Home » Exchange Server » Installing Exchange Server 2016 on Windows Server 2016

Installing Exchange Server 2016 on Windows Server 2016

Exchange Server 2016 CU3 and later supports installation on Windows Server 2016 for the Mailbox server role. The Edge Transport server role is not supported. The installation process for Exchange on Windows Server 2016 is much the same as installing previous builds of Exchange 2016 on Windows Server:

  1. Install the Exchange 2016 pre-requisites (note that .NET Framework does not need to be separately installed)
  2. Run Exchange 2016 setup

After setup is complete the Windows Defender service on the server should be configured with antivirus exclusions for Exchange 2016. The guidance remains the same for now, but Windows Defender has PowerShell cmdlets available that make it easier to configure the exclusions when compared with third party antivirus products.

On a newly installed Windows 2016 server there’s no exclusions configured by default.

I’ve updated my Get-Exchange2016AVExclusions.ps1 script with an additional -ConfigureWindowsDefender switch that will add the exclusions to Windows Defender on the local server.

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server


  1. Fred says:

    What about doing an in-place upgrade of Exchange 2016 running on Server 2012 R2 to Server 2016? It didn’t work for me. Exchange services wouldn’t start.

      • ndfan77 says:

        So what/where are the migration steps to move Exchange 2016 from Windows Server 2012 to Windows Server 2016?

        Something like(?):
        – Deploy new Windows 2016 server
        – Install second instance of Exchange 2016 (any potential interference with existing Exchange 2016 installation?)
        – Apply same settings as existing Exchange server
        – Move mailboxes to new Exchange server (how?)
        – Change firewall to map inbound ports to new Exchange server
        – Shutdown old Exchange server
        – Move licensing from old Exchange server to new Exchange server?

          • ndfan77 says:

            Thanks. Read through the like-for-like, and the autodiscovery/certificate article it referenced. The one part I don’t feel like I understand well enough before “diving in” is the bit about setting the SCP back to the original value immediately after the 2nd Exchange installation.

            When I issue “Get-ClientAccessService | fl” there are something like 25 lines returned. Is the gist of setting the SCP back to the “original value” just a matter of setting the AutoDiscoverServiceInternalUri back to what it was?

          • AutoDiscoverServiceInternalUri is the only thing you need to touch.

            “….you need to be aware of the Autodiscover SCP that the new server will be registering in Active Directory, and be prepared to change that immediately to match the Autodiscover URL for the existing server”

  2. Roël Ramjiawan says:

    Dear Paul,

    Something worth mentioning;

    When I tried to install Exchange 2013 CU3 (full install) it keep gave me the ” A reboot from a previous installation is pending ” error.

    I am familiar with the UpdateExeVolatile registry key and the PendingFileRenameOperations registry key in the HKEY Local Machine System CurrentControlSet Control Session Manager.

    But there was nothing present there not even the empty keys. So upon further research I stumbled upon PendMoves and MoveFile (Windows Sysinternals from Mark Russinovich).
    PendMoves told me I had files Pending FIle Rename Operations in the
    C:Windowssystem32spoolV4Dirs with all kinds of dirs with GUIDS in it.

    But this was a fresh install of Windows Server 2016 with only AD/DNS installed on it.

    Still I couldn’t find those in the PendingFileRenameOperations so then I checked the whole registry on that key and I found it.

    HKEY Local Machine System ControlSet001 Control Session Manager was the location.

    So instead of CurrentControlSet it was ControlSet001 in Windows Server 2016.

    Maybe you can add this to the article? I don’t know if this differs from the previous Windows Servers Edition because I do not have much Experience with the final version of Windows Server 2016.

    And I did not want to install Exchange 2016 on a Technical Preview which I already been testing for almost a year right now. Besides it took some time to for CU3 to show up.

    I thought sharing this would be good to help others and I was racking my brain for a few days.

  3. Tung Nguyen says:

    Hi Paul,
    I installed EX 2016 with 2 Mailbox srv and 1 Edge transport srv, with WS 2012R2
    My system run for 1 month, we use MS outlook IMAP with port 143 and 25.
    This week, we can’t use port 25, Outlook asked for password. I changed to 465 ssl that ok. Today, I restart 2 MB Srv then user port 25 it works about 3 hours and I can use port 25 in Outlook.
    Antivirus software was disable, telnet to 25 still work.
    Help me, please!
    Thank you very much!

          • Tung Nguyen says:

            Use OWA stil normal.
            Logon method domain\user
            Event log has a lot of warning “Inbound authentication failed with error LogonDenied for Receive connector Default Frontend EX-MB-01. The authentication mechanism is Login. The source IP address of the client who tried to authenticate to Microsoft Exchange is [].”
            Do you think, problem with frontend?

  4. Mark Levendowski says:

    This is a great script! Is there a way to get the output into CSV instead of TXT so I can then use the CSV to create the exclusions in Windows Defender via PS?
    I do a lot with PS but I’m still a bit of a novice. I tried to modify the script to Export-Csv but the CSV data was not what I expected.
    Or maybe there is a way to use the TXT files that I am not aware of.

    • Mark Levendowski says:

      Oop, I see your script does enable the exclusions. I was not seeing the exclusions:
      Get-MpPreference | FL Exclusion*
      ExclusionExtension :
      ExclusionPath :
      ExclusionProcess :
      I got these errors when running the script:
      Add-MpPreference : Operation failed with the following error: 0x%1!x!
      I am thinking it is because the client disabled realtime scanning:
      Get-MpPreference | FL DisableRealtimeMonitoring
      DisableRealtimeMonitoring : True
      At this point I have not yet been able to confirm it is the disabled Realtime Scanning that is causing the script errors when trying to add the exclusions.
      Maybe someone does know?

  5. Marc says:

    I’m a Junior college teacher looking for teaching material you could point me too for teaching exchange 2016 to my students, they already take a full class on windows 2016.

Leave a Reply

Your email address will not be published. Required fields are marked *