Tag Archives: CU11

Exchange Quarterly Updates: Exchange 2019 CU11 and Exchange 2016 CU22

On September 28, 2021 Microsoft released their quarterly updates for Exchange server, Exchange 2019 CU11 and Exchange 2016 CU22. Despite earlier communications a new CU for Exchange 2016 is released as well.

Besides normal fixes, a new feature is introduced in these CUs as well, the Exchange Emergency Mitigation Server or EEMS. EEMS is a new service that can mitigate new security breaches when they arise. EEMS connects to a Microsoft endpoint (https://officeclient.microsoft.com/getexchangemitigations) and when needed, downloads and installs available mitigations. It performs a check once an hour. If you don’t feel comfortable with this, it is possible to disable this on an organization level 😉

Also new in Exchange 2019 CU11 and Exchange 2016 CU22 is telemetry regarding the mitigation service. When configured, it will automatically upload mitigation related service to Microsoft. Again, this can be disabled as well using the license agreement (enabled by default).

When installing this update you will see change in the License Agreement:

The default is I accept the license agreement and will share diagnostics data with Microsoft (recommended), but you can select other as well of course.

When using the unattended install, a new switch is used for accepting the License Agreement.

  • /IAcceptExchangeServerLicenseTerms_DiagnosticDataON – when you allow to upload diagnostics data to Microsoft
  • /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF – when you do not allow to update diagnostics data to Microsoft.

There are also two new prerequisites when installing Exchange 2019 CU11 or Exchange 2016 CU22. Prerequisite software contains now the ‘IIS URL Rewrite Module’ which needs to be installed. The second one is connectivity to the internet for accessing the mitigation service endpoint.

The setup application will check for these prerequisites and will generate an error when they are not met:

Note. The internet connectivity is not shown in this screenshot.

The ‘IIS URL Rewrite Module’ can be downloaded from https://download.microsoft.com/download/1/2/8/128E2E22-C1B9-44A4-BE2A-5859ED1D4592/rewrite_amd64_en-US.msi

Using PowerShell you can download the module, store it in the C:\Install directory and install it unattended using the following commands:

Start-BitsTransfer -Source "https://download.microsoft.com/download/1/2/8/128E2E22-C1B9-44A4-BE2A-5859ED1D4592/rewrite_amd64_en-US.msi" -Destination C:\Install
Start-Process -FilePath "C:\Install\ rewrite_amd64_en-US.msi " -ArgumentList "/q" -Wait

Updating the Exchange server to this latest CU is not different compared to earlier versions (except for the license agreement switch):

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms_DiagnosticDataON
Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms_DiagnosticDataON
Setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms_DiagnosticDataON

Setup.EXE /Mode:Upgrade /IAcceptExchangeServerLicenseTerms_DiagnosticDataON

Note. There are no schema changes when upgrading from Exchange 2019 CU10 or Exchange 2016 CU21, but there are changes when upgrading from previous releases.

After installing the updates, you will see the new services when opening the services MMC snap-in:

Or when using the Get-Service MSExchange* PowerShell command:

To check the status in the Exchange organization, you can use the Get-OrganizationConfig | Select mitigations command:

To disable the mitigation service, execute the following command:

Set-OrganizationConfig -MitigationsEnabled:$False

By default, only one mitigation is installed, this is the EEMS heartbeat probe. You can check the installed mitigations by navigating to the Exchange scripts directory and execute the Get-Mitigations.ps1 script:

As with any Cumulative Update, please test this CU in your lab to see if all works well for your environment. Also have a look at the telemetry configuration (is that allowed in your organization?) and at the automatic configuration changes made by the EEMS (I can hear CISO starting to complain).

More information and downloads regarding the Cumulative Updates can be found here:

Exchange 2016 Cumulative Update 11

Most likely you’ve seen this information before, because of my vacation in Dallas and New Orleans I’m a bit behind with blogging 😊

But on October 16, 2018 Microsoft has released Cumulative Update 11 (CU11) for Exchange 2016, this is a little later than expected to align the release of Exchange 2016 Cumulative Updates with the upcoming release of Exchange 2019. . There’s only a release for Exchange 2016, there won’t be any new CU’s for Exchange 2013 since Exchange 2013 is already in extended support. There will be security updates for Exchange 2013 though.

Exchange server and .NET Framework is not a happy marriage and it continues to be a struggle, or at least it looks that way. Exchange 2016 CU11 now supports .NET Framework 4.7.2. This version of .NET Framework is not mandatory, installation of .NET Framework 4.7.2 can be before installing of CU11 or after CU11. The .NET Framework 4.7.2 will be required for a future CU of Exchange 2016.

Another dependency is Visual C++, you might have seen this in previous CU’s and also in Exchange 2010 Update Rollup 23 as well. To avoid any issue, install Visual C++ 2012 (https://www.microsoft.com/download/details.aspx?id=30679) before installing Exchange 2016 CU11.

Exchange 2016 CU11 does not have any schema changes. If you’re upgrading from an older version of Exchange 2016, Active Directory changes (in the configuration container) might be needed. These will automatically be applied by the setup application, but you can also choose to update the configuration partition manually by running setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

As always, you should test a Cumulative Update thoroughly before bringing it to production, it won’t be the first time something goes wrong in production with a CU. But I have to say, I haven’t seen any major blocking issues so far…

More information and downloads of Exchange 2016 CU11:

Exchange 2013 Cumulative Update 11 – Install it or not?

On December 15, 2015 Microsoft has released Cumulative Update 11 (CU11) for Exchange Server 2013. Okay, I’m a little late with this one, but I wanted to wait some time to see what would happen with this CU….

Note. You can download Exchange 2013 CU11 at https://www.microsoft.com/en-us/download/details.aspx?id=50366, the accompanying UM Language Pack files can be downloaded from https://www.microsoft.com/en-us/download/details.aspx?id=50365 and this is the office Microsoft announcement: https://support.microsoft.com/en-us/kb/3099522. But please, read on before starting to download and install Exchange 2013 CU11.

Now, about this CU….. Microsoft introduced a new feature in CU11 called Mailbox Anchoring. This means that an Exchange Management Shell will no longer connect to the Exchange 2013 server you’re logged on to, but it will be proxied to the Exchange server hosting your current Mailbox. This can be challenging in a mixed environment.

Continue reading Exchange 2013 Cumulative Update 11 – Install it or not?