Exchange 2013 CU22 Released

Exchange 2013 CU22 has been released to the Microsoft download centre!  Exchange 2013 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2013 and can be used to install a fresh server or to update a previously installed one.  Exchange 2013 SP1 was in effect CU4, and CU22 is the eighteenth post SP1 release.

Update: Please see this post to correct the cosmetic Add/Remove programs issue with CU22.

Download Exchange 2013 CU22

This is build 15.00.1473.003 of Exchange 2013 and the update is helpfully named Exchange2013-x64-cu22.exe.  Which is a great improvement over the initial CUs that all had the same file name!  Details for the release are contained in KB 4345836.

Exchange 2007 is no longer supported, updates are not provided once a product has exited out of extended support.

Exchange 2010 will transition out of support on the 14th of January 2020.

Updates Of Particular Note

While Exchange 2013 CU21 was the last planned CU for this version of Exchange, a new CU was required to address security issues.  This update provides a security advisory in Microsoft Exchange. For more information, see Security Advisory ADV190004 for. It also resolves some vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2019-0686 and Microsoft Common Vulnerabilities and Exposures CVE-2019-0724.

Note that there are changes in Exchange EWS functionality with this release, so please review all of the notes contained within the release post

Also pay attention to Decreasing Exchange Rights in the Active Directory.  This is covered in KB 4490059 --  Reducing permissions required to run Exchange Server by using Shared Permissions Model.  In order to apply these changes, a directory admin will need to run the cumulative update setup program with the /PrepareAD parameter. When multiple Exchange versions co-exist in a single Active Directory forest, the cumulative update matching the latest version of Exchange deployed should be used to run /PrepareAD


.NET Framework 4.7.2 Support was added to Exchange 2013 CU21 previously.

Issues Resolved

  • 4487603 "The action cannot be completed" error when you select many recipients in the Address Book of Outlook in Exchange Server 2013
  • 4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access
  • 4490059 Reducing permissions required to run Exchange Server using Shared Permissions Mod

Some Items For Consideration

As with previous CUs, this one also follows the new servicing paradigm which was previously discussed on the blog.  The CU package can be used to perform a new installation, or to upgrade an existing Exchange Server 2013 installation.  You do not need to install Cumulative Update 4 or 5 for Exchange Server 2013 when you are installing the latest CU.  Cumulative Updates are well, cumulative.  What else can I say…

For customers with a hybrid Exchange deployment, must keep their on-premises Exchange servers updated to the latest update or the one immediately prior ( N or N-1).

After you install this cumulative update package, you cannot uninstall the cumulative update package to revert to an earlier version of Exchange 2013. If you uninstall this cumulative update package, Exchange 2013 is removed from the server.

  • Test the CU in a lab which is representative of your environment

  • Review this post to also factor in AD preparation which is to be done ahead of installing the CU onto the first Exchange server

  • Follow your organisation’s change management process, and factor the approval time into your change request

  • Provide appropriate notifications as per your process.  This may be to IT teams, or to end users.

  • After you install this cumulative update package, you cannot uninstall the cumulative update package to revert to an earlier version of Exchange. If you uninstall this cumulative update package, Exchange is removed from the server.

  • Place the server into SCOM maintenance mode prior to installing, confirm the install then take the server out of maintenance mode

  • Place the server into Exchange maintenance mode prior to installing, confirm the install then take the server out of maintenance mode

  • I personally like to restart prior to installing CUs.  This helps identifies if an issue was due to the CU or happened in this prior restart, and also completes any pending file rename operations.  3rd party AV products are often guilty of this

  • Restart the server after installing the CU

  • Ensure that all the relevant services are running

  • Ensure that event logs are clean, with no errors

  • Ensure that you consult with all 3rd party vendors which exist as part of your messaging environment.  This includes archive, backup, mobility and management services

  • Ensure that you do not forget to install this update on management servers, jump servers/workstations and application servers where the management tools were installed for an application.  FIM and 3rd party user provisioning solutions are examples of the latter

  • Ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed.  See KB981474

  • Disable file system antivirus prior to installing.  Do this through the appropriate console.  Typically this will be a central admin console, not the local machine

  • Verify file system antivirus is actually disabled

  • Once server has been restarted, re-enable file system antivirus

  • Note that customised configuration files are overwritten on installation.  Make sure you have any changes fully documented!

Please enjoy the update responsibly!

What do I mean by that?  Well, you need to ensure that you are fully informed about the caveats with the CU  and are aware of all of the changes that it will make within your environment.  Additionally you will need to test the CU your lab which is representative of your production environment.



Comments (24)
  1. Brenkster says:

    Have you seen or heard after installing Exchange 2013 CU22 in “Programs and features” the update shows as “Microsoft Exchange Server 2013 Cumulative Update CU20” with version 15.0.1473.3. This is the first server from 6 I updated and now I’m hesitant to continue.
    .NET 4.7.2 is installed and so far it does seem to function, even when remotely checking the version is says the version is 15.0.1473.3

    1. EnisAhmeti says:

      Hi Brenkster,

      I updated CU21 to CU22, but in “Programs and features” is CU 20, it seems to be just a mistake with Program Name.
      15.0.1473.3 is the correct version of CU22:

    2. Anil.Miranda says:

      I have installed this update CU22 – CU21 and Programs and features” is CU 20 with the with version 15.0.1473.3
      also did an install on another exchange cluster from CU21 – CU22 and can see the same CU 20 with the with version 15.0.1473.3

      1. Hi folks – yes, that has been observed. The build number is correct. The CU number listed is not.

        Checking with Get-ExchangeServer shows the right information etc.


    3. SamimShaikh says:

      Yes, I am facing this bug. Build version and all correct but in appwiz.cpl console its appearing CU 20. Heard earlier that Microsoft has no plan to release further CU’s after CU20 for Exchange 2013 or so and developer team keeping that statement true. 🙂

      1. CU21 was intended as the last planned one for Exchange 2013. CU22 was required to address this security issue.


  2. Anonymous says:
    (The content was deleted per user request)
  3. Yossarian13 says:

    Anyone getting 1603 error on Copying Exchange Files step?
    I’ve tried re-downloading installation package but no avail.

    “Installing product C:\install\cu22\exchangeserver.msi failed. Fatal error during installation. Error code is 1603.
    Last error reported by the MSI package is ‘Error reading from file: C:\install\cu22\Setup\ServerRoles\TransportRoles\age
    nts\Journaling\Microsoft.Exchange.MessagingPolicies.UnJournalAgent.dll. Verify that the file exists and that you can a
    ccess it.’.”

    Server is in maintenance mode.
    There is no pending restart.
    vcredist 2013 x86 & x64 are installed (12.0.40660.0).
    Net Framework 4.7.1 is installed.
    PS Execution Policy is set to unrestricted.
    I’ve tried right clicking it with admin rights and through elevated CMD and PS.
    I’ve given install account full control permissions on source and destination folder.
    Current version is CU21.

  4. So if I am reading this correctly the PrepAD switch is basically now a mandatory prerequisite of the CU whereas it hasn’t been in the past

    1. Hi Daniel,

      That is a yes and no.

      yes – we need to run it.

      No – you should have been running it manually previously.

      This is due to issues such as this:


  5. KeithPCO says:

    So I just spent the last 20 hours recovering from a failed update from Exchange 2013 CU 20 to 22.
    The CU update failed on step 10 and we were sunk.
    I unfortunately did not see this post until after our failure. I know I didn’t follow half of these steps /recommendations.
    Fortunately for us we only have a single on prem Exchange server used in a Hybrid configuration with O365.
    So it was a relatively easy process to run the CU 22 install on a fresh server and migrate the mailbox DB from the old server.
    We utilized Microsoft support for this. It was worth the 500$ to have them rip through the new setup instead of googling every step.
    Moral of the story is to follow the recommendations and then cross your fingers and hope for the best.
    Because you can’t go backwards if your CU update fails half way through.

  6. Jmeredith says:

    Make sure to manually bind your SSL cert to the Back End Servers in IIS, that bogged us down for a bit after rebooting.

    1. @J – Ideally that should not be required. But have seen that over the years with previous CUs 🙁

      Good job fixing that up!


      1. Danny Borhi says:

        Hi Rhoderick,
        what vcredit 2013 ++ is correct as prerequisite for Exchange 2013 cu22?

        this version 12.0.30501 or this version 12.0.40649

        Many thank in advance.
        Best regards

      2. Danny Borhi says:

        Hi Rhoderick, please give me a feedback on what vcredit 2013 ++ is correct as prerequisite for Exchange 2013 cu22?
        What version is correct this 12.0.30501 or this version 12.0.40649
        Many thank in advance.
        Best regards Danny

        1. The whole point of decoupling the Visual C++ Runtime was to allow it to be patched the same as the other components that are installed. I doubt there is a minimum version documented, but the expectation is that it is updated and patched. Thus the build number will move forward as the Runtime is patched and updated.

          Long story short, I would be looking at the newest one.


  7. James.Yuan says:

    Hi,guy.I have also enconutered this a problemk,Please use the following method to solve:

  8. I have a delicate problem. In the process of updating to CU22 on the mailboxserver and the Edgeserver something went wrong. All installation seemd to worked out as supposed but it didn’t. We have done all the way trough /PrepareSchema /PrepareAD and /PrepareDomian.
    We had som external support and ended up with CU22 on the Edge and CU22 on the mailbox according to the consultant. But there is something strange going on. With Get-ExchangeServer | fl it states that it has 1473 on both servers. When checking the Edgeserver it states as mentioned above “Cumalative Update 20” in programs and features. When checking the registry all the values are right exept the name. However when checking the mailbox it states 1395.3 at all the registry values, and when looking at “Program and features” It says “Cumalative update 21”, so not the “CU22 Bug”. It seems there is some sort of version/where to look for information. I state that it has CU21 on the mailbox but is there some meta data on files where to really get all info on the table?
    Thanks for any input!

    1. You prompted me to promote this from the draft folder 🙂

      You can also use the older method to check the version of exsetup.exe — look at the end of this post:

      Make sure that the CU was installed using an elevated cmd prompt, to prevent you re-installing the same CU.

      Also, If you are looking at the EdgeSync version data that will not be updated. Will need to resubscribe the edge to update that.


  9. Matt Fauzy says:

    Hi All, I’m facing issue after install CU 22 on Exchange Server 2013 (have DAG). On MAIL01 installation prefect, but problem on MAIL02.
    The installation CU 22 was failed at Exchange Server component Mailbox role: Transport service failed.. I’m tried to re-install again but not prompt installation windows. I’ve check on ExchangeSetupLog but I cannot figure out.
    Below the event log during installation was failed
    Exchange Server component Mailbox role: Transport service failed.
    Error: Error:
    The following error was generated when “$error.Clear();
    if (get-service MSExchangeServiceHost* | where {$ -eq “MSExchangeServiceHost”})
    restart-service MSExchangeServiceHost
    ” was run: “Microsoft.PowerShell.Commands.ServiceCommandException: Service ‘Microsoft Exchange Service Host (MSExchangeServiceHost)’ cannot be started due to the following error: Cannot start service MSExchangeServiceHost on computer ‘.’. —> System.InvalidOperationException: Cannot start service MSExchangeServiceHost on computer ‘.’. —> System.ComponentModel.Win32Exception: The dependency service or group failed to start
    — End of inner exception stack trace —
    at System.ServiceProcess.ServiceController.Start(String[] args)
    at Microsoft.PowerShell.Commands.ServiceOperationBaseCommand.DoStartService(ServiceController serviceController)
    — End of inner exception stack trace —“.

    Can someone help me?

    1. Hi Matt,

      If you have not been able to fix that, the best option will be to do a /RecoverServer and bring the server back that way.


  10. Hello Rhoderick, is CU22 still compatible for coexistence with Exchange 2007? I have a client i need to migrate to 2016 and i need to install an interim 2013 to succesfully migrate everything. Is there any chance that CU22 broke the coexistence since exchange 2007 is not supported anymore?

    1. Hi Alberto,

      Since Exchange 2007 is no longer supported, that is not something that I can comment on.


      1. Thank you. I understand the issue, the problem is older CUs are no longer available for download. I guess i’ll have to try with the latest ones.

Comments are closed.

Skip to main content