Exchange 2016 CU9 has been released to the Microsoft download centre! Exchange 2016 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously. CUs are a complete installation of Exchange 2016 and can be used to install a fresh server or to update a previously installed one. Exchange 2013 has the same servicing methodology.
This is build 15.01.1466.003 of Exchange 2016 and the update is helpfully named ExchangeServer2016-x64-CU9.iso which allows us to easily identify the update. Details for the release are contained in KB 4055222.
Exchange 2007 is no longer supported, updates are not provided once a product has exited out of extended support.
Updates Of Particular Note
.NET framework 4.7.1 is fully supported. Currently this is an optional item, but will be required with the June 2018 CU. Plan accordingly! Customers should test, verify and install CU9 then move to update to .NET 4.7.1 which will be required for the June 2018 CU install.
.NET Framework 4.7 is not supported.
TLS 1.2 is now supported on all supported Exchange versions. Expect to see additional guidance on this subject. The first post in this series is already available. This is a work stream that will require attention as Office 365 will enforce TLS 1.2 on October 31st 2018. This is an extension to the previous announcement, and details are available here.
As per Active Directory Forest Functional Levels for Exchange Server 2016, it was announced that Exchange Server 2016 would enforce a minimum 2008R2 Forest Functional Level requirement for Active Directory. Cumulative Update 7 for Exchange Server 2016 started enforcing this AD DS requirement.
4057216 Health mailbox's password is exposed in logs for a failed probe in Exchange Server 2016 and 2013
4073110 You can't access OWA or ECP after you install Exchange Server 2016 CU8
4073392 Description of the security update for Microsoft Exchange: March 13, 2018
4058401 Administrator audit logging does not record Set-ServerComponentState cmdlet details in Exchange Server 2013 or 2016 environment
4073097 Monitoring probes of ECP.Proxy health checks fail on all CAS roles in Exchange Server 2013 and 2016
4073098 The ETS and EXS groups are incorrectly granted “SeDebugPrivilege” in Exchange Server 2016 on-premises
4077924 Store Worker process crashes when you move, restore, or repair mailboxes that have issues with the logical index within the database in Exchange Server 2016
CU9 includes the security fixes released to address the issues in the March 2018 security bulletin.
CU9 also includes the latest DST updates.
Issues Resolved
4054513 Mailbox usage status bar in OWA displays incorrect mailbox usage
4055433 User is added to an entire series when accepting a single instance through Exchange ActiveSync
4057216 Health mailbox's password is exposed in logs for a failed probe in Exchange Server 2016 and 2013
4058373 "A parameter cannot be found" error when you run Install-AntiSpamAgents.ps1 in Exchange Server 2016 CU7
4058379 All cross-forest meeting updates have to be accepted again in Exchange Server 2016 and 2013
4058383 Exchange Control Panel (ECP) redirection fails in Exchange Server 2016
4058384 Get-CalendarDiagnosticAnalysis shows DateTime in 12-hour clock in Exchange Server 2016 and 2013
4058399 Disabling a mailbox can't remove legacyExchangeDN from user's properties in Exchange Server 2016
4073094 Emails outside a UID range are returned when you request for emails by using IMAP
4073095 "550 5.6.0 CAT.InvalidContent.Exception" and email isn't delivered in Exchange Server 2016 and 2013
4073104 PIN can be reset on a Unified Messaging (UM)-enabled mailbox for a user outside a scoped OU
4073103 The Enable-Mailbox cmdlet doesn't block migrated users from provisioning in Exchange Server 2016
4073107 Language can't be changed when a user from a child domain tries to change language in OWA
4073111 Can't access a CAS website such as OWA/ECP/Autodiscover in Exchange Server 2016
4073110 You can't access OWA or ECP after you install Exchange Server 2016 CU8
4073109 Search-MailboxAuditLog -ShowDetails not showing all messages in Exchange Server 2016
4073114 "ADOperationException" error when OWA text verification fails in Exchange Server 2016
4073214 Can't enable OWA offline access in Exchange Server 2016
4073531 CultureNotFoundException when selecting a LCID 4096 language in OWA for Exchange Server 2016
4076520 MatchSubdomains isn't usable for Set-AcceptedDomain in Exchange Server 2016
4076741 Incorrect NDR when an administrator deletes a message from a queue in Exchange Server 2016
4077655 Event ID 258 "Unable to determine the installed file" after you uninstall Windows PowerShell 2.0
4057290 Incorrect user is returned in the ECP when one user's display name matches another user's alias
4058372 Blank page in Exchange Admin Center Audit Log in Exchange Server 2016
4058382 Can't retrieve time slot information about private calendar items as a delegate on another user's account in Exchange Server 2016
4058401 Administrator audit logging does not record Set-ServerComponentState cmdlet details in Exchange Server 2013 or 2016 environment
4073097 Monitoring probes of ECP.Proxy health checks fail on all CAS roles in Exchange Server 2013 and 2016
4073098 The ETS and EXS groups are incorrectly granted “SeDebugPrivilege” in Exchange Server 2016 on-premises
4073108 “There was a problem loading your options” error when a user accesses OWA Voice Mail options in Exchange Server 2016
4077924 Store Worker process crashes when you move, restore, or repair mailboxes that have issues with the logical index within the database in Exchange Server 2016
4091453 Update improves linguistics features and CJK handling for search in Exchange Server 2016
4073392 Description of the security update for Microsoft Exchange: March 13, 2018
After you install Cumulative Update 9 for Exchange Server 2016, the Accept button disappears in the invitation email message of a shared calendar in Outlook Web App (OWA). Therefore, you cannot add the shared calendar by clicking the Accept button directly.
Some Items For Consideration
Exchange 2016 follows the same servicing paradigm for Exchange 2013 which was previously discussed on the blog. The CU package can be used to perform a new installation, or to upgrade an existing Exchange Server 2016 installation to this CU. Cumulative Updates are well, cumulative. What else can I say…
For customers with a hybrid Exchange deployment, must keep their on-premises Exchange servers updated to the latest update or the one immediately prior ( N or N-1).
-
Test the CU in a lab which is representative of your environment
-
Review this post to also factor in AD preparation which is to be done ahead of installing the CU onto the first Exchange server
-
Follow your organisation’s change management process, and factor the approval time into your change request
-
Provide appropriate notifications as per your process. This may be to IT teams, or to end users.
-
After you install this cumulative update package, you cannot uninstall the cumulative update package to revert to an earlier version of Exchange. If you uninstall this cumulative update package, Exchange is removed from the server.
-
Place the server into SCOM maintenance mode prior to installing, confirm the install then take the server out of maintenance mode
-
lace the server into Exchange maintenance mode prior to installing, confirm the install then take the server out of maintenance mode
-
I personally like to restart prior to installing CUs. This helps identifies if an issue was due to the CU or happened in this prior restart, and also completes any pending file rename operations. 3rd party AV products are often guilty of this
-
Restart the server after installing the CU
-
Ensure that all the relevant services are running
-
Ensure that event logs are clean, with no errors
-
Ensure that you consult with all 3rd party vendors which exist as part of your messaging environment. This includes archive, backup, mobility and management services.
-
Ensure that you do not forget to install this update on management servers, jump servers/workstations and application servers where the management tools were installed for an application. FIM and 3rd party user provisioning solutions are examples of the latter.
-
Ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. See KB981474.
-
Disable file system antivirus prior to installing. Do this through the appropriate console. Typically this will be a central admin console, not the local machine.
-
Verify file system antivirus is actually disabled
-
Once server has been restarted, re-enable file system antivirus.
-
Note that customised configuration files are overwritten on installation. Make sure you have any changes fully documented!
-
CU9 does NOT contain new AD Schema updates for your organisation.
While CU9 does not add any new AD Schema changes. If you are on an out-dated CU currently, then deploying CU9 may contain AD Schema updates for your organisation – please test and plan accordingly! Whether or not your AD Schema needs to be updated depends upon your initial Exchange 2016 version. This will dictate if the AD Schema needs to be modified.
Please enjoy the update responsibly!
What do I mean by that? Well, you need to ensure that you are fully informed about the caveats with the CU and are aware of all of the changes that it will make within your environment. Additionally you will need to test the CU your lab which is representative of your production environment.
Cheers,
Rhoderick
