Microsoft has released Exchange 2013 CU9, three months after the release of CU8. Microsoft has made a solid Cumulative Update this time (just like CU8 by the way) and during testing not much issues were found.
There aren’t any new features in this Cumulative Update, and personally I don’t expect any new features anymore in future Cumulative Updates either. All development efforts at Microsoft are currently targeted towards Exchange Server 2016.
The official announcement of CU9 can be found on The Exchange Team Blog, CU9 itself can be downloaded from the Microsoft Download Center, just as the accompanying CU9 UM Language Packs.
Please note that CU9 includes a security hotfix for MS15-064 (Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157), if you’re running an older version of Exchange 2013 and cannot upgrade anytime soon then install this hotfix separately.
At the same time Microsoft has released Exchange Server 2010 Service Pack 3 Update Rollup 10 and Exchange Server 2007 Service Pack 3 Update Rollup 17 (KB3056710).
And the regular warning message… as always… make sure you properly test this upgrade before upgrading your productions servers!
Installing Exchange 2013 CU9
If you’re running an older version of Exchange 2013 (CU5 or earlier) make sure you have your receive connectors configured correctly. As I mentioned in an earlier blogpost Upgrade to CU8 fails on Receive Connector Misconfiguration you can run into issues when not configured correctly. You can check Paul Cunningham’s article about Receive Connector Conflicts on how to check this.
Exchange 2013 CU9 contains schema changes, if your current Exchange 2013 deployment is based on CU6 or earlier. Exchange 2013 CU7 schema version is ‘15312’, a version that didn’t change in later builds.
You can check the schema version by running the following PowerShell commands:
$root = [ADSI]"LDAP://RootDSE"
$m = [ADSI]("LDAP://" + "CN=ms-Exch-Schema-Version-Pt," + $root.schemaNamingContext)
$m.rangeUpper
You can upgrade the Active Directory (Schema, Configuration and Domain) to the CU9 level by using the following commands:
Setup.exe /prepareSchema /IAcceptExchangeServerLicenseTerms Setup.exe /prepareAD /IAcceptExchangeServerLicenseTerms Setup.exe /prepareDomain /IAcceptExchangeServerLicenseTerms
For a complete list of version numbers and schema changes (in Exchange 2013) you can visit the following sites:
The easiest way to upgrade your Exchange 2013 server is to use the unattended setup, just enter the following command from a Command Prompt:
Setup.exe /mode:upgrade /IAcceptExchangeServerLicenseTerms
Upgrading Exchange 2013 DAG Members
If you’re running a DAG with load balanced Client Access servers (which can be multi-role servers of course) upgrading to Exchange 2013 CU9 involves a bit more work.
First disable the Exchange 2013 server you want to upgrade in your load balancer. The client connections will be transferred gracefully to another server, and this will prevent the ‘disconnection’ pop-up in Outlook while upgrading the server.
When the ‘Real Server’ in the load balancer is disabled the Exchange 2013 server can be set in Maintenance mode. You can do this in Exchange Management Shell by using the following commands:
$Computer = $ENV:ComputerName Set-ServerComponentState $Computer -Component HubTransport -State Draining -Requester Maintenance Redirect-Message -Server $Computer -Target <Other Exchange 2013 Server> # Prevent DAG member becoming PAM Suspend-ClusterNode $Computer # Move all Mailbox Databases and prevent hosting copies on current server Set-MailboxServer $Computer -DatabaseCopyActivationDisabledAndMoveNow $True Set-MailboxServer $Computer -DatabaseCopyAutoActivationPolicy Blocked # Put the Exchange 2013 server in Maintenance Mode: Set-ServerComponentState $Computer -Component ServerWideOffline -State Inactive -Requester Maintenance
You can verify if the server is actually running in maintenance mode by using the following command in PowerShell:
Get-ServerComponentState $Computer | ft Component,State –Autosize
When the server is in Maintenance Mode you can upgrade to CU9 by using the setup.exe /mode:upgrade /IAcceptExchangeServerLicenseTerms command as shown earlier in this blog.
When the server is upgraded you get the Exchange server out of Maintenance Mode by running the following commands in Exchange Management Shell:
$Computer = $ENV:ComputerName Set-ServerComponentState $Computer -Component ServerWideOffline -State Active -Requester Maintenance Resume-ClusterNode $Computer Set-MailboxServer $Computer -DatabaseCopyActivationDisabledAndMoveNow $False Set-MailboxServer $Computer -DatabaseCopyAutoActivationPolicy Unrestricted Set-ServerComponentState $Computer -Component HubTransport -State Active -Requester Maintenance Restart-Service MSExchangeTransport Restart-Service MSExchangeFrontEndTransport
To check if the server is fully up and running again you can use the following command in Exchange Management Shell:
Get-ServerComponentState $Computer | ft Component,State –Autosize
You can now continue with upgrading the next Exchange 2013 DAG member.
Edge Transport Server
If you’re running an Exchange 2013 Edge Transport server and want to upgrade to Exchange 2013 CU9 you can put the Edge Transport server in maintenance mode by using the following commands in Exchange Management Shell:
$Computer = $ENV:ComputerName Set-ServerComponentState $Computer -Component ServerWideOffline -State Inactive -Requester Maintenance
The command to upgrade the Exchange 2013 server is similar to a regular Exchange 2013 server:
Setup.exe /mode:upgrade /IAcceptExchangeServerLicenseTerms
A major difference with a regular server is that the upgrade is much, much faster 🙂
After upgrading the server (and rebooting) you can set the Edge Transport server out of Maintenance Mode by using the following commands:
$Computer = $ENV:ComputerName Set-ServerComponentState $Computer -Component ServerWideOffline -State Active -Requester Maintenance
The server is now fully operational again.
Jaap Wesselius 
NIce article but while there are no schema updates it still smart to run setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms since there is a new cmdlet which otherwise wont be available.
Furthermore there is some new functionality (hence the new cmdlet) if you look at https://support.microsoft.com/kb/3050877
We personaly have been waiting a long time on this update!
LikeLike
Hi,
I partly agree. The schema update is not necessary since there are no schema changes. Yes, you’re right, there are more changes. But when you do not perform the /PrepareAD action it will be automatically executed by the regular /mode:update command, just like a GUI upgrade, so the new features will be available after all.
Thanks,
Jaap
LikeLike
hello,
is it possible to upgrade from cu7 to cu9 directly or I should do cu8 first.
and one more question if you allow me to ask, I have 2 cas server and 2 mailbox server with dag.. can I do one at a time so there will no be downtime or it will require to be both at a same time ?
Regards
Jaber
LikeLike
Hi Jaber,
Yes, it is possible to upgrade directly from CU7 to CU9 and this is fully supported. It is also possible to upgrade from older builds to CU9, for example from SP1 or CU5, but this is officially not supported.
About the upgrade order, if you have a load balancer should should disable one Exchange server there, disable the Component State and upgrade the server. For the Mailbox server, you need a DAG to upgrade the servers without any downtime. I would start with the (dedicated) Client Access servers.
Thanks – Jaap
LikeLike
We are running Exchange 2013 SP1 coexisting with Exchange 2007 SP3-RU16. If we want to get to CU9 and want to do it in the supported manner what is that? Do we need to go CU5 to CU6 to CU7 to CU8 to CU9 or is there a shorter path?
LikeLike
You can just go from SP1 to CU9. Officially it’s not supported, but Microsoft won’t send you away if something happens.
LikeLike
I went from SP1 to CU9 this past weekend. No issues. Thanks!
LikeLike
I upgraded from 2007 to 2013 CU9 (I first upgraded 2007 to cu13). It appears 2013 maybe did not install successfully since I do not see autodiscover.xml where it should be. Needless to say, mobile devices can not connect. Can CU9 be reinstalled somehow?
LikeLike
Can you please tell me how much disk space I need on my Exchange 2013 sp1 server to perform the update to cu9? I have only 6GB free. Cleaned wherever I could.
I want to move the whole exchange 2013 environment from on premise to Exchange online.
I fear that i am running in disk space problems to do so. I also have a D disk with 107 GB free
LikeLike
Well, upgrading will remove the original binaries and install the new binaries, but I’m afraid you still haven’t got enough disk space available? What’s the size of the disk? In a virtual environment, I typically recommend a 200GB for the Operating System and Exchange 2013, although installing Exchange 2013 on a separate disk is even better.
Have to moved the SMTP Queue database to another disk as outlined in this article: https://jaapwesselius.com/2014/03/05/move-transport-database-in-exchange-2013/
Managed Availability is also collecting tons of performance information, storing it somewhere in the C:\Program Files directory.
Maybe a stupid question, but are the Mailbox databases also on this disk?
And… if it’s virtual, can you extend the disk maybe?
Thanks,
jaap
LikeLike
I managed to free 13 Gb more by movibg a lot of old temp files from the transport directory on C. I tried to move the queue database file to D no luck there yet.
The maildatabases and logs are already on the D disk. I really stripped the C disk from all kinds of Exchange logs and temps.
This is a physical server so no way to expand the disk, the server is also full.
I can compress C but that is not the best of solutions and I can Virtualize it of course.
Problem is that it is a production machine, so no room to play around.
Now that I have 20GB free I think I should be able to do the CU9 update and then migrate the server to Exchange online. Then my problems will be solved.
LikeLike
I’m curious why the Queue database won’t move. Other than that, what migration method do you have in mind? You want to do a cutover migration from on-premises to online? If so you don’t need to upgrade to CU9.
LikeLike
I am still investigating how to migrate from on premise to online without too many hassles… I am not a seasoned Exchange professional. For me it is one of these things that comes with the job. I am more a SQL Server administrator
LikeLike
Can i upgrade directly from Exchange 2013 CU2 directly to CU9 without passing prior for SP1 installation and any other CU version ?
Any recommendation ?
Steps by Steps ? Any ?
Thanks a lot guys!
LikeLike
Hi,
From CU2 to CU9? I have actually no idea…. do you have a DAG? So if one upgrade fails you can still recover? Personally I would try to make an interim step to SP1 for example, just in case. From CU2 to CU9 is a huge step, there might be (unknown) issues…..
LikeLike
I have one Exchange Server 2013, but 2 domains in the forest. Both domains have users with mailboxes. I would like to upgrade from SP1 to CU10.
Do I have to run the
“setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms” in both domains?
Many thanks
Dave
LikeLike
Yes, you have to run /PrepareDomain in all domains that contain recipients. You can also use /PrepareAllDomains which will prepare all domains in just one step.
Thanks,
Jaap
LikeLike
Hi, I’m encountering this error, any idea how to resolve?
Error:
The following error was generated when “$error.Clear();
#
# O15# 2844081 – Create PartnerApplication “Exchange Online” in DC and On-Premise
#
$exch = [Microsoft.Exchange.Data.Directory.SystemConfiguration.WellknownPartnerApplicationIdentifiers]::Exchange;
$exchApp = Get-PartnerApplication $exch -ErrorAction SilentlyContinue -DomainController $RoleDomainController | Where { $_.UseAuthServer };
if ($exchApp -eq $null)
{
$exchAppName = “Exchange Online”;
$exchApp = New-PartnerApplication -Name $exchAppName -ApplicationIdentifier $exch -Enabled $RoleIsDatacenter -AcceptSecurityIdentifierInformation $false -DomainController $RoleDomainController;
}
# Create application account for Exchange
$appAccountName = $exchApp.Name + “-ApplicationAccount”;
$appAccount = Get-LinkedUser -Identity $appAccountName -ErrorAction SilentlyContinue -DomainController $RoleDomainController;
if ($appAccount -eq $null)
{
$appAccountUpn = $appAccountName.Replace(” “, “_”) + “@” + $RoleFullyQualifiedDomainName;
$appAccount = New-LinkedUser -Name $appAccountName -UserPrincipalName $appAccountUpn -DomainController $RoleDomainController;
Set-PartnerApplication -Identity $exchApp.Identity -LinkedAccount $appAccount.Identity -DomainController $RoleDomainController;
}
foreach ($roleName in (“UserApplication”, “ArchiveApplication”, “LegalHoldApplication”, “Mailbox Search”, “TeamMailboxLifecycleApplication”, “MailboxSearchApplication”))
{
$roleIdentity = Get-ManagementRole $roleName -DomainController $RoleDomainController;
$roleAssignment = Get-ManagementRoleAssignment -Role $roleIdentity.Identity -RoleAssignee $appAccount.Identity -DomainController $RoleDomainController;
if ($roleAssignment -eq $null)
{
New-ManagementRoleAssignment -Role $roleName -User $appAccount.Identity -DomainController $RoleDomainController;
}
}
” was run: “Microsoft.Exchange.Data.Directory.ADObjectAlreadyExistsException: Active Directory operation failed on TFSSERV23.tfsph.local. The object ‘CN=Exchange Online-ApplicationAccount,CN=Users,DC=tfsph,DC=local’ already exists. —> System.DirectoryServices.Protocols.DirectoryOperationException: The object exists.
at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout, IActivityScope activityScope, String callerInfo)
at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
— End of inner exception stack trace —
at Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
at Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation)
at Microsoft.Exchange.Configuration.Tasks.SetTaskBase`1.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.NewTaskBase`1.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.NewADTaskBase`1.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)”.
LikeLike
Hi,
I’m sorry, I haven’t seen this error before. I would suggest you ask this question an the Exchange 2013 deployment forum: https://social.technet.microsoft.com/Forums/office/en-US/home?forum=exchangesvrdeploy
THanks
Jaap
LikeLike
Jaap – thanks for your earlier reply. I presume though that I only have to do the /PrepareAD once – probably from the Exchange Server or on the Schema Master Domain Controller?
LikeLike
Yes. /PrepareSchema once, /PrepareAD once, /PrepareDomain on every domain that contains recipients.
Be aware… it sometimes happens that when you run into issues you have to rerun /PrepareAD, see my latest blogpost this morning 🙂
LikeLike
Hi everybody,
I have Exchange 2013 RTM, never upgraded. I tried to upgrade to CU10 directly.
When a run /prepareAD or PrepareSchema, I got the error below:
“Setup encountered a problem while validating the state of Active Directory: The Active Directory organization
configuration version (15614) is higher than Setup’s version(15449). Therefore, PrepareAD can’t be executed.”
I also tried to install without preparing AD or Schema and I got a bunch of error. Anyone can help me, please?
LikeLike
Have you been playing around with the public preview of Exchange 2016 in this environment?
I’m not sure if you can install this public preview in Exchange 2013 RTM, but the error message is very similar.
LikeLike
No, I haven’t. I just would like to upgrade to the newest CU.
LikeLike
15614 is Exchange 2013 CU1, 15449 is Exchange 2013 RTM. You’re running the wrong setup.
LikeLike
Shouldn’t it be Set-ServerComponentState $Computer -Component ServerWideOffline -State Active -Requester Maintenance to take EdgeTransport server out of Maintenance Mode
LikeLike
Good catch, thanks! I just changed it in the article.
LikeLike
Hi, I have run update from CU4 to CU9 but the update begins by language file and restoring services and i have error on unify messaging service ? Do you have idea because now i can’t send and receive email.
LikeLike