Released: August 2023 Exchange Server Security Updates
Published Aug 08 2023 10:02 AM 194K Views

Update 10/10/2023: Our recommendation to address CVE-2023-21709 is now changed; please see the changes below.

Update 9/12/2023: As a part of the September 2023 "Patch Tuesday" we have released a few more Exchange Server CVEs. They were all addressed in our August 2023 SU (more information here). If you did not install August SUs yet, please do so now.

Microsoft has released Security Updates (SUs) for vulnerabilities found in:

  • Exchange Server 2019
  • Exchange Server 2016

SUs are available for the following specific versions of Exchange Server (download links are updated for re-released SUs):

  • Exchange Server 2019 CU12 and CU13
  • Exchange Server 2016 CU23

The August 2023 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your environment.

These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed by these SUs and do not need to take any action other than updating any Exchange servers or Exchange Management tools workstations in their environment.

More details about specific CVEs can be found in the Security Update Guide (filter on Exchange Server under Product Family).

Steps needed to address CVE-2023-21709

To address CVE-2023-21709, our updated recommendation is for administrators to install October 2023 Windows Security Updates on all of their Exchange Servers. Please see October 2023 Security Update announcement for more information.

Support for change of default encryption algorithm in Microsoft Purview Information Protection

This section applies only to our customers who use Exchange Server and either Azure or AD Rights Management Service (RMS). If you do not know what that is, Exchange Online CBC encryption changes should not apply to you:

As announced in the Encryption algorithm changes in Microsoft Purview Information Protection blog post, Exchange Server August 2023 SUs contain updates that enable customers who use Exchange Server on-premises to continue decrypting content protected by Purview sensitivity labels or Active Directory Rights Management Services. Please review that blog post for details and timelines and read AES256-CBC support for Microsoft 365 documentation.

If your organization is impacted by this change, after installing the August SU on your Exchange servers, see this KB article. Please note – this step is not needed unless your on-premises servers require support for AES256-CBC.

Update installation

The following update paths are available:

Aug2023SUpaths01.jpg

Known issues with this release

  • Customers impacted by the upcoming Microsoft 365 AES256-CBC encryption change need to perform a manual action to enable new encryption algorithm after August 2023 SU is installed. Please see this KB article. We will remove the requirement for manual action in a future update.

Issues resolved in this release

FAQs

Our organization is in Hybrid mode with Exchange Online. Do we need to do anything?
Exchange Online is already protected, but this SU needs to be installed on your Exchange servers, even if they are used only for management purposes. If you change the auth certificate after installing an SU, you should re-run the Hybrid Configuration Wizard.

The last SU we installed is a few months old. Do we need to install all SUs in order to install the latest one?
SUs are cumulative. If you are running a CU supported by the SU, you do not need to install all SUs in sequential order; simply install the latest SU. Please see this blog post for more information.

Do we need to install SUs on all Exchange Servers within our organization? What about ‘Management Tools only’ machines?
Our recommendation is to install SUs on all Exchange Servers and all servers and workstations running the Exchange Management Tools to ensure compatibility between management tools clients and servers. If you are trying to update the Exchange Management Tools in the environment with no running Exchange servers, please see this.

We still use Exchange Server 2013 on-premises to host mailboxes. Can we have an update for Exchange Server 2013 to support the new Microsoft 365 AES256-CBC encryption standard?
Exchange Server 2013 is out of support and will not receive any further security updates. We do not perform any vulnerability testing against this version of Exchange anymore. Exchange Server 2013 is likely vulnerable to any vulnerabilities disclosed after April 2023 and you should migrate to Exchange Server 2019 or Exchange Online as soon as possible and decommission Exchange Server 2013 from your environment.

Documentation may not be fully available at the time this post is published.

Blog post updates:

  • 9/12: Changed the banner to mention that Aug 2023 SUs are also the resolution to Exchange Server CVEs released in September 2023.
  • 8/16: Added a known issue for: Users in account forest can’t change expired password in OWA in multi-forest Exchange deployments after installing August 2023 SU
  • 8/15: Updated the blog post to reflect that Aug 2023 SUs were re-released on 8/15/2023
  • 8/15: Added a link to the process of installing updates on management tools machine when there are no Exchange servers running
  • 8/15: Temporarily removed all download links
  • 8/9: Referenced Exchange Server 2019 and 2016 August 2023 security update installation fails on non-English operatin... in Known Issues section
  • 8/9: Added a command that will help you reset the state of your services if setup has already failed
  • 8/9: Added a known issue about non-English servers Setup issues and temporary removal of August SUs from Microsoft / Windows update

The Exchange Server Team

213 Comments
Brass Contributor

This Exchange SU cannot be installed in our environments (OS and Exchange in de-de). Installer throws Error 1603.

 

Tested on Exchange Server 2016 CU23 SU8 on Windows Server 2016 as well as Exchange Server 2019 CU13 SU1 on Windows Server 2022.

 

Property(C): msgINTERIMUPDATEDETECTED = Unable to install because a previous Interim Update for Microsoft Exchange Server 2016 Cumulative Update 23 has been installed. Please use Add/Remove Programs to uninstall the Interim Update before running this setup again.
Property(C): msgRequiresProc = The version of this file is not compatible with the version of Microsoft Exchange Server 2016 Cumulative Update 23 that you're running. Check your computer to see whether you need an x64 (64-bit) or x86 (32-bit) version of this file.

 

MSI (c) (54:10) [22:15:58:033]: Product: Microsoft Exchange Server - Update 'Security Update for Exchange Server 2016 Cumulative Update 23 (KB5029388) 15.1.2507.31' could not be installed. Error code 1603. Additional information is available in the log file C:\Program Files\Microsoft\Exchange Server\V15\Logging\Update\msi\ExchangeUpdate_2023-08-08-195915.log.

MSI (c) (54:10) [22:15:58:034]: Windows Installer installed an update. Product Name: Microsoft Exchange Server. Product Version: 15.1.2507.6. Product Language: 1033. Manufacturer: Microsoft Corporation. Update Name: Security Update for Exchange Server 2016 Cumulative Update 23 (KB5029388) 15.1.2507.31. Installation success or error status: 1603.

 

Do I really have to uninstall the previous SU first?

 

The Patch even leaves the server in a non-working state with all Exchange services deactivated which have to be reset to automactic startup!

Copper Contributor

We have a similar problem like @Lothar_Lindinger . The Exchange SU cannot complete in our environments (Exchange 2019 and 2016), also on an very clean test environment. The OS and the Exchange are in de-de.

 

Property(C): msgINTERIMUPDATEDETECTED = Unable to install because a previous Interim Update for Microsoft Exchange Server 2019 Cumulative Update 13 has been installed. Please use Add/Remove Programs to uninstall the Interim Update before running this setup again.
Property(C): msgRequiresProc = The version of this file is not compatible with the version of Microsoft Exchange Server 2019 Cumulative Update 13 that you're running. Check your computer to see whether you need an x64 (64-bit) or x86 (32-bit) version of this file.

 

MSI (c) (BC:74) [21:17:48:953]: Product: Microsoft Exchange Server - Update 'Security Update for Exchange Server 2019 Cumulative Update 13 (KB5029388) 15.2.1258.23' could not be installed. Error code 1603. Additional information is available in the log file D:\Exchange Server\Logging\Update\msi\ExchangeUpdate_2023-08-08-190917.log.

 

image.png

 

After the patch the servers are in a non-working state. We have services which do not start because of dependencies and even crashing transport services ("1067, Prozess wurde unerwartet beendet").

Brass Contributor

@The_Exchange_Team Please remove this update from WSUS Distribution at the earliest!

Brass Contributor

Manual service depedencies which might not be 100% obvious:

IISADMIN

W3SVC

Winmgmt

FMS

RemoteRegistry

SearchExchangeTracing

 

All these services should be set to automatic startup beside all obvious "Microsoft Exchange ..." services!

Copper Contributor

We have shutdown our last Exchange server and have an "Exchange Management Tools only" machine to manage mail-enabled recipient properties. The management tools are from CU12. How can we upgrade to CU13 without installing other Exchange roles during the upgrade process? I have tried the following command:

D:\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /Role:ManagementTools

...but receive the following error:

Please select at least one server role to install. Make sure that the specified roles aren't already installed.

 

Copper Contributor

Workaround

 

# Automatic services
$auto = "MSExchangeADTopology",
"MSExchangeAntispamUpdate",
"MSExchangeDagMgmt",
"MSExchangeDiagnostics",
"MSExchangeEdgeSync",
"MSExchangeFrontEndTransport",
"MSExchangeHM",
"MSExchangeImap4",
"MSExchangeIMAP4BE",
"MSExchangeIS",
"MSExchangeMailboxAssistants",
"MSExchangeMailboxReplication",
"MSExchangeDelivery",
"MSExchangeSubmission",
"MSExchangeRepl",
"MSExchangeRPC",
"MSExchangeFastSearch",
"HostControllerService",
"MSExchangeServiceHost",
"MSExchangeThrottling",
"MSExchangeTransport",
"MSExchangeTransportLogSearch",
"MSExchangeUM",
"MSExchangeUMCR",
"FMS",
"IISADMIN",
"RemoteRegistry",
"SearchExchangeTracing",
"Winmgmt",
"W3SVC"

# Manual services
$man = "MSExchangePop3",
"MSExchangePOP3BE",
"wsbexchange",
"AppIDSvc",
"pla"

# Enable Services
foreach ($service in $auto) {
   Set-Service -Name $service -StartupType Automatic
   Write-Host "Enabling "$service
}
foreach ($service2 in $man) {
   Set-Service -Name $service2 -StartupType Manual
   Write-Host "Enabling "$service2
}

# Start Services
foreach ($service in $auto) {
   Start-Service -Name $service
   Write-Host "Starting "$service 
}
  • Save this Script into a .ps1 file and run it as Adminstrator in the Powershell
  • When Errors appears, check the Name of the Service and start him manually
  • After this my Exchange 2016 and 2019 worked

Source for the Script : https://www.alitajran.com/restart-exchange-services-powershell-script/ 

Brass Contributor

Same on my end, tried on two different Exchange 2019 CU13 de-de servers. After failing, I fixed all services and it seems to run fine without the SU.

 

Please provide a working patch soon, as POCs for the RCEs will be coming up in the next few hours...

Copper Contributor

Also here: The update crashes on de-de OS and Exchange servers. Rollout has now been stopped for all our customers.

Microsoft

Can one of you who has issues with setup please open a ticket on this? We are not aware of this issue. Also, if you can DM me with a msi SU log; it will be something like:

C:\Program Files\Microsoft\Exchange Server\V15\Logging\Update\msi\ExchangeUpdate_2023-08-08-195915.log

@dsantesson @nmildner @Lothar_Lindinger 

Brass Contributor

DM'd you @Nino_Bilic 

Microsoft

@nmildner Got it - thanks, it's being looked at...

EDIT: got two logs; thank you! It is still unclear what is going on (we only see some sort of Access Denied in both logs but unclear why). We are trying to get a repro. If someone can open a ticket that would probably help.

Copper Contributor

Hi Team:

After installing the latest SU, some of the servers roll back up the update and get stick on "Shutting down service: Windows Modules Installer"  if we do a hard shutdown, it goes right back to the installing of the updates and fails, and on reboot goes back to this window.

Has this been reported and is there a workaround?

Regards

Copper Contributor

What bugged me out the most:
On german windows server, this update set´s "Winmgmt" to "Disabled" and after a reboot you are unable to manage your server, neither remote nor local, unless you manually start the service by hand.. This will probably lead to chaos tommorow..

Microsoft, please fix :)

Brass Contributor

I can also confirm that automatic installation of this update via Windows Update on Windows Server 2016 w/ Exchange Server CU23 Jun23SU (all de-de locale) fails and leaves the whole installation in an inoperational state.

 

MSI (c) (90:F4) [23:30:34:135]: Product: Microsoft Exchange Server - Update 'Security Update for Exchange Server 2016 Cumulative Update 23 (KB5029388) 15.1.2507.31' could not be installed. Error code 1603. Additional information is available in the log file E:\Exchange\V15\Logging\Update\msi\ExchangeUpdate_2023-08-08-205622.log.

MSI (c) (90:F4) [23:30:34:136]: Windows Installer installed an update. Product Name: Microsoft Exchange Server. Product Version: 15.1.2507.6. Product Language: 1033. Manufacturer: Microsoft Corporation. Update Name: Security Update for Exchange Server 2016 Cumulative Update 23 (KB5029388) 15.1.2507.31. Installation success or error status: 1603.

Copper Contributor

@Nino_Bilic it seems to be missing {30A4ABD2-C02E-4205-B04B-94CD59C7F827}.

 

Environment:
Windows Server 2016
Locale / Language: German
Currently installed Exchange: Exchange 2016 CU23 (15.1.2507.27)


MSI (c) (1C:2C) [14:13:17:112]: Unknown\Absent: {30A4ABD2-C02E-4205-B04B-94CD59C7F827} - C:\Users\Administrator\AppData\Local\Temp\2\ExchangeServer.msp


 

MSI (c) (1C:2C) [14:13:17:112]: Patch: {9F5C21B6-4276-4BB4-8D47-E4C5B3A06F29}	Order: 0	(Family: E15_DAT)
MSI (c) (1C:2C) [14:13:17:112]: Patch: {6A1E3D0A-436C-4B39-B174-F71A557FEAA9}	Order: 1	(Family: E15_DAT)
MSI (c) (1C:2C) [14:13:17:112]: Patch: {E442EE6F-208C-4B16-84F0-FB249A78477A}	Order: 2	(Family: E15_DAT)
MSI (c) (1C:2C) [14:13:17:112]: Patch: {A35C23B3-58DE-4527-8809-D89521AE966D}	Order: 3	(Family: E15_DAT)
MSI (c) (1C:2C) [14:13:17:112]: Patch: {43403F9A-86C4-403E-8E28-767AAEA71928}	Order: 4	(Family: E15_DAT)
MSI (c) (1C:2C) [14:13:17:112]: The ordered #_QFESequence table: - has the final sequence of QFEs.  It lists each PatchGUID only once.
MSI (c) (1C:2C) [14:13:17:112]: PatchGUID: {9F5C21B6-4276-4BB4-8D47-E4C5B3A06F29}	ResultantVersion: 15.1.2375.7	PatchFamily: E15_DAT	Sequence: 15.1.2375.12	Order: 0
MSI (c) (1C:2C) [14:13:17:112]: PatchGUID: {6A1E3D0A-436C-4B39-B174-F71A557FEAA9}	ResultantVersion: 15.1.2375.7	PatchFamily: E15_DAT	Sequence: 15.1.2375.17	Order: 1
MSI (c) (1C:2C) [14:13:17:112]: PatchGUID: {E442EE6F-208C-4B16-84F0-FB249A78477A}	ResultantVersion: 15.1.2375.7	PatchFamily: E15_DAT	Sequence: 15.1.2375.18	Order: 2
MSI (c) (1C:2C) [14:13:17:112]: PatchGUID: {A35C23B3-58DE-4527-8809-D89521AE966D}	ResultantVersion: 15.1.2375.7	PatchFamily: E15_DAT	Sequence: 15.1.2375.24	Order: 3
MSI (c) (1C:2C) [14:13:17:112]: PatchGUID: {43403F9A-86C4-403E-8E28-767AAEA71928}	ResultantVersion: 15.1.2375.7	PatchFamily: E15_DAT	Sequence: 15.1.2375.28	Order: 4
MSI (c) (1C:2C) [14:13:17:112]: PATCH SEQUENCER: there's no supersedence information available, so no patches will be superseded.
MSI (c) (1C:2C) [14:13:17:112]: SequencePatches returns success.
MSI (c) (1C:2C) [14:13:17:112]: Final Patch Application Order:
MSI (c) (1C:2C) [14:13:17:112]: {9F5C21B6-4276-4BB4-8D47-E4C5B3A06F29} - 
MSI (c) (1C:2C) [14:13:17:112]: {6A1E3D0A-436C-4B39-B174-F71A557FEAA9} - 
MSI (c) (1C:2C) [14:13:17:112]: {E442EE6F-208C-4B16-84F0-FB249A78477A} - 
MSI (c) (1C:2C) [14:13:17:112]: {A35C23B3-58DE-4527-8809-D89521AE966D} - 
MSI (c) (1C:2C) [14:13:17:112]: {43403F9A-86C4-403E-8E28-767AAEA71928} - 
MSI (c) (1C:2C) [14:13:17:112]: Other Patches:
MSI (c) (1C:2C) [14:13:17:112]: Unknown\Absent: {30A4ABD2-C02E-4205-B04B-94CD59C7F827} - C:\Users\Administrator\AppData\Local\Temp\2\ExchangeServer.msp
Das Upgrade kann nicht vom Windows-Installationsdienst installiert werden, da das zu aktualisierende Programm nicht vorhanden ist oder eine andere Version des Programms mit dem Upgrade aktualisiert wird. Überprüfen Sie, ob das zu aktualisierende Programm vorhanden ist und das richtige Upgrade verwendet wird.
C:\Windows\Installer\c7770.msi
MSI (c) (1C:2C) [14:13:17:112]: Product: Microsoft Exchange Server - Update '{30A4ABD2-C02E-4205-B04B-94CD59C7F827}' could not be installed. Error code 1642. Additional information is available in the log file C:\Program Files\Microsoft\Exchange Server\V15\Logging\Update\msi\ExchangeUpdate_2022-07-02-121315.log.

MSI (c) (1C:2C) [14:13:17:113]: Windows Installer installed an update. Product Name: Microsoft Exchange Server. Product Version: 15.1.2375.7. Product Language: 1033. Manufacturer: Microsoft Corporation. Update Name: {30A4ABD2-C02E-4205-B04B-94CD59C7F827}. Installation success or error status: 1642.

MSI (c) (1C:2C) [14:13:17:114]: Note: 1: 1708 
MSI (c) (1C:2C) [14:13:17:114]: Product: Microsoft Exchange Server -- Installation failed.​

 




Microsoft

@Spacefish I'm not sure that this is the right log; seems like it is from last year? The name of the log seems to be "ExchangeUpdate_2022-07-02-121315.log"?

Iron Contributor

So is this installation error only affecting German language installations?  

Iron Contributor

@jmacikanycz  What is the solution for installing this update on management tools only workstations with an Exchange server?

Copper Contributor

Could someone confirm if this issue is only with German locale? 

Copper Contributor

Hello, we are using a German version of Exchange 2016 CU23. Same problem here. Maybe this part from the SetupLog helps:

 

Exchange2016.jpg

 

KB5014261 ist the SU from May 2023.

 

Regards,

Jörg

 

Brass Contributor

@Goldi2005 This was my first impression as well as it does not recognize the previously installed SU correctly according to the logs. Did you try to uninstall KB5025903? I did not so far, I don't want to interrupt services and I don't have a dogfood Exchange environment running anywhere at the moment.

 

First customer called with broken Exchange. I currently give the KB5029503 uninstall theory a shot there.

 

EDIT: No, uninstalling June 2023 Exchange SU KB5029503 does not resolve the install issue.

 

Property(S): INTERIM_UPDATE_INSTALLED = 5024296
Property(S): MsiRunningElevated = 1
Property(S): OriginalDatabase = C:\Windows\Installer\7d6c1.msi
Property(S): Preselected = 1
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): KB5019077 = KB5019077
Property(S): RecentFolder = C:\Users\Merlin\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): msgInterimIncorrectRollup = Installation cannot continue. The Setup Wizard has determined that this Interim Update is incompatible with the current Microsoft Exchange Server 2016 Cumulative Update 23 configuration.
Property(S): VirtualMemory = 22323
Property(S): TextHeight = 16
Property(S): DesktopFolder = C:\Users\Public\Desktop\
Property(S): QFEUpgrade = 2
Property(S): SECONDSEQUENCE = 1
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): ProgramFilesFolder = C:\Program Files (x86)\
Property(S): _BF926C0711244181ACD223071C51BDD3 = C:\Windows\Installer\4da70bc.msp

 

What's even more **bleep**: I cannot even install KB5025903 again on this server - is now also incompatible!

Copper Contributor

Hello, Jörg,

we also have this entry in the log. The entire log was already made available to Nino Bilic yesterday.
It might be helpful if more admins sent their logs to Nino Bilic via DM.

Regards,

Dieter

 

Brass Contributor

Same thing here! Updating on German version fails and leaves the node in an nonoperational state. 

Configuring all services with the script mentioned by @bloodking and restarting the node helps.

Copper Contributor

Hello team,

time is ticking and we have unpatched servers. Could you check if uninstalling KB5014261 and then installing KB5029388 would be a possible workaround? If so, detailed instructions would be useful.
In German forums there are numerous reports about failed installations.
Regards,
Dieter

Brass Contributor

Q: time is ticking and we have unpatched servers. Could you check if uninstalling KB5014261 and then installing KB5029388 would be a possible workaround? If so, detailed instructions would be useful.

 

No, this breaks the server even more rendering it unable to install any SU, just tested!

 

Attention: Just rebooted that server, now Windows Update installs SU8 again without manual interaction. Weird.

 

Lothar_Lindinger_0-1691567753768.png

 

So updates are obviously NOT broken after uninstalling previous SU.

 

Lothar_Lindinger_1-1691568000945.png

 

 

Best Regards,
Lothar

Copper Contributor

Same issue on french servers... it's not only related to german...

 

 

Deleted
Not applicable

Same here. german version

Brass Contributor

@Nino_Bilic: Please get KB5029388 off WSUS and Windows Update ASAP!

 

Lothar_Lindinger_0-1691568527458.png

Had the delete SoftwareDistribution Folder on the Exchange Server (2016 on Windows Server 2016) to prevent local WindowsUpdate Agent from installing again and again - only disabling the KB5029388 on WSUS was NOT enough.

Deleted
Not applicable

I'm affected too. MS Server 2016 + MS Exchange 2016 CU23.

Copper Contributor

So far, no problem with Exchange 2019 CU13 US.
Except it lost its Exchange certificate on the Back End side

Copper Contributor

Good morning,

 

Please can somebody from the Exchange team provide an informative update regarding the security update.  Which language versions are affected (or is it all)?

 

We are in the UK.  And I am sure many companies are now starting to patch.  As this relates to an RCE we want to patch the vulnerabilities ASAP.  We are deploying updates via WSUS, so any information relating to updated packages too please.

 

Many Thanks for your time.

 

Paul

Deleted
Not applicable

Does the workaround from "bloodking" really fix the problem?

From a german source:
"The script only changes the starttype of the services (Dienste). Problem with update-rollbacks not solved. System unpatched and vulnerable. And its possible that the script did not match the current service-configuration."
Source (german): https://www.borncity.com/blog/2023/08/08/exchange-server-sicherheitsupdates-8-august-2023/#comment-1...   

 
Brass Contributor

@Deleted the update is broken. this is NOT a work-around! it only fixes the services to get them starting again, after the update aborted and did a rollback.

Copper Contributor

@Deleted,

the script restores the startup type of important services after the failed installation. The script does not install the patch. The servers remain vulnerable. Please run the HealthChecker.

Brass Contributor

@Deleted: On which language is your Exchange Server system runnning?

Copper Contributor

Also broke one of mine - and its a french one...

Had to restore the whole system partition and to shutdown windows update...

Brass Contributor

Can Microsoft please make a statement on whether CVE-2023-21709.ps1 (or the manual command execution) might increase the chances of mitigating CVE-2023-21709 WITHOUT INSTALLING SU2/9 BEFORE on supported versions of Exchange Servers with the highest possible pre-SU2/9 patch level?

Copper Contributor

@Nino_Bilic 

Have installed the update on our development \ test server and on running the Exchange Health Checker, it is saying 

Not on the latest SU. More Information: https://aka.ms/HC-ExBuilds

 

However the build number is 

15.02.1258.023

and the Security Hotfix is detected as installed.

Security Update for Exchange Server 2019 Cumulative Update 13 (KB5029388)

 

edit, the script wasn`t updating to the latest version, have manually updated and now showing correctly.

Brass Contributor
Hello,
 
I was able to install it on my LAB server running on Windows Server 2022 without any problems. It is running as EN and is serving Exchange Server 2019 CU13. When I examined the LOG files, I did not encounter any additional errors.
 
Even when I do a Health Check, everything looks fine.
 
cengizyilmaz_0-1691577164042.png

 

Copper Contributor

Greetings,

are there any news regarding the issue with DE-DE installations?

Copper Contributor

same issue here with German Windows Server 2016, Exchange 2016. Thanx to the forum (thx @bloodking ) I was able to work around the failing update KB5029388 (or better to bring Exchange back to a working state) and prevent it from re-installing (thx @Lothar_Lindinger ). Now I'm also waiting for the final patch release from Microsoft since the CVE security risks are still unsolved.

 

Greetings, 

Ron

Copper Contributor

Hi,

 

same problem in Italy, Exchange 2016 full patched ...

Copper Contributor

@kdcddeplease let us know .. how did you fix your Win2016/MSEx2016 environment? thanks in advance.

Copper Contributor

@kdcdde Thanks for the update. What did the trick for successfully installing the August security update?

Copper Contributor

hey y'all, a working example from me: Win Server 2019 Standard EN and Exchange 2019 (1033 EN) / latest CU+SU (am located in germany, but, I guess it's the original language version that works)

no issue till now, not done the CVE script yet.

Robert

Copper Contributor

I have the same problem. Server crashed after installing SU. Services are down and nothing starts.

 

Logs

"Property(C): msgINTERIMUPDATEDETECTED = Unable to install because a previous Interim Update for Microsoft Exchange Server 2016 Cumulative Update 23 has been installed. Please use Add/Remove Programs to uninstall the Interim Update before running this setup again.
Property(C): msgRequiresProc = The version of this file is not compatible with the version of Microsoft Exchange Server 2016 Cumulative Update 23 that you're running. Check your computer to see whether you need an x64 (64-bit) or x86 (32-bit) version of this file."

 

 

Windows Server 2016 Standard 1607 14393.6167
Poland

Copper Contributor

@Dome1160 @Gattaca I never mentioned that. fixing CVE risks is still unsolved. But at least the EXCH server is now back online... still have to wait for the solution from MS

Copper Contributor

@kdcdde  ah okay .. i just read "I was able to work around the failing update" and thought you fixed your env to a working node. okidoki .. let´s wait for M$ ^^

Copper Contributor

Let's summarize: There seems to be an issue when installing the August 2023 SU for Exchange 2016/2019 on any other language then EN which results in not installing the SU but leaving the Exchange servers in an unusable state where you manually have to start the necessary servcies and also need to set them to "automatic starting" to get Exchange back working. 

Could finally anyone from MS give a time span for a solution? It would much be appreciated. 

Copper Contributor

Win Server 2019 Standard EN and Exchange 2019 (1033 EN) / latest CU+SU

No problems whatsoever. Except on two servers that lost their certificate on the Back End side. But we've seen that before. I have also run the CVE script without problems.
When I read the thread, it seems that it applies to Exchange 2016 CU23 in non-original language. Possibly a few in the original language. So, my conclusion is that it is ok to install on a Exch 2019 server with original language and latest CU

Co-Authors
Version history
Last update:
‎Oct 10 2023 10:11 AM
Updated by: