Released: May 2022 Exchange Server Security Updates

Published May 10 2022 10:00 AM 46.9K Views

Microsoft has released security updates (SUs) for vulnerabilities found in:

  • Exchange Server 2013
  • Exchange Server 2016
  • Exchange Server 2019

IMPORTANT: Starting with this release of Security Updates, we are releasing updates in a self-extracting auto-elevating .exe package (in addition to the existing Windows Installer Patch format). Please see this post for more information. Original update packages can be downloaded from Microsoft Update Catalog.

These SUs are available for the following specific builds of Exchange Server:

The SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your environment.

These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action other than updating any Exchange servers in their environment.

More details about specific CVEs can be found in the Security Update Guide (filter on Exchange Server under Product Family).

Manual run of /PrepareAllDomains is required

Because of additional security hardening work for CVE-2022-21978, the following actions should be taken in addition to application of May 2022 security updates (please see the FAQ below if in your organization you never ran /PrepareAllDomains but ran /PrepareDomain for some domains only):

Latest version of Exchange Server installed in the organization

Additional steps needed

Exchange Server 2016 CU22 or CU23, or

Exchange Server 2019 CU11 or CU12

Install the May 2022 SU first and then run the following Command Prompt command once using Setup.exe in your Exchange Server installation path (e.g., …\Program Files\Microsoft\Exchange Server\v15\Bin):

 

“Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAllDomains”

 

Or

 

“Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAllDomains”

Exchange Server 2013 CU23

Install the May 2022 SU first and then run the following Command Prompt command once using Setup.exe in your Exchange Server installation path (e.g., …\Program Files\Microsoft\Exchange Server\v15\Bin):

 

Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains

Any older version of Exchange Server not listed above

Update your Exchange server to the latest CU, install May 2022 SU and then follow the steps above.

You need to run /PrepareAllDomains only once per organization and those changes will apply to all versions of Exchange Server within the organization. When you run /PrepareAllDomains, your account needs to be a member of the Enterprise Admins security group. This might be a different account from the one you use to install the SU. 

Update installation

Two update paths are available:

May2022SUsPath.jpg

Inventory your Exchange Servers / determine which updates are needed

Use the Exchange Server Health Checker script (use the latest release) to inventory your servers. Running this script will tell you if any of your Exchange Servers are behind on updates (CUs and SUs).

Update to the latest Cumulative Update

Go to https://aka.ms/ExchangeUpdateWizard and choose your currently running CU and your target CU to get directions for your environment.

If you encounter errors during or after installation of Exchange Server updates

If you encounter errors during installation, see the SetupAssist script. If something does not work properly after updates, see Repair failed installations of Exchange Cumulative and Security updates.

Known issues with this release

  • If you get the following error when trying to install the .exe version of the Exchange 2016 SU for CU22: "Could not load file or assembly 'Microsoft.Exchange.SecurityPatch.ExeGenerator" followed by "Strong name validation failed." and error "0x8013141A" - then please re-download the Exchange 2016 CU22 update and try again. We have resolved the problem with that .exe package.

Issues resolved by this release

The following issues have been resolved in this update:

  • Exchange Service Host service fails after installing March 2022 security update (KB5013118)
  • New-DatabaseAvailabilityGroupNetwork and Set-DatabaseAvailabilityGroupNetwork fail with error 0xe0434352
  • The UM Voicemail greetings function stops working and returns error 0xe0434352.
  • Unable to send mails through EAS and Get-EmailAddressPolicy fails with Microsoft.Exchange.Diagnostics.BlockedDeserializeTypeException after installing Security Update KB5008631 for Exchange 2019

FAQs

My organization is in Hybrid mode with Exchange Online. Do I need to do anything?
While Exchange Online customers are already protected, the May 2022 SUs do need to be installed on your on-premises Exchange servers, even if they are used only for management purposes. You do not need to re-run the Hybrid Configuration Wizard (HCW) after installing updates.

Do I need to install the updates on ‘Exchange Management Tools only’ workstations?
Servers or workstations running only the Management Tools role (no Exchange services) do not need these updates. If your organization uses only an Exchange Management Tools machine, then you should install the May 2022 SU package on it and run /PrepareAllDomains as per the above instructions to update Active Directory permissions.

Instructions seem to indicate that we should /PrepareAllDomains after May 2022 SU is installed; is that correct?
Yes. The May 2022 SU package updates files in Exchange server folders when it is installed. That is why once those files are updated (SU is installed) – we ask you to go and explicitly /PrepareAllDomains using setup from \v15\Bin folder.

In our organization we never ran /PrepareAllDomains. We only prepared several of our domains. Do we still need to run /PrepareAllDomains to address CVE-2022-21978?
Our documentation guides our customers to run /PrepareAllDomains as a part of the Exchange organization setup. If your organization has prepared only a subset of all your Active Directory domains, then you can choose to use the /PrepareDomain switch in those specific domains only. To check if /PrepareDomain was ran in a particular domain, check for the presence of the Microsoft Exchange System Objects container in that domain.

We never used the Microsoft Update catalog and need help getting the old version of update package. Help?!
You can search the Microsoft Update Catalog for your version of Exchange (for example “Exchange Server 2019”). Here are quick links with search strings for Exchange 20132016 and 2019. Once the results come up, sort by the “Last updated” column to display the latest security update. Use the Download button to download the .cab file and then rick-click on the .cab and choose Open to reveal the .msp file. Extract the .msp file and proceed using it (but remember that .msp requires elevation when installing!)

Can we run /PrepareAllDomains before all of our Exchange servers are updated with May 2022 CU?
Yes. There is no dependency between running of /PrepareAllDomains and installation of updates on all servers. /PrepareAllDomains can be run when as least one machine is updated (from that machine) but could be postponed and be run when you are ready to address that particular CVE.

We ran /PrepareAllDomains but Health Checker script is telling us we are still vulnerable. Or: Health Checker script fails to check for CVE-2022-21978 update status.
Please update your Health Checker script; we resolved the problem that was causing this and the new version of the check is now published. Also, please note that if your organization uses split permissions and Exchange admins do not have rights to read Active Directory configuration, we updated the Health Checker on 5/16 to indicate when more permissions might be required for the check to complete.

Updates to this blog post:

  • 5/16: Another update to Health Checker FAQ to account for split permissions
  • 5/12: Updated the Health Checker FAQ; the updated version is now published
  • 5/11: Added a FAQ about Health Checker script in some environments incorrectly reporting that CVE-2022-21978 is not addressed after /PrepareAllDomains was run
  • 5/11: Added a FAQ on order of running /PrepareAllDomains vs. updating of all Exchange servers
  • 5/11: Redirected the Exchange 2016 CU22 package back to the Download Center as the issue with that update's .exe package has been resolved
  • 5/11: Redirected the Exchange 2016 CU22 SU download link to Microsoft Update Catalog download while we address an issue with .exe installer.
  • 5/11: Additional clarification of /PrepareDomain vs. /PrepareAllDomains for customers who never ran /PrepareAllDomains in their organization
  • 5/11: Added the workaround for a 'Strong name validation error' that a small number of customers reported
  • 5/11: Added information on how to find the .msp version of updates in Microsoft Update Catalog
  • 5/10: Added a FAQ mentioning the use of /PrepareDomain instead of /PrepareAllDomains for organizations that need to do so.

The Exchange Server Team

138 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-3352581%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3352581%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20install%20the%20May%202022%20SU%20while%20on%20Exchange%202019%20CU11%20and%20then%20later%20down%20the%20road%2C%20upgrade%20to%20CU12%2C%20will%20the%20same%20May%202022%20SU%20and%20command%20need%20to%20be%20installed%20again%2C%20but%20now%20for%20CU12%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20now%20with%20the%20SU%20being%20a%20.exe%2C%20for%20Exchange%20Server%20Core%20versions%2C%20is%20this%20just%20now%20a%20matter%20of%20navigating%20to%20the%20.exe%20via%20command%20line%20as%20administrator%20and%20lunching%20it%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3352711%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3352711%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F683542%22%20target%3D%22_blank%22%3E%40PatchesOhoulihan14%3C%2FA%3E%26nbsp%3BNo%2C%20every%20CU%20has%20it's%20own%20SU.%20SU%20installation%20does%20not%20%22survive%22%20the%20upgrade%20between%20CUs.%20See%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fwhy-exchange-server-updates-matter%2Fba-p%2F2280770%22%20target%3D%22_self%22%3Ethis%20post%3C%2FA%3E.%20EDIT%3A%20yes%20this%20is%20how%20it%20should%20work%20on%20Core.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F28181%22%20target%3D%22_blank%22%3E%40Todd%20J%20Vanscoter%3C%2FA%3E%26nbsp%3BYes%20please%20see%20the%20above%20note.%20%2FPrepareAllDomains%20requires%20Enterprise%20Admin.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3352668%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3352668%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRIKE%3EBecause%20of%20the%26nbsp%3B%3CSTRONG%3E%2FPrepareAllDomains%26nbsp%3B%3C%2FSTRONG%3Eswitch%2C%20does%20the%20Exchange%20Administrator%20also%20need%20to%20be%20an%20Enterprise%20Administrator%20to%20install%20this%20SU%3F%3C%2FSTRIKE%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20was%20pointed%20out%20that%20this%20question%20was%20already%20answered%20with%20a%20note%20in%20the%20article%20(I%20missed%20it)%2C%20my%20bad.%26nbsp%3B%20Thanks%20for%20the%20clarification.%26nbsp%3B%20I%20will%20also%20add%20this%20does%20make%20the%20installation%20of%20this%20SU%20some%20what%20painful%20as%20Exchange%20Admin%20duties%20are%20very%20much%20separated%20from%20Domain%20and%20Enterprise%20Admins%20in%20my%20org%2C%20it%20will%20require%20a%20lot%20of%20explaining.%26nbsp%3B%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3352847%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3352847%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Exchange%20Team%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20Update%20Catalog%20only%20lists%20Exchange%20May%2010%202022%20patches%20as%20.cab%20files%2C%20what%20happened%20to%20.msp%20files%3F%20Where%20can%20i%20get%20those%3F%3C%2FP%3E%3CP%3EI%20have%20about%2040%20Exchange%202016%20servers%2C%20so%20do%20i%20have%20to%20run%20those%20additional%20steps%20on%20every%20single%20Exchange%20server%20after%20installing%20May%202022%20SU%3F%3C%2FP%3E%3CP%3EMy%20Exchange%20servers%20live%20in%20a%20child%20domain%20and%20are%20unable%20to%20talk%20directly%20to%20my%20schema%20master%20to%20make%20those%20changes%20%2F%20updates%20in%20the%20root%20domain.%20I%20have%20dedicated%20server%20(no%20Exchange%202016%20installed)%20running%20in%20the%20same%20root%20domain%20%2F%20AD%20site%20as%20the%20schema%20master%20so%20i%20can%20prepare%20AD%20when%20needed%20for%20new%20CUs%20and%20so%20on%2C%20how%20i%20am%20going%20to%20run%20those%20additional%20tasks%3F%20DO%20i%20need%20to%20install%20Exchange%202016%20CU22%20on%20this%20server%2C%20run%20May%202022%20SU%20and%20then%20%2FPrepareAllDomains%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Epreparing%20AD%20is%20usually%20part%20of%20CUs%20not%20SUs%20and%20making%20changes%20to%20Forest%20%2F%20AD%20is%20more%20difficult%20than%20it%20should%20be.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3352809%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3352809%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F28181%22%20target%3D%22_blank%22%3E%40Todd%20J%20Vanscoter%3C%2FA%3E%26nbsp%3BNo%20problem%3B%20just%20to%20be%20super%20clear%3A%20the%20installation%20of%20the%20SU%20itself%20does%20not%20require%20more%20permissions%3B%20addressing%20that%20CVE%20using%20%2FPrepareAllDomains%20is%20what%20does%2C%20however.%20I%20get%20it%2C%20still%20more%20permissions%20are%20required%20but%20you%20can%20install%20the%20package%20with%20the%20same%20account%20that%20you%20usually%20use.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3353086%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3353086%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3EThanks%20for%20the%20quick%20update.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3353090%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3353090%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20the%20%2FPrepareAllDomains%20stuff%20have%20to%20be%20done%20after%20ALL%20your%20Exchange%20servers%20have%20been%20updated%2C%20or%20can%20it%20be%20done%20immediately%20after%20the%20first%20has%20been%20updated%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3353126%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3353126%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310526%22%20target%3D%22_blank%22%3E%40philrandal%3C%2FA%3E%26nbsp%3BYou%20can%20run%20this%20as%20soon%20as%20any%20one%20of%20your%20Exchange%20servers%20is%20updated%20with%20May%202022%20SUs.%20You%20do%20not%20need%20to%20wait%20until%20all%20Exchange%20servers%20are%20updated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3353047%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3353047%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F210956%22%20target%3D%22_blank%22%3E%40null%20null%3C%2FA%3E%26nbsp%3BUpdate%20Catalog%20always%20has%20only%20.cab%20but%20when%20you%20run%20the%20.cab%20(or%20extract%20it)%20it%20gives%20you%20a%20.msp.%20Hmmm%20we%20could%20have%20mentioned%20this%20somewhere%2C%20now%20that%20you%20bring%20that%20up.%20EDIT%3A%20this%20is%20now%20added%20as%20a%20FAQ%20on%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fnew-exchange-server-security-update-and-hotfix-packaging%2Fba-p%2F3301819%22%20target%3D%22_self%22%3ENew%20Exchange%20Server%20Security%20Update%20and%20Hotfix%20Packaging%3C%2FA%3E%26nbsp%3Bblog%20post.%3C%2FP%3E%0A%3CP%3E%2FPrepareAllDomains%20needs%20to%20be%20run%20only%20once.%20Requirements%20are%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FExchange%2Fplan-and-deploy%2Fprepare-ad-and-domains%3Fview%3Dexchserver-2019%23step-2-prepare-active-directory%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%20You%20could%20install%20a%20management%20tools%20machine%20using%20the%20last%20CU%20in%20that%20site%2C%20install%20the%20SU%20on%20it%20and%20then%20run%20%2FPrepareAllDomains%20from%20it%20(this%20scenario%20is%20in%20the%20FAQ%20above).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3353361%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3353361%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20if%20you%20have%20a%20mix%20of%20Exchange%202013%20and%20Exchange%202019%20servers%20in%20the%20same%20domain%3F%20Do%20you%20need%20to%20run%20the%20%2FPrepareAllDomains%20once%20on%20an%20ex2013%20box%2C%20and%20once%20on%20an%20ex2019%20box%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3353529%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3353529%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1176734%22%20target%3D%22_blank%22%3E%40RussellBuijsse%3C%2FA%3E%26nbsp%3BJust%20run%20it%20once%2C%20after%20installing%20the%20SU%20for%20the%20latest%20version.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3354388%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3354388%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20instructions%20seem%20to%20indicate%20installing%20the%20latest%20SU%20before%20the%20last%20CU.%26nbsp%3B%20I%20thought%20it%20was%20the%20other%20way%20around.%26nbsp%3B%20Do%20I%20have%20it%20backwards%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3354402%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3354402%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F172687%22%20target%3D%22_blank%22%3E%40Rob%20Hupf%3C%2FA%3E%26nbsp%3BWe%20released%20SUs%20for%20last%20two%20CUs%20for%20Exchange%202016%20%2F%202019.%20You%20can%20take%20the%20SU%20if%20you%20have%20either%20of%20those%20CUs%20installed%20and%20then%20run%20%2FPrepare%20switch.%20If%20you%20are%20on%20older%20CU%20that%20is%20not%20supported%20anymore%2C%20you'll%20need%20to%20come%20forward%20to%20one%20of%20supported%20CUs%20and%20install%20the%20SU%20after%20that.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3354424%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3354424%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20if%20we%20are%20on%202016%20CU22%2C%20we%20can%20load%20the%20May%202022%20SU%20instead%20of%20CU23%2C%20or%20do%20we%20load%20both%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3354597%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3354597%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20getting%20a%20'vulnerability%20detected%20true'%20error%20from%20the%20latest%26nbsp%3BExchange%20Health%20Checker%20version%2022.05.10.2047%20powershell%20script.%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20far%20I%20have%20successfully%20installed%20KB5014261%20via%20Windows%20Update%20(Server%202019%2C%20Exchange%202019%20CU12)%20and%20ran%20the%20post-install%20setup%20command%20mentioned%20above.%20I%20gave%20it%20a%20reboot%20for%20good%20measure%20--%20still%20getting%20the%20vulnerability%20detected%20error%3A%26nbsp%3B%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3ESecurity%20Vulnerability%3C%2FTD%3E%3CTD%3ECVE-2022-21978%20Unable%20to%20perform%20vulnerability%20testing%20-%20See%3A%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FHC-May22SU%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FHC-May22SU%3C%2FA%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3ESecurity%20Vulnerabilities%3C%2FTD%3E%3CTD%3ECVE-2022-21978%20Unable%20to%20perform%20vulnerability%20testing%20-%20See%3A%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FHC-May22SU%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FHC-May22SU%3C%2FA%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3354661%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3354661%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20an%20article%20that%20states%20the%20changes%20for%20the%20%2FprepareAllDomains%20switch%20for%20this%20SU%3F%26nbsp%3B%20I%20need%20something%20to%20show%20change%20control%20but%20cannot%20find%20the%20details!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3354758%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3354758%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eif%20we%20are%20in%20a%20hybrid%20setup%2C%20do%20we%20have%20to%20have%20the%26nbsp%3B%3CEM%3E%2FTenantOrganizationConfig%3C%2FEM%3E%3CSPAN%3E%26nbsp%3Bswitch%20with%20the%20preparealldomains%20switch%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Eor%20just%20simply%20run%20the%20command%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSTRONG%3E%E2%80%9CSetup.exe%20%2FIAcceptExchangeServerLicenseTerms_DiagnosticDataOFF%20%2FPrepareAllDomains%E2%80%9D%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3354868%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3354868%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F172687%22%20target%3D%22_blank%22%3E%40Rob%20Hupf%3C%2FA%3E%26nbsp%3BIf%20you%20are%20running%20CU22%2C%20then%20installing%20SU%20for%20CU22%20is%20the%20easiest%20for%20you%20now%20until%20you%20move%20to%20CU23.%20Just%20run%20%2FPrepare%20after%20installation%20of%20the%20SU.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3354870%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3354870%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F739649%22%20target%3D%22_blank%22%3E%40Googol%3C%2FA%3E%26nbsp%3BNo%2C%20you%20should%20not%20have%20to%20run%26nbsp%3B%2FTenantOrganizationConfig%20anymore.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3354876%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3354876%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1386518%22%20target%3D%22_blank%22%3E%40cvanoort%3C%2FA%3E%26nbsp%3BWe%20are%20still%20working%20on%20Health%20Checker%20script%20for%20this%20scenario%2C%20sorry%20about%20that.%20It%20is%20a%20work%20in%20progress.%20If%20you%20ran%20%2FPrepare%20and%20it%20completed%20successfully%2C%20you%20should%20be%20good%20to%20go.%20Still%20working%20on%20sorting%20out%20the%20details%20of%20Health%20Checker%20for%20all%20scenarios.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1386537%22%20target%3D%22_blank%22%3E%40dcliff11715%3C%2FA%3E%26nbsp%3BWe%20do%20not%20have%20an%20article%20published%20with%20details%20of%20exactly%20what%20the%20changes%20are.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3354878%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3354878%22%20slang%3D%22en-US%22%3E%3CP%3Eoh%20really%3F%20appreciate%20the%20quick%20response%20and%20your%20involvement%20in%20the%20community%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eperhaps%20this%20should%20be%20updated%20then%20about%20hybrid%20and%20running%20that%20switch%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FExchange%2Fplan-and-deploy%2Fprepare-ad-and-domains%3Fview%3Dexchserver-2019%23step-2-prepare-active-directory%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPrepare%20Active%20Directory%20and%20domains%20for%20Exchange%20Server%2C%20Active%20Directory%20Exchange%20Server%2C%20Exchange%20Server%20Active%20Directory%2C%20Exchange%202019%20Active%20Directory%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3354899%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3354899%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F739649%22%20target%3D%22_blank%22%3E%40Googol%3C%2FA%3E%26nbsp%3BYeah%20we%20will%20sort%20that%20out.%20But%20a%20note%20there%20indicates%20that%20the%20switch%20was%20not%20needed%20for%20%22existing%20organizations%22%20but%20this%20can%20be%20better.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3355039%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3355039%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I%20have%202%20servers%202013%20CU23%20and%202%20servers%202016%20CU21.%3CBR%20%2F%3EWhat%20would%20be%20the%20best%20way%20here%3F%3C%2FP%3E%3CP%3EFirst%20the%20SU%20installation%20on%202013%20and%20then%20%2FPrepareAllDomains%20or%20first%20the%20installation%20server%202016%20on%20CU22%2F23%20and%20the%20SU%20and%20then%20the%20%2FPrepareAllDomains.%3C%2FP%3E%3CP%3EAll%20servers%20are%20in%20the%20same%20domain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20help.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3355414%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3355414%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20if%20the%20SU%20was%20installed%20to%20CU11%2FCU22%20and%20%2Fpreparealldomains%20done%2C%20then%20later%20updated%20to%20CU12%2FCU23%20and%20SU%20installed%20again%2C%20is%20the%20%2Fpreparealldomains%20required%20to%20be%20run%20again%3F%20Or%20is%20it%20enough%20that%20prep%20was%20done%20already%20earlier%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3355434%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3355434%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1328237%22%20target%3D%22_blank%22%3E%40Tonibert%3C%2FA%3E%26nbsp%3BI%20would%20suggest%20to%20install%20the%20SU%20on%20Exchange%202016%20first%2C%20perform%20PrepareAllDomain%20and%20then%20continue%20with%20other%20servers.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3355452%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3355452%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1332261%22%20target%3D%22_blank%22%3E%40karil222%3C%2FA%3E%26nbsp%3BPrepareAllDomains%20is%20not%20required%20again%20for%20the%20case%20you%20mention%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3355469%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3355469%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F357345%22%20target%3D%22_blank%22%3E%40Bhalchandra_Atre-MSFT%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20prompt%20reply.%3C%2FP%3E%3CP%3EBut%20then%20I%20have%20to%20install%20the%20CU%2022%20or%2023%20first%3CBR%20%2F%3EThen%20the%20SU%20and%20then%20the%20older%20servers%202013%20SUs.%3CBR%20%2F%3ERight%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3355511%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3355511%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EWill%20Exchange%20continue%20to%20work%20normally%20after%20the%20update%20when%20calling%20%22preparealldomains%22%20at%20a%20later%20time.%20Or%20must%20it%20be%20done%20immediately%20after%20the%20update%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3355590%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3355590%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20seems%20that%20HealthChecker.ps1%20script%20doesn't%20work%20properly%20on%20Exchange%202013%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3ESecurity%20Vulnerability%3CBR%20%2F%3E----------------------%3CBR%20%2F%3ESecurity%20Vulnerability%3A%20CVE-2022-21978%3CBR%20%2F%3EUnable%20to%20perform%20vulnerability%20testing%20-%20See%3A%20https%3A%2F%2Faka.ms%2FHC-May22SU%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECompared%20to%20a%20previous%20version%20%22Exchange2013%22%20is%20not%20part%20of%20the%20check%20condition%3A%3C%2FP%3E%3CP%3Eold%3A%3C%2FP%3E%3CPRE%3Eif%20((%24SecurityObject.MajorVersion%20-eq%20%5BHealthChecker.ExchangeMajorVersion%5D%3A%3AExchange2013)%20-or%3CBR%20%2F%3E((%24SecurityObject.MajorVersion%20-eq%20%5BHealthChecker.ExchangeMajorVersion%5D%3A%3AExchange2016)%20-and%3CBR%20%2F%3E(%24SecurityObject.CU%20-lt%20%5BHealthChecker.ExchangeCULevel%5D%3A%3ACU21))%20-or%3CBR%20%2F%3E((%24SecurityObject.MajorVersion%20-eq%20%5BHealthChecker.ExchangeMajorVersion%5D%3A%3AExchange2019)%20-and%3CBR%20%2F%3E(%24SecurityObject.CU%20-lt%20%5BHealthChecker.ExchangeCULevel%5D%3A%3ACU10)))%20%7B%3CBR%20%2F%3EWrite-Verbose%20%22Testing%20CVE%3A%20CVE-2021-34470%22%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ecurrent%3A%3C%2FP%3E%3CPRE%3E%20if%20(((%24SecurityObject.MajorVersion%20-le%20%5BHealthChecker.ExchangeMajorVersion%5D%3A%3AExchange2016)%20-and%3CBR%20%2F%3E(%24SecurityObject.CU%20-le%20%5BHealthChecker.ExchangeCULevel%5D%3A%3ACU23))%20-or%3CBR%20%2F%3E((%24SecurityObject.MajorVersion%20-eq%20%5BHealthChecker.ExchangeMajorVersion%5D%3A%3AExchange2019)%20-and%3CBR%20%2F%3E(%24SecurityObject.CU%20-le%20%5BHealthChecker.ExchangeCULevel%5D%3A%3ACU12)))%20%7B%3CBR%20%2F%3EWrite-Verbose%20%22Testing%20CVE%3A%20CVE-2022-21978%22%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20I%20don't%20know%20whether%20or%20not%20this%20is%20the%20only%20occurence%3A%26nbsp%3Bcould%20someone%20of%20the%20experts%20check%20and%20fix%20the%20checker%20script%2C%20please%3F%3C%2FP%3E%3CP%3ESascha%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3355721%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3355721%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20have%20implemented%20a%20Tier%20Model%20-%20where%20Exchange%20running%20with%20Split-Permissions%20in%20Tier%201.%3C%2FP%3E%3CP%3EThe%20requirement%20to%20running%20%2Fpreparedomain%20is%20the%20membership%20in%20the%20Domain%20Admins%20group.%20-%26gt%3B%20That%20would%20be%20a%20Tier%200%20user.%3C%2FP%3E%3CP%3EBut%20in%20accordance%20with%20the%20Microsoft%20Tier%20Model%20Tier%200%20users%20are%20not%20allowed%20to%20login%20on%20Tier%201%20Servers%20(that%20is%20Exchange%20Servers).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20supported%20way%20to%20provide%20the%20setup%26nbsp%3Bexecutable%20for%20the%20Domain%20Admins%20to%20do%20the%20domain%20prep%20on%20Tier%200%20systems%2C%20e.g.%20domain%20controller%2C%20like%20it%20used%20to%20be%20with%20the%20setup.exe%20provided%20in%20the%20ISO%20for%20every%20CUs%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhy%20do%20you%20changed%20model%20-%20is%20that%20the%20new%20way%20to%20patch%20the%20setup%20executable%20only%20in%20the%20live%20system%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E__TK__%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3355733%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3355733%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20there%20be%20any%20impact%20on%20our%20Exchange%20servers%20if%20we%20don't%20run%20the%26nbsp%3B%2F%3CSPAN%3EPrepareAllDomains%20or%20%2FPrepareDomains%20after%20installing%20the%20Exchange%202016%20May2022%20SU%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3356066%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3356066%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1328237%22%20target%3D%22_blank%22%3E%40Tonibert%3C%2FA%3E%26nbsp%3BThe%20AD%20preparation%20commands%20must%20be%20performed%20from%20highest%20Exchange%20version%20installed%20in%20the%20org%2C%20hence%20you%20must%20perform%20PrepareAllDomain%20from%20Exchange%202016%2C%20and%20later%20just%20install%20the%20SU%20for%20Exchange%202013%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3356088%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3356088%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F904934%22%20target%3D%22_blank%22%3E%40mykel1982%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1386716%22%20target%3D%22_blank%22%3E%40Saska69%3C%2FA%3E%26nbsp%3Bthe%20CVE%20won't%20be%20addressed%20till%20you%20perform%20PrepareAllDomain%20command%2C%20hence%20you%20should%20perform%26nbsp%3BPrepareAllDomain%20after%20installing%20the%20SU.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3356108%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3356108%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1386733%22%20target%3D%22_blank%22%3E%40__TK__%3C%2FA%3E%26nbsp%3B%20%26nbsp%3BYou%20can%20install%20Exchange%20management%20tools%20on%20a%20workstation%2C%20install%20security%20update%20and%20have%20your%20domain%20admins%20use%20the%20workstation%20to%20perform%20the%20PrepareAllDomains%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3356385%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3356385%22%20slang%3D%22en-US%22%3E%3CP%3EI%20installed%20CU22%20with%20no%20errors.%20Then%20I%20restart%20the%20server.%20Everything%20without%20problems.%3CBR%20%2F%3ENow%20I%20want%20to%20install%20the%20SU%20and%20I%20get%20this%20error%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnbehandelte%20Ausnahme%3A%20System.IO.FileLoadException%3A%20Die%20Datei%20oder%20Assembly%20%22Microsoft.Exchange.SecurityPatch.ExeGenerator%2C%20Version%3D15.0.0.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3D31bf3856ad364e35%22%20oder%20eine%20Abh%C3%A4ngigkeit%20davon%20wurde%20nicht%20gefunden.%20Fehler%20bei%20der%20%C3%9Cberpr%C3%BCfung%20des%20starken%20Namens.%20(Ausnahme%20von%20HRESULT%3A%200x8013141A)%20---%26gt%3B%20System.Security.SecurityException%3A%20Fehler%20bei%20der%20%C3%9Cberpr%C3%BCfung%20des%20starken%20Namens.%20(Ausnahme%20von%20HRESULT%3A%200x8013141A)%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3356655%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3356655%22%20slang%3D%22en-US%22%3E%3CP%3EI%20was%20able%20to%20install%20the%20May%20update.%3CBR%20%2F%3EI%20previously%20installed%20the%20March%20update.%3C%2FP%3E%3CP%3EIf%20this%20is%20the%20case%2C%20then%20the%20specified%20path%20is%20not%20correct.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20also%20see%20it%20like%20that%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3357007%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3357007%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1386716%22%20target%3D%22_blank%22%3E%40Saska69%3C%2FA%3E%26nbsp%3BNo%20other%20issues%20apart%20from%20addressing%20the%20CVE%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3356124%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3356124%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F357345%22%20target%3D%22_blank%22%3E%40Bhalchandra_Atre-MSFT%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EThe%20question%20was%20meant%20like%20this%3A%20apart%20from%20the%20CVE%2C%20are%20there%20any%20limitations%20or%20malfunctions%20if%20we%20run%20%2Fpreparealldomains%20a%20few%20hours%2Fdays%20later%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3357245%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3357245%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20all%20your%20assistance%2C%20Nino.%26nbsp%3B%20I'm%20still%20not%20100%25%20clear%20about%20my%20path.%26nbsp%3B%20We%20were%20already%20planning%20the%202016%20CU23%20update.%26nbsp%3B%20We%20are%20currently%20on%20CU22.%26nbsp%3B%20Should%20I%20install%20this%20SU%20before%20the%20CU23%2C%20as%20the%20documentation%20suggests%2C%20or%20after%20CU23%2C%20or%20not%20at%20all%20because%20CU23%20supersedes%20it%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3357278%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3357278%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20trying%20to%20install%20the%20.msp%20version%20of%20the%20patch%20on%20Exchange%202016%20CU23%20I%20am%20getting%20this%20error%2C%20anyone%20else%20seen%20this%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Capture.PNG%22%20style%3D%22width%3A%20358px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F370780i6694B892E5D09BEC%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Capture.PNG%22%20alt%3D%22Capture.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3357413%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3357413%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1386716%22%20target%3D%22_blank%22%3E%40Saska69%3C%2FA%3E%26nbsp%3BNo%20issues%2C%20no.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3357424%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3357424%22%20slang%3D%22en-US%22%3E%3CP%3EInitially%20I%20had%20an%20the%20SU%20installation%20fail%20due%20to%20not%20being%20able%20to%20find%20certain%20files.%20I%20restarted%2C%20mounted%20the%20CU12%20ISO%20this%20time%2C%20and%20got%20a%20successful%20installation%20of%20the%20SU.%20Not%20sure%20whether%20this%20was%20a%20random%20problem%20or%20whether%20access%20to%20the%20CU12%20installation%20files%20is%20actually%20required.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3357449%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3357449%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Exchange-team%2C%20Hello%20Everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20have%20a%20nearly%20empty%20root%20domain%20and%20a%20production%20domain.%3C%2FP%3E%3CP%3EFor%20PrepareSchema%2C%20PrepareActiveDirectory%20andPrepareAllDomains%20we%20normally%20run%20setup%20from%20the%20installation%20binary%20(mounted%20ISO-Image)%20on%20a%20Domain-Controller%20located%20in%20the%20root%20domain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EYou%2C%20Exchange-Team%2C%20had%20written%3A%3CBR%20%2F%3E%22Prompt%20command%20once%20using%20Setup.exe%20in%20your%20Exchange%20Server%20installation%20path%20(e.g.%2C%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3E%E2%80%A6%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5Cv15%5CBin)%3C%2FSTRONG%3E%3CSPAN%3E%3A%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20we%20still%20use%20the%20setup.exe%20from%20the%26nbsp%3Binstallation%20binary%20(mounted%20ISO-Image)%20like%20we%20always%20did%20before%2C%20or%20is%20it%20important%20to%20use%20the%20setup.exe%20that%20was%20placed%20in%20the%26nbsp%3B%3CSPAN%3EExchange%20Server%20installation%20path%20(e.g.%2C%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3E%E2%80%A6%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5Cv15%5CBin)%3C%2FSTRONG%3E%3CSPAN%3E%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20is%20appreciated.%3C%2FP%3E%3CP%3EGreetings%2C%20Roland%20(Germany)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3357454%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3357454%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1328237%22%20target%3D%22_blank%22%3E%40Tonibert%3C%2FA%3E%26nbsp%3BWe%20are%20looking%20into%20this%2C%20thank%20you.%20Please%20follow%20the%20FAQ%20to%20download%20the%20.msp%20version%20of%20the%20update%20and%20install%20that%20(make%20sure%20to%20run%20the%20.msp%20from%20the%20elevated%20command%20line!)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3357476%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3357476%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F963011%22%20target%3D%22_blank%22%3E%40lewismartin%3C%2FA%3E%26nbsp%3BPlease%20see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fclient-connectivity%2Fexchange-security-update-issues%23upgrade-patch-cant-be-installed%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3357697%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3357697%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F952025%22%20target%3D%22_blank%22%3E%40Rocky567%3C%2FA%3E%26nbsp%3BYou%20need%20to%20run%20it%20using%20the%20files%20from%20the%20Exchange%20installation%20directory.%20Those%20files%20get%20updated%20after%20SU%20is%20installed.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3357736%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3357736%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F172687%22%20target%3D%22_blank%22%3E%40Rob%20Hupf%3C%2FA%3E%26nbsp%3BThis%20is%20up%20to%20you.%20We%20suggest%20that%20SU%20gets%20installed%20as%20soon%20as%20possible.%20If%20you%20install%20the%20SU%20now%20(when%20you%20have%20CU22)%2C%20you%20will%20need%20to%20reinstall%20it%20once%20you%20install%20CU23%20also.%20But%20note%2C%20if%20you%20run%20the%20%2FPrepare%20switches%20manually%20after%20you%20install%20it%20on%20CU22%2C%20you%20do%20not%20need%20to%20do%20that%20again%20once%20you%20install%20the%20SU%20on%20top%20of%20CU23.%20%2FPrepare%20needs%20to%20be%20ran%20only%20once%20from%20a%20server%20that%20was%20updated%20to%20wither%20the%20SU%20for%20CU22%20or%20CU23.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3357737%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3357737%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20MS%2C%3C%2FP%3E%3CP%3Ewe%20are%20on%20Exchange%202013%20CU%2023%20plus%20one%20server%20Exchange%202019%20CU12%20(just%20started%20rolling%20out%20new%20version)%2C%20all%20on%20same%20domain.%3C%2FP%3E%3CP%3EDo%20I%20patch%20the%20only%202019%20server%20and%20prepare%20all%20domains%20and%20then%20continue%20provisioning%20the%20rest%202019%20CU12%20%2B%20patch%3F%3C%2FP%3E%3CP%3EIt%20will%20not%20break%20anything%20on%202013%2C%20which%20can%20be%20patched%20at%20a%20later%20time%2C%20correct%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3357806%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3357806%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1063934%22%20target%3D%22_blank%22%3E%40dmdovnar%3C%2FA%3E%26nbsp%3BAbsolutely%20nothing%20will%20break%20if%20you%20run%20%2FPrepare%20and%20then%20keep%20updating%20other%20servers%20as%20you%20need%20to.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3357965%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3357965%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3BThank%20you%2C%20appreciate%20the%20prompt%20response!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3358700%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3358700%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe're%20currently%20running%20Exchange%202016%2C%20CU22%20with%20the%20last%20SU%20(March%202022).%26nbsp%3B%20We're%20a%20hybrid%20shop.%26nbsp%3B%20After%20reading%20the%20posts%2C%20it%20appears%20that%20the%20best%20sequence%20to%20install%20would%20be%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInstall%20SU%20(May%202022-CU22)%3C%2FP%3E%3CP%3EPrepareAD%20and%20PrepareAllDomains%3C%2FP%3E%3CP%3EInstall%20CU23%3C%2FP%3E%3CP%3EInstall%20SU%20(May%202022-CU23%20again)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe're%20in%20a%20fairly%20high%20security%20AD%20structure%20and%20it%20requires%20another%20team%20to%20make%20any%20changes%20including%20PrepareAD%20and%20PrepareAllDomains.%26nbsp%3B%20I%20would%20like%20to%20limit%20the%20number%20of%20times%20that%20we%20need%20to%20involve%20the%20AD%20team%20as%20it's%20difficult%20to%20get%20everyone%20on%20the%20same%20schedule.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20You%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3358787%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3358787%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F205134%22%20target%3D%22_blank%22%3E%40Taylor%20Bauman%3C%2FA%3E%26nbsp%3BThat'll%20work.%20Also%20note%20that%20if%20you%20did%20not%20run%20%2FPrepareAllDomains%20ever%20(some%20of%20our%20larger%20customers%20are%20in%20this%20scenario)%20-%20it%20is%20OK%20to%20run%20%2FPrepareDomain%20explicitly%20only%20for%20domains%20that%20have%20been%20prepared%20for%20Exchange.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3360022%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3360022%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20we%20apply%20the%20AD%20Schema%20update%20a%20few%20days%20or%20weeks%20after%20we%20apply%20the%20May%202022%20Security%20Update%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20running%20Exchange%202013%20CU%2023%20and%20have%20prepared%20the%20domain%20to%20support%20Exchange%202016%20(CU%2022)%20but%20we%20have%20not%20installed%20any%20Exchange%202016%20servers%20yet.%20Should%20I%20use%20Exchange%202013%20or%20Exchange%202016%20to%20update%20the%20schema%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3360071%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3360071%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1387405%22%20target%3D%22_blank%22%3E%40Ken_Harrell1145%3C%2FA%3E%26nbsp%3BTo%20be%20clear%20-%20we%20are%20not%20asking%20you%20to%20do%20an%20AD%20schema%20update%20as%20a%20part%20of%20this%20release.%20If%20you%20are%20asking%20if%20%2FPrepareAllDomains%20(or%20%2FPrepareDomain%20as%20applicable)%20can%20be%20run%20some%20time%20after%20SU%20is%20installed%20then%20yes.%20The%20only%20consequence%20of%20the%20delay%20is%20that%20the%20CVE%20is%20not%20addressed%20until%20%2FPrepare%20is%20run.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3360119%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3360119%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20values%20are%20updated%20when%20after%20running%20the%20%2FPrepareAllDomains%20switch%20post%20the%20SU%20update%20for%20Exchange%202016%20CU23%3F%20Would%20like%20to%20do%20a%20pre%2Fpost%20check%20to%20see%20what%20is%20being%20updated%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3360508%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3360508%22%20slang%3D%22en-US%22%3E%3CP%3EWill%20there%20be%20an%20article%20publish%2C%20what%20are%20the%20changes%20done%20after%20running%20the%20%2FPreparealldomains%20or%20%2FPreparedomains%20switch%3F%20(e.g.%20Objectversion%20change)%3F%20How%20do%20we%20verify%20this%20apart%20from%20seeing%20it%20is%20as%20100%25%20completed%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3360644%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3360644%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Nino%20(%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B)%2C%3C%2FP%3E%3CP%3Ethank%20you%20for%20your%20fast%20response.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F952025%22%20target%3D%22_blank%22%3E%40Rocky567%3C%2FA%3E%3CSPAN%3E%26nbsp%3BYou%20need%20to%20run%20it%20using%20the%20files%20from%20the%20Exchange%20installation%20directory.%20Those%20files%20get%20updated%20after%20SU%20is%20installed.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EOne%20more%26nbsp%3B%3C%2FSPAN%3Equestion%3A%3C%2FP%3E%3CP%3EThe%20Exchange%20Servers%20are%20belonging%20to%20%2F%20are%20member%20of%20our%20production%20domain%2C%20which%20is%20a%20child%20domain%20of%20our%20root%20domain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20the%20Exchange%20installation%20directory%20with%20the%20updated%20setup.exe%20is%20located%20in%20the%20production%20domain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20far%20as%20i%20know%20und%20as%20we%20always%20did%20so%20far%2C%20we%20have%20to%20run%20Prepare...%20inside%20the%20root%20domain.%3C%2FP%3E%3CP%3EBut%20how%20can%20we%20do%20that%20if%20the%20updated%20setup.exe%20is%20in%20the%20production%20domain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20copy%20the%20Exchange%20installation%20directory%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20%26amp%3B%20Greetings%20Roland%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3361246%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3361246%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1387424%22%20target%3D%22_blank%22%3E%40Nicole715%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F904934%22%20target%3D%22_blank%22%3E%40mykel1982%3C%2FA%3E%26nbsp%3BSorry%20I%20do%20not%20have%20anything%20to%20share%20about%20that.%20I%20get%20it%20but%20the%20CVE%20contains%20all%20of%20the%20information%20that%20we%20have%20published%20on%20this%20subject.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3361256%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3361256%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F952025%22%20target%3D%22_blank%22%3E%40Rocky567%3C%2FA%3E%26nbsp%3BWell%2C%20I%20am%20not%20sure%20how%20this%20is%20done%20in%20your%20particular%20environment.%20Note%20that%20if%20some%20of%20the%20domains%20were%20never%20prepared%20(so%20%2FPrepareAllDomains%20was%20never%20run)%20it%20is%20okay%20to%20just%20run%20%2FPrepareDomain%20in%20specific%20domains%20that%20were%20prepared%20only.%20There%20is%20a%20FAQ%20about%20that%20in%20the%20post%20body.%3C%2FP%3E%0A%3CP%3EIf%20there%20is%20a%20need%20to%20run%20%2FPrepareDomain%20in%20the%20domain%20that%20does%20not%20currently%20have%20Exchange%20running%20(but%20it%20has%20been%20prepared%20before)%20you%20can%20simply%20install%20Management%20Tools%20on%20a%20machine%20in%20that%20domain%20and%20then%20run%20this%20setup%20switch%20from%20there.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3361581%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3361581%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20post%20is%20a%20bit%20confusing%20as%20to%20when%20the%20%2FPrepareAllDomains%20should%20be%20run.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20diagram%20says%20after%2C%20and%20the%20FAQ%20lists%20it%20twice.%26nbsp%3B%20The%20FAQ%20says%20before%20on%20one%20line%2C%20and%20after%20on%20another.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E%3CEM%3EInstructions%20seem%20to%20indicate%20that%20we%20should%20%2FPrepareAllDomains%3C%2FEM%3E%3CFONT%20color%3D%22%23DF0000%22%3E%3CEM%3E%20after%3C%2FEM%3E%3C%2FFONT%3E%3CEM%3E%20May%202022%20SU%20is%20installed%3B%20is%20that%20correct%3F%3C%2FEM%3E%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CSPAN%3EYes.%20The%20May%202022%20SU%20package%20updates%20files%20in%20Exchange%20server%20folders%20when%20it%20is%20installed.%20That%20is%20why%20once%20those%20files%20are%20updated%20(SU%20is%20installed)%20%E2%80%93%20we%20ask%20you%20to%20go%20and%20explicitly%20%2FPrepareAllDomains%20using%20setup%20from%20%5Cv15%5CBin%20folder%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CEM%3E%3CSTRONG%3ECan%20we%20run%20%2FPrepareAllDomains%20%3CFONT%20color%3D%22%23DF0000%22%3Ebefore%3C%2FFONT%3E%20all%20Exchange%20servers%20are%20updated%20with%20May%202022%20CU%3F%3C%2FSTRONG%3E%3C%2FEM%3E%3CBR%20%2F%3EYes.%20There%20is%20no%20dependency%26nbsp%3Bbetween%20running%20of%20%2FPrepareAllDomains%20and%20installation%20of%20updates%20on%20all%20servers.%20%2FPrepareAllDomains%20should%20be%20run%20when%20you%20are%20ready%20to%20address%20that%20particular%20CVE.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ECan%20you%20confirm%20that%20point%20or%20at%20least%20remove%20the%20conflicting%20info%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3361635%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3361635%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1387637%22%20target%3D%22_blank%22%3E%40PinoBeeno%3C%2FA%3E%26nbsp%3BThere%20is%20no%20conflict%20really%2C%20but%20I'll%20edit%20as%20I%20see%20what%20you%20mean%20as%20it%20could%20be%20read%20that%20way.%20%2FPrepare%20has%20to%20be%20run%20when%20at%20least%20one%20machine%20is%20updated%20to%20May%202022%20SU.%20It%20does%20not%20need%20to%20be%20run%20after%20all%20of%20the%20servers%20are%20updated.%20It%20matters%20not%20if%20there%20are%20100%20more%20servers%20that%20still%20need%20to%20take%20May%202022%20SU%2C%20that%20is%20okay.%20After%20one%2C%20you%20can%20run%20%2FPrepare.%20EDIT%3A%20now%20done%3B%20better%2C%20I%20hope%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3361844%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3361844%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B%20-%20Awesome!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3362069%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3362069%22%20slang%3D%22en-US%22%3E%3CP%3ENice%20work.%26nbsp%3B%20Thank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3362145%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3362145%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EWhat%20values%20are%20updated%20after%20running%20the%20%2FPrepareAllDomains%20switch%20for%20Exchange%202016%20CU22%3F%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20can%20i%20check%20if%20it%20was%20successful%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3364734%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3364734%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1328237%22%20target%3D%22_blank%22%3E%40Tonibert%3C%2FA%3E%26nbsp%3BSorry%2C%20we%20do%20not%20have%20documentation%20on%20this%3B%20%3CA%20href%3D%22https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2022-21978%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ECVE%3C%2FA%3E%20is%20all%20that%20we%20have.%20We%20are%20working%20on%20updating%20the%20Health%20Checker%20script%20to%20reliably%20check%20if%20this%20was%20completed%20(it%20might%20work%20now%2C%20but%20there%20are%20some%20scenarios%20that%20it%20still%20struggles%20with%20at%20the%20moment)%20-%20so%20my%20suggestion%20is%20to%20not%20worry%20about%20it%20if%20%2FPrepare%20setup%20completed%20successfully.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3364911%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3364911%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20running%201%20Exchange%202019%20CU10%20MAR%2022%20SU%20on%20prem%20server.%20After%20reading%20the%20article%20my%20path%20to%20upgrade%20should%20be%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Upgrade%20to%20CU12%3C%2FP%3E%3CP%3E-%20Reboot%3C%2FP%3E%3CP%3E-%20Install%20May%202022%20SU%3C%2FP%3E%3CP%3E-%20Run%20%2FPrepareAllDomains%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Reboot%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eis%20this%20correct%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20would%20you%20recommend%20upgrading%20to%20CU11%20or%20CU12%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20advise%3C%2FP%3E%3CP%3EThank%20you!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3364958%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3364958%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3BIt%20says%20that%20this%20SU%20also%20includes%20fixes%20for%20New%7CSet-Databaseavailabilitygroup%20failing%20with%20error%200xe0434352.%20However%2C%20even%20after%20installing%20the%20SU%20we're%20continuing%20to%20get%20the%20same%20error.%20All%20nodes%20in%20the%20DAG%20have%20been%20patched.%20The%20setup%20%2FPreparealldomains%20has%20also%20been%20run.%20All%20nodes%20have%20been%20rebooted.%20Also%20tried%20destroying%20the%20existing%20DAG%20and%20creating%20a%20new%20one%20and%20that%20doesn't%20help%20either.%20Ex2019%20CU12%20and%20installed%20the%20SU%20using%20the%20new%20.EXE%20packaging.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3364992%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3364992%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1333823%22%20target%3D%22_blank%22%3E%40ceantuco%3C%2FA%3E%26nbsp%3BThe%20last%20reboot%20can%20be%20after%20%2FPrepare%20or%20before%20it%20(that%20does%20not%20matter)%20but%20otherwise%20that%20looks%20good.%20My%20suggestion%20would%20be%20to%20go%20to%20CU12%20as%20that%20is%20the%20latest%20CU%20and%20will%20give%20you%201%20year%20of%20support%20now%20that%20we%20release%20CUs%20twice%20a%20year.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3365017%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3365017%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F215841%22%20target%3D%22_blank%22%3E%40BTW97%3C%2FA%3E%26nbsp%3BSorry%20to%20hear%20that%3B%20this%20is%20%3CEM%3Enot%3C%2FEM%3E%20expected.%20I%20just%20asked%20someone%20to%20try%20in%20a%20local%20lab%20and%20it%20worked%20as%20expected%20with%20E2019%20CU12%20%2B%20May%20SU.%20Please%20open%20a%20ticket%20if%20you%20are%20certain%20that%20it%20is%20all%20updated%20(Health%20Checker%20will%20tell%20you).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3365096%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3365096%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3Ethank%20you%20so%20much!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3365304%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3365304%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3BConfirmed%20using%20the%20HealthChecker.ps1%20script%20that%20the%20SU%20is%20indeed%20installed%20so%20I'll%20get%20a%20ticket%20opened%20as%20you%20suggested.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3365761%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3365761%22%20slang%3D%22en-US%22%3E%3CP%3ELooks%20like%20the%20Health%20Checker%20was%20updated%20and%20now%20it%20is%20showing%20servers%20with%20no%20vulnerabilities%20after%20the%20patch%20was%20applied%20but%20prior%20to%20the%20AD%20update.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Ken_Harrell1145_0-1652369626579.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F371214i218E608D1A3B0657%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Ken_Harrell1145_0-1652369626579.png%22%20alt%3D%22Ken_Harrell1145_0-1652369626579.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPrior%20to%20the%20updated%20Health%20Checker%20it%20did%20state%20the%20AD%20Schema%20needed%20to%20be%20updated.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Ken_Harrell1145_1-1652369791035.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F371216i8588FF24657D0EBD%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Ken_Harrell1145_1-1652369791035.png%22%20alt%3D%22Ken_Harrell1145_1-1652369791035.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Ken_Harrell1145_2-1652369924777.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F371218i1F30556E6BE9D547%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Ken_Harrell1145_2-1652369924777.png%22%20alt%3D%22Ken_Harrell1145_2-1652369924777.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3366492%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3366492%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EWe%20are%20running%20Exchange%202013%20CU%2023%20and%20have%20prepared%20the%20domain%20to%20support%20Exchange%202016%20(CU%2022)%20but%20we%20have%20not%20installed%20any%20Exchange%202016%20servers%20yet.%20Should%20I%20use%20Exchange%202013%20or%20Exchange%202016%20to%20update%20the%20schema%3F%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3366671%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3366671%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1387405%22%20target%3D%22_blank%22%3E%40Ken_Harrell1145%3C%2FA%3E%26nbsp%3BIndeed%2C%20Health%20Checker%20has%20been%20updated%20for%20this%20and%20I%20updated%20the%20post%20FAQ%3C%2FP%3E%0A%3CP%3EOn%20your%20second%20question%3A%20to%20be%20clear%2C%20we%20do%20not%20ask%20you%20to%20update%20the%20schema%20as%20a%20part%20of%20this%20SU%20release.%20But%20generally%20speaking%2C%20if%20you%20are%20preparing%20the%20organization%20for%20Exchange%202016%2C%20then%20yes%2C%20use%20E2016%20CU22%20to%20extend%20the%20schema%20and%20prepare%20the%20domain%20%2F%20domains%20(this%20is%20for%20the%20SU).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3367225%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3367225%22%20slang%3D%22en-US%22%3E%3CP%3ENino%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20see.%20No%20Schema%20update%2C%20fair%20enough%20but%20there%20is%20a%20need%20for%20%2FPrepareAllDomains.%20We%20have%20not%20installed%20any%20Exchange%202016%20servers%20yet%20but%20we%20did%20extend%20the%20schema%20to%20support%20Exchange%202016.%20You%20are%20saying%20I%20need%20run%26nbsp%3B%3CSTRONG%3E%E2%80%9CSetup.exe%20%2FIAcceptExchangeServerLicenseTerms_DiagnosticDataOFF%20%2FPrepareAllDomains%E2%80%9D%3C%2FSTRONG%3E%26nbsp%3Bfrom%20the%20extracted%20%22ExchangeServer2016-x64-CU22.ISO%22%20ISO%20image%20file%20after%20I%20run%20the%20SU%20on%20at%20least%201%20Exchange%202013%20server%3F%20We%20used%20CU%2022%20to%20update%20the%20schema%20to%20support%20Exchange%202016.%26nbsp%3B%20Correct%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3367574%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3367574%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1387405%22%20target%3D%22_blank%22%3E%40Ken_Harrell1145%3C%2FA%3E%26nbsp%3BI%20apologize%3B%20I%20%3CEM%3ESAID%3C%2FEM%3E%20that%20we%20are%20not%20talking%20about%20schema%20prep%20but%20then%20I%20replied%20as%20if%20we%20were%20talking%20about%20schema%20prep.%20(Where%20is%20that%20%22Epic%20facepalm%22%20gif%3F)%3CBR%20%2F%3EOK%20so%20yes%2C%20now%20that%20my%20mind%20is%20in%20the%20right%20place%20-%20you%20are%20correct.%20You%20can%20update%20%3CEM%3Eschema%3C%2FEM%3E%20using%20Exchange%202016%20latest%20CU.%20For%20the%20%2FPrepareAllDomains%20and%20the%20CVE%20we%20are%20talking%20about%20here%2C%20install%20the%20SU%20on%20one%20of%20your%20Exchange%202013%20CU23%20servers%20and%20then%20run%20it%20from%20there%20(from%20the%20Bin%20folder%20as%20specified.)%20Because%20yes%2C%20you%20should%20have%20that%20SU%20installed%20to%20update%20the%20Setup%20files%20on%20that%20machine%20to%20have%20the%20%2FPrepareAllDomains%20address%20the%20CVE.%3CBR%20%2F%3ESorry%20about%20being%20extra%20confusing%20here!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3367896%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3367896%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20have%20exchange%202013%20server%20and%20another%20windows%20server%20that%20installed%20with%20Exch%202019%20shell%20only%20with%20NO%20mailbox%20or%20CAS%20role.%20After%20I%20install%20SU%2C%20the%20%2Fprep%20should%20run%20from%20Exch%202013%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3368205%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3368205%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20it%20just%20me%20or%20the%20latest%20Healthchecker%20script%20isn't%20running.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3368217%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3368217%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1388947%22%20target%3D%22_blank%22%3E%40Meltan555%3C%2FA%3E%26nbsp%3BYes%20that'll%20do!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3368638%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3368638%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3Band%20the%20whole%20team%3A%3CBR%20%2F%3EThank%20you%20for%20the%20great%20support%20through%20this%20opportunity%20here.%3CBR%20%2F%3EAlso%20the%20combination%20with%20the%20Health%20Checker%20script%20and%20the%20work%20behind%20it%20is%20great.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3368772%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3368772%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3BThanks%20!!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3368841%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3368841%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20use%20of%20this%20security%20update%20for%20exchange%202016%20edge%20servers%20in%20workgroup%3F%26nbsp%3B%20any%20sense%20to%20run%20%3CSTRONG%3E%3CEM%3E%2FPrepareAllDomains%3C%2FEM%3E%3C%2FSTRONG%3E%20when%20servers%20run%20in%20workgroup.%20And%20without%20this%20option%20vulnerability%20will%20not%20be%20affected.%3C%2FP%3E%3CP%3EMaybe%20there%20are%20some%20other%20fixes%20included%20in%20SU%20or%20vulnerability%20workarounds%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3368939%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3368939%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Exchange%20Team%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20applied%20last%20Month%20the%26nbsp%3BMarch%202022%20security%20update%20and%20we%20faced%20the%20following%20issue%20KB5013118.%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fexchange-service-host-service-fails-after-installing-march-2022-security-update-kb5013118-1cf2ecaf-2e87-4c42-b541-6adc47e01a5d%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fexchange-service-host-service-fails-after-installing-march-2022-security-update-kb5013118-1cf2ecaf-2e87-4c42-b541-6adc47e01a5d%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20previous%20version%20of%20this%26nbsp%3BKB5013118%20article%2C%20it%20was%20strongly%20recommended%20to%20revert%20back%20the%20change%2Fworkaround%20as%20soon%20as%20Microsoft%20delivers%20the%20fix.%3C%2FP%3E%3CP%3EThis%20issue%20is%20fixed%20with%26nbsp%3BMay%202022%20Exchange%20Server%20Security%20Updates%20so%20do%20we%20just%20have%20to%20delete%20or%20set%26nbsp%3BDisableAsyncNotification%20registry%20value%20to%200%20after%20we%20installed%20the%26nbsp%3BMay%202022%20Exchange%20Server%20Security%20Updates%20%3F%3C%2FP%3E%3CP%3EThanks%20for%20your%20feedback.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3369688%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3369688%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20SU%20May%202022%20installed%20on%20all%20exchange%20server%20(2016%20CU22%20%2B%202019%20CU11%20)%20%2B%20edge%20server%2C%20we%20executed%20the%26nbsp%3B%3C%2FP%3E%3CP%3Esetup.exe%20%2F%3CSTRONG%3EIAcceptExchangeServerLicenseTerms_DiagnosticDataON%20%2FPrepareAllDomains%20%3C%2FSTRONG%3Efrom%20the%20exchange%202019%20server.%3C%2FP%3E%3CP%3EVersion%20number%20checked%26nbsp%3B%3C%2FP%3E%3CP%3E%5BPS%5D%20C%3A%5CSoftware%26gt%3B.%5CGet-ADVersions.ps1%3CBR%20%2F%3ERangeUpper%3A%2017003%3CBR%20%2F%3EObjectVersion%20(Default)%3A%2013243%3CBR%20%2F%3EObjectVersion%20(Configuration)%3A%2016759%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%26nbsp%3BObjectVersion%20(Default)%20has%20been%20increased%20from%2013242%20to%2013243%20.%20IS%20it%20correct%20and%20a%20way%20to%20verify%20that%20the%20path%20is%20installed%20on%20top%20of%20the%20healthchecker.ps1%26nbsp%3B%20(%20version%2022.05.12.1618%20available%20at%20the%20moment%20)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3369690%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3369690%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3Bthere%20is%20an%20issue%20with%20Hybrid%20orgs%20and%20running%20the%20%2FPrepareAllDomains%20or%20%2FPrepareDomain%20requirement%20after%20installing%20the%20May%202022%20SU.%20We%20run%20a%20Hybrid%20org%2C%20Exchange%202016%20at%20CU23%20and%20updated%20with%20the%20May%202022%20SU.%20When%20running%20the%20required%26nbsp%3BSetup.exe%20%2FIAcceptExchangeServerLicenseTerms_DiagnosticDataON%20%2FPrepareAllDomains%20from%20C%3A%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5CV15%5CBin%2C%20the%20Prerequisite%20Analysis%20fails%20with%20the%20error%20%22A%20hybrid%20deployment%20with%20Office%20365%20has%20been%20detected.%20Please%20ensure%20that%20you%20are%20running%20setup%20with%20the%3CBR%20%2F%3E%2FTenantOrganizationConfig%20switch%22.%20It%20also%20fails%20with%20the%20same%20error%20if%20the%20%2FPrepareDomain%20switch%20is%20used.%20However%2C%20the%20%2FTenantOrganizationConfig%20switch%20is%20not%20compatible%20with%20%2FPrepareDomain%20or%20%2FPrepareAllDomains%20and%20is%20only%20compatible%20with%20%2FPrepareAD.%20If%20we%20attempt%20to%20use%26nbsp%3B%2FTenantOrganizationConfig%20in%20combination%20with%20%2FPrepareDomain%20or%20%2FPrepareAllDomains%20it%20generates%20the%20error%20%22The%20parameter%20'tenantorganizationconfig'%20is%20not%20valid%20for%20current%20operation%20'PrepareDomain'.%20Setup%20checks%20failed%3A%20Invalid%20command%20line%20arguments.%22%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20the%20prerequisite%20analysis%20fails%20on%20all%20attempts%2C%20we%20cannot%20complete%20this%20requirement%20as%20documented%20and%20thus%20cannot%20patch%20the%20CVE%20as%20required.%20How%20do%20we%20solve%20this%20issue%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3370292%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3370292%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1389196%22%20target%3D%22_blank%22%3E%40Kastis%3C%2FA%3E%26nbsp%3BThe%20SU%20can%20be%20installed%20on%20Edge%20but%20yes%2C%20there%20is%20no%20point%20of%20running%20%2FPrepare%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F556065%22%20target%3D%22_blank%22%3E%40MartinCS%3C%2FA%3E%26nbsp%3BCorrect%3B%20the%20workaround%20(registry%20entry)%20is%20not%20needed%20anymore%20after%20May%202022%20SU%20is%20installed%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3370397%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3370397%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13206%22%20target%3D%22_blank%22%3E%40Tim%20Read%3C%2FA%3E%26nbsp%3BHmmm%20you%20are%20running%20into%20a%20very%20specific%20issue%20(this%20is%20not%20a%20problem%20for%20most%20of%20our%20customers).%20This%20is%20what%20I%20would%20suggest%20to%20try%3A%3CBR%20%2F%3EFirst%20connect%20to%20the%20Exchange%20Online%20tenant%20with%20PowerShell%20and%20pull%20your%20organization%20config%20from%20it%3A%3C%2FP%3E%0A%3CP%3EGet-OrganizationConfig%20%7C%20Export-Clixml%20-Path%20TenantConfig.xml%3C%2FP%3E%0A%3CP%3EThen%20run%20the%20setup%20with%3A%3C%2FP%3E%0A%3CP%3Esetup.exe%20%2FPrepareAD%20%2FTenantOrganizationConfig%20TenantConfig.xml%20%2FIAcceptExchangeServerLicenseTerms_DiagnosticDataON%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3371093%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3371093%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EAfter%20the%20update%20is%20installed%2C%20the%20exchange%20services%20are%20disabled.%3C%2FP%3E%3CP%3EAfter%20restarting%20the%20services%20manually%20and%20rebooting%20the%20server%20they%20eat%20blocked%20since%201h30%20on%20%22Getting%20Windows%20Ready%22.%3C%2FP%3E%3CP%3EWhat%20to%20do%20now%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3371268%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3371268%22%20slang%3D%22en-US%22%3E%3CP%3EExchange%202013%20CU%2023%20with%20the%20May%202022%20SU%20installed%20has%20the%20same%20issue%20as%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F215841%22%20target%3D%22_blank%22%3E%40BTW97%3C%2FA%3E%26nbsp%3B-%20New%7CSet-DatabaseAvailabilityGroupNetwork%20still%20fails%20with%26nbsp%3B%3CSPAN%3E0xe0434352.%26nbsp%3B%20We're%20opening%20a%20ticket%2C%20but%20this%20is%20unfortunate%20since%20it's%20blocking%20us%20from%20migrating%20our%20DAG%20to%20a%20new%20datacenter%20(and%20yeah%2C%20don't%20get%20me%20started%20on%20why%20we're%20still%20on%202013).%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3371405%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3371405%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3BThanks%2C%20running%20setup.exe%20%2FPrepareAD%26nbsp%3B%2FTenantOrganizationConfig%20MyTenantOrganizationConfig.XML%26nbsp%3B%2FIAcceptExchangeServerLicenseTerms_DiagnosticDataON%26nbsp%3B%20completed%20successfully%20with%20the%20current%20org%20config%20XML%20file.%20As%20others%20have%20mentioned%2C%20is%20there%20a%20way%20we%20can%20now%20verify%20that%20AD%20has%20been%20patched%20against%26nbsp%3BCVE-2022-21978%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3371415%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3371415%22%20slang%3D%22en-US%22%3E%3CP%3EHi.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20the%20issue%20presented%20by%20this%20article%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fmicrosoft%2Fmicrosoft-may-windows-updates-cause-ad-authentication-failures%2F%3F%26amp%3Bweb_view%3Dtrue%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fmicrosoft%2Fmicrosoft-may-windows-updates-cause-ad-authentication-failures%2F%3F%26amp%3Bweb_view%3Dtrue%3C%2FA%3E%26nbsp%3B%20impact%20the%20patching%20of%20Exchange%20servers%20if%20the%20domain%20controllers%20are%20delayed%20in%20patching%20until%20the%20above%20is%20sorted%20out%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3371445%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3371445%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1389600%22%20target%3D%22_blank%22%3E%40Frederic20%3C%2FA%3E%26nbsp%3BHow%20did%20you%20install%20the%20Exchange%20updates%3F%20Using%20the%20.exe%20installer%3F%20The%20%22Getting%20Windows%20Ready%22%20might%20mean%20that%20Windows%20updates%20were%20installed%20and%20are%20now%20being%20configured%3F%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F365773%22%20target%3D%22_blank%22%3E%40ajbravo%3C%2FA%3E%26nbsp%3BThank%20you%2C%20yes%2C%20please%20do%20that%20so%20we%20can%20figure%20what%20is%20going%20on.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13206%22%20target%3D%22_blank%22%3E%40Tim%20Read%3C%2FA%3E%26nbsp%3BExchange%20Health%20Checker%20was%20updated%20yesterday%2C%20it%20should%20be%20able%20to%20do%20this%20check%20for%20you%20now.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3371414%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3371414%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Microsoft%2C%20we%20are%20on%20Exchange%202016%20CU22%20single%20server%2C%20with%20the%20March%20Security%20update%20installed.%20Can%20we%20just%20let%20Microsoft%20update%20run%2C%20out%20of%20hours%2C%20to%20install%20the%20May%20security%20update%20with%20the%20rest%20of%20our%20server2016%20security%20updates%3F....%20Will%20it%20automatically%20run%26nbsp%3B%3CSTRONG%3E%E2%80%9C%3C%2FSTRONG%3ESetup.exe%20%2FIAcceptExchangeServerLicenseTerms_DiagnosticDataON%20%2FPrepareAllDomains%E2%80%9D%26nbsp%3B%20as%20part%20of%20Windows%20update%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWelshboyo%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3371913%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3371913%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20current%20on%20Exchange%202016%20and%202019%20with%20CU23%20and%20CU12%20respectively.%26nbsp%3B%20Installed%20the%20May%20updates%2C%20ran%26nbsp%3B%3CSTRONG%3E%E2%80%9CSetup.exe%20%2FIAcceptExchangeServerLicenseTerms_DiagnosticDataOFF%20%2FPrepareAllDomains%E2%80%9D%3C%2FSTRONG%3E%20and%20after%20the%20Healthchecker%20updated%20we%20get%20this%20on%20all%20of%20our%20development%20and%20qa%20lab%20servers%3C%2FP%3E%3CP%3ESecurity%20Vulnerability%3CBR%20%2F%3E----------------------%3CBR%20%2F%3ESecurity%20Vulnerability%3A%20CVE-2022-21978%26nbsp%3BUnable%20to%20perform%20vulnerability%20testing%20-%20See%3A%26nbsp%3B%3CA%20title%3D%22https%3A%2F%2Faka.ms%2Fhc-may22su%22%20href%3D%22https%3A%2F%2Faka.ms%2FHC-May22SU%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%22%3Ehttps%3A%2F%2Faka.ms%2FHC-May22SU%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3372014%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3372014%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1268210%22%20target%3D%22_blank%22%3E%40Dennisdsmolinski%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20you%20updated%20your%20domain%20controllers%20yet%3F%20I%20was%20not%20aware%20of%20the%20certificate%20issue%20after%20install%20may%202022%20update.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20debating%20between%20holding%20off%20upgrading%20the%20DCs%20or%20not.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3372067%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3372067%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B%3CSPAN%3EI%20have%20now%20run%20HealthChecker.ps1%20-Verbose%20and%20can%20see%20from%20the%20debug%20output%20that%20it%20is%20indeed%20checking%20for%26nbsp%3BCVE-2022-21978%20and%20AD%20ACE%20entries.%20Also%20I%20can%20see%20from%20ExchangeSetup.log%20that%20some%20AD%20ACEs%20were%20updated.%20Looks%20like%20we're%20good%2C%20thanks%20again.%20For%20what%20it's%20worth%2C%26nbsp%3BI%20ran%20HealthChecker%20versions%26nbsp%3B22.05.12.1618%20earlier%20today%20before%20successfully%20running%20setup.exe%20%2FPrepareAD%2C%20and%26nbsp%3B22.05.13.1414%20after%20successfully%20running%20%2FPrepareAD%20and%20the%20HealthChecker%20output%20is%20identical%20from%20both%20-%20they%20both%20indicate%20that%26nbsp%3BKB5014261%20is%20installed%2C%20but%20neither%20version%20flagged%20a%20security%20vulnerability%20for%26nbsp%3BCVE-2022-21978.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3372213%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3372213%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1333823%22%20target%3D%22_blank%22%3E%40ceantuco%3C%2FA%3E%26nbsp%3B%20yes%20we%20updated%20the%20domain%20controllers.%26nbsp%3B%20we%20are%20not%20seeing%20any%20authentication%20problems%20just%20what%20the%20healthchecker%20is%20reporting.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3372501%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3372501%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAt%20one%20time%20Microsoft%20published%20some%20caveats%20re%20skipping%20Exchange%20versions%2C%20specifically%20introducing%20a%20server%20of%20the%20skipped%20version%20at%20a%20later%20date.%3C%2FP%3E%3CP%3EI'm%20unable%20to%20find%20that%20guidance%20anywhere%20now%2C%20so%20my%20question%20to%20Microsoft%20is%20...%3C%2FP%3E%3CP%3EIf%20you%20migrate%20directly%20from%20Exchange%202013%20to%20Exchange%202019%2C%20once%20the%20Exchange%202019%20servers%20are%20introduced%20can%20you%20install%20an%20Exchange%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3E2016%3C%2FEM%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eserver%20at%20a%20later%20date%20%3F%26nbsp%3B%20Yes%20%3F%20No%20%3F%3C%2FP%3E%3CP%3EIf%20this%20is%20still%20an%20issue%20please%20provide%20a%20specific%20Microsoft%20link%20referencing%20the%20caveat.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3ELooking%20forward%20to%20your%20always%20timely%2C%20accurate%20and%20thoughtful%20response%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3372671%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3372671%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1268210%22%20target%3D%22_blank%22%3E%40Dennisdsmolinski%3C%2FA%3Ethat%20is%20great%20news.%20I%20am%20probably%20going%20to%20wait%20a%20few%20days%20before%20upgrading%20our%20domain%20controllers.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3373794%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3373794%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F286871%22%20target%3D%22_blank%22%3E%40Sam_T%3C%2FA%3E%26nbsp%3BNope%2C%20we%20do%20not%20support%20adding%20a%20%22skipped%22%20version%20of%20Exchange%20into%20the%20organization.%20Now%2C%20your%20next%20question%20is%20where%20I%20am%20still%20looking%2C%20because%20for%20the%20life%20of%20me%20I%20can't%20find%20this%20documented%20and%20I%20%3CEM%3EKNOW%3C%2FEM%3E%20it%20is.%20Sigh.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3376160%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3376160%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20both%20Exchange%202013%20and%20Exchange%202019%2C%20in%20this%20case%20I%20guess%20I%20need%20first%20to%20install%20the%20update%20on%20all%2C%20and%20after%20that%20to%20only%20run%20the%202019%26nbsp%3B%3CSTRONG%3E%E2%80%9CSetup.exe%20%2FIAcceptExchangeServerLicenseTerms_DiagnosticDataOFF%20%2FPrepareAllDomains%E2%80%9D%26nbsp%3B%20%3F%20is%20that%20correct%20steps%3F%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3376740%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3376740%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20experienced%20the%20same%20behavior%20on%20this%20CU%20and%20also%20on%20CU11%20for%20Exchange2019%2C%20that%20after%20installation%20of%20the%20CU%2C%20IIS%20cert%20on%20port%20443%20is%20reset%20to%20original%20Microsoft%20Exchange%2C%20and%20i%20have%20to%20manually%20replace%20it%20with%20the%20one%20we%20use%20(signed%20by%20external%20provider).%20Otherwise%20I%20see%20cert%20errors%20in%20Outlook.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20I'm%20seeing%20strange%20behavior%20on%20Edge%20Servers%2C%20we%20have%203%20of%20them%2C%20i%20recreated%20the%20subscription%20files%2C%20and%20resubbed%20them%20on%20MBX%20servers%20which%20went%20fine.%20However%20if%20i%20try%20to%20create%20another%20subscription%20file%20I'm%20getting%20error%20that%20LDAP%20server%20is%20unavailable.%20And%20on%20MBX%20servers%20i%20see%20this%20error%20when%20i%20run%20test-edgesync%20%3A%3C%2FP%3E%3CP%3EEdgeSync%20service%20cannot%20connect%20to%20this%20subscription%20because%20of%20error%20%22The%20supplied%3CBR%20%2F%3Ecredential%20is%20invalid.%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%20if%20i%20reboot%20the%20edge%20and%20recreate%20subscription%20file%20and%20then%20sub%20the%20EDGE%20on%20MBX%20with%20this%20new%20file%2C%20everything%20works%20fine.%3C%2FP%3E%3CP%3EAnyone%20seeing%20similar%20issue%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3379625%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3379625%22%20slang%3D%22en-US%22%3E%3CP%3EI%20used%20%22Exchange%20Health%20Checker%20version%2022.05.13.1414%22%20on%20a%20Exchange%202016%20with%20fresh%20installed%20CU23%20but%20without%20this%20Security%20Update.%20Usually%20Helathscanner%20tells%20in%20the%20Security%20Vulnerability%20section%20in%20Red%20what%20vulnarabilitys%20exist.%20But%20in%20my%20case%20there%20are%20no%20(without%20Downloaddomains).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20vulnarability%20shoud%20be%20gone%20after%20installing%20the%20Update%20-%20but%20not%20before.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20an%20error%20in%20Healthscanner%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3380405%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3380405%22%20slang%3D%22en-US%22%3E%3CP%3E%40%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F462123%22%20target%3D%22_self%22%3E%3CSPAN%20class%3D%22%22%3ETest-RRR%3C%2FSPAN%3E%3C%2FA%3E%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESame%20experience%20with%26nbsp%3BHealthChecker%2022.05.13.1414%20and%20a%20mixed%20Exchange%202016%20CU23%20and%20Exchange%202019%20CU12%20environment.%26nbsp%3B%20Didn't%20flag%20the%20vulnerability%20before%20the%20application%20of%20the%20May%20SU%20and%20the%20report%20looks%20to%20be%20the%20same%20after%26nbsp%3Bthe%20application%20of%20the%20May%20SU.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3380437%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3380437%22%20slang%3D%22en-US%22%3E%3CP%3EI%20found%20that%20the%20health%20checker%20now%20also%20needs%20domain%20admin%20rights%20in%20addition%20to%20the%20exchange%20admin%20rights%20in%20order%20to%20successfully%20run%20this%20health%20checker%20script%20to%20show%20that%20the%20vulnerability%20is%20addressed.%26nbsp%3B%20we%20have%20a%20separate%20team%20for%20the%20domain%20admins.%26nbsp%3B%20adding%20exchange%20admin%20rights%20to%20our%20domain%20admin%20person%20then%20run%20the%20health%20checker%20resulted%20in%20a%20clean%20report.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3380440%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3380440%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Dennisdsmolinski_0-1652708592636.png%22%20style%3D%22width%3A%20771px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F371894iC7EC07E125D3CA93%2Fimage-dimensions%2F771x108%3Fv%3Dv2%22%20width%3D%22771%22%20height%3D%22108%22%20role%3D%22button%22%20title%3D%22Dennisdsmolinski_0-1652708592636.png%22%20alt%3D%22Dennisdsmolinski_0-1652708592636.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3380460%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3380460%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20the%20related%20code%20in%20healthchecker.%26nbsp%3B%20There%20needs%20to%20be%20a%20better%20way%20than%20this%20when%20you%20have%20separation%20of%20duties%20not%20to%20mention%20what%20accidents%20could%20happen%20with%20those%20rights%20shared%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20if%20(((%24SecurityObject.MajorVersion%20-le%20%5BHealthChecker.ExchangeMajorVersion%5D%3A%3AExchange2016)%20-and%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20(%24SecurityObject.CU%20-le%20%5BHealthChecker.ExchangeCULevel%5D%3A%3ACU23))%20-or%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20((%24SecurityObject.MajorVersion%20-eq%20%5BHealthChecker.ExchangeMajorVersion%5D%3A%3AExchange2019)%20-and%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20(%24SecurityObject.CU%20-le%20%5BHealthChecker.ExchangeCULevel%5D%3A%3ACU12))%20-and%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20(%24SecurityObject.ServerRole%20-ne%20%5BHealthChecker.ExchangeServerRole%5D%3A%3AEdge))%20%7B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Write-Verbose%20%22Testing%20CVE%3A%20CVE-2022-21978%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20if%20(%24null%20-ne%20%24SecurityObject.ExchangeInformation.%3CU%3E%3CSTRONG%3EExchangeAdPermissions%3C%2FSTRONG%3E%3C%2FU%3E)%20%7B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Write-Verbose%20%22%3CU%3E%3CSTRONG%3EExchange%20AD%20permission%20information%20found%20-%20performing%20vulnerability%20testing%3C%2FSTRONG%3E%3C%2FU%3E%22%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20foreach%20(%24entry%20in%20%24SecurityObject.ExchangeInformation.%3CU%3E%3CSTRONG%3EExchangeAdPermissions%3C%2FSTRONG%3E%3C%2FU%3E)%20%7B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20if%20(%24entry.CheckPass%20-eq%20%24false)%20%7B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%24details%20%3D%20%22CVE-2022-21978%60r%60n%60t%60tInstall%20the%20May%202022%20SU%20and%20run%20%2FPrepareDomain%20or%20%2FPrepareAllDomains%20-%20See%3A%20%3CA%20href%3D%22https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Faka.ms%2FHC-May22SU__%3B!!Dahw-A9d0CA!lOGHZdSHTfOD4mP31zvwbUy3rgIpiD0O0Nyzl9tOTMmu6Yyf7Y4V8m3KSiKy8Qr7-Q%24%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FHC-May22SU%3C%2FA%3E%22%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%24displayWriteTypeColor%20%3D%20%22Red%22%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20if%20(%24displayWriteTypeColor%20-ne%20%22Red%22)%20%7B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Write-Verbose%20%22System%20NOT%20vulnerable%20to%20CVE-2022-21978%22%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%20else%20%7B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Write-Verbose%20%22Unable%20to%20perform%20CVE-2022-21978%20vulnerability%20testing%22%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%24details%20%3D%20%22CVE-2022-21978%60r%60n%60t%60tUnable%20to%20perform%20vulnerability%20testing%20-%20See%3A%20%3CA%20href%3D%22https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Faka.ms%2FHC-May22SU__%3B!!Dahw-A9d0CA!lOGHZdSHTfOD4mP31zvwbUy3rgIpiD0O0Nyzl9tOTMmu6Yyf7Y4V8m3KSiKy8Qr7-Q%24%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FHC-May22SU%3C%2FA%3E%22%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%24displayWriteTypeColor%20%3D%20%22Yellow%22%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3381062%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3381062%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1270011%22%20target%3D%22_blank%22%3E%40no1welshboyo%3C%2FA%3E%26nbsp%3BSorry%20missed%20your%20question%3B%20no%20-%20the%20%2FPrepareAllDomains%20(or%20%2FPrepareDomain%2C%20as%20applicable%20to%20your%20organization)%20needs%20to%20be%20run%20manually%20after%20SU%20is%20installed%2C%20no%20matter%20if%20it%20is%20installed%20via%20Windows%20update%20or%20manually.%20It%20should%20be%20run%20from%20the%20%2Fbin%20folder%20on%20the%20updated%20Exchange%20server%2C%20as%20directed.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1268210%22%20target%3D%22_blank%22%3E%40Dennisdsmolinski%3C%2FA%3E%26nbsp%3Band%20others%20-%20indeed%2C%20the%20permissions%20are%20most%20likely%20the%20reason%20why%20Health%20Checker%20is%20telling%20you%20it%20is%20unable%20to%20perform%20the%20testing%20in%20this%20case.%20I%20will%20give%20feedback%20to%20the%20team%20to%20change%20the%20message%20to%20suggest%20permissions%20might%20be%20the%20problem%2C%20if%20Exchange%20admins%20do%20not%20have%20domain%20permissions.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3381239%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3381239%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERe%20HealthChecker%20permissions%20and%20%3CEM%3E%22permissions%20are%20most%20likely%20the%20reason%22%3C%2FEM%3E%20.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENo.%20The%20account%20I%20am%20using%20and%20have%20been%20using%20for%20years%20in%20this%20environment%20is%20a%20Domain%20Admin%2C%20Enterprise%20Admin%2C%20Schema%20Admin%20and%20has%20the%20Organization%20management%20role.%20It%20has%20always%20yielded%20accurate%20HealthChecker%20results%20in%20terms%20of%20missing%20security%20fixes%20up%20until%20the%20May%202022%20SU.%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3381461%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3381461%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20applied%20this%20security%20patch%20on%20Friday%2C%20May%2013th%3C%2FP%3E%3CP%3EPatch%20applied%20successfully%20to%20our%20exchange%20servers%20and%20we%20were%20able%20to%20run%20the%20%2FPrepare%20without%20issue.%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20problem%20is%2C%20running%20the%20healthchecker%20afterwards.%20I%20get%20the%20message%3A%3C%2FP%3E%3CP%3ESecurity%20Vulnerability%3A%20CVE-2022-21978%3CBR%20%2F%3EUnable%20to%20perform%20vulnerability%20testing%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20when%20my%20colleague%20runs%20the%20healthchecker%2C%20it%20passes%20the%20check.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20will%20mention%2C%20she%20is%20the%20one%20who%20ran%20the%20%2Fprepare%20command.%20Could%20this%20be%20why%20it%20passes%20for%20her%20and%20not%20me%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20a%202013%20hybrid%20exchange%20environment.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3381363%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3381363%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3BWe%20have%20installed%20and%20updates%20the%20May%20updates%20in%20all%20our%20environments.%20However%2C%20there%20is%20one%20environment%20in%20which%20the%20Healt%20Checker%20Script%20(22.05.13.1414)%20still%20states%20that%20the%20mitigation%20needs%20to%20be%20done.%20As%20far%20as%20I%20know%2C%20this%20environment%20has%20the%20same%20setup%20as%20other%20environments%20we%20manage.%20It's%20Exchange%202019%20CU12.%3C%2FP%3E%3CP%3E--------------------------------------------%3C%2FP%3E%3CP%3ESecurity%20Vulnerability%3A%20CVE-2022-21978%3CBR%20%2F%3EInstall%20the%20May%202022%20SU%20and%20run%20%2FPrepareDomain%20or%20%2FPrepareAllDomains%20-%20See%3A%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FHC-May22SU%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FHC-May22SU%3C%2FA%3E%3C%2FP%3E%3CP%3E--------------------------------------------%3C%2FP%3E%3CP%3EThe%20domain%20prep%20ran%20succesfully%20and%20I%20have%20checked%20the%20Exchange%20Install%20Los%20(C%3A%5CExchangeSetupLogs%5CExchangeSetup.log)%20for%20errors.%3CBR%20%2F%3E%3CBR%20%2F%3ENeed%20to%20wait%20for%20updates%20script%20again%3F%20Saw%20some%20comments%20about%20reliability%20on%20this%20CVE%20addressing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%20for%20your%20reply%20answer.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3381478%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3381478%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F973093%22%20target%3D%22_blank%22%3E%40christiaan-nl%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1391583%22%20target%3D%22_blank%22%3E%40DGomez300%3C%2FA%3E%26nbsp%3Bit%20is%20definitely%20possible%20if%20there%20are%20variations%20in%20domain%20level%20permissions%20between%20accounts%20that%20one%20could%20come%20back%20with%20no%20issues%20and%20another%20is%20reporting%20issues%20checking%20if%20%2FPrepare%20ran%20correctly.%20I%20have%20reached%20out%20to%20Health%20Checker%20team%20to%20see%20if%20we%20can%20change%20some%20of%20the%20error%20conditions%20to%20make%20it%20clear%20when%20we%20fail%20for%20reasons%20of%20permissions%2C%20for%20example.%3C%2FP%3E%0A%3CP%3EThe%20bottom%20line%20is%3A%20if%20you%20ran%20%2FPrepareAllDomains%20(or%20%2FPrepareDomain%2C%20as%20applicable%20to%20your%20organization)%20-%20and%20setup%20completed%20with%20no%20issues%2C%20then%20you%20are%20good%20to%20go%20as%20far%20as%20this%20CVE%20is%20concerned.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3381495%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3381495%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20quick%20response.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3385860%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3385860%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EAfter%20passing%20the%20updates%20the%20ECP%20and%20OWA%20wont%20work%20anymore.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EServer%20Error%20in%20%E2%80%98%2Fecp%E2%80%99%20Application.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3ECould%20not%20load%20file%20or%20assembly%20%E2%80%98Microsoft.Exchange.Common%2C%20Version%3D15.0.0.0%20%E2%80%A6Culture%3Dneutral%2C%20PublicKeyToken%3D31bf3856ad364e54%E2%80%99%20or%20one%20of%20its%20dependencies.%20The%20system%20cannot%20find%20the%20file%20specified%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3387256%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3387256%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1389600%22%20target%3D%22_blank%22%3E%40Frederic20%3C%2FA%3E%26nbsp%3BPlease%20see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fclient-connectivity%2Fexchange-security-update-issues%23http-500-errors-in-owa-or-ecp%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20article%3C%2FA%3E%20(also%20linked%20to%20in%20this%20blog%20post).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3388539%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3388539%22%20slang%3D%22en-US%22%3E%3CP%3EI%20appreciate%20the%20updates%20to%20the%20blog%20and%20the%20HealthChecker%20script%20recognizing%20the%20need%20to%20have%20both%20sets%20of%20rights%20in%20order%20to%20acknowledge%20that%20the%20vulnerabilities%20have%20been%20addressed%20in%20patching.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3388564%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3388564%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3BWill%20this%20be%20the%20standard%20going%20forward%20when%20running%20the%20health%20checker%3F%20That%20in%20order%20for%20the%20script%20to%20perform%20vulnerability%20testing%2C%20it%20needs%20to%20be%20run%20from%20a%20domain%20or%20enterprise%20account%3F%20Or%20will%20the%20script%20be%20modified%20for%20the%20next%20SU%20to%20not%20have%20that%20requirement%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3388844%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3388844%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EHello%20Nino%20Bilic%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EI%20don't%20install%20manually%2C%20the%20update%20was%20installed%20from%20Microsoft%20Update%20and%20seems%20to%20be%20installed%20correctly.%20And%20when%20I%20start%20the%20IIS%20manager%2C%20it%20stays%20in%20the%20taskbar.%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EThanks%20for%20the%20help%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3388958%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3388958%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1391583%22%20target%3D%22_blank%22%3E%40DGomez300%3C%2FA%3E%26nbsp%3BConsider%20what%20this%20particular%20check%20(for%20this%20CVE)%20is%20doing%2C%20though.%20In%20vast%20majority%20of%20cases%2C%20a%20Health%20Checker%20script%20checks%20things%20on%20a%20local%20machine.%20For%20this%20CVE%2C%20however%2C%20it%20has%20to%20check%20Active%20Directory%20to%20check%20if%20the%20change%20was%20made%20by%20%2FPrepare%20switches.%20So%20it%20is%20not%20that%20the%20requirement%20is%20changing%20for%20the%20Health%20Checker.%20The%20requirement%20is%20changed%20for%20this%20particular%20check%2C%20because%20the%20account%20simply%20needs%20to%20have%20the%20rights%20to%20read%20Active%20Directory%20to%20validate%20this%20change.%20This%20is%20not%20a%20problem%20for%20many%20of%20our%20customers%2C%20but%20if%20they%20are%20running%20with%20split%20permissions%2C%20then%20yes%2C%20this%20will%20be%20an%20issue%20%3CEM%3Efor%20this%20particular%20check%3C%2FEM%3E%20going%20forward.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3398586%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3398586%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3C%2FP%3E%3CP%3Eif%20the%20server%20installed%20with%20Exchange%202016%20Edge%20role%20installed.%20Do%20we%20need%20to%20run%20this%20below%20command%20%3F%3C%2FP%3E%3CP%3EThis%20server%20is%20not%20in%20the%20domain.%3C%2FP%3E%3CP%3E%3CSTRONG%3E%E2%80%9CSetup.exe%20%2FIAcceptExchangeServerLicenseTerms_DiagnosticDataON%20%2FPrepareAllDomains%E2%80%9D%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3399209%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3399209%22%20slang%3D%22en-US%22%3E%3CP%3EHi!%3C%2FP%3E%3CP%3EI%20applied%20this%20security%20patch%2C%20patch%20applied%20successfully%20to%20exchange%20server%20but%20after%20run%20%22Setup.exe%20%2FIAcceptExchangeServerLicenseTerms_DiagnosticDataOFF%20%2FPrepareAllDomains%E2%80%9D%20i%20have%20an%20error%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3EConfiguring%20Microsoft%20Exchange%20Server%0A%0A%20%20%20%20Prepare%20Domain%20Progress%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20FAILED%0A%0AThe%20following%20error%20was%20generated%20when%20%22%24error.Clear()%3B%0A%20%24createTenantRoot%20%3D%20(%24RoleIsDatacenter%20-or%0A%24RoleIsPartnerHosted)%3B%0A%20%24createMsoSyncRoot%20%3D%20%24RoleIsDatacenter%3B%0A%0A%20%23%24RoleDatacenterIsManagementForest%20is%20set%20only%20in%0ADatacenter%20deployment%3B%20interpret%20its%20absense%20as%20%24false%0A%20%5Bbool%5D%24isManagementForest%20%3D%20(%24RoleDatacenterIsManagementForest%0A-eq%20%24true)%3B%0A%0A%20if%20(%24RolePrepareAllDomains)%0A%20%7B%0A%20initialize-DomainPermissions%20-AllDomains%3A%24true%0A-CreateTenantRoot%3A%24createTenantRoot%20-CreateMsoSyncRoot%3A%24createMsoSyncRoot%20-IsManagementForest%3A%24isManagementForest%3B%0A%20%7D%0A%0Aelseif%20(%24RoleDomain%20-ne%20%24null)%0A%20%7B%0A%20initialize-DomainPermissions%20-Domain%20%24RoleDomain%20-CreateTenantRoot%3A%24createTenantRoot%0A-CreateMsoSyncRoot%3A%24createMsoSyncRoot%20-IsManagementForest%3A%24isManagementForest%3B%0A%20%7D%0A%20else%0A%20%7B%0A%0Ainitialize-DomainPermissions%20-CreateTenantRoot%3A%24createTenantRoot%20-CreateMsoSyncRoot%3A%24createMsoSyncRoot%0A-IsManagementForest%3A%24isManagementForest%3B%0A%20%7D%0A%20%22%20was%20run%3A%20%22Microsoft.Exchange.Management.Tasks.OpenPolicyFailedException%3A%0AGot%20error%200x5%20opening%20group%20policy%20on%20system%20DC%20in%20domain%20MY%20DOMAIN.%0A%20at%0AMicrosoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception%20exception%2C%20ErrorCategory%20errorCategory%2C%20Object%20targ%0AString%20helpUrl)%0A%20at%20Microsoft.Exchange.Management.Tasks.InitializeDomainPermissions.AddSaclRight(ADDomain%20dom%2C%0ASecurityIdentifier%20exsSid%2C%20String%20privilegeName)%0A%20at%0AMicrosoft.Exchange.Management.Tasks.InitializeDomainPermissions.InternalProcessRecord()%0A%20at%0AMicrosoft.Exchange.Configuration.Tasks.Task.%3CPROCESSRECORD%3Eb__91_1()%0A%20at%0AMicrosoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String%20funcName%2C%20Action%20func%2C%20Boolean%0AterminatePipelineIfFailed)%22.%3C%2FPROCESSRECORD%3E%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAccount%20is%20a%20member%20of%20the%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3ESchema%20Admins%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3Band%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EEnterprise%20Admins%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3Bsecurity%20groups%20and%20command%20line%20run%20asadministrator.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3Esorry%2C%20i%20forgot%20add%20account%20to%20domain%20admins%20group%3C%2FSPAN%3E%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3EPrepare%20Domain%20Progress%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20COMPLETED%0A%0AThe%20Exchange%20Server%20setup%20operation%20completed%20successfully.%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3399484%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3399484%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1394470%22%20target%3D%22_blank%22%3E%40gopanuj%3C%2FA%3E%26nbsp%3BNope%2C%20Edge%20is%20not%20in%20the%20domain%2C%20this%20does%20not%20apply.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3399489%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3399489%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1394580%22%20target%3D%22_blank%22%3E%40vu__u%3C%2FA%3E%26nbsp%3BGood%20to%20hear%3B%20when%20in%20doubt%20-%20you%20can%20always%20run%20SetupAssist%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExSetupAssist%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FExSetupAssist%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3399554%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3399554%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20I%20installed%20Server%202019%20updates.%20took%20snapshot.%20Ran%20the%20CU12%20upgrade%20which%20also%20ran%20%2Fpreparedomains.%20the%20CU%20failed%20to%20stop%20malwarebytes%20service%20which%20I%20had%20already%20manually%20stopped%3B%20however%2C%20somehow%20it%20was%20running.%20I%20stopped%20it%20manually%20again%20and%20tried%20running%20CU%20upgrade%20again%20and%20it%20just%20crashed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20revered%20to%20the%20previous%20snapshot.%20Attempted%20to%20open%20outlook%2C%20it%20cannot%20load%20the%20mailboxes.%20Perhaps%20because%20the%20%2Fpreparedomains%20was%20run%3F%20-%20Regardless%2C%20took%20another%20snapshot%20and%20I%20am%20running%20the%20CU12%20upgrade%20again.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3Eit%20is%20installing%20now...%20Hopefully%20it%20will%20finish.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3400340%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3400340%22%20slang%3D%22en-US%22%3E%3CP%3ESeeing%20odd%20and%20unexpected%20behavior%20when%20updating%20one%20of%20our%20Exchange%202016%20servers%20with%20CU23%20and%20have%20opened%20a%20ticket%20with%20support.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWindows%20Installer%20is%20prompting%20almost%20immediately%20to%20insert%20%22Microsoft%20Exchange%20Server%22%20disk%20and%20cannot%20proceed%20past%20it.%26nbsp%3B%20We%20had%20no%20issues%20when%20installing%20CU23%20a%20couple%20of%20weeks%20ago%20and%20haven't%20had%20issue%20with%20this%20SU%20on%20our%20other%20servers.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Issue1.png%22%20style%3D%22width%3A%20460px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F373198i945964256F393B29%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Issue1.png%22%20alt%3D%22Issue1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Issue2.png%22%20style%3D%22width%3A%20518px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F373200i8FFAE173F0F71602%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Issue2.png%22%20alt%3D%22Issue2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20restarted%20server%2C%20downloaded%20the%20SU%20several%20times%2C%20deleted%20temp%20files%20and%20folders%2C%20mounted%20the%20Exchange%202016%20CU23%20ISO%2C%20and%20even%20had%20another%20colleague%20try%20under%20his%20local%20profile.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAV%20is%20only%20monitoring%2C%20and%20other%20services%20have%20been%20stopped.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdditionally%2C%20updating%20via%20Windows%20Update%20produces%20%22Error%200x8024002d%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Issue3.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F373196i00B98FCEE5A214F1%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Issue3.png%22%20alt%3D%22Issue3.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELastly%2C%20we've%20run%20the%20setupassist%20script%20which%20suggested%20an%20issue%20with%20the%20installer%20cache%20but%20the%20fixinstallercache%20script%20fails%20to%20complete.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20advise.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3401679%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3401679%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F793430%22%20target%3D%22_blank%22%3E%40toddnelson-work%3C%2FA%3E%26nbsp%3BHmmm%20this%20seems%20to%20be%20something%20more%20than%20just%20Exchange%20update%3B%20I%20am%20honestly%20not%20sure%20but%20the%20fact%20that%20even%20Windows%20Update%20is%20failing%20seems%20to%20indicate%20that%20there%20might%20be%20a%20problem%20with%20one%20of%20the%20OS%20services%2C%20maybe%20Windows%20Update%20service%20(I%20think%20that%20is%20still%20used%20when%20we'd%20run%20the%20extracted%20.msp).%20Is%20there%20anything%20in%20those%20SU%20logs%20that%20the%20.exe%20installer%20creates%20by%20default%20(as%20per%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fnew-exchange-server-security-update-and-hotfix-packaging%2Fba-p%2F3301819%22%20target%3D%22_self%22%3Ethis%20blog%20post%3C%2FA%3E)%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3401986%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3401986%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20downloaded%20the%20CAB%2C%20extracted%20MSP%20file%20and%20attempted%20to%20update%2C%20and%20received%20the%20same%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEXE%20log%20shows...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%5B5%2F19%2F2022%203%3A31%3A53%20PM%5D%20INFO%3A%20Copying%20temporary%20files%20to%20C%3A%5CUsers%5Cusername%5CAppData%5CLocal%5CTemp%5C5%5CExchangeServer.msp.%3CBR%20%2F%3E%5B5%2F19%2F2022%203%3A31%3A53%20PM%5D%20INFO%3A%20Exchange%20Server%20Update%20is%20being%20installed.%3CBR%20%2F%3E%5B5%2F19%2F2022%203%3A34%3A47%20PM%5D%20ERROR%3A%20While%20installing%20the%20Exchange%20Server%20Update%2C%20error%201612%20occurred.%3CBR%20%2F%3E%5B5%2F19%2F2022%203%3A34%3A47%20PM%5D%20INFO%3A%20Deleting%20temporary%20files%20ExchangeServer.msp.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMSI%20log%20shows...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3D%3D%3D%20Verbose%20logging%20started%3A%205%2F19%2F2022%208%3A31%3A54%20Build%20type%3A%20SHIP%20UNICODE%205.00.10011.00%20Calling%20process%3A%20C%3A%5CWindows%5CSystem32%5Cmsiexec.exe%20%3D%3D%3D%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A54%3A027%5D%3A%20Font%20created.%20Charset%3A%20Req%3D0%2C%20Ret%3D0%2C%20Font%3A%20Req%3DMS%20Shell%20Dlg%2C%20Ret%3DMS%20Shell%20Dlg%3C%2FP%3E%3CP%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A54%3A027%5D%3A%20Font%20created.%20Charset%3A%20Req%3D0%2C%20Ret%3D0%2C%20Font%3A%20Req%3DMS%20Shell%20Dlg%2C%20Ret%3DMS%20Shell%20Dlg%3C%2FP%3E%3CP%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A047%5D%3A%20Resetting%20cached%20policy%20values%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A047%5D%3A%20Machine%20policy%20value%20'Debug'%20is%200%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A047%5D%3A%20*******%20RunEngine%3A%3CBR%20%2F%3E*******%20Product%3A%20%7BCD981244-E9B8-405A-9026-6AEB9DCEF1F1%7D%3CBR%20%2F%3E*******%20Action%3A%3CBR%20%2F%3E*******%20CommandLine%3A%20**********%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A048%5D%3A%20Machine%20policy%20value%20'DisableUserInstalls'%20is%200%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A050%5D%3A%20Warning%3A%20The%20package%20code%20in%20the%20cached%20package%20'C%3A%5CWindows%5CInstaller%5C69fce.msi'%20does%20not%20match%20the%20registered%20package%20code.%20Cached%20package%20will%20be%20ignored.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A050%5D%3A%20User%20policy%20value%20'SearchOrder'%20is%20'nmu'%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A050%5D%3A%20User%20policy%20value%20'DisableMedia'%20is%200%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A050%5D%3A%20Machine%20policy%20value%20'AllowLockdownMedia'%20is%200%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A050%5D%3A%20SOURCEMGMT%3A%20Media%20enabled%20only%20if%20package%20is%20safe.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A050%5D%3A%20SOURCEMGMT%3A%20Looking%20for%20sourcelist%20for%20product%20%7BCD981244-E9B8-405A-9026-6AEB9DCEF1F1%7D%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A050%5D%3A%20SOURCEMGMT%3A%20Adding%20%7BCD981244-E9B8-405A-9026-6AEB9DCEF1F1%7D%3B%20to%20potential%20sourcelist%20list%20(pcode%3Bdisk%3Brelpath).%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A050%5D%3A%20SOURCEMGMT%3A%20Now%20checking%20product%20%7BCD981244-E9B8-405A-9026-6AEB9DCEF1F1%7D%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A051%5D%3A%20SOURCEMGMT%3A%20Media%20is%20enabled%20for%20product.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A051%5D%3A%20SOURCEMGMT%3A%20Attempting%20to%20use%20LastUsedSource%20from%20source%20list.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A051%5D%3A%20SOURCEMGMT%3A%20Processing%20net%20source%20list.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A051%5D%3A%20Note%3A%201%3A%201402%202%3A%20UNKNOWN%5CNet%203%3A%202%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A051%5D%3A%20Note%3A%201%3A%201706%202%3A%20-2147483647%203%3A%20EXCHANGESERVER.msi%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A54%3A051%5D%3A%20SOURCEMGMT%3A%20Processing%20media%20source%20list.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A55%3A060%5D%3A%20SOURCEMGMT%3A%20Trying%20media%20source%20E%3A%5C.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A55%3A060%5D%3A%20Creating%20MSIHANDLE%20(1)%20of%20type%20790541%20for%20thread%2030616%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A55%3A088%5D%3A%20Creating%20MSIHANDLE%20(2)%20of%20type%20790540%20for%20thread%2030616%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A55%3A088%5D%3A%20Creating%20MSIHANDLE%20(3)%20of%20type%20790531%20for%20thread%2030616%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A55%3A088%5D%3A%20Closing%20MSIHANDLE%20(3)%20of%20type%20790531%20for%20thread%2030616%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A55%3A088%5D%3A%20Closing%20MSIHANDLE%20(2)%20of%20type%20790540%20for%20thread%2030616%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A55%3A088%5D%3A%20Closing%20MSIHANDLE%20(1)%20of%20type%20790541%20for%20thread%2030616%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A55%3A099%5D%3A%20SOURCEMGMT%3A%20Source%20is%20invalid%20due%20to%20client%20source%20out%20of%20sync%20(product%20code%20is%20the%20same).%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A55%3A099%5D%3A%20Note%3A%201%3A%201731%202%3A%20-2147483645%203%3A%20EXCHANGESERVER.msi%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A55%3A099%5D%3A%20SOURCEMGMT%3A%20Processing%20URL%20source%20list.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A55%3A100%5D%3A%20Note%3A%201%3A%201402%202%3A%20UNKNOWN%5CURL%203%3A%202%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A55%3A100%5D%3A%20Note%3A%201%3A%201706%202%3A%20-2147483647%203%3A%20EXCHANGESERVER.msi%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A31%3A55%3A100%5D%3A%20Note%3A%201%3A%201731%202%3A%203%3A%20EXCHANGESERVER.msi%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A100%5D%3A%20User%20policy%20value%20'SearchOrder'%20is%20'nmu'%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A100%5D%3A%20SOURCEMGMT%3A%20Media%20enabled%20only%20if%20package%20is%20safe.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A100%5D%3A%20SOURCEMGMT%3A%20Prompting%20user%20for%20a%20valid%20source.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A100%5D%3A%20Machine%20policy%20value%20'DisableBrowse'%20is%200%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A100%5D%3A%20Machine%20policy%20value%20'AllowLockdownBrowse'%20is%200%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A100%5D%3A%20SOURCEMGMT%3A%20Browsing%20is%20enabled.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A113%5D%3A%20Font%20created.%20Charset%3A%20Req%3D0%2C%20Ret%3D0%2C%20Font%3A%20Req%3DMS%20Shell%20Dlg%2C%20Ret%3DMS%20Shell%20Dlg%3C%2FP%3E%3CP%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A114%5D%3A%20SOURCEMGMT%3A%20Now%20checking%20product%20%7BCD981244-E9B8-405A-9026-6AEB9DCEF1F1%7D%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A114%5D%3A%20SOURCEMGMT%3A%20Media%20is%20enabled%20for%20product.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A114%5D%3A%20SOURCEMGMT%3A%20Attempting%20to%20use%20LastUsedSource%20from%20source%20list.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A114%5D%3A%20SOURCEMGMT%3A%20Processing%20net%20source%20list.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A114%5D%3A%20Note%3A%201%3A%201402%202%3A%20UNKNOWN%5CNet%203%3A%202%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A114%5D%3A%20Note%3A%201%3A%201706%202%3A%20-2147483647%203%3A%20EXCHANGESERVER.msi%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A114%5D%3A%20SOURCEMGMT%3A%20Processing%20media%20source%20list.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A114%5D%3A%20SOURCEMGMT%3A%20Trying%20media%20source%20EXCHANGESERVER2016-X64-CU22%3B1.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A114%5D%3A%20Note%3A%201%3A%201706%202%3A%203%3A%20EXCHANGESERVER.msi%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A114%5D%3A%20SOURCEMGMT%3A%20Processing%20URL%20source%20list.%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A114%5D%3A%20Note%3A%201%3A%201402%202%3A%20UNKNOWN%5CURL%203%3A%202%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A114%5D%3A%20Note%3A%201%3A%201706%202%3A%20-2147483647%203%3A%20EXCHANGESERVER.msi%3CBR%20%2F%3EMSI%20(c)%20(C0%3A58)%20%5B08%3A31%3A55%3A114%5D%3A%20Note%3A%201%3A%201706%202%3A%203%3A%20EXCHANGESERVER.msi%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A34%3A45%3A997%5D%3A%20SOURCEMGMT%3A%20Failed%20to%20resolve%20source%3CBR%20%2F%3EMSI%20(c)%20(C0%3A98)%20%5B08%3A34%3A45%3A997%5D%3A%20MainEngineThread%20is%20returning%201612%3CBR%20%2F%3E%3D%3D%3D%20Verbose%20logging%20stopped%3A%205%2F19%2F2022%208%3A34%3A46%20%3D%3D%3D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3402036%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3402036%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1394766%22%20target%3D%22_blank%22%3E%40ALucassen%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EAfter%20installing%20the%20CU%2C%20I%20ran%20the%20healthchecker%20and%20I%20did%20not%20get%20any%20vulnerabilities%20warnings.%20This%20is%20what%20I%20got%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22Known%20Issue%20Detected%3A%20True%3CBR%20%2F%3EThis%20build%20has%20a%20known%20issue(s)%20which%20may%20or%20may%20not%20have%20been%20addressed.%20See%20the%20below%20link(s)%20for%20more%20information.%3C%2FP%3E%3CP%3EExchange%20Service%20Host%20service%20fails%20after%20installing%20March%202022%20security%20update%20(KB5013118)%22%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EAfter%20installing%20the%20May%20SU%2C%20that%20message%26nbsp%3Bdisappeared.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3400822%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3400822%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F462123%22%20target%3D%22_blank%22%3E%40Test-RRR%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F286871%22%20target%3D%22_blank%22%3E%40Sam_T%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe're%20experiencing%20the%20same%20issue.%20We%20ran%20Exchange%20Health%20Checker%20v22.05.17.2008%20on%20a%20fresh%20install%20of%20CU12%2C%20with%20no%20May%202022%20SU%20applied%2C%20and%20there%20is%20no%20warning%20telling%20us%20that%20we%20need%20to%20apply%20the%20May%202022%20SU.%20Do%20we%20still%20need%20to%20do%20that%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20currently%20have%20Exchange%202019%20CU12%20installed%2C%20Build%20Number%2015.02.1118.007.%20Any%20help%20is%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3402062%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3402062%22%20slang%3D%22en-US%22%3E%3CP%3EOn%20May%2017th%20there%20was%20another%20update%20made%20to%20the%20Healthchecker%20script%20that%20removed%20the%20need%20for%20Domain%20Admin%20rights.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Dennisdsmolinski_0-1652986203102.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F373290i39A8F69C6A470157%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Dennisdsmolinski_0-1652986203102.png%22%20alt%3D%22Dennisdsmolinski_0-1652986203102.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20the%20May%20Security%20Update%20is%20applied%2C%20the%20Healthchecker%20now%20displays%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Dennisdsmolinski_1-1652986276347.png%22%20style%3D%22width%3A%20502px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F373292iCF43B928CC1A4CBD%2Fimage-dimensions%2F502x67%3Fv%3Dv2%22%20width%3D%22502%22%20height%3D%2267%22%20role%3D%22button%22%20title%3D%22Dennisdsmolinski_1-1652986276347.png%22%20alt%3D%22Dennisdsmolinski_1-1652986276347.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EMany%20thanks%20to%20the%20team%20to%20not%20require%20the%20Exchange%20Admin%20to%20have%20elevated%20rights.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3402075%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3402075%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1333823%22%20target%3D%22_blank%22%3E%40ceantuco%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat's%20the%20message%20we%20see%20under%20%22Known%20Issue%20Detected%22%20as%20well%20so%20good%20to%20hear%20that%20the%20May%202022%20SU%20resolves%20that.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20main%20issue%20is%20that%2C%20like%20you%2C%20we%20do%20not%20see%20the%20May%202022%20SU%20listed%20under%20%22Security%20Vulnerabilities%22%20where%20other%20pending%20SUs%20have%20shown%20in%20the%20past%2C%20so%20we%20wanted%20to%20make%20sure%20that%20installing%20it%20would%20not%20create%20a%20problem.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3402081%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3402081%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F793430%22%20target%3D%22_blank%22%3E%40toddnelson-work%3C%2FA%3E%26nbsp%3BWow%20your%20machine%20%3CEM%3Ereally%3C%2FEM%3E%20wants%20those%20source%20Exchange%20files!!%20The%20only%20thing%20I%20can%20think%20of%20is%20to%20download%20(or%20mount)%20the%20.ISO%20of%20the%20latest%20CU%20that%20you%20have%20installed%20and%20point%20the%20prompt%20to%20the%20mounted%20.iso.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3402114%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3402114%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20done%20that%20too%20--%20with%20several%20different%20downloaded%20ISO%20files%20for%202016%20CU23%20--%20thinking%20the%20file%20might%20be%20corrupt%20but%20with%20the%20same%20result.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Issue4.png%22%20style%3D%22width%3A%20420px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F373308i72BE9E3405326BE2%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Issue4.png%22%20alt%3D%22Issue4.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnything%20else%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3402116%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3402116%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1394766%22%20target%3D%22_blank%22%3E%40ALucassen%3C%2FA%3E%26nbsp%3BIf%20the%20new%20Health%20Checker%20tells%20you%20it%20is%20good%2C%20then%20you%20should%20not%20have%20to%20worry%20about%20%2FPrepare%20switches.%20We%20still%20suggest%20you%20install%20the%20SU%20on%20Exchange%2C%20of%20course%2C%20just%20do%20not%20need%20to%20run%20%2FPrepare.%20Note%20that%20even%20if%20you%20did%20run%20%2FPrepare%20there%20are%20no%20downsides.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3402187%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3402187%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1394766%22%20target%3D%22_blank%22%3E%40ALucassen%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20did%20not%20have%20any%20issues%20after%20installing%20the%20SU.%20As%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%20suggested%20earlier%2C%20after%20installing%20the%20SU%20I%20rebooted%20the%20server%20and%20ran%20%2FPrepareAllDomains.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGood%20luck!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3404830%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3404830%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20downloaded%20the%20new%20HealthChecker%2C%20but%20it%20still%20shows%20%22CVE-2022-21978%20Unable%20to%20perform%20vulnerability%20testing.%20If%20Exchange%20admins%20do%20not%20have%20domain%20permissions%20this%20might%20be%20expected%2C%20please%20re-run%20with%20domain%20or%20enterprise%20admin%20account%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20run%20%2FPrepareAllDomains%20with%20a%20Domain%20Admin%2FEnterprise%20Admin%20account%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20am%20I%20doing%20wrong%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3403486%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3403486%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhy%20does%20SetupAssist%20script%20show%20the%20current%20build%20as%20CU22%20when%20the%20Exchange%202016%20server%20has%20CU23%20installed%3F%26nbsp%3B%20Could%20this%20be%20why%20I%20cannot%20get%20the%20May%202022%20SU%20installed%3F%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Issue5.png%22%20style%3D%22width%3A%20734px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F373466i5000CAF8D630C445%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Issue5.png%22%20alt%3D%22Issue5.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFound%20that%20these%20results%20are%20consistent%20across%20servers%20that%20have%20been%20successfully%20updated.%26nbsp%3B%20A%20bit%20confusing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20that%20said%2C%20after%20working%20with%20support%2C%20it%20appears%20CU23%20(which%20we%20installed%203%20weeks%20ago%20%22successfully%22)%20failed%20to%20update%20all%20of%20the%20registry%20keys%20under%20'HKEY_CLASSES_ROOT%5CInstaller%5CProducts'%20properly%20and%20was%20causing%20the%20May%202022%20SU%20install%20to%20fail.%26nbsp%3B%20We%20compared%20reg%20key%20values%20from%20a%20server%20that%20updated%20successfully%20to%20the%20server%20that%20was%20failing%20to%20update%2C%20replaced%20the%20reg%20keys%20and%20was%20able%20to%20get%20the%20SU%20installed%20successfully.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELastly%2C%20not%20sure%20I'm%20comfortable%20with%20the%20state%20of%20the%20server%20after%20the%20%22successful%22%20CU23%20update%20and%20may%20build%20a%20new%20set%20of%20servers%20to%20migrate%20to.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3301831%22%20slang%3D%22en-US%22%3EReleased%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3301831%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20has%20released%20security%20updates%20(SUs)%20for%20vulnerabilities%20found%20in%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EExchange%20Server%202013%3C%2FLI%3E%0A%3CLI%3EExchange%20Server%202016%3C%2FLI%3E%0A%3CLI%3EExchange%20Server%202019%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20style%3D%22background%3A%20%23F0F0F0%3B%20padding%3A%20.5em%3B%20margin%3A%201em%200%201em%200%3B%22%3E%3CFONT%20color%3D%22%23DF0000%22%3E%3CSTRONG%3EIMPORTANT%3A%3C%2FSTRONG%3E%26nbsp%3B%3C%2FFONT%3EStarting%20with%20this%20release%20of%20Security%20Updates%2C%20we%20are%20releasing%20updates%20in%20a%20self-extracting%20auto-elevating%20.exe%20package%20(in%20addition%20to%20the%20existing%20Windows%20Installer%20Patch%20format).%20Please%20see%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fnew-exchange-server-security-update-and-hotfix-packaging%2Fba-p%2F3301819%22%20target%3D%22_blank%22%3Ethis%20post%3C%2FA%3E%20for%20more%20information.%20Original%20update%20packages%20can%20be%20downloaded%20from%20%3CA%20href%3D%22https%3A%2F%2Fwww.catalog.update.microsoft.com%2FHome.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Update%20Catalog%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EThese%20SUs%20are%20available%20for%20the%20following%20specific%20builds%20of%20Exchange%20Server%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EExchange%20Server%202013%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3FfamilyID%3D943353da-e3d1-4397-abb0-ea02fb779fb2%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECU23%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EExchange%20Server%202016%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D104208%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECU22%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3FfamilyID%3D51ee8758-94a2-4c8c-9349-fad41558570f%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECU23%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EExchange%20Server%202019%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3FfamilyID%3Dca8fb2cb-505a-4120-a1ea-c479a948f200%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECU11%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3FfamilyID%3D11b71eb1-8e6f-47e5-a58c-74aa94be1ea6%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECU12%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EThe%20SUs%20address%20vulnerabilities%20responsibly%20reported%20to%20Microsoft%20by%20security%20partners%20and%20found%20through%20Microsoft%E2%80%99s%20internal%20processes.%20Although%20we%20are%20not%20aware%20of%20any%20active%20exploits%20in%20the%20wild%2C%20our%20recommendation%20is%20to%20%3CEM%3Eimmediately%3C%2FEM%3E%20install%20these%20updates%20to%20protect%20your%20environment.%3C%2FP%3E%0A%3CP%3EThese%20vulnerabilities%20affect%20Exchange%20Server.%20Exchange%20Online%20customers%20are%20already%20protected%20from%20the%20vulnerabilities%20addressed%20in%20these%20SUs%20and%20do%20not%20need%20to%20take%20any%20action%20other%20than%20updating%20any%20Exchange%20servers%20in%20their%20environment.%3C%2FP%3E%0A%3CP%3EMore%20details%20about%20specific%20CVEs%20can%20be%20found%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESecurity%20Update%20Guide%3C%2FA%3E%20(filter%20on%20Exchange%20Server%20under%20Product%20Family).%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%225%22%3EManual%20run%20of%20%2FPrepareAllDomains%20is%20required%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EBecause%20of%20additional%20security%20hardening%20work%20for%20CVE-2022-21978%2C%20the%20following%20actions%20should%20be%20taken%20in%20addition%20to%20application%20of%20May%202022%20security%20updates%20(please%20see%20the%20FAQ%20below%20if%20in%20your%20organization%20you%20never%20ran%20%2FPrepareAllDomains%20but%20ran%20%2FPrepareDomain%20for%20%3CEM%3Esome%3C%2FEM%3E%20domains%20only)%3A%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22264%22%3E%3CP%3E%3CSTRONG%3ELatest%20version%20of%20Exchange%20Server%20installed%20in%20the%20organization%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22456%22%3E%3CP%3E%3CSTRONG%3EAdditional%20steps%20needed%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22264%22%3E%3CP%3EExchange%20Server%202016%20CU22%20or%20CU23%2C%20or%3C%2FP%3E%0A%3CP%3EExchange%20Server%202019%20CU11%20or%20CU12%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22456%22%3E%3CP%3EInstall%20the%20May%202022%20SU%20first%20and%20then%20run%20the%20following%20Command%20Prompt%20command%20once%20using%20Setup.exe%20in%20your%20Exchange%20Server%20installation%20path%20(e.g.%2C%20%3CSTRONG%3E%E2%80%A6%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5Cv15%5CBin)%3C%2FSTRONG%3E%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%E2%80%9CSetup.exe%20%2FIAcceptExchangeServerLicenseTerms_DiagnosticDataON%20%2FPrepareAllDomains%E2%80%9D%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOr%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%E2%80%9CSetup.exe%20%2FIAcceptExchangeServerLicenseTerms_DiagnosticDataOFF%20%2FPrepareAllDomains%E2%80%9D%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22264%22%3E%3CP%3EExchange%20Server%202013%20CU23%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22456%22%3E%3CP%3EInstall%20the%20May%202022%20SU%20first%20and%20then%20run%20the%20following%20Command%20Prompt%20command%20once%20using%20Setup.exe%20in%20your%20Exchange%20Server%20installation%20path%20(e.g.%2C%20%3CSTRONG%3E%E2%80%A6%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5Cv15%5CBin)%3C%2FSTRONG%3E%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ESetup.exe%20%2FIAcceptExchangeServerLicenseTerms%20%2FPrepareAllDomains%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22264%22%3E%3CP%3EAny%20older%20version%20of%20Exchange%20Server%20not%20listed%20above%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22456%22%3E%3CP%3EUpdate%20your%20Exchange%20server%20to%20the%20latest%20CU%2C%20install%20May%202022%20SU%20and%20then%20follow%20the%20steps%20above.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%20style%3D%22background%3A%20%23F0F0F0%3B%20padding%3A%20.5em%3B%20margin%3A%201em%200%201em%200%3B%22%3EYou%20need%20to%20run%20%2FPrepareAllDomains%20only%20once%20per%20organization%20and%20those%20changes%20will%20apply%20to%20all%20versions%20of%20Exchange%20Server%20within%20the%20organization.%20When%20you%20run%20%2FPrepareAllDomains%2C%20your%20account%20needs%20to%20be%20a%20member%20of%20the%20Enterprise%20Admins%20security%20group.%20This%20might%20be%20a%20different%20account%20from%20the%20one%20you%20use%20to%20install%20the%20SU.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%226%22%3EUpdate%20installation%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3ETwo%20update%20paths%20are%20available%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22May2022SUsPath.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F370479iC7B67D1254796E09%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22May2022SUsPath.jpg%22%20alt%3D%22May2022SUsPath.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%225%22%3EInventory%20your%20Exchange%20Servers%20%2F%20determine%20which%20updates%20are%20needed%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EUse%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeHealthChecker%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EExchange%20Server%20Health%20Checker%20script%3C%2FA%3E%20(use%20the%20latest%20release)%20to%20inventory%20your%20servers.%20Running%20this%20script%20will%20tell%20you%20if%20any%20of%20your%20Exchange%20Servers%20are%20behind%20on%20updates%20(CUs%20and%20SUs).%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%225%22%3EUpdate%20to%20the%20latest%20Cumulative%20Update%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EGo%20to%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeUpdateWizard%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FExchangeUpdateWizard%3C%2FA%3E%20and%20choose%20your%20currently%20running%20CU%20and%20your%20target%20CU%20to%20get%20directions%20for%20your%20environment.%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%225%22%3EIf%20you%20encounter%20errors%20during%20or%20after%20installation%20of%20Exchange%20Server%20updates%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EIf%20you%20encounter%20errors%20during%20installation%2C%20see%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExSetupAssist%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESetupAssist%20script%3C%2FA%3E.%20If%20something%20does%20not%20work%20properly%20after%20updates%2C%20see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fexchange%2Ftroubleshoot%2Fclient-connectivity%2Fexchange-security-update-issues%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERepair%20failed%20installations%20of%20Exchange%20Cumulative%20and%20Security%20updates%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%225%22%3EKnown%20issues%20with%20this%20release%3C%2FFONT%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EIf%20you%20get%20the%20following%20error%20when%20trying%20to%20install%20the%20.exe%20version%20of%20the%20Exchange%202016%20SU%20for%20CU22%3A%20%22Could%20not%20load%20file%20or%20assembly%20'Microsoft.Exchange.SecurityPatch.ExeGenerator%22%20followed%20by%20%22Strong%20name%20validation%20failed.%22%20and%20error%20%220x8013141A%22%20-%20then%20please%20re-download%20the%20Exchange%202016%20CU22%20update%20and%20try%20again.%20We%20have%20resolved%20the%20problem%20with%20that%20.exe%20package.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CFONT%20size%3D%225%22%3EIssues%20resolved%20by%20this%20release%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EThe%20following%20issues%20have%20been%20resolved%20in%20this%20update%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EExchange%20Service%20Host%20service%20fails%20after%20installing%20March%202022%20security%20update%20(%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fhelp%2F5013118%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EKB5013118%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3ENew-DatabaseAvailabilityGroupNetwork%20and%20Set-DatabaseAvailabilityGroupNetwork%20fail%20with%20error%200xe0434352%3C%2FLI%3E%0A%3CLI%3EThe%20UM%20Voicemail%20greetings%20function%20stops%20working%20and%20returns%20error%200xe0434352.%3C%2FLI%3E%0A%3CLI%3EUnable%20to%20send%20mails%20through%20EAS%20and%20Get-EmailAddressPolicy%20fails%20with%20Microsoft.Exchange.Diagnostics.BlockedDeserializeTypeException%20after%20installing%20Security%20Update%20KB5008631%20for%20Exchange%202019%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CFONT%20size%3D%225%22%3EFAQs%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CEM%3EMy%20organization%20is%20in%20Hybrid%20mode%20with%20Exchange%20Online.%20Do%20I%20need%20to%20do%20anything%3F%3C%2FEM%3E%3C%2FSTRONG%3E%3CBR%20%2F%3EWhile%20Exchange%20Online%20customers%20are%20already%20protected%2C%20the%20May%202022%20SUs%20do%20need%20to%20be%20installed%20on%20your%20on-premises%20Exchange%20servers%2C%20even%20if%20they%20are%20used%20only%20for%20management%20purposes.%20You%20do%20%3CEM%3Enot%3C%2FEM%3E%20need%20to%20re-run%20the%20Hybrid%20Configuration%20Wizard%20(HCW)%20after%20installing%20updates.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CEM%3EDo%20I%20need%20to%20install%20the%20updates%20on%20%E2%80%98Exchange%20Management%20Tools%20only%E2%80%99%20workstations%3F%3CBR%20%2F%3E%3C%2FEM%3E%3C%2FSTRONG%3EServers%20or%20workstations%20running%20only%20the%20Management%20Tools%20role%20(no%20Exchange%20services)%20do%20not%20need%20these%20updates.%20If%20your%20organization%20uses%20%3CEM%3Eonly%3C%2FEM%3E%20an%20Exchange%20Management%20Tools%20machine%2C%20then%20you%20should%20install%20the%20May%202022%20SU%20package%20on%20it%20and%20run%20%2FPrepareAllDomains%20as%20per%20the%20above%20instructions%20to%20update%20Active%20Directory%20permissions.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CEM%3EInstructions%20seem%20to%20indicate%20that%20we%20should%20%2FPrepareAllDomains%20after%20May%202022%20SU%20is%20installed%3B%20is%20that%20correct%3F%3C%2FEM%3E%3C%2FSTRONG%3E%3CBR%20%2F%3EYes.%20The%20May%202022%20SU%20package%20updates%20files%20in%20Exchange%20server%20folders%20when%20it%20is%20installed.%20That%20is%20why%20once%20those%20files%20are%20updated%20(SU%20is%20installed)%20%E2%80%93%20we%20ask%20you%20to%20go%20and%20explicitly%20%2FPrepareAllDomains%20using%20setup%20from%20%5Cv15%5CBin%20folder.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CEM%3EIn%20our%20organization%20we%20never%20ran%20%2FPrepareAllDomains.%20We%20only%20prepared%20several%20of%20our%20domains.%20Do%20we%20still%20need%20to%20run%20%2FPrepareAllDomains%20to%20address%20CVE-2022-21978%3F%3C%2FEM%3E%3C%2FSTRONG%3E%3CBR%20%2F%3EOur%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FExchange%2Fplan-and-deploy%2Fprepare-ad-and-domains%3Fview%3Dexchserver-2019%23prepare-all-domains-in-the-active-directory-forest%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Edocumentation%3C%2FA%3E%20guides%20our%20customers%20to%20run%20%2FPrepareAllDomains%20as%20a%20part%20of%20the%20Exchange%20organization%20setup.%20If%20your%20organization%20has%20prepared%20only%20a%20subset%20of%20all%20your%20Active%20Directory%20domains%2C%20then%20you%20can%20choose%20to%20use%20the%20%2FPrepareDomain%20switch%20in%20those%20specific%20domains%20only.%20To%20check%20if%20%2FPrepareDomain%20was%20ran%20in%20a%20particular%20domain%2C%20check%20for%20the%20presence%20of%20the%20Microsoft%20Exchange%20System%20Objects%20container%20in%20that%20domain.%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EWe%20never%20used%20the%20Microsoft%20Update%20catalog%20and%20need%20help%20getting%20the%20old%20version%20of%20update%20package.%20Help%3F!%3C%2FSTRONG%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CSPAN%3EYou%20can%20search%20the%20Microsoft%20Update%20Catalog%20for%20your%20version%20of%20Exchange%20(for%20example%20%E2%80%9CExchange%20Server%202019%E2%80%9D).%20Here%20are%20quick%20links%20with%20search%20strings%20for%20Exchange%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.catalog.update.microsoft.com%2FSearch.aspx%3Fq%3Dexchange%2520server%25202013%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E2013%3C%2FA%3E%3CSPAN%3E%2C%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.catalog.update.microsoft.com%2FSearch.aspx%3Fq%3Dexchange%2520server%25202016%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E2016%3C%2FA%3E%3CSPAN%3E%26nbsp%3Band%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.catalog.update.microsoft.com%2FSearch.aspx%3Fq%3Dexchange%2Bserver%2B2019%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E2019%3C%2FA%3E%3CSPAN%3E.%20Once%20the%20results%20come%20up%2C%20sort%20by%20the%20%E2%80%9CLast%20updated%E2%80%9D%20column%20to%20display%20the%20latest%20security%20update.%20Use%20the%20Download%20button%20to%20download%20the%20.cab%20file%20and%20then%20rick-click%20on%20the%20.cab%20and%20choose%20Open%20to%20reveal%20the%20.msp%20file.%20Extract%20the%20.msp%20file%20and%20proceed%20using%20it%20(but%20remember%20that%20.msp%20requires%20elevation%20when%20installing!)%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CEM%3E%3CSTRONG%3ECan%20we%20run%20%2FPrepareAllDomains%20before%20all%20of%20our%20Exchange%20servers%20are%20updated%20with%20May%202022%20CU%3F%3C%2FSTRONG%3E%3C%2FEM%3E%3CBR%20%2F%3EYes.%20There%20is%20no%20dependency%26nbsp%3Bbetween%20running%20of%20%2FPrepareAllDomains%20and%20installation%20of%20updates%20on%20%3CEM%3Eall%3C%2FEM%3E%20servers.%20%2FPrepareAllDomains%20can%20be%20run%20when%20as%20least%20one%20machine%20is%20updated%20(from%20that%20machine)%20but%20could%20be%20postponed%20and%20be%20run%20when%20you%20are%20ready%20to%20address%20that%20particular%20CVE.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CEM%3E%3CSTRONG%3EWe%20ran%20%2FPrepareAllDomains%20but%20Health%20Checker%20script%20is%20telling%20us%20we%20are%20still%20vulnerable.%20Or%3A%20Health%20Checker%20script%20fails%20to%20check%20for%20CVE-2022-21978%20update%20status.%3C%2FSTRONG%3E%3C%2FEM%3E%3CBR%20%2F%3EPlease%20update%20your%20Health%20Checker%20script%3B%20we%20resolved%20the%20problem%20that%20was%20causing%20this%20and%20the%20new%20version%20of%20the%20check%20is%20now%20published.%20Also%2C%20please%20note%20that%20if%20your%20organization%20uses%20split%20permissions%20and%20Exchange%20admins%20do%20not%20have%20rights%20to%20read%20Active%20Directory%20configuration%2C%20we%20updated%20the%20Health%20Checker%20on%205%2F16%20to%20indicate%20when%20more%20permissions%20might%20be%20required%20for%20the%20check%20to%20complete.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EUpdates%20to%20this%20blog%20post%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E5%2F16%3A%20Another%20update%20to%20Health%20Checker%20FAQ%20to%20account%20for%20split%20permissions%3C%2FLI%3E%0A%3CLI%3E5%2F12%3A%20Updated%20the%20Health%20Checker%20FAQ%3B%20the%20updated%20version%20is%20now%20published%3C%2FLI%3E%0A%3CLI%3E5%2F11%3A%20Added%20a%20FAQ%20about%20Health%20Checker%20script%20in%20some%20environments%20incorrectly%20reporting%20that%26nbsp%3B%3CSPAN%3ECVE-2022-21978%20is%20not%20addressed%20after%20%2FPrepareAllDomains%20was%20run%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E5%2F11%3A%20Added%20a%20FAQ%20on%20order%20of%20running%20%2FPrepareAllDomains%20vs.%20updating%20of%20all%20Exchange%20servers%3C%2FLI%3E%0A%3CLI%3E5%2F11%3A%20Redirected%20the%20Exchange%202016%20CU22%20package%20back%20to%20the%20Download%20Center%20as%20the%20issue%20with%20that%20update's%20.exe%20package%20has%20been%20resolved%3C%2FLI%3E%0A%3CLI%3E5%2F11%3A%20Redirected%20the%20Exchange%202016%20CU22%20SU%20download%20link%20to%20Microsoft%20Update%20Catalog%20download%20while%20we%20address%20an%20issue%20with%20.exe%20installer.%3C%2FLI%3E%0A%3CLI%3E5%2F11%3A%20Additional%20clarification%20of%20%2FPrepareDomain%20vs.%20%2FPrepareAllDomains%20for%20customers%20who%20never%20ran%20%2FPrepareAllDomains%20in%20their%20organization%3C%2FLI%3E%0A%3CLI%3E5%2F11%3A%20Added%20the%20workaround%20for%20a%20'Strong%20name%20validation%20error'%20that%20a%20small%20number%20of%20customers%20reported%3C%2FLI%3E%0A%3CLI%3E5%2F11%3A%20Added%20information%20on%20how%20to%20find%20the%20.msp%20version%20of%20updates%20in%20Microsoft%20Update%20Catalog%3C%2FLI%3E%0A%3CLI%3E5%2F10%3A%20Added%20a%20FAQ%20mentioning%20the%20use%20of%20%2FPrepareDomain%20instead%20of%20%2FPrepareAllDomains%20for%20organizations%20that%20need%20to%20do%20so.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22author%22%3EThe%20Exchange%20Server%20Team%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-3301831%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20releasing%20a%20set%20of%20security%20updates%20for%20Exchange%20Server%202013%2C%202016%20and%202019.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3301831%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnnouncements%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%202013%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%202016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%202019%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOn%20premises%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3410149%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20May%202022%20Exchange%20Server%20Security%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3410149%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20everyone%20just%20upgraded%20from%20Ex2019%20CU11%20%26gt%3B%20CU12%20with%20the%20SU%20May22.%3C%2FP%3E%3CP%3EEverything%20when%20fine.%20It%20is%20so%20helpful%20that%20being%20on%20CU11%20the%20Healthchecker%20does%20inform%20about%20watching%20for%20the%20%2Fprepare(all)domain(s)%20switch%20for%20the%20SU.%20*kudos*%3C%2FP%3E%3CP%3EAfter%20all%20when%20in%20ECP%20it%20will%20not%20show%20the%20correct%20build%20of%20the%20SU%20but%20the%20CU12%20build.%20Is%20this%20expected%3F%20The%20reported%20version%20from%20usual%20commands%20and%20Healthchecker%20confirm%20the%20SU%20is%20applied%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎May 20 2022 06:58 PM
Updated by: