Issue with July Updates for Windows on an Exchange Server


The Exchange team is aware of issues with the Windows Operating System updates published July 10th, 2018 causing Exchange to not function correctly. The Windows servicing team has advised us that they will be releasing updates to the affected packages. We encourage Exchange customers to delay applying the July 10th updates, including the security updates released on the same date, on to an Exchange server until the updated packages are available.

Update: July 17th

We wanted to provide you an update on this issue.

The issue has been resolved and new updates will be available through Windows Update for all operating systems by end of day July 17th (PDT). The Exchange Team recommends that customers use Windows Update or update the catalogs on their own SUS servers to ensure the latest version of the update is available for installation on your Exchange Servers. Doing so will avoid any possible disruption to the MSExchangeTransport service which may have been impacted by the July 10th update.

Update: July 18th

The Windows team has informed us a delay occurred in the release of some packages. Updated packages are now available via the regular release channels: Windows Update, Catalogue, WSUS. These updates should be applied based upon the operating system version you are using with Exchange Server. When using Windows Update to apply an update, you will need to initiate a manual request in the Windows UI to find and download updates.

For Windows 2016, the update will be applied as a replacement to the package delivered on July 10th. Customers running Exchange on Windows Server 2016 should ensure that the latest operating system updates are applied. These updates are available now and can be applied to a production system regardless of previous updates installed.

For operating systems prior to Windows 2016, the update will be applied as an additional update to the updates released on July 10th. This means you must apply the July 10th update and then may need to execute Windows Update again to receive the additional update to fully resolve the issue. The updates for these operating systems should be fully published to all geographies on Windows Update by end of day July 18th (PDT).

The table below outlines the impacted KB for each operating system and the associated KB which must be applied to resolve the issue. In the case where there are multiple updates listed for an operating system, only one of the updates should be required. The presence of two updates is indicative of whether a rollup or individual security update is being used to update the operating system.

Operating System Impacted Update Update which must be applied
Windows Server 2016 KB 4338814 KB 4345418
Windows Server 2012R2 KB 4338824 KB 4345424
KB 4338815 KB 4338831
Windows Server 2012 KB 4338820 KB 4345425
KB 4338830 KB 4338816
Windows Server 2008R2 SP1 KB 4338823 KB 4345459
KB 4338818 KB 4338821
Windows Server 2008 KB 4295656 KB 4345397

The updates in question apply to the operating system and address an issue which causes the Exchange Transport service, responsible for delivering mail, to stop functioning. This condition is unrelated to the .NET changes which were published on the same date. The Exchange team continues to encourage customers to make use of Windows Update or SUS to ensure that the operating systems updates are applied correctly to an Exchange Server.

Update: August 31

One more update as we had some questions on this: we are currently not aware of any related issues with August 2018 updates.
The Exchange Team

Comments (29)

  1. StephenKCEE says:

    Hi Exchange Team, Can you be more specific as to the issues you are aware of? The July 10th operating system and security updates have been installed on our Exchange 2016 CU10 environment for almost a week, with no apparent functional issues. This must be quiet significant if you are encouraging customers not to install security updates. Kind regards Stephen

    1. KB4338814 has been replaced by KB4345418, see the article on issues with KB4338814: https://support.microsoft.com/en-us/help/4338814/windows-10-update-kb4338814

      1. There is also KB4338815 (Applies to: Windows 8.1 and Windows Server 2012 R2) with the same issues and no fixes, nor workarounds provided yet.

        1. By the way, could Exchange Team confirm that these particular KBs are the ones causing issues mentioned in this article?

  2. Can you provide the KB number list which affected Exchange , as we also installed security updates on Exchange 2013 CU20 and we didn’t face any issues.

  3. MauriceW67 says:

    Can you provide a bit more information? Which Exchange and OS versions are affected? And what issues occur in Exchange?

  4. jabarca says:

    Exchange Team,

    We installed the updates during the weekend and now experiencing multiples outages. Port 25 stop working on HT servers every now and then (6-12h). We had to reboot the servers to get them back accepting connections over port 25. We are in the process to remove the updates (KB4338823 and KB4338818).

    Can you please advise if Microsoft release an update/hotfix to get it fixed??

    thanks,

  5. Bjackl says:

    Which updates should be uninstalled on Server 2008 and 2008R2 with Exchange 2010. We have a couple of machines that have to be rebooted after several hours to start receiving email again. It is not possible on them to restart the Exchange transport service.

  6. Could you please deliver more details!
    Uninstall Rollup (p.e. KB4338818 for Server 2008 R2) first, then install Update (which KB??) from July 17th ?

    Thanks!

  7. There are moments where I think that it’s a good idea to not distribute .NET Framework Update using Windows Update or to disable .Net Framework update on Exchange servers by default. Just create enough registry key to avoid automatic installation upfront.

  8. AvalonNYC says:

    I think it’s past July 17th everywhere, and our 2008 R2 / Exchange 2010 servers are still getting offered KB4338818, the update we removed to fixed the MSExchangeTransport problem.

  9. tubs30 says:

    still waiting for this new update that was supposed to be released on the 17th?

  10. Hi team,

    “For operating systems prior to Windows 2016, the update will be applied as an additional update to the updates released on July 10th. This means you must apply the July 10th update and then may need to execute Windows Update again to receive the additional update to fully resolve the issue.”

    You sure? For example, for KB4338831 it reads, “This non-security update includes improvements and fixes that were a part KB4338815 (released July 10, 2018) and also includes these new quality improvements as a preview of the next Monthly Rollup update..”, implying it is a replacement like the KB4345418 for WS2016. It seems that for older OS’es there is an update (for the related security update) and a replacement (for the July update).

    1. According to the Windows Servicing team, for the non Windows Server 2016 operating systems, it is required that the update released on July 10th be installed for Windows update to offer the new update. The is because the update is a patch to the previous package. Windows update chooses updates based upon packages previously installed on these operating systems.

      1. Anonymous says:
        (The content was deleted per user request)
      2. Is this because the SSU is included out of WU/MU? This would not be the case for a managed Environment, since the the SSU is Installed first and separately, if I am not mistaken.

        Therefore, if the SSU was downloaded from the Catalog and installed would this suffice and meet the necessary requirements?

      3. ViktoriaG says:

        Corresponding SSU was released in May, if I’m not mistaken. It doesn’t require reboot and really small one.

        If you’re not up-to-date with Windows updates you will get error “the update is not applicable….” while trying to install KB4345418 for Windows 2016.

        This is because KB4345418 replaces KB4132216 which has KB4132216 (released in May) as a prerequisite.

        Prerequisite: The servicing stack update (SSU) (KB4132216) must be installed before installing the latest cumulative update (LCU) (KB4338814). The LCU will not be reported as applicable until the SSU is installed.
        https://support.microsoft.com/en-us/help/4338814/windows-10-update-kb4338814

        Looks like the article for KB4345418 doesn’t mention that.

    2. ViktoriaG says:

      You need servicing stack update – not a comulative update, this one is needed for update process to work correctly.

  11. sime3000 says:

    Given that there are chronic problems with the application of rollups on Windows 2016 since day one, it will be interesting to see how many people will successfully apply KB4338814 but wont be able to apply the KB4345418 rollup thus leaving them with a broken Exchange server.

  12. Random_Thoughts says:

    Great job, the fix shows up as a optional update. (Server 08) In some ways, I guess it is optional — if you don’t want to be rebooting your server twice daily.

  13. TimJ says:

    Is it safe to assume that the August CU for pre-2016 OSs will include the fix? So basically if July’s updates were skipped altogether one would only need to installed the August CU to prevent the issue from occurring?

  14. kishore Anbu says:

    I have Already Uninstalled the KB 4338823 , KB 4338818 patches From the Windows server 2008 R2 Exchange server 2010 / Please let me can i install the Update New Patch Now – KB 4338821, KB 4345459. Because After Uninstalled the Impacted Update the Exchange Transport Service was working Fine For one week time.Again today issue is started with the Transport Service is getting Hanged.

  15. Mike Christian says:

    I read with interest about so many issues with Microsoft updates. For years now I have either prevented these unwanted updates, or uninstalled them from my laptops etc., resulting in trouble free operation. I also have friends who use Apple systems whom report that they do not experience such issues with their machines. Why do Microsoft have to update their system so often, or is it simply so that they can harvest information from your personal data? Windows 10 insistence that you have to accept updates is an infringement to personal privacy. After all, would you let someone enter your home uninvited, rearrange your furniture, disable vital components within your property and then sometime later offer a fix for all of their fuck-ups? I think not. The August 2018 update caused numerous problems to my operating system, culminating in me having to renew the hard drive. Once funds are available an Apple system is on its way!

    1. John says:

      Mike,
      You should ask your friends to show us Exchange running on an Apple platform. If you need reference to Apple updates causing issues for users, you need look no further than the recent “batterygate” incident which has sparked over 32 lawsuits according to Wikipedia. https://en.wikipedia.org/wiki/Batterygate
      Just saying…

  16. Mohammad Almishal says:

    Hi,
    we try to install KB 4338831 but it shows update is not applicable. your advise please regarding this issue.

  17. stephen cromer says:

    now after this update, the ms office 2007 (outlook) has quit working correctly. (will not receive emails any longer)
    i restore back before this update and it starts working again.

  18. Robert Crowe says:

    For the third time this year our microsoft exchange emails go to prompt for password constantly on our microsoft computers and refused to download emails. This does not happen on android phones or ipads. It is very ironic that other devices aren’t affected and it is almost impossible to find out why and what to do about it.

  19. Hello, Our exchange server 2017 is often got crashed/Hanged its a VM. We dont know what is the actual problem. can Anyone suggest something

Skip to main content