On March 20, 2018 Microsoft has released two new quarterly updates:
- Exchange 2016 Cumulative Update 9 (CU9)
- Exchange 2013 Cumulative Update 20 (CU20)
There aren’t too many new features in these CUs. The most important ‘feature’ is that TLS 1.2 is now fully supported (most likely you already have TLS 1.2 only on your load balancer). This is extremely supported since Microsoft will support TLS 1.2 ONLY in Office 365 in the last quarter of this year (see the An Update on Office 365 Requiring TLS 1.2 Microsoft blog as well).
Support for .NET Framework 4.7.1, or the ongoing story about the .NET Framework. The .NET Framework 4.7.1 is fully supported by Exchange 2016 CU9 and Exchange 2013 CU20. Why is this important? For the upcoming CUs in three months (somewhere in June 2018) the .NET Framework 4.7.1 is mandatory, so you need these to be installed in order to install these upcoming CUs.
Please note that .NET Framework 4.7 is NOT supported!
If you are currently running an older CU of Exchange, for example Exchange 2013 CU12, you have to make an intermediate upgrade to Exchange 2013 CU15. Then upgrade to .NET Framework 4.6.2 and then upgrade to Exchange 2013 CU20. If you are running Exchange 2016 CU3 or CU4, you can upgrade to .NET Framework 4.6.2 and then upgrade to Exchange 2016 CU9.
If you are coming from a recent Exchange 2013 CU, there are no schema changes since the schema version (rangeUpper = 15312) hasn’t changed since Exchange 2013 CU7. However, since there can be changes in (for example) RBAC, it’s always a good practice to run the Setup.exe /PrepareAD command. For Exchange 2016, the schema version (rangeUpper = 15332) hasn’t changed since Exchange 2016 CU7.
As always, check the new CUs in your lab environment before installing into your production environment!!
Exchange 2016 CU9 Information and download Links
Exchange 2013 CU20 Information and download Links
Exchange Server 2013 enters the Extended Support phase of product lifecycle on April 10th, 2018. During Extended Support, products receive only updates defined as Critical consistent with the Security Update Guide. For Exchange Server 2013, critical updates will include any required product updates due to time zone definition changes.
Imported Hotfixes for Windows 2008 R2 Clustering:
2814923 “0x0000009E” Stop error and disk volumes cannot be brought online on a Windows Server 2008 R2-based failover cluster
2754704 A hotfix is available that provides a mechanism for DSM to notify MPIO that a particular path is back to online in Windows Server 2008 and Windows Server 2008 R2
2780444 “0x0000012E” Stop error occurs when an application sends a 12-byte SCSI opcode to an iSCSI target in Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2 SP1
2684681 Iscsicpl.exe process stops responding when you try to reconnect a storage device to a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2
2670567 “0x000000027” Stop error when you copy a file from a redirected folder in Windows 7 or in Windows Server 2008 R2
2805853 “0x0000008E” Stop error on a computer that is running Windows 7 or Windows Server 2008 R2
2756999 Handle leak occurs on a COM client that is running on a Windows 7 or Windows Server 2008 R2 computer
2727324 Computer stops responding after you connect to an SMB 1 server in Windows 7 or in Windows Server 2008 R2
2778834 File becomes corrupted when you try to overwrite the file while it is opened by another user on a computer that is running Windows 7 or Windows Server 2008 R2
2519644 Stop code in the tcpip.sys driver on a computer that is running Windows Server 2008 R2: 0x000000D1
2524478 The network location profile changes from “Domain” to “Public” in Windows 7 or in Windows Server 2008 R2
.Net 4.6.1 Support
Support for .Net 4.6.1 is now available for Exchange Server 2016 and 2013 with these updates. We fully support customers upgrading servers running 4.5.2 to 4.6.1 without removing Exchange. We recommend that customers apply Exchange Server 2016 Cumulative Update 2 or Exchange Server 2013 Cumulative Update 13 before upgrading .Net FrameWork. Servers should be placed in maintenance mode during the upgrade as you would do when applying a Cumulative Update. Support for .Net 4.6.1 requires the following post release fixes for .Net as well.
Note: .Net 4.6.1 installation replaces the existing 4.5.2 installation. If you attempt to roll back the .Net 4.6.1 update, you will need to install .Net 4.5.2 again.
AutoReseed Support for BitLocker
Beginning with Exchange 2013 CU13 and Exchange 2016 CU2, the Disk Reclaimer function within AutoReseed supports BitLocker. By default, this feature is disabled. For more information on how to enable this functionality, please seeEnabling BitLocker on Exchange Servers.
SHA-2 Support for Self-Signed Certificates
The New-ExchangeCertificate cmdlet has been updated to produce a SHA-2 certificate for all self-signed certificates created by Exchange. Creating a SHA-2 certificate is the default behaviour for the cmdlet. Existing certificates will not automatically be regenerated but newly installed servers will receive SHA-2 certificates by default. Customers may opt to replace existing non-SHA2 certificates generated by previous releases as they see fit.
Migration to Modern Public Folder Resolved
The issue reported in KB3161916 has been resolved.
This cumulative update fixes the following issues:
This cumulative update also fixes the issues that are described in the KB 3160339 MS16-079: Security update for Microsoft Exchange: June 14, 2016 and KB 3134844 Cumulative Update 1 for Exchange Server 2016
Microsoft Knowledge Base articles.
This update also includes new daylight saving time (DST) updates for Exchange Server 2016. For more information about DST, go to Daylight Saving Time Help and Support Center.
We’re happy to announce the release of our newest free ebook, Deploying Windows 10: Automating deployment by using System Center Configuration Manager (ISBN 9781509301867), by Andre Della Monica, Russ Rimmerman, Alessandro Cesarini, and Victor Silveira.
This ebook is also available for download at the Microsoft Virtual Academy (MVA).
Get a head start deploying Windows 10—with tips and best practices from experts in the field. This guide shows you how to deploy Windows 10 in an automated way without impacting end users by leveraging System Center Configuration Manager, which is the most used product to deploy Microsoft operating systems in the industry today.
If you want to use EUFI Boot with MDT 2013 Update X.
Don’t use DHCP Option 60/66/67!!!
DC01 = Windows Server 2008 R2 SP1
DC02 = Windows Server 2012
MDT01 = Windows Server 2012 R2
UEFI Client: Dell Laptop E5450
BIOS Client: HyperV Virtual machine with Legacy network adapert
DC1; MDT01 and DHCPServer all in Subnet1.
(IP Helper is set for DHCPServer for DHCP and for DC01 & MDT01 for DHCP and BootP – I checked serveral times if everything is right here)
UEFI Client and BIOS Client in Subnet2.
Situation1 — Using no DHCP Options and WDS running (IP HELPER-ADDRESS):
UEFI Client – Boots perfectly (contacting Server MDT01)
BIOS Client – Boots perfectly (contacting Server MDT01)
Situaion2 — Using no DHCP Options and WDS just running on MDT01:
UEFI Client – Does not boot (no error information is provided)
BIOS Client – Does not boot (no Bootfilename recieved)
Situation3 — Using DHCP Options(Option 66=”IP of MDT01″ Option 67=”\x86\wdsnbp.com”) and WDS just running on MDT01:
UEFI Client – Does not boot (no error information is provided)
BIOS Client – Boots perfectly (contacting Server DP1)
Situation4 — Using DHCP Options(Option 60=”PXEClient” Option 66=”IP of MDT01″ Option 67=”\x86\wdsnbp.com”) and WDS just running on MDT01:
UEFI Client – Boots perfectly (contacting Server DP1)
BIOS Client – Does not boot (taking hours to recieve dhcp options..)
On most switches you can configure ip helper-addresses. This is most time al ready configured for the use of DHCP.
Add the IP of the MDT server als ip helper-address:
description GEBRUIKERS VLAN
ip address 192.168.101.254 255.255.254.0 show
ip helper-address 192.168.25.6 (DC01)
ip helper-address 192.168.25.7 (DC02)
ip helper-address 192.168.25.30 (MDT01)