Blog Post

Exchange Team Blog

4 MIN READ

Released: March 2017 Quarterly Exchange Updates

Platinum Contributor

Mar 21, 2017

With this month’s quarterly release we bid a fond farewell to Exchange Server 2007. Support for Exchange Server 2007 expires on 4/11/2017. Update Rollup 23 for Service Pack 3 will be the last update rollup released for the Exchange Server 2007 product. Today we are also releasing the latest set of Cumulative Updates for Exchange Server 2016 and Exchange Server 2013. These releases include fixes to customer reported issues and updated functionality. Exchange Server 2016 Cumulative Update 5 and Exchange Server 2013 Cumulative Update 16 are available on the Microsoft Download Center. Update Rollup 17 for Exchange Server 2010 Service Pack 3 is also now available.

Exchange Server 2013 and 2016 require .Net 4.6.2

As previously announced, Exchange Server 2013 and Exchange Server 2016 now require .Net 4.6.2 on all supported operating systems. Customers who are still running .Net 4.5.2 should deploy Cumulative Update 4 or Cumulative Update 15, upgrade the server to .Net 4.6.2 and then deploy either Cumulative Update 5 or Cumulative Update 16.

Arbitration Mailbox Migration

Recently there have been reports of problems with customers migrating mailboxes to Exchange Server 2016. We wanted to take this opportunity to remind everyone that when multiple versions of Exchange co-exist within the organization, we require that all Arbitration Mailboxes be moved to a database mounted on a server running the latest version of Exchange. For more information, please consult the Exchange Server Deployment Assistance on TechNet.

Update on S/MIME Control

One year ago, we released an updated S/MIME Control for OWA. We have received questions from customers requesting clarification on what this release included. As stated previously, the control itself did not change. This was a packaging change necessary to prevent IE from throwing a certificate warning during installation due to SHA-1 deprecation. The Authenticode algorithm used to code sign the control uses a SHA-1 algorithm. SHA-1 ensures compatibility with Vista/Windows Server 2008 and Windows 7/Windows Server 2008R2 code signing. The Authenticode file hash and delivery package are signed with a SHA-2 certificate. Signing the package with a SHA-2 certificate prevents IE from throwing a certificate warning when the package is installed and provides the necessary protection for the entire package.

Latest time zone updates

All of the packages released today include support for time zone updates published by Microsoft through March 2017.

TLS 1.2 Exchange Support Update coming in Cumulative Update 6

We would like to raise awareness of changes planned for the next quarterly update release. We are working to provide updated guidance and capabilities related to Exchange Server’s use of TLS protocols. The June 2017 release will include improved support for TLS in general and TLS 1.2 specifically. These changes will apply to Exchange Server 2016 Cumulative Update 6 and Exchange Server 2013 Cumulative Update 17.

Late Breaking Issues not resolved in Cumulative Update 5

Cumulative Update 5 includes a couple of issues that could not be resolved prior to the product release. The unresolved items we are aware of include the following:

When attempting to enable Birthday Calendars in Outlook for the Web, an error occurs and Birthday Calendars are not enabled.
When failing over a public folder mailbox to a different server, public folder hierarchy replication may stop until the Microsoft Exchange Service Host is recycled on the new target server.

Fixes for both issues are planned for Cumulative Update 6.

Release Details

KB articles that describe the fixes in each release are available as follows:

Exchange Server 2016 Cumulative Update 5 (KB4012106), Download, UM Lang Packs
Exchange Server 2013 Cumulative Update 16 (KB4012112), Download, UM Lang Packs
Exchange Server 2010 Service Pack 3 Update Rollup 17 (KB4011326), Download
Exchange Server 2007 Service Pack 3 Update Rollup 23 (KB4011325), Download

Exchange Server 2016 Cumulative Update 5 does not include new updates to Active Directory Schema. If upgrading from an older Exchange version or installing a new server, Active Directory updates may still be required. These updates will apply automatically during setup if the logged on user has the required permissions. If the Exchange Administrator lacks permissions to update Active Directory Schema, a Schema Admin must execute SETUP /PrepareSchema prior to the first Exchange Server installation or upgrade. The Exchange Administrator should execute SETUP /PrepareAD to ensure RBAC roles are current. Exchange Server 2013 Cumulative Update 16 does not include updates to Active Directory, but may add additional RBAC definitions to your existing configuration. PrepareAD should be executed prior to upgrading any servers to Cumulative Update 16. PrepareAD will run automatically during the first server upgrade if Exchange Setup detects this is required and the logged on user has sufficient permission.

Additional Information

Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate TechNet documentation. Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings. Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., 2013 CU16, 2016 CU5) or the prior (e.g., 2013 CU15, 2016 CU4) Cumulative Update release. For the latest information on Exchange Server and product announcements please see What's New in Exchange Server 2016 and Exchange Server 2016 Release Notes. You can also find updated information on Exchange Server 2013 in What’s New in Exchange Server 2013, Release Notes and product documentation available on TechNet.

Note: Documentation may not be fully available at the time this post is published.

The Exchange Team

Updated Jul 01, 2019

Version 2.0

Platinum Contributor

Joined April 19, 2019

View Profile

Exchange Team Blog

You Had Me at EHLO.

51 Comments

Deleted
Mar 22, 2017
Again, no fix for the Event Log warnings "Performance Counter". Just happens in all of my Exchange 2016 customer setups. Available workarounds are not a solution at all.
Deleted
Mar 22, 2017
Hello Exchange Team
What about Microsoft Security Bulletin MS17-015 - Security Update for Microsoft Exchange Server 2013 and 2016 (4013242) that was just released on Mar 14?
https://technet.microsoft.com/library/security/MS17-015
do those CU updates already include this fix or we have to manually install it?
thank you
- Deleted
  Mar 22, 2017
  MS17-015 is included in the CU's released on 3/21. Our CU's always include the most recent security updates available.
  - Deleted
    Mar 22, 2017
    thank you
Deleted
Mar 22, 2017
Hi Exchange Team,
Quick question - We are currently on 2016 CU3 with .NET 4.6.1. What is your guidance for upgrading this scenario to CU5 with .NET 4.6.2?
- Deleted
  Mar 22, 2017
  You will need to upgrade .Net before you will be able to install Cumulative Update 5. The delta between .Net 4.6.1 and 4.6.2 is sufficiently small and Cumulative Update 3 was also validated with .Net 4.6.2. You should upgrade your .Net to 4.6.2, then install Cumulative Update 5.
  - Deleted
    Mar 22, 2017
    Thank you very much Brent
Deleted
Mar 22, 2017
Am I right in understanding that, according the KB4012112, Cumulative Update 16 for Exchange Server 2013 fixes just one issue?
KB4013606 Search fails on Exchange Server 2013
I know there are also some Daylight Saving Time and Time Zone changes. But are there any other pressing reasons to schedule the CU16 install?
- Deleted
  Mar 22, 2017
  KB4012112 correctly lists the issues resolved in the Cumulative Update. It does of course also include all fixes released in previous packages as well. In determining whether you should deploy this or not, please keep in mind we will only release security updates for the two most recent Cumulative Update releases.
  - Deleted
    Mar 22, 2017
    Hi Brent,
    You said below statement:
    please keep in mind we will only release security updates for the two most recent Cumulative Update releases.
    Then Why you guys released :https://technet.microsoft.com/en-us/library/security/ms17-015
    for Exchange server 2013 Service pack1 ?
    Exchange 2013 Sp1 is not under 2 major cumulative updates.
    Correct me, If i'm wrong. You guys stopped releasing Service Packs for exchange instead of that releasing only Cumulative updates? If yes, Instead of releasing security patch for Exchange 2013 Sp1 why don't you suggest to say that be in under 2 major cumulative updates and don't stay in Sp1?
Deleted
Mar 22, 2017
Thank you for the concrete statement about the AD Schema update requirement. This really saves a lot of personal investigation time!
Deleted
Mar 22, 2017
In the article from last year (https://blogs.technet.microsoft.com/exchange/2016/03/15/released-march-2016-quarterly-exchange-updates/), you state that "Users who have installed the control into their browser will need to re-install this onto devices where the previous version was installed."
Do you have to re-install the control or not?
- Deleted
  Mar 22, 2017
  Sorry for the confusion. When we originally wrote that comment, we were operating under a different assumption of how IE would handle the control. Those plans were since changed and re-installing the control should not be necessary at this time.
Deleted
Mar 22, 2017
Thanks team! "Outlook for the Web" should be Outlook ON the web. But I assume that this mistake was added deliberately as a silent protest against frequent and unnecessary rebranding of familiar technologies. :)
On a serious note, are there any plans to add support for Exchange 2010 with Server 2016 domain controllers? Some customers are in the process of upgrading their domain controllers first and have scheduled an Exchange upgrade for a later moment. From previous versions I know that more recent domain controllers are unlikely to cause issues with Exchange.
- Deleted
  Mar 22, 2017
  I whole heartedly agree with Jetze on this. If a customer is not on a supported SP and UR with Exchange 2010, once a Windows 2016 DC is present, the customer has essentially painted themselves in a corner with no way to get out--no window, no door, no ladder.
  How should this be addressed going forward when the cart is placed before the horse?
- Deleted
  Mar 22, 2017
  We have no plans to add support for Windows Server 2016 Domain Controllers with Exchange Server 2010 at this time. We will continue to watch for customer demand for this scenario and re-evaluate as necessary.
  - Deleted
    Mar 22, 2017
    We are interested too in the scenario Ex2010 togethter with Win 2016 AD
Deleted
Mar 22, 2017
In the article from last year (https://blogs.technet.microsoft.com/exchange/2016/03/15/released-march-2016-quarterly-exchange-updates/) you state that "Users who have installed the control into their browser will need to re-install this onto devices where the previous version was installed."
Do you have to re-install the control or not?
Deleted
Mar 21, 2017
Thank you !
Does this release also correct the "Get-help" bug on Windows Server 2016 ? (See : https://social.technet.microsoft.com/Forums/office/en-US/3ba6e323-0e4a-4c49-8623-ddb0bc09783c/gethelp-not-work?forum=Exch2016PS )
Also, on the TLS 1.2 support subject : does this mean we will be able (with CU6/CU17) to disable TLS1.0 on Exchange servers ?
Thanks !
- Deleted
  Mar 21, 2017
  We are still looking into the Get-Help issue with Windows Server 2016.
  On the matter of disabling TLS 1.0, our goal is for customers who want to remove TLS 1.0 from their environment to be able to do so. However, customers will need to evaluate their own requirements and determine if that is possible.
  - Deleted
    Mar 21, 2017
    Thanks for the answers.
    Good to hear that you're actively working towards getting rid of TLS 1.0 on Exchange.
    I hope you're able to pinpoint the Get-Help issue. While it is not critical (as loading the snapin from a regular powershell prompt will have a working Get-Help), it still puts the doubt on whether 2016 is really production ready for Exchange.
- Deleted
  Mar 21, 2017
  Hi,
  the Problem with Get-Help (Exception calling "Open" with "0" argument(s): "The following error occurred while loading the extended type data file: Error in TypeData) still exists.
  Just tested it with a updated system a few minutes ago.
  Cheers
Deleted
Mar 21, 2017
Just migrated 30,000 mailboxes from Exchange 2007 to Exchange 2013 in 8 weeks. Only 60,000 to go!
#progress #getitdone #ExchangeYoda
- Deleted
  Mar 21, 2017
  Good luck migrating them to Exchange 2016 afterwards. lol