Exchange 2019 CU1 has been released to the Microsoft download centre! Exchange 2019 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously. CUs are a complete installation of Exchange 2019 and can be used to install a fresh server or to update a previously installed one. Exchange 2013 and 2016 have the same servicing methodology.
Details for the release are contained in KB 4471391.
Updates Of Particular Note
This update provides a security advisory in Microsoft Exchange. For more information, see Security Advisory ADV190004. It also resolves some vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2019-0686 and Microsoft Common Vulnerabilities and Exposures CVE-2019-0724.
Note that there are changes in Exchange EWS functionality with this release, so please review all of the notes contained within the release post.
Also pay attention to Decreasing Exchange Rights in the Active Directory. This is covered in KB 4490059 — Reducing permissions required to run Exchange Server by using Shared Permissions Model. In order to apply these changes, a directory admin will need to run the cumulative update setup program with the /PrepareAD parameter. When multiple Exchange versions co-exist in a single Active Directory forest, the cumulative update matching the latest version of Exchange deployed should be used to run /PrepareAD
Noted that an Exchange 2019 install requires Windows Server 2019. This is documented in the Exchange Support Matrix.
.NET Framework 4.7.2 is required. This is listed in the Exchange Server prerequisites. Also note the requirement for Visual C++ Redistributable Package for Visual Studio 2012.
4487596 Emails are blocked in moderator mailbox Outbox folder when you send large volumes of emails in Exchange Server 2019
4487591 The recipient scope setting doesn’t work for sibling domains when including OUs in the scope in Exchange Server 2019
4487602 Outlook for Mac users can still expand a distribution group when hideDLMembership is set to true in Exchange Server 2019
4488076 Outlook on the Web can’t be loaded when users use an invalid Windows language in operating system in Exchange Server 2019
4488079 Exchange Server 2016 allows adding Exchange Server 2019 mailbox server into a same DAG and vice versa
4488263 X-MS-Exchange-Organization-BCC header isn’t encoded correctly in Exchange Server 2019
4488080 New-MigrationBatch doesn’t honor RBAC management scope in Exchange Server 2019
4488262 Delivery Reports exception when tracking a meeting request that’s sent with a room resource in Exchange Server 2019
4488268 Disable the irrelevant Query logs that’re created in Exchange Server 2019
4488267 Test-OAuthConnectivity always fails when Exchange Server uses proxy to connect to Internet in Exchange Server 2019
4488266 Client application doesn’t honor EwsAllowList in Exchange Server 2019
4488265 “There are problems with the signature” error occurs for digital signature message if attachment filtering is enabled in Exchange Server 2019
4488398 “The Microsoft Exchange Replication service may not be running on server” error when you add a mailbox database copy in Exchange Server 2019
4488264 Mailbox that has a bad move request can’t be cleaned up from destination mailbox database in Exchange Server 2019
4488261 Event ID 1002 when the store worker process crashes in Exchange Server 2019
4488260 New-MailboxExportRequest and New-MailboxImportRequest don’t honor RBAC management scope in Exchange Server 2019
4488259 MailTip shows wrong number of users for a distribution group if the users are in different domains in Exchange Server 2019
4488258 OAuth authentication is removed when saving MAPI virtual directory settings in EAC in Exchange Server 2019
4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access
4490059 Reducing permissions required to run Exchange Server using Shared Permissions Model
Some Items For Consideration
Exchange 2019 follows the same servicing paradigm for Exchange 2013 and 2016 which was previously discussed on the blog. The CU package can be used to perform a new installation, or to upgrade an existing Exchange Server 2019 installation to this CU. Cumulative Updates are well, cumulative. What else can I say…
Customers with a hybrid Exchange deployment, must keep their on-premises Exchange servers updated to the latest update or the one immediately prior ( N or N-1).
- Test the CU in a lab which is representative of your environment
- Review this post to also factor in AD preparation which is to be done ahead of installing the CU onto the first Exchange server
- Follow your organisation’s change management process, and factor the approval time into your change request
- Provide appropriate notifications as per your process. This may be to IT teams, or to end users.
- After you install this cumulative update package, you cannot uninstall the cumulative update package to revert to an earlier version of Exchange. If you uninstall this cumulative update package, Exchange is removed from the server.
- Place the server into SCOM maintenance mode prior to installing, confirm the install then take the server out of maintenance mode
- lace the server into Exchange maintenance mode prior to installing, confirm the install then take the server out of maintenance mode
- I personally like to restart prior to installing CUs. This helps identifies if an issue was due to the CU or happened in this prior restart, and also completes any pending file rename operations. 3rd party AV products are often guilty of this
- Restart the server after installing the CU
- Ensure that all the relevant services are running
- Ensure that event logs are clean, with no errors
- Ensure that you consult with all 3rd party vendors which exist as part of your messaging environment. This includes archive, backup, mobility and management services.
- Ensure that you do not forget to install this update on management servers, jump servers/workstations and application servers where the management tools were installed for an application. FIM and 3rd party user provisioning solutions are examples of the latter.
- Ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. See KB981474.
- Disable file system antivirus prior to installing. Do this through the appropriate console. Typically this will be a central admin console, not the local machine.
- Verify file system antivirus is actually disabled
- Once server has been restarted, re-enable file system antivirus.
Please enjoy the update responsibly!
What do I mean by that? Well, you need to ensure that you are fully informed about the caveats with the CU and are aware of all of the changes that it will make within your environment. Additionally you will need to test the CU your lab which is representative of your production environment.