Released: 2022 H1 Cumulative Updates for Exchange Server
Published Apr 20 2022 10:00 AM 250K Views

Today we are announcing the availability of Cumulative Updates (CUs) for Exchange Server 2016 and Exchange Server 2019. These CUs include fixes for customer reported issues along with all previously released Security Updates (SUs), including the updates released in the March 2022 SUs. A full list of fixes is contained in the KB article for each CU, but we also want to highlight some important changes.

We’re thrilled to announce the availability of new features in the CU for Exchange Server 2019, such as an updated Exchange Management Tools role that enables customers who run Exchange server(s) only for recipient management purposes to shut down their last Exchange server(s) and use Windows PowerShell for recipient management. We’re also excited to announce a change to the hybrid server license for Exchange Server 2019, as detailed below.

Servicing Model Changes

First, we’d like to share some changes to how we deliver updates (aka our servicing model) for Exchange Server. Historically, we have released quarterly CUs in March, June, September, and December. Customers have told us this is too frequent and that it hinders their ability to stay current (which for Exchange hybrid customers is a requirement). Customers also tell us that December is not a good time to release a CU, which is why we didn’t release any in December 2021.

Today, we are announcing changes to our update delivery model for Exchange Server. We are moving to a release cadence of two CUs per year – releasing in H1 and H2 of each calendar year, with general target release dates of March and September. But our release dates are driven by quality, so we might release updates in April or October, or some other month, depending on what we’re delivering.

The next CU will be released in H2 of 2022, and it will be for Exchange Server 2019 only; mainstream support has ended for Exchange Server 2013 and Exchange Server 2016. We will release SUs as needed while those versions are in extended support.

A CU release every 6 months might be too long to wait for some updates, so we may also release hotfixes between CU releases.

With these service model changes, being current still means running the latest CU or the one immediately preceding it (N or N-1), but the ‘currency window’ is now extended from 6 months to 1 year.

Exchange Management Tools Update

Until today, organizations that have all their mailboxes in Exchange Online and use Active Directory (AD) for identity management must have a running Exchange server in their environment in order to perform recipient management activities.

Today, we are excited to announce that Exchange Server 2019 CU12 includes an updated Exchange Management Tools role designed to address the specific customer scenario where an Exchange server is run only because of recipient management requirements.

The updated Management Tools role eliminates the need to have a running Exchange server for recipient management in this scenario. If you have only a single Exchange server that you use only for recipient management, you can install the updated tools on a domain-joined workstation, shut down your last Exchange server, and manage recipients using Windows PowerShell. For more information, see Manage recipients in Exchange Server 2019 Hybrid environments.

Hybrid Experience Updates

There are two more exciting updates for hybrid customers in Exchange Server 2019 CU12.

  1. CU12 includes a change to the Exchange Server License Terms. We have updated our licensing to add a product key for Exchange 2019 hybrid servers at no additional charge! This was previously available only for Exchange 2010, Exchange 2013, and Exchange 2016. Exchange Server 2019 CU12 and the Hybrid Configuration wizard have been updated to support this change.
  2. CU12 also includes support for using MFA-enabled admin credentials with Hybrid Agent cmdlets. The Hybrid Management PowerShell module now works with MFA-enabled admin accounts. This module includes the following cmdlets which can now be used with MFA:
Cmdlet Description
Get-HybridAgent View installed Hybrid Agents
Update-HybridApplication Edit parameters of a Hybrid Application
Get-HybridApplication View all Hybrid Applications
Remove-HybridApplication Remove a Hybrid Application

Support for Windows Server 2022

CU12 also introduces support for running Exchange Server 2019 on Windows Server 2022 and in environments that use Windows Server 2022 Active Directory servers.

Support for Exchange Server and Windows Server 2022 is detailed below and documented in the Exchange Server supportability matrix along with details on other Exchange Server operating system support.

Exchange Server Version

Windows Server 2022 OS

Windows Server 2022 AD Servers

Exchange Server 2019

Supported

Supported

Support for TLS 1.3

By default, Windows Server 2022 uses Transport Layer Security (TLS) 1.3, the latest version of the Internet's most deployed security protocol. TLS 1.3 encrypts data to provide a secure communication channel between two endpoints. It eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the handshake as possible. Support for TLS 1.3 will be added to Exchange Server 2019 in 2023.

New Microsoft Bounty Program for Exchange Server

We strongly believe that close partnerships with security researchers help make customers more secure. Security researchers play an integral role in the ecosystem by discovering vulnerabilities missed in the software development process, and each year we partner together to better protect billions of users worldwide.

Today, we are also sharing that we have launched a security vulnerability bounty program for Microsoft Exchange Server via the Microsoft Applications and On-Premises Servers Bounty Program. Individuals across the globe can now receive monetary rewards for submitting security vulnerabilities found in Exchange Server shipping on the latest, fully patched version of Windows. For the new bounty program, we request you submit bugs on any supported version of Exchange Server.

Release Details

The KB articles that describe the fixes in each release and product downloads are as follows:

Known Issues With This Release

Please see CU release Knowledge Base articles for known issues.

Additional Information

Microsoft recommends that all customers test the deployment of an update in a lab environment to determine the proper installation process for your production environment.

You can find information on preparing Active Directory here. All Exchange-made schema changes are tracked here.

For installation best practices, see Upgrade Exchange to the latest Cumulative Update. See also the Exchange Update Wizard for detailed installation steps.

When installing, ensure that the Windows PowerShell Script Execution Policy is set to Unrestricted on the server. To verify the policy settings, run Get-ExecutionPolicy from PowerShell on the Exchange server. If the policy is NOT set to Unrestricted, use these steps to set it to Unrestricted.

If you plan to install the update in unattended mode from PowerShell or a command prompt, make sure you specify either the full path to Setup.exe, or use a “.” in front of the command when running Setup directly from the folder containing the CU. If you do not do either of these, Setup may indicate that it completed successfully when it did not. Read more here.

NOTE: Customers in Exchange hybrid deployments and those using Exchange Online Archiving with an on-premises Exchange deployment are required to deploy the latest CU for product support.

For the latest information on Exchange Server announcements please see What's New in Exchange Server and the Exchange Server Release Notes.

NOTE: Documentation may not be available at the time this post is published.

Updates to this blog post:

  • 4/21: Added information about support for TLS 1.3.
  • 4/20: The original release of this post indicated that Exchange 2013 and Exchange 2016 were also supported to work with Windows Server 2022 Active Directory controllers. This has now been corrected.

The Exchange Server team

132 Comments
Iron Contributor

Finally - sweet!

 

 

I am surprised that this new role is the direction taken here. Wasn't the goal for some light-weight AAD connect agent to allow for on-prem recipient administration from the cloud? Is that still coming? 

Copper Contributor

The KB links don't work, at least from my workstation.

Copper Contributor

@Evgenij Smirnov "NOTE: Documentation may not be available at the time this post is published."

This is pretty normal for Exchange documents. The KBs usually don't work for an hour or two.

Copper Contributor

sorry the link is not working -

Exchange Server 2016 Cumulative Update 23 (KB5011155)

Brass Contributor

Hello Exchange Team

 

Any news / updates related to the next version of Exchange? its been months.....not even alpha, beta, pre-rtm releases

 

Last time i checked Microsoft web site it was about August/September 2021 time frame for the release.

 

With the release of Windows Server 2022 it would be nice to have Exchange 2022 running along as well :)

 

please let us know.

 

thank you

 

 

Iron Contributor

Good info.  Only Exchange Server 2016 CU23 UM Language Packs link working. KB Link must updated properly. @The_Exchange_Team 
https://www.microsoft.com/en-us/download/details.aspx?id=104132

 

Microsoft

@gauravkumra@Evgenij Smirnov@Vadivelu_B - this is a common occurrance when waiting on CDNs to update. That's why 

"NOTE: Documentation may not be available at the time this post is published." is added towards the end of the post. 

They should be working in a few hours. :smile:

Copper Contributor

What are the system requirements for the Exchange 2019 Management Tools Role? I would not figure it would be as strenuous as Exchange 2019 itself.

 

Currently, we are on Exchange 2016 Hybrid and were waiting on this feature.

Copper Contributor

Finally. We can get rid of that old Exchange 2016 user management server. I have been waiting for this for the past 5 years. If this works as advertised, big thanks to the MS Exchange team. Anyone tried the process yet to remove a last Exchange 2016 server and move across to the Exchange 2019 PowerShell management tools? Cant wait to do this but cannot really test it as dont have extra hybrid environments...

Brass Contributor

Thanks for the information and update. We will perform the test installation in the coming days and production environments later on. I will update this post on our findings. As for now I can't read the information yet, bc the CDN are not fully in sync with install notes (as mentioned), so will chat that tomorrow.

 

Update 1: We have scheduled the installs of production environments starting next week and plan to do the last one before patch tuesday in may (to remain in chronological order). In test environment we have no issues. We phased out EXCH2013 completely and all are 2016 and 2019 now. Remaining 2016 will be migrated to 2019 (or successor) later this year. We found out that all UNC path functions are removed, except the UNC path for export/import function.

 

Update 2 (may 4th): We have upgraded all our managed environments. No issues have been found.

 

Keep up the good work! We want to keep the chronological order of software updates and be ready for possible may updates (if any will be released).

Microsoft

@krjohnson1 You can install those management tools even on a domain joined workstation.

Copper Contributor

I had a quick question about this from the linked hybrid EMT documentation:

"Once you shut down your last Exchange server and perform the Exchange hybrid and Active Directory cleanup steps listed above, you should erase and reformat your last Exchange server. Do Not Uninstall the Exchange Server."

 

What are the implications of uninstalling the last Exchange server? We have onboarded a few orgs over the years who were previously migrated to Exchange Online and then uninstalled all of their Exchange servers so I'm curious as to how we go about setting up the Exchange Management Tools in that situation.

Iron Contributor

Thank you for the release and we will be testing it soon.

Iron Contributor

@Lukas Sassl 

@The_Exchange_Team

 

Whatever happened to the fix for the issue with the March SU for Exchange 2013 (KB5013118) ?  Did we forget about that ?

Iron Contributor

@The_Exchange_Team

 

re:  Customers have told us (that quarterly updates are) too frequent and that it hinders their ability to stay current 

I've never heard anyone say that ever and don't recall it being mentioned in these forums - certainly not enough to remember and as with previous pronouncements about what "customers have told us" it all seems very convenient.  You don't listen to or even comment on the vast majority of what people that are very involved in Exchange have been suggesting in these forums for years yet you make changes based on these mythical "customers".  

 

re: "Customers also tell us that December is not a good time to release a CU, which is why we didn’t release any in December 2021."

I've never heard that either.  December is a great time to release a CU. If you have a change freeze or too many people away on holiday in December, you install it in January after you've enjoyed your time off and you have the benefit of seeing if it caused a problem for anyone back in December.  "Will the new CU kill my Exchange server?" is a question that people ask out here in the real world,

 

re: "moving to a release cadence of two CUs per year ....  target release dates of March and September. ....  But our release dates are driven by quality, so we might release updates in April or October, or some other month"

So the new cadence means nothing really.  You'll release (and inexplicably delay the release of) fixes as you see fit and generate confusion, especially in these forums about what order to install the "Hx" CU releases versus the off-schedule releases versus the SU's etc.   You've been playing with the cadence and terminology (Hx CU, CU, SU, Service Pack, Rollup and whatever else I've forgotten) for years since Exchange 4.0 but nothing really changes.  

Quarterly CUs were a reasonable approach but you've chosen to muddy the waters yet again for no apparent reason outside of what "Customers have told us".

 

Iron Contributor

"...shut down their last Exchange server(s) and use Windows PowerShell for recipient management. "

 

Glorious. Thought this day would never come!

Copper Contributor

Would you be so kind to update the following article (solution is missing): https://support.microsoft.com/de-de/topic/invalid-new-auth-certificate-for-servers-that-are-not-on-u... The english version is also not complete

Copper Contributor

Its great to finally have the CU released, but it looks like no changes have been made to the BigFunnel Indexing and search issues.

So disappointed.  Its been 12 months since we can search for emails in Outlook OWA or Desktop.

 

Steel Contributor

The mystery of why we don't uninstall the last server is interesting, but all the caveats seem totally fair and understandable.

 

Making free Hybrid keys for Exchange 2019 is a very welcomed kind gesture.  Thank you!

 

The Release cadence change, does seem funny how few years it takes before Microsoft changes its mind.  But at this point it's clear and should be expected that there are always going to be these changes and the different products are like planets that only line up for a short period of time.  Right now they're looking pretty aligned!

 

Next up we should expect a few product and feature name changes designed to keep everyone on their toes (especially students and exam takers).  But seriously please don't =).

Copper Contributor

Hello

 

Install went smoothly.

 

Is this possible after to in place upgrade windows 2019 to 2022 ?

 

Thanks

Silver Contributor

I lost hope for solution to get rid of last local server so long ago, so even missed this bit when skimming through this article :D Of course, we got rid of last server long time ago and used the unofficial path (ADUC and such), but it is finally official. Took only how many years? :)

Copper Contributor

shut down your last Exchange server, and manage recipients using Windows PowerShell....

So, the last Exchange Server can still not be uninstalled :unamused:

Thanks for listening to the user feedback and bringing the hybrid license for Exchange Server 2019! Much appreciated.

Agree with previous comments that semi annual CUs are not frequent enough and will likely lead to even more non compliant systems and more emergency hotfixes. Emergency hotfixes in the past 2 years were much harder to keep up with than regular and planable CU strategy.

Please reconsider the consequences of changing this schedule. I don't believe that Exchange Online will only see semi-annual updates. 

 

Can you leave an follow-up plans to Exchange Server vNext and the free "step-up"? 
Customers having on-premises Exchange are wondering why there is no Exchange Server 2022 or similar announced, late after Windows Server 2022 is released. Thank you very much!

kwesterebbinghausbusiness_0-1650547812957.png

 

Microsoft

@kwester-ebbinghaus-business Understood, but we have nothing to announce on that subject at this time. This is a separate subject and we fully understand that there has been lack of information.

@Mukesh Srivastava Please check out linked documentation about this new management feature; there are very good reasons why the server cannot be uninstalled, but that does not mean it cannot be removed. :) Too much to get into in the announcement blog post but I think Docs article covers it.

@StanthewiZZard If by this you mean if you can in-place upgrade the OS under the running Exchange Server, then the answer is no; that is not supported (never was).

@gjsigma This is an unsupported situation; the problem with uninstalling the last server is that it pulls out AD objects that are needed for management via PowerShell. We have not validated this scenario but likely it involves creating a new organization (starting from scratch) using the same organization name. Note again, this is not a scenario that we support.

Microsoft

@swm011010 You are right; we did not provide enough information in related KB article (something we are working on).

Iron Contributor

@The_Exchange_Team

In the announcement you state that "CU12 also introduces support for running Exchange Server 2019 on Windows Server 2022 and in environments that use Windows Server 2022 Active Directory servers."

In the table below that you then state that "Windows Server 2022 AD" is "Supported" .

Since "Windows Server 2022 AD" is not the same as "Windows Server 2022 Active Directory Servers", are you announcing a heretofore non-existent Domain/Forest functional level for Active Directory ?

 

Looking forward to your always timely, accurate and thoughtful response

Microsoft

@Sam_T the note is about domain controllers running Windows Server 2022. Exchange 2019 CU12 is supported in an Active Directory Domain Services environment with DCs running Windows Server 2022.

Copper Contributor

OK

so exchange CU12 can't run on windows 2022 at all (fresh install or inplace upgrade)

 

Thanks

 

Microsoft

@StanthewiZZard Please have a look at the Supportability Matrix if unclear: Exchange Server supportability matrix | Microsoft Docs

Iron Contributor

@Paul Newell 

 

Hi Paul.  I understand completely what was announced in terms of support for domain controllers. Do you understand that in the table you then state that "Windows Server 2022 AD" is "Supported" ?   That's implying that you are supporting a non-existent domain/forest functional level.  Did you understand my post ? 

there are different tables, one is for support Domain Controllers, other tables refer to FFL / DFL. This can differ. Always check the en-us pages as others are manually translated are prone to be not updated in time.

Copper Contributor

@Nino Bilic

Clear

in place upgrade not for the moment (hope for the next CU)

fresh install supported

 

Thanks

Copper Contributor

So will this be the "last" cumulative update for Exchange Server 2016? This is now the fourth "last" CU. Some more proactive communications about this would have been appreciated especially for those of us who just upgraded our entire Exchange Server 2016 fleet to CU22 last week. ;)

Microsoft

@StanthewiZZard I don't understand your comment, though. A "fresh install" of Exchange Server 2019 on the Windows Server 2022 OS should be done using the Exchange 2019 CU12 bits (.ISO file). Our cumulative updates are "whole product" so you do not need to start from Exchange Server 2019 RTM code and then upgrade to CU12. You just start from CU12 if you want to install on top of Windows Server 2022 OS.

Upgrading Windows under Exchange Server was never supported (between major Windows versions) so that support is not coming now or in the future Exchange CU.

Hi @Nino Bilic  thanks for the important notice, can you please have filed PR on docs.microsoft.com

to include this note "Upgrading Windows under Exchange Server was never supported (between major Windows versions) so that support is not coming now or in the future Exchange CU."

Just saying because:

 

Upgrading from Windows Server 2019 with Exchange Server 2019 to Windows Server 2022 might be tempting. in place upgrades are really easy and upgrading to Windows Server 2022 does not change / downgrade .net nor PowerShell (WMF 5.1).

Microsoft

@janelson This is the last* CU for Exchange Server 2016.

* - reality of the situation is that if some pressing need arises that would make releasing another CU the right thing to do for our customers, we would do it. But we do not have plans to release another CU for Exchange Server 2016.

Copper Contributor

@Nino Bilic

Windows 2022 need a fresh install as upgrading windows 2019 with Exch2019 is not supported.

 

I do know that the CU is the full Exchange install :)

 

You should change the matrix because "not supported for the moment" implies that it will be in the futur. 
So "not supported" would be preferable.

 

So now, I need:
To install a new WS2022

Install CU12 on it
Migrate mailboxes

If you wanted your customer to turn to other solution (cloud maybe) you would be doing the other way.
MS is still MS (a mess)

 

Thank for the explanations

 
Microsoft

@kwester-ebbinghaus-business and @StanthewiZZard Fair point; I'll clarify the Supportability Matrix so we state that we do not support WS 2019 > 2022 in-place upgrades, now (we say this already) or in the future (will clarify this).

Thanks!

Microsoft

@Sam_T, yes, I understand how that can be inferred. The post above was updated to "Windows Server 2022 AD Servers", matching what's listed in the Supported Active Directory environments section of the Exchange Server supportability matrix

Copper Contributor

Hi @Nino Bilic 

If i run CleanupActiveDirectoryEMT.ps1, will it be possible to install an Exchange Server again?

Microsoft

@Cynrik (Comment edited 4/22) You bring up a good point - we should add this to documentation.

Copper Contributor

@Nino Bilic 

You posted that uninstalling the last Exchange server is unsupported.

What about a fresh new AD?

Do i have to install an Exchange Server to be in a supported scenario, or is it sufficient to just install the Exchange 2019 CU12+ Management tools?

Copper Contributor

A minor suggestion on the "Manage recipients in Exchange Hybrid environments using Management tools" documentation.  You might want to move the warning about not uninstalling Exchange to the top of the instructions instead of the bottom.  I can see a number of people not noticing that until it's too late.  Not everyone reads the manual before doing things.  :smile:

Brass Contributor

Reading through the list of fixes I really asked myself who decided to remove the ability to use UNC paths in management cmdlets.

 

Especially the side effect of removing most of the certificate management tasks from ECP is a bummer.

Copper Contributor

@The_Exchange_Team 

 

Great news.

One clarification, based on the matrix, it means that the Ex2019 CU12 management tools can only be installed on WS2019, WS2022 server and Win10 client. But not on WS2016 Servers?

 

Regards Stive

Microsoft

@SteveTH Yes, that is correct.

Microsoft

@Cynrik Yes, using E2019 management tools in a scenario where AD did not have an Exchange Server installed ever is also supported, yes. We are adding this to the documentation. You will have to extend the schema etc. of course.

Copper Contributor

@Nino Bilic 

Does it work if i first uninstall the last exchange server and afterwards install the Management Tools?

Microsoft

@Cynrik We do not support you uninstalling the last Exchange server. We specifically say that the last server should not be uninstalled, rather, the server should be shut down and then yes you can use the cleanup script to remove some AD objects but not by uninstalling of the server (if by 'uninstalling' you mean running Exchange setup and uninstalling Exchange from the last server).

Co-Authors
Version history
Last update:
‎Apr 21 2022 10:00 AM
Updated by: