Today we are announcing the availability of quarterly Cumulative Updates (CUs) for Exchange Server 2016 and Exchange Server 2019. These CUs include fixes for customer reported issues, all previously released security updates, and a new security feature.
A full list of fixes is contained in the KB article for each CU, but we wanted to highlight a few changes.
Microsoft Exchange Emergency Mitigation Service
As mentioned in our recent blog post, September 2021 CUs (and later) include the new Microsoft Exchange Emergency Mitigation service. Please familiarize yourself with the new service as it is a new security feature that will be installed on all Exchange Servers (except Edge servers).
We changed the unattended setup switch. The previous /IAcceptExchangeServerLicenseTerms switch will not work starting with the September 2021 CUs. You now must use either /IAcceptExchangeServerLicenseTerms_DiagnosticDataON or /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF for unattended and scripted installs.
The IIS URL Rewrite module is now a prerequisite for Exchange Server installation. This must be installed separately and is not installed as part of Exchange Setup (you need the x64 MSI version). Please note that app pools are restarted as a part of the IIS Rewrite module installation and service might be disrupted.
The KB articles that describe the fixes in each release and product downloads are as follows:
Due to several changes released in security updates since the last CU release, we wanted you to be aware of the following issues that might impact customers who did not already install recent security updates:
Before the update, you should check your Exchange Server authorization certificate. Please see this KB article for more information.
If your organization uses Load Balancing, please see this KB article for more information on how to update.
Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment.
These updates do not contain schema changes. If coming from older updates, you can find more information on preparing Active Directory here. Schema changes can be tracked here. For best practices for successful installation, please see this document.
If updating from an older version of the CU, please see the Exchange Update Wizard for detailed steps to follow.
Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to Unrestricted on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use these resolution steps to adjust the settings.
If you plan to install the update with the unattended install option using either PowerShell or a command prompt, make sure you specify either the full path to the setup.exe file or use a “.” in front of the command if you are running it directly from the folder containing the update. If you do not, Exchange Setup may indicate that it completed successfully when it did not. Read more here.
Note: Customers in Exchange hybrid deployments and those using Exchange Online Archiving with an on-premises Exchange deployment are required to deploy a supported CU for the product version in use.