Released: June 2017 Quarterly Exchange Updates
Published Jun 27 2017 10:31 AM 66.6K Views

The latest set of Cumulative Updates for Exchange Server 2016 and Exchange Server 2013 are now available on the download center. These releases include fixes to customer reported issues, all previously reported security/quality issues and updated functionality.

Updated functionality in Cumulative Update 6

With Cumulative Update 6 we are adding two highly anticipated features; Sent Items Behavior Control and Original Folder Item Recovery. These features are targeted to Exchange Server 2016 only and will not be included in Exchange Server 2013. Exchange Server 2013 already has its own implementation of Sent Items Behavior Control which is different than the version we are releasing today. The Cumulative Update 6 behavior is more closely aligned with how this worked in Exchange Server 2010. Due to architectural differences, the configuration of this feature is not retained if mailboxes are moved between Exchange Server 2010 and Exchange Server 2016 or between Exchange Server 2013 and Exchange Server 2016.

Latest time zone updates

All of the packages released today include support for time zone updates published by Microsoft through May 2017.

TLS 1.2 Exchange Support Update

We previously announced that Cumulative Update 6 would include support for TLS 1.2. The updates released today do have improved support for TLS 1.2 but we are not encouraging customers to move to a TLS 1.2 only environment at this time. We are working with the Windows and .Net teams to make configuring TLS 1.2 a more streamlined experience. Customers should continue to watch this space and be prepared to deprecate TLS 1.0 and 1.1 in the near future.

.Net Framework 4.7 compatibility with these releases

The Exchange team is still completing validation of the June releases with .Net Framework 4.7. We have not found any compatibility issues at this time, but are asking customers to delay using .Net Framework 4.7 until we have completed our validation. Once this validation is complete we will provide further guidance on .Net Framework 4.7 and Exchange Server.

Release Details

KB articles that describe the fixes in each release are available as follows: Exchange Server 2016 Cumulative Update 6 does include new updates to Active Directory Schema. If upgrading from an older Exchange version or installing a new server, Active Directory updates may still be required. These updates will apply automatically during setup if the logged on user has the required permissions. If the Exchange Administrator lacks permissions to update Active Directory Schema, a Schema Admin must execute SETUP /PrepareSchema prior to the first Exchange Server installation or upgrade. The Exchange Administrator should execute SETUP /PrepareAD to ensure RBAC roles are current. Exchange Server 2013 Cumulative Update 17 does not include updates to Active Directory, but may add additional RBAC definitions to your existing configuration. PrepareAD should be executed prior to upgrading any servers to Cumulative Update 17. PrepareAD will run automatically during the first server upgrade if Exchange Setup detects this is required and the logged on user has sufficient permission.

Additional Information

Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate TechNet documentation. Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings. Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., 2013 CU17, 2016 CU6) or the prior (e.g., 2013 CU16, 2016 CU5) Cumulative Update release. For the latest information on Exchange Server and product announcements please see What's New in Exchange Server 2016 and Exchange Server 2016 Release Notes. You can also find updated information on Exchange Server 2013 in What’s New in Exchange Server 2013, Release Notes and product documentation available on TechNet.

Note: Documentation may not be fully available at the time this post is published.

Post release update concerning Cumulative Update 5

Several customers have reported problems with 3rd party solutions which provide brick level backup or single mailbox recovery as a reported feature after installing Cumulative Update 5. Cumulative Update 5 included an update to our database schema which caused some of these products to not function as they had previously. That change carries forward into Cumulative Update 6 as well. The practice of updating the database schema has long been in place with Exchange Server. Microsoft has urged developers to not consider the schema to be immutable nor to program against it. The schema is not publicly defined and is a structure internal to the operation of Exchange Server. Access to store level objects is provided through publicly documented interfaces and structures only. The Exchange Team
72 Comments
Not applicable
No updates for Exchange 2010 this quarter?
Not applicable
Great! Since it is not mentioned in the KB Article: Does CU6 contain a fix for the bug that was introduced in CU5 where Mailboxes that contain special characters in the display name, couldn't be moved? Thx Christian
Not applicable
Had the same trouble in different Mig-Project moving some Mailboxes! I fixed it by deleting the SMTP-Address of the Users and then generating a new (same) SMTP-Address. Then I was able to move them successfully...
Not applicable
We are not tracking any known defects in this area.
Not applicable
@Christian: yes it is, check this KB: https://support.microsoft.com/kb/4019534/
Not applicable
Christian Schindler:

According to this link: https://support.microsoft.com/en-ie/help/4019534/error-when-a-mailbox-name-includes-an-umlaut-in-exchange-server-2016

The resolution is to apply CU6 so I am hoping it does.

Not applicable
Had the same exact problem with norwegian letter "Æ" during my last migration using Exchange 2016 CU5 (Worked fine with CU4). To complete the migration i hadto turn of automaticlly update from email address policy on all users with "æ" in their name

The policy used was %ræa%røo%råa%r -%g.%s to convert the norwegian characters to specific letters.

Not applicable
>> We are not tracking any known defects in this area.

Are you kidding me? This is one of the biggest bug for German users in the last few years! The KB article promised the bug will be fixed in CU6.

https://support.microsoft.com/en-us/help/4019534/error-when-a-mailbox-name-includes-an-umlaut-in-exchange-server-2016

https://social.technet.microsoft.com/Forums/en-US/ce3e0795-b773-4376-8dab-7facb18dbdd1/exchange-2016-cu5-bug-special-characters?forum=Exch2016GD

Not applicable
We are not tracking any issues because it was fixed. It appears that this issue however was not included in the CU6 fixed KB list. We will get the list updated to indicate it is resolved.
Not applicable
It's fixed in CU6.
Not applicable
Thanks Brent. I can confirm that the bug is fixed.
Not applicable
Congrats team on this milestone!
Not applicable
We had a problem after the update to CU17. It is a pretty basic setup, 1 Server no customizations or plugins.

OWA and ECP were only showing ERR_TO_MANY_REDIRECTS.

The serverlog:

Event code: 3005

Event time: 27.06.2017 23:05:08

Event time (UTC): 27.06.2017 21:05:08

Event ID: c2ac0d66fcfb499c8fa7bfcc04ee1df4

Event sequence: 613

Event occurrence: 300

Event detail code: 0

Application information:

Application domain: /LM/W3SVC/1/ROOT/owa-1-131430704263681794

Trust level: Full

Application Virtual Path: /owa

Application Path: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\

Machine name: SRVMX02

Process information:

Process ID: 8928

Process name: w3wp.exe

Account name: NT-AUTORITÄT\SYSTEM

Exception information:

Exception type: DirectoryNotFoundException

Exception message: Ein Teil des Pfades "c:\program files\microsoft\exchange server\v15\frontend\httpproxy\owa\auth\15.0.1293\themes\resources\logon.css" konnte nicht gefunden werden.

bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)

bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)

bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize, Boolean checkHost)

bei System.IO.File.InternalReadAllText(String path, Encoding encoding, Boolean checkHost)

bei Microsoft.Exchange.Clients.Owa.Core.OwaPage.b__5(String fullFilePath)

bei Microsoft.Exchange.Clients.Owa.Core.OwaPage.InlineResource(String fileName, String partialFileLocation, ResoruceCreator createResource, Dictionary`2 resourceDictionary)

bei Microsoft.Exchange.Clients.Owa.Core.OwaPage.InlineCss(String fileName)

bei Microsoft.Exchange.Clients.Owa.Core.OwaPage.InlineCss(ThemeFileId themeFileId)

bei ASP.auth_logon_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)

bei System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)

bei System.Web.UI.Page.Render(HtmlTextWriter writer)

bei System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)

bei System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Problem was that the metioned path was updated to ...15.0.1320... but owa logon still tried to access the old one.

Not applicable
Hi,

Thanks for the updates.

I have a question, concerning this KB : https://support.microsoft.com/en-us/help/3032024/outlook-web-app-and-ecp-redirect-to-the-fba-page-in-exchange-server-2013

What is the current status of support for CNG keys on SSL certificates ?

Is this a IIS problem, an Exchange problem, or a combination of both ?

CNG SSL certs seem to work perfectly fine with Exchange 2016 running on server 2016 (Haven't tried 2016 on 2012 R2 yet).

Thank you.

Not applicable
KSP support is not available in Exchange Server 2013.
Not applicable
Also, does this mean it is officially supported with Exchange 2016 (and going forward) ? Or is this just "luck" that it's working with 2016 ?
Not applicable
Thank you.
Not applicable
It is not working merely by luck. We have made and continue to make improvements in Exchange Server 2016. While not an explicit on-prem feature that was added, this is due to work we've done in O365.
Not applicable
No plans to remove it.
Not applicable
So it wasn't explicitly added for 2016 but trickled down from O365.

Does this mean we can expect the support of PSK/CNG to stay on future releases as well ?

Not applicable
is there a rollup for exchange 2010 released this month?
Not applicable
What about Exchange 2010? I would minimum expect the Timezone update to be included for 2010 as well

Thanks for a short statement here

Not applicable
Good to see the new features included in this release.
Not applicable
"PrepareAD should be executed prior to upgrading any servers to Cumulative Update 16"

Is this a typo?

Not applicable
Yes this is a type-o. It should read:

“PrepareAD should be executed prior to upgrading any servers to Cumulative Update 17”

Customers should generally plan on re-running /PrepareAD for every CU even when there aren't any Schema updates, such as with CU17.

Not applicable
Does CU6 maybe the solution to the problem outlined in the article: https://support.microsoft.com/be-by/help/4018464/can-t-connect-to-exchange-server-2016-using-chrome-or-firefox?
Not applicable
Does this fix the bug where iOS devices randomly forward recurring meetings of which they are an attendee? I have read mixed things where initially Microsoft was saying this was an Apple issue but someone else noted they opened a case with PSS and they indicated it should be fixed in Exchange 2016 CU6
Not applicable
Is there an exchange 2010 cumulative update planned?
Not applicable
Is UR 18 coming for Exchange 2010 SP3??
Not applicable
What schema updates are made in CU6?

The following URL still says “no schema updates since CU4…”

https://technet.microsoft.com/en-us/library/bb738144(v=exchg.160).aspx

Not applicable
Does CU6 maybe the solution to the problem outlined in the article: https://support.microsoft.com/be-by/help/4018464/can-t-connect-to-exchange-server-2016-using-chrome-or-firefox?
Not applicable
When I have last deployed CU5, it reverted the changes performed for Password Reset (see for more details https://social.technet.microsoft.com/Forums/lync/en-US/8598f6f0-ebb3-419f-81ae-aa013a0dbb87/no-option-to-reset-password-in-ecp-2013?forum=exchangesvrgeneral )

Am I still expected to perform the same after CU6 upgrade?

Could you please provide insight into why this might be happening? It's not a custom OWA changes or anything among those lines where altered files are replaced, I believe such configuration is saved in AD.

Thank you.

Not applicable
Please publish the schema updates in CU6 !

Thanks

Not applicable
And what about the Exchange Server Edge support on Windows Server 2016? Is this fixed in this Cumulastive Update 6?
Not applicable
The fix for this issue is actually coming from Windows but will require additional guidance from the Exchange Team when it does. Once the fix is available, we will have more to say about Edge on Windows Server 2016.
Not applicable
Hello

I don;t see any news regarding Exchange 2010 Roll-Ups. Does that mean Exchange 2010 is dead?

thank you

Not applicable
Exchange Server 2010 is in extended support. When a product is in extended support, only critical fixes, i.e. Security fixes and product co-existence issues, are delivered. There was no update of this type for Exchange Server 2010 this cycle. We will continue to provide these type of fixes for Exchange Server 2010 until it reached end-of-life on 1/14/2020.
Not applicable
I was wondering that, any news on Exchange 2010 URs???
Not applicable
I was also wondering this. I have several customers running Exchange 2010 and cannot find any information anywhere ...

There has been no statement from Microsoft that says an Exchange 2010 Rollup is on the way, or won't be released. It's almost like they've decided to "ignore" Exchange 2010 on this occasion ...

Hope some info is released soon!

Not applicable
Looks like there was an update:

https://www.microsoft.com/en-us/download/details.aspx?id=55591&WT.mc_id=rss_alldownloads_all

Not applicable
thank you
Not applicable
I see Update Rollup 18 For Exchange 2010 SP3 (KB4018588) has been released on July 6, 2017.

https://www.microsoft.com/en-us/download/details.aspx?id=55591&WT.mc_id=rss_alldownloads_all

Not applicable
Any chance that official support for brick level backup and restore might be added in a future release so that third party vendors don't have to roll their own in an unsupported manner?
Not applicable
No.
Not applicable
If I remember correctly, last year at Ignite the Exchange team mentioned that Set-DatabaseAvailabilityGroup -AutoDagBitlockerEnabled that was implemented in CU2 did not actually work (yet). I have not seen anything public to that effect, acknowledging the problem or that it has been fixed. Can the team please point me in the right direction for documentation or speak to this?

https://blogs.technet.microsoft.com/exchange/2016/06/21/released-june-2016-quarterly-exchange-updates/

AutoReseed support for BitLocker

Beginning with Exchange 2013 CU13 and Exchange 2016 CU2, the Disk Reclaimer function within AutoReseed supports BitLocker. By default, this feature is disabled. For more information on how to enable this functionality, please see Enabling BitLocker on Exchange Servers.

Not applicable
There was an issue with where if you were not leveraging a certificate for encryption purposes, you couldn't leverage BitLocker automatically with AutoReseed (instead you had to either format/encrypt disks prior to usage or encrypt after failure). That was resolved in CU5.
Not applicable
Thank you Ross.
Not applicable
If catching up from CU2 is it still recommended (per the CU5 information) to install CU4, then update .Net to 4.6.2 and install CU6?

Thanks.

Not applicable
Is the issue with PF Hierarchy not replicating after a DAG failover been resolved on Exchange 2016, think it was introduced in CU4
Not applicable
What schema updates are made in CU6?

On the Microsoft TechNet page "Exchange 2016 Active Directory schema changes" it says “no schema updates since CU4…”

Version history
Last update:
‎Jul 01 2019 04:30 PM
Updated by: