We recommend configuring the mailbox database quotas after you create a new mailbox database. This…
Cumulative Update 23 for Exchange Server 2016
Microsoft released Cumulative Update 23 for Exchange Server 2016 (KB5011155) on April 20, 2022. Also known as Exchange Server 2016 CU23. This Cumulative Update includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues. These fixes will also be included in later Cumulative Updates for Exchange Server 2016.
Table of contents
How to update Exchange Server 2016 to CU23?
It’s recommended to update the Exchange Server in the lab environment before updating it in the production environment.
- Download Cumulative Update CU23 for Exchange Server 2016 (KB5011155)
- Update to Microsoft .NET Framework 4.8
- Install Exchange Cumulative Update
Cumulative Update CU23 for Exchange Server 2016 is released as version 15.01.2507.006. Which version are you running now? Read more on how to find your Exchange version build number.
New features in Cumulative Update 23
- To prevent misuse of UNC paths by attackers, parameters that take UNC paths as inputs will no longer be usable in Exchange Server PowerShell cmdlets or the Exchange Admin Center. For more information, see the following Knowledge Base article:
5014278 Changes in Exchange Server PowerShell cmdlets and Exchange Admin Center for UNC path inputs
Known issues in Cumulative Update 23
- The MSExchangeServiceHost service crashes repeatedly and Event ID 4999 is logged in the Windows Application event log. For more information, see Exchange Service Host service fails after installing March 2022 security update.
- The Get-MailboxDatabaseCopyStatus cmdlet from an Exchange Server 2013 server fails against databases on Exchange Server 2019 and 2016 servers and returns Error 0xe0434352 from RpccGetCopyStatusEx4.
Workaround: Run Get-MailboxDatabaseCopyStatus from an Exchange Server 2019 or 2016 server.
- Checking the Exchange Server 2019 or 2016 database status from the Exchange admin center (EAC) might fail and return an “HTTP 500” or “Your request couldn’t be completed. Please try again in a few minutes” error message.
Workaround: Make sure that the admin mailbox is on an Exchange Server 2019 or 2016 server. If the admin account has no mailbox, make sure that all arbitration mailboxes (especially the “SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}”) are on an Exchange Server 2019 or 2016 server.
- The UM Voicemail greetings function stops working and returns error “0xe0434352.”
- The Get-EmailAddressPolicy cmdlet fails and returns “Microsoft.Exchange.Diagnostics.BlockedDeserializeTypeException.”
- “Cannot Send Mail – Your mailbox is full” error when you use iPhone mail to send very large attachments. For more information, see KB 5004622.
Issues fixed in Cumulative Update 23
This Cumulative Update fixes the issues that are described in the following Microsoft Knowledge Base articles:
- 5012757 “Migration user… can’t be found” error when using Start-MigrationUser after batch migration fails
- 5012760 You can’t access OWA or ECP after installing the July 2021 security update
- 5012761 External attendees see “Send the Response Now” although no response was requested in Exchange Server
- 5012765 Email stuck in queue starting from “2022/1/1 00:01:00 UTC+0” on all Exchange on-premises servers
- 5012768 Start-MigrationUser and Stop-MigrationUser are unavailable for on-premises Exchange Server 2019 and 2016
- 5012774 Can’t change default path for Trace log data in Exchange Server 2019 and 2016
- 5012779 Invalid new auth certificate for servers that are not on UTC time zone
- 5012780 Disable-Mailbox does not remove LegacyExchangeDN attribute from on-premises Exchange 2019
- 5012781 Exchange Server 2019 and 2016 DLP doesn’t detect Chinese resident ID card numbers
- 5012782 MS ExchangeDiagnostic Service causes errors during service startup and initialization in Microsoft Exchange 2019
- 5012783 Can’t restore data of a mailbox when LegacyDN is empty in the database
- 5012784 Exchange 2016 CU21 and Exchange 2019 CU10 cannot save “Custom Attributes” changes in EAC
- 5012786 Forwarded meeting appointments are blocked or considered spam
- 5012787 Download domains created per CVE-2021-1730 don’t support ADFS authentication in OWA
- 5012789 Can’t use Copy Search Results after eDiscovery & Hold search
- 5012791 MailboxAuditLog doesn’t work in localized (non-English) environments
- 5012829 Group metrics generation fails in multidomain environment
File hash information
- File name: ExchangeServer2016-x64-cu23.iso
- SHA256 hash: B25A265D8A90C2E069B051C5E6839767143E5512B9224F7E5B8BB875A0CACE41
What Others Are Reading
My current Exchange 2016 is on version 15.1 build 2176.2, can I update CU directly to the latest CU23 and skip the previous CUs?
In your case, yes you can directly update to Exchange Server 2016 CU23. Once that is done, install the latest SU.
Hi, I have installed CU23 for EX2016.
Now the ECP is not working.
I have checked the paths under BinSearchFolders, they are fine.
What else can it be ? Any ideas ?
Hi Ali,
I’m trying to update exchange 2016 cu23 on exchange 2016 cu1 failed at ‘Mailbox role: Client access front end services.’ Tried cu19,21,22 also same issue. I’m using single exchange server, os windows 2016 with all updates
Regards,
Srini
Hi,
Can you explain CVE 2021 1730
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1730
It’s saying to point to the primary domain, also need to do anything at GoDaddy?
Here you go: Configure Download Domains to address CVE-2021-1730 vulnerability.
I was just wondering if you need to run the /PrepareAD and /PrepareDomain for this CU like we had to with CU22. I don’t see it listed in the article from MS but was curious about others experience. I know there isn’t a schema update as I checked the schema information page for Exchange.
You have to run /PrepareAD and /PrepareDomain before installing Exchange Server 2016 CU23 because both objectVersion (Default) and objectVersion (Configuration) did get a newer version. Have a look at Exchange schema versions table.
After running the commands, I always recommend checking Exchange Schema version with PowerShell and ensuring that you have the correct Exchange schema versions, as shown in the table.
I can not find anything more about Unified Messaging issue.
“The UM Voicemail greetings function stops working and returns error “0xe0434352.””
Does anyone know if the Unified Messaging issue is fixed yet?
It’s fixed in the release May 2022 Exchange Server Security Updates.
Thanks for the write-up, your guides are always legendary.
Just installed cu23 from cu21 today. Looks like iis rewrite module also needs to be installed.
That’s correct. The IIS URL Rewrite module is a prerequisite for Exchange Server installation since Exchange Server 2016 CU22 and Exchange Server 2019 CU11.
More information about the IIS URL Rewrite module and the /IAcceptExchangeServerLicenseTerms switch changes is written in the articles:
– Cumulative Update 22 for Exchange Server 2016
– Cumulative Update 11 for Exchange Server 2019
I recommend installing Exchange Server Cumulative Update once released and not missing any CUs.
Hi
How to do it ? Thanks.
Thank you!
Great write-up Ali!
Hi Ali,
Great write-up and very informative.
Thank you for the great work!
Hi Ali, nice post! I think you mistyped the Exchange version in the first phrase:
“Microsoft released Cumulative Update 23 for Exchange Server *2019* (KB5011155) on April 20, 2022. Also known as Exchange Server 2016 CU23”
Should be:
“Microsoft released Cumulative Update 23 for Exchange Server *2016* (KB5011155) on April 20, 2022. Also known as Exchange Server 2016 CU23”
Thank you as always!
Rick
Hi Rick,
Fixed the typo!
Thanks for letting me know.