Support for .Net 4.6.1 is now available for Exchange Server 2016 and 2013 with these updates. We fully support customers upgrading servers running 4.5.2 to 4.6.1 without removing Exchange. We recommend that customers apply Exchange Server 2016 Cumulative Update 2 or Exchange Server 2013 Cumulative Update 13 before upgrading .Net FrameWork. Servers should be placed in maintenance mode during the upgrade as you would do when applying a Cumulative Update. Support for .Net 4.6.1 requires the following post release fixes for .Net as well.
Note: .Net 4.6.1 installation replaces the existing 4.5.2 installation. If you attempt to roll back the .Net 4.6.1 update, you will need to install .Net 4.5.2 again.
AutoReseed support for BitLocker
Beginning with Exchange 2013 CU13 and Exchange 2016 CU2, the Disk Reclaimer function within AutoReseed supports BitLocker. By default, this feature is disabled. For more information on how to enable this functionality, please see Enabling BitLocker on Exchange Servers.
SHA-2 support for self-signed certificates
The New-ExchangeCertificate cmdlet has been updated to produce a SHA-2 certificate for all self-signed certificates created by Exchange. Creating a SHA-2 certificate is the default behaviour for the cmdlet. Existing certificates will not automatically be regenerated but newly installed servers will receive SHA-2 certificates by default. Customers may opt to replace existing non-SHA2 certificates generated by previous releases as they see fit.
Migration to Modern Public Folders resolved
The issue reported in KB3161916 has been resolved.
Change to Get-ExchangeServer cmdlet
The Get-ExchangeServer cmdlet has been updated in Exchange Server 2016 Cumulative Update 2 to reflect the Exchange 2016 ServerRole definitions; Mailbox or Edge. Due to the way Remote PowerShell (RPS) works, the ServerRole definition output will be based upon the version hosting the RPS session, e.g. CU2 endpoints will report CU2 ServerRole definitions for all servers in the org. Customers should use the properties assigned to a particular service on the Exchange Server object to determine capabilities of a server, if needed. For instance, customers with scripts relying upon ServerRole Output looking for ClientAccess to be installed will need to look for the IsClientAccessServer property in the cmdlet output instead. An example follows:
Installing from a mounted ISO displays English UI only
We are aware that customers who mount the ISO image and install Exchange from the mapped drive will not receive a local language setup experience. For customers who desire a local language setup experience, the workaround is to copy the files from the mounted ISO to a local OS drive and execute Setup from the local OS drive instead of the mounted ISO. We are working to resolve this in a future cumulative update.
KB articles which contain greater depth on what each release includes are available as follows:
Exchange Server 2016 Cumulative Update 2 does include updates to Active Directory Schema. These updates will apply automatically during setup if the permissions and Active Directory requirements are met during installation. If the Exchange Administrator lacks permissions to update Active Directory Schema, a Schema Admin should execute SETUP /PrepareSchema before installing Cumulative Update 2 on the first Exchange server. The Exchange Administrator should also execute SETUP /PrepareAD to ensure RBAC roles are updated correctly.
Exchange Server 2013 Cumulative Update 13 does not include updates to Active Directory, but may add additional RBAC definitions to your existing configuration. PrepareAD should be executed prior to upgrading any servers to CU13. PrepareAD will run automatically during the first server upgrade if Setup detects this is required and the logged on user has sufficient permission.
Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate TechNet documentation.
Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings.
Reminder for customers in hybrid deployments
Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., CU13) or the prior (e.g., CU12) Cumulative Update release.