Forest Functional Level at Windows Server 2008 R2 or later. Note that it is also announced Exchange Server 2013 will not be supported (as in: now, and in the future). Performance-wise, it is recommended to exclude Exchange setup and log folders, as well as the noderunner processes in Windows Defender.
  • Finally, Exchange Server 2016 CU3 introduces the long-awaited Read from Passive feature. This means, indexes will be generated using (local) passive databases copies, and no longer require coordination with the server holding the active database copy. The result is lower bandwidth requirements, and – compared to Exchange Server 2013 – faster fail-overs. Be advised this feature does not apply to lagged copies.
  • An update for the Mailbox Server Role Calculator(s) for Exchange 2016 is available now (v8.3), incorporating Read from Passive changes. This allows organizations to not only size their deployment, but also predict the positive effect on bandwidth usage for current environments as well by using numbers. You can download the calculator here.

For a list of fixes in these updates, see below.

Exchange 2016 Cumulative Update 3 15.1.544.27 KB3152589 Download UMLP
Exchange 2013 Cumulative Update 14 15.0.1236.3 KB3177670 Download UMLP

  • KB 3154387 The DFS health set is listed as “Unhealthy” in an Exchange Server 2016 environment
  • KB 3175080 Cannot log on to OWA when FIPS is enabled in an Exchange Server 2016 environment
  • KB 3176377 Links to access Exchange items in SharePoint eDiscovery search result fail with an HTTP error 500 in Exchange Server
  • KB 3161916 Data loss may occur during public folder migration to Exchange 2013, Exchange 2016, or Exchange Online
  • KB 3176540 OWA error reporting responds with a HTTP error 500 in OwaSerializationException
  • KB 3190887 Upgrading Exchange Server causes the server to go offline unexpectedly
  • KB 3191075 You can’t install Cumulative Update 2 for Exchange Server 2016 on a Russian version operating system

  • KB 3132513 “The Delegates settings were not saved correctly” when you try to add a user to Exchange Server 2013 from Microsoft Outlook
  • KB 3172017 “NotFound Export failed with error type: ‘NotFound'” error occurs when you perform an eDiscovery search in Exchange Server 2013
  • KB 3176377 Links to access Exchange items in SharePoint eDiscovery search result fail with an HTTP error 500 in Exchange Server
  • KB 3176540 OWA error reporting responds with a HTTP error 500 in OwaSerializationException
  • KB 3176873 Can’t create a new profile or connect to Exchange Server 2013 when an organization contains many address lists
  • KB 3061079 RPC Client Access service crashes and Event 4999 is logged in Exchange Server 2013
  • KB 3134918 An IRM-protected message sent to an external contact isn’t returned in a search or discovery results when journaling is implemented in an Exchange Server 2013 environment
  • KB 3190887 Upgrading Exchange Server causes the server to go offline unexpectedly

These Cumulative Updates for Exchange Server 2016 and 2013 include the security update released last week, MS16-108. The Cumulative Updates for Exchange Server 2016 and 2013 also include DST changes.

Notes:

  • Exchange 2016 CU3 includes schema changes (version 15326, reference), and Exchange 2016 CU3 as well as Exchange 2013 CU14 may introduce RBAC changes in your environment. Where applicable, make sure you run /PrepareSchema to update the schema or /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers. To verify this step has been performed, consult the Exchange schema overview.
  • When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Do note that upgrading, before installing the Exchange binaries, setup will put the server in server-wide offline-mode.
  • Using Windows Management Framework (WMF)/PowerShell version 5 on anything earlier than Windows Server 2016 is not supported. Don’t install WMF5 on your Exchange servers running on Windows Server 2012 R2 or earlier.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order of upgrading servers with Cumulative Updates is irrelevant.

Caution: As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or TechNet forum for any issues.

Exchange 2013 Cumulative Update 9

Posted on by
2

Ex2013 LogoThe Exchange Team released Cumulative Update 9 for Exchange Server 2013 (KB3049849). This update raises Exchange 2013 version number to 15.0.1104.5.

Cumulative Update reintroduces configuration of sent items for shared mailboxes, as was possible in Exchange 2010 but wasn’t available in Exchange 2013 yet. More information here.

Next to a security fix for MS15-064, this Cumulative Update contains the following fixes:

  • KB2983216 Category setting on an item in Outlook jumps the selection to the top of the list in an Exchange Server 2013 environment
  • KB2988660 Role assignment with custom write scope fails in an Exchange Server 2013 environment
  • KB3003978 Email messages are displayed with incorrect format in Outlook in an Exchange Server 2013 environment
  • KB3006849 GSSAPI-based Kerberos authentication protocol is not offered to IMAP clients in Exchange Server 2013
  • KB3009631 Advanced Find against the Sent Items folder in Outlook returns no result in Exchange Server 2013
  • KB3032153 Recurring events in Calendar over DST are not adjusted on all ActiveSync devices in all Exchange Server environments
  • KB3040681 MapiExceptionTimeout error during a hierarchy synchronization process of multiple public folders in Exchange Server 2013
  • KB3040683 System WLM overrides do not work when you do on-premises installations in Exchange Server 2013
  • KB3049081 OwaDeepTestProbe probe fails intermittently on a server that installs the Mailbox server role in Exchange Server 2013
  • KB3049771 Outlook Web App logon page takes longer time than expected to time out in an Exchange Server 2013 environment
  • KB3050825 EdgeTransport.exe starts to crash when PriorityQueuingEnabled is set to “True” in Exchange Server 2013
  • KB3050877 Emails that are sent as a secondary mailbox are not saved in the delegate’s Sent Items folder in Exchange Server 2013
  • KB3055940 “Object reference not set to an instance” error when you install cumulative update in Exchange Server 2013
  • KB3056045 “Cannot find Template User object” error when you find contacts that use a consumer domain in Exchange Server 2013
  • KB3056133 Exchange Server 2013 Activation time of transport rule is not displayed in UTC time
  • KB3056413 SMTP connection fails when you log on with a child domain account and use NTLM authentication in Exchange Server 2013
  • KB3056817 Update adds the Let me select the message option in Outlook Web App in an Exchange Server 2013 environment
  • KB3056822 Dynamics CRM 2013 stops synchronizing items from mailbox in an Exchange Server 2013 environment
  • KB3060825 The MSExchangeDelivery service crashes when you receive an email message from a specific sender in Exchange Server 2013
  • KB3064393 “Bad Command. 12” error and IMAP CAPABILITY commands are not offered in an Exchange Server 2013 co-existence environment
  • KB3068681 RPC encryption requirement is re-enabled for RPC Client Access Service after you upgrade server in Exchange Server 2013
  • KB3069060 Recurring meetings are accepted when their time conflicts on the same room mailbox in Exchange Server 2013
  • KB3069501 Duplicate folders are created after a mailbox move in Exchange Server 2013 Enterprise
  • KB3071427 Outlook Web App still downloads web beacon contents when you forward email messages in Exchange Server 2013

Notes:

  • If the new Set-Mailbox parameters for Sent Items configuration, i.e. MessageCopyForSentAsEnabled and MessageCopyForSendOnBehalfEnabled, are not available after installing this CU, run Setup /PrepareAD /IAcceptExchangeServerLicenseTerms explicitly.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
  • Previously released CU7 introduced changes to prevent restoration of pre-CU7 databases. Pre-CU7 users are advised to perform a full backup post-upgrade to CU7 or later.
  • Previously released CU7 added support for hierarchies containing 250,000 modern public folders. Consult this article for co-existence scenarios.

This Cumulative Update does not include schema or Active Directory changes when compared to Cumulative Update 7. If you have deployed a version earlier than CU7, make sure you run PrepareSchema /PrepareAD.  If you want to speed up the Cumulative Update installation process, you can temporarily disable certificate revocation checking as described here.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading servers is irrelevant, unlike with previous generations of Exchange.

Finally, and I can’t emphasize this enough: For any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a week or two and monitor the comments on the release article or TechNet forum for any issues.

You can download Exchange 2013 Cumulative Update 8 here; UM Language Packs can be found here.