Released: December 2017 Quarterly Exchange Updates

Update: Microsoft has identified a condition where Free/Busy lookups from On-Premises to O365 in a hybrid configuration may fail. Please see KB4058297 for additional information and mechanisms to resolve this condition.

The December quarterly release updates for Exchange Server are now available on the download center (links below). In addition to the planned cumulative updates for Exchange Server 2013 and 2016, we have published an update rollup for Exchange Server 2010. These releases include all previously released updates, fixes for customer reported issues and limited new functionality.

Update Rollup 19 for Exchange Server 2010

Update Rollup 19 for Exchange Server 2010 contains a fix for an important issue affecting Exchange Server 2016 and Exchange Server 2010 coexistence. Our deployment guidance states when these versions are deployed together, load balancer VIP’s can (should) be pointed to servers running Exchange Server 2016. Exchange Server 2016 will proxy calls to an appropriate server version based upon where the mailbox being accessed is located. We have become aware of a condition which could allow proxied EWS calls to gain access to mailboxes on the 2010 server to which a user should not have access. This issue, tracked by KB4054456, is resolved in Service Pack 3 Update Rollup 19 for Exchange Server 2010. Customers who have deployed Exchange Server 2010 and 2016 together are encouraged to apply Update Rollup 19 with high priority.

Note: Exchange Server 2010 is in extended support phase of lifecycle. Customers should not expect regular updates to this product. Updates are released on an as needed basis only.

Change in TLS Settings Behavior in Exchange Server 2013 and 2016

The cumulative updates for Exchange Server 2013 and 2016 released today include a change in behavior as it relates to configuring TLS and cryptography settings. Previous cumulative updates would overwrite a customer’s existing configuration. Due to customer feedback, we have changed product behavior to configure TLS and cryptography settings only when a new Exchange server is installed. Applying a cumulative update will no longer overwrite the customer’s existing configuration. In the future, the Exchange team will publish guidance on what we believe customers should use to optimally configure a server. It will be up to customers to ensure their servers are configured to meet their security needs. Exchange SETUP will ensure that our current recommendations are applied automatically when a new Exchange server is installed using current and future cumulative updates.

Note: Customers can always use the latest cumulative update directly to install a newly provisioned server.

Support for Hybrid Modern Authentication

As announced by Greg in his excellent and highly popular blog post, Exchange Server 2013 and 2016 have introduced a spiffy new authentication option. Those of you still running Exchange Server 2010 will have to wait a bit but anyone running Exchange Server 2013 or 2016 will certainly want to have a look at a revolutionary change introduced in these cumulative updates.

Support for .NET Framework 4.7.1

.NET Framework 4.7.1 is now fully supported with Exchange Server 2013 and 2016. .NET Framework 4.7.1 will be required on Exchange Server 2013 and 2016 installations starting with our June 2018 quarterly releases. Customers should plan to upgrade to .NET Framework 4.7.1 after applying the December 2017 or March 2018 quarterly release to avoid blocking installation of the June 2018 quarterly releases for Exchange Server 2013 and 2016.

Known unresolved issues in these releases

The following known issues exist in these releases and will be resolved in a future update:

  • Information protected e-Mails may show hyperlinks which are not fully translated to a supported, local language
  • When sending a calendar sharing invitation in OWA, users opening the invitation in OWA may not see the ‘Accept’ button. Using Outlook client, calendar sharing invitations work normally.
  • When configuring ‘Offline Settings’ in OWA, users may receive a message to update the application and the OWA session becomes disconnected from the Exchange server.

Release Details

KB articles that describe the fixes in each release are available as follows:

None of the updates released today include new Active Directory schema since the September 2017 quarterly updates were released. If upgrading from an older Exchange version or cumulative update, Active Directory schema updates may still be required. These updates will apply automatically during setup if the logged on user has the required permissions. If the Exchange Administrator lacks permissions to update Active Directory schema, a Schema Admin must execute SETUP /PrepareSchema prior to the first Exchange Server installation or upgrade. The Exchange Administrator should execute SETUP /PrepareAD to ensure RBAC roles are current. PrepareAD will run automatically during the first server upgrade if Exchange Setup detects this is required and the logged on user has sufficient permission.

Additional Information

Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate TechNet documentation.

Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings.

Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., 2013 CU19, 2016 CU8) or the prior (e.g., 2013 CU18, 2016 CU7) Cumulative Update release.

For the latest information on Exchange Server and product announcements please see What's New in Exchange Server 2016 and Exchange Server 2016 Release Notes. You can also find updated information on Exchange Server 2013 in What’s New in Exchange Server 2013, Release Notes and product documentation available on TechNet.

Note: Documentation may not be fully available at the time this post is published.

The Exchange Team

Comments (20)

  1. Jeffry A. Spain says:

    Can you confirm whether or not .NET Framework 4.7.0 is supported with Exchange 2016 CU8? Currently I have .NET 4.7.0 blocked and will leave it blocked until the GA release of .NET 4.7.1 if there is no support for 4.7.0. Thanks.

    1. Hi Jeffry,
      4.7.0 is not supported, but 4.7.1 is GA since October, see the following post:

    2. Christian Wimmer says:

      They answered that in an article somewhere on this blog. .NET 4.7.0 will never be supported, you will have to go directly to .NET 4.7.1 AFTER upgrading to a version of Exchange Serer that supports .NET 4.7.1

    3. The only supported .NET versions at this time are 4.6.2 and 4.7.1. .NET 4.7.1 reached GA in October. You can find more information on the release at

  2. Norbert says:

    It’s not supported. Either use 4.6.2 or 4.7.1 (after installation of cu8)

  3. robk says:

    Did you guys fixed get-help command that was broken in CU7 and the never ending story about -verbose switch that simply does not work for like 2 years?

    1. We are still working with the Windows team to resolve the Get-Help issue. This issue requires a fix from Windows. We are not tracking any known issues with -Verbose functionality.

      1. robk says:

        thanks Brent. There is no need to track -verbose problem. it simply does not work. try this get-mailbox -verbose and you get not verbose: output, just the list of mailboxes (no nice yellow detailed output of what exchange is doing). If are running Exchange 2013 on windows 2008r2 OS the -verbose switch works like a charm. I;m just too tired to be asking the same question over and over. A simple: We no longer provide detailed output for exchange powershell commands will be enough for me and i will shut up.

        thank you

        1. K says:

          @Brent: Quite strange since it really is well-known.

  4. Josephine says:

    Does CU8 disable the “Archive” folder that Microsoft, in it’s infinite wisdom created for all users as part of CU7?

  5. Josephine says:

    Does that have any impact on the “Archive” folder Microsoft, in it’s infinite wisdom created for each user in CU7?

    1. The underlying issue which caused Archive folders to be created has been resolved. Unfortunately this will not remove folders that were already created.

  6. Congrats to the team for hitting the quarterly release milestone!

  7. Graham says:

    Did the issue with install-antispamagents.ps1 not running in Cu7 get fixed?

    1. This fix did not make Cumulative Update 8 but is resolved in Cumulative Update 9.

  8. Eddy1968 says:

    Exchange 2016 CU 8 crashed my Exchange Server in my Test lab. First it have problems with the Web Management Service, afterwards it uninstalled any Exchange 2016 CU7 services and than gave an error! Exchange was uninstalled only!

  9. Pierre Pash says:

    hello all,

    nothing to report about the need to config Proxy through psexec to make sure oauth is ok betwen O365 and ex2016 onprem servers. it was supposed to be fixed with Cu8 right ?

  10. Ben says:

    Hi Team,
    Is it likely with the 2013 CU19 that we can safely disable TLS 1.0 yet?

    I know that in the article it mentions in the future guidance will be published – but given PCI and Microsoft (for O365) are pushing deprecation of TLS 1.0 is it something that can now be done with this update or should we be waiting until next updates?


    1. We are completing our validation of Exchange Server without TLS 1.0 for Exchange Server 2013 and 2016. We are planning to issue new TLS guidance with the March 2018 Quarterly release.

  11. Darth Adonis says:

    FYI for fellow Hybrid Orgs – Hybrid free/busy lookups fail between Exchange Server 2016 CU8 and O365

    We need to contact MSFT support to request the fix….

Skip to main content