Earlier this month was a big day for Exchange updates. Not only did we get Cumulative Update 13 for Exchange 2013, but we also got our second update for Exchange 2016.
As always, test these updates in a lab first! I recommend checking out this 7-part guide on configuring Exchange in your lab. It doesn’t take much to get one going.
The updates are as follows:
Update: Special thanks to Keith Kroslow who pointed out that Exchange 2010 and 2007 did get an update. Their updates fix a potential elevation issue for Oracle products installed on an Exchange server. Check out KB 3151097 for 2010 and KB 3151086 for 2007.
So what’s new?
This update is a culmination of bug fixes and feature tweaks. Most notably we now see official support for .NET 4.6.1. The lack of support became a particular issue when Windows Updates began recommending this update back in February. Thankfully all stability issues have since been resolved. Microsoft recommends updating to CU2 and CU13 before installing .NET 4.6.1.
In the last update, we saw the end of SHA-1 certificates for S/MIME. This update follows suit by dropping SHA-1 from Exchange’s self-signed certificates. To get this added security you will need to regenerate your existing self-signed certificates. SHA-2 will be deployed by default for newly installed Exchange servers.
Another important update is the resolution of potential data loss when migrating public folders. You can read more about it in KB 3161916.
We also see added support for BitLocker during AutoReseed operations. Up to this point, you had to manually encrypt a hot spare either before or after an AutoReseed operation. With this update, we can now have Disk Reclaimer automatically encrypt the drive during AutoReseed operations. You will need to enable this functionality on your DAG.
C:\> Set-DatabaseAvailabilityGroup <Name> -AutoDagBitLockerEnabled $true
More info on that process here.
Another cool update is the automatic redistribution of databases across a DAG. Each copy of a database has an activation preference. The initial active copy possesses an activation preference of one. During a database switchover or failover, the copy with the next highest preference is activated. The problem? A database has the potential to stay activated on the higher preference indefinitely. To combat this administrators can manually switch a database back, run a script to balance all databases, or, rely on a scheduled task to do this for them.
This update implements a mechanism to automatically activate databases back to preference one. The Primary Active Manager will check every hour and perform discretionary moves of databases not activated at their primary preference. This hourly interval can be modified. For example, to specify a rebalance of 24 hours issue the following command. To disable this functionality altogether you can specify a value of all zeroes.
C:\> Set-DatabaseAvailabilityGroup <Name> -PreferenceMoveFrequency 24:00:00
For more information on DAG Activation Preference, check here.
Schema Updates Needed
Exchange 2016 Cumulative Update 2 includes schema updates. You can apply these beforehand by running SETUP /PrepareSchema from the command line. The graphical setup will also perform this step if it detects the schema has not been extended.
Running this command beforehand is critical in environments where the Exchange admin does not have the rights to extend Active Directory. To extend the schema you must be both a Schema Admin and an Enterprise Admin.
You will also want to run SETUP /PrepareAD to get the latest RBAC definitions for both Exchange 2013 and 2016.
If upgrading from Exchange 2013 Cumulative Update 7-12 to Cumulative Update 13, then there are no schema changes. However, if migrating from an earlier update you will need to perform a schema update.
For more information on how to extend and verify the schema check our guide here.
For a quick reference on schema and build versions check here.
Required for hybrid
Microsoft requires that anyone in a hybrid environment be on the latest cumulative update.
Any insight into future Cumulative Updates?
So what do you think is coming next? What would you like to see? Drop a comment below or join the conversation on Twitter @SuperTekBoy.