We can't create a mailbox in Exchange Server, and it shows the error: Load balancing…
May 2022 Exchange Server Security Updates
Microsoft released several Security Updates (SUs) for Microsoft Exchange Server to address vulnerabilities. Due to the critical nature of these vulnerabilities, we recommend that customers apply the updates to affected systems immediately to protect the environment.
Note: These vulnerabilities affect Microsoft Exchange Server. Exchange Online is not affected.
Exchange Server Security Updates
Microsoft has released Security Updates for vulnerabilities found in:
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
These Security Updates are available for the following specific versions of Exchange:
Read more on how to Install Exchange Security Update.
If you are not at these Exchange Server CU versions, please update right now and apply the above patch.
Read more on how to Install Exchange Cumulative Update.
Vulnerabilities addressed in the May 2022 Security Updates were responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately to protect your environment.
Manual run of /PrepareAllDomains is required
Because of additional security hardening work for CVE-2022-21978, the following actions should be taken after installing the May 2022 security updates:
| Latest version of Exchange Server installed in the organization | Additional steps needed |
|---|---|
| Exchange Server 2019 CU11 or CU12 | Install the May 2022 SU first and then run the following Command Prompt command once using Setup.exe in your Exchange Server installation path (e.g., …\Program Files\Microsoft\Exchange Server\v15\Bin): Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAllDomains or Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareDomain |
| Exchange Server 2016 CU22 or CU23 | Install the May 2022 SU first and then run the following Command Prompt command once using Setup.exe in your Exchange Server installation path (e.g., …\Program Files\Microsoft\Exchange Server\v15\Bin): Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAllDomains or Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareDomain |
| Exchange Server 2013 CU23 | Install the May 2022 SU first and then run the following Command Prompt command once using Setup.exe in your Exchange Server installation path (e.g., …\Program Files\Microsoft\Exchange Server\v15\Bin): Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains or Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareDomain |
| Any older version of Exchange Server not listed above | Update your Exchange server to the latest CU, install May 2022 SU, and follow the above steps. |
You need to run /PrepareAllDomains or /PrepareDomain only once per organization, and those changes will apply to all versions of Exchange Server within the organization.
When you run /PrepareAllDomains or /PrepareDomain, your account needs to be a member of the Enterprise Admins security group. This might be a different account from the one you use to install the SU.
Note: If you’ve just added yourself to the Enterprise Admins security group, you’ll need to log out and back into the server for the new group membership to take effect.
Issues resolved by this release
The following issues have been resolved in this update:
- Exchange Service Host service fails after installing March 2022 security update (KB5013118)
- New-DatabaseAvailabilityGroupNetwork and Set-DatabaseAvailabilityGroupNetwork fail with error 0xe0434352 (Update: the -Subnets parameter is still not fixed)
- The UM Voicemail greetings function stops working and returns error 0xe0434352.
- Unable to send mails through EAS and Get-EmailAddressPolicy fails with Microsoft.Exchange.Diagnostics.BlockedDeserializeTypeException after installing Security Update KB5008631 for Exchange 2019
FAQs
The last SU that we installed is (a few months old). Do we need to install all SUs in order, to install the latest one?
The Exchange Server Security Updates are cumulative. If you are running the CU that the SU can be installed on, you do not need to install all the SUs in sequential order but can install the latest SU only.
My organization is in Hybrid mode with Exchange Online. Do I need to do anything?
While Exchange Online customers are already protected, the May 2022 security updates do need to be applied to your on-premises Exchange Servers, even if they are used only for management purposes. You do not need to re-run the Hybrid Configuration Wizard (HCW) after applying updates.
Do I need to install the updates on “Exchange Management Tools only” workstations?
Install Security Updates on all Exchange Servers as well as servers or workstations running Exchange Management Tools only, which will ensure that there is no incompatibility between management tools clients and servers. If your organization uses only an Exchange Management Tools machine, then you should install the May 2022 SU package on it and run /PrepareAllDomains as per the above instructions to update Active Directory permissions.
Instructions seem to indicate that we should /PrepareAllDomains or /PrepareDomain after May 2022 SU is installed; is that correct?
Yes. The May 2022 SU package updates files in Exchange server folders when it is installed. That is why once those files are updated (SU is installed) – we ask you to go and explicitly /PrepareAllDomains or /PrepareDomain using setup from \v15\Bin folder.
In our organization we never ran /PrepareAllDomains. We only prepared several of our domains. Do we still need to run /PrepareAllDomains to address CVE-2022-21978?
If your organization has prepared only a subset of all your Active Directory domains, then you can choose to use the /PrepareDomain switch in those specific domains only.
Does the /PrepareAllDomains or /PrepareDomain have to be done after ALL our Exchange Servers have been updated, or can it be done immediately after the first has been updated?
You can run the /PrepareAllDomains or /PrepareDomain as soon as any one of your Exchange servers is updated with May 2022 SUs. You do not need to wait until all Exchange servers are updated.
We have different Exchange Server versions in our organization running. Do we need to run the /PrepareAllDomains or /PrepareDomain on both the Exchange Server versions?
Just run it once after installing the SU for the latest version.
Further information
What Others Are Reading
Hi Ali
your article are excellent
thank you for all
Hi Ali,
We have a lot of problems after installing CU12 on EX2019 Server. We are using HMA, Hybrid with EXO and KEMP 🙂
Now we have problem with Outlook mobile, iOS Native Clients and Teams Calendar. First config on mobile clients not work anymore, Teams not showing calendar from EX onprem.
Tried to set everything again and again but still not working correctly. Will be very thankful for any help…
Hi Ali! Thanks for your posts, I always enjoy reading them! Are you planning to conduct exchange training on youtube channel?
Hi Stanislav,
Glad that you enjoy the articles.
I thought about it, and I know that videos are excellent. The disadvantage is that the tech changes every time, and it’s time-consuming to edit the videos.
By providing the articles, it’s easier to update them and have them up to date with the latest tech changes. Also, it’s easier for the readers to read the commands and copy them when you have them in an article instead of a video.
I will keep it in mind, and I might create and upload tech videos in the future.
Hi ali ,
we have upgraded our exchange server 2019 from CU 9 to Cu12 every thing working fine except to Exchange admin center ,it become is so slowly, once press any tab its stating “please wait” .is it known issue in this CU ?
This is not an issue in the May 2022 Exchange Server Security Updates. But, this starts to happen after you install the May 2022 Security Updates for Windows Server on the Domain Controllers.
Microsoft released out-of-band updates for affected Windows Server versions. Download the update for your Windows Servers below and install it on your Domain Controllers.
Cumulative Updates:
KB5015013: Windows Server 2022
KB5015020: Windows Server Version 20H2
KB5015018: Windows Server 2019
KB5015019: Windows Server 2016
Standalone Updates:
KB5014986: Windows Server 2012 R2
KB5014991: Windows Server 2012
KB5014987: Windows Server 2008 R2 SP1
KB5014990: Windows Server 2008 SP2
Thank’s for the help !