Advisory: Hold off deploying Exchange 2016 CU3 on WS2016 for now

Ex2013 LogoLast Update: December 13th, 2016: The Windows team published an update for Windows Server 2016, which should fix the issue with DAG members crashing when restarted. The related article is KB3206632, and you can download it here. Be advised, the Windows Server 2016 update – which also fixes other issues – is nearly 1 GB!

About one month ago, Exchange Server 2016 Cumulative Update 3 was released which supported deployment on Windows Server 2016. However, recently issues are being reported on various communities as well in related blog comments, where Exchange 2016 became unstable, symptoms being randomly crashing IIS application pools (which says nothing about the root cause).

Microsoft acknowledged there is an issue with Exchange Server 2016 CU3 on Windows Server 2016:

If you attempt to run Microsoft Exchange 2016 CU3 on Windows Server 2016, you will experience errors in the IIS host process W3WP.exe. There is no workaround at this time. You should postpone deployment of Exchange 2016 CU3 on Windows Server 2016 until a supported fix is available.

So, be advised to hold off to deploying Exchange 2016 on Windows Server 2016 until further notice.

Update: The Exchange Team has also posted a notice that an update is in the works, and to delay further Exchange 2016 deployments on Windows Server 2016 until this delay has been made available. No ETA on the update yet.

Exchange Updates – September 2016

Ex2013 LogoNote: There are issues with Exchange 2013 CU14 and Exchange 2016 CU3 with regards to failing Content Indexing. Fellow MVP Jaap Wesselius blogged about this here. For now, recommendation is to not upgrade to CU14, until further notice. Also, there are acknowledged issues when running Exchange 2016 CU3 on Windows Server 2016. Don’t deploy Exchange 2016 CU3 on that OS until further notice.

Today, the Exchange Team released the september updates for Exchange Server 2013 and Exchange Server 2016.

The biggest changes are for Exchange Server 2016:

  • Exchange Server 2016 CU3 or later support on Windows Server 2016, which is expected to be released at Ignite next week. Windows Server 2016 Domain Controllers are supported; requirement is just Forest Functional Level at Windows Server 2008 R2 or later. Note that it is also announced Exchange Server 2013 will not be supported (as in: now, and in the future). Performance-wise, it is recommended to exclude Exchange setup and log folders, as well as the noderunner processes in Windows Defender.
  • Finally, Exchange Server 2016 CU3 introduces the long-awaited Read from Passive feature. This means, indexes will be generated using (local) passive databases copies, and no longer require coordination with the server holding the active database copy. The result is lower bandwidth requirements, and – compared to Exchange Server 2013 – faster fail-overs. Be advised this feature does not apply to lagged copies.
  • An update for the Mailbox Server Role Calculator(s) for Exchange 2016 is available now (v8.3), incorporating Read from Passive changes. This allows organizations to not only size their deployment, but also predict the positive effect on bandwidth usage for current environments as well by using numbers. You can download the calculator here.

For a list of fixes in these updates, see below.

Exchange 2016 Cumulative Update 3 15.1.544.27 KB3152589 Download UMLP
Exchange 2013 Cumulative Update 14 15.0.1236.3 KB3177670 Download UMLP

  • KB 3154387 The DFS health set is listed as “Unhealthy” in an Exchange Server 2016 environment
  • KB 3175080 Cannot log on to OWA when FIPS is enabled in an Exchange Server 2016 environment
  • KB 3176377 Links to access Exchange items in SharePoint eDiscovery search result fail with an HTTP error 500 in Exchange Server
  • KB 3161916 Data loss may occur during public folder migration to Exchange 2013, Exchange 2016, or Exchange Online
  • KB 3176540 OWA error reporting responds with a HTTP error 500 in OwaSerializationException
  • KB 3190887 Upgrading Exchange Server causes the server to go offline unexpectedly
  • KB 3191075 You can’t install Cumulative Update 2 for Exchange Server 2016 on a Russian version operating system

  • KB 3132513 “The Delegates settings were not saved correctly” when you try to add a user to Exchange Server 2013 from Microsoft Outlook
  • KB 3172017 “NotFound Export failed with error type: ‘NotFound'” error occurs when you perform an eDiscovery search in Exchange Server 2013
  • KB 3176377 Links to access Exchange items in SharePoint eDiscovery search result fail with an HTTP error 500 in Exchange Server
  • KB 3176540 OWA error reporting responds with a HTTP error 500 in OwaSerializationException
  • KB 3176873 Can’t create a new profile or connect to Exchange Server 2013 when an organization contains many address lists
  • KB 3061079 RPC Client Access service crashes and Event 4999 is logged in Exchange Server 2013
  • KB 3134918 An IRM-protected message sent to an external contact isn’t returned in a search or discovery results when journaling is implemented in an Exchange Server 2013 environment
  • KB 3190887 Upgrading Exchange Server causes the server to go offline unexpectedly

These Cumulative Updates for Exchange Server 2016 and 2013 include the security update released last week, MS16-108. The Cumulative Updates for Exchange Server 2016 and 2013 also include DST changes.

Notes:

  • Exchange 2016 CU3 includes schema changes (version 15326, reference), and Exchange 2016 CU3 as well as Exchange 2013 CU14 may introduce RBAC changes in your environment. Where applicable, make sure you run /PrepareSchema to update the schema or /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers. To verify this step has been performed, consult the Exchange schema overview.
  • When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Do note that upgrading, before installing the Exchange binaries, setup will put the server in server-wide offline-mode.
  • Using Windows Management Framework (WMF)/PowerShell version 5 on anything earlier than Windows Server 2016 is not supported. Don’t install WMF5 on your Exchange servers running on Windows Server 2012 R2 or earlier.
  • When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
  • If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
  • Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
  • Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
  • The order of upgrading servers with Cumulative Updates is irrelevant.

Caution: As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or TechNet forum for any issues.

Exchange 2013 Cumulative Update 3

Ex2013 LogoThe long awaited Cumulative Update 3 for Exchange Server 2013 was released today by the Exchange Team (KB2892464). This update raises Exchange 2013 version number to 15.0.775.38.

This CU contains the following functional enhancements:

  • Usability improvements when adding members to new and existing groups in the Exchange Administration Console
  • Online RMS available for use by non-cloud based Exchange deployments
  • Improved admin audit log experience
  • Windows 8.1 / Internet Explorer 11 no longer requires using OWA Light

The CU contains the following fixes:

  • MS13-061 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)
  • 2865161 “Errors: Failed exporting item id: from source id” when you try to copy search results in an Exchange Server 2013 environment
  • 2871980 Child domains are not displayed for selection when you create a mailbox by using EAC in an Exchange Server 2013 environment
  • 2878160 “The Active Directory user wasn’t found” error when you create or update an In-Place eDiscovery search in an Exchange Server 2013 environment
  • 2882608 Exchange Server 2013 does not share the inproxy.dll file
  • 2886115 Retention policies are not applied to Exchange Server 2013 mailboxes when user accounts are on different domains
  • 2888274 WebClientReadFormQueryString string and WebClientEditFormQueryString string return incorrect URLs in an Exchange Server 2013 environment
  • 2888315 Event 2112 or 2180 is logged when you try to back up a database in an Exchange Server 2013 environment
  • 2888612 Retention policy does not work after you run a cmdlet in an Exchange Server 2013 environment
  • 2889786 Sign-in format for Outlook Web App on mobile devices is not adjusted according to the Set-OwaVirtualDerictory cmdlet in an Exchange Server 2013 environment
  • 2890650 Items in the Drafts folder are not stamped with the retention policy tag in an Exchange Server 2010 or 2013 environment
  • 2895487 “Copy Search Results” option does not work in an Exchange server 2013 environment
  • 2895500 DBCS characters appear garbled when you run some PowerShell scripts in EMS in an Exchange Server 2013 environment
  • 2895678 “Nombre de usuario\dominio” is displayed unexpectedly on the Spanish version of the OWA and EAC logon pages in an Exchange Server 2013 environment
  • 2902929 You cannot forward an external meeting request in an Exchange Server 2013 environment
  • 2902929 You cannot forward an external meeting request in an Exchange Server 2013 environment
  • 2902933 “Generate incident report” does not display the “Bcc” field in an Exchange Server 2013 environment
  • 2902934 Korean language localization issue in Exchange 2013 OWA user interface
  • 2902936 You cannot change SMTP addresses for distribution groups by using EAC in an Exchange Server 2013 environment
  • 2902938 You cannot preview Office documents in shared folders by using Outlook Web App in an Exchange Server 2013 environment
  • 2902939 EMS connection error when you separately install an Exchange Server 2013 Mailbox server and a Client Access server
  • 2883203 Exchange Server 2013 restarts frequently after Cumulative Update 2 is installed
  • 2890814 No redirection to the Outlook Web App URL for Exchange Online users in an Exchange hybrid deployment

This Cumulative Update includes schema and AD changes, so make sure you run PrepareSchema / PrepareAD. After updating, the schema version will be 15283.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM prior to Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading servers is irrelevant, unlike with previous generations of Exchange.

Finally, and I can’t emphasize this enough: For any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a week or two and monitor the comments on the release article or TechNet forum for any issues.

You can download Exchange 2013 Cumulative Update 3 here; CU3 UM Language Packs can be found here. More details about these changes, preparing Active Directory or installing this Cumulative Update can be found in the original announcement.