Exchange 2013 CU19 Released


Exchange 2013 CU19 has been released to the Microsoft download centre!  Exchange 2013 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2013 and can be used to install a fresh server or to update a previously installed one.  Exchange 2013 SP1 was in effect CU4, and CU19 is the fifteenth post SP1 release.

Download Exchange 2013 CU19

This is build 15.00.1365.001  of Exchange 2013 and the update is helpfully named Exchange2013-x64-cu19.exe.  Which is a great improvement over the initial CUs that all had the same file name!  Details for the release are contained in KB 4037224.

Whether or not your AD Schema needs to be updated depends upon your initial Exchange 2013 version.  This will dictate if the AD Schema needs to be modified.  Check the values as noted in this post.  There may be additional RBAC definitions, so PrepareAD should be executed prior to installing CU19.  If setup detects that PrepareAD is required it should be automatically executed if the account running setup has the necessary permissions.  This was an issue first discussed in the MessageCopyForSentAsEnabled  post and in Unexpected Exchange AD Object Values.

Exchange 2007 is no longer supported, updates are not provided once a product has exited out of extended support.

Update 21-12-2017 - updated note on .NET support

Updates Of Particular Note

.NET framework 4.7.1 is now fully supported.    Currently this is an optional item, but will be required with the June 2018 CU.  Plan accordingly!   Customers should test, verify and install CU19 then move to update to .NET 4.7.1 which will be required for the June 2018 CU install.  It will remain optional for the March 2018 CU.

Advanced notification was provided  with the release of CU18 so that administrators could proactively plan to update the .NET Framework.    This is similar to the approach with .NET 4.6.2 - Please see Exchange 2013 CU16 and Exchange 2016 CU5 .NET Framework Requirement for more details.

.NET Framework 4.7 is not supported.

CU19 introduces a change in TLS and cryptography settings.  Previous CUs would overwrite a custom configuration.  TLS and cryptography is now configured at install time and future CUs should not overwrite customisations .

Hybrid Modern Authentication (not HAM)  provides users the ability to access on-premises applications using authorisation tokens obtained from Office 365.  These OAuth tokens allow access to authenticate against on-premises Exchange.

Issues Resolved

4046316 MAPI over HTTP can't remove client sessions timely if using OAuth and the resource has a master account in Exchange Server 2013

4046205 W3wp high CPU usage in Exchange Server 2013

4046182 Event ID 4999 or 1007 if diagnostics service crashes repeatedly in Exchange Server 2013

4056329 Can't access EWS from Outlook/OWA add-ins via makeEwsRequestAsync in Exchange Server 2016 and Exchange Server 2013

4045655 Description of the security update for Microsoft Exchange: December 12, 2017

Some Items For Consideration

As with previous CUs, this one also follows the new servicing paradigm which was previously discussed on the blog.  The CU package can be used to perform a new installation, or to upgrade an existing Exchange Server 2013 installation.  You do not need to install Cumulative Update 4 or 5 for Exchange Server 2013 when you are installing the latest CU.  Cumulative Updates are well, cumulative.  What else can I say…

For customers with a hybrid Exchange deployment, must keep their on-premises Exchange servers updated to the latest update or the one immediately prior ( N or N-1).

After you install this cumulative update package, you cannot uninstall the cumulative update package to revert to an earlier version of Exchange 2013. If you uninstall this cumulative update package, Exchange 2013 is removed from the server.

  • Test the CU in a lab which is representative of your environment

  • Review this post to also factor in AD preparation which is to be done ahead of installing the CU onto the first Exchange server

  • Follow your organisation’s change management process, and factor the approval time into your change request

  • Provide appropriate notifications as per your process.  This may be to IT teams, or to end users.

  • After you install this cumulative update package, you cannot uninstall the cumulative update package to revert to an earlier version of Exchange. If you uninstall this cumulative update package, Exchange is removed from the server.

  • Place the server into SCOM maintenance mode prior to installing, confirm the install then take the server out of maintenance mode

  • Place the server into Exchange maintenance mode prior to installing, confirm the install then take the server out of maintenance mode

  • I personally like to restart prior to installing CUs.  This helps identifies if an issue was due to the CU or happened in this prior restart, and also completes any pending file rename operations.  3rd party AV products are often guilty of this

  • Restart the server after installing the CU

  • Ensure that all the relevant services are running

  • Ensure that event logs are clean, with no errors

  • Ensure that you consult with all 3rd party vendors which exist as part of your messaging environment.  This includes archive, backup, mobility and management services

  • Ensure that you do not forget to install this update on management servers, jump servers/workstations and application servers where the management tools were installed for an application.  FIM and 3rd party user provisioning solutions are examples of the latter

  • Ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed.  See KB981474

  • Disable file system antivirus prior to installing.  Do this through the appropriate console.  Typically this will be a central admin console, not the local machine

  • Verify file system antivirus is actually disabled

  • Once server has been restarted, re-enable file system antivirus

  • Note that customised configuration files are overwritten on installation.  Make sure you have any changes fully documented!

  • While CU19 does not add any new AD Schema changes.  If you are on an out-dated CU currently, then deploying CU19 may contain AD Schema updates for your organisation – please test and plan accordingly!  Whether or not your AD Schema needs to be updated depends upon your initial Exchange 2013 version.  This will dictate if the AD Schema needs to be modified.  Check the values as noted in this post.  Additional RBAC definitions may also be required.

Please enjoy the update responsibly!

What do I mean by that?  Well, you need to ensure that you are fully informed about the caveats with the CU  and are aware of all of the changes that it will make within your environment.  Additionally you will need to test the CU your lab which is representative of your production environment.

Cheers,

Rhoderick

Comments (17)

  1. Hi Robert, small nuance: announcement is that .NET 4.7.1 is required per the June 2018 quarterly update, optional for this and the March one.

    1. Rhoderick, of course (doh!)

      1. Thanks Michel!

        It’s OK – you can imagine what happens to my name when I go to a certain large coffee shop….. 😉

        Cheers,
        Rhoderick

  2. David Reade says:

    Hi Rhoderick

    I am running Exchange 2013 CU17 and had installed .NET 4.7 when it was released, and before the announcement from Microsoft that it was not supported. However, there have never been any issues since it was installed.

    With the release of CU19 and the stipulation that .NET 4.7 is not supported, does that mean I would have to remove .NET 4.7 first and then install CU19 along with .NET 4.7.1, or can I just go ahead and install CU19 and then .NET 4.7.1?

    Also, you mention changes to TLS and cryptography settings. What does this entail? Does this mean Exchange Server now uses TLS 1.2 only?

    1. Hi David,

      The official support position does not include this situation David. Technically it should be downgraded, but if you want to take the risk of updating then you can try that.

      Exchange was overwriting SSL/TLS configuration lockdowns that customers had made – thats the current change. The Exchange teamm will publish more guidance on this in the future.

      Cheers,
      Rhoderick

    2. Truwarrior says:

      In a similar situation as well. Where you able to test upgrading while on 4.7 to CU19 then upgrade to 4.71? Sounds like it probably work, just not tested or supported.

    3. Truwarrior says:

      In a similar situation as well. Were you able to test upgrading while on 4.7 to CU19 then upgrade to 4.71? Sounds like it probably work, just not tested or supported.

      1. David Reade says:

        With .NET 4.7 installed and running CU17, I successfully upgraded to CU19 and then installed .NET 4.7.1.

        So far, no errors in the Event Viewer. Everything seems to be working as expected. 🙂

  3. Rajesh says:

    Hi, Does KB4045655 Secuirty update is included in CU19? This is applicable for CU17 and released couple of weeks back.

    1. Yes – it’s listed above.

      Cheers,
      Rhoderick

  4. B. Mulder says:

    After some updating at dec 27 2017 we’re getting errors with Business Contact Manager plugin when starting Outlook 2010.
    Is there something changed in MAPI in CU19?
    Someone else noticing the same problem?

    Naam van gebeurtenis: BCM
    P1: Addin
    P2: NativeMAPIException
    P3: 4.0.11308.0
    P4: 14.0.7189.5000
    P5: OutlookMapiSessionLogonComplete
    P6: GetProps
    P7: F01531A1

  5. nik3com1 says:

    since installing this update outlook 2010 users are experiencing sending issues where it hangs this is not all users and not all the time?

  6. Sydguy says:

    HI Rhoderick ,

    We decided to upgrade to Exchange 2013 CU 19 from our Exchange 2010 Environment and introduced 1st Exchange 2013 C19 into the environment. However , emails are not flowing between our two environments. OWA 2013 will say you dont have permission to perform this action.

    Exchange 2013 is multirole server and having issues with its transport service and doesnt start automatically and will stop as soon as we open queue viewer.

    We see this event EVENT 16023.

    Microsoft Exchange couldn’t start transport agents. The Microsoft Exchange Transport service will be stopped. Exception details: Failed to create type ‘Microsoft.Exchange.MessagingPolicies.TransportRuleAgent.TransportRuleAgentFactory’ from assembly ‘C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Rule\Microsoft.Exchange.MessagingPolicies.TransportRuleAgent.dll’ due to error ‘Agent Transport Rule couldn’t load the rule collection.’. : Microsoft.Exchange.Data.ExchangeConfigurationException: Failed to create type ‘Microsoft.Exchange.MessagingPolicies.TransportRuleAgent.TransportRuleAgentFactory’ from assembly ‘C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Rule\Microsoft.Exchange.MessagingPolicies.TransportRuleAgent.dll’ due to error ‘Agent Transport Rule couldn’t load the rule collection.’. —> Microsoft.Exchange.Data.ExchangeConfigurationException: Agent Transport Rule couldn’t load the rule collection.
    at Microsoft.Exchange.MessagingPolicies.TransportRuleAgent.TransportRuleAgentFactory..ctor()
    — End of inner exception stack trace —
    at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.FactoryTable.CreateAgentFactory(AgentInfo agentInfo)
    at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.FactoryTable..ctor(IEnumerable agents, FactoryInitializer factoryInitializer)
    at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.RuntimeSettings..ctor(MExConfiguration config, String agentGroup, FactoryInitializer factoryInitializer)
    at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.MExRuntime.Initialize(String configFile, String agentGroup, ProcessTransportRole processTransportRole, String installPath, FactoryInitializer factoryInitializer)
    at Microsoft.Exchange.Transport.Categorizer.MExEvents.Initialize(String configFilePath)
    at Microsoft.Exchange.Transport.Components.CategorizerMExRuntimeLoader.Load()

    Can you please advise ?

    Cheers,

    Rohan

    1. Sydguy says:

      Update :

      If I disable built-in Transport Agent from Microsoft called “Transport Rule Agent” [ which by default has priority of 1 ] , I can start the transport service with out any issues.

      So , I am not sure why fresh Install of Exchange will have issue with built-in transport agent – “Transport Rule Agent”.

      Can you please advise ?

      Thanks very much,

      1. Sydguy says:

        Update :

        One of our transport rules which was in up and working in exchange 2010 broke the transport service in Exchange 2013 which we recently introduced in our exchange environment. Because of this transport rule , Transport rule agent was not able to load all transport rules and which in turn was breaking our Transport Service.

        We have to delete that transport rule and after that we were able to start transport services on Exchange 2013 environment without any issues.

  7. David says:

    hello, It seems Microsoft pulled Exchange 2013 CU15 out of downloading. One of our clients is still running Exchange CU10 .net 4.5.x How can we get Exchange upgrade to CU19? Thanks.

Skip to main content