Released: December 2016 Quarterly Exchange Updates


Today we are announcing the latest set of Cumulative Updates for Exchange Server 2016 and Exchange Server 2013. These releases include fixes to customer reported issues and updated functionality. Exchange Server 2016 Cumulative Update 4 and Exchange Server 2013 Cumulative Update 15 are available on the Microsoft Download Center. Update Rollup 22 for Exchange Server 2007 Service Pack 3 and Update Rollup 16 for Exchange Server 2010 Service Pack 3 are also available.

A new Outlook on the web compose experience

Exchange Server 2016 Cumulative Update 4 includes a refresh to the compose experience. The body of the message is now “framed” and formatting controls have been moved to the bottom of the view. This mirrors the current experience in Office 365.

image

Support for .Net 4.6.2

Exchange Server 2013 and Exchange Server 2016 now fully support .Net 4.6.2 on all supported operating systems. Customers who have already updated their Exchange servers to .Net 4.6.1 can proceed with the upgrade to 4.6.2 before or after installing the cumulative updates released today. Customers who are still running .Net 4.5.2 are advised to deploy Cumulative Update 4 or Cumulative Update 15 prior to upgrading to .Net 4.6.2.

The upgrade to .Net 4.6.2, while strongly encouraged, is optional with these releases. As previously disclosed, the cumulative updates released in our March 2017 quarterly updates will require .Net 4.6.2.

Change to Pre-Requisites installed by Setup

Since Exchange Server 2013, the Windows feature Media Foundation has appeared as a pre-requisite in our setup checks on Windows Server 2012 and later. However, if you chose to allow Exchange setup to install the required OS Components, Desktop Experience has been installed on all supported operating systems. Desktop Experience is required on Windows Server 2008R2. The Desktop Experience feature includes additional components which are not necessary for Exchange Server and require frequent patching. Windows Server 2012 and later modified feature definitions to include Media Foundation. Exchange Setup in Exchange Server 2016 Cumulative Update 4 and Exchange Server 2013 Cumulative Update 15 has been updated to install Media Foundation instead of Desktop Experience on Windows Server 2012 and later. This change will only apply to newly installed servers. Applying either cumulative update will not change the existing configuration of the server. If desired, an administrator can add Media Foundation and remove Desktop Experience from the list of installed Windows features on Windows Server 2012 and later.

Update on Windows Server 2016 support

The Windows team has released KB3206632. This update addresses the issue where IIS would crash after a DAG is formed and the server is subsequently restarted. This update is now required on all servers running Exchange Server 2016 on Windows Server 2016. Setup will not proceed unless the KB is installed.

Latest time zone updates

All of the packages released today include support for time zone updates published by Microsoft through October 2016.

Important Public Folder fix included in these releases

Exchange Server 2013 Cumulative Update 14 and Exchange Server Cumulative Update 3 introduced an issue where new posts to a public folder may not have been indexed if there was an active public folder migration (KB3202691). This issue is now resolved. To ensure all public folders are indexed appropriately, all public folder mailboxes should be moved to a new database after applying the appropriate cumulative update released today.

Release Details

KB articles which contain greater depth on what each release includes are available as follows:

Exchange Server 2016 Cumulative Update 4 does not include new updates to Active Directory Schema. If upgrading from an older Cumulative Update or installing a new server, Active Directory updates may still be required. These updates will apply automatically during setup if user permissions and AD requirements are met. If the Exchange Administrator lacks permissions to update Active Directory Schema, a Schema Admin needs to execute SETUP /PrepareSchema prior to the first Exchange server installation or upgrade. The Exchange Administrator should also execute SETUP /PrepareAD to ensure RBAC roles are updated correctly.

Exchange Server 2013 Cumulative Update 15 does not include updates to Active Directory, but may add additional RBAC definitions to your existing configuration. PrepareAD should be executed prior to upgrading any servers to Cumulative Update 15. PrepareAD will run automatically during the first server upgrade if Setup detects this is required and the logged on user has sufficient permission.

Additional Information

Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate TechNet documentation.

Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings.

Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., 2013 CU15, 2016 CU4) or the prior (e.g., 2013 CU14, 2016 CU3) Cumulative Update release.

For the latest information on Exchange Server and product announcements please see What’s New in Exchange Server 2016 and Exchange Server 2016 Release Notes. You can also find updated information on Exchange Server 2013 in What’s New in Exchange Server 2013, Release Notes and product documentation available on TechNet.

Note: Documentation may not be fully available at the time this post was published.

The Exchange Team

Comments (35)

  1. Ralf says:

    Awensome work!

  2. sime3000 says:

    Hello Exchange Team (4th request),

    Speaking of Windows Server 2016 and Exchange Server 2016…
    The current version of Jetstress clearly does not list Windows 2016 as a supported operating system. https://www.microsoft.com/en-us/download/details.aspx?id=36849
    For those of us that are currently deploying this combination, when exactly should we expect the version of Jetstress that will officially support Windows 2016 ?

    Thanks!

    1. @sime3000 – Jetstress 2013 is supported on Windows Server 2016. The Download Center details may be updated to reflect this in the future. It generally is not our practice to change these entries as it gives people the impression the product has changed when it hasn’t.

      1. sime3000 says:

        Thanks for taking the time to respond.

        “It generally is not our practice to change these entries as it gives people the impression the product has changed when it hasn’t”

        The last version of Jetstress was posted for download about four months prior to the general release of Windows 2016 RTM so it’s reasonable for people in the field such as myself to assume that it has not been tested with Windows 2016 and that’s a legitimate concern for those of us who are working to deploy your product on Windows 2016 for our mutual customers. New Operating System, new storage drivers, etc…

        When your group can’t be bothered to make minor doc updates and continues to generate botched quarterly updates, e.g. CU3 and the failed Windows 2016 support in September, then it becomes evident to everyone (except perhaps your dedicated fanboys) that your group doesn’t care that much about the success of the product and cares even less about those in the field that are working hard to deploy it.

        Twenty years after the release of Exchange 4.0, your documentation continues to exhibit holes and rather than address the holes you prefer to waste everyone’s time by forcing them to post basic questions here for clarification. For some reason those questions are generally ignored and the few responses that are provided are mostly excuses.

  3. sime3000 says:

    Hello Exchange Team,

    Its been *twenty-three* weeks since I posted this question and I’m just wondering if I will need to wait two years for an answer as I did with a previous question. I guess you folks must be really busy!

    In case you missed it my question was … Why are some redirection functions apparently not working in the Exchange Management shell in both Exchange 2016 and Exchange 2013 regardless of rollup level or other factors? e.g. if you run “Get-MailPublicFolder 3> output.txt” to redirect warning messages to a text file, any warning messages will be visible on the screen but the output file will be empty. I’ve seen others reporting this problem in various forums but no acknowledgement of the problem and no resolution from Microsoft.

    Looking forward to a timely response from Microsoft.

    Thanks a lot !

    1. @Sime3000 – If you want all console output to be written to a file, you need to use the Start-Transcript and Stop-Transcript commands. Exchange cmdlets do not redirect output written to the console.

      1. sime3000 says:

        Well, six months to get a response to question is a big improvement to my last question which took two years for a response. Things are really looking up.
        I wasn’t looking for all console output to be written to a file, as I’ve repeatedly asked for the last six months, just warning messages as you would do in a normal PowerShell session ( https://msdn.microsoft.com/powershell/reference/5.1/Microsoft.PowerShell.Core/about/about_Redirection) .
        This also begs the question – what else does the Exchange shell not do that you would normally be able to do in a Windows PowerShell session? Can you please point me to some doc that outlines these limitations in the Exchange shell ? Thanks.

  4. John Hoye says:

    Any schema updates with this CU?

    1. John Hoye says:

      I need to learn how to read. Found what I was looking for… underlined.. shame on me. shame.

  5. Mindaugas says:

    There were the issues with password changes in OWA when servers are in child (resource) domain. Was that fixed?

  6. @ExchangeITPRo says:

    in the reminder
    Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., 2013 CU15, 2016 CU4) or the prior (e.g., 2013 CU14, 2016 CU3) Cumulative Update release.

    What about Exchange 2010 SP3 RU 16, I think you missed. As there are orgs who still run hybrid config on Exchange 2010

    1. @ExchangeITPRo – We do not list a requirement for Exchange Server 2010 rollups due to differences in the underlying product code and servicing. The requirement for Exchange Server 2010 Hybrid is Service Pack 3, not a particular rollup, unless we announce differently. Exchange Server 2016 is sourced from the same code running in Office 365 and therefore inherits the same requirements to be available in on-prem servers. These changes are also included in Exchange Server 2013 updates when appropriate due to changes within Office 365.

      That being said, Exchange Server 2010 rollups continue to provide important security fixes and critical updates to time zone definitions. Customers are always encouraged to deploy the most recent update for Exchange Server 2010 and Exchange Server 2007 whether they are hybrid or not.

  7. Matt Peabody says:

    Can we get a compressed version of the 2016 ISO? The other installs are relatively small, but the 2016 CU ISOs weigh in around 5.5 GB. Just simply zipping it on disk puts it down to a more manageable 2.2 GB.

  8. GW says:

    Will 2016cu4 require any schema changes over 2016cu3 ?

  9. Per says:

    There are no lists of changes for the 2007 and 2010 update rollups in the respective KB articles.
    Where can I find information about what’s included in those updates?

  10. Exchange 2016 system requirements: .NET Framework 4.6.2 is supported by Exchange 2016 only on servers running Windows Server 2016.
    https://technet.microsoft.com/en-us/library/aa996719(v=exchg.160).aspx

    Is this correct? I think .NET Framework 4.6.2 is also supported by Exchange 2016 on servers running Windows Server 2012 R2.

    1. Documentation updates are still in progress.

  11. W.MillerPGH says:

    Assuming the Bitlocker fixes are not included as it is not mentioned for MSX 2016? About to do production roll out and was hoping for this update to be included in CU 4 for the auto-reseed functionality. Any comments?

  12. sime3000 says:

    Hello Exchange Team (5th request),

    Speaking of Windows Server 2016 and Exchange Server 2016…

    The current version of Jetstress clearly does not list Windows 2016 as a supported operating system. https://www.microsoft.com/en-us/download/details.aspx?id=36849
    For those of us that are currently deploying this combination, when exactly should we expect the version of Jetstress that will officially support *Windows* 2016 ?

    Thanks!

    1. Hi,
      the current version is the same for 2013 and 2016 – just the documentation is not updated. Reference: https://blogs.technet.microsoft.com/mspfe/2016/03/15/exchange-20132016-jbod-storage-validation-considerations/ (in the Prequisite section)

      -Peter

      1. sime3000 says:

        Peter,
        My question was clearly about Windows 2016 support, not Exchange 2016 support. Exchange is an email platform while Windows is an operating system. Some references for you as well: https://en.wikipedia.org/wiki/Email and https://en.wikipedia.org/wiki/Operating_system.
        Are you with the Exchange Team? If not there is no point in responding as the question was addressed to them specifically.
        Thanks.

        1. SickOfsime3000 says:

          Sime3000 – first you are missing the point of a community where people try to help each other whether they are a member of one team or another. This person clearly just misunderstood what you were asking about, and you respond with a super snarky response. That alone warrants people to ignore your future requests for help, but then you chastising them down for not being a member of the Exchange team is just ridiculous…

          Next you badger, and I mean relentlessly, the Exchange team about your questions like somehow you are entitled to special treatment or they are somehow directly ignoring/disrespecting you. Get over yourself… seriously…

          If you want your questions answered in a timely fashion, then go open a support ticket to get them answered. Blogs and forums are not an official support mechanisms, and you are lucky if you get someone who is kind enough to try and help you in one of them (whether they are a member of the Exchange team or not).

          In the mean time if you aren’t going to open a support ticket, because apparently you are too important or deserve special attention, then do us all a favor and post a question once and then let it go. Relentlessly badgering people only makes them want to ignore you.

  13. robk says:

    Hello Exchange Team

    i did deploy exchange 2016 CU3 on Windows 2016. So far everything is working well. When using Exchange powershell commands like get-mailbox, is the switch -verbose suppose to do anything or has this switch been deprecated? When you TAB through verbose switch will show up as available. It worked like a charm in previous versions of Exchange. it really is a helpful thing to be able to see more output on the screen when running certain commands to see what Exchange is doing at the time. It does look like ever since Windows 2012 or newer the -verbose switch no longer works. It does work with Windows 2008R2 OS. Will this be ever fixed?

    thanks

  14. Matt says:

    Does the automatic distribution of new mailboxes over all available DBs work again?

  15. sime3000 says:

    “Since Exchange Server 2013, the Windows feature Media Foundation has appeared as a pre-requisite in our setup checks on Windows Server 2012 and later”

    If the “Media Foundation” feature is the same thing as Server-Media-Foundation and that pre-req has been in place since Exchange 2013 , why doesn’t this appear under the list of features to install via Install-WindowsFeature on the Exchange 2013 and Exchange 2016 pre-reqs page? ( https://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx , https://technet.microsoft.com/en-us/library/bb691354(v=exchg.160).aspx )

    1. @sime3000 – Exchange Server 2013 still includes Windows Server 2008R2 as a supported operating system where the feature does not exist. Windows Server 2012 was still relatively new when Exchange Server 2013 was released with low adoption. To simplify the support story for admins at the time of release, we chose to publish a single list of pre-reqs. Exchange Server 2016 only supports Windows Server 2012 and later where the feature does exist. We are choosing to update the pre-reqs for Exchange Server 2016 now to better align with the supported operating systems and security requirements. We believe customers will have a better experience using Windows Server 2012 and later with Exchange Server 2013 as well. We adjusted Exchange Server 2013 installation so that customers on Windows Server 2012 and later could also benefit from having to install fewer security patches. Documentation updates are being worked on. It is not unusual for us to announce changes like this on the blog ahead of documentation updates so that customers can start benefiting sooner.

      1. sime3000 says:

        Thanks for taking the time to respond.

        I’m not sure if you understood my question – I sure didn’t understand the response. I wasn’t asking about anything to do with Windows 2008 R2.

        My question is specific to Windows 2012 and later.

        This blog post states that “Since Exchange Server 2013, the Windows feature Media Foundation has appeared as a pre-requisite in our setup checks on Windows Server 2012 and later”

        If you look at the Exchange prereqs for Windows 2012 on this page https://technet.microsoft.com/en-us/library/bb691354(v=exchg.150)#Anchor_2 , the Install-WindowsFeature command doesn’t include “Server-Media-Foundation” and never has afaik. Why not? Doesn’t make sense to me if this is a pre-requisite.

        Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

  16. Yuhong Bao says:

    I wonder if there are any plans to support WMF 5.1 when it releases, given that it is based on the same code as in Server 2016.

    1. @Yuhong Bao – As we have stated in other posts, we are not going to support or validate WMF releases for down-level OS’es. With Exchange Server 2013 and later, we are only supporting the native capabilities of PowerShell installed with the operating system.

  17. Benoit Boudeville says:

    Apparently Uninstall bug is still not fixed in this release.

    Error:
    The following error was generated when “$error.Clear();
    $dllFile = join-path $RoleInstallPath “bin\ExSMIME.dll”;
    $regsvr = join-path (join-path $env:SystemRoot system32) regsvr32.exe;
    start-SetupProcess -Name:”$regsvr” -Args:”/s /u `”$dllFile`”” -Timeout:120000;
    ” was run: “Microsoft.Exchange.Configuration.Tasks.TaskException: Process execution failed with exit code 5.
    at Microsoft.Exchange.Management.Tasks.RunProcessBase.InternalProcessRecord()
    at Microsoft.Exchange.Configuration.Tasks.Task.b__c()
    at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)”.

    1. @Benoit Boudeville – We are working with the Windows team on an update to Windows which will resolve this issue.

  18. sime3000 says:

    Thanks for taking the time to respond.

    “It generally is not our practice to change these entries as it gives people the impression the product has changed when it hasn’t”

    The last version of Jetstress was posted for download about four months prior to the general release of Windows 2016 RTM so it’s reasonable for people in the field such as myself to assume that it has not been tested with Windows 2016 and that’s a legitimate concern for those of us who are working to deploy your product on Windows 2016 for our mutual customers. New Operating System, new storage drivers, etc…

    When your group can’t be bothered to make minor doc updates and continues to generate botched quarterly updates, e.g. CU3 and the failed Windows 2016 support in September, then it becomes evident to everyone (except perhaps your dedicated fanboys) that your group doesn’t care that much about the success of the product and cares even less about those in the field that are working hard to deploy it.

    Twenty years after the release of Exchange 4.0, your documentation continues to exhibit holes and rather than address the holes you prefer to waste everyone’s time by forcing them to post basic questions here for clarification. For some reason those questions are generally ignored and the few responses that are provided are mostly excuses.

  19. Fabrice Prudon says:

    Hello Exchange Team,

    We installed this cumulative update in our “soon to be in production” mixed environment (Exchange 2010 => Exchange 2016) and we get an interesting thing : the self-signed certificate of the IIS Exchange back end site was removed (unassigned) after the setup and thus the machine was not functioning properly. This happened only in one of our four Exchange 2016 servers.

    I cannot be 100% certain this is coming from the CU4 but I thought it was worth mentioning it. !

    Thanks !

    1. Hi Fabrice,
      this is something I do see very often in our customer environments. This happend to me trough Exchange 2013 and Exchange 2016…

      1. Ben says:

        Make sure SYSTEM, NETWORK SERVICE and Administrators have read access to the Private key on your certificate. I have had this issue when one of the above didn’t have access to the private key.

  20. Pat says:

    Hi, we are fighting with exchange 2013 since 2 years, and with this enviroment :
    64 databases (around 200 Gb each) , 55 users per database, 3 servers in 1 DAG

    VIRTUAL SERVER (in VMWARE ESX)
    server 1 (32 db active copy, 32 db passive copy) + CAS ROLE : 18 Cores (AMD OPTERON 8174) 2.2 GHz – 48 GB RAM
    server 2 (32 db active copy, 32 db passive copy) + CAS ROLE : 18 Cores (Intel XEON e5-2620v3 ) 2.2 GHz – 48 GB RAM
    server 3 (64 db passive copy – lagged 10 days) + CAS ROLE : 8 Cores (AMD OPTERON 8174) 2.2 GHz – 32 GB RAM

    in order to have a stable and quite acceptable performance, we have stopped the health service and search service, otherwise the cpu and ram seems to soffer (outlook clients disconnect, databases unmount and keep switching between servers).
    Applying the formulas posted here :
    https://technet.microsoft.com/en-us/library/ee712771(v=exchg.141).aspx
    http://www.msexchange.org/articles-tutorials/exchange-server-2013/planning-architecture/exchange-2013-sizing-cheat-sheet-part1.html
    http://www.msexchange.org/articles-tutorials/exchange-server-2013/planning-architecture/exchange-2013-sizing-cheat-sheet-part2.html

    seems that the correct sizing should be a total (all servers) of 218 Cores and 256 Gb RAM
    is that right ?
    thank you

  21. Mehd says:

    Hello, thank you for this article.
    Is it manadatory to put the exchange server 2013 in maintenance mode prior to upgrade from cu5 to cu15?
    Do I have to run a adprepare before the upgrade ?

  22. Stuart Bennett says:

    Since applying Exchange 2016 CU4 , CN=, CN=Microsoft Exchange, CN=Services, CN=Configuration, DC= is showing a object value of 16213 instead of whats stated online, a value of 16212. Anyone else seeing this ? All other Schema object versions match as expected.

  23. JF_HL says:

    Good morning!

    After installing CU4 we’ve got the following problems.
    POP3 (verified for Outlook 2013, Thunderbird and Apple Mail): When POP3 is configured to leave the downloaded messages on the server, it will re-download all messages at least once a week. We have noticed, that the X-UIDL is different in each copy.

    IMAP: IMAP resyncs every week. It looks like every single E-Mail is downloaded once every week.

    MAPI: Users with big (or many) mailboxes noticed, that the synchronization times have grown. It seems that Outlook resyncs everything completely.

    We are currently running Exchange 2016 CU4 on Windows Server 2012R2 (3 Servers, DAG) with Sophos Pure Message.

    We have (of cause) done some testing in our lab before the productive rollout but since the problem occurs once a week it hasn’t been noticed.

    Any hints?

Skip to main content