Exchange Updates – September 2020

The Exchange Team released the quarterly Cumulative Updates for Exchange Server 2019 as well as Exchange 2016. Like recent Cumulative Updates for these products, they require .NET Framework 4.8. Apart from fixes as well as security updates included from the previous CU, the Exchange 2019 CU7 also comes with an update for the Exchange Sizing Calculator.

Links to the updates as well as a description of changes and fixes are described below.

VersionBuildKBDownloadUMLPSchemaPrepareAD
Exchange 2019 CU715.2.721.2KB4571787VLSC NY
Exchange 2016 CU1815.1.2106.2KB4571788DownloadUMLPNY

Exchange 2019 CU7 fixes:

  • 4570248 Get-CASMailbox uses wrong LDAP filter for ECPEnabled in Exchange Server 2019
  • 4576652 Updates for Exchange Server 2019 Sizing Calculator version 10.5
  • 4570252 Intermittent poison messages due to NotInBagPropertyErrorException in Exchange Server 2019
  • 4576649 System.InvalidCastException when you change passwords in Outlook on the web in Exchange Server 2019
  • 4570251 Inbox rule applying a personal tag doesn’t stamp RetentionDate in Exchange Server 2019
  • 4570245 ESEUtil /p fails if any long value (LV) is corrupted in Exchange Server 2019
  • 4570255 NullReferenceException occurs when running TestFederationTrust in Exchange Server 2019
  • 4576650 Can’t add remote mailbox when setting email forwarding in Exchange Server 2019 Hybrid environment
  • 4570253 CompletedWithErrors without details for mailbox migration batches in Exchange Server 2019
  • 4570247 CSV log of Discovery export fails to properly escape target path field in Exchange Server 2019
  • 4570246 EdgeTransport crashes with Event ID 1000 (exception code 0xc00000fd) in Exchange Server 2019
  • 4570254 MSExchangeMapiMailboxAppPool causes prolonged 100% CPU in Exchange Server 2019
  • 4563416 Can’t view Online user free/busy status in Exchange Server 2019
  • 4576651 Can’t join Teams meetings from Surface Hub devices after installing Exchange Server 2019 CU5
  • 4577352 Description of the security update for Microsoft Exchange Server 2019 and 2016: September 8, 2020

Exchange 2016 CU18 fixes:

  • 4570248 Get-CASMailbox uses wrong LDAP filter for ECPEnabled in Exchange Server 2016
  • 4570252 Intermittent poison messages due to NotInBagPropertyErrorException in Exchange Server 2016
  • 4576649 System.InvalidCastException when you change passwords in Outlook on the web in Exchange Server 2016
  • 4570251 Inbox rule applying a personal tag doesn’t stamp RetentionDate in Exchange Server 2016
  • 4570245 ESEUtil /p fails if any long value (LV) is corrupted in Exchange Server 2016
  • 4570255 NullReferenceException occurs when you run TestFederationTrust in Exchange Server 2016
  • 4576650 Can’t add remote mailbox when setting email forwarding in Exchange Server 2016 Hybrid environment
  • 4570253 CompletedWithErrors without details for mailbox migration batches in Exchange Server 2016
  • 4570247 CSV log of Discovery export fails to properly escape target path field in Exchange Server 2016
  • 4570246 EdgeTransport crashes with Event ID 1000 (exception code 0xc00000fd) in Exchange Server 2016
  • 4570254 MSExchangeMapiMailboxAppPool causes prolonged 100% CPU in Exchange Server 2016
  • 4563416 Can’t view Online user free/busy status in Exchange Server 2016
  • 4576651 Can’t join Teams meetings from Surface Hub devices after installing Exchange Server 2016 CU16
  • 4577352 Description of the security update for Microsoft Exchange Server 2019 and 2016: September 8, 2020

Notes:

  • These Cumulative Updates do not contain schema changes compared to their previous Cumulative Update.
  • There are Active Directory changes requiring you to run PrepareAD. Consult the Exchange schema versions page for object version numbers.
  • When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
  • Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are allowed to trail at most one version (n-1).
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order of installation shouldn’t matter with the “every server is an island” concept, yet recommended is to upgrade internet-facing, non-internet-facing servers first, followed by Edge Transports.

Caution:

As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.

Security Updates for Exchange 2013 & 2016

Despite the quarterly wave of Cumulative Updates being imminent, CVE-2017-11932 and ADV170023 warranted a quick release of Security Update KB4045655 for current versions of Exchange 2013 and Exchange 2016.

This security update fixes a vulnerability in OWA, which could allow elevation of privilege or spoofing if an attacker sends an email that has a specially crafted attachment to a vulnerable Exchange server.

You can download the security updates here:

Be advised the update may leave your Exchange services in a disabled state, despite installing correctly. In those cases, reconfigure those services to Automatic and start them manually.

Also note that this security update overrides an earlier update, KB4036108, which might cause Calendar Sharing issues when split DNS is used.

Security updates are Cumulative Update level specific. Be advised that updates may carry the same name, e.g. the update for CU7 and the one for CU6 are both Exchange2016-KB4045655-x64-en.msp. I suggest adding some form of Cumulative Update identification to the file name when archiving it, e.g. Exchange2016-KB4045655-x64-en-CU7.msp.

As with any patch or update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production.

 

Exchange Updates – September 2017

Ex2013 LogoHoneymoon caused some backlog, and one of the things to post was that the Exchange Team released the September updates for Exchange Server 2013 and 2016. Like the previous Cumulative Updates for these Exchange versions, Exchange 2013 CU18 and Exchange 2016 CU7 require .NET Framework 4.6.2; NET Framework 4.7.1 is currently being tested (4.7 will be skipped), and support for 4.7.1 is expected for the December updates.

Version Build KB Article Download UMLP Schema Changes
Exchange 2016 CU7 15.1.1261.35 KB4018115 Download UMLP Yes
Exchange 2013 CU18 15.0.1347.2 KB4022631 Download UMLP No
  • KB 4040754 “Update UseDatabaseQuotaDefaults to false” error occurs when you change settings of user mailbox in Exchange Server 2016
  • KB 4040121 You receive a corrupted attachment if email is sent from Outlook that connects to Exchange Server in cache mode
  • KB4036108 Security update for Microsoft Exchange: September 12, 2017

Exchange 2013 CU18 fixes:

  • KB4040755 New health monitoring mailbox for databases is created when Health Manager Service is restarted in Exchange Server 2013
  • KB4040121 You receive a corrupted attachment if email is sent from Outlook that connects to Exchange Server in cache mode
  • KB4040120 Synchronization may fail when you use the OAuth protocol for authorization through EAS in Exchange Server 2013
  • KB4036108 Security update for Microsoft Exchange: September 12, 2017

Notes:

  • Exchange 2016 CU7 requires Forest Functionality Level 2008R2 or later.
  • Exchange 2016 CU7 includes schema changes, but Exchange 2013 CU18 does not. However, Exchange 2013 CU17 may introduce RBAC changes in your environment. Where applicable, use setup /PrepareSchema to update the schema or /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers. To verify this step has been performed, consult the Exchange schema overview.
  • When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
  • Using Windows Management Framework (WMF)/PowerShell version 5 or later on anything earlier than Windows Server 2016 is not supported. Don’t install WMF5 on your Exchange servers running on Windows Server 2012 R2 or earlier.
  • NET Framework 4.7.1 is being tested by the Exchange Team, but .NET Framework 4.7.1 nor .NET Framework 4.7 are supported.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay at most one version behind (n-1).
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order in which you upgrade servers with Cumulative Updates is irrelevant.

Caution: As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.