Released: September 2016 Quarterly Exchange Updates


Today we are announcing the latest set of Cumulative Updates for Exchange Server 2016 and Exchange Server 2013. These releases include fixes to customer reported issues and updated functionality. Exchange Server 2016 Cumulative Update 3 and Exchange Server 2013 Cumulative Update 14 are available on the Microsoft Download Center.

Windows Server 2016 Support

Windows Server 2016 support is now available with Exchange Server 2016 Cumulative Update 3. Customers looking to deploy Windows Server 2016 in their Exchange environments require Exchange Server 2016 Cumulative Update 3 or later. Domain Controllers running Windows Server 2016 are supported provided Forest Functional Level is Windows Server 2008R2 or later (Edit 10/27/2016: Please see this blog post for more information related to Forest Functional Level). Exchange does not currently support any new functionality provided by the updated operating system except for improved restart support in the Windows Installer. Installing Exchange on Windows Server 2016 provides a seamless installation experience including prerequisites. Exchange Server 2013 will not be supported on Windows Server 2016.

Windows Defender is on by default in Windows Server 2016. Attention to malware settings is particularly important with Exchange to avoid long processing times during installation and upgrade, as well as unexpected performance issues. The Exchange team recommends the Exchange installation and setup log folders be excluded from scanning in Windows Defender and other Anti-Virus software. Exchange noderunner processes should also be excluded from Windows Defender.

.Net 4.6.2 Support

.Net 4.6.2 is included with Windows Server 2016. Customers deploying Exchange on Windows Server 2016 must use .Net 4.6.2 and Cumulative Update 3 or later. We plan to add support for .Net 4.6.2 on Windows Server 2012 or Windows Server 2012R2 in our December releases of Exchange Server 2016 and 2013. .Net 4.6.2 will be required for Exchange Server 2016 and 2013 on all supported operating systems in March 2017. We advise customers to start evaluating requirements to move to .Net 4.6.2 now.

High Availability Improvements

One of the challenging areas in some on-premises environment is the amount of data replicated with each database copy. In Exchange Server 2016 Cumulative Update 3, network bandwidth requirements between the active copy and passive HA copies are reduced. The Exchange Server Role Requirements Calculator has been updated to reflect these improvements. The local search instance reads data from a database copy on the local server, also known as “Read from Passive”. As a result of this change, passive HA copy search instances no longer need to coordinate with their active counterparts in order to perform index updates. Lagged database copies still coordinate with their active counterparts to perform index updates. This change also reduces database failover times when compared to Exchange Server 2013.

Installing from a Mounted .ISO using Local Languages

.ISO’s mounted on localized versions of the operating system function correctly with Cumulative Update 3. Support for local language setup experience is limited to the 11 server languages supported by Exchange Server 2016.

Pre-Requisite Installation Behavior Updated

In previous releases of Exchange Server 2016 and 2013, servers were placed into server-wide off-line monitoring states during pre-requisite analysis and pre-requisite installation. This behavior is changed in the September cumulative update releases. Setup will now place a server in off-line monitoring mode when installation of new Exchange binaries begins. This change allows customers who are using the GUI upgrade experience to delay changing the monitoring state until after pre-requisite analysis confirms the server is ready for installation. The monitoring state will be configured when the user selects to proceed to the binary installation step. For customers using command line setup, placing the server into the off-line monitoring state is also delayed until pre-requisite analysis is completed and all pre-requisites are met. Once pre-requisites are confirmed, command line setup will change the monitoring status and proceed without a delay into the actual binary upgrade process.

Latest Time Zone and Security Updates

Exchange Server 2016 Cumulative Update 3 and Exchange Server 2013 Cumulative Update 14 include the security updates released in MS16-108. All of the September Exchange releases include support for Time Zone updates released through the month of August. Update Rollup 21 for Exchange Server 2007 and Update Rollup 15 for Exchange Server 2010, part of our September releases, were released as security bulletin MS16-108.

Refreshed People Experience in Outlook on the web

Exchange Server 2016 Cumulative Update 3 includes an updated view of Contact information and Skype for Business presence information. These changes mirror the current experience of Office365.

Countdown to Exchange Server 2007 End of Life (EOL)

We are now only seven months away from Exchange Server 2007 going out of support (Exchange Server 2007 T-1 year and counting). Customers still running Exchange Server 2007 should be implementing plans to move to Exchange Server 2013 or Office 365 to ensure uninterrupted access to support and product fixes.

Release Details

KB articles which contain greater depth on what each release includes are available as follows:

Exchange Server 2016 Cumulative Update 3 does include updates to Active Directory Schema. These updates will apply automatically during setup if the permissions and AD requirements are met during installation. If the Exchange Administrator lacks permissions to update Active Directory Schema, a Schema Admin needs to execute SETUP /PrepareSchema before installing Cumulative Update 3 on the first Exchange server. The Exchange Administrator should also execute SETUP /PrepareAD to ensure RBAC roles are updated correctly.

Exchange Server 2013 Cumulative Update 14 does not include updates to Active Directory, but may add additional RBAC definitions to your existing configuration. PrepareAD should be executed prior to upgrading any servers to Cumulative Update 14. PrepareAD will run automatically during the first server upgrade if Setup detects this is required and the logged on user has sufficient permission.

Additional Information

Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate TechNet documentation.

Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings.

Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., 2013 CU14, 2016 CU3) or the prior (e.g., 2013 CU13, 2016 CU2) Cumulative Update release.

For the latest information on Exchange Server and product announcements please see What's New in Exchange Server 2016 and Exchange Server 2016 Release Notes. You can also find updated information on Exchange Server 2013 in What’s New in Exchange Server 2013, Release Notes and product documentation available on TechNet.

Note: Documentation may not be fully available at the time this post was published.

The Exchange Team

Comments (79)
  1. Great to see Read from Passive released. It should provide some very useful network savings.

  2. Josh Davis says:

    Am I too soon or is the correct .exe?

    Cumulative Update 14 for Exchange Server 2013 (KB3177670)
    Details
    Version:
    15.00.1236.003
    File Name:
    Exchange2013-x64-cu13.exe
    Date Published:
    9/14/2016
    File Size:
    1.6 GB
    KB Articles: KB3177670

  3. Sam says:

    What is the procedure to block installation of .NET 4.6.2 on Windows Server 2012 or Windows Server 2012 R2 until the December Exchange updates support .NET 4.6.2 ?

  4. sime3000 says:

    What is the procedure to block installation of .NET 4.6.2 on Windows Server 2012 or Windows Server 2012 R2 until the December Exchange rollups are available?

    1. Congratulations! Happy to see RfP finally here.

    2. I'm no official channel, but unliked 461 - which could be blocked using a registry key - there seems to be no such thing for 462.

  5. John M says:

    The download link for Exchange 2013 CU 14 results in a "We are sorry, the page you requested cannot be found. " error page.

  6. @Josh Davis, @John M - We experienced a publishing problem this morning with the Cumulative Update 13 package. The package contents were correct, but the name of the package was wrong. This was corrected and the download center should be functioning normally.

    1. Josh Davis says:

      Gotcha! Thanks!

  7. Benoit Boudeville says:

    Hi DevTeam,
    Support for Windows Server 2016 is great, good job. This also means that Exchange Server 2016 CU3 supports the Windows Management Framework 5.x -- Haven't tested yet but that probably means that issues with PS Remoting have been fixed ? Will WMF5 be supported with Windows Server 2012 R2 too ? That'd be a great to ensure that we can leverage killer DSC features that exist in WMF5 without (us, or customers) being forced to use Win2016. Thanks.

    1. @Benoit - Sorry to disappoint, but we are not planning to add support for newer WMF packages on older OS'es. We only plan to support the WMF version which ships with the OS not as an add-on. We have confirmed that PS remoting works correctly between newer and older WMF versions that ship with the OS. We have not confirmed compatibility with any other updates for WMF on older OS'es.

      1. Benoit Boudeville says:

        Yes, this is disappointing in some extent. Many people would like to leverage new WMF5 features and not everyone can move to Win2016 in short time. People tend to take an observation round before deploying the latest Server OS + it takes time to integrate in an existing information system. Anyway, I played around WMF5 on Win2012 R2 with Ex2016 CU3 and still get the same PS Remoting issues as before. I'll try Win2016 TP5 for fun, but Win2016 RTM will be available soon enough... :P

      2. Benoit Boudeville says:

        For the records, Ex2016 CU3 still has PS Remoting issues with Win2016 TP5. So no luck here. I hope RTM will fix that.
        Error is: New-PSSession : Cannot find path '' because it does not exist.

        This problem exists since the very first times of WMF5 on Windows Server 2012 R2, and Win2016 preview builds. Now, let's hope that Win2016 RTM and WMF 5.1 (which should also be RTM'd too) will not have the same problem.

        1. @Benoit - Yes, we discovered problems with TP5 in our own testing. These were resolved in a post TP5 build. We do not support the TP5 build of Windows Server 2016 with Exchange Server 2016. You must wait for the GA release of Windows Server 2016

          1. Benoit Boudeville says:

            HI Brent, good to know. No worries, it was only for testing purposes (and develop my Dsc v5 factory :D).

  8. Benoit Boudeville says:

    Hello, it look like the Exchange 2016 CU3 ISO file is corrupted. I tried downloading it twice with always the same result when attempting to mount it with Windows Server 2012 R2: error mounting, image may be corrupt. Same thing when trying to mount the ISO in a Hyper-V VM. Looks like my Win10 can actually mount it but I wonder about completeness of the content. Also, using 7-Zip to unzip seems to work but also wonder about completeness of the content. Note: the CU3 ISO file is approx 700 MB smaller than the CU2's... suspicious... :)
    More files and folders in extracted CU3 but smaller in overall size (a bit more than 700 MB too).

    1. @Benoit - Thanks for your report. We will investigate this. The .ISO was confirmed against 2012, 2012R2 and 2016 prior to shipping.

      1. Benoit Boudeville says:

        Thanks Brent. I may have hit a bad mirror or my download manager has issue. I'll try again later and without download manager this time. Anyway, I could deploy a 4-node DAG in my lab without any specific other issue.

    2. No, image is ok. I already updated one production server to CU3. Bug with blocked options of receive connectors (Hub transport\Frontend transport) in ECP - not fixed (as I remember, was promised to fix in CU3). New round photos in OWA looks uglier than old square...

      1. Benoit Boudeville says:

        @All,

        For the records, it happens that the .ISO file was flagged as a "Spare File". When this flag is set (it's a NTFS feature), this prevents files such as ISO, VHD(x) to be mounted. Also happens with removable medias.

        That said, the ISO was flagged as Sparse because (I assume) my download manager provisioned a zero-based file when starting the download. It also happened with Chrome.

        After removing the Sparse attribute (e.g. moving file to another location or using fsutil), the ISO could mount without any issue.

        https://support.microsoft.com/en-us/kb/2993573
        https://msdn.microsoft.com/en-us/library/windows/desktop/aa365564(v=vs.85).aspx

  9. I don't see any reference of the "Read from Passive Copy" being enabled in KB3152589. Is this enabled by default once the CU is installed? As a feature that has been in demand for years and finally released, I feel like this is a little glossed over. Is there going to be another topic to go over this in more detail?

    1. This is on by default. There is no KB because this is a new feature not a customer reported issue. The feature has no configuration options so there's not really much more to say about it.

  10. Malko says:

    Hey Exchange-Team,
    it looks to us that an old 2013 CU2 bug is back again. https://support.microsoft.com/en-us/kb/2924519
    Since we have installed the 2016 CU3 we have on all our test servers the following error:

    Failed to create the log directory: D:\TransportRoles\Logs\Mailbox\SyncDelivery\Error because of the error ...

    But we have no D: drive.
    Did you really hard coded the log path in the source code? If yes, how can we fix it?

    1. Georg says:

      We got the same error.
      Is there a fix?

    2. Michael Russell says:

      Same here too but only after installing one of the following:

      November, 2016 Preview of Monthly Quality Rollup for Windows Server 2012 R2 (KB3197875)
      November, 2016 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3196684)
      November, 2016 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB3197874)
      November, 2016 Security Only Quality Update for Windows Server 2012 R2 (KB3197873)
      October, 2016 Security Only Quality Update for Windows Server 2012 R2 (KB3192392)
      Security Update for Adobe Flash Player for Windows Server 2012 R2 (KB3202790)
      Update for Windows Server 2012 R2 (KB3192321)
      Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - November 2016 (KB890830)

      I'll try and figure out which...

  11. sime3000 says:

    Hello Microsoft,
    What is the procedure to block installation of .NET 4.6.2 on Windows Server 2012 or Windows Server 2012 R2 until the December Exchange rollups are available?

  12. Tom Phillips says:

    I don't see KB8135883 (MS16-108) listed in the fixes. I assume that means it did NOT make it into the CUs (Exchange2013 specifically for me).

    Questions that I and others will be interested in:

    1 If the KB was installed prior to CU14 does it REQUIRE removal before upgrading?
    2 Does it need to be re-applied after upgrading to CU14?
    3 Has it been tested against CU14?

    thanks
    Tom

    1. Benoit Boudeville says:

      @Tom: Exchange Server 2016 Cumulative Update 3 and Exchange Server 2013 Cumulative Update 14 include the security updates released in MS16-108.

      This is written in the "Latest Time Zone and Security Updates" paragraph.

      1. Tom Phillips says:

        @Benoit Boudeville, Thanks!

        I only see it posted on the blog page, not on the CU14 page.... Its only hinted at under Notes on the Cumulative Update 14 for Exchange Server 2013 page. (https://support.microsoft.com/en-us/kb/3177670)

        Perhaps it would be a good idea to have it there as well - not everyone will see the blog post and read it
        thanks!
        Tom

  13. sime3000 says:

    Hello Microsoft,

    When I run setup /PrepareSchema from the 2016 CU3 media it completes successfully. However I note that the resultant Forest (rangeUpper) value is still "15325" i.e. the rangeUpper value for CU2.

    Why is that ?

    1. Benoit Boudeville says:

      @sime3000 - this simply means that there were no update to org-based settings which would require a version upgrade. Org version is not dependent of the Schema version, neither both always change at every CU.

      1. sime3000 says:

        Benoit. You're a Microsoft employee ?

        1. Benoit Boudeville says:

          Not quite, but partially... :D

          Now if you can't accept a community response, then fine, ignore it. But if you do then consider you might never get an answer from MSFT. Now take a look around, you'll find out that the Org's objectVersion isn't always updated.

          If you still have doubts, check it out here: http://bfy.tw/7uBV

          1. sime3000 says:

            Hello Benoit,

            No one said anything about the objectVersion value. The value I questioned was the Forest (rangeUpper) value which was 15325 in Exchange 2016 CU2 and should be 15326 in Exchange 2016 CU3. Sounds like you're not that familiar with Microsoft Exchange. Rather than post a silly link to a google search, here some good information that you may want to review to help you understand the difference between the objectVersion and Forest (rangeUpper) values. https://technet.microsoft.com/en-us/library/bb125224(v=exchg.160).aspx .
            If you need any further assistance with Exchange I'll be happy to help. I've been assured that Microsoft really does care but I also note that they usually can't be bothered responding to questions of substance in this forum (take a look at the comments below and other blog entries). It took them two years to respond to one of my questions here - isn't that rather sad ?

    2. Benoit Boudeville says:

      That being said, I did misread your question. After preparing Schema in my various environments they're all at version 15326. So, looks like you missed something...

      schema version in Setup\ServerRoles\Common\Setup\Data\SchemaVersion.ldf
      org version in [Microsoft.Exchange.Data.Directory.SystemConfiguration.Organization]::OrgConfigurationVersion
      domain version in [Microsoft.Exchange.Data.Directory.SystemConfiguration.MesoContainer]::DomainPrepVersion

  14. Josh says:

    In a hybrid scenario with Exchange 2013, are you supposed to re-run the HCW after installing a cumulative update?Thanks.

    1. @Josh - It is not required to re-rerun the Hybrid Configuration Wizard after installing a cumulative update. The Hybrid Configuration Wizard is refreshed frequently to resolve known issues and/or provide additional functionality. Customers are encouraged to use the latest version to ensure their connectivity to Office 365 works as expected.

  15. Benoit Boudeville says:

    Hello Team,

    Currently testing Ex2016 on Windows Server 2016. Found an issue when uninstalling Exchange. Looks like at some point we get an Access Denied error when unregistering one or more DLLs. Uninstallation is done remotely using DSC and running with proper credentials. Issue doesn't occur when using Windows Server 2012 R2.

    Also tried uninstalling from an interactive session, same issue. Of course, I have proper privileges on the server.

    [09/28/2016 13:43:32.0145] [2] Active Directory session settings for 'Start-SetupProcess' are: View Entire Forest: 'True', Configuration Domain Controller: 'sv-dc01.corp.uc-lab.org', Preferred Global Catalog: 'sv-dc01.corp.uc-lab.org', Preferred Domain Controllers: '{ sv-dc01.corp.uc-lab.org }'
    [09/28/2016 13:43:32.0145] [2] User specified parameters: -Name:'C:\Windows\system32\regsvr32.exe' -Args:'/s /u "C:\Exchange\bin\ExSMIME.dll"' -Timeout:'120000'
    [09/28/2016 13:43:32.0145] [2] Beginning processing start-SetupProcess
    [09/28/2016 13:43:32.0146] [2] Starting: C:\Windows\system32\regsvr32.exe with arguments: /s /u "C:\Exchange\bin\ExSMIME.dll"
    [09/28/2016 13:43:32.0492] [2] Process standard output:
    [09/28/2016 13:43:32.0492] [2] Process standard error:
    [09/28/2016 13:43:32.0492] [2] [ERROR] Process execution failed with exit code 5.
    [09/28/2016 13:43:32.0493] [2] [ERROR] Process execution failed with exit code 5.
    [09/28/2016 13:43:32.0494] [2] Ending processing start-SetupProcess
    [09/28/2016 13:43:32.0495] [1] The following 1 error(s) occurred during task execution:
    [09/28/2016 13:43:32.0495] [1] 0. ErrorRecord: Process execution failed with exit code 5.
    [09/28/2016 13:43:32.0495] [1] 0. ErrorRecord: Microsoft.Exchange.Configuration.Tasks.TaskException: Process execution failed with exit code 5.
    at Microsoft.Exchange.Management.Tasks.RunProcessBase.InternalProcessRecord()
    at Microsoft.Exchange.Configuration.Tasks.Task.b__b()
    at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
    [09/28/2016 13:43:32.0509] [1] [ERROR] The following error was generated when "$error.Clear();
    $dllFile = join-path $RoleInstallPath "bin\ExSMIME.dll";
    $regsvr = join-path (join-path $env:SystemRoot system32) regsvr32.exe;
    start-SetupProcess -Name:"$regsvr" -Args:"/s /u `"$dllFile`"" -Timeout:120000;
    " was run: "Microsoft.Exchange.Configuration.Tasks.TaskException: Process execution failed with exit code 5.
    at Microsoft.Exchange.Management.Tasks.RunProcessBase.InternalProcessRecord()
    at Microsoft.Exchange.Configuration.Tasks.Task.b__b()
    at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
    [09/28/2016 13:43:32.0509] [1] [ERROR] Process execution failed with exit code 5.

    1. Peter Cacchioli says:

      I am experiencing the same issue, is there a fix for this?

      1. Alexander Kotov says:

        To solve this uninstall interruption: move original exSmime.dll (Microsoft S/MIME Interface) in different location and rename copy exmime.dll (Microsoft Exchange Mime Interface) as exSmime.dll. Than run again Setup.exe /mode:Uninstall /IAcceptExchangeServerLicense to finish uninstall Exchange.

    2. A workaround with "bin\ExSMIME.dll" uninstall Exchange 2016 cu3 problem. Fortunately folder C:\Program Files\Microsoft\Exchange Server\V15\bin\contains exmime.dll file. That file does regsvr32.exe /u without any error. To solve this uninstall interruption: move original ExSMIME.dll in different location and rename copy exmime.dll as ExSMIME.dll. Than run again Setup.exe /mode:Uninstall /IAcceptExchangeServerLicense to finish uninstall Exchange.

  16. Phillip Lyle says:

    Any word on whether auto distribution of new mailboxes is working on this release? Cu2 had a bug where all mailboxes were placed in a single DB.

  17. Ryan says:

    Does this include a fix for AutoProvisioning? Since we upgraded to CU2, Exchange 2016 has been assigning mailboxes to a single DB when no database is specified.

    https://social.technet.microsoft.com/Forums/office/en-US/5730faf1-c9a8-406d-bec8-1beb1cb6aa3a/exchange-2016-cu2-database-autoprovision-broken?forum=Exch2016Adm

  18. @Benoit - We are already aware of this issue. We are working on a fix.

    1. Benoit Boudeville says:

      Thank Brent.

      Is the DevTeam currently aware of a CPU congestion issue when using Windows Server 2016 ? I have three servers with the same symptoms: setup goes fine but at some point IIS worker processes start going grazy and consume all CPU. It's a lab/non-production environment where there is no user load. Restarting IIS (or the server) has no effect (problem starts again when the AppPools start). Strangely, all IIS worker processes seem to be impacted, so I would suspect an issue related to the .NET 4.6.2 framework or IIS itself. Using Win2016 RTM (Eval) and all available patches installed.

      Technet (https://technet.microsoft.com/en-us/library/aa996719(v=exchg.160).aspx) doesn't ask for any mandatory hotfix for .NET 4.6.2, neither request that some framework "hack" should be implemented.

      Any hint? Thanks.

      1. @Benoit - We have not seen this behavior. You would need to reach out to support services and have them assist you in determining what is happening.

        1. Benoit Boudeville says:

          Right, it's just a development lab. However I am able to reproduce the problem every time I install new servers. Symptoms are always the same. Server runs fine, then with no apparent reason, IIS AppPools start crashing with a System.NullReference exception. Managed Availabilty probes create a loop: AppPools are restarted, then crash again when probes activity occur. Stopping and disabling the MSExchangeHM and MSExchangeHMRecovery stopped the crashes. Strangely, RemotePS was affected too. While ti was working fine initially, I suddenly could no longer use the RPS web service, however proxying (using the TargetServer Uri param) through another (unaffected) server worked fine. This leads to think that only the CAFE is affected. With MSExchangeHM disabled, and after a couple restarts, RemotePS was back. No idea why this is happening, Servers are running in Hyper-V 2012 R2 and are largely under-sized (again it's a dev lab). However I have others servers of the same size (and same host/disks/etc) on Win 2012 R2 and they run normally.

          Strange...

          PS: I'm not asking for any kind of support here, only passing out some info... :)

          1. grant says:

            We are also seeing random high cpu usage and w3wp.exe crashing constantly with a reference to performance counters. I have rebuilt the env twice now and always see it on the first server. I have a DAG setup, server 2 contains a copy of server 1, server 1 does not contain a copy of server2. Initial install goes fine but if i fail the dag or reboot host 1 at any point it goes into a spiral 100% cpu mess with w3wp.exe crashing over and over. I ended up mounting the dag mb on host 2 and shutting host1 down for now.

          2. grant says:

            I also wanted to ask could this possibly be caused by the health mailboxes being in the database that is part of the dag? i was thinking maybe i should create a local MB database that does not participate in the DAG and have all of the health/audit/sys mailboxes stay on the host. I thought perhaps the server couldnt bring itself back up because it didnt have access to those mailbox dbs at a time of failure..I looked online and it seems having those mailboxes as part of a DAG is generally ok though.

    2. Peter Cacchioli says:

      hi Brent, any word on the fix for the ExSMIME.dll issue? Thanks

  19. sime3000 says:

    Hello Microsoft,

    What is the procedure to block the installation of .NET 4.6.2 on Windows Server 2012 or Windows Server 2012 R2 until the December Exchange rollups are available?

    1. @sime3000 - We are not publishing steps to block this. The .Net team has informed us that .Net 4.6.2 will not be offered as a mandatory package through Microsoft Update until after the end of the year at the earliest. The Exchange team has already been validating to ensure we have compatibility before this package is forced onto Exchange servers. Customers wishing to run on Windows Server 2016 already require .Net 4.6.2.

      Customers who are concerned about this transition always have the option to configure Windows Update to review updates before they are installed. We will still have a hard requirement for this for all Exchange 2013 and 2016 servers with our March '17 releases.

  20. Frank says:

    There is a german HowTo for installing Exchange 2016 CU3 on Windows Server 2016. There is also a PowerShell script for automatic Windows Defenter exclusions:

    https://www.frankysweb.de/howto-installation-exchange-2016-auf-windows-server-2016/

    regards, Frank

  21. ruschestor says:

    Hello,
    Does anyone know what means the attribute "OWAVersion" of the OWA Virtual Directory? Exchange 2016 CU3 is still has "Exchange2013".
    [PS] C:\Windows\system32>Get-ExchangeServer | fl AdminDisplayVersion
    AdminDisplayVersion : Version 15.1 (Build 544.27)
    [PS] C:\Windows\system32>Get-OwaVirtualDirectory | fl OWAVersion
    OwaVersion : Exchange2013

  22. Sean says:

    Did the "Other" Section in OWA under Options get removed with this update? If so where are those settings now located?

    1. Bill says:

      Same issue here. Can't find 'other' section in OWA settings. We needed that for access to group management interface. Or at least we thought we needed it. Am I missing something? How should users manage the groups they own now? Go directly to /ecp is the only thing that occurs to me.

    2. Matt Karel says:

      Same here. I just noticed after a users called that this was missing. does any one know if this is something that can easily be but back prior to CU4?

  23. sime3000 says:

    Hello Exchange Team,
    Its been thirteen weeks since I posted this question and I’m just wondering if I will need to wait two years for an answer as I did with a previous question. I guess you folks must be really busy!
    In case you missed it my question was … Why are some redirection functions apparently not working in the Exchange Management shell in both Exchange 2016 and Exchange 2013? e.g. if you run “Get-MailPublicFolder 3> output.txt” to redirect warning messages to a text file, any warning messages will be visible on the screen but the output file will be empty. I've seen others reporting this in various forums but no resolution.
    Looking forward to a timely response from Microsoft.
    Thanks

    1. sime3000 says:

      Hello Exchange Team,
      Its been fourteen weeks since I posted this question and I’m just wondering if I will need to wait two years for an answer as I did with a previous question. I guess you folks must be really busy!
      In case you missed it my question was … Why are some redirection functions apparently not working in the Exchange Management shell in both Exchange 2016 and Exchange 2013? e.g. if you run “Get-MailPublicFolder 3> output.txt” to redirect warning messages to a text file, any warning messages will be visible on the screen but the output file will be empty. I’ve seen others reporting this in various forums but no resolution.
      Looking forward to a timely response from Microsoft.
      Thanks!

      1. sime3000 says:

        Hello Exchange Team,
        Its been *fifteen* weeks since I posted this question and I’m just wondering if I will need to wait two years for an answer as I did with a previous question. I guess you folks must be really busy!
        In case you missed it my question was … Why are some redirection functions apparently not working in the Exchange Management shell in both Exchange 2016 and Exchange 2013 regardless of rollup level or other factors? e.g. if you run “Get-MailPublicFolder 3> output.txt” to redirect warning messages to a text file, any warning messages will be visible on the screen but the output file will be empty. I’ve seen others reporting this problem in various forums but no acknowledgement of the problem and no resolution from Microsoft.
        Looking forward to a timely response from Microsoft.
        Thanks a lot !

        1. sime3000 says:

          Hello Exchange Team,

          Its been *sixteen* weeks since I posted this question and I’m just wondering if I will need to wait two years for an answer as I did with a previous question. I guess you folks must be really busy!

          In case you missed it my question was … Why are some redirection functions apparently not working in the Exchange Management shell in both Exchange 2016 and Exchange 2013 regardless of rollup level or other factors? e.g. if you run “Get-MailPublicFolder 3> output.txt” to redirect warning messages to a text file, any warning messages will be visible on the screen but the output file will be empty. I’ve seen others reporting this problem in various forums but no acknowledgement of the problem and no resolution from Microsoft.

          Looking forward to a timely response from Microsoft.

          Thanks a lot !

          1. sime3000 says:

            Hello Exchange Team,

            Its been *seventeen* weeks since I posted this question and I’m just wondering if I will need to wait two years for an answer as I did with a previous question. I guess you folks must be really busy!

            In case you missed it my question was … Why are some redirection functions apparently not working in the Exchange Management shell in both Exchange 2016 and Exchange 2013 regardless of rollup level or other factors? e.g. if you run “Get-MailPublicFolder 3> output.txt” to redirect warning messages to a text file, any warning messages will be visible on the screen but the output file will be empty. I’ve seen others reporting this problem in various forums but no acknowledgement of the problem and no resolution from Microsoft.

            Looking forward to a timely response from Microsoft.

            Thanks a lot !

          2. sime3000 says:

            Hello Exchange Team,
            Its been *eighteen* weeks since I posted this question and I’m just wondering if I will need to wait two years for an answer as I did with a previous question. I guess you folks must be really busy!

            In case you missed it my question was … Why are some redirection functions apparently not working in the Exchange Management shell in both Exchange 2016 and Exchange 2013 regardless of rollup level or other factors? e.g. if you run “Get-MailPublicFolder 3> output.txt” to redirect warning messages to a text file, any warning messages will be visible on the screen but the output file will be empty. I’ve seen others reporting this problem in various forums but no acknowledgement of the problem and no resolution from Microsoft.

            Looking forward to a timely response from Microsoft.

            Thanks a lot !

          3. sime3000 says:

            Hello Exchange Team,

            Its been *nineteen* weeks since I posted this question and I’m just wondering if I will need to wait two years for an answer as I did with a previous question. I guess you folks must be really busy!

            In case you missed it my question was … Why are some redirection functions apparently not working in the Exchange Management shell in both Exchange 2016 and Exchange 2013 regardless of rollup level or other factors? e.g. if you run “Get-MailPublicFolder 3> output.txt” to redirect warning messages to a text file, any warning messages will be visible on the screen but the output file will be empty. I’ve seen others reporting this problem in various forums but no acknowledgement of the problem and no resolution from Microsoft.

            Looking forward to a timely response from Microsoft.

            Thanks a lot !

          4. sime3000 says:

            Hello Exchange Team,

            Its been *twenty* weeks since I posted this question and I’m just wondering if I will need to wait two years for an answer as I did with a previous question. I guess you folks must be really busy!

            In case you missed it my question was … Why are some redirection functions apparently not working in the Exchange Management shell in both Exchange 2016 and Exchange 2013 regardless of rollup level or other factors? e.g. if you run “Get-MailPublicFolder 3> output.txt” to redirect warning messages to a text file, any warning messages will be visible on the screen but the output file will be empty. I’ve seen others reporting this problem in various forums but no acknowledgement of the problem and no resolution from Microsoft.

            Looking forward to a timely response from Microsoft.

            Thanks a lot !

          5. sime3000 says:

            Hello Exchange Team,

            Its been *twenty-one* weeks since I posted this question and I’m just wondering if I will need to wait two years for an answer as I did with a previous question. I guess you folks must be really busy!

            In case you missed it my question was … Why are some redirection functions apparently not working in the Exchange Management shell in both Exchange 2016 and Exchange 2013 regardless of rollup level or other factors? e.g. if you run “Get-MailPublicFolder 3> output.txt” to redirect warning messages to a text file, any warning messages will be visible on the screen but the output file will be empty. I’ve seen others reporting this problem in various forums but no acknowledgement of the problem and no resolution from Microsoft.

            Looking forward to a timely response from Microsoft.

            Thanks a lot !

          6. sime3000 says:

            Hello Exchange Team,

            Its been *twenty-two* weeks since I posted this question and I’m just wondering if I will need to wait two years for an answer as I did with a previous question. I guess you folks must be really busy!

            In case you missed it my question was … Why are some redirection functions apparently not working in the Exchange Management shell in both Exchange 2016 and Exchange 2013 regardless of rollup level or other factors? e.g. if you run “Get-MailPublicFolder 3> output.txt” to redirect warning messages to a text file, any warning messages will be visible on the screen but the output file will be empty. I’ve seen others reporting this problem in various forums but no acknowledgement of the problem and no resolution from Microsoft.

            Looking forward to a timely response from Microsoft.

            Thanks a lot !

  24. Pascal says:

    Exchange 2016 Setup /PrepareSchema von CU 2 auf CU 3:
    Process C:\Windows\system32\ldifde.exe finished with exit code 8224.
    [ERROR] There was an error while running 'ldifde.exe' to import the schema file 'C:\Windows\Temp\ExchangeSetup\Setup\Data\PostExchange2003_schema78.ldf'.

    ldifde.log:
    26: CN=ms-Exch-Country-List,CN=Schema,CN=Configuration,DC=demo4,DC=biz
    Entry DN: CN=ms-Exch-Country-List,CN=Schema,CN=Configuration,DC=demo4,DC=biz
    Der Eintrag wurde einwandfrei geändert.

    27: (null)
    Entry DN: (null)
    Fehler für Eintrag mit Beginn in Zeile 310: Fehler beim Vorgang
    26 Einträge wurden erfolgreich geändert.

    26 entries were applied correctly. Entry 27 has an error in line 310:

    dn:
    changetype: ntdsSchemaModify
    replace: schemaUpdateNow
    schemaUpdateNow: 1
    -

    Any ideas?

  25. Benoit Boudeville says:

    Hi Team,
    I was exploring the ExchangeSetup.log file to find out why a particular server was taking a long time to be fully installed. I ended finding that the setup desperately tries to start and wait for the NaSvc service... 36 times with a timeout of 25 seconds. So in the end, 15 minutes wasted until moving forward.

    NaSvc is the Network Connectivity Assistant, and can't be started manually (despite having a startup type of Manual). So, is the wait worth it ?

    Here's an example:
    [10-16-2016 21:29:51.0289] [2] Will wait '25000' milliseconds for the service 'NcaSvc' to reach status 'Running'.
    [10-16-2016 21:30:16.0452] [2] Service 'NcaSvc' failed to reach status 'Running' on this server after waiting for '25000' milliseconds.
    [10-16-2016 21:30:16.0452] [2] [WARNING] Service checkpoint has not progressed. Previous checkpoint='0'- Current checkpoint='0'.

    (that, multiple times, e.g. a total of 36 times.

    [10-16-2016 21:44:58.0609] [2] Service 'NcaSvc' failed to reach status 'Running' on this server after waiting for '25000' milliseconds.
    [10-16-2016 21:44:58.0609] [2] [WARNING] Service 'NcaSvc' failed to reach status 'Running' on this server.
    [10-16-2016 21:44:58.0609] [2] Ending processing start-setupservice

    1. Benoit Boudeville says:

      Sorry, typo on the service's name it's NcaSvc, not NaSvc.
      And issue seems to happen with Exchange Server 2016 on Windows Server 2016. Didn't find the same traces with Exchange Server 2016 on Windows Server 2012 R2.

    2. Brandon Shanks says:

      Seeing the same thing here on CU4 w/ Server 2016. After 15 minutes of checking it moved on.

  26. Oleg Gritsun says:

    After upgrading Exchange 2016 to CU3 users complain that search in Public Folders doesn't work. Advanced Search works as usual and a little bit faster but it is not comfortable for often use.

    1. Oleg Gritsun says:

      Yesterday I had conversation with MS support and engineer said that this is known issue with Exchange 2016 CU3 and they are working to fix that problem ASAP because there are too much complains regarding search in public folders.

      1. Hi Oleg,
        we do see the same issue. Our Premier Support case number is: 116102914867996. Can you share your number so that the engineers can work together - thanks!

      2. Bob Haley says:

        Thank you for posting this. We are experiencing this problem as well. It took a few weeks before anyone noticed because the search will find items right up to the date the CU3 was installed. Please keep us informed, and perhaps a link to the fix once MS posts it.

        1. Maksim Sidorchuk says:

          The same problem in 2013 CU14

  27. sime3000 says:

    UCMA 4.0 is listed as a prerequisite for Exchange 2016 on Windows 2016 https://technet.microsoft.com/en-us/library/bb691354(v=exchg.160).aspx

    However UCMA 4.0 was released four years ago and is clearly not supported on Windows 2016 according to the UCMA 4.0 requirements on this page https://www.microsoft.com/en-us/download/details.aspx?id=34992

    So how is UCMA 4.0 a supported prerequisite for Exchange 2016 on Windows 2016 ?

    Looking forward to your timely response.

  28. sime3000 says:

    UCMA 4.0 is listed as a prerequisite for Exchange 2016 on Windows 2016 https://technet.microsoft.com/en-us/library/bb691354(v=exchg.160).aspx

    However UCMA 4.0 was released four years ago and is clearly not supported on Windows 2016 according to the UCMA 4.0 requirements on this page https://www.microsoft.com/en-us/download/details.aspx?id=34992
    So how is UCMA 4.0 a supported prerequisite for Exchange 2016 on Windows 2016 ?

    Looking forward to your timely response.

  29. sime3000 says:

    Hello Exchange Team,

    UCMA 4.0 is listed as a prerequisite for Exchange 2016 on Windows 2016 https://technet.microsoft.com/en-us/library/bb691354(v=exchg.160).aspx

    However UCMA 4.0 was released four years ago and is clearly not supported on Windows 2016 according to the UCMA 4.0 requirements on this page https://www.microsoft.com/en-us/download/details.aspx?id=34992

    So how is UCMA 4.0 a supported prerequisite for Exchange 2016 on Windows 2016 ?

    Looking forward to your timely response.

  30. larry heier says:

    Hi there Exchange team,

    I had an install issue where the arbitration mailboxes weren't properly created in an Exchange 2010 multi-domain environment and that stopped the Exchange 2016 CU3 install on the Hub Transport service on the first install (this blog shows the problem well: https://social.technet.microsoft.com/Forums/en-US/af60d888-c1b5-40f2-a5cf-af6038fad5ab/error-during-mailbox-role-transport-service?forum=Exch2016SD)

    I could only fix this issue by allowing the Exchange 2010 Schema domain prep to run again by temporarily updating the AD Schema from Exchange 2016 back to Exchange 2010 as that was the only way to properly create the missing/corrupt objects. So that's issue one that may happen to others.

    Then I tried to continue with Exchange install and it kept failing as the installer set all the Exchange services to Disabled at the beginning of the resumed install. I couldn't uninstall so I simply quickly set all services to automatic once install was restarted again and finally the install completed.

    So a couple interest Exchange 2016 clean install issues that may affect others: Fixing arbitration mailboxes on previous Exchange version and then installer issues since Exchange 2016 is partially installed.

    -Larry

  31. RobK says:

    Hello
    looking at the ExchangeSetup.log i found this
    [10/20/2016 21:36:43.0445] [1] Executing:
    $keyPathRoot = “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols”;
    $keyPath = $keyPathRoot + “\SSL 2.0\Server”;
    if (!(Test-Path $keyPath))
    {
    New-Item -path $keyPathRoot”\SSL 2.0″ -ItemType key -Name “Server” -Force;
    }
    Set-ItemProperty -path $keyPath -name “Enabled” -value 0x0 -Type DWORD -Force;

    $keyPath = $keyPathRoot + “\SSL 3.0\Server”;
    if (!(Test-Path $keyPath))
    {
    New-Item -path $keyPathRoot”\SSL 3.0″ -ItemType key -Name “Server” -Force;
    }
    Set-ItemProperty -path $keyPath -name “Enabled” -value 0x0 -Type DWORD -Force;

    $keyPath = $keyPathRoot + “\TLS 1.0\Server”;
    if (!(Test-Path $keyPath))
    {
    New-Item -path $keyPathRoot”\TLS 1.0″ -ItemType key -Name “Server” -Force;
    }
    Set-ItemProperty -path $keyPath -name “Enabled” -value 0x1 -Type DWORD -Force;

    $keyPath = $keyPathRoot + “\TLS 1.1\Server”;
    if (!(Test-Path $keyPath))
    {
    New-Item -path $keyPathRoot”\TLS 1.1″ -ItemType key -Name “Server” -Force;
    }
    Set-ItemProperty -path $keyPath -name “Enabled” -value 0x1 -Type DWORD -Force;
    Set-ItemProperty -path $keyPath -name “DisabledByDefault” -value 0x0 -Type DWORD -Force;

    $keyPath = $keyPathRoot + “\TLS 1.2\Server”;
    if (!(Test-Path $keyPath))
    {
    New-Item -path $keyPathRoot”\TLS 1.2″ -ItemType key -Name “Server” -Force;
    }
    Set-ItemProperty -path $keyPath -name “Enabled” -value 0x1 -Type DWORD -Force;
    Set-ItemProperty -path $keyPath -name “DisabledByDefault” -value 0x0 -Type DWORD -Force;

    $keypath = “HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002”;
    if (!(Test-Path $keyPath)) { New-Item $keyPath -Force }
    Set-ItemProperty -path $keyPath -name “Functions” -value “TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5” -Force;

    looks like Microsoft is helping customers secure their server without mentioning it anywhere.

  32. Mircea Sandu says:

    Hello all,

    I had two Exchange 2016 servers in my infrastructure and I started to upgrade them to Exchange 2016 CU3.
    One of the servers has been updated successfully, but the second one ran into a problem at 'Client Access Front End service' stage.
    You can see the CMD output below.

    F:\>Setup /m:upgrade /IAcceptExchangeServerLicenseTerms

    Welcome to Microsoft Exchange Server 2016 Cumulative Update 3 Unattended Setup

    Copying Files...
    File copy complete. Setup will now collect additional information needed for installation.

    Languages
    Management tools
    Mailbox role: Transport service
    Mailbox role: Client Access service
    Mailbox role: Unified Messaging service
    Mailbox role: Mailbox service
    Mailbox role: Front End Transport service
    Mailbox role: Client Access Front End service

    Performing Microsoft Exchange Server Prerequisite Check

    Configuring Prerequisites COMPLETED
    Prerequisite Analysis COMPLETED

    Configuring Microsoft Exchange Server

    Language Files COMPLETED
    Restoring Services COMPLETED
    Language Configuration COMPLETED
    Exchange Management Tools COMPLETED
    Mailbox role: Transport service COMPLETED
    Mailbox role: Client Access service COMPLETED
    Mailbox role: Unified Messaging service COMPLETED
    Mailbox role: Mailbox service COMPLETED
    Mailbox role: Front End Transport service COMPLETED
    Mailbox role: Client Access Front End service FAILED

    The following error was generated when "$error.Clear();
    .
    "$RoleInstallPath\Scripts\Update-AppPoolManagedFrameworkVersion.ps1" -AppPoolName:"MSExchangeServicesAppPool"
    -Version:"v4.0";
    get-WebServicesVirtualDirectory -server $RoleFqdnOrName | set-WebServicesVirtualDirectory
    -windowsAuthentication:$true -WSSecurityAuthentication:$true -OAuthAuthentication:$true
    " was run:
    "System.Runtime.InteropServices.COMException (0x800700B7): Filename: \\?\C:\Program Files\Microsoft\Exchange
    Server\V15\FrontEnd\HttpProxy\EWS\web.config
    Line number: 8
    Error: Cannot add duplicate collection entry of type
    'add' with unique key attribute 'key' set to 'HttpProxy.ProtocolType'

    at
    Microsoft.Web.Administration.Interop.IAppHostAdminManager.GetAdminSection(String bstrSectionName, String bstrPath)
    at
    Microsoft.Web.Administration.Configuration.GetSectionInternal(ConfigurationSection section, String sectionPath, String
    locationPath)
    at
    Microsoft.Exchange.Management.SystemConfigurationTasks.ExchangeServiceVDirHelper.EwsAutodiscMWA.EnableOrDisableCafeEndpo
    int(Configuration
    configuration, String endpointName, Boolean enableEndpoint)
    at
    Microsoft.Exchange.Management.SystemConfigurationTasks.ExchangeServiceVDirHelper.EwsAutodiscMWA.OnSetManageWCFEndpoints(
    Task
    task, EndpointProtocol protocol, Boolean enableWSSecurity, ExchangeVirtualDirectory adVirtualDirectory)
    at
    Microsoft.Exchange.Management.SystemConfigurationTasks.SetWebServicesVirtualDirectory.InternalProcessRecord()
    at
    Microsoft.Exchange.Configuration.Tasks.Task.b__b()
    at
    Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean
    terminatePipelineIfFailed)
    at Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage,
    Action initFunc, Action mainFunc, Action completeFunc)
    at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()

    at System.Management.Automation.CommandProcessor.ProcessRecord()".

    The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the
    :\ExchangeSetupLogs folder.

    F:\>

    At this stage I cannot do anything with the server, and /owa is not working anymore. It seems that I have a corrupt installation.
    Do you have any ideas how can I solve the error and ran the installation task again?

    Regards,
    Mircea

  33. Ed says:

    We installed Exchange 2016 on Windows 2016 and are happy to report that it's working fine.

    The only kink is that we migrated over a user with an Office 365 in-place archive mailbox which doesn't work in OWA with the new server/database. We attempted to rerun the Hybrid wizard but it doesn't seem to be supported in Windows 2016?

Comments are closed.

Skip to main content