Exchange 2019 CU3 has been released to the Microsoft Volume Licensing Center! Exchange 2019 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously. CUs are a complete installation of Exchange 2019 and can be used to install a fresh server or to update a previously installed one. Exchange 2013 and 2016 have the same servicing methodology.
Details for the release are contained in KB 4514141.
Updates Of Particular Note
The September 2019 security fix is included in this CU, for details please see 4515832 Description of the security update for Microsoft Exchange Server 2019 and 2016: September 10, 2019
Note that there are some known issues which are discussed in the release KB. For net new Exchange installations there are additional operations required for multiple domain environments where /PrepareAD needs to be executed manually in the other domains.
This CU introduces an Autodiscover EventID 1 error in the Application event log. See KB 4532190 for details.
Please plan for the upcoming requirement of .NET Framework 4.8 in subsequent CU releases.
Details are listed in the Exchange Server prerequisites. Also note the requirement for Visual C++ Redistributable Package for Visual Studio 2012.
Note that an Exchange 2019 install requires Windows Server 2019. This is documented in the Exchange Support Matrix.
- 4515257 Hash mismatch is reported for Exchange DLLs in the bin directory of Exchange Server 2019
- 4513500 Can't sign in to OWA or EAC after you install Exchange Server 2019 CU2 with AD FS
- 4502159 Adding or removing mailbox permission in EAC doesn't address the msExchDelegateListLink attribute in Exchange Server 2019 and 2016
- 4515276 Room mailbox accepts a meeting as "Free" if a booking delegate is set in Exchange Server 2019 and 2016
- 4515275 Enable Get/Restore-RecoverableItems to work with Purges folder in Exchange Server 2019 and 2016
- 4515274 AutodiscoverV2 request returns REST API endpoint not AutoDiscoverV1 endpoint in Exchange Server 2019 and 2016
- 4515269 SentToMemberOf shows every recipient type not distribution groups when you create transport rule in Exchange Server 2019 and 2016
- 4515272 Message is blocked in "SMTP Delivery to Mailbox" queue if exchange server is added in groups of a child domain in Exchange Server 2019 and 2016
- 4515271 Can't convert a migrated remote user mailbox to shared in Exchange Server 2019 and 2016
- 4515270 SubmissionQueueLengthMonitor shows "System.ArgumentException: Transition timeout…" in Exchange Server 2019 and 2016
- 4515267 NDR occurs when you resend message from alternate journaling mailbox to journaling mailbox in Exchange Server 2019 and 2016
- 4515265 Removing In-Place Hold doesn't work for mailboxes in different domains in Exchange Server 2019 and 2016
- 4515264 FindPeople request from Skype for Business on Mac fails with "Invalid Shape Specification" in Exchange Server 2019 and 2016
- 4515263 Hide the "Validate-MailFlowThroughFrontDoor" command for Exchange Server 2019 and 2016
- 4515262 Enable Remove-MobileDevice to delete mobile devices after migrating to Office 365 from Exchange Server 2019 and 2016
- 4515261 Can't copy eDiscovery search results for mailboxes with Exchange online archives in Office 365 in Exchange Server 2019 and 2016
- 4515273 Mailbox auditing fails when using SHA1Managed in Exchange Server 2019 and 2016
- 4515266 Infinite loop in Recurrence.GetNumberOfYearsBetween() with the Japanese calendar in Exchange Server 2019 and 2016
- 4520319 S/MIME signed reply draft behaves like the first message in conversation in Exchange Server 2019 and 2016
- 4515832 Description of the security update for Microsoft Exchange Server 2019 and 2016: September 10, 2019
Some Items For Consideration
Exchange 2019 follows the same servicing paradigm for Exchange 2013 and 2016 which was previously discussed on the blog. The CU package can be used to perform a new installation, or to upgrade an existing Exchange Server 2019 installation to this CU. Cumulative Updates are well, cumulative. What else can I say…
Customers with a hybrid Exchange deployment, must keep their on-premises Exchange servers updated to the latest update or the one immediately prior ( N or N-1).
Test the CU in a lab which is representative of your environment
Review this post to also factor in AD preparation which is to be done ahead of installing the CU onto the first Exchange server
Follow your organisation's change management process, and factor the approval time into your change request
Provide appropriate notifications as per your process. This may be to IT teams, or to end users.
After you install this cumulative update package, you cannot uninstall the cumulative update package to revert to an earlier version of Exchange. If you uninstall this cumulative update package, Exchange is removed from the server.
Place the server into SCOM maintenance mode prior to installing, confirm the install then take the server out of maintenance mode
I personally like to restart prior to installing CUs. This helps identifies if an issue was due to the CU or happened in this prior restart, and also completes any pending file rename operations. 3rd party AV products are often guilty of this
Restart the server after installing the CU
Ensure that all the relevant services are running
Ensure that event logs are clean, with no errors
Ensure that you consult with all 3rd party vendors which exist as part of your messaging environment. This includes archive, backup, mobility and management services.
Ensure that you do not forget to install this update on management servers, jump servers/workstations and application servers where the management tools were installed for an application. FIM and 3rd party user provisioning solutions are examples of the latter.
Ensure that the Windows PowerShell Script Execution Policy is set to "Unrestricted" on the server being upgraded or installed. See KB981474.
Disable file system antivirus prior to installing. Do this through the appropriate console. Typically this will be a central admin console, not the local machine.
Verify file system antivirus is actually disabled
Once server has been restarted, re-enable file system antivirus.
Please enjoy the update responsibly!
What do I mean by that? Well, you need to ensure that you are fully informed about the caveats with the CU and are aware of all of the changes that it will make within your environment. Additionally you will need to test the CU your lab which is representative of your production environment.