Home
%3CLINGO-SUB%20id%3D%22lingo-sub-606533%22%20slang%3D%22en-US%22%3EReleased%3A%20March%202017%20Quarterly%20Exchange%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-606533%22%20slang%3D%22en-US%22%3E%3CP%3EWith%20this%20month%E2%80%99s%20quarterly%20release%20we%20bid%20a%20fond%20farewell%20to%20Exchange%20Server%202007.%20Support%20for%20Exchange%20Server%202007%20expires%20on%204%2F11%2F2017.%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyID%3D0d13d7c1-4ab1-4028-99e5-39bfeafa368b%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EUpdate%20Rollup%2023%3C%2FA%3E%20for%20Service%20Pack%203%20will%20be%20the%20last%20update%20rollup%20released%20for%20the%20Exchange%20Server%202007%20product.%20Today%20we%20are%20also%20releasing%20the%20latest%20set%20of%20Cumulative%20Updates%20for%20Exchange%20Server%202016%20and%20Exchange%20Server%202013.%20These%20releases%20include%20fixes%20to%20customer%20reported%20issues%20and%20updated%20functionality.%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyID%3D87a9cdb3-88fa-4d75-823b-6cd45416a62b%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EExchange%20Server%202016%20Cumulative%20Update%205%3C%2FA%3E%20and%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyID%3De3edb269-1359-4adf-8ecd-64a9bdc007f2%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EExchange%20Server%202013%20Cumulative%20Update%2016%3C%2FA%3E%20are%20available%20on%20the%20Microsoft%20Download%20Center.%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyID%3D6e775b1b-e736-40a0-bf96-eb443df12c9e%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EUpdate%20Rollup%2017%3C%2FA%3E%20for%20Exchange%20Server%202010%20Service%20Pack%203%20is%20also%20now%20available.%3C%2FP%3E%3CH3%20id%3D%22toc-hId-1562793811%22%20id%3D%22toc-hId-1563569497%22%3EExchange%20Server%202013%20and%202016%20require%20.Net%204.6.2%3C%2FH3%3E%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fexchange%2F2016%2F12%2F13%2Freleased-december-2016-quarterly-exchange-updates%2F%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EAs%20previously%20announced%3C%2FA%3E%2C%20Exchange%20Server%202013%20and%20Exchange%20Server%202016%20now%20require%26nbsp%3B%20.Net%204.6.2%20on%20all%20supported%20operating%20systems.%26nbsp%3B%20Customers%20who%20are%20still%20running%20.Net%204.5.2%20should%20deploy%20Cumulative%20Update%204%20or%20Cumulative%20Update%2015%2C%20upgrade%20the%20server%20to%20.Net%204.6.2%20and%20then%20deploy%20either%20Cumulative%20Update%205%20or%20Cumulative%20Update%2016.%3CH3%20id%3D%22toc-hId--989363150%22%20id%3D%22toc-hId--988587464%22%3EArbitration%20Mailbox%20Migration%3C%2FH3%3ERecently%20there%20have%20been%20reports%20of%20problems%20with%20customers%20migrating%20mailboxes%20to%20Exchange%20Server%202016.%20We%20wanted%20to%20take%20this%20opportunity%20to%20remind%20everyone%20that%20when%20multiple%20versions%20of%20Exchange%20co-exist%20within%20the%20organization%2C%20we%20require%20that%20all%20Arbitration%20Mailboxes%20be%20moved%20to%20a%20database%20mounted%20on%20a%20server%20running%20the%20latest%20version%20of%20Exchange.%20For%20more%20information%2C%20please%20consult%20the%20%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fexdeploy2013%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EExchange%20Server%20Deployment%20Assistance%3C%2FA%3E%20on%20TechNet.%3CH3%20id%3D%22toc-hId-753447185%22%20id%3D%22toc-hId-754222871%22%3EUpdate%20on%20S%2FMIME%20Control%3C%2FH3%3EOne%20year%20ago%2C%20we%20released%20an%20%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fexchange%2F2016%2F03%2F15%2Freleased-march-2016-quarterly-exchange-updates%2F%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Eupdated%20S%2FMIME%20Control%20for%20OWA%3C%2FA%3E.%20We%20have%20received%20questions%20from%20customers%20requesting%20clarification%20on%20what%20this%20release%20included.%20As%20stated%20previously%2C%20the%20control%20itself%20did%20not%20change.%20This%20was%20a%20packaging%20change%20necessary%20to%20prevent%20IE%20from%20throwing%20a%20certificate%20warning%20during%20installation%20due%20to%20SHA-1%20deprecation.%20The%20Authenticode%20algorithm%20used%20to%20code%20sign%20the%20control%20uses%20a%20SHA-1%20algorithm.%20SHA-1%20ensures%20compatibility%20with%20Vista%2FWindows%20Server%202008%20and%20Windows%207%2FWindows%20Server%202008R2%20code%20signing.%20The%20Authenticode%20file%20hash%20and%20delivery%20package%20are%20signed%20with%20a%20SHA-2%20certificate.%20Signing%20the%20package%20with%20a%20SHA-2%20certificate%20prevents%20IE%20from%20throwing%20a%20certificate%20warning%20when%20the%20package%20is%20installed%20and%20provides%20the%20necessary%20protection%20for%20the%20entire%20package.%3CH3%20id%3D%22toc-hId--1798709776%22%20id%3D%22toc-hId--1797934090%22%3ELatest%20time%20zone%20updates%3C%2FH3%3EAll%20of%20the%20packages%20released%20today%20include%20support%20for%20time%20zone%20updates%20published%20by%20Microsoft%20through%20March%202017.%3CH3%20id%3D%22toc-hId--55899441%22%20id%3D%22toc-hId--55123755%22%3ETLS%201.2%20Exchange%20Support%20Update%20coming%20in%20Cumulative%20Update%206%3C%2FH3%3EWe%20would%20like%20to%20raise%20awareness%20of%20changes%20planned%20for%20the%20next%20quarterly%20update%20release.%20We%20are%20working%20to%20provide%20updated%20guidance%20and%20capabilities%20related%20to%20Exchange%20Server%E2%80%99s%20use%20of%20TLS%20protocols.%20The%20June%202017%20release%20will%20include%20improved%20support%20for%20TLS%20in%20general%20and%20TLS%201.2%20specifically.%20These%20changes%20will%20apply%20to%20Exchange%20Server%202016%20Cumulative%20Update%206%20and%20Exchange%20Server%202013%20Cumulative%20Update%2017.%3CH3%20id%3D%22toc-hId-1686910894%22%20id%3D%22toc-hId-1687686580%22%3ELate%20Breaking%20Issues%20not%20resolved%20in%20Cumulative%20Update%205%3C%2FH3%3ECumulative%20Update%205%20includes%20a%20couple%20of%20issues%20that%20could%20not%20be%20resolved%20prior%20to%20the%20product%20release.%20The%20unresolved%20items%20we%20are%20aware%20of%20include%20the%20following%3A%3CUL%3E%0A%20%20%3CLI%3EWhen%20attempting%20to%20enable%20Birthday%20Calendars%20in%20Outlook%20for%20the%20Web%2C%20an%20error%20occurs%20and%20Birthday%20Calendars%20are%20not%20enabled.%3C%2FLI%3E%0A%20%20%3CLI%3EWhen%20failing%20over%20a%20public%20folder%20mailbox%20to%20a%20different%20server%2C%20public%20folder%20hierarchy%20replication%20may%20stop%20until%20the%20Microsoft%20Exchange%20Service%20Host%20is%20recycled%20on%20the%20new%20target%20server.%3C%2FLI%3E%0A%3C%2FUL%3EFixes%20for%20both%20issues%20are%20planned%20for%20Cumulative%20Update%206.%3CH3%20id%3D%22toc-hId--865246067%22%20id%3D%22toc-hId--864470381%22%3ERelease%20Details%3C%2FH3%3EKB%20articles%20that%20describe%20the%20fixes%20in%20each%20release%20are%20available%20as%20follows%3A%3CUL%3E%0A%20%20%3CLI%3EExchange%20Server%202016%20Cumulative%20Update%205%20(%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2FKB%2F4012106%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EKB4012106%3C%2FA%3E)%2C%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyID%3D87a9cdb3-88fa-4d75-823b-6cd45416a62b%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EDownload%3C%2FA%3E%2C%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyID%3D27a41a6c-7960-48da-88a8-f090b580ae60%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EUM%20Lang%20Packs%3C%2FA%3E%3C%2FLI%3E%0A%20%20%3CLI%3EExchange%20Server%202013%20Cumulative%20Update%2016%20(%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2FKB%2F4012112%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EKB4012112%3C%2FA%3E)%2C%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyID%3De3edb269-1359-4adf-8ecd-64a9bdc007f2%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EDownload%3C%2FA%3E%2C%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyID%3D12ab214d-5f9b-456d-a3f4-5bd566fddf7c%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EUM%20Lang%20Packs%3C%2FA%3E%3C%2FLI%3E%0A%20%20%3CLI%3EExchange%20Server%202010%20Service%20Pack%203%20Update%20Rollup%2017%20(%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2FKB%2F4011326%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EKB4011326%3C%2FA%3E)%2C%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyID%3D6e775b1b-e736-40a0-bf96-eb443df12c9e%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EDownload%3C%2FA%3E%3C%2FLI%3E%0A%20%20%3CLI%3EExchange%20Server%202007%20Service%20Pack%203%20Update%20Rollup%2023%20(%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2FKB%2F4011325%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EKB4011325%3C%2FA%3E)%2C%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyID%3D0d13d7c1-4ab1-4028-99e5-39bfeafa368b%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EDownload%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3EExchange%20Server%202016%20Cumulative%20Update%205%20%3CU%3Edoes%20not%3C%2FU%3E%20include%20new%20updates%20to%20Active%20Directory%20Schema.%20If%20upgrading%20from%20an%20older%20Exchange%20version%20or%20installing%20a%20new%20server%2C%20Active%20Directory%20updates%20may%20still%20be%20required.%20These%20updates%20will%20apply%20automatically%20during%20setup%20if%20the%20logged%20on%20user%20has%20the%20required%20permissions.%20If%20the%20Exchange%20Administrator%20lacks%20permissions%20to%20update%20Active%20Directory%20Schema%2C%20a%20Schema%20Admin%20must%20execute%20SETUP%20%2FPrepareSchema%20prior%20to%20the%20first%20Exchange%20Server%20installation%20or%20upgrade.%20The%20Exchange%20Administrator%20should%20execute%20SETUP%20%2FPrepareAD%20to%20ensure%20RBAC%20roles%20are%20current.%20Exchange%20Server%202013%20Cumulative%20Update%2016%20%3CU%3Edoes%20not%3C%2FU%3E%20include%20updates%20to%20Active%20Directory%2C%20but%20may%20add%20additional%20RBAC%20definitions%20to%20your%20existing%20configuration.%20PrepareAD%20should%20be%20executed%20prior%20to%20upgrading%20any%20servers%20to%20Cumulative%20Update%2016.%20PrepareAD%20will%20run%20automatically%20during%20the%20first%20server%20upgrade%20if%20Exchange%20Setup%20detects%20this%20is%20required%20and%20the%20logged%20on%20user%20has%20sufficient%20permission.%3CH3%20id%3D%22toc-hId-877564268%22%20id%3D%22toc-hId-878339954%22%3EAdditional%20Information%3C%2FH3%3EMicrosoft%20recommends%20all%20customers%20test%20the%20deployment%20of%20any%20update%20in%20their%20lab%20environment%20to%20determine%20the%20proper%20installation%20process%20for%20your%20production%20environment.%20For%20information%20on%20extending%20the%20schema%20and%20configuring%20Active%20Directory%2C%20please%20review%20the%20appropriate%20%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Flibrary%2Fbb125224(v%3Dexchg.150).aspx%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ETechNet%3C%2FA%3E%20documentation.%20Also%2C%20to%20prevent%20installation%20issues%20you%20should%20ensure%20that%20the%20Windows%20PowerShell%20Script%20Execution%20Policy%20is%20set%20to%20%E2%80%9CUnrestricted%E2%80%9D%20on%20the%20server%20being%20upgraded%20or%20installed.%20To%20verify%20the%20policy%20settings%2C%20run%20the%20Get-ExecutionPolicy%20cmdlet%20from%20PowerShell%20on%20the%20machine%20being%20upgraded.%20If%20the%20policies%20are%20NOT%20set%20to%20Unrestricted%20you%20should%20use%20the%20resolution%20steps%20in%20%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F981474%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EKB981474%3C%2FA%3E%20to%20adjust%20the%20settings.%20%3CB%3EReminder%3A%20%3C%2FB%3ECustomers%20in%20hybrid%20deployments%20where%20Exchange%20is%20deployed%20on-premises%20and%20in%20the%20cloud%2C%20or%20who%20are%20using%20Exchange%20Online%20Archiving%20(EOA)%20with%20their%20on-premises%20Exchange%20deployment%20are%20required%20to%20deploy%20the%20most%20current%20(e.g.%2C%202013%20CU16%2C%202016%20CU5)%20or%20the%20prior%20(e.g.%2C%202013%20CU15%2C%202016%20CU4)%20Cumulative%20Update%20release.%20For%20the%20latest%20information%20on%20Exchange%20Server%20and%20product%20announcements%20please%20see%20%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Flibrary%2Fjj150540(v%3Dexchg.160).aspx%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EWhat's%20New%20in%20Exchange%20Server%202016%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Flibrary%2Fjj150489(v%3Dexchg.160).aspx%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EExchange%20Server%202016%20Release%20Notes%3C%2FA%3E.%20You%20can%20also%20find%20updated%20information%20on%20Exchange%20Server%202013%20in%20%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Flibrary%2Fjj150540(v%3Dexchg.150).aspx%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EWhat%E2%80%99s%20New%20in%20Exchange%20Server%202013%3C%2FA%3E%2C%20%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Flibrary%2Fjj150489(v%3Dexchg.150).aspx%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ERelease%20Notes%3C%2FA%3E%20and%20product%20documentation%20available%20on%20TechNet.%3CP%20class%3D%22note%22%3ENote%3A%20Documentation%20may%20not%20be%20fully%20available%20at%20the%20time%20this%20post%20is%20published.%3C%2FP%3E%3CSPAN%20class%3D%22author%22%3EThe%20Exchange%20Team%3C%2FSPAN%3E%3C%2FLINGO-BODY%3E

With this month’s quarterly release we bid a fond farewell to Exchange Server 2007. Support for Exchange Server 2007 expires on 4/11/2017. Update Rollup 23 for Service Pack 3 will be the last update rollup released for the Exchange Server 2007 product. Today we are also releasing the latest set of Cumulative Updates for Exchange Server 2016 and Exchange Server 2013. These releases include fixes to customer reported issues and updated functionality. Exchange Server 2016 Cumulative Update 5 and Exchange Server 2013 Cumulative Update 16 are available on the Microsoft Download Center. Update Rollup 17 for Exchange Server 2010 Service Pack 3 is also now available.

Exchange Server 2013 and 2016 require .Net 4.6.2

As previously announced, Exchange Server 2013 and Exchange Server 2016 now require  .Net 4.6.2 on all supported operating systems.  Customers who are still running .Net 4.5.2 should deploy Cumulative Update 4 or Cumulative Update 15, upgrade the server to .Net 4.6.2 and then deploy either Cumulative Update 5 or Cumulative Update 16.

Arbitration Mailbox Migration

Recently there have been reports of problems with customers migrating mailboxes to Exchange Server 2016. We wanted to take this opportunity to remind everyone that when multiple versions of Exchange co-exist within the organization, we require that all Arbitration Mailboxes be moved to a database mounted on a server running the latest version of Exchange. For more information, please consult the Exchange Server Deployment Assistance on TechNet.

Update on S/MIME Control

One year ago, we released an updated S/MIME Control for OWA. We have received questions from customers requesting clarification on what this release included. As stated previously, the control itself did not change. This was a packaging change necessary to prevent IE from throwing a certificate warning during installation due to SHA-1 deprecation. The Authenticode algorithm used to code sign the control uses a SHA-1 algorithm. SHA-1 ensures compatibility with Vista/Windows Server 2008 and Windows 7/Windows Server 2008R2 code signing. The Authenticode file hash and delivery package are signed with a SHA-2 certificate. Signing the package with a SHA-2 certificate prevents IE from throwing a certificate warning when the package is installed and provides the necessary protection for the entire package.

Latest time zone updates

All of the packages released today include support for time zone updates published by Microsoft through March 2017.

TLS 1.2 Exchange Support Update coming in Cumulative Update 6

We would like to raise awareness of changes planned for the next quarterly update release. We are working to provide updated guidance and capabilities related to Exchange Server’s use of TLS protocols. The June 2017 release will include improved support for TLS in general and TLS 1.2 specifically. These changes will apply to Exchange Server 2016 Cumulative Update 6 and Exchange Server 2013 Cumulative Update 17.

Late Breaking Issues not resolved in Cumulative Update 5

Cumulative Update 5 includes a couple of issues that could not be resolved prior to the product release. The unresolved items we are aware of include the following:
  • When attempting to enable Birthday Calendars in Outlook for the Web, an error occurs and Birthday Calendars are not enabled.
  • When failing over a public folder mailbox to a different server, public folder hierarchy replication may stop until the Microsoft Exchange Service Host is recycled on the new target server.
Fixes for both issues are planned for Cumulative Update 6.

Release Details

KB articles that describe the fixes in each release are available as follows: Exchange Server 2016 Cumulative Update 5 does not include new updates to Active Directory Schema. If upgrading from an older Exchange version or installing a new server, Active Directory updates may still be required. These updates will apply automatically during setup if the logged on user has the required permissions. If the Exchange Administrator lacks permissions to update Active Directory Schema, a Schema Admin must execute SETUP /PrepareSchema prior to the first Exchange Server installation or upgrade. The Exchange Administrator should execute SETUP /PrepareAD to ensure RBAC roles are current. Exchange Server 2013 Cumulative Update 16 does not include updates to Active Directory, but may add additional RBAC definitions to your existing configuration. PrepareAD should be executed prior to upgrading any servers to Cumulative Update 16. PrepareAD will run automatically during the first server upgrade if Exchange Setup detects this is required and the logged on user has sufficient permission.

Additional Information

Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate TechNet documentation. Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings. Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., 2013 CU16, 2016 CU5) or the prior (e.g., 2013 CU15, 2016 CU4) Cumulative Update release. For the latest information on Exchange Server and product announcements please see What's New in Exchange Server 2016 and Exchange Server 2016 Release Notes. You can also find updated information on Exchange Server 2013 in What’s New in Exchange Server 2013, Release Notes and product documentation available on TechNet.

Note: Documentation may not be fully available at the time this post is published.

The Exchange Team
51 Comments
Not applicable
Our Exchange 2013 server has TLS 1.0 enabled and as a result we're failing our PCI Compliance. I've read reports that even to this day disabling TLS 1.0 causes Exchange 2013 to fall over. Will the CU17 update fix this and allow us to safely disable TLS 1.0?