Exchange 2013/2016 Cumulative Updates and Hybrid Environment.

Exchange 2016 CU2 and Exchange 2013 CU13 now supports .NET Framework 4.6.1

Today Microsoft Exchange Team made announcement of not one but two cumulative updates, one for Exchange 2013 which is Cumulative update 13 and Cumulative CU2 for Exchange 2016.  With these CU updates .NET 4.6.1 is officially supported now.

I’d like to start with Hybrid Deployment first

Minimum CU For Hybrid environments

So if you are and Exchange 2013 or Exchange 2016 or mix of both then you have no choice EXCEPT  upgrade to either CU12 minimum (.NET 4.6.1 is not supported on CU12) or CU1 at minimum (.NET 4.6.1 is not supported on CU1) respectively. So if you on hybrid and want to be at the upgrade to  .NET 4.6.1 then you have to be on the latest CU Levels.

How to proceed?

Do not install .NET 4.6.1 directly on your existing CU, first you need to upgrade to CU13 for Exchange 2013 and CU2 for Exchange 2016, this is the recommendation as per #msexchange team.

  • Exchange Server 2016 Cumulative Update 2 does include updates to Active Directory Schema

Post CU installation

(these three KB article solves the same issue of course you need separate hot fix for all the OS)

Migration to Modern Public Folder Resolved

The issue reported in KB3161916 has been resolved.

To prevent any installation issue
make sure that Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded to.

SHA-2 Support for Self-Signed Certificates

The New-ExchangeCertificate cmdlet has been updated to produce a SHA-2 certificate for all self-signed certificates created by Exchange. Customers may opt to replace existing non-SHA2 certificates generated by previous releases as they see fit.

Support for Exchange 2010 ???

Exchange 2010 is still not support and will never be as per Jeff Guillet – (read his own comment at the bottom of this post)

For full details checkout #msExchange Team Blog

Calendar Sharing in App still not possible. Outlook for iOS and Android – What it has and What is missing.

A year ago Microsoft launched the App Outlook for iOS and Android,  which is a very user friendly app.. This app does a phenomenal job on iOS (I’ve not used it on Android) in terms of composing email, send/receive emails and pretty what you need to stay connected. It has swipe feature , you can swipe RIGHT  or LEFT  to take actions like archive, delete, move, flag, mark as read/unread or schedule. Unlike other email apps, Outlook lets you personalize these swipe gestures to match your unique email habits. It is simple and amazing 🙂 with a – BUT ONLY FEATURE WITH SWIPE (wish they gave drop down menu for swipe), so if you swipe to left it will Archive (enabled by default) and if you swipe right then it will Schedule (enabled by default) it for you.


Outlook for iOs



Customize Your Swipe SettingsswipeoptiniOS



Add 3rd Party Calendar Apps but still lacking to add someone else calendar in your Exchange / O365 Organization

Here you can add 3rd party calendar apps such as Facebook Events etc. I’m surprised here that why Microsoft Office 365 Team was in a rush to put these social media event/calendar App instead of adding the feature to add multiple Exchange calendar which more productive for any type of business. 



Apps Links (I believe this App is still on AWS and stores your password – If you are security freak like me then I’d not recommend, atlas not for you corporate email account)

Anti-spam in Microsoft Exchange 2013 Server

Exchange 2013 Mailbox Server comes with Anti-spam agents , either you install it at the time of installing the mailbox server or you can install them later using the script which I will show in this post.

Typically, you would enable the anti-spam agents on a mailbox server if your organization doesn’t have an Edge Transport server, or doesn’t do any prior anti-spam filtering before accepting incoming messages. So If you already have a anti-spam on the perimeter then you want to avoid multiple layer of security and if not then you will have to make use of anti-spam feature available in Exchange 2013.

Installing anti-spam feature from the built-in script



Restarting MS Exchange Transport Service for the changes to be implementedantispam3

Transport Agents after installing the Anti-spam agent


Now here we need to set the IP Blocklist Provider , such as Spamhaus and Spamcop and many other from the internet. These are available online scan engine which are realtime and Exchange can be configured to use them.




Now we are going to configure the Sender ID Configuration. Here is the default setting and later we will configure as we need to




You can leave the Spoofed Domain Action to “StampStatus” if you do not want to Delete and want to do some troubleshooting




Now finally I’ve configured the quarantined mailbox for the content filtering


The cmdlet I’ve used

Restart MSExchange Transport SErvice
Add IP BlockList Provider
Set SenderID Config
Set Content Filter


Exchange 2013 – Creating SEND Connector

Here is another very common post on the Exchange forum by many new Exchange Admin that they have setup/installed the Exchange but they can’t send the emails. The reason is simple that you need to setup a very first send connector for your outbound email flow

Open the Exchange Admin Center —goto Mail Flow — Send Connector



Click the PLUS + button to create a ‘new send connector’



Give a suitable name to the connector – in my case it is INTERNET



Click Next and the screen below show that you need to type the name of FQDN. We will set it up as *  so it can send out email to any domain on the internet.  Then SAVEsend3


Below select the source server- I have two servers in this case and i’m going to add both of them



and here it is when you are done with creating the send connector – it is time to test your outbound emails.send5





Fixing Exchange 2013 Website Security Cert

A typical Exchange Website right after you install the Exchsnge Server 2013 or legacy version. This post will show you how to fix it. If you  look at the address it has server name and the domain name i.e. I do a Godaddy cert for and I will show in this post how to fix this issue and as well set the other Exchange Virtual directories for OWA ECP and Autodiscover to replicate a production environment.


Once we are done with configuration it will appear as HTTPS://MAIL.WINDOWSITADMINC.COM/ECP & HTTPS://MAIL.WINDOWSITADMIN.COM/OWA AND also AutoDiscover

Let’s begin – (it is assumed that you have already installed or imported the certificate – check out my previous blog post)

First step is being with setting up the virtual directories


Existing default default setup/virtual directories




This is a pull using Powershell fro server ex2013-mbx1 server of the same above OWA  virtual directoryVDir2


Another pull fro ECP Virtual DirectoryVDir3

Now I am going to set all the Virtual Directories to



Same way I will setup the OAB Powershell EWS and Microsoft ActiveSync Virtual Directories for both Internal and External URL depending on the requirement.

Now moving on setting up the Autodiscover Uri for Outlook



 Now accessing the Outlook Web Access