Exchange 2016 CU16 has been released to the Microsoft download centre! Exchange 2016 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously. CUs are a complete installation of Exchange 2016 and can be used to install a fresh server or to update a previously installed one. Exchange 2013 has the same servicing methodology.
This is build 15.01.1979.003 of Exchange 2016 and the update is helpfully named ExchangeServer2016-x64-CU16.iso which allows us to easily identify the update. Details for the release are contained in KB 4537678.
Exchange 2007 is no longer supported, updates are not provided once a product has exited out of extended support.
Exchange 2010 will transition out of support on the 13th of October 2020. Note this is an extension of the original date which was January 14th 2020.
Updates Of Particular Note
There were recent security release for Exchange 2016 and 2019. These fixes are included in Exchange 2016 CU16. For details please see:
4536987 Description of the security update for Microsoft
Exchange Server 2016: February 11, 2020
4540123 Description of the security update for
Microsoft Exchange Server 2016: March 10, 2020
Note that there are some known issues which are discussed in KB 4537678. For net new Exchange installations there are additional operations required for multiple domain environments where /PrepareAD needs to be executed manually in the other domains.
This CU still has the Autodiscover EventID 1 error in the Application event log. See KB 4532190 for details.
Please note that .NET Framework 4.8 is a requirement. See this post if installing .NET and the Exchange CU in the same maintenance window.
Details are listed in the Exchange Server prerequisites. Also note the requirement for Visual C++ Redistributable Package for Visual Studio 2013.
Issues Resolved
- 4547705 Authentication loop between msft.sts.microsoft.com/adfs and OWA in Exchange Server 2016
- 4547706 Birthday isn't correctly synced to iOS native mail app in Exchange Server 2016
- 4547708 Elevation of privileges possible when Active Directory permissions role is granted in Exchange Server 2016
- 4547709 InternetWebProxyBypassList is ignored by Mailbox Replication service in Exchange Server 2016
- 4547710 New-MailboxSearch with In-Place Hold enabled replaces all values in msExchUserHoldPolicies if adding a value in Exchange Server 2016
- 4547711 Public folder permissions aren't applied from Outlook in Exchange Server 2016 hybrid environment
- 4547712 Outlook on the web (OWA) exposes junk operations even if disabled via OwaMailboxPolicy in Exchange Server 2016
- 4547713 IsOnlineMeeting is always false for Teams-only meetings in Exchange Server 2016
- 4547714 Can't add remote shared mailbox by using ECP into distribution group in Exchange Server 2016 hybrid environment
- 4547715 New created search folder retention policy is changed in Exchange Server 2016
- 4547722 Can't go from Office 365 to Enterprise in Exchange Server 2016 Exchange admin center (EAC) if Chrome SameSite Cookie is enabled
- 4547723 Can't sign in to Office 365 if configuring hybrid with Chrome SameSite Cookie enabled in Exchange Server 2016
- 4547716 Event ID 1325 and Test-ExchangeSearch crashes application pool with NullReferenceException in Exchange Server 2016
- 4536987 Description of the security update for Microsoft Exchange Server 2016: February 11, 2020
- 4540123 Description of the security update for Microsoft Exchange Server 2016: March 10, 2020
Some Items For Consideration
Exchange 2016 follows the same servicing paradigm for Exchange 2013 which was previously discussed on the blog. The CU package can be used to perform a new installation, or to upgrade an existing Exchange Server 2016 installation to this CU. Cumulative Updates are well, cumulative. What else can I say…
Customers with a hybrid Exchange deployment, must keep their on-premises Exchange servers updated to the latest update or the one immediately prior ( N or N-1).
-
Test the CU in a lab which is representative of your environment
-
Review this post to also factor in AD preparation which is to be done ahead of installing the CU onto the first Exchange server
-
Follow your organisation’s change management process, and factor the approval time into your change request
-
Provide appropriate notifications as per your process. This may be to IT teams, or to end users.
-
After you install this cumulative update package, you cannot uninstall the cumulative update package to revert to an earlier version of Exchange. If you uninstall this cumulative update package, Exchange is removed from the server.
-
Place the server into SCOM maintenance mode prior to installing, confirm the install then take the server out of maintenance mode
-
lace the server into Exchange maintenance mode prior to installing, confirm the install then take the server out of maintenance mode
-
I personally like to restart prior to installing CUs. This helps identifies if an issue was due to the CU or happened in this prior restart, and also completes any pending file rename operations. 3rd party AV products are often guilty of this
-
Restart the server after installing the CU
-
Ensure that all the relevant services are running
-
Ensure that event logs are clean, with no errors
-
Ensure that you consult with all 3rd party vendors which exist as part of your messaging environment. This includes archive, backup, mobility and management services.
-
Ensure that you do not forget to install this update on management servers, jump servers/workstations and application servers where the management tools were installed for an application. FIM and 3rd party user provisioning solutions are examples of the latter.
-
Ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. See this article on setting PowerShell to Unrestricted..
-
Disable file system antivirus prior to installing. Do this through the appropriate console. Typically this will be a central admin console, not the local machine.
-
Verify file system antivirus is actually disabled
-
Once server has been restarted, re-enable file system antivirus.
Please enjoy the update responsibly!
What do I mean by that? Well, you need to ensure that you are fully informed about the caveats with the CU and are aware of all of the changes that it will make within your environment. Additionally you will need to test the CU your lab which is representative of your production environment.
Cheers,
Rhoderick
