Released: June 2017 Quarterly Exchange Updates

The latest set of Cumulative Updates for Exchange Server 2016 and Exchange Server 2013 are now available on the download center. These releases include fixes to customer reported issues, all previously reported security/quality issues and updated functionality.

Updated functionality in Cumulative Update 6

With Cumulative Update 6 we are adding two highly anticipated features; Sent Items Behavior Control and Original Folder Item Recovery. These features are targeted to Exchange Server 2016 only and will not be included in Exchange Server 2013. Exchange Server 2013 already has its own implementation of Sent Items Behavior Control which is different than the version we are releasing today. The Cumulative Update 6 behavior is more closely aligned with how this worked in Exchange Server 2010. Due to architectural differences, the configuration of this feature is not retained if mailboxes are moved between Exchange Server 2010 and Exchange Server 2016 or between Exchange Server 2013 and Exchange Server 2016.

Latest time zone updates

All of the packages released today include support for time zone updates published by Microsoft through May 2017.

TLS 1.2 Exchange Support Update

We previously announced that Cumulative Update 6 would include support for TLS 1.2. The updates released today do have improved support for TLS 1.2 but we are not encouraging customers to move to a TLS 1.2 only environment at this time. We are working with the Windows and .Net teams to make configuring TLS 1.2 a more streamlined experience. Customers should continue to watch this space and be prepared to deprecate TLS 1.0 and 1.1 in the near future.

.Net Framework 4.7 compatibility with these releases

The Exchange team is still completing validation of the June releases with .Net Framework 4.7. We have not found any compatibility issues at this time, but are asking customers to delay using .Net Framework 4.7 until we have completed our validation. Once this validation is complete we will provide further guidance on .Net Framework 4.7 and Exchange Server.

Release Details

KB articles that describe the fixes in each release are available as follows:

Exchange Server 2016 Cumulative Update 6 does include new updates to Active Directory Schema. If upgrading from an older Exchange version or installing a new server, Active Directory updates may still be required. These updates will apply automatically during setup if the logged on user has the required permissions. If the Exchange Administrator lacks permissions to update Active Directory Schema, a Schema Admin must execute SETUP /PrepareSchema prior to the first Exchange Server installation or upgrade. The Exchange Administrator should execute SETUP /PrepareAD to ensure RBAC roles are current.

Exchange Server 2013 Cumulative Update 17 does not include updates to Active Directory, but may add additional RBAC definitions to your existing configuration. PrepareAD should be executed prior to upgrading any servers to Cumulative Update 17. PrepareAD will run automatically during the first server upgrade if Exchange Setup detects this is required and the logged on user has sufficient permission.

Additional Information

Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate TechNet documentation.

Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings.

Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., 2013 CU17, 2016 CU6) or the prior (e.g., 2013 CU16, 2016 CU5) Cumulative Update release.

For the latest information on Exchange Server and product announcements please see What's New in Exchange Server 2016 and Exchange Server 2016 Release Notes. You can also find updated information on Exchange Server 2013 in What’s New in Exchange Server 2013, Release Notes and product documentation available on TechNet.

Note: Documentation may not be fully available at the time this post is published.

Post release update concerning Cumulative Update 5

Several customers have reported problems with 3rd party solutions which provide brick level backup or single mailbox recovery as a reported feature after installing Cumulative Update 5. Cumulative Update 5 included an update to our database schema which caused some of these products to not function as they had previously. That change carries forward into Cumulative Update 6 as well. The practice of updating the database schema has long been in place with Exchange Server. Microsoft has urged developers to not consider the schema to be immutable nor to program against it. The schema is not publicly defined and is a structure internal to the operation of Exchange Server. Access to store level objects is provided through publicly documented interfaces and structures only.

The Exchange Team

Comments (72)
  1. Keith says:

    No updates for Exchange 2010 this quarter?

  2. Christian Schindler says:

    Great! Since it is not mentioned in the KB Article: Does CU6 contain a fix for the bug that was introduced in CU5 where Mailboxes that contain special characters in the display name, couldn’t be moved? Thx Christian

    1. Nicklas Lövebrant says:

      Christian Schindler:
      According to this link:
      The resolution is to apply CU6 so I am hoping it does.

    2. Ralf Leistner says:

      @Christian: yes it is, check this KB:

    3. We are not tracking any known defects in this area.

      1. >> We are not tracking any known defects in this area.

        Are you kidding me? This is one of the biggest bug for German users in the last few years! The KB article promised the bug will be fixed in CU6.

        1. Razvan says:

          It’s fixed in CU6.

        2. We are not tracking any issues because it was fixed. It appears that this issue however was not included in the CU6 fixed KB list. We will get the list updated to indicate it is resolved.

          1. Thanks Brent. I can confirm that the bug is fixed.

      2. Glenn Mæle says:

        Had the same exact problem with norwegian letter “Æ” during my last migration using Exchange 2016 CU5 (Worked fine with CU4). To complete the migration i hadto turn of automaticlly update from email address policy on all users with “æ” in their name

        The policy used was %ræa%røo%råa%r -%g.%s to convert the norwegian characters to specific letters.

    4. CHDV-LWAG says:

      Had the same trouble in different Mig-Project moving some Mailboxes! I fixed it by deleting the SMTP-Address of the Users and then generating a new (same) SMTP-Address. Then I was able to move them successfully…

  3. Congrats team on this milestone!

  4. Christoph says:

    We had a problem after the update to CU17. It is a pretty basic setup, 1 Server no customizations or plugins.
    OWA and ECP were only showing ERR_TO_MANY_REDIRECTS.
    The serverlog:
    Event code: 3005
    Event time: 27.06.2017 23:05:08
    Event time (UTC): 27.06.2017 21:05:08
    Event ID: c2ac0d66fcfb499c8fa7bfcc04ee1df4
    Event sequence: 613
    Event occurrence: 300
    Event detail code: 0

    Application information:
    Application domain: /LM/W3SVC/1/ROOT/owa-1-131430704263681794
    Trust level: Full
    Application Virtual Path: /owa
    Application Path: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\
    Machine name: SRVMX02

    Process information:
    Process ID: 8928
    Process name: w3wp.exe
    Account name: NT-AUTORITÄT\SYSTEM

    Exception information:
    Exception type: DirectoryNotFoundException
    Exception message: Ein Teil des Pfades “c:\program files\microsoft\exchange server\v15\frontend\httpproxy\owa\auth\15.0.1293\themes\resources\logon.css” konnte nicht gefunden werden.
    bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
    bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
    bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
    bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize, Boolean checkHost)
    bei System.IO.File.InternalReadAllText(String path, Encoding encoding, Boolean checkHost)
    bei Microsoft.Exchange.Clients.Owa.Core.OwaPage.b__5(String fullFilePath)
    bei Microsoft.Exchange.Clients.Owa.Core.OwaPage.InlineResource(String fileName, String partialFileLocation, ResoruceCreator createResource, Dictionary`2 resourceDictionary)
    bei Microsoft.Exchange.Clients.Owa.Core.OwaPage.InlineCss(String fileName)
    bei Microsoft.Exchange.Clients.Owa.Core.OwaPage.InlineCss(ThemeFileId themeFileId)
    bei ASP.auth_logon_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)
    bei System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
    bei System.Web.UI.Page.Render(HtmlTextWriter writer)
    bei System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
    bei System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

    Problem was that the metioned path was updated to …15.0.1320… but owa logon still tried to access the old one.

  5. Jonathan Galiacy says:


    Thanks for the updates.

    I have a question, concerning this KB :

    What is the current status of support for CNG keys on SSL certificates ?

    Is this a IIS problem, an Exchange problem, or a combination of both ?

    CNG SSL certs seem to work perfectly fine with Exchange 2016 running on server 2016 (Haven’t tried 2016 on 2012 R2 yet).

    Thank you.

    1. KSP support is not available in Exchange Server 2013.

      1. Jonathan Galiacy says:

        Thank you.

      2. Jonathan Galiacy says:

        Also, does this mean it is officially supported with Exchange 2016 (and going forward) ? Or is this just “luck” that it’s working with 2016 ?

        1. It is not working merely by luck. We have made and continue to make improvements in Exchange Server 2016. While not an explicit on-prem feature that was added, this is due to work we’ve done in O365.

          1. Jonathan Galiacy says:

            So it wasn’t explicitly added for 2016 but trickled down from O365.

            Does this mean we can expect the support of PSK/CNG to stay on future releases as well ?

          2. No plans to remove it.

  6. nick says:

    is there a rollup for exchange 2010 released this month?

  7. Martin Aigner says:

    What about Exchange 2010? I would minimum expect the Timezone update to be included for 2010 as well

    Thanks for a short statement here

  8. Good to see the new features included in this release.

  9. David Reade says:

    “PrepareAD should be executed prior to upgrading any servers to Cumulative Update 16”

    Is this a typo?

    1. Yes this is a type-o. It should read:
      “PrepareAD should be executed prior to upgrading any servers to Cumulative Update 17”

      Customers should generally plan on re-running /PrepareAD for every CU even when there aren’t any Schema updates, such as with CU17.

  10. Mike says:

    Does this fix the bug where iOS devices randomly forward recurring meetings of which they are an attendee? I have read mixed things where initially Microsoft was saying this was an Apple issue but someone else noted they opened a case with PSS and they indicated it should be fixed in Exchange 2016 CU6

  11. anthony says:

    Is there an exchange 2010 cumulative update planned?

  12. Sean Breddy says:

    Is UR 18 coming for Exchange 2010 SP3??

  13. Evan Vincent says:

    What schema updates are made in CU6?

    The following URL still says “no schema updates since CU4…”

  14. TeploukhovAA says:

    Does CU6 maybe the solution to the problem outlined in the article:

  15. Meska says:

    When I have last deployed CU5, it reverted the changes performed for Password Reset (see for more details )

    Am I still expected to perform the same after CU6 upgrade?
    Could you please provide insight into why this might be happening? It’s not a custom OWA changes or anything among those lines where altered files are replaced, I believe such configuration is saved in AD.
    Thank you.

  16. Stephan Mey says:

    Please publish the schema updates in CU6 !

  17. JaviAl says:

    And what about the Exchange Server Edge support on Windows Server 2016? Is this fixed in this Cumulastive Update 6?

    1. The fix for this issue is actually coming from Windows but will require additional guidance from the Exchange Team when it does. Once the fix is available, we will have more to say about Edge on Windows Server 2016.

  18. RobK says:


    I don;t see any news regarding Exchange 2010 Roll-Ups. Does that mean Exchange 2010 is dead?

    thank you

    1. WillC says:

      I was also wondering this. I have several customers running Exchange 2010 and cannot find any information anywhere …

      There has been no statement from Microsoft that says an Exchange 2010 Rollup is on the way, or won’t be released. It’s almost like they’ve decided to “ignore” Exchange 2010 on this occasion …

      Hope some info is released soon!

    2. Sean Breddy says:

      I was wondering that, any news on Exchange 2010 URs???

    3. Exchange Server 2010 is in extended support. When a product is in extended support, only critical fixes, i.e. Security fixes and product co-existence issues, are delivered. There was no update of this type for Exchange Server 2010 this cycle. We will continue to provide these type of fixes for Exchange Server 2010 until it reached end-of-life on 1/14/2020.

      1. robk says:

        thank you

        1. rachkovsky says:

          I see Update Rollup 18 For Exchange 2010 SP3 (KB4018588) has been released on July 6, 2017.

  19. MarcK4096 says:

    Any chance that official support for brick level backup and restore might be added in a future release so that third party vendors don’t have to roll their own in an unsupported manner?

  20. Darth Adonis says:

    If I remember correctly, last year at Ignite the Exchange team mentioned that Set-DatabaseAvailabilityGroup -AutoDagBitlockerEnabled that was implemented in CU2 did not actually work (yet). I have not seen anything public to that effect, acknowledging the problem or that it has been fixed. Can the team please point me in the right direction for documentation or speak to this?

    AutoReseed support for BitLocker
    Beginning with Exchange 2013 CU13 and Exchange 2016 CU2, the Disk Reclaimer function within AutoReseed supports BitLocker. By default, this feature is disabled. For more information on how to enable this functionality, please see Enabling BitLocker on Exchange Servers.

    1. There was an issue with where if you were not leveraging a certificate for encryption purposes, you couldn’t leverage BitLocker automatically with AutoReseed (instead you had to either format/encrypt disks prior to usage or encrypt after failure). That was resolved in CU5.

      1. Darth Adonis says:

        Thank you Ross.

  21. MikeB says:

    If catching up from CU2 is it still recommended (per the CU5 information) to install CU4, then update .Net to 4.6.2 and install CU6?

  22. Jeff Belt says:

    Is the issue with PF Hierarchy not replicating after a DAG failover been resolved on Exchange 2016, think it was introduced in CU4

  23. Evan Vincent says:

    What schema updates are made in CU6?

    On the Microsoft TechNet page “Exchange 2016 Active Directory schema changes” it says “no schema updates since CU4…”

  24. Eric Schenck says:

    is also available for CU6 or is it already implemented or is CU6 not vulnerable for this?

  25. Poetzelsberger Franz says:

    Is the July 2017 Exchange Hotfix included in Ex2013 CU17/Ex2016 CU6?

    But there is no Hotfix available for Ex2013 CU17/Ex2016 CU6.

  26. Miguel says:


    Today you release this Security Update for Exchange:

    Our servers are Exchange 2013 CU15.
    We downloaded:
    Security Update For Exchange Server 2013 SP1
    and Security Update For Exchange Server 2013 CU16

    But it doesn’t work. It show this error:
    The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch.

    Exchange 2013 CU15 doesn’t need the patch?

  27. kk says:


    why you didn’t tell us about a very Critical update ru18 for exchange 2010
    are you throwing exchange 2010 at this point ????

  28. Peter Bourke says:

    Office 365 – Failed delivery of inbound emails with attachments – Edge Transport server rules changed?

    We are using Exchange Online in Office 365 and have been experiencing failure to deliver email into Exchange (554 error) for emails coming automated systems (for ecommerce) when they have attachments e.g. order details. This started 48 hours ago and is hurting our business. We are having a miserable time getting support attention on this. Any ideas of things we could try on the O365 admin portal to try and self help?

    1. Peter Bourke says:

      The full message we are seeing is:
      “554 5.6.0 Invalid message content”

      1. Peter Bourke says:

        Guys thanks e got some support from Microsoft and have now proven (for now) it is not an issue in Exchange, but in our 3rd party email security gateway.

  29. James Nash says:

    Can the security update for Exchange, released this week, be installed on top of the June Quarterly Updates? The following link – “Microsoft Exchange Server deployment tables” section – suggests in can only be installed on top of CU16 (2013) and CU5 (2016) –

  30. Where can I find the list of changes of AD Schema? Looks like that does not include latest information.

    1. @Stanislav, the only schema change in CU6 is the rangeupper value was increased to 15330. There are no object/attribute additions.

  31. Scott Jacobs says:

    Does anyone know if KB4018588 is included in CU17. The download info for KB4018588 infers its for CU16.

  32. TroyB says:

    Do we also need to run setup.exe /PrepareAllDomains after /PrepareAD and prior to installing Exchange 2016 CU6?

  33. Chris Knight says:

    Don’t use CU6 for a clean install – OWA is broken due to a missing encryption certificate.
    If you do decide to use CU6 then follow the instructions here –
    Be prepared to wait a while for the configuration change to make its way through the topology before an iisreset actually results in a working system.

    Thank Microsoft for yet another poorly tested CU/UR.

  34. Dino Disha says:

    I wonder is someone can help.
    We have a large Exchange 2013 CU12 which hosts all user mailboxes co-existing with exchange 2007 hosting legacy Public Folders.
    We are planning to apply CU16 on the exchange 2013 servers so I wanted to know if this will cause any issues with the co-existence with exchange 2007 and access to the Public Folders.

  35. ihab says:


    I currently run in project to install a new Exchange 2013 servers for across forest migration old one run CU 10, Can I upgrade .net 4.6.2 on a new server and jump directly to CU17 or do I have to do the install CU15, install new .NET 4.6.2 and then CU17? Trying to figure out the best course before install my Exchange this weekend.

  36. Conal Mullan says:

    The unnecessary “Please update UseDatabaseQuotaDefaults to false in order for mailbox quotas to apply.” warning message was not fixed in this release.

    When will that be fixed?

  37. ISP Services says:

    I noticed a bug in the ECP during mailbox move requests in this CU (moving to another DB on another Ex2016 CU6 server). After the mailbox move requested is finished, it still shows “syncing” in ECP. Powershell shows the request as completed.

  38. Any issue with MaxHitsForFullTextIndexSearches ?

    1. jte369 says:

      Is there a place where the Exchange Team talks about what might be coming in the next CU? I’m specifically interested in Exchange 2016.

  39. George Stamatopoulos says:

    .NET Framework 4.7 and Exchange Server? When will we got the go ahead to install this on our Exchange 2016 servers?

  40. Anand says:

    Will there be any fix for IE11 OWA in next CU for exchange 2016?

  41. Greetings, realize this blog is a bit old, but only related place I thought to ask.

    After promises of fully functional Public Folders in 2016, I have just helped a client do the leapfrog from 2003, to 2010, to 2016… Happily, thanks. :-)

    Challenge is… there’s nothing anywhere that warned us that OWA would not support task-based public folders in 2016, and they use them for external clients monitoring/managing PM progress.

    Will task-based public folders support in OWA return? (working fine in outlook)


Comments are closed.

Skip to main content