Released: June 2017 Quarterly Exchange Updates


The latest set of Cumulative Updates for Exchange Server 2016 and Exchange Server 2013 are now available on the download center. These releases include fixes to customer reported issues, all previously reported security/quality issues and updated functionality.

Updated functionality in Cumulative Update 6

With Cumulative Update 6 we are adding two highly anticipated features; Sent Items Behavior Control and Original Folder Item Recovery. These features are targeted to Exchange Server 2016 only and will not be included in Exchange Server 2013. Exchange Server 2013 already has its own implementation of Sent Items Behavior Control which is different than the version we are releasing today. The Cumulative Update 6 behavior is more closely aligned with how this worked in Exchange Server 2010. Due to architectural differences, the configuration of this feature is not retained if mailboxes are moved between Exchange Server 2010 and Exchange Server 2016 or between Exchange Server 2013 and Exchange Server 2016.

Latest time zone updates

All of the packages released today include support for time zone updates published by Microsoft through May 2017.

TLS 1.2 Exchange Support Update

We previously announced that Cumulative Update 6 would include support for TLS 1.2. The updates released today do have improved support for TLS 1.2 but we are not encouraging customers to move to a TLS 1.2 only environment at this time. We are working with the Windows and .Net teams to make configuring TLS 1.2 a more streamlined experience. Customers should continue to watch this space and be prepared to deprecate TLS 1.0 and 1.1 in the near future.

.Net Framework 4.7 compatibility with these releases

The Exchange team is still completing validation of the June releases with .Net Framework 4.7. We have not found any compatibility issues at this time, but are asking customers to delay using .Net Framework 4.7 until we have completed our validation. Once this validation is complete we will provide further guidance on .Net Framework 4.7 and Exchange Server.

Release Details

KB articles that describe the fixes in each release are available as follows:

Exchange Server 2016 Cumulative Update 6 does include new updates to Active Directory Schema. If upgrading from an older Exchange version or installing a new server, Active Directory updates may still be required. These updates will apply automatically during setup if the logged on user has the required permissions. If the Exchange Administrator lacks permissions to update Active Directory Schema, a Schema Admin must execute SETUP /PrepareSchema prior to the first Exchange Server installation or upgrade. The Exchange Administrator should execute SETUP /PrepareAD to ensure RBAC roles are current.

Exchange Server 2013 Cumulative Update 17 does not include updates to Active Directory, but may add additional RBAC definitions to your existing configuration. PrepareAD should be executed prior to upgrading any servers to Cumulative Update 17. PrepareAD will run automatically during the first server upgrade if Exchange Setup detects this is required and the logged on user has sufficient permission.

Additional Information

Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate TechNet documentation.

Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings.

Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., 2013 CU17, 2016 CU6) or the prior (e.g., 2013 CU16, 2016 CU5) Cumulative Update release.

For the latest information on Exchange Server and product announcements please see What's New in Exchange Server 2016 and Exchange Server 2016 Release Notes. You can also find updated information on Exchange Server 2013 in What’s New in Exchange Server 2013, Release Notes and product documentation available on TechNet.

Note: Documentation may not be fully available at the time this post is published.

Post release update concerning Cumulative Update 5

Several customers have reported problems with 3rd party solutions which provide brick level backup or single mailbox recovery as a reported feature after installing Cumulative Update 5. Cumulative Update 5 included an update to our database schema which caused some of these products to not function as they had previously. That change carries forward into Cumulative Update 6 as well. The practice of updating the database schema has long been in place with Exchange Server. Microsoft has urged developers to not consider the schema to be immutable nor to program against it. The schema is not publicly defined and is a structure internal to the operation of Exchange Server. Access to store level objects is provided through publicly documented interfaces and structures only.

The Exchange Team

Comments (60)

  1. Keith says:

    No updates for Exchange 2010 this quarter?

  2. Christian Schindler says:

    Great! Since it is not mentioned in the KB Article: Does CU6 contain a fix for the bug that was introduced in CU5 where Mailboxes that contain special characters in the display name, couldn't be moved? Thx Christian

    1. Nicklas Lövebrant says:

      Christian Schindler:
      According to this link: https://support.microsoft.com/en-ie/help/4019534/error-when-a-mailbox-name-includes-an-umlaut-in-exchange-server-2016
      The resolution is to apply CU6 so I am hoping it does.

    2. Ralf Leistner says:

      @Christian: yes it is, check this KB: https://support.microsoft.com/kb/4019534/

    3. We are not tracking any known defects in this area.

      1. >> We are not tracking any known defects in this area.

        Are you kidding me? This is one of the biggest bug for German users in the last few years! The KB article promised the bug will be fixed in CU6.

        https://support.microsoft.com/en-us/help/4019534/error-when-a-mailbox-name-includes-an-umlaut-in-exchange-server-2016

        https://social.technet.microsoft.com/Forums/en-US/ce3e0795-b773-4376-8dab-7facb18dbdd1/exchange-2016-cu5-bug-special-characters?forum=Exch2016GD

        1. Razvan says:

          It's fixed in CU6.

        2. We are not tracking any issues because it was fixed. It appears that this issue however was not included in the CU6 fixed KB list. We will get the list updated to indicate it is resolved.

          1. Thanks Brent. I can confirm that the bug is fixed.

      2. Glenn Mæle says:

        Had the same exact problem with norwegian letter "Æ" during my last migration using Exchange 2016 CU5 (Worked fine with CU4). To complete the migration i hadto turn of automaticlly update from email address policy on all users with "æ" in their name

        The policy used was %ræa%røo%råa%r -%g.%s to convert the norwegian characters to specific letters.

    4. CHDV-LWAG says:

      Had the same trouble in different Mig-Project moving some Mailboxes! I fixed it by deleting the SMTP-Address of the Users and then generating a new (same) SMTP-Address. Then I was able to move them successfully...

  3. Congrats team on this milestone!

  4. Christoph says:

    We had a problem after the update to CU17. It is a pretty basic setup, 1 Server no customizations or plugins.
    OWA and ECP were only showing ERR_TO_MANY_REDIRECTS.
    The serverlog:
    Event code: 3005
    Event time: 27.06.2017 23:05:08
    Event time (UTC): 27.06.2017 21:05:08
    Event ID: c2ac0d66fcfb499c8fa7bfcc04ee1df4
    Event sequence: 613
    Event occurrence: 300
    Event detail code: 0

    Application information:
    Application domain: /LM/W3SVC/1/ROOT/owa-1-131430704263681794
    Trust level: Full
    Application Virtual Path: /owa
    Application Path: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\
    Machine name: SRVMX02

    Process information:
    Process ID: 8928
    Process name: w3wp.exe
    Account name: NT-AUTORITÄT\SYSTEM

    Exception information:
    Exception type: DirectoryNotFoundException
    Exception message: Ein Teil des Pfades "c:\program files\microsoft\exchange server\v15\frontend\httpproxy\owa\auth\15.0.1293\themes\resources\logon.css" konnte nicht gefunden werden.
    bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
    bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
    bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
    bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize, Boolean checkHost)
    bei System.IO.File.InternalReadAllText(String path, Encoding encoding, Boolean checkHost)
    bei Microsoft.Exchange.Clients.Owa.Core.OwaPage.b__5(String fullFilePath)
    bei Microsoft.Exchange.Clients.Owa.Core.OwaPage.InlineResource(String fileName, String partialFileLocation, ResoruceCreator createResource, Dictionary`2 resourceDictionary)
    bei Microsoft.Exchange.Clients.Owa.Core.OwaPage.InlineCss(String fileName)
    bei Microsoft.Exchange.Clients.Owa.Core.OwaPage.InlineCss(ThemeFileId themeFileId)
    bei ASP.auth_logon_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)
    bei System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
    bei System.Web.UI.Page.Render(HtmlTextWriter writer)
    bei System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
    bei System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

    Problem was that the metioned path was updated to ...15.0.1320... but owa logon still tried to access the old one.

  5. Jonathan Galiacy says:

    Hi,

    Thanks for the updates.

    I have a question, concerning this KB : https://support.microsoft.com/en-us/help/3032024/outlook-web-app-and-ecp-redirect-to-the-fba-page-in-exchange-server-2013

    What is the current status of support for CNG keys on SSL certificates ?

    Is this a IIS problem, an Exchange problem, or a combination of both ?

    CNG SSL certs seem to work perfectly fine with Exchange 2016 running on server 2016 (Haven't tried 2016 on 2012 R2 yet).

    Thank you.

    1. KSP support is not available in Exchange Server 2013.

      1. Jonathan Galiacy says:

        Thank you.

      2. Jonathan Galiacy says:

        Also, does this mean it is officially supported with Exchange 2016 (and going forward) ? Or is this just "luck" that it's working with 2016 ?

        1. It is not working merely by luck. We have made and continue to make improvements in Exchange Server 2016. While not an explicit on-prem feature that was added, this is due to work we've done in O365.

          1. Jonathan Galiacy says:

            So it wasn't explicitly added for 2016 but trickled down from O365.

            Does this mean we can expect the support of PSK/CNG to stay on future releases as well ?

          2. No plans to remove it.

  6. nick says:

    is there a rollup for exchange 2010 released this month?

  7. Martin Aigner says:

    What about Exchange 2010? I would minimum expect the Timezone update to be included for 2010 as well

    Thanks for a short statement here

  8. Good to see the new features included in this release.

  9. David Reade says:

    "PrepareAD should be executed prior to upgrading any servers to Cumulative Update 16"

    Is this a typo?

    1. Yes this is a type-o. It should read:
      “PrepareAD should be executed prior to upgrading any servers to Cumulative Update 17”

      Customers should generally plan on re-running /PrepareAD for every CU even when there aren't any Schema updates, such as with CU17.

  10. Mike says:

    Does this fix the bug where iOS devices randomly forward recurring meetings of which they are an attendee? I have read mixed things where initially Microsoft was saying this was an Apple issue but someone else noted they opened a case with PSS and they indicated it should be fixed in Exchange 2016 CU6

  11. anthony says:

    Is there an exchange 2010 cumulative update planned?

  12. Sean Breddy says:

    Is UR 18 coming for Exchange 2010 SP3??

  13. Evan Vincent says:

    What schema updates are made in CU6?

    The following URL still says “no schema updates since CU4…”

    https://technet.microsoft.com/en-us/library/bb738144(v=exchg.160).aspx

  14. Meska says:

    When I have last deployed CU5, it reverted the changes performed for Password Reset (see for more details https://social.technet.microsoft.com/Forums/lync/en-US/8598f6f0-ebb3-419f-81ae-aa013a0dbb87/no-option-to-reset-password-in-ecp-2013?forum=exchangesvrgeneral )

    Am I still expected to perform the same after CU6 upgrade?
    Could you please provide insight into why this might be happening? It's not a custom OWA changes or anything among those lines where altered files are replaced, I believe such configuration is saved in AD.
    Thank you.

  15. Stephan Mey says:

    Please publish the schema updates in CU6 !
    Thanks

  16. JaviAl says:

    And what about the Exchange Server Edge support on Windows Server 2016? Is this fixed in this Cumulastive Update 6?

    1. The fix for this issue is actually coming from Windows but will require additional guidance from the Exchange Team when it does. Once the fix is available, we will have more to say about Edge on Windows Server 2016.

  17. RobK says:

    Hello

    I don;t see any news regarding Exchange 2010 Roll-Ups. Does that mean Exchange 2010 is dead?

    thank you

    1. WillC says:

      I was also wondering this. I have several customers running Exchange 2010 and cannot find any information anywhere ...

      There has been no statement from Microsoft that says an Exchange 2010 Rollup is on the way, or won't be released. It's almost like they've decided to "ignore" Exchange 2010 on this occasion ...

      Hope some info is released soon!

    2. Sean Breddy says:

      I was wondering that, any news on Exchange 2010 URs???

    3. Exchange Server 2010 is in extended support. When a product is in extended support, only critical fixes, i.e. Security fixes and product co-existence issues, are delivered. There was no update of this type for Exchange Server 2010 this cycle. We will continue to provide these type of fixes for Exchange Server 2010 until it reached end-of-life on 1/14/2020.

      1. robk says:

        thank you

        1. rachkovsky says:

          I see Update Rollup 18 For Exchange 2010 SP3 (KB4018588) has been released on July 6, 2017.
          https://www.microsoft.com/en-us/download/details.aspx?id=55591&WT.mc_id=rss_alldownloads_all

  18. MarcK4096 says:

    Any chance that official support for brick level backup and restore might be added in a future release so that third party vendors don't have to roll their own in an unsupported manner?

  19. Darth Adonis says:

    If I remember correctly, last year at Ignite the Exchange team mentioned that Set-DatabaseAvailabilityGroup -AutoDagBitlockerEnabled that was implemented in CU2 did not actually work (yet). I have not seen anything public to that effect, acknowledging the problem or that it has been fixed. Can the team please point me in the right direction for documentation or speak to this?

    https://blogs.technet.microsoft.com/exchange/2016/06/21/released-june-2016-quarterly-exchange-updates/

    AutoReseed support for BitLocker
    Beginning with Exchange 2013 CU13 and Exchange 2016 CU2, the Disk Reclaimer function within AutoReseed supports BitLocker. By default, this feature is disabled. For more information on how to enable this functionality, please see Enabling BitLocker on Exchange Servers.

    1. There was an issue with where if you were not leveraging a certificate for encryption purposes, you couldn't leverage BitLocker automatically with AutoReseed (instead you had to either format/encrypt disks prior to usage or encrypt after failure). That was resolved in CU5.

  20. MikeB says:

    If catching up from CU2 is it still recommended (per the CU5 information) to install CU4, then update .Net to 4.6.2 and install CU6?
    Thanks.

  21. Jeff Belt says:

    Is the issue with PF Hierarchy not replicating after a DAG failover been resolved on Exchange 2016, think it was introduced in CU4

  22. Evan Vincent says:

    What schema updates are made in CU6?

    On the Microsoft TechNet page "Exchange 2016 Active Directory schema changes" it says “no schema updates since CU4…”

  23. Eric Schenck says:

    is https://support.microsoft.com/en-gb/help/4018588/description-of-the-security-update-for-microsoft-exchange-july-11-2017 also available for CU6 or is it already implemented or is CU6 not vulnerable for this?

  24. Poetzelsberger Franz says:

    Is the July 2017 Exchange Hotfix https://support.microsoft.com/en-us/help/4018588/description-of-the-security-update-for-microsoft-exchange-july-11-2017 included in Ex2013 CU17/Ex2016 CU6?

    But there is no Hotfix available for Ex2013 CU17/Ex2016 CU6.

  25. Miguel says:

    Hi,

    Today you release this Security Update for Exchange:

    https://support.microsoft.com/en-us/help/4018588/description-of-the-security-update-for-microsoft-exchange-july-11-2017

    Our servers are Exchange 2013 CU15.
    We downloaded:
    Security Update For Exchange Server 2013 SP1
    and Security Update For Exchange Server 2013 CU16

    But it doesn't work. It show this error:
    The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch.

    Exchange 2013 CU15 doesn't need the patch?
    Regards

  26. kk says:

    hello

    why you didn't tell us about a very Critical update ru18 for exchange 2010
    are you throwing exchange 2010 at this point ????

  27. Peter Bourke says:

    Office 365 - Failed delivery of inbound emails with attachments - Edge Transport server rules changed?

    We are using Exchange Online in Office 365 and have been experiencing failure to deliver email into Exchange (554 error) for emails coming automated systems (for ecommerce) when they have attachments e.g. order details. This started 48 hours ago and is hurting our business. We are having a miserable time getting support attention on this. Any ideas of things we could try on the O365 admin portal to try and self help?

    1. Peter Bourke says:

      The full message we are seeing is:
      "554 5.6.0 Invalid message content"

      1. Peter Bourke says:

        Guys thanks e got some support from Microsoft and have now proven (for now) it is not an issue in Exchange, but in our 3rd party email security gateway.

  28. James Nash says:

    Can the security update for Exchange, released this week, be installed on top of the June Quarterly Updates? The following link - "Microsoft Exchange Server deployment tables" section - suggests in can only be installed on top of CU16 (2013) and CU5 (2016) - https://support.microsoft.com/en-gb/help/20170711/security-update-deployment-information-july-11-2017

  29. Where can I find the list of changes of AD Schema? Looks like that https://technet.microsoft.com/en-us/library/bb738144(v=exchg.160).aspx does not include latest information.

  30. Scott Jacobs says:

    Does anyone know if KB4018588 is included in CU17. The download info for KB4018588 infers its for CU16.

Skip to main content